November 27, 2001Domain Modeling1 Domain Modeling Chapters 10-12 Use-Case Modeling Chapters 9 and 13 Filling in some gaps about: Levels of abstraction.

Slides:



Advertisements
Similar presentations
Testing Relational Database
Advertisements

Design by Contract.
Building Bug-Free O-O Software: An Introduction to Design By Contract A presentation about Design By Contract and the Eiffel software development tool.
Object Design Examples with GRASP
Use Case Modeling SJTU. Unified Modeling Language (UML) l Standardized notation for object-oriented development l Needs to be used with an analysis and.
1 Design by Contract Building Reliable Software. 2 Software Correctness Correctness is a relative notion  A program is correct with respect to its specification.
Feb 2003 R McFadyen1 Contracts (Ch 13) Used to help understand requirements more completely based on assertions; assertions are applicable to any.
OOAD Using the UML - Use-Case Analysis, v 4.2 Copyright  Rational Software, all rights reserved 1/18 Use Case Analysis – continued Control Classes.
Use Case Diagram © copyright 2001 SNU OOPSLA Lab..
Use-case Modeling.
Drawing System Sequence Diagrams
Jan 2005 Ron McFadyen1 Contracts Used to help understand requirements more completely (and so may not always be necessary) based on assertions;
Software Testing and Quality Assurance
Chapter 7 Using Data Flow Diagrams
© 2005 Prentice Hall4-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
6/8/991 Analysis Tuesday 09/14/99 Revised: September 11, 2000 (APM)
November, 2001R. Dameron, University of Colorado, ECEN5033, System Test Planning 1 System Test Planning and the usefulness of a “Safety Checklist” ECEN5033.
September 2002 R McFadyen1 Domain Model Use Case Model text diagram SSD System operation contracts Design Model Figure 13.3.
NJIT Drawing System Sequence Diagrams Chapter 10 Applying UML and Patterns Craig Larman Presented by Anuradha Dharani.
CSC 395 – Software Engineering Lecture 21: Overview of the Term & What Goes in a Data Dictionary.
Object-Oriented Analysis and Design
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Sept Ron McFadyen1 Extend Relationship.
Systems Analysis I Data Flow Diagrams
Chapter 9 Domain Models 1CS6359 Fall 2012 John Cole.
חוזים – Contracts 1. Larman – Chapter 10 – SSDs 10.2 What are System Sequence Diagrams? (introduction) Use cases describe how external actors interact.
Chapter 7 Structuring System Process Requirements
TK2023 Object-Oriented Software Engineering CHAPTER 6 SYSTEM SEQUENCE DIAGRAMS.
Applying UML and Patterns An Introduction to Object-oriented Analysis and Design and Iterative Development Part III Elaboration Iteration I – Basic1.
USE Case Model.
Computer Science 340 Software Design & Testing Design By Contract.
Computer System Analysis Chapter 10 Structuring System Requirements: Conceptual Data Modeling Dr. Sana’a Wafa Al-Sayegh 1 st quadmaster University of Palestine.
Chapter 10 Architectural Design
® IBM Software Group © 2006 IBM Corporation Writing Good Use Cases Module 4: Detailing a Use Case.
® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 06. Requirements.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.
Chapter 6 Use Cases. Use Cases: –Text stories Some “actor” using system to achieve a goal –Used to discover and record requirements –Serve as input to.
Copyright 2002 Prentice-Hall, Inc. Chapter 2 Object-Oriented Analysis and Design Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey.
Review ♦ System sequence diagram ♦ Domain model
SE: CHAPTER 7 Writing The Program
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Black Box Testing Techniques Chapter 7. Black Box Testing Techniques Prepared by: Kris C. Calpotura, CoE, MSME, MIT  Introduction Introduction  Equivalence.
Requirements as Usecases Capturing the REQUIREMENT ANALYSIS DESIGN IMPLEMENTATION TEST.
GRASP: Designing Objects with Responsibilities
7 Systems Analysis and Design in a Changing World, Fifth Edition.
Chapter 1 Applying UML and Patterns. The Need for Software Blueprints Knowing an object-oriented language and having access to a library is necessary.
COMP-350 Object-Oriented Analysis and Design Drawing System Sequence Diagrams Reference: Larman, Chapter 9.
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
CS212: Object Oriented Analysis and Design Lecture 32: Use case and Class diagrams.
Systems Analysis and Design in a Changing World, Fourth Edition
Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
Domain Model A representation of real-world conceptual classes in a problem domain. The core of object-oriented analysis They are NOT software objects.
SWE 4743 Abstract Data Types Richard Gesick. SWE Abstract Data Types Object-oriented design is based on the theory of abstract data types Domain.
UML - Development Process 1 Software Development Process Using UML.
DBC NOTES. Design By Contract l A contract carries mutual obligations and benefits. l The client should only call a routine when the routine’s pre-condition.
Object Design More Design Patterns Object Constraint Language Object Design Specifying Interfaces Review Exam 2 CEN 4010 Class 18 – 11/03.
SOFTWARE DESIGN & SOFTWARE ENGINEERING Software design is a process in which data, program structure, interface and their details are represented by well.
1 Object Oriented Analysis and Design System Events & Contracts.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Use Case Modeling - II Lecture # 27.
Design by Contract Jim Fawcett CSE784 – Software Studio
Design by Contract Jim Fawcett CSE784 – Software Studio
Used to help understand requirements more completely
Applying Use Cases (Chapters 25,26)
Applying Use Cases (Chapters 25,26)
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Computer Science 340 Software Design & Testing
Lecture 10 Structuring System Requirements: Conceptual Data Modeling
Presentation transcript:

