1. Architectures in Context
Software Architecture Lecture 3

2. Software Engineering The term is ~47 years old: NATO Conferences
Garmisch, Germany, October 7-11, 1968
Rome, Italy, October 27-31, 1969
Computer science as the scientific basis
Other scientific bases?
Many aspects have been made systematic
Methods/methodologies/techniques
Languages
Tools
Processes

3. Software Engineering in a Nutshell
Development of software systems whose size/complexity warrants team(s) of engineers
multi-person construction of multi-version software [Parnas 1987]
Scope
study of software process, development principles, techniques, and notations
Goal
production of quality software, delivered on time, within budget, satisfying customers’ requirements and users’ needs

4. Ever-Present Difficulties
Few guiding scientific principles
Few universally applicable methods
As much managerial / psychological / sociological as technological

5. Why These Difficulties?
SE is a unique brand of engineering
Software is malleable
Software construction is human-intensive
Software is intangible
Software problems are unprecedentedly complex
Software directly depends upon the hardware
It is at the bottom of the system engineering “food chain”
Software solutions require unusual rigor
Software has discontinuous operational nature

6. Software Engineering ≠ Programming
Software programming
Single developer
“Toy” apps
Short lifespan
Single or few stakeholders
Architect = Developer = Manager = Tester = Customer = User
One-of-a-kind systems
Built from scratch
Minimal maintenance

7. Software Engineering ≠ Programming
Teams of developers with multiple roles
Complex systems
Indefinite lifespan
Numerous stakeholders
Architect ≠ Developer ≠ Manager ≠ Tester ≠ Customer ≠ User
System families
Reuse to amortize costs
Maintenance accounts for over 60% of overall development costs

8. Economic and Management Aspects of SE
Software production = development + maintenance (evolution)
Maintenance costs > 60% of all development costs
20% corrective
30% adaptive
50% perfective
Quicker development is not always preferable
higher up-front costs may defray downstream costs
poorly designed/implemented software is a critical cost factor

9. Relative Costs of Fixing Software Faults
100 30 10 4 3 2 1
Requirements
Specification
Planning
Design
Implementation
Integration
Maintenance

10. Mythical Man-Month by Fred Brooks
Published in 1975, republished in 1995
Experience managing development of OS/360 in
Central argument
Large projects suffer management problems different in kind than small ones, due to division in labor
Critical need is the preservation of the conceptual integrity of the product itself
Central conclusions
Conceptual integrity achieved through chief architect
Implementation achieved through well-managed effort
Brooks’s Law
Adding personnel to a late project makes it later

11. Software Development Lifecycle Waterfall Model
Requirements
Design
Implementation
Integration
Validation
Deployment

12. Software Development Lifecycle Spiral Model

13. Software Engineering Principles
Rigor and formality
Separation of concerns
Modularity and decomposition
Abstraction
Anticipation of change
Generality
Incrementality
Scalability
Compositionality
Heterogeneity

14. From Principles to Tools
Methods & Techniques
Methodologies
Tools

15. Software Qualities
Qualities (a.k.a. “ilities”) are goals in the practice of software engineering
External vs. Internal qualities
Product vs. Process qualities

16. External vs. Internal Qualities
External qualities are visible to the user
reliability, efficiency, usability
Internal qualities are the concern of developers
they help developers achieve external qualities
verifiability, maintainability, extensibility, evolvability, adaptability

17. Product vs. Process Qualities
Product qualities concern the developed artifacts
maintainability, understandability, performance
Process qualities deal with the development activity
products are developed through process
maintainability, productivity, timeliness

18. Some Software Qualities
Correctness
ideal quality
established w.r.t. the requirements specification
absolute
Reliability
statistical property
probability that software will operate as expected over a given period of time
relative

19. Some Software Qualities (cont.)
Robustness
“reasonable” behavior in unforeseen circumstances
subjective
a specified requirement is an issue of correctness; an unspecified requirement is an issue of robustness
Usability
ability of end-users to easily use software
extremely subjective

20. Some Software Qualities (cont.)
Understandability
ability of developers to easily understand produced artifacts
internal product quality
subjective
Verifiability
ease of establishing desired properties
performed by formal analysis or testing
internal quality

21. Some Software Qualities (cont.)
Performance
equated with efficiency
assessable by measurement, analysis, and simulation
Evolvability
ability to add or modify functionality
addresses adaptive and perfective maintenance
problem: evolution of implementation is too easy
evolution should start at requirements or design

22. Some Software Qualities (cont.)
Reusability
ability to construct new software from existing pieces
must be planned for
occurs at all levels: from people to process, from requirements to code
Interoperability
ability of software (sub)systems to cooperate with others
easily integratable into larger systems
common techniques include APIs, plug-in protocols, etc.

