Design and Software Architecture

Ch. 4 1

Design and Software Architecture

CSC 3910 Software Engineering

Time: 1:30 to 2:20 Meeting Days: MWF Location: Oxendine 1256

Textbook: Fundamentals of Software Engineering, Author: Carlo Ghezzi, et al, 2003, Pearson

Spring 2011

Ch. 4 2

Outline• What is design • How can a system be decomposed into modules • What is a module’s interface• What are the main relationships among modules• Prominent software design techniques and

information hiding• The UML collection of design notations• Design of concurrent and distributed software • Design patterns• Architectural styles• Component based software engineering

Ch. 4 3

What is design?

• Provides structure to any artifact• Decomposes system into parts,

assigns responsibilities, ensures that parts fit together to achieve a global goal

• Design refers to both an activity and the result of the activity

Ch. 4 4

Two meanings of "design“ activity in our context

• Activity that acts as a bridge between requirements and the implementation of the software

• Activity that gives a structure to the artifact – e.g., a requirements specification

document must be designed• must be given a structure that makes it

easy to understand and evolve

Ch. 4 5

The sw design activity

• Defined as system decomposition into modules

• Produces a Software Design Document– describes system decomposition into

modules

• Often a software architecture is produced prior to a software design

Ch. 4 6

Software architecture• Shows gross structure and organization of

the system to be defined• Its description includes description of

– main components of a system– relationships among those components– rationale for decomposition into its

components– constraints that must be respected by any

design of the components

• Guides the development of the design

Ch. 4 7

Two important goals

• Design for change (Parnas)– designers tend to concentrate on

current needs– special effort needed to anticipate

likely changes

• Product families (Parnas)– think of the current system under

design as a member of a program family

Ch. 4 8

Sample likely changes? (1)

• Algorithms– e.g., replace inefficient sorting

algorithm with a more efficient one• Change of data representation

– e.g., from binary tree to a threaded tree (see example)

17% of maintenance costs attributed to data representation changes (Lientz and Swanson, 1980)

Ch. 4 9

Example

Ch. 4 10

Sample likely changes? (2)

• Change of underlying abstract machine– new release of operating system– new optimizing compiler– new version of DBMS– …

• Change of peripheral devices• Change of "social" environment

– new tax regime– EURO vs national currency in EU

• Change due to development process (transform prototype into product)

Ch. 4 11

Product families• Different versions of the same system

– e.g. a family of mobile phones• members of the family may differ in network

standards, end-user interaction languages, …

– e.g. a facility reservation system• for hotels: reserve rooms, restaurant,

conference space, …, equipment (video beamers, overhead projectors, …)

• for a university– many functionalities are similar, some are different

(e.g., facilities may be free of charge or not)

Ch. 4 12

Design goal for family

• Design the whole family as one system, not each individual member of the family separately

Ch. 4 13

Sequential completion: the wrong way

• Design first member of product family

• Modify existing software to get next member products

Ch. 4 14

Sequential completion:a graphical view

Requirements

1

2

3

Version 1

Version 1

Version 25

Requirements

1

2

3

4 6

7 Version 3

4

Requirements

1

2

3

Version 2 5

Version 1

4

intermediate design

finalproduct

Ch. 4 15

How to do better

• Anticipate definition of all family members

• Identify what is common to all family members, delay decisions that differentiate among different members

• We will learn how to manage change in design

Ch. 4 16

Module

• A well-defined component of a software system

• A part of a system that provides a set of services to other modules– Services are computational elements

that other modules may use

Ch. 4 17

Questions

• How to define the structure of a modular system?

• What are the desirable properties of that structure?

Ch. 4 18

Modules and relations

• Let S be a set of modules S = {M1, M2, . . ., Mn}

• A binary relation r on S is a subset of

S x S

• If Mi and Mj are in S, <Mi, Mj> r can be written as Mi r Mj

Ch. 4 19

Relations• Transitive closure r+ of r

Mi r+ Mj iff

Mi r Mj or Mk in S such that Mi r Mk

and Mk r+ Mj

(We assume our relations to be irreflexive, i.e., Mi r Mi cannot hold)

• r is a hierarchy iff there are no two elements Mi, Mj s.t. Mi r+ Mj Mj r+ Mi

• For two modules A and B, A CALLS+ B implies that either A CALLS B directly or A CALLS B indirectly

USES• Mi uses Mj if Mj requires the presence of

Mj, because Mj provides a resource Mi needs to accomplish its task.

