Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Usi
ng U
ML
, Pat
tern
s, a
nd J
ava
Ob
ject
-Ori
ente
d S
oftw
are
En
gin
eeri
ng
Chapter 7Addressing Design Goals
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 2
Overview
System Design I 0. Overview of System Design1. Design Goals2. Subsystem Decomposition3. Refine the subsystem decomposition until all design goals are
addressed.
System Design II3. Concurrency4. Hardware/Software Mapping5. Persistent Data Management6. Global Resource Handling and Access Control7. Software Control8. Boundary Conditions
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 3
Redundancy in the Space Shuttle computer system
♦ Unlike previous spacecraft, the space shuttle was designed to be autonomous.the multiple missions be longer and crews larger than on
previous Apollo missions. the mission of this shuttle needs to tolerate before abort.many redundant features including a fault-tolerant computer system responsible for guidance, navigation, and altitude
control1) The Saturn rocket (for launching the Apollo spacecraft) used triple
modular redundancy for guidance system- three components- the failure of a single component was detected when it produced a different output than the other two.for example, it would not have survived a massive failure, such as, the exposition on Apollo 13.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 4
♦ The Skylab Space station took a different approach:
- the computer systems are duplicated and located at different ends of the station.
- when one computer failed, the other will be switched on take over.
- whereas a slow switch-over for a space station, (i.e., the space station could loose some altitude before safety), it would not acceptable for the space shuttle, whose computer system was responsible for high-frequency tasks such as guidance during take-off and landing.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 5
♦ The initial requirements By NASA, the Shuttle should be able to expensive two consecutive failures before the mission was aborted.
- Five identical computers running the same software,
if two individual computers failed, the last three would
constitute a triple redundancy system for landing.
if the third one failed, the last two would be enough to ensure
a safe landing.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 6
** Due to cost consideration, NASE later decided to lower its requirement to one failure before mission abort.
- Five computers, But fifth computer for a back-up system.
- While the quadruple redundancy against H/W failure, it does not increase reliability against software faults, as all four computers run the same software.
However, the back-up system runs a simpler version of the software that is only able to guide the shuttle during take-off and landing.
How architectural decisions were made during the design of a complex computer system.Driven by design goals and nonfunctional requirements.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 7
Describe boundaryconditions
Define Definesubsystems
Map subsystemsto hardware/
Manage
Select a
Define access
design goals
persistent data
control policies
global
Implementsubsystems
software platform
control flow
The activities of system design that address the design goals.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 8
UML Deployment Diagram
♦ Used to depict the relationship among run-time componentsand hardware nodes.
♦ Components are self-contained entities that provide services to other components or actors.
♦ Deployment Diagram focuses on the allocation of components to different hardware nodes and provides a high-level view of each component.
♦ Components includes information about interfaces they provide
and the classes they contain.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 9
:WebServer
myMac:Mac :UnixHost
:IExplorer
aPC:PC
:Database
:UnixHost
:Safari
A UML deployment diagram representing the allocation of components to different nodes and the dependencies among components.
dependency Component
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 10
GET
POST
HttpRequest
URL
File
WebServer
DBQuery
DBResult
Refined view of the WebServer component.
Interfaces
Classes
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 11
7.4 System Design Activities: Addressing Design Goals
♦ These activities needed to ensure that subsystem decomposition addresses all the nonfunctional requirements and any constraints during implementation phase. [Section 6.4] for MyTrip-Already identify Design Goals- designed an initial subsystem decomposition.
♦ Refine The subsystem decomposition by1) Mapping Subsystem to Processors and Components (7.4.1)2) Identifying and Storing Persistent Data (7.4.2)3) Providing Access Control (7.4.3)4) Designing the Global Control Flow (7.4.4)5) Reviewing the System Design Model (7.4.6)
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 12
Analysis Model for the Mytrip route planning and execution
RouteAssistant PlanningService
Destination
LocationTrip
Direction
CrossingSegment
Crossing: A Crossing is a geographical point where several Segments meet.Destination: A Destination represents a location where the driver wishes to go.Direction: Given a Crossing and an adjacent Segment, a Direction describes in
natural language how to steer the car onto the given Segment.Location: A Location is the position of the car as known by the onboard GPS system
the number of turns of the wheels.PlanningService: A PlanningService is a Web server that can supply a trip, linking a
number of destinations in the form of a sequence of Crossings and Segments.RouteAssistant: A RouteAssistant givens Directions to the driver, given the current
Location and upcoming Crossing.Segment: A Segment represents the road between two Crossings.Trip: A Trip is a sequence of Directions between two Destinations.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 13
Nonfunctional requirements for Myrip
1) MyTrip is in contact with the PlanningService via a wireless modem. Assume that the wireless modem functions properly at the initial destination.
