Software Design and Architecture

Addressing Design Goals

 System Design

8. Boundary
ü1. Design Goals Conditions
Definition Initialization
Trade-offs Termination
Failure
ü2. Subsystem Decomposition 7. Software
Layers vs Partitions
Coherence/Coupling Control
Monolithic
Event-Driven
Conc. Processes
Ø3. Concurrency
Identification of 4. Hardware/ 5. Data 6. Global Resource
Threads
Software Mapping
Special Purpose
Management Handlung
Persistent Objects Access Control List
Buy vs Build File system vs Database vs Capabilities
Allocation of Resources Security
Connectivity
 Concurrency

• Nonfunctional Requirements to be addressed for this design

issue:
– Performance,
– Response time,
– latency and availability.
• Two objects are inherently concurrent if they can receive
events at the same time without interacting
– Source for identification: Objects in a sequence diagram that can
simultaneously receive events
• Inherently concurrent objects can be assigned to different
threads of control
 Issue with Concurrency

• Concurrent threads can lead to race conditions.

• A race condition (also race hazard) is a design flaw where the
output of a process is depends on the specific sequence of other
events.
 Assume: Initial
Example: Problem with threads balance = 200

:WithdrawCtrl :BankAccount :WithdrawCtrl

c1:Customer c2:Customer

withdraw(50)
getBalance()

Thread 1 200 withdraw(50)

getBalance()
computeNewBalance(200,50)
200
Thread 2
computeNewBalance(200,50)

setBalance(150)

setBalance(150)

Should BankAccount
be another Thread ?
Final
balance = 150 ??!
 Single WithdrawCtrl Initial
Solution: Synchronization of Threads Instance balance = 200

:WithdrawCtrl :BankAccount
c1:Customer c2:Customer Synchronized method

withdraw(50)
getBalance()
withdraw(50)
200

computeNewBalance(200,50)

setBalance(150)

End
balance = 100
 Concurrency Questions

• To identify threads for concurrency we ask the following

questions:
– Does the system provide access to multiple users?
– Which entity objects of the object model can be executed
independently from each other?
– What kinds of control objects are identifiable?
– Can a single request to the system be decomposed into multiple
requests? Can these requests and handled in parallel? (Example: a
distributed query)
 Implementing Concurrency

• Concurrent systems can be implemented on any system that provides

– Physical concurrency: Threads are provided by hardware
or
– Logical concurrency: Threads are provided by software
• Physical concurrency is provided by multiprocessors and computer
networks
• Logical concurrency is provided by threads packages.
 Implementing Concurrency (2)

• In both cases, - physical concurrency as well as logical

concurrency –
– we have to solve the scheduling of these threads:
– Which thread runs when?
• Today’s operating systems provide a variety of scheduling
mechanisms:
• Round robin, time slicing, collaborating processes, interrupt handling
• General question addresses starvation, deadlocks, fairness
• Sometimes we have to solve the scheduling problem ourselves
• Topic addressed by software control (system design issue 7).
 System Design

8. Boundary
ü1. Design Goals Conditions
Definition Initialization
Trade-offs Termination
Failure
ü2. Subsystem Decomposition 7. Software
Layers vs Partitions
Coherence/Coupling Control
Monolithic
Event-Driven
Conc. Processes
ü3. Concurrency
Identification of Ø 4. Hardware/ 5. Data 6. Global Resource
Threads
Software Mapping
Special Purpose
Management Handlung
Persistent Objects Access Control List
Buy vs Build Filesystem vs Database vs Capabilities
Allocation of Resources Security
Connectivity
 4. Hardware Software Mapping
• This system design activity addresses two questions:
– How shall we realize the subsystems: With hardware or with software?
– How do we map the object model onto the chosen hardware and/or
software?
• Mapping the Objects:
– Processor, Memory, Input/Output
• Mapping the Associations:
– Network connections
 Mapping Objects onto Hardware

• Control Objects -> Processor

– Is the computation rate too demanding for a single processor?
– Can we get a speedup by distributing objects across several
processors?
– How many processors are required to maintain a steady state load?
• Entity Objects -> Memory
– Is there enough memory to buffer bursts of requests?
• Boundary Objects -> Input/Output Devices
– Do we need an extra piece of hardware to handle the data
generation rates?
– Can the desired response time be realized with the available
communication bandwidth between subsystems?
 Mapping the Associations: Connectivity