• If Mi USES Mj then Mi is a client of Mj and Mj is called a server.

• A USES relationship is established if module Mi accesses a resouce provided by module Mj

• Mi USES Mj if Mi contains a call to a procedure contained in Mj

Ch. 4 20

Ch. 4 21

Relations• USES is should be a hierarchy• Relations can be represented as

graphs• A hierarchy is a DAG (directed

acyclic graph)M1

M2M3

M4

M1,1 M1,2 M1,3

M1,2,1 M1,2,2

M1,2,1,1

M

M M

M M

M

1

2 3

4 5

6

a) b)

a graph

a DAG

Ch. 4 22

The USES relation

• A uses B– A requires the correct operation of B– A can access the services exported by

B through its interface– it is “statically” defined– A depends on B to provide its services

• example: A calls a routine exported by B

• A is a client of B; B is a server

Ch. 4 23

Desirable property

• USES should be a hierarchy• Hierarchy makes software easier

to understand– we can proceed from leaf nodes (who

do not use others) upwards

• They make software easier to build• They make software easier to test

Ch. 4 24

Hierarchy

• Organizes the modular structure through levels of abstraction

• Each level defines an abstract (virtual) machine for the next level– level can be defined precisely

• Mi has level 0 if no Mj exists s.t. Mi r Mj

• let k be the maximum level of all nodes Mj s.t. Mi r Mj. Then Mi has level k+1

Ch. 4 25

IS_COMPONENT_OF• Used to describe a higher level module as

constituted by a number of lower level modules

• A IS_COMPONENT_OF B– B consists of several modules, of which one is A

• B COMPRISES A

• MS,i={Mk|MkSMk IS_COMPONENT_OF Mi}

we say that MS,i IMPLEMENTS Mi

Ch. 4 26

A graphical view

M1

M M

M MM M M

2 4

5 67 8 9

M3

M MM M M5 67 8 9

M2 M3 M4

M1

(IS_COMPONENT_OF) (COMPRISES)

They are a hierarchy

Ch. 4 27

Product families

• Careful recording of (hierarchical) USES relation and IS_COMPONENT_OF supports design of program families

Ch. 4 28

Interface vs. implementation (1)

• To understand the nature of USES, we need to know what a used module exports through its interface

• The client imports the resources that are exported by its servers

• Modules implement the exported resources

• Implementation is hidden to clients

Ch. 4 29

Interface vs. implementation (2)

• Clear distinction between interface and implementation is a key design principle

• Supports separation of concerns– clients care about resources exported

from servers– servers care about implementation

• Interface acts as a contract between a module and its clients

Ch. 4 30

Interface vs. implementation (3)

interface is like the tip of the iceberg

Ch. 4 31

Information hiding

• Basis for design (i.e. module decomposition)• Implementation secrets are hidden to clients• They can be changed freely if the change

does not affect the interface• Golden design principle

– INFORMATION HIDING• Try to encapsulate changeable design decisions as

implementation secrets within module implementations

Ch. 4 32

How to design module interfaces?

• Example: design of an interpreter for language MINI– We introduce a SYMBOL_TABLE module

• provides operations to – CREATE an entry for a new variable – GET the value associated with a variable– PUT a new value for a given variable

– the module hides the internal data structure of the symbol table

– the data structure may freely change without affecting clients

Ch. 4 33

Interface design

• Interface should not reveal what we expect may change later

• It should not reveal unnecessary details

• Interface acts as a firewall preventing access to hidden parts

Ch. 4 34

Prototyping

• Once an interface is defined, implementation can be done – first quickly but inefficiently– then progressively turned into the

final version

• Initial version acts as a prototype that evolves into the final product

Ch. 4 35

More on likely changesan example

• Policies may be separated from mechanisms

• mechanism– ability to suspend and resume tasks in a

concurrent system

• policy– how do we select the next task to resume?