2) Once the trip has been started. Mytrip should give a correct directions even if modem fails to maintain a connection with the PlanningService.
3) MyTrip should minimize connection time to reduce operation costs.
4) Replanning is possible only if the connection to the PlanningService is possible.
5) The PlanningService can support at least 50 different drivers and 1,000trips.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 14
Design goals for Myrip
♦ Reliability: MyTrip should be reliable [generalization of NFR 2]
♦ Fault Tolerance: Mytrip should give fault tolerant to loss of connectivity with routing service [rephrased NFR 2]
♦ Security: MyTrip should be se
♦ cure,i.e., not allow other drivers or nonauthorized uses to access a driver’s trips [deduced from application domain]
♦ Modifiability: MyTrip should be modifiable to use different routing services [anticipation of change by developers]
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 15
Mapping Subsystem to Hardware and Components
♦ Selecting a hardware configuration and a platform
♦ Allocation objects and subsystem to Hardware Nodes
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 16
RoutingSubsystem PlanningSubsystem
:OnBoardComputer :WebServer
Allocation of MyTrip subsystems to hardware.
The Web browsers, safari, and Internet explorersas a virtual machine a Unix system as a virtual machine
(RouingSbusystem runs on the OnBoardComputer;PlanningSubsystem runs on a WebServer.)
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 17
TripLocation
PlanningService
SegmentCrossing
RouteAssistant
Direction
Destination
TripProxy
SegmentProxy
PlanningSubsystem
Message
Connection
CommunicationSubsystem
RoutingSubsystem
Revised design model for MyTrip.
Add New subsystemfor managingthe communicationbetween them
Add new classes
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 18
4. Hardware Software Mapping
♦ This activity addresses two questions: How shall we realize the subsystems: Hardware or Software?
How is the object model mapped on the chosen hardware & software?
Mapping Objects onto Reality: Processor, Memory, Input/Output
Mapping Associations onto Reality: Connectivity
♦ Much of the difficulty of designing a system comes from meeting externally-imposed hardware and software constraints.
Certain tasks have to be at specific locations
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 19
Mapping the Objects
♦ Processor issues:Is the computation rate too demanding for a single processor?
Can we get a speedup by distributing tasks across several processors?
How many processors are required to maintain steady state load?
♦ Memory issues: Is there enough memory to buffer bursts of requests?
♦ I/O issues:Do you need an extra piece of hardware to handle the data generation rate?
Does the response time exceed the available communication bandwidth between subsystems or a task and a piece of hardware?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 20
Mapping the Subsystems Associations: Connectivity
♦ Describe the physical connectivity of the hardware Often the physical layer in ISO’s OSI Reference Model
Which associations in the object model are mapped to physical connections?
Which of the client-supplier relationships in the analysis/design model correspond to physical connections?
♦ Describe the logical connectivity (subsystem associations)Identify associations that do not directly map into physical connections:
How should these associations be implemented?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 21
Typical Informal Example of a Connectivity DrawingApplication
ClientApplication
ClientApplication
Client
Communication Agent for
Application Clients
Communication Agent for
Application Clients
Communication Agent for Data
Server
Communication Agent for Data
Server
Local Data Server
Global Data Server
Global Data Server
Global Data
Server
OODBMS
RDBMS
Backbone Network
LAN
LAN
LAN
TCP/IP Ethernet
Physical Connectivity
Logical Connectivity
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 22
Logical vs Physical Connectivity and the relationship to Subsystem Layering
Application LayerApplication Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Bidirectional associa-tions for each layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Processor 1 Processor 2
LogicalConnectivityLayers
PhysicalConnectivity
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 23
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Hardware
Bidirectional associa-tions for each layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Hardware
Application Layer
Layer 1
Layer 2
Layer 3
Layer 4
Subsystem 1
Processor 1 Processor 2
Layer 1
Layer 2
Layer 3
Subsystem 2
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 24
Hardware/Software Mapping Questions
♦ What is the connectivity among physical units?Tree, star, matrix, ring
♦ What is the appropriate communication protocol between the subsystems?
