CHAPTER 7

SYSTEM DESIGN
Decomposing the system
Addressing Design goals
 SYSTEM DESIGN
 System design is the transformation of an analysis model into a
system design model that takes into account the nonfunctional
requirements described in the requirements analysis document.

 Duringsystem design, we focus on the processes, data structures, and

software and hardware components necessary to implement it.
 OVERVIEW OF SYSTEM DESIGN

Figure 7-1 The activities of system design

 System Design Activities

8. Boundary
1. Design Goals Conditions
Definition Initialization
Trade-offs Termination
Failure
2. Subsystem Decomposition 7. Software
Layers vs Partitions Control
Coherence/Coupling
Monolithic
Event-Driven
3. Concurrency Conc. Processes
Identification of 4. Hardware/ 5. Data 6. Global Resource
Threads Software Mapping Management Handlung
Special Purpose Persistent Objects Access Control List
Buy vs Build File system vs Database vs Capabilities
Allocation of Resources Security
Connectivity
IDENTIFYING DESIGN GOALS
 The definition of design goals is the first step of system design.
 It identifies the qualities that our system should focus on.

 we can select design goals from a long list of highly desirable

qualities.
… CONT’D
 Performance criteria : include the speed and space requirements
imposed on the system.

Table 7-1 Performance criteria.

… CONT’D
 Dependabilitycriteria : determine how much effort should be
expended in minimizing system crashes and their consequences.

Table 7-2 Dependability criteria

… CONT’D
 Costcriteria : include the cost to develop the system, to deploy it,
and to administer it.

Table 7-3 Cost criteria

… CONT’D
 Maintenance criteria : determine how difficult it is to change the
system after deployment

Table 7-4 Maintenance criteria

… CONT’D
 End user criteria :include qualities that are desirable from a users’
point of view, but have not yet been covered under the performance and
dependability criteria.

Table 7-5 End user criteria

… CONT’D
 When defining design goals, only a small subset of these criteria can be
simultaneously taken into account.
 Developers need to prioritize design goals and trade them off against each other as
well as against managerial goals.

Table 7-6 Examples of

design goal trade-offs.
 System Design Activities
8. Boundary
 1. Design Goals Conditions
Definition Initialization
Trade-offs Termination
Failure
2. Subsystem Decomposition 7. Software
Layers vs Partitions Control
Coherence/Coupling
Monolithic
Event-Driven
3. Concurrency Conc. Processes
Identification of 4. Hardware/ 5. Data 6. Global Resource
Threads Software Mapping Management Handlung
Special Purpose Persistent Objects Access Control List
Buy vs Build File system vs Database vs Capabilities
Allocation of Resources Security
Connectivity
IDENTIFYING SUBSYSTEMS
 Finding subsystems during system design is similar to finding objects
during analysis.
 SUBSYSTEM DECOMPOSITION
 To reduce the complexity of the solution domain, systems are
decomposed into simpler parts, called subsystems.
 A subsystem is a replaceable part of the system with well-defined
interfaces that encapsulates the state and behavior of its contained
classes.
 A subsystem typically corresponds to the amount of work that a single
developer or a single development team can tackle.
 subsystems provide services to other subsystems.

 A service is a set of related operations that share a common purpose.

… CONT’D

Figure 7-2 Subsystem decomposition for an accident management system (UML component diagram)
… CONT’D

Figure 7-3 Services provided by the ResourceManagement subsystem

… CONT’D
 In UML, components can represent both logical and physical
components.
 A logical component corresponds to a subsystem that has no
explicit run-time equivalent for example, individual business
component.
 physical component corresponds to a subsystem that as an
explicit run-time equivalent, for example, a database server.
COUPLING AND COHESION
 Coupling is the number of dependencies between two subsystems.
 If two subsystems are strongly coupled, modifications to one subsystem
is likely to have impact on the other and if they are loosely coupled ,
modifications to one subsystem have little impact on the other.
 High coupling is an issue only if it is likely that any subsystem changes.
Figure 7-4 Example of reducing the coupling of subsystems
… CONT’D

 Cohesion is the number of dependencies within a subsystem.