• Describe the physical connectivity

– (“physical layer in the OSI Reference Model”)
• Describes which associations in the object model are mapped to physical
connections.
• Describe the logical connectivity (subsystem associations)
– Associations that do not directly map into physical connections.
– In which layer should these associations be implemented?
• Informal connectivity drawings often contain both types of
connectivity
– Practiced by many developers, sometimes confusing.
 Hardware-Software Mapping Difficulties

• Much of the difficulty of designing a system comes from

addressing externally-imposed hardware and software
constraints
– Certain tasks have to be at specific locations
• Example: Withdrawing money from an ATM machine
– Some hardware components have to be used from a specific
manufacturer
• Example: To send DVB-T signals, the system has to use components
from a company that provides DVB-T transmitters.
 Hardware/Software Mappings in UML

• A UML component is a building block of the system. It is represented as

a rectangle with a tabbed rectangle symbol inside
• Components have different lifetimes:
– Some exist only at design time
• Classes, associations
– Others exist until compile time
• Source code, pointers
– Some exist at link or only at runtime
• Linkable libraries, executables, addresses
• The Hardware/Software Mapping addresses dependencies and
distribution issues of UML components during system design.
 Two New UML Diagram Types

• Deployment Diagram:
– Illustrates the distribution of components at run-time.
– Deployment diagrams use nodes and connections to depict the
physical resources in the system.
• Component Diagram:
– Illustrates dependencies between components at design time,
compilation time and runtime
 Deployment Diagram
• Deployment diagrams are useful for showing a system design after
these system design decisions have been made:
– Subsystem decomposition
– Concurrency
– Hardware/Software Mapping :PC :Server
• A deployment diagram is a graph of nodes and connections
(“communication associations”)
– Nodes are shown as 3-D boxes
– Connections between nodes are shown as solid lines
– Nodes may contain components
• Components can be connected by “lollipops” and “grabbers”
• Components may contain objects (indicating that the object is part of the
component).
 UML Component Diagram
• Used to model the top-level view of the system design in terms of
components and dependencies among the components. Components
can be
• source code, linkable libraries, executables
• The dependencies (edges in the graph) are shown as dashed lines
with arrows from the client component to the supplier component:
– The lines are often also called connectors
– The types of dependencies are implementation language specific
• Informally also called “software wiring diagram“ because it show how
the software components are wired together in the overall application.
 UML Interfaces: Lollipops and Sockets

• A UML interface describes a group of operations used or created

by UML components.
– There are two types of interfaces: provided and required interfaces.
• A provided interface is modeled using the lollipop notation
• A required interface is modeled using the socket notation.
• A port specifies a distinct interaction point between the
component and its environment.
– Ports are depicted as small squares on the sides of classifiers.
 Component Diagram Example
Dependency.

reservations
UML
Component

update

UML Interface
 Deployment Diagram Example
Dependency
UML Node (in a node)

UML
Interface

Dependency
(between nodes)
ARENA Deployment Diagram
 5. Data Management

• Some objects in the system model need to be persistent:

– Values for their attributes have a lifetime longer than a single
execution
• A persistent object can be realized with one of the following
mechanisms:
– Filesystem:
• If the data are used by multiple readers but a single writer
– Database:
• If the data are used by concurrent writers and readers.
 Data Management Questions

• How often is the database accessed?

– What is the expected request (query) rate? The worst case?
– What is the size of typical and worst case requests?
• Do the data need to be archived?
• Should the data be distributed?
– Does the system design try to hide the location of the databases
(location transparency)?
• Is there a need for a single interface to access the data?
– What is the query format?
• Should the data format be extensible?
 Mapping Object Models

• UML object models can be mapped to relational databases

• The mapping:
– Each class is mapped to its own table
– Each class attribute is mapped to a column in the table
– An instance of a class represents a row in the table
– One-to-many associations are implemented with a buried foreign key
– Many-to-many associations are mapped to their own tables
• Methods are not mapped
• More details in Lecture: Mapping Models to Relational Schema
 6. Global Resource Handling

• Discusses access control

• Describes access rights for different classes of actors
• Describes how object guard against unauthorized access.
 Defining Access Control

• In multi-user systems different actors usually have different

access rights to different functionality and data
• How do we model these accesses?
– During analysis we model them by associating different use cases
with different actors
– During system design we model them determining which objects are
shared among actors.
 Access Matrix

• We model access on classes with an access matrix:

– The rows of the matrix represents the actors of the system
– The column represent classes whose access we want to control

• Access Right: An entry in the access matrix. It lists the

operations that can be executed on instances of the class by the
actor.
 Access Matrix Example
Classes Access Rights

Arena League Tournament Match

Actors

Operator <<create>> <<create>>

createUser() archive()
view ()

LeagueOwner view () edit () <<create>> <<create>>

archive() end()
schedule()
view()

Player view() view() applyFor() play()

applyForOwner() subscribe() view() forfeit()

Spectator view() view() view() view()

applyForPlayer() subscribe() replay()
 Access Matrix Implementations

• Global access table: Represents explicitly every cell in the matrix

as a triple (actor,class, operation)

LeagueOwner, Arena, view()

LeagueOwner, League, edit()
LeagueOwner, Tournament, <<create>>
LeagueOwner, Tournament, view()
LeagueOwner, Tournament, schedule()
LeagueOwner, Tournament, archive()
LeagueOwner, Match, <<create>>
LeagueOwner, Match, end()

.
 Better Access Matrix Implementations

• Access control list

– Associates a list of (actor,operation) pairs with each class to be
accessed.
– Every time an instance of this class is accessed, the access list is
checked for the corresponding actor and operation.
• Capability
– Associates a (class,operation) pair with an actor.
– A capability provides an actor to gain control access to an object of
the class described in the capability.
 Access Matrix Example

Arena League Tournament Match

Operator <<create>> <<create>>

createUser() archive()
view ()

LeagueOwner view () edit () <<create>> <<create>>

archive() end()
schedule()
view()

Player view() view() applyFor() play()

applyForOwner() subscribe() view() forfeit()

Spectator view() view() view() view()

applyForPlayer() subscribe() replay()
 Global Resource Questions

• Does the system need authentication?

• If yes, what is the authentication scheme?
– User name and password? Access control list
– Tickets? Capability-based
• What is the user interface for authentication?
• Does the system need a network-wide name server?
• How is a service known to the rest of the system?
– At runtime? At compile time?
– By Port?
– By Name?
 7. Decide on Software Control

Two major design choices:

1. Choose implicit control

2. Choose explicit control

– Centralized or decentralized
• Centralized control:
– Procedure-driven: Control resides within program code.
– Event-driven: Control resides within a dispatcher calling functions via
callbacks.
• Decentralized control
– Control resides in several independent objects.
• Examples: Message based system, RMI
– Possible speedup by mapping the objects on different processors,
increased communication overhead.
 Software Control

Explicit Control Implicit Control

Rule-based
Logic Programming
Control

Decentralized Centralized
Control Control

Event-based Procedural
Control Control.
 Centralized vs. Decentralized Designs

• Centralized Design
– One control object or subsystem ("spider") controls everything
• Pro: Change in the control structure is very easy
• Con: The single control object is a possible performance bottleneck
• Decentralized Design
– Not a single object is in control, control is distributed; That means,
there is more than one control object
• Con: The responsibility is spread out
• Pro: Fits nicely into object-oriented development
 Centralized vs. Decentralized Designs (2)

• Should you use a centralized or decentralized design?

• Take the sequence diagrams and control objects from the
analysis model
• Check the participation of the control objects in the sequence
diagrams
– If the sequence diagram looks like a fork => Centralized design
– If the sequence diagram looks like a stair => Decentralized design.
 8. Boundary Conditions

• Initialization
– The system is brought from a non-initialized state to steady-state
• Termination
– Resources are cleaned up and other systems are notified upon
termination
• Failure
– Possible failures: Bugs, errors, external problems
• Good system design foresees fatal failures and provides
mechanisms to deal with them.
 Boundary Condition Questions

• Initialization
– What data need to be accessed at startup time?
– What services have to registered?
– What does the user interface do at start up time?
• Termination
– Are single subsystems allowed to terminate?
– Are subsystems notified if a single subsystem terminates?
– How are updates communicated to the database?
• Failure
– How does the system behave when a node or communication link
fails?
– How does the system recover from failure?.
 Modeling Boundary Conditions

• Boundary conditions are best modeled as use cases with actors

and objects
• We call them boundary use cases or administrative use cases
• Actor: often the system administrator
• Interesting use cases:
– Start up of a subsystem
– Start up of the full system
– Termination of a subsystem
– Error in a subsystem or component, failure of a subsystem or
component.