Function of required bandwidth, latency and desired reliability,desired quality of service (QOS)
♦ Is certain functionality already available in hardware?
♦ Do certain tasks require specific locations to control the hardware or to permit concurrent operation?
Often true for embedded systems
♦ General system performance question:What is the desired response time?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 25
Connectivity in Distributed Systems
♦ If the architecture is distributed, we need to describe the network architecture (communication subsystem) as well.
♦ Questions to askWhat are the transmission media? (Ethernet, Wireless)
What is the Quality of Service (QOS)? What kind of communicationprotocols can be used?
Should the interaction asynchronous, synchronous or blocking?
What are the available bandwidth requirements between the subsystems?
Stock Price Change -> Broker
Icy Road Detector -> ABS System
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 26
Drawing Hardware/Software Mappings in UML
♦ System design must model static and dynamic structures: Component Diagrams for static structures
show the structure at design time or compilation time
Deployment Diagram for dynamic structuresshow the structure of the run-time system
♦ Note the lifetime of componentsSome exist only at design time
Others exist only until compile time
Some exist at link or runtime
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 27
Identifying and Storing Persistent Objects
♦ Identifying persistent objects
♦ Selecting a Storage a management strategy
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 28
PlanningSubsystem
MapDBStoreSubsystemTripFileStoreSubsystem
RoutingSubsystem
CommunicationSubsystem
Subsystem decomposition of MyTrip after deciding on the issue of data stores.
TripFileStoreSubsystem: responsible for storing trips in files on the onboard computer.because this functionality is only used for storing trips when the car shuts down,
this subsystem only supports the fast storage and loading of the whole trips.MapDBStoreSubsystem: responsible for storing maps and trips in database for
the PlanningSubsystem. This subsystem supports multiple concurrent Drivers and Planning agents
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 29
5. Data Management
♦ Some objects in the models need to be persistentProvide clean separation points between subsystems with well-defined interfaces.
♦ A persistent object can be realized with one of the followingData structure
If the data can be volatile
FilesCheap, simple, permanent storage
Low level (Read, Write)
Applications must add code to provide suitable level of abstraction
DatabasePowerful, easy to port
Supports multiple writers and readers
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 30
File or Database?
♦ When should you choose a file?Are the data voluminous (bit maps)?
Do you have lots of raw data (core dump, event trace)?
Do you need to keep the data only for a short time?
Is the information density low (archival files,history logs)?
♦ When should you choose a database?Do the data require access at fine levels of details by multiple users?
Must the data be ported across multiple platforms (heterogeneoussystems)?
Do multiple application programs access the data?
Does the data management require a lot of infrastructure?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 31
Database Management System
♦ Contains mechanisms for describing data, managing persistent storage and for providing a backup mechanism
♦ Provides concurrent access to the stored data
♦ Contains information about the data (“meta-data”), also called data schema.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 32
Issues To Consider When Selecting a Database
♦ Storage spaceDatabase require about triple the storage space of actual data
♦ Response timeMode databases are I/O or communication bound (distributed databases). Response time is also affected by CPU time, locking contention and delays from frequent screen displays
♦ Locking modesPessimistic locking: Lock before accessing object and release when object access is complete
Optimistic locking: Reads and writes may freely occur (high concurrency!) When activity has been completed, database checks if contention has occurred. If yes, all work has been lost.
♦ AdministrationLarge databases require specially trained support staff to set up security policies, manage the disk space, prepare backups, monitor performance, adjust tuning.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 33
Object-Oriented Databases
♦ Support all fundamental object modeling conceptsClasses, Attributes, Methods, Associations, Inheritance
♦ Mapping an object model to an OO-databaseDetermine which objects are persistent.