» different scheduling policies are available» they may be hidden to clients» they can be encapsulated as module secrets

Ch. 4 36

Design notations

• Notations allow designs to be described precisely

• They can be textual or graphic• We illustrate two sample notations

– TDN (Textual Design Notation)– GDN (Graphical Design Notation)

• We discuss the notations provided by UML

Ch. 4 37

TDN & GDN

• Illustrate how a notation may help in documenting design

• Illustrate what a generic notation may look like

• Are representative of many proposed notations

• TDN inherits from modern languages, like Java, Ada, …

Ch. 4 38

An example module X

uses Y, Z exports var A : integer;

type B : array (1. .10) of real; procedure C ( D: in out B; E: in integer; F: in real); Here is an optional natural-language description of what A, B, and C actually are, along with possible constraints or properties that clients need to know; for example, we might specify that objects of type B sent to procedure C should be initialized by the client and should never contain all zeroes.

implementation If needed, here are general comments about the rationale of the modularization, hints on the implementation, etc. is composed of R, T

end X

Ch. 4 39

Comments in TDN

• May be used to specify the protocol to be followed by the clients so that exported services are correctly provided– e.g., a certain operation which does

the initialization of the module should be called before any other operation

– e.g., an insert operation cannot be called if the table is full

Ch. 4 40

Example (cont.)module R uses Y exports var K : record . . . end;

type B : array (1. .10) of real;procedure C (D: in out B; E: in integer; F: in real);

implementation...

end R

module T uses Y, Z, R exports var A : integer;implementation

.

.

.

end T

Ch. 4 41

Benefits

• Notation helps describe a design precisely

• Design can be assessed for consistency– having defined module X, modules R and

T must be defined eventually• if not incompleteness

– R, T replace X either one or both must use Y, Z

Ch. 4 42

Example: a compilermodule COMPILERexports procedure MINI (PROG: in file of char;

CODE: out file of char);MINI is called to compile the program stored in PROG and produce the object code in file CODE

implementationA conventional compiler implementation. ANALYZER performs both lexical and syntactic analysis and produces an abstract tree, as well as entries in the symbol table; CODE_GENERATOR generates code starting from the abstract tree and information stored in the symbol table. MAIN acts as a job coordinator.

is composed of ANALYZER, SYMBOL_TABLE,ABSTRACT_TREE_HANDLER, CODE_GENERATOR, MAIN

end COMPILER

Ch. 4 43

Other modulesmodule MAINuses ANALYZER, CODE_GENERATORexports procedure MINI (PROG: in file of char;

CODE: out file of char);…end MAIN

module ANALYZERuses SYMBOL_TABLE, ABSTRACT_TREE_HANDLERexports procedure ANALYZE (SOURCE: in file of char);

SOURCE is analyzed; an abstract tree is produced by using the services provided by the tree handler, and recognized entities, with their attributes, are stored in the symbol table....

end ANALYZER

Ch. 4 44

Other modules

module CODE_GENERATORuses SYMBOL_TABLE, ABSTRACT_TREE_HANDLERexports procedure CODE (OBJECT: out file of char);

The abstract tree is traversed by using the operations exported by the ABSTRACT_TREE_HANDLER and accessing the information stored in the symbol table in order to generate code in the output file.…

end CODE_GENERATOR

Ch. 4 45

GDN description of module X

X

Y

Z A B

R T Module Module

Module

Module

Module

C

Ch. 4 46

X's decomposition

X

Y

Z B C

R T Module Module

Module

Module

Module

A

K

Ch. 4 47

Categories of modules

• Functional modules– traditional form of modularization– provide a procedural abstraction– encapsulate an algorithm

• e.g. sorting module, fast Fourier transform module, …

Ch. 4 48

Categories of modules (cont.)

• Libraries– a group of related procedural

abstractions• e.g., mathematical libraries

– implemented by routines of programming languages

• Common pools of data– data shared by different modules

• e.g., configuration constants– the COMMON FORTRAN construct

Ch. 4 49

Categories of modules (cont.)