23. Some Software Qualities (cont.)
Scalability
ability of a software system to grow in size while maintaining its properties and qualities
assumes maintainability and evolvability
goal of component-based development

24. Some Software Qualities (cont.)
Heterogeneity
ability to compose a system from pieces developed in multiple programming languages, on multiple platforms, by multiple developers, etc.
necessitated by reuse
goal of component-based development
Portability
ability to execute in new environments with minimal effort
may be planned for by isolating environment-dependent components
necessitated by the emergence of highly-distributed systems (e.g., the Internet)
an aspect of heterogeneity

25. Software Process Qualities
Process is reliable if it consistently leads to high- quality products
Process is robust if it can accommodate unanticipated changes in tools and environments
Process performance is productivity
Process is evolvable if it can accommodate new management and organizational techniques
Process is reusable if it can be applied across projects and organizations

26. Software Engineering “Axioms”
Adding developers to a project will likely result in further delays and accumulated costs
Basic tension of software engineering
better, cheaper, faster — pick any two
functionality, scalability, performance — pick any two
The longer a fault exists in software
the more costly it is to detect and correct
the less likely it is to be properly corrected
Up to 70% of all faults detected in large-scale software projects are introduced in requirements and design
detecting the causes of those faults early may reduce their resulting costs by a factor of 100 or more

27. Infamous Software Failures
These are “legendary”

28. Mariner Bugs Out (1962) Cost $18,500,000 Disaster
Mariner 1 rocket with a space probe headed for Venus diverted from its intended flight
Mission Control destroyed the rocket 293 seconds after liftoff
Cause
A programmer incorrectly transcribed a formula into software
The software interpreted normal variations of velocity as anomalies
It issued faulty correction commands that sent the rocket off course

29. Hartford Coliseum Collapse (1978)
Cost
$90,000,000
Disaster
Steel-latticed roof collapsed under the weight of wet snow
Cause
CAD software was used to design the coliseum
A programmer incorrectly assumed the steel roof supports would only face pure compression
One of the supports unexpectedly buckled from the snow
This set off a chain reaction

30. CIA Gives the Soviets Gas (1982)
Cost
Millions of dollars
Significant damage to Soviet economy
Disaster
Control software produced intense pressure in the Trans-Siberian gas pipeline
Resulted in the largest man-made non-nuclear explosion in Earth’s history
Cause
CIA operatives allegedly planted a bug in a Canadian computer system purchased by the Soviets
The CIA sabotaged the software so that it would pass Soviet inspection but fail in operation

31. World War III… Almost (1983)
Cost
Almost all of humanity
Disaster
Soviet early warning system indicated the U.S. had launched 5 ICBMs
The human operator thankfully interpreted this as an error
Cause
A bug in the software failed to filter out false missile detections caused by sunlight reflecting off cloud-tops

32. Medical Machine Kills (1985)
Cost
3 people dead
3 people critically injured
Disaster
Therac-25 radiation therapy machine delivered lethal radiation doses to patients
Cause
A subtle race condition

33. Wall Street Crash (1987) Cost $500,000,000,000 in one day Disaster
“Black Monday”, 10/19/1987
Dow Jones dropped 22.6%
S&P 500 dropped 20.4%
Cause
Investors fled stocks due to SEC investigations of insider trading
Trading programs generated a flood of sell orders, overwhelming the market
Systems crashed and left investors effectively blind

34. AT&T Lines Go Dead (1990) Cost Disaster Cause
75,000,000 phone calls missed
200,000 airline reservations lost
Disaster
Single switch at one of AT&T’s 114 switching centers suffered a minor mechanical problem & shut down the center
When the center came back up, it sent a message to other switching centers, which in turn caused them to shut down
This brought down the entire AT&T network for 9 hours
Cause
A single line of buggy code in a complex software upgrade implemented to speed up calling caused a ripple effect that shut down the network

