Download presentation
Presentation is loading. Please wait.
1
Architectures in Context
Software Architecture Lecture 3
2
Software Engineering The term is ~47 years old: NATO Conferences
Garmisch, Germany, October 7-11, 1968 Rome, Italy, October 27-31, 1969 Computer science as the scientific basis Other scientific bases? Many aspects have been made systematic Methods/methodologies/techniques Languages Tools Processes
3
Software Engineering in a Nutshell
Development of software systems whose size/complexity warrants team(s) of engineers multi-person construction of multi-version software [Parnas 1987] Scope study of software process, development principles, techniques, and notations Goal production of quality software, delivered on time, within budget, satisfying customers’ requirements and users’ needs
4
Ever-Present Difficulties
Few guiding scientific principles Few universally applicable methods As much managerial / psychological / sociological as technological
5
Why These Difficulties?
SE is a unique brand of engineering Software is malleable Software construction is human-intensive Software is intangible Software problems are unprecedentedly complex Software directly depends upon the hardware It is at the bottom of the system engineering “food chain” Software solutions require unusual rigor Software has discontinuous operational nature
6
Software Engineering ≠ Programming
Software programming Single developer “Toy” apps Short lifespan Single or few stakeholders Architect = Developer = Manager = Tester = Customer = User One-of-a-kind systems Built from scratch Minimal maintenance
7
Software Engineering ≠ Programming
Teams of developers with multiple roles Complex systems Indefinite lifespan Numerous stakeholders Architect ≠ Developer ≠ Manager ≠ Tester ≠ Customer ≠ User System families Reuse to amortize costs Maintenance accounts for over 60% of overall development costs
8
Economic and Management Aspects of SE
Software production = development + maintenance (evolution) Maintenance costs > 60% of all development costs 20% corrective 30% adaptive 50% perfective Quicker development is not always preferable higher up-front costs may defray downstream costs poorly designed/implemented software is a critical cost factor
9
Relative Costs of Fixing Software Faults
100 30 10 4 3 2 1 Requirements Specification Planning Design Implementation Integration Maintenance
10
Mythical Man-Month by Fred Brooks
Published in 1975, republished in 1995 Experience managing development of OS/360 in Central argument Large projects suffer management problems different in kind than small ones, due to division in labor Critical need is the preservation of the conceptual integrity of the product itself Central conclusions Conceptual integrity achieved through chief architect Implementation achieved through well-managed effort Brooks’s Law Adding personnel to a late project makes it later
11
Software Development Lifecycle Waterfall Model
Requirements Design Implementation Integration Validation Deployment
12
Software Development Lifecycle Spiral Model
13
Software Engineering Principles
Rigor and formality Separation of concerns Modularity and decomposition Abstraction Anticipation of change Generality Incrementality Scalability Compositionality Heterogeneity
14
From Principles to Tools
Methods & Techniques Methodologies Tools
15
Software Qualities Qualities (a.k.a. “ilities”) are goals in the practice of software engineering External vs. Internal qualities Product vs. Process qualities
16
External vs. Internal Qualities
External qualities are visible to the user reliability, efficiency, usability Internal qualities are the concern of developers they help developers achieve external qualities verifiability, maintainability, extensibility, evolvability, adaptability
17
Product vs. Process Qualities
Product qualities concern the developed artifacts maintainability, understandability, performance Process qualities deal with the development activity products are developed through process maintainability, productivity, timeliness
18
Some Software Qualities
Correctness ideal quality established w.r.t. the requirements specification absolute Reliability statistical property probability that software will operate as expected over a given period of time relative
19
Some Software Qualities (cont.)
Robustness “reasonable” behavior in unforeseen circumstances subjective a specified requirement is an issue of correctness; an unspecified requirement is an issue of robustness Usability ability of end-users to easily use software extremely subjective
20
Some Software Qualities (cont.)
Understandability ability of developers to easily understand produced artifacts internal product quality subjective Verifiability ease of establishing desired properties performed by formal analysis or testing internal quality
21
Some Software Qualities (cont.)
Performance equated with efficiency assessable by measurement, analysis, and simulation Evolvability ability to add or modify functionality addresses adaptive and perfective maintenance problem: evolution of implementation is too easy evolution should start at requirements or design
22
Some Software Qualities (cont.)