• Abstract objects– Objects manipulated via interface

functions– Data structure hidden to clients

• Abstract data types– Many instances of abstract objects

may be generated

Ch. 4 50

Abstract objects: an example

• A calculator of expressions expressed in Polish postfix form

a*(b+c) abc+*• a module implements a stack

where the values of operands are shifted until an operator is encountered in the expression

(assume only binary operators)

Ch. 4 51

Example (cont.)

exportsprocedure PUSH (VAL: in integer);procedure POP_2 (VAL1, VAL2: out integer);

Interface of the abstract object STACK

Ch. 4 52

Design assessment

• How does the design anticipate change in type of expressions to be evaluated?– e.g., it does not adapt to unary

operators

Ch. 4 53

Abstract data types (ADTs)

• A stack ADT

module STACK_HANDLER exports

type STACK = ?; This is an abstract data-type module; the data structure is a secret hidden in the implementation part. procedure PUSH (S: in out STACK ; VAL: in integer); procedure POP (S: in out STACK ; VAL: out integer); function EMPTY (S: in STACK) : BOOLEAN; . . .

end STACK_HANDLER

indicates that details of thedata structure are hidden to clients

Ch. 4 54

ADTs

• Correspond to Java and C++ classes• Concept may also be implemented by Ada

private types and Modula-2 opaque types• May add notational details to specify if

certain built-in operations are available by default on instance objects of the ADT– e.g., type A_TYPE: ? (:=, =) indicates that

assignment and equality check are available

Ch. 4 55

An example:simulation of a gas station

module FIFO_CARSuses CARSexports

type QUEUE : ?; procedure ENQUEUE (Q: in out QUEUE ; C: in CARS);procedure DEQUEUE (Q: in out QUEUE ; C: out CARS);function IS_EMPTY (Q: in QUEUE) : BOOLEAN;function LENGTH (Q: in QUEUE) : NATURAL;procedure MERGE (Q1, Q2 : in QUEUE ; Q : out QUEUE);This is an abstract data-type module representing queues of cars, handled in a strict FIFO way; queues are not assignable or checkable for equality, since “:=” and “=” are not exported.…

end FIFO_CARS

Ch. 4 56

Generic modules (templates)

• They are parametric wrt a type

generic module GENERIC_STACK_2. . .

exportsprocedure PUSH (VAL : in T);procedure POP_2 (VAL1, VAL2 : out T);…

end GENERIC_STACK_2

Ch. 4 57

Instantiation

• Possible syntax:– module INTEGER_STACK_2 is

GENERIC_STACK_2 (INTEGER)

Ch. 4 58

More on genericity

• How to specify that besides a type also an operation must be provided as a parameter

generic module M (T) with OP(T)uses ...

...end M

• Instantiationmodule M_A_TYPE is M(A_TYPE) PROC(M_A_TYPE)

Ch. 4 59

Specific techniques for design for change

• Use of configuration constants– factoring constant values into

symbolic constants is a common implementation practice• e.g., #define in C

#define MaxSpeed 5600;

Ch. 4 60

Specific techniques for design for change (cont.)

• Conditional compilation...source fragment common to all versions...

# ifdef hardware-1...source fragment for hardware 1 ...# endif#ifdef hardware-2...source fragment for hardware 2 ...# endif

• Software generation– e.g., compiler compilers (yacc,

interface prototyping tools)

Ch. 4 61

Stepwise refinement• A systematic, iterative program

design technique that unfortunately may lead to software that is hard to evolve

• At each step, problem P decomposed into– sequence of subproblems: P1; P2; …Pn– a selection: if (cond) then P1 else P2– an iteration: while (cond) loop P1; end

loop

Ch. 4 62

Examplederivation of selection sort

Step 1let n be the length of the array a to be sorted;i := 1 ;while i < n loop

find the smallest of ai .. .an, and exchange it with the element at position i;i := i + 1;

end loop; 

Ch. 4 63

Step 2let n be the length of the array a to be

sorted;i := 1 ;while i < n loop

j := n;while j > i loop

if a(i) > a(j) theninterchange the

elements at positions j and i ;

end if;j := j - 1;

end loop;i := i + 1;

end loop;

Ch. 4 64

Step 3let n be the length of the array a to be

sorted;i := 1 ;while i < n loop

j := n;while j > i loop

if a(i) > a(j) thenx := a(i); a(i) := a(j); a(j) := x;

end if;j := j - 1;

end loop;i := i + 1;

end loop;