 If a subsystem contains many objects that are related to each other
and perform similar tasks, its cohesion is high and vice versa.
 A desirable property of subsystem decomposition is that it leads to
subsystems with high cohesion.
 … CONT’D
 In general, there is a trade-off between cohesion and coupling.
 We can often increase cohesion by decomposing the system into smaller
subsystems. However, this also increases coupling as the number of
interfaces increases.
 A good heuristic is that developers can deal with 7 ± 2 concepts at any
one level of abstraction.
 If there are more than nine subsystems at any given level of abstraction, or
if a subsystem provides more than nine services, you should consider
revising the decomposition.
 A hierarchical decomposition of a system yields an ordered set of
LAYERS AND PARTITIONS

layers.
 A layer is a grouping of subsystems providing related services, possibly
realized using services from another layer.
 In a closed architecture, each layer can access only the layer
immediately below it. Ex (OSI model)
 In an open architecture, a layer can also access layers at deeper
levels.
 subsystem decomposition is the result of both partitioning and layering.

 Excessive partitioning or layering can increase complexity.

… CONT’D

Figure 7-5 Subsystem decomposition of a system into three layers

ARCHITECTURAL STYLES

Different types of architectural styles

1, repository architectural style subsystems access and modify a
single data structure called the central repository.

Figure 7-6 Repository architectural style

 … CONT’D

2, Model/View/Controller (MVC) architectural style: are classified into three

different types:
 model subsystems maintain domain knowledge
 view subsystems display it to the user
 controller subsystems manage the sequence of interactions with the
user.

Figure 7-7 MVC architectural style

 … CONT’D
3,client/server architectural style: a subsystem, the server, provides
services to instances of other subsystems called the clients, which are
responsible for interacting with the user.

Figure 7-8 client/server architectural style

… CONT’D
4, A peer-to-peer architectural style: is a generalization of the
client/server architectural style in which subsystems can act both as client
or as servers, in the sense that each subsystem can request and provide
services.

Figure 7-9 peer-to-peer architectural style

… CONT’D
5, Three-tier architectural style :organizes subsystems into three layers:

 The interface layer includes all boundary objects that deal with the
user, including windows, forms, web pages, and so on.
 The application logic layer includes all control and entity objects,
realizing the processing, rule checking, and notification required by
the application.
 The storage layer realizes the storage, retrieval, and query of
persistent objects.
… CONT’D

Figure 7-10 three tier architectural style

 … CONT’D
 Four-tier architectural style :is a three-tier architecture in which the
Interface layer is decomposed into a Presentation Client layer and a
Presentation Server layer.

 ThePresentation Client layer is located on the user machines, whereas

the Presentation Server layer can be located on one or more servers.
… CONT’D

Figure 7-11 Four tier architectural style

 System Design
8. Boundary
1. Design Goals Conditions
Definition Initialization
Trade-offs Termination
Failure
2. Subsystem Decomposition 7. Software
Layers vs Partitions Control
Coherence/Coupling
Monolithic
Event-Driven
3. Concurrency Conc. Processes
Identification of 4. Hardware/ 5. Data 6. Global Resource
Threads Software Mapping Management Handlung
Special Purpose Persistent Objects Access Control List
Buy vs Build File system vs Database vs Capabilities
Allocation of Resources Security
Connectivity
 CONCURRENCY
 Nonfunctional Requirements to be addressed: Performance, Response time, latency,
availability.
 Two objects are inherently concurrent if they can receive events at the same time
without interacting
 Source for identification: Objects in a sequence diagram that can simultaneously
receive events
 Un related events, instances of the same event

 Inherently concurrent objects can be assigned to different threads of control.