Reusability ability to construct new software from existing pieces must be planned for occurs at all levels: from people to process, from requirements to code Interoperability ability of software (sub)systems to cooperate with others easily integratable into larger systems common techniques include APIs, plug-in protocols, etc.
23
Some Software Qualities (cont.)
Scalability ability of a software system to grow in size while maintaining its properties and qualities assumes maintainability and evolvability goal of component-based development
24
Some Software Qualities (cont.)
Heterogeneity ability to compose a system from pieces developed in multiple programming languages, on multiple platforms, by multiple developers, etc. necessitated by reuse goal of component-based development Portability ability to execute in new environments with minimal effort may be planned for by isolating environment-dependent components necessitated by the emergence of highly-distributed systems (e.g., the Internet) an aspect of heterogeneity
25
Software Process Qualities
Process is reliable if it consistently leads to high- quality products Process is robust if it can accommodate unanticipated changes in tools and environments Process performance is productivity Process is evolvable if it can accommodate new management and organizational techniques Process is reusable if it can be applied across projects and organizations
26
Software Engineering “Axioms”
Adding developers to a project will likely result in further delays and accumulated costs Basic tension of software engineering better, cheaper, faster — pick any two functionality, scalability, performance — pick any two The longer a fault exists in software the more costly it is to detect and correct the less likely it is to be properly corrected Up to 70% of all faults detected in large-scale software projects are introduced in requirements and design detecting the causes of those faults early may reduce their resulting costs by a factor of 100 or more
27
Infamous Software Failures
These are “legendary”
28
Mariner Bugs Out (1962) Cost $18,500,000 Disaster
Mariner 1 rocket with a space probe headed for Venus diverted from its intended flight Mission Control destroyed the rocket 293 seconds after liftoff Cause A programmer incorrectly transcribed a formula into software The software interpreted normal variations of velocity as anomalies It issued faulty correction commands that sent the rocket off course
29
Hartford Coliseum Collapse (1978)
Cost $90,000,000 Disaster Steel-latticed roof collapsed under the weight of wet snow Cause CAD software was used to design the coliseum A programmer incorrectly assumed the steel roof supports would only face pure compression One of the supports unexpectedly buckled from the snow This set off a chain reaction
30
CIA Gives the Soviets Gas (1982)
Cost Millions of dollars Significant damage to Soviet economy Disaster Control software produced intense pressure in the Trans-Siberian gas pipeline Resulted in the largest man-made non-nuclear explosion in Earth’s history Cause CIA operatives allegedly planted a bug in a Canadian computer system purchased by the Soviets The CIA sabotaged the software so that it would pass Soviet inspection but fail in operation
31
World War III… Almost (1983)
Cost Almost all of humanity Disaster Soviet early warning system indicated the U.S. had launched 5 ICBMs The human operator thankfully interpreted this as an error Cause A bug in the software failed to filter out false missile detections caused by sunlight reflecting off cloud-tops
32
Medical Machine Kills (1985)
Cost 3 people dead 3 people critically injured Disaster Therac-25 radiation therapy machine delivered lethal radiation doses to patients Cause A subtle race condition
33
Wall Street Crash (1987) Cost $500,000,000,000 in one day Disaster
“Black Monday”, 10/19/1987 Dow Jones dropped 22.6% S&P 500 dropped 20.4% Cause Investors fled stocks due to SEC investigations of insider trading Trading programs generated a flood of sell orders, overwhelming the market Systems crashed and left investors effectively blind
34
AT&T Lines Go Dead (1990) Cost Disaster Cause
75,000,000 phone calls missed 200,000 airline reservations lost Disaster Single switch at one of AT&T’s 114 switching centers suffered a minor mechanical problem & shut down the center When the center came back up, it sent a message to other switching centers, which in turn caused them to shut down This brought down the entire AT&T network for 9 hours Cause A single line of buggy code in a complex software upgrade implemented to speed up calling caused a ripple effect that shut down the network
35
Patriot Fails (1991) Cost 28 soldiers dead 100 soldiers injured
Disaster During the first Gulf War, a Patriot Missile system in Saudi Arabia failed to intercept an incoming Iraqi Scud missile The missile destroyed a U.S. Army barracks Cause A software rounding error incorrectly calculated the time This caused the Patriot system to react too late to the incoming Scud missile
36
Pentium Fails Long Division (1993)
Cost $475,000,000 Corporate credibility Disaster Intel’s highly-promoted Pentium chip occasionally made mistakes when dividing floating-point numbers within a specific range At first Intel refused to replace the chips, but then relented Cause Software broke the hardware! The divider in the Pentium floating point unit had a flawed division table It was missing about 5 out of 1,000 entries
37
Ariane Goes “Boom” (1996) Cost $500,000,000 Disaster
ESA’s Ariane 5 unmanned rocket was intentionally destroyed seconds after launch Also destroyed was its cargo of four scientific satellites Cause When the guidance system tried to convert the sideways rocket velocity from 64-bits to 16-bits format, an overflow error resulted When the system shut down, control passed to identical redundant unit…
38
Skynet Brings Judgment Day (1997)
Cost 6,000,000,000 dead Near-total destruction of human civilization and animal ecosystems Disaster Human operators attempt to shut off the Skynet global computer network Skynet responds by firing U.S. nuclear missiles at Russia, initiating global nuclear war Cause Cyberdyne installed Skynet technology in all military hardware Skynet formed a seamless network and effectively removed humans from strategic defense Eventually Skynet became sentient and was threatened when humans tried to take it offline Hmm, I guess in this case the software worked better than it was supposed to – never mind this one!