Ch. 4 65

Decomposition tree

• Stepwise refinement process may be depicted by a decomposition tree (DT)– root labeled by name of top problem– subproblem nodes labeled as children of

parent node corresponding to problem– children from left to right represent

sequential order of execution– if and while nodes denoted by suitable

decoration

Ch. 4 66

ExampleStep 1P; P problem to solve

Step 2P1; P2; P3; P decomposed into sequence

Step 3P1; while C loop

P2,1; P2 decomposed into a loop end loop;P3;

Step 4P1; while C loop

if C1 then P2,1 decomposed into selectionP2,1,1;

else P2,1,2;

end if;end loop;P3;

Ch. 4 67

Corresponding DT

P

P 1 P

2 P 3

P 2,1

P 2,1, 1 P

2,1, 2

C

C 1 not C

1

Ch. 4 68

Relation with IS_COMPOSED_OF

• Let M, M1, M2, M3 be modules representing P, P1, P2, P3

• We cannot write– M IS_COMPOSED_OF {M1,M2,M3}

• We need to add further module acting as glue to impose a sequential flow from M1 to M2 to M3

Ch. 4 69

An assessment of stepwise refinement (1)

• Stepwise refinement is a programming technique, not a modularization technique

• When used to decompose system into modules, it tends to analyze problems in isolation, not recognizing commonalities

• It does not stress information hiding

Ch. 4 70

An assessment of stepwise refinement (2)

• No attention is paid to data (it decomposes functionalities)

• Assumes that a top function exists– but which one is it in the case of an

operating system? or a word processor?

• Enforces premature commitment to control flow structures among modules

Ch. 4 71

Examplea program analyzer

Step 1Recognize a program stored in a given file f;

 Step 2

correct := true;analyze f according to the language

definition;if correct then

print message "program correct";else

print message "program incorrect";end if;

Ch. 4 72

Step 3correct := true;perform lexical analysis:

store program as token sequence in file ft and symbol table in file fs, and set error_in_lexical_phase accordingly;

if error_in_lexical_phase then correct := false;

else perform syntactic analysis and set Boolean variable error_in_syntactic_phase accordingly:if error_in_syntactic_phase then

correct := false;end if;

end if;if correct then

print message "program correct";else

print message "program incorrect";end if;

Ch. 4 73

Commitments

• Two passes– Lexical analysis comes first on the

entire program, producing two files

• What if we want to switch to a process driven by syntax analysis (it requests the lexical analyzer to provide a token when needed)– everything changes!!!

Ch. 4 74

A better design based on information hiding

• Module CHAR_HOLDER– hides physical representation of input file – exports operation to access source file on a

character-by-character basis

• Module SCANNER– hides details of lexical structure of the

language – exports operation to provide next token

• Module PARSER– hides data structure used to perform syntactic

analysis (abstract object PARSER)

Ch. 4 75

Top-down vs. bottom-up• Information hiding proceeds bottom-up• Iterated application of IS_COMPOSED_OF

proceeds top-down– stepwise refinement is intrinsically top-down

• Which one is best?– in practice, people proceed in both directions

• yo-yo design

– organizing documentation as a top-down flow may be useful for reading purposes, even if the process followed was not top-down

Ch. 4 76

Handling anomalies

• Defensive design• A module is anomalous if it fails to

provide the service as expected and as specified in its interface

• An exception MUST be raised when anomalous state is recognized

Ch. 4 77

How can failures arise?• Module M should fail and raise an

exception if – one of its clients does not satisfy the

required protocol for invoking one of M’s services

– M does not satisfy the required protocol when using one of its servers, and the server fails

– hardware generated exception (e.g., division by zero)

Ch. 4 78

What a module can do before failing

• Before failing, modules may try to recover from the anomaly by executing some exception handler (EH)– EH is a local piece of code that may try

to recover from anomaly (if successful, module does not fail)

– or may simply do some cleanup of the module’s state and then let the module fail, signaling an exception to its client

Ch. 4 79

Example

module Mexports . . .

procedure P (X: INTEGER; . . .) raises X_NON_NEGATIVE_EXPECTED,

INTEGER_OVERFLOW;X is to be positive; if not, exceptionX_NON_NEGATIVE_EXPECTED is raised;INTEGER_OVERFLOW is raised if internalcomputation of P generates an overflow

.