 Objects with mutual exclusive activity could be folded into a single thread of control.
THREAD OF CONTROL
 A thread of control is a path through a set of state diagrams on which a single
object is active at a time.
 A thread remains within a state diagram until an object sends an event to
different object and waits for another event.
 Thread splitting: Object does a non-blocking send of an event to another
object.
 Concurrent threads can lead to race conditions.
 A race condition (also race hazard) is a design flaw where the output of a
process is depends on the specific sequence of other events.
 The name originated in digital circuit design: Two signals racing each other to
influence the output.
 Assume: Initial
EXAMPLE: PROBLEM WITH THREADS balance = 200

:WithdrawCtrl :BankAccount :WithdrawCtrl

c1:Customer c2:Customer

withdraw(50)
getBalance()

Thread 1 200 withdraw(50)

getBalance()
computeNewBalance(200,50)
200
Thread 2
computeNewBalance(200,50)

setBalance(150)

setBalance(150)

Should BankAccount
be another Thread ?
Final
balance = 150 ??!
SOLUTION: SYNCHRONIZATION OF THREADS Initial
Single WithdrawCtrl
Instance balance = 200

:WithdrawCtrl :BankAccount
c1:Customer c2:Customer
Synchronized method

withdraw(50) getBalance()
withdraw(50)
200

computeNewBalance(200,50)

setBalance(150)

End
balance = 100
 CONCURRENCY QUESTIONS

 To identify threads for concurrency we ask the following questions:

Does the system provide access to multiple users?
Which entity objects of the object model can be executed
independently from each other?
What kinds of control objects are identifiable?
Can a single request to the system be decomposed into multiple
requests? Can these requests handled in parallel? (Example: a
distributed query)
IMPLEMENTING CONCURRENCY
 Concurrent systems can be implemented on any system that provides:-
 Physical concurrency: Threads are provided by hardware or
 Logical concurrency: Threads are provided by software
 Physical concurrency is provided by multiprocessors and computer
networks
 Logical concurrency is provided by thread packages.
… CONT’D

 In both cases, - physical concurrency as well as logical concurrency - we

have to solve the scheduling of these threads:
 Which thread runs when?
 Today’s operating systems provide a variety of scheduling mechanisms:
 Round robin, time slicing, collaborating processes, interrupt
handling …
 General question addresses starvation, deadlocks, fairness :- Topic for
researchers in operating systems.
 Sometimes we have to solve the scheduling problem ourselves
 Topic addressed by software control.
 System Design
8. Boundary
1. Design Goals Conditions
Definition Initialization
Trade-offs Termination
Failure
2. Subsystem Decomposition 7. Software
Layers vs Partitions Control
Coherence/Coupling
Monolithic
Event-Driven
3. Concurrency Conc. Processes
Identification of  4. Hardware/ 5. Data 6. Global Resource
Threads Software Mapping Management Handlung
Special Purpose Persistent Objects Access Control List
Buy vs Build Filesystem vs Database vs Capabilities
Allocation of Resources Security
Connectivity
 HARDWARE SOFTWARE MAPPING
 This system design activity addresses two questions:
 How shall we realize the subsystems: With hardware or with software?
 How do we map the object model onto the chosen hardware and/or
software?
 Mapping the Objects:

Processor, Memory, Input/output

 Mapping the Associations:

Network connections
MAPPING OBJECTS ONTO HARDWARE
 Control Objects -> Processor
Is the computation rate too demanding for a single processor?
Can we get a speedup by distributing objects across several
processors?
How many processors are required to maintain a steady state load?
 Entity Objects -> Memory
Is there enough memory to buffer bursts of requests?
 Boundary Objects -> Input/output Devices
Do we need an extra piece of hardware to handle the data generation
rates?
Can the desired response time be realized with the available
communication bandwidth between subsystems?
 MAPPING THE ASSOCIATIONS: CONNECTIVITY
 Describe the physical connectivity
(“physical layer in the OSI Reference Model”)
√ Describes which associations in the object model are mapped to

physical connections.
 Describe the logical connectivity (subsystem associations)

Associations that do not directly map into physical connections.

In which layer should these associations be implemented?
 Informal connectivity drawings often contain both types of connectivity

Practiced by many developers, sometimes confusing.