November 27, 2001Domain Modeling1 Domain Modeling Chapters Use-Case Modeling Chapters 9 and 13 Filling in some gaps about: Levels of abstraction Contrast to functional decomposition Pre and Post Conditions Invariants & Input-Output Assertions

November 27, 2001Domain Modeling2 Levels of abstraction Use-Case describes –How external actors interact with the sw system we want to create Isolate and illustrate operations that an external actor requests of a system Describes system behavior in context System Sequence Diagram –The system events that actors generate & their order –The system as a black box –Inter-system events –Emphasis: Events that cross the system boundary from actors to systems (may include parameters)

November 27, 2001Domain Modeling3 Lower level of abstraction At a more detailed level with a narrower scope, a use case is much like the older concept of pseudo- code Sequence diagrams (not at system level) show how internal components interact with each other

November 27, 2001Domain Modeling4 SSD Guideline summary Events expressed at level of intent (not physical input medium, not name of widget) Name of event is a verb (actors ACT) Noncommittal w.r.t. design choices Can have Use Case fragments on left margin to help explain Events can have parameters Shows data flow from external actors to public operations

November 27, 2001Domain Modeling5 Contrast to Data-Flow Diagram External actors are seen as data sources Parameters passed in to public operations are data on labeled arcs Public operations are actions that receive or produce external data –In SSDs, produced data are not shown unless delivered to external actor –Context diagram is a highest-level DFD (one bubble) Shows data coming in or being produced but does not distinguish which system events are associated with which data

November 27, 2001Domain Modeling6 SSD and Context DFD ;System ;Cashier makeNewSale() enterItem(ItemID, quantity) description, total endSale() total with taxes makePayment (amount) change due, receipt System Cashier Item ID, quantity description, total total with taxes amount

November 27, 2001Domain Modeling7 Cashier Item ID, quantity description, total change due, receipt amount enterItem makePayment Cashier Need a convention to show makeNewSale or endSale because no data flows from Cashier to action even though they are “event indicators”.

November 27, 2001Domain Modeling8 select action makeNewSale enterItem makePayment endSale Cashier ItemID, quantity description, total total with taxes amount change due, receipt Cashier action indicator format result Cashier Classic Transactional DFD

November 27, 2001Domain Modeling9 Example UML Context Diagrams

November 27, 2001Domain Modeling10 Another UML context diagram

November 27, 2001Domain Modeling11 One more UML context diagram

November 27, 2001Domain Modeling12 Domain Model Illustrate meaningful conceptual classes in a real- world problem domain –Identify conceptual classes or domain objects –Show associations between them –Indicate their attributes when appropriate Purposely incomplete; possibly a superset Visual dictionary –relevant vocabulary of the domain –important abstractions –information content

November 27, 2001Domain Modeling13 Sample Domain Model

November 27, 2001Domain Modeling14 another example

November 27, 2001Domain Modeling15 yet another example

November 27, 2001Domain Modeling16 Decomposition Axis In structured analysis –decompose by functions (bubbles in dfd, boxes in structure chart) –examples: dfd, Constantine structure chart, see handout from Fairley In object-oriented analysis –decompose by things, entities in the domain –primary task: identify different concepts in the domain and document them in the model –restricted to current scenarios (use-cases) under consideration