Perform normal requirement analysis and object design
Create single attribute indices to reduce performance bottlenecks
Do the mapping (specific to commercially available product). Example:
In ObjectStore, implement classes and associations by preparing C++ declarations for each class and each association in the object model
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 34
Relational Databases
♦ Based on relational algebra♦ Data is presented as 2-dimensional tables. Tables have a
specific number of columns and and arbitrary numbers of rowsPrimary key: Combination of attributes that uniquely identify a row in a table. Each table should have only one primary keyForeign key: Reference to a primary key in another table
♦ SQL is the standard language defining and manipulating tables.♦ Leading commercial databases support constraints.
Referential integrity, for example, means that references to entries in other tables actually exist.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 35
Data Management Questions
♦ Should the data be distributed?♦ Should the database be extensible?♦ How often is the database accessed?♦ What is the expected request (query) rate? In the worst case?♦ What is the size of typical and worst case requests?♦ Do the data need to be archived?♦ Does the system design try to hide the location of the databases
(location transparency)?♦ Is there a need for a single interface to access the data?♦ What is the query format? ♦ Should the database be relational or object-oriented?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 36
3. Concurrency
♦ Identify concurrent threads and address concurrency issues.
♦ Design goal: response time, performance.
♦ ThreadsA thread of control is a path through a set of state diagrams on which a single object is active at a time.
A thread remains within a state diagram until an object sends anevent to another object and waits for another event
Thread splitting: Object does a nonblocking send of an event.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 37
Providing Access Control
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 38
Defining Access Control
♦ In multi-user systems different actors have access to differentfunctionality and data.
During analysis we model these different accesses by associatingdifferent use cases with different actors.
During system design we model these different accesses by examing the object model by determining which objects are shared among actors.
Depending on the security requirements of the system, we also define how actors are authenticated to the system and how selected data in the systemshould be encrypted.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 39
Access Matrix
♦ We model access on classes with an access matrix.The rows of the matrix represents the actors of the system
The column represent classes whose access we want to control.
♦ Access Right: An entry in the access matrix. It lists the operations that can be executed on instances of the class by the actor.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 40
Access Matrix Implementations
♦ Global access table: Represents explicitly every cell in the matrix as a (actor,class, operation) tuple.
Determining if an actor has access to a specific object requires looking up the corresponding tuple. If no such tuple is found, access is denied.
♦ Access control list associates a list of (actor,operation) pairs with each class to be accessed.
Every time an object is accessed, its access list is checked for the corresponding actor and operation.Example: guest list for a party.
♦ A capability associates a (class,operation) pair with an actor.A capability provides an actor to gain control access to an object of
the class described in the capability.Example: An invitation card for a party.
♦ Which is the right implementation?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 41
Global Resource Questions
♦ Does the system need authentication?
♦ If yes, what is the authentication scheme?User name and password? Access control list
Tickets? Capability-based
♦ What is the user interface for authentication?
♦ Does the system need a network-wide name server?
♦ How is a service known to the rest of the system?At runtime? At compile time?
By port?
By name?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 42
7. Decide on Software Control
Choose implicit control (non-procedural, declarative languages)Rule-based systems Logic programming
Choose explicit control (procedural languages): Centralized or decentralized
Centralized control: Procedure-driven or event-driven♦ Procedure-driven control
Control resides within program code. Example: Main program calling procedures of subsystems.Simple, easy to build, hard to maintain (high recompilation costs)
♦ Event-driven controlControl resides within a dispatcher calling functions via callbacks.Very flexible, good for the design of graphical user interfaces, easy to extend
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 43
Concurrency (continued)
♦ Two objects are inherently concurrent if they can receive events at the same time without interacting
♦ Inherently concurrent objects should be assigned to different threads of control
♦ Objects with mutual exclusive activity should be folded into a single thread of control (Why?)
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 44
Concurrency Questions
♦ Which objects of the object model are independent?
♦ What kinds of threads of control are identifiable?
♦ Does the system provide access to multiple users?
♦ Can a single request to the system be decomposed into multiple requests? Can these requests be handled in parallel?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 45
Implementing Concurrency
♦ Concurrent systems can be implemented on any system that provides
physical concurrency (hardware)
or
logical concurrency (software): Scheduling problem (Operating systems)
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 46
Designing Global Control Flow
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 47
Global Resource Questions
♦ Does the system need authentication?