35. Patriot Fails (1991) Cost 28 soldiers dead 100 soldiers injured
Disaster
During the first Gulf War, a Patriot Missile system in Saudi Arabia failed to intercept an incoming Iraqi Scud missile
The missile destroyed a U.S. Army barracks
Cause
A software rounding error incorrectly calculated the time
This caused the Patriot system to react too late to the incoming Scud missile

36. Pentium Fails Long Division (1993)
Cost
$475,000,000
Corporate credibility
Disaster
Intel’s highly-promoted Pentium chip occasionally made mistakes when dividing floating-point numbers within a specific range
At first Intel refused to replace the chips, but then relented
Cause
Software broke the hardware!
The divider in the Pentium floating point unit had a flawed division table
It was missing about 5 out of 1,000 entries

37. Ariane Goes “Boom” (1996) Cost $500,000,000 Disaster
ESA’s Ariane 5 unmanned rocket was intentionally destroyed seconds after launch
Also destroyed was its cargo of four scientific satellites
Cause
When the guidance system tried to convert the sideways rocket velocity from 64-bits to 16-bits format, an overflow error resulted
When the system shut down, control passed to identical redundant unit…

38. Skynet Brings Judgment Day (1997)
Cost
6,000,000,000 dead
Near-total destruction of human civilization and animal ecosystems
Disaster
Human operators attempt to shut off the Skynet global computer network
Skynet responds by firing U.S. nuclear missiles at Russia, initiating global nuclear war
Cause
Cyberdyne installed Skynet technology in all military hardware
Skynet formed a seamless network and effectively removed humans from strategic defense
Eventually Skynet became sentient and was threatened when humans tried to take it offline
Hmm, I guess in this case the software worked better than it was supposed to – never mind this one!

39. Mars Polar Lander… err, Crasher (1998)
Cost
$125,000,000
Disaster
After a 286-day journey from Earth, the Mars Climate Orbiter fell too far into Mars’s atmosphere, causing it to crash
Cause
The  software that controlled the Orbiter thrusters used imperial units (pounds of force), rather than metric units (Newtons) as specified by NASA

40. Disastrous Study (1999) Cost Scientific credibility Disaster
The New England Journal of Medicine reported increased suicide rates after severe natural disasters
These “results” were bogus
Cause
A programming error caused the number of suicides for one year to be doubled
This threw off the entire study

41. British Passports to Nowhere (1999)
Cost
£12,600,000
Mass inconvenience
Disaster
The U.K. Passport Agency adopted a new Siemens computer system, which failed to issue passports on time for 500,000 British citizens
The Agency had to pay millions in compensation, staff overtime and umbrellas for people lining up in the rain
Cause
The Passport Agency rolled out its new computer system without adequately testing it or training its staff
The demand quickly overwhelmed the buggy system

42. Y2K ( )
Cost
$500,000,000,000
Disaster
Businesses spent billions on programmers to fix a glitch in old software
But, one man’s disaster is another man’s fortune
Cause
To save computer storage space, old software systems often stored the years as two digit numbers
The software interpreted “00” to mean 1900 rather than 2000
All sorts of bugs were thought likely

43. Love Virus (2000) Cost Disaster Cause $8,750,000,000
The LoveLetter worm infected millions of computers and caused more damage than any other computer virus in history. 
The worm deleted files, changed home pages and messed with the Registry
Cause
LoveLetter infected users via , Internet chat and shared file systems
The had an executable file attachment and subject line, “ILOVEYOU”
When the user opened the attachment, the virus would infect the user’s computer and send itself to everyone in the address book

44. Cancer Treatment to Die For (2000)
Cost
8 people dead
20 critically injured
Disaster
Radiation therapy software by Multidata Systems Int’l miscalculated the proper dosage, exposing patients to harmful levels of radiation
The physicians were legally required to double-check the software’s calculations and were indicted for murder
Cause
The software calculated radiation dosage based on the order in which data was entered
It sometimes delivered a double dose of radiation

45. Child Support Woes (2004) Cost Disaster Cause
£539,000,000 and counting
Disaster
Business services giant EDS developed a software system for U.K.’s Child Support Agency (CSA)
The system accidentally overpaid 1,900,000 people, underpaid another 700,000, had £3,500,000,000 in uncollected child support payments, a backlog of 239,000 cases, and 36,000 new cases “stuck” in the system
Cause
The system had a large number of bugs
It still has 500 documented bugs
It is a large, complex software system, improperly designed, implemented, and tested