.

.

end M

Ch. 4 80

Example of exception propagation

module L

uses M imports P (X: INTEGER; . .) .) exports . . .;

procedure R ( . . .) raises INTEGER_OVERFLOW;

.

.

. implementation

If INTEGER_OVERFLOW is raised when P is invoked, the

exception is propagated . . .

end L

Ch. 4 81

Case study

• Compiler for the MIDI programming language

• The language is block-structured• It requires a symbol table module

that can cope with block static nesting

• We discuss here module SYMBOL_TABLE

Ch. 4 82

SYMBOL_TABLE (vers.1)module SYMBOL_TABLE

Supports up to MAX_DEPTH block nesting levelsuses ... imports (IDENTIFIER, DESCRIPTOR)exports procedure INSERT (ID: in IDENTIFIER;

DESCR: in DESCRIPTOR);procedure RETRIEVE (ID:in IDENTIFIER;

DESCR: out DESCRIPTOR);procedure LEVEL (ID: in IDENTIFIER; L:out INTEGER);procedure ENTER_SCOPE;procedure EXIT_SCOPE;

end SYMBOL_TABLE

procedure INIT (MAX_DEPTH: in INTEGER);

Ch. 4 83

Version 1 is not robust

• Defensive design should be applied• Exceptions must be raised in these cases:

– INSERT: insertion cannot be done because identifier with same name already exists in current scope

– RETRIEVE and LEVEL: identifier with specified name not visible

– ENTER_SCOPE: maximum nesting depth exceeded

– EXIT_SCOPE: no matching block entry exists

Ch. 4 84

SYMBOL_TABLE (vers.2) module SYMBOL_TABLE

uses ... imports (IDENTIFIER, DESCRIPTOR)

exports Supports up to MAX_DEPTH block nesting levels; INIT must be called before any other operation is invoked procedure INSERT (ID: in IDENTIFIER;

DESCR: in DESCRIPTOR)

raises MULTIPLE_DEF, procedure RETRIEVE (ID: in IDENTIFIER;

DESCR: out DESCRIPTOR)

raises NOT_VISIBLE; procedure LEVEL (ID: in IDENTIFIER;

L: out INTEGER)

raises NOT_VISIBLE; procedure ENTER_SCOPE raises EXTRA_LEVELS;

procedure EXIT_SCOPE raises EXTRA_END;

end SYMBOL_TABLE

procedure INIT (MAX_DEPTH: in INTEGER);

Ch. 4 85

SYMBOL_TABLE uses a list management module

generic module LIST(T) with MATCH (EL_1,EL_2: in T)exports

type LINKED_LIST:?;procedure IS_EMPTY (L: in LINKED_LIST): BOOLEAN;Tells whether the list is empty.procedure SET_EMPTY (L: in out LINKED_LIST); Sets a list to empty.procedure INSERT (L: in out LINKED_LIST; EL: in T);Inserts the element into the listprocedure SEARCH (L: in LINKED_LIST; EL_1: in T;

EL_2: out T; FOUND: out boolean);Searches L to find an element EL_2 thatmatches EL_1 and returns the result in FOUND.

end LIST(T)

Ch. 4 86

Concurrent software• The case of a module defining shared data• E.g., abstract object BUFFER

– module QUEUE_OF_CHAR is GENERIC_FIFO_QUEUE (CHAR)

– BUFFER : QUEUE_OF_CHAR.QUEUE

with operations– PUT: inserts a character in BUFFER– GET: extracts a character from BUFFER – NOT_FULL: returns true if BUFFER not full – NOT_EMPTY: returns true if BUFFER not empty

Ch. 4 87

How to control correct access to shared data?