♦ If yes, what is the authentication scheme?User name and password? Access control list
Tickets? Capability-based
♦ What is the user interface for authentication?
♦ Does the system need a network-wide name server?
♦ How is a service known to the rest of the system?At runtime? At compile time?
By port?
By name?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 48
7. Decide on Software Control
Choose implicit control (non-procedural, declarative languages)Rule-based systems Logic programming
Choose explicit control (procedural languages): Centralized or decentralized
Centralized control: Procedure-driven or event-driven♦ Procedure-driven control
Control resides within program code. Example: Main program calling procedures of subsystems.Simple, easy to build, hard to maintain (high recompilation costs)
♦ Event-driven controlControl resides within a dispatcher calling functions via callbacks.Very flexible, good for the design of graphical user interfaces, easy to extend
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 49
Event-Driven Control Example: MVC
♦ Model-View-Controller Paradigm (Adele Goldberg, Smalltalk 80)
:Control
:Model:View
:View
:ViewModel has changed
Update Update
Update
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 50
Software Control (continued)
♦ Decentralized controlControl resides in several independent objects.
Possible speedup by mapping the objects on different processors,increased communication overhead.
Example: Message based system.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 51
Centralized vs. Decentralized Designs
♦ Should you use a centralized or decentralized design? Take the sequence diagrams and control objects from the analysismodelCheck the participation of the control objects in the sequence diagrams
If sequence diagram looks more like a fork: Centralized designThe sequence diagram looks more like a stair: Decentralized design
♦ Centralized DesignOne control object or subsystem ("spider") controls everything
Pro: Change in the control structure is very easyCon: The single conctrol ojbect is a possible performance bottleneck
♦ Decentralized DesignNot a single object is in control, control is distributed, That means, there is more than one control object
Con: The responsibility is spread outPro: Fits nicely into object-oriented development
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 52
Identifying Boundary Conditions
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 53
8. Boundary Conditions
♦ Most of the system design effort is concerned with steady-state behavior.
♦ However, the system design phase must also address the initiation and finalization of the system. This is addressed by a set of new uses cases called administration use cases
Initialization Describes how the system is brought from an non initialized state to steady-state ("startup use cases”).
TerminationDescribes what resources are cleaned up and which systems are notified upon termination ("termination use cases").
FailureMany possible causes: Bugs, errors, external problems (power supply).
Good system design foresees fatal failures (“failure use cases”).
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 54
Example: Administrative Use cases for MyTrip
♦ Administration use cases for MyTrip (UML use case diagram).
♦ An additional subsystems that was found during system design is the server. For this new subsystem we need to define use cases.
♦ ManageServer includes all the functions necessary to start up and shutdown the server.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 55
ManageServer Use Case
PlanningService
ManageServer
Administrator
StartServer
ShutdownServer
ConfigureServer
<<include>>
<<include>>
<<include>>
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 56
Boundary Condition Questions
♦ 8.1 InitializationHow does the system start up?
What data need to be accessed at startup time?
What services have to registered?
What does the user interface do at start up time?
How does it present itself to the user?
♦ 8.2 TerminationAre single subsystems allowed to terminate?
Are other subsystems notified if a single subsystem terminates?
How are local updates communicated to the database?
♦ 8.3 FailureHow does the system behave when a node or communication link fails? Are there backup communication links?
How does the system recover from failure? Is this different from initialization?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 57
Modeling Boundary Conditions
♦ Boundary conditions are best modeled as use cases with actors and objects.
♦ Actor: often the system administrator
♦ Interesting use cases: Start up of a subsystem
Start up of the full system
Termination of a subsystem
Error in a subystem or component, failure of a subsystem or component
♦ Task:Model the startup of the ARENA system as a set of use cases.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 58
4. Hardware Software Mapping
♦ This activity addresses two questions: How shall we realize the subsystems: Hardware or Software?
How is the object model mapped on the chosen hardware & software?
Mapping Objects onto Reality: Processor, Memory, Input/Output
Mapping Associations onto Reality: Connectivity
♦ Much of the difficulty of designing a system comes from meeting externally-imposed hardware and software constraints.
Certain tasks have to be at specific locations
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 59
Mapping the Objects
♦ Processor issues:Is the computation rate too demanding for a single processor?