November 27, 2001Domain Modeling17 What to include? Regardless of the type of model, it’s a MODEL (see front cover of book – This is not a sailboat) Mapmaker analogy –Use local names, those of the domain –Omit what is irrelevant to the purpose Mapmaker doesn’t try to show details about cities, airports, terrain, rainfall, population density, agricultural crops, types of industry, etc., ALL on one map! Less is more. –Omit what is truly not there

November 27, 2001Domain Modeling18 Note the helpful discussions about finer points: Attributes are rare – more often, they should be separate concepts Report objects – derived information (omit), business rules role (include) Resolving similar conceptual classes Modeling the UNreal world – modeling requires high degree of abstraction Specification or description conceptual classes Descriptions of services necessary prior to sale of services

November 27, 2001Domain Modeling19 Advantages of a Domain Model Because the domain model uses real world vocabulary and models real-world relationships, –Reduces the representational gap between analysis and design – practical advantage “...can support the design of elegant, loosely-coupled systems that scale and extend easily” –Many of the suggestions given in the “helpful discussions” maintain the loose coupling

November 27, 2001Domain Modeling20 Loose coupling?? Content – A modifies local data values (or instructions!) in B Common – Modules bound together by global data structures Control – passing control flags between modules so that one controls the sequence of processing steps in another Stamp -- Global data shared selectively among routines that require it Data – use of parameter lists to pass data items between routines

November 27, 2001Domain Modeling21 p.s. They also support high cohesion The two strongest types of unit cohesion are –Functional cohesion –Informational cohesion Functional cohesion –All elements are related to the performance of a single function Informational cohesion –Unit contains a complex data structure and the routines to manipulate it –the concrete realization of data abstraction

November 27, 2001Domain Modeling22 A Good Model Somewhere between a minimal need-to- know model and one that illustrates every conceivable relationship Does it satisfy all the need-to-know requirements? Does it communicate an essential understanding of the important concepts in the problem domain?

November 27, 2001Domain Modeling23 Importance of domain expertise Adequate requirements Inadequate requirements Low domain expertise High domain expertise

November 27, 2001Domain Modeling24 Operation Contracts Help define system behavior Describe outcome of executing system operation in terms of state changes to domain objects Emphasis on result(s) of operation Considered a formal approach when used rigorously

November 27, 2001Domain Modeling25 Pre and Post Conditions Premise: “Once we have defined the correctness of a software element as the consistency of its implementation with its specification, we should take steps to include the specification, together with the implementation, in the software itself. For most of the software community, this is still a novel idea...” -- Bertrand Meyer

November 27, 2001Domain Modeling26 Assertions Express the “what” in the code, that is, the software’s purpose States a property certain entities may satisfy at certain stages of software execution –e.g. X > 0 ; Ptr is not void. History lies in the mathematics of predicate calculus – not as powerful as that Often boolean expressions

November 27, 2001Domain Modeling27 Used in Semantic Specification Specify what is the useful task performed by the operation Two assertions –Precondition – states the properties that MUST hold whenever the routine is called –Postcondition – states the properties the routine GUARANTEES when it returns Often involves making the implicit explicit For example, in a stack class, put must not be applied to a full stack. When applied, it increases the number of elements by one.

November 27, 2001Domain Modeling28 Preconditions of a routine Applies to ALL calls of the routine –from within the class –from clients Correct system will never execute a call in a state that does not satisfy the precondition of the called routine –burden is on the caller to be certain the required state is true; easier to do if stated explicitly in the called routine –the abstract data type including the routine in question must provide the means to verify the precondition; e.g. stack class containing put must also include NotFull

November 27, 2001Domain Modeling29 Postconditions of a routine Properties of the state resulting from the routine’s execution –After put, stack is not empty, top is the element just pushed, number of elements has increased by one Expresses a guarantee that the routine will yield a state satisfying certain properties... assuming the precondition was satisfied prior to the execution

November 27, 2001Domain Modeling30 Present StateInput or EventActionOutputNext State ST1. Idlecard insertedrequest for PINWaiting for PIN ST2. Waiting for PINPIN entereddisplay asterisksValidating PIN ST3. Waiting for PINcanceldisplay msgEjecting ST4. Validating PINindicates “valid”display choicesWaiting for customer transaction choice ST5. Validating PINindicates “stolen”display “stolen” confiscating ST6. Validating PINindicates “invalid”display “invalid” Waiting for PIN ST7. Waiting for customer transaction choice Canceldisplay “cancel” Ejecting ST8. Waiting for customer transaction choice Balance Query selectedProcessing query continued on next slide