• Not sufficient that clients check operation invocations, such as

if QUEUE_OF_CHAR.NOT_FULL (BUFFER) then QUEUE_OF_CHAR.PUT (X, BUFFER);

end if;

• Consumer_1 and Consumer_2 might do this concurrently

• if only one slot is left, both may find the buffer not full, the first who writes fills it, and the other writes in a full buffer

Ch. 4 88

Enforcing synchronization

• Ensure that operations on buffer are executed in mutual exclusion

• Ensure that operations such asif QUEUE_OF_CHAR.NOT_FULL (BUFFER)

then QUEUE_OF_CHAR.PUT (X, BUFFER);end if;

are executed as logically non-interruptible units

Ch. 4 89

Monitors

• Abstract objects used in a concurrent environment

• Available in the Java programming language

Ch. 4 90

Monitors: an example

concurrent module CHAR_BUFFER This is a monitor, i.e., an abstract object module in a concurrent environment

uses . . . exports

procedure PUT (C : in CHAR) requires NOT_FULL; procedure GET (C: out CHAR) requires NOT_EMPTY; NOT_EMPTY and NOT_FULL are hidden Boolean functions yielding TRUE if the buffer is not empty and not full, respectively. They are not exported as operations, because their purpose is only to delay the calls to PUT and GET if they are issued when the buffer is in a state where it cannot accept them . . .

end CHAR_BUFFER

Ch. 4 91

Comments

• Monitor operations are assumed to be executed in mutual exclusion

• A requires clause may be associated with an operation– it is automatically checked when

operation is called– if the result is false, the current process

is suspended until it becomes true (at that stage it becomes eligible for resumption)

Ch. 4 92

Monitor types: an example

generic concurrent module GENERIC_FIFO_QUEUE (EL) This is a generic monitor type, i.e., an abstract data type accessed in a concurrent environment

uses . . . exports

type QUEUE: ?; procedure PUT (Q1: in out QUEUE; E1: in EL)

requires NOT_FULL (Q1: QUEUE); procedure GET (Q2: in out QUEUE; E2: out EL)

requires NOT_EMPTY(Q2: QUEUE); . . .

end GENERIC_FIFO_QUEUE (EL)

Ch. 4 93

Guardians and rendez-vous

• The Ada style of designing concurrent systems

• In Ada a shared object is active (whereas a monitor is passive)– it is managed by a guardian process

which can accept rendez-vous requests from tasks willing to access the object

Ch. 4 94

A guardian task

loopselect

when NOT_FULL accept PUT (C: in CHAR);This is the body of PUT; the client calls it as if itwere a normal procedureend ;

orwhen NOT_EMPTY

accept GET (C: out CHAR);This is the body of GET; the client calls it as if itwere a normal procedure

end ;end select ;

end loop ;

note nondeterministic acceptance ofrendez-vous requests

Ch. 4 95

Real-time software

• Case where processes interact with the environment

• E.g., a put operation on a shared buffer is invoked by a plant sensor sending data to a controller– plant cannot be suspended if buffer full!

• design must ensure that producer never finds the buffer full

– this constrains the speed of the consumer process in the controller

Ch. 4 96

TDN description

concurrent module REACTIVE_CHAR_BUFFER This is a monitorlike object working in a real-time environment. uses . . . exports

reactive procedure PUT (C: in CHAR); PUT is used by external processes, and two consecutive PUT requests must arrive more than 5 msec apart; otherwise, some characters may be lost procedure GET (C: out CHAR); . . .

end REACTIVE_CHAR_BUFFER

Ch. 4 97

GDN description

Module

REACTIVE_CHAR_BUFFER

PUT GET

zig-zag arrow indicates asynchronous invocation

Ch. 4 98

Distributed software

• Issues to consider– module-machine binding– intermodule communication

• e.g., remote procedure call or message passing

– access to shared objects• may require replication for efficiency

reasons

Ch. 4 99

Client-server architecture

• The most popular distributed architecture

• Server modules provide services to client modules

• Clients and servers may reside on different machines

Ch. 4 100

Issues

• Binding modules to machines– static vs. dynamic (migration)

• Inter-module communication– e.g., RPC– IDL to define interface of remote

procedures

• Replication and distribution

Ch. 4 101

Middleware

• Layer residing between the network operating system and the application

• Helps building network applications• Provides useful services

– Name services, to find processes or resources on the network

– Communication services, such as message passing or RPC (or RMI)

Ch. 4 102

Object-oriented design

• One kind of module, ADT, called class

• A class exports operations (procedures) to manipulate instance objects– often called methods