Can we get a speedup by distributing tasks across several processors?
How many processors are required to maintain steady state load?
♦ Memory issues: Is there enough memory to buffer bursts of requests?
♦ I/O issues:Do you need an extra piece of hardware to handle the data generation rate?
Does the response time exceed the available communication bandwidth between subsystems or a task and a piece of hardware?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 60
Mapping the Subsystems Associations: Connectivity
♦ Describe the physical connectivity of the hardware Often the physical layer in ISO’s OSI Reference Model
Which associations in the object model are mapped to physical connections?
Which of the client-supplier relationships in the analysis/design model correspond to physical connections?
♦ Describe the logical connectivity (subsystem associations)Identify associations that do not directly map into physical connections:
How should these associations be implemented?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 61
Typical Informal Example of a Connectivity DrawingApplication
ClientApplication
ClientApplication
Client
Communication Agent for
Application Clients
Communication Agent for
Application Clients
Communication Agent for Data
Server
Communication Agent for Data
Server
Local Data Server
Global Data Server
Global Data Server
Global Data
Server
OODBMS
RDBMS
Backbone Network
LAN
LAN
LAN
TCP/IP Ethernet
Physical Connectivity
Logical Connectivity
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 62
Logical vs Physical Connectivity and the relationship to Subsystem Layering
Application LayerApplication Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Bidirectional associa-tions for each layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Processor 1 Processor 2
LogicalConnectivityLayers
PhysicalConnectivity
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 63
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Hardware
Bidirectional associa-tions for each layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Hardware
Application Layer
Layer 1
Layer 2
Layer 3
Layer 4
Subsystem 1
Processor 1 Processor 2
Layer 1
Layer 2
Layer 3
Subsystem 2
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 64
Hardware/Software Mapping Questions
♦ What is the connectivity among physical units?Tree, star, matrix, ring
♦ What is the appropriate communication protocol between the subsystems?
Function of required bandwidth, latency and desired reliability,desired quality of service (QOS)
♦ Is certain functionality already available in hardware?
♦ Do certain tasks require specific locations to control the hardware or to permit concurrent operation?
Often true for embedded systems
♦ General system performance question:What is the desired response time?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 65
Connectivity in Distributed Systems
♦ If the architecture is distributed, we need to describe the network architecture (communication subsystem) as well.
♦ Questions to askWhat are the transmission media? (Ethernet, Wireless)
What is the Quality of Service (QOS)? What kind of communicationprotocols can be used?
Should the interaction asynchronous, synchronous or blocking?
What are the available bandwidth requirements between the subsystems?
Stock Price Change -> Broker
Icy Road Detector -> ABS System
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 66
Drawing Hardware/Software Mappings in UML
♦ System design must model static and dynamic structures: Component Diagrams for static structures
show the structure at design time or compilation time
Deployment Diagram for dynamic structuresshow the structure of the run-time system
♦ Note the lifetime of componentsSome exist only at design time
Others exist only until compile time
Some exist at link or runtime
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 67
Component Diagram
♦ Component DiagramA graph of components connected by dependency relationships.
Shows the dependencies among software componentssource code, linkable libraries, executables
♦ Dependencies are shown as dashed arrows from the client component to the supplier component.
The kinds of dependencies are implementation language specific.
♦ A component diagram may also be used to show dependencies on a façade:
Use dashed arrow the corresponding UML interface.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 68
Component Diagram Example
UML InterfaceUML Component
Scheduler
Planner
GUI
reservations
update
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 69
Deployment Diagram
♦ Deployment diagrams are useful for showing a system design after the following decisions are made
Subsystem decomposition
Concurrency
Hardware/Software Mapping
♦ A deployment diagram is a graph of nodes connected by communication associations.
Nodes are shown as 3-D boxes.
Nodes may contain component instances.
Components may contain objects (indicating that the object is part of the component)
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 70
Deployment Diagram Example
RuntimeDependency
Compile TimeDependency
:Planner
:PC
:Scheduler
:HostMachine
<<database>>meetingsDB
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 71
5. Data Management
♦ Some objects in the models need to be persistentProvide clean separation points between subsystems with well-defined interfaces.