November 27, 2001Domain Modeling31 ST9. Waiting for customer transaction choice Withdrawal selectedProcessing w/d ST10. confiscatingCard confiscatedterminating ST11. Processing queryRejected for this userdisplay “rejected” Ejecting ST12. Processing queryQuery OKdisplay printing printing ST13. Processing withdrawal ok amountdisplay ok msgdispensing ST14. Processing withdrawal not ok amountdisplay refusalEjecting ST15. Printingtransaction completeprint receiptejecting ST16. Dispensingsufficient cash in ATMcashprinting ST17. Dispensinginsufficient cash in ATMdisp “insufficient cash” ejecting ST18. Ejectingcard ejection starteddisplay msg to take cardterminating ST19. terminatingcard ejection completedisplay ending msg idle

November 27, 2001Domain Modeling32 State Transition Diagram - incomplete Idle card inserted/ waiting for PIN PIN inserted/ validating PIN ejecting “cancel” “invalid” “stolen” confis- cating “valid” waiting for cust xaction “cancel” terminat- ing card ej complete card confis’d

November 27, 2001Domain Modeling33 What if assertions fail? If assertions are treated as comments, a run- time assertion violation will remain undetected If assertions are used to check that all is well, then during execution –the software monitors that assertions hold when they should –if one does not, it triggers an exception what happens THEN depends on the exception handling design and code

November 27, 2001Domain Modeling34 Primary emphasis re assertions Primary emphasis is on using assertions as a conceptual tool for analysis, design, implementation, and documentation... to build software in which reliability is built- in, rather than achieved after the fact through debugging.

November 27, 2001Domain Modeling35 Rights and Obligations By associating pre and postconditions with an operation, you tell its clients: If you promise to call r with the precondition satisfied then I, in return, promise to deliver a final state in which the postcondition is satisfied. Clarifies the terms of the relationship Contract between the operation (the supplier of a certain service) and its callers (the clients of that service)

November 27, 2001Domain Modeling36 What about contracts on public operations? We are focusing this week on the domain model and its public (system) operations – those triggered by external actors. But I said the burden of meeting the precondition is on the caller – the caller of a public operation may be a human. What do you think about preconditions of public operations?

November 27, 2001Domain Modeling37 Preconditions on User Input? A precondition can’t correct user input and the user wouldn’t know about a precondition A precondition on a public operation is not a reliability technique, it’s wishful thinking. The operation must check for the conditions that must be true and handle the situation appropriately if they do not hold. Validate items obtained from the outside world close to the source using “filters”.

November 27, 2001Domain Modeling38 Filter modules External items Filters – input & output validation modules (only pass along when preconditions are met. Processing modules (have preconditions) System

November 27, 2001Domain Modeling39 Zen and the art of software reliability Guarantee more by checking less The precondition is a benefit for the supplier. –If the client’s part of the contract is not fulfilled, the operation is not bound by the postcondition and can do what it pleases. Simplifies programming style – when writing the body of the operation, you may assume the precondition is satisfied

November 27, 2001Domain Modeling40 Strong defense or Negotiated Peace Defensive programming –“One is never too careful dealing with strangers.” –“Checking that the precondition holds is redundant if the caller checked but... while a redundant check might not help, at least it will not hurt.” Design by Contract –Redundant checks can and indeed will hurt. –In a macroscopic view if entire architecture, simplicity becomes a crucial criterion. –Redundancy leads to performance penalty –To get more reliability, check less... explicitly

November 27, 2001Domain Modeling41 Simplicity Complexity is the enemy of quality Redundant checks add to complexity Contract –identifies the consistency conditions necessary to proper functioning of each client-supplier cooperation –specifies whose responsibility it is to enforce them, the client’s responsibility (preconditions) or the supplier’s (postconditions) If not in the precondition, the operation is obligated to check for it.

November 27, 2001Domain Modeling42 Difference from Hardware Redundant checking is standard in hardware Why? A correct state may later have its integrity destroyed beyond the control of the system itself – wear and tear, interference, baseball bat, etc. Therefore: it’s normal for a sender and receiver, for example, to check the integrity of a signal. Software doesn’t wear out. If you do have an analogous situation, then redundant checks make sense.

November 27, 2001Domain Modeling43 Assertions are not Control Structures Assertions are not techniques to handle special cases by switching to the exception handler for the “else-part”. Special cases should be handled directly in the code as if... then... else or similar conditional constructs. Assertions express correctness conditions. –A call to put on a full stack is not a special case; the call is a bug. –A run-time assertion violation indicates a bug in the software, either in the client (precondition violation) or in the supplier (postcondition violation).