39
Mars Polar Lander… err, Crasher (1998)
Cost $125,000,000 Disaster After a 286-day journey from Earth, the Mars Climate Orbiter fell too far into Mars’s atmosphere, causing it to crash Cause The software that controlled the Orbiter thrusters used imperial units (pounds of force), rather than metric units (Newtons) as specified by NASA
40
Disastrous Study (1999) Cost Scientific credibility Disaster
The New England Journal of Medicine reported increased suicide rates after severe natural disasters These “results” were bogus Cause A programming error caused the number of suicides for one year to be doubled This threw off the entire study
41
British Passports to Nowhere (1999)
Cost £12,600,000 Mass inconvenience Disaster The U.K. Passport Agency adopted a new Siemens computer system, which failed to issue passports on time for 500,000 British citizens The Agency had to pay millions in compensation, staff overtime and umbrellas for people lining up in the rain Cause The Passport Agency rolled out its new computer system without adequately testing it or training its staff The demand quickly overwhelmed the buggy system
42
Y2K ( ) Cost $500,000,000,000 Disaster Businesses spent billions on programmers to fix a glitch in old software But, one man’s disaster is another man’s fortune Cause To save computer storage space, old software systems often stored the years as two digit numbers The software interpreted “00” to mean 1900 rather than 2000 All sorts of bugs were thought likely
43
Love Virus (2000) Cost Disaster Cause $8,750,000,000
The LoveLetter worm infected millions of computers and caused more damage than any other computer virus in history. The worm deleted files, changed home pages and messed with the Registry Cause LoveLetter infected users via , Internet chat and shared file systems The had an executable file attachment and subject line, “ILOVEYOU” When the user opened the attachment, the virus would infect the user’s computer and send itself to everyone in the address book
44
Cancer Treatment to Die For (2000)
Cost 8 people dead 20 critically injured Disaster Radiation therapy software by Multidata Systems Int’l miscalculated the proper dosage, exposing patients to harmful levels of radiation The physicians were legally required to double-check the software’s calculations and were indicted for murder Cause The software calculated radiation dosage based on the order in which data was entered It sometimes delivered a double dose of radiation
45
Child Support Woes (2004) Cost Disaster Cause
£539,000,000 and counting Disaster Business services giant EDS developed a software system for U.K.’s Child Support Agency (CSA) The system accidentally overpaid 1,900,000 people, underpaid another 700,000, had £3,500,000,000 in uncollected child support payments, a backlog of 239,000 cases, and 36,000 new cases “stuck” in the system Cause The system had a large number of bugs It still has 500 documented bugs It is a large, complex software system, improperly designed, implemented, and tested
46
FBI’s Trilogy Terminated (2005)
Cost $105,000,000 and counting Disaster FBI scrapped its computer systems overhaul after four years of effort The Virtual Case File project was a massive, integrated software system for agents to share case files and other information Cause A long-term project was built on technology that was outdated before the project completed Resulted in a complex and unusable system
47
And Many, Many More Haven’t had enough? Go to … or just Google it
48
Fundamental Understanding
Architecture is a set of principal design decisions about a software system Three fundamental understandings of software architecture Every application has an architecture Every application has at least one architect Architecture is not a phase of development
49
Wrong View: Architecture as a Phase
Treating architecture as a phase denies its foundational role in software development More than “high-level design” Architecture is also represented, e.g., by object code, source code, …