DistributedDatabaseArchitecture Tue, Oct 13, 1992 12:53 AM

EXAMPLE: INFORMAL CONNECTIVITY DRAWING

Application Application Application
Client Client Client

TCP/IP
Logical LAN
Connectivity
Communication
Agent for
Application Clients LAN Global
Data
Communication Server
Communication
Backbone Network Agent for Data
Agent for OODBMS
Server
Application Clients
Communication Global
Agent for Data Data
Server Server
LAN RDBMS
Ethernet Cat 5
Local Data Global Data
Physical
Server Server Connectivity
LOGICAL VS PHYSICAL CONNECTIVITY AND THE RELATIONSHIP TO
SUBSYSTEM LAYERING

Application Layer Application Layer

Presentation Layer Presentation Layer

Logical
Session Layer Connectivity
Session Layer
Bidirectional associa- tions for
each layer
Transport Layer Transport Layer

Network Layer Network Layer

Data Link Layer Data Link Layer

Physical
Physical Layer Physical Layer Connectivity

Processor 1 Processor 2
HARDWARE-SOFTWARE MAPPING DIFFICULTIES
 Much of the difficulty of designing a system comes from addressing
externally-imposed hardware and software constraints.
Certain tasks have to be at specific locations:-
√ Example: Withdrawing money from an ATM machine

Some hardware components have to be used from a specific

manufacturer:-
√ Example: To send DVB-T signals, the system has to use

components from a company that provides DVB-T transmitters.

 HARDWARE/SOFTWARE MAPPINGS IN UML
 A UML component is a building block of the system. It is represented as a rectangle with
a tabbed rectangle symbol inside
 Components have different lifetimes:
 Some exist only at design time
 Classes, associations

 Others exist until compile time

 Source code, pointers

 Some exist at link or only at runtime

 Linkable libraries, executable, addresses

 The Hardware/Software Mapping addresses dependencies and distribution issues of UML

components during system design.
TWO NEW UML DIAGRAM TYPES

 Deployment Diagram:
Illustrates the distribution of components at run-time.
Deployment diagrams use nodes and connections to depict the
physical resources in the system.
 Component Diagram:
Illustrates dependencies between components at design time,
compilation time and runtime.
DEPLOYMENT DIAGRAM
 Deployment diagrams are useful for showing a system design after these system design
decisions have been made:
 Subsystem decomposition
 Concurrency :PC :Server
 Hardware/Software Mapping
 A deployment diagram is a graph of nodes and connections (“communication
associations”)
 Nodes are shown as 3-D boxes
 Connections between nodes are shown as solid lines
 Nodes may contain components
 Components can be connected by “lollipops” and “grabbers”

 Components may contain objects (indicating that the object is part of the

component).
UML COMPONENT DIAGRAM
 Used to model the top-level view of the system design in terms of
components and dependencies among the components. Components can
be:-
 source code, linkable libraries, executables

 The dependencies (edges in the graph) are shown as dashed lines with
arrows from the client component to the supplier component:
 The lines are often also called connectors
 The types of dependencies are implementation language specific
 Informally also called “software wiring diagram“ because it show how the
software components are wired together in the overall application.
UML INTERFACES: LOLLIPOPS AND SOCKETS

 A UML interface describes a group of operations used or created by UML

components.
 There are two types of interfaces: provided and required interfaces. 
 A provided interface is modeled using the lollipop notation

 A required interface is modeled using the socket notation. 

 A port specifies a distinct interaction point between the component and its
environment.
 Ports are depicted as small squares on the sides of classifiers.
COMPONENT DIAGRAM EXAMPLE
DEPLOYMENT DIAGRAM EXAMPLE
DATA MANAGEMENT
 Some objects in the system model need to be persistent:
 Values for their attributes have a lifetime longer than a single
execution
 A persistent object can be realized with one of the following
mechanisms:
 File system:
 If the data are used by multiple readers but a single writer

 Database:
 If the data are used by concurrent writers and readers.
DATA MANAGEMENT QUESTIONS

 How often is the database accessed?

What is the expected request (query) rate? The worst case?
What is the size of typical and worst case requests?
 Do the data need to be archived?

 Should the data be distributed?

Does the system design try to hide the location of the databases
(location transparency)?
 Is there a need for a single interface to access the data?

What is the query format?

 Should the data format be extensible?
MAPPING OBJECT MODELS
 UML object models can be mapped to relational databases
 The mapping:

Each class is mapped to its own table

Each class attribute is mapped to a column in the table
An instance of a class represents a row in the table
One-to-many associations are implemented with a buried foreign
key
Many-to-many associations are mapped to their own tables
 Methods are not mapped
GLOBAL RESOURCE HANDLING
 Discusses access control
 Describes access rights for different classes of actors

 Describes how object guard against unauthorized access.