November 27, 2001Domain Modeling44 Reviews and Testing In early stages, make certain the pre and postconditions are the right ones to have! Preconditions –Something to check for explicitly in reviews Does every call ensure the precondition prior to the call? –If possible, set up precondition violation Postconditions –Formal methods – given the precondition and the code, prove the postcondition is true. –Informal approach – convince the reviewers –System test: test for postconditions of public operations

November 27, 2001Domain Modeling45 Sound familiar? The demanding approach to precondition design –does not attempt to be all things to all clients –insists each routine do a well-defined job and do it well –specify clearly what cases it cannot handle –leads to more likely re-usable –is applicable if the preconditions remain reasonable

November 27, 2001Domain Modeling46 Reasonable Preconditions Appears in the supplier module’s documentation so the client authors can know. It is possible to justify the need for the precondition in terms of the specification alone. –“Stack is not empty” is reasonable for pop because there is nothing to pop –RealSqrt(X) with precondition X >= 0 is reasonable because negative real numbers do not have real square roots

November 27, 2001Domain Modeling47 Reasonable by reason of implementation... Consider “Stack not full” as precondition for put If the specification describes a bounded stack, not arbitrary stacks, then the precondition is reasonable even though it arises from the implementation choices.

November 27, 2001Domain Modeling48 Precondition availability Every feature appearing in the precondition of a routine must be available to every client to which the routine is available. You cannot require something that the client is unable to check.

November 27, 2001Domain Modeling49 Class Invariants Global properties of the instances of a class which must be preserved by all routines that make up that class. For example, in a stack class where the stack has a maximum capacity, the number of elements on the stack is always between 0 and capacity. Pre and postconditions characterize individual operations

November 27, 2001Domain Modeling50 Class Invariants, cont. A class invariant may also express the semantic relations between functions or between functions and attributes. A class invariant is an assertion. –If assertions are not implemented, but are at least documented in the module itself, the intent of the designer can be maintained when the class is modified.

November 27, 2001Domain Modeling51 Class Invariants vary... briefly The invariant need not be satisfied at all times. A procedure may destroy the invariant and then re-establish it before terminating its execution.

November 27, 2001Domain Modeling52 What is the role of a class invariant? Because invariants capture the fundamental semantic constraints of a class, they change far less often. When functions are added, removed, or modified, they should be done in such a way that the invariant remains true. If the invariant must change, it should be raised to the level of serious consideration –ensure existing functions that satisfy the old one can satisfy the new one –it is a significant change, not an accidental side effect

November 27, 2001Domain Modeling53 More on role of class invariant Affects every contract in the class –The precondition and the invariant hold prior to execution –The postcondition and the invariant hold after execution Your job as implementer is: –easier if invariants are stated because you may assume the initial state satisfies the invariant –harder if invariants are stated because you must ensure the final state satisfies not only the postcondition but also the invariant. Like the kindergarten rule – leave the play area the way you would like to find it the next time

November 27, 2001Domain Modeling54 What does Correct mean? Usually “consistent with the specification” More specifically, –the class is correct if and only if its implementation, as given by the bodies of the operations, is consistent with the preconditions, postconditions, and invariant.

November 27, 2001Domain Modeling55 Using Assertions Help in writing correct software –spelling out exact requirements on each operation and global properties helps developers produce software that is correct the first time. –make it reliable BEFORE putting it into operation Documentation aid –Pre and postconditions and class invariants provide potential clients with concise, essential information Support for testing, debugging, and QA –monitoring preconditions as a debugging tool Support for software fault tolerance –especially in reuse where assumptions are long forgotten

November 27, 2001Domain Modeling56 A brief history Alan Turing, June 1950, encouraged the programmer to make a number of definite assertions which can be checked individually and from which the correctness of the whole program easily follows. Pioneer work on assertions –Bob Floyd, 1967; Tony Hoare, 1969; Taken further by –Edsger Dijkstra, 1976; David Gries, 1981

November 27, 2001Domain Modeling57 Bibliography Applying UML and Patterns - text Software Engineering Concepts, Richard Fairley, McGraw-Hill Series in Software Engineering and Technology, 1985, 364 pages. (possibly out of print now) ISBN Nothing overtly on OO; excellent concise coverage of historical concepts now used in OO. Object-Oriented Software Construction, 2 nd Edition, Bertrand Meyer, Prentice Hall PTR, 1997, 1,254 pages. Includes CD, ISBN (Extremely well-written and literate. Encyclopedic in scope. For example, about 100 pages on Design by Contract.)