• Instance objects accessible via references

Ch. 4 103

Syntactic changes in TDN

• No need to export opaque types– class name used to declare objects

• If a is a reference to an object– a.op (params);

Ch. 4 104

A further relation: inheritance

• ADTs may be organized in a hierarchy

• Class B may specialize class A– B inherits from A

conversely, A generalizes B• A is a superclass of B• B is a subclass of A

Ch. 4 105

An exampleclass EMPLOYEE exports

function FIRST_NAME(): string_of_char; function LAST_NAME(): string_of_char; function AGE(): natural; function WHERE(): SITE; function SALARY: MONEY; procedure HIRE (FIRST_N: string_of_char;

LAST_N: string_of_char; INIT_SALARY: MONEY);

Initializes a new EMPLOYEE, assigning a new identifier. procedure FIRE(); procedure ASSIGN (S: SITE); An employee cannot be assigned to a SITE if already assigned to it (i.e., WHERE must be different from S). It is the client’s responsibility to ensure this. The effect is to delete the employee from those in WHERE, add the employee to those in S, generate a new id card with security code to access the site overnight, and update WHERE.

end EMPLOYEE

Ch. 4 106

class ADMINISTRATIVE_STAFF inherits EMPLOYEE exports

procedure DO_THIS (F: FOLDER); This is an additional operation that is specific to administrators; other operations may also be added.

end ADMINISTRATIVE_STAFF class TECHNICAL_STAFF inherits EMPLOYEE exports

function GET_SKILL(): SKILL; procedure DEF_SKILL (SK: SKILL); These are additional operations that are specific to technicians; other operations may also be added.

end TECHNICAL_STAFF

Ch. 4 107

Inheritance• A way of building software

incrementally• A subclass defines a subtype

– subtype is substitutable for parent type• Polymorphism

– a variable referring to type A can refer to an object of type B if B is a subclass of A

• Dynamic binding – the method invoked through a reference

depends on the type of the object associated with the reference at runtime

Ch. 4 108

How can inheritance be represented?

• We start introducing the UML notation

• UML (Unified Modeling Language) is a widely adopted standard notation for representing OO designs

• We introduce the UML class diagram– classes are described by boxes

Ch. 4 109

UML representation of inheritance

EMPLOYEE

TECHNICAL_STAFF ADMINISTRATIVE_STAFF

Ch. 4 110

UML associations

• Associations are relations that the implementation is required to support

• Can have multiplicity constraints

TECHNICAL

_STAFF

MANAGER

PROJECT * 1 project_member

1

1..* manages

Ch. 4 111

Aggregation

• Defines a PART_OF relationDiffers from IS_COMPOSED_OF

Here TRANGLE has its own methodsIt implicitly uses POINT to define its data attributes

TRIANGLE

POINT

1

3

Ch. 4 112

More on UML

• Representation of IS_COMPONENT_OF via the package notation

package_name

Class 1

Class 2

Class 3

Ch. 4 113

Software architecture

• Describes overall system organization and structure in terms of its major constituents and their interactions

• Standard architectures can be identified– pipeline– blackboard– event based (publish-subscribe)

Ch. 4 114

Standard architectures

pipeline

event based

blackboard

Ch. 4 115

Domain specific architectures

"model–view–controller" architecture for software that has a significant amount of user interaction

Model (store data e.g. text)

Controller (interact with user; perform commands)

View (display model for user)

Ch. 4 116

Software components

• Goal– build systems out of pre-existing

libraries of components– as most mature engineering areas do

• Examples– STL for C++– JavaBeans and Swing for Java

Ch. 4 117

Component integration

• The CORBA (Common Object Request Broker Architecture) Middleware

• Clients and servers connected via an Object Request Broker (ORB)

• Interfaces provided by servers defined by an Interface Definition Language (IDL)

• In the Microsoft world: DCOM (Distributed Component Object Model)

Ch. 4 118

The CORBA architecture

Object Request Broker

CORBA Services

Application Objects

Domain Interfaces

CORBA Facilities

Ch. 4 119

Architectures for distributed systems

• From two tiered– Client-server

• to three tiered

Requests for service (database)

Web browser

(client)

Web server (server) Requests

for service (pages)

User interface

(client)

Decode

service

request (2nd tier)

Application

server (databse)