DEFINING ACCESS CONTROL
 In multi-user systems different actors usually have different access rights
to different functionality and data.
 How do we model these accesses?

During analysis we model them by associating different use cases with

different actors
During system design we model them determining which objects are
shared among actors.
ACCESS MATRIX
 Wemodel access on classes with an access matrix:
The rows of the matrix represents the actors of the system.
The column represent classes whose access we want to control.

 Access Right: An entry in the access matrix. It lists the operations

that can be executed on instances of the class by the actor.
ACCESS MATRIX EXAMPLE
Access right
GLOBAL RESOURCE QUESTIONS
 Does the system need authentication?
 If yes, what is the authentication scheme?

User name and password? Access control list

Tickets? Capability-based
 What is the user interface for authentication?

 Does the system need a network-wide name server?

 How is a service known to the rest of the system?

At runtime? At compile time?

By Port?
By Name?
 DECIDE ON SOFTWARE CONTROL
Two major design choices:
1. Choose implicit control
2. Choose explicit control
Centralized or decentralized
 Centralized control:
Procedure-driven: Control resides within program code.
Event-driven: Control resides within a dispatcher calling functions via
callbacks.
 Decentralized control
Control resides in several independent objects.
Examples: Message based system, RMI
Possible speedup by mapping the objects on different processors,
increased communication overhead.
CENTRALIZED VS. DECENTRALIZED DESIGNS
 Centralized Design
One control object or subsystem ("spider") controls everything
 Pro: Change in the control structure is very easy.

 Con: The single control object is a possible performance

bottleneck.
 Decentralized Design

Not a single object is in control, control is distributed; That means,

there is more than one control object.
 Pro: Fits nicely into object-oriented development.

 Con: The responsibility is spread out.

 … CONT’D
 Should you use a centralized or decentralized design?
 Take the sequence diagrams and control objects from the analysis model

 Check the participation of the control objects in the sequence diagrams

If the sequence diagram looks like a fork => Centralized design
If the sequence diagram looks like a stair => Decentralized design.
 BOUNDARY CONDITIONS
 Initialization
 The system is brought from a non-initialized state to steady-state
 Termination

 Resources are cleaned up and other systems are notified upon

termination
 Failure

 Possible failures: Bugs, errors, external problems

 Good system design foresees fatal failures and provides mechanisms to
deal with them.
BOUNDARY CONDITION QUESTIONS
 Initialization
 What data need to be accessed at startup time?
 What services have to registered?
 What does the user interface do at start up time?
 Termination
 Are single subsystems allowed to terminate?
 Are subsystems notified if a single subsystem terminates?
 How are updates communicated to the database?
 Failure

 How does the system behave when a node or communication link fails?
 How does the system recover from failure?
MODELING BOUNDARY CONDITIONS
 Boundary conditions are best modeled as use cases with actors and
objects.
 We call them boundary use cases or administrative use cases.

 Actor: often the system administrator

 Interesting use cases:

♯ Start up of a subsystem
♯ Start up of the full system
♯ Termination of a subsystem
♯ Error in a subsystem or component, failure of a subsystem or
component.
EXAMPLE: BOUNDARY USE CASE FOR ARENA

 Let us assume, we identified the subsystem AdvertisementServer

during system design
 This server takes a big load during the holiday season

 During hardware software mapping we decide to dedicate a special

node for this server
 For this node we define a new boundary use case ManageServer

 ManageServer includes all the functions necessary to start up and

shutdown the AdvertisementServer.
MANAGESERVER BOUNDARY USE CASE

<<include>>

StartServer
Server <<include>>
Administrator
ManageServer ShutdownServer

<<include>>

ConfigureServer
 SUMMARY
 System design activities:
 Concurrency identification
 Hardware/Software mapping
 Persistent data management
 Global resource handling
 Software control selection
 Boundary conditions
 Each of these activities may affect the subsystem decomposition

 Two new UML Notations

 UML Component Diagram: Showing compile time and runtime dependencies
between subsystems.
 UML Deployment Diagram: Drawing the runtime configuration of the system.