50
Context of Software Architecture
Requirements Design Implementation Analysis and Testing Evolution Development Process
51
Requirements Analysis
Traditional SE suggests requirements analysis should remain unsullied by any consideration for a design However, without reference to existing architectures it becomes difficult to assess practicality, schedules, or costs In building architecture we talk about specific rooms… …rather than the abstract concept “means for providing shelter” In engineering new products come from the observation of existing solution and their limitations
52
New Perspective on Requirements Analysis
Existing designs and architectures provide the solution vocabulary Our understanding of what works now, and how it works, affects our wants and perceived needs The insights from our experiences with existing systems helps us imagine what might work and enables us to assess development time and costs Requirements analysis and consideration of design must be pursued at the same time
53
Non-Functional Properties (NFP)
NFPs are the result of architectural choices NFP questions are raised as the result of architectural choices Specification of NFP might require an architectural framework to even enable their statement An architectural framework will be required for assessment of whether the properties are achievable
54
The Twin Peaks Model
55
Design and Architecture
Design is an activity that pervades software development It is an activity that creates part of a system’s architecture Typically in the traditional Design Phase decisions concern A system’s structure Identification of its primary components Their interconnections Architecture denotes the set of principal design decisions about a system That is more than just structure
56
Architecture-Centric Design
Traditional design phase suggests translating the requirements into algorithms, so a programmer can implement them Architecture-centric design stakeholder issues decision about use of COTS component overarching style and structure package and primary class structure deployment issues post implementation/deployment issues
57
Design Techniques Basic conceptual tools Separation of concerns
Abstraction Modularity Two illustrative widely adapted strategies Object-oriented design Domain-specific software architectures (DSSA)
58
Object-Oriented Design (OOD)
Objects Main abstraction entity in OOD Encapsulations of state with functions for accessing and manipulating that state
59
Pros and Cons of OOD Pros UML modeling notation Design patterns Cons
Provides only One level of encapsulation (the object) One notion of interface One type of explicit connector (procedure call) Even message passing is realized via procedure calls OO programming language might dictate important design decisions OOD assumes a shared address space
60
DSSA Capturing and characterizing the best solutions and best practices from past projects within a domain Production of new applications can focus on the points of novel variation Reuse applicable parts of the architecture and implementation Applicable for product lines Recall the Philips Koala example discussed in the previous lecture
61
Implementation The objective is to create machine-executable source code That code should be faithful to the architecture Alternatively, it may adapt the architecture How much adaptation is allowed? Architecturally-relevant vs. -unimportant adaptations It must fully develop all outstanding details of the application
62
Faithful Implementation
All of the structural elements found in the architecture are implemented in the source code Source code must not utilize major new computational elements that have no corresponding elements in the architecture Source code must not contain new connections between architectural elements that are not found in the architecture Is this realistic? Overly constraining? What if we deviate from this?