♦ A persistent object can be realized with one of the followingData structure
If the data can be volatile
FilesCheap, simple, permanent storage
Low level (Read, Write)
Applications must add code to provide suitable level of abstraction
DatabasePowerful, easy to port
Supports multiple writers and readers
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 72
File or Database?
♦ When should you choose a file?Are the data voluminous (bit maps)?
Do you have lots of raw data (core dump, event trace)?
Do you need to keep the data only for a short time?
Is the information density low (archival files,history logs)?
♦ When should you choose a database?Do the data require access at fine levels of details by multiple users?
Must the data be ported across multiple platforms (heterogeneoussystems)?
Do multiple application programs access the data?
Does the data management require a lot of infrastructure?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 73
Database Management System
♦ Contains mechanisms for describing data, managing persistent storage and for providing a backup mechanism
♦ Provides concurrent access to the stored data
♦ Contains information about the data (“meta-data”), also called data schema.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 74
Issues To Consider When Selecting a Database
♦ Storage spaceDatabase require about triple the storage space of actual data
♦ Response timeMode databases are I/O or communication bound (distributed databases). Response time is also affected by CPU time, locking contention and delays from frequent screen displays
♦ Locking modesPessimistic locking: Lock before accessing object and release when object access is complete
Optimistic locking: Reads and writes may freely occur (high concurrency!) When activity has been completed, database checks if contention has occurred. If yes, all work has been lost.
♦ AdministrationLarge databases require specially trained support staff to set up security policies, manage the disk space, prepare backups, monitor performance, adjust tuning.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 75
Object-Oriented Databases
♦ Support all fundamental object modeling conceptsClasses, Attributes, Methods, Associations, Inheritance
♦ Mapping an object model to an OO-databaseDetermine which objects are persistent.
Perform normal requirement analysis and object design
Create single attribute indices to reduce performance bottlenecks
Do the mapping (specific to commercially available product). Example:
In ObjectStore, implement classes and associations by preparing C++ declarations for each class and each association in the object model
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 76
Relational Databases
♦ Based on relational algebra♦ Data is presented as 2-dimensional tables. Tables have a
specific number of columns and and arbitrary numbers of rowsPrimary key: Combination of attributes that uniquely identify a row in a table. Each table should have only one primary keyForeign key: Reference to a primary key in another table
♦ SQL is the standard language defining and manipulating tables.♦ Leading commercial databases support constraints.
Referential integrity, for example, means that references to entries in other tables actually exist.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 77
Data Management Questions
♦ Should the data be distributed?♦ Should the database be extensible?♦ How often is the database accessed?♦ What is the expected request (query) rate? In the worst case?♦ What is the size of typical and worst case requests?♦ Do the data need to be archived?♦ Does the system design try to hide the location of the databases
(location transparency)?♦ Is there a need for a single interface to access the data?♦ What is the query format? ♦ Should the database be relational or object-oriented?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 78
6. Global Resource Handling
♦ Discusses access control
♦ Describes access rights for different classes of actors
♦ Describes how object guard against unauthorized access
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 79
Defining Access Control
♦ In multi-user systems different actors have access to differentfunctionality and data.
During analysis we model these different accesses by associatingdifferent use cases with different actors.
During system design we model these different accesses by examing the object model by determining which objects are shared among actors.
Depending on the security requirements of the system, we also define how actors are authenticated to the system and how selected data in the systemshould be encrypted.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 80
Access Matrix
♦ We model access on classes with an access matrix.The rows of the matrix represents the actors of the system
The column represent classes whose access we want to control.
♦ Access Right: An entry in the access matrix. It lists the operations that can be executed on instances of the class by the actor.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 81
Access Matrix Implementations
♦ Global access table: Represents explicitly every cell in the matrix as a (actor,class, operation) tuple.
Determining if an actor has access to a specific object requires looking up the corresponding tuple. If no such tuple is found, access is denied.
♦ Access control list associates a list of (actor,operation) pairs with each class to be accessed.
Every time an object is accessed, its access list is checked for the corresponding actor and operation.Example: guest list for a party.
♦ A capability associates a (class,operation) pair with an actor.A capability provides an actor to gain control access to an object of
the class described in the capability.Example: An invitation card for a party.