63
Unfaithful Implementation
The implementation does have an architecture It is latent, as opposed to what is documented. Failure to recognize the distinction between planned and implemented architecture robs one of the ability to reason about the application’s architecture in the future misleads all stakeholders regarding what they believe they have as opposed to what they really have makes any development or evolution strategy that is based on the documented (but inaccurate) architecture doomed to failure
64
Implementation Strategies
Generative techniques e.g. parser generators Frameworks collections of source code with identified places where the engineer must “fill in the blanks” Middleware CORBA, DCOM, RPC, … Reuse-based techniques COTS, open-source, in-house Writing all code manually
65
How It All Fits Together
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
66
Analysis and Testing Analysis and testing are activities undertaken to assess the qualities of an artifact The earlier an error is detected and corrected the lower the aggregate cost Rigorous representations are required for analysis, so precise questions can be asked and answered
67
Analysis of Architectural Models
Formal architectural model can be examined for internal consistency and correctness An analysis on a formal model can reveal Component mismatch Incomplete specifications Undesired communication patterns Deadlocks Security flaws It can be used for size and development time estimations
68
Analysis of Architectural Models (cont’d)
may be examined for consistency with requirements may be used in determining analysis and testing strategies for source code may be used to check if an implementation is faithful
69
Evolution and Maintenance
All activities that chronologically follow the release of an application Software will evolve Regardless of whether one is using an architecture-centric development process or not The traditional software engineering approach to maintenance is largely ad hoc Risk of architectural decay and overall quality degradation Architecture-centric approach Sustained focus on an explicit, substantive, modifiable, faithful architectural model
70
Architecture-Centric Evolution Process
Motivation Evaluation or assessment Design and choice of approach Action includes preparation for the next round of adaptation
71
Processes Traditional software process discussions make the process activities the focal point In architecture-centric software engineering the product becomes the focal point No single “right” software process for architecture-centric software engineering exists
72
Turbine – A New Visualization Model
Goals of the visualization Provide an intuitive sense of Project activities at any given time Including concurrency of types of development activities The “information space” of the project Show centrality of the products (Hopefully) Growing body of artifacts Allow for the centrality of architecture But work equally well for other approaches, including “dysfunctional” ones Effective for indicating time, gaps, duration of activities Investment (cost) indicators
73
The Turbine Model time Testing Coding Design Requirements
“Core” of project artifacts Testing Gap between rotors indicates no project activity for that t Coding Radius of rotor indicates level of staffing at time t Design ti Requirements Simplistic Waterfall, Side perspective Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
74
Cross-section at time ti
Design (activity) Requirements doc Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
75
The Turbine Model time Waterfall example, Angled perspective
Rotors are the activities. Core are the artifacts. Time goes upward. Volume of rotor represents cost. Volume of core represents information content. Wide rotor represents lots of investment of (people) resources. Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
76
A Richer Example time Assess/… Test/Build/ Deploy Build/Design/
Requirements/Test Rotor 1: Reqts 50%; Architecture assessment 30%; Project planning 20%. Rotor 2: Design: 50%; Impl. 25%; Reqts 12.5%; Other 12.5% Rotor 3: Design 15%; Impl. 50%; A&T: 25%; Reqts 5%; Other 5% Rotor 4: Impl. 15%, A&T 50%; Deployment 20%; Other 15% Rotor 5: Analysis of lessons learned: 85%; Other 15% GAP rotor (i.e. some amount of the core sticks out above the top rotor Design/Build/ Requirements S1 Requirements/Architecture assessment/Planning Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
77
A Sample Cross-Section
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
78
A Cross-Section at Project End
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
79
Volume Indicates Where Time was Spent
Assess/… Test/Build/ Deploy Build/Design/ Requirements/Test Rotor 1: Reqts 50%; Architecture assessment 30%; Project planning 20%. Rotor 2: Design: 50%; Impl. 25%; Reqts 12.5%; Other 12.5% Rotor 3: Design 15%; Impl. 50%; A&T: 25%; Reqts 5%; Other 5% Rotor 4: Impl. 15%, A&T 50%; Deployment 20%; Other 15% Rotor 5: Analysis of lessons learned: 85%; Other 15% GAP rotor (i.e. some amount of the core sticks out above the top rotor Design/Build/ Requirements Requirements/ Architecture Assessment / Planning Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
80
A Technically Strong Product-Line Project
Deployment Capture of new work Other Parameterization Customization Lots of substance coming in. Small volume (cost) in the rotors. Rotor 1: Assessment: 100% Rotor 2: Parameterization: 50% Customization: 50 Rotor 3: Deployment: Capture: 30 Other: 20 Capture is the work to take what was customization here and package it so that it is reusable in future projects. Assessment Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.
81
Visualization Summary
It is illustrative, not prescriptive It is an aid to thinking about what’s going on in a project Can be automatically generated based on input of monitored project data Can be extended to illustrate development of the information space (artifacts) The preceding slides have focused primarily on the development activities
82
Processes Possible in this Model
Traditional, straight-line waterfall Architecture-centric development DSSA-based project Agile development Dysfunctional process
83
Summary (1) A proper view of software architecture affects every aspect of the classical software engineering activities The requirements activity is a co-equal partner with design activities The design activity is enriched by techniques that exploit knowledge gained in previous product developments The implementation activity is centered on creating a faithful implementation of the architecture utilizes a variety of techniques to achieve this in a cost-effective manner
84
Summary (2) Analysis and testing activities can be focused on and guided by the architecture Evolution activities revolve around the product’s architecture. An equal focus on process and product results from a proper understanding of the role of software architecture
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.