♦ Which is the right implementation?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 82
Global Resource Questions
♦ Does the system need authentication?
♦ If yes, what is the authentication scheme?User name and password? Access control list
Tickets? Capability-based
♦ What is the user interface for authentication?
♦ Does the system need a network-wide name server?
♦ How is a service known to the rest of the system?At runtime? At compile time?
By port?
By name?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 83
7. Decide on Software Control
Choose implicit control (non-procedural, declarative languages)Rule-based systems Logic programming
Choose explicit control (procedural languages): Centralized or decentralized
Centralized control: Procedure-driven or event-driven♦ Procedure-driven control
Control resides within program code. Example: Main program calling procedures of subsystems.Simple, easy to build, hard to maintain (high recompilation costs)
♦ Event-driven controlControl resides within a dispatcher calling functions via callbacks.Very flexible, good for the design of graphical user interfaces, easy to extend
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 84
Event-Driven Control Example: MVC
♦ Model-View-Controller Paradigm (Adele Goldberg, Smalltalk 80)
:Control
:Model:View
:View
:ViewModel has changed
Update Update
Update
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 85
Software Control (continued)
♦ Decentralized controlControl resides in several independent objects.
Possible speedup by mapping the objects on different processors,increased communication overhead.
Example: Message based system.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 86
Centralized vs. Decentralized Designs
♦ Should you use a centralized or decentralized design? Take the sequence diagrams and control objects from the analysismodelCheck the participation of the control objects in the sequence diagrams
If sequence diagram looks more like a fork: Centralized designThe sequence diagram looks more like a stair: Decentralized design
♦ Centralized DesignOne control object or subsystem ("spider") controls everything
Pro: Change in the control structure is very easyCon: The single conctrol ojbect is a possible performance bottleneck
♦ Decentralized DesignNot a single object is in control, control is distributed, That means, there is more than one control object
Con: The responsibility is spread outPro: Fits nicely into object-oriented development
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 87
8. Boundary Conditions
♦ Most of the system design effort is concerned with steady-state behavior.
♦ However, the system design phase must also address the initiation and finalization of the system. This is addressed by a set of new uses cases called administration use cases
Initialization Describes how the system is brought from an non initialized state to steady-state ("startup use cases”).
TerminationDescribes what resources are cleaned up and which systems are notified upon termination ("termination use cases").
FailureMany possible causes: Bugs, errors, external problems (power supply).
Good system design foresees fatal failures (“failure use cases”).
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 88
Example: Administrative Use cases for MyTrip
♦ Administration use cases for MyTrip (UML use case diagram).
♦ An additional subsystems that was found during system design is the server. For this new subsystem we need to define use cases.
♦ ManageServer includes all the functions necessary to start up and shutdown the server.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 89
ManageServer Use Case
PlanningService
ManageServer
Administrator
StartServer
ShutdownServer
ConfigureServer
<<include>>
<<include>>
<<include>>
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 90
Boundary Condition Questions
♦ 8.1 InitializationHow does the system start up?
What data need to be accessed at startup time?
What services have to registered?
What does the user interface do at start up time?
How does it present itself to the user?
♦ 8.2 TerminationAre single subsystems allowed to terminate?
Are other subsystems notified if a single subsystem terminates?
How are local updates communicated to the database?
♦ 8.3 FailureHow does the system behave when a node or communication link fails? Are there backup communication links?
How does the system recover from failure? Is this different from initialization?
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 91
Modeling Boundary Conditions
♦ Boundary conditions are best modeled as use cases with actors and objects.
♦ Actor: often the system administrator
♦ Interesting use cases: Start up of a subsystem
Start up of the full system
Termination of a subsystem
Error in a subystem or component, failure of a subsystem or component
♦ Task:Model the startup of the ARENA system as a set of use cases.
Bernd Bruegge & Allen H. Dutoit Object-Oriented Software Engineering: Using UML, Patterns, and Java 92
Summary
In this lecture, we reviewed the activities of system design :
♦ Concurrency identification
♦ Hardware/Software mapping
♦ Persistent data management
♦ Global resource handling
♦ Software control selection
♦ Boundary conditions
Each of these activities revises the subsystem decomposition to address a specific issue. Once these activities are completed, the interface of the subsystems can be defined.