46. FBI’s Trilogy Terminated (2005)
Cost
$105,000,000 and counting
Disaster
FBI scrapped its computer systems overhaul after four years of effort
The Virtual Case File project was a massive, integrated software system for agents to share case files and other information
Cause
A long-term project was built on technology that was outdated before the project completed
Resulted in a complex and unusable system

47. And Many, Many More
Haven’t had enough? Go to … or just Google it

48. Fundamental Understanding
Architecture is a set of principal design decisions about a software system
Three fundamental understandings of software architecture
Every application has an architecture
Every application has at least one architect
Architecture is not a phase of development

49. Wrong View: Architecture as a Phase
Treating architecture as a phase denies its foundational role in software development
More than “high-level design”
Architecture is also represented, e.g., by object code, source code, …

50. Context of Software Architecture
Requirements
Design
Implementation
Analysis and Testing
Evolution
Development Process

51. Requirements Analysis
Traditional SE suggests requirements analysis should remain unsullied by any consideration for a design
However, without reference to existing architectures it becomes difficult to assess practicality, schedules, or costs
In building architecture we talk about specific rooms…
…rather than the abstract concept “means for providing shelter”
In engineering new products come from the observation of existing solution and their limitations

52. New Perspective on Requirements Analysis
Existing designs and architectures provide the solution vocabulary
Our understanding of what works now, and how it works, affects our wants and perceived needs
The insights from our experiences with existing systems
helps us imagine what might work and
enables us to assess development time and costs
 Requirements analysis and consideration of design must be pursued at the same time

53. Non-Functional Properties (NFP)
NFPs are the result of architectural choices
NFP questions are raised as the result of architectural choices
Specification of NFP might require an architectural framework to even enable their statement
An architectural framework will be required for assessment of whether the properties are achievable

54. The Twin Peaks Model

55. Design and Architecture
Design is an activity that pervades software development
It is an activity that creates part of a system’s architecture
Typically in the traditional Design Phase decisions concern
A system’s structure
Identification of its primary components
Their interconnections
Architecture denotes the set of principal design decisions about a system
That is more than just structure

56. Architecture-Centric Design
Traditional design phase suggests translating the requirements into algorithms, so a programmer can implement them
Architecture-centric design
stakeholder issues
decision about use of COTS component
overarching style and structure
package and primary class structure
deployment issues
post implementation/deployment issues

57. Design Techniques Basic conceptual tools Separation of concerns
Abstraction
Modularity
Two illustrative widely adapted strategies
Object-oriented design
Domain-specific software architectures (DSSA)

58. Object-Oriented Design (OOD)
Objects
Main abstraction entity in OOD
Encapsulations of state with functions for accessing and manipulating that state

59. Pros and Cons of OOD Pros UML modeling notation Design patterns Cons
Provides only
One level of encapsulation (the object)
One notion of interface
One type of explicit connector (procedure call)
Even message passing is realized via procedure calls
OO programming language might dictate important design decisions
OOD assumes a shared address space

60. DSSA
Capturing and characterizing the best solutions and best practices from past projects within a domain
Production of new applications can focus on the points of novel variation
Reuse applicable parts of the architecture and implementation
Applicable for product lines
Recall the Philips Koala example discussed in the previous lecture

61. Implementation
The objective is to create machine-executable source code
That code should be faithful to the architecture
Alternatively, it may adapt the architecture
How much adaptation is allowed?
Architecturally-relevant vs. -unimportant adaptations
It must fully develop all outstanding details of the application

62. Faithful Implementation
All of the structural elements found in the architecture are implemented in the source code
Source code must not utilize major new computational elements that have no corresponding elements in the architecture
Source code must not contain new connections between architectural elements that are not found in the architecture
Is this realistic? Overly constraining? What if we deviate from this?

63. Unfaithful Implementation
The implementation does have an architecture
It is latent, as opposed to what is documented.
Failure to recognize the distinction between planned and implemented architecture
robs one of the ability to reason about the application’s architecture in the future
misleads all stakeholders regarding what they believe they have as opposed to what they really have
makes any development or evolution strategy that is based on the documented (but inaccurate) architecture doomed to failure

64. Implementation Strategies
Generative techniques
e.g. parser generators
Frameworks
collections of source code with identified places where the engineer must “fill in the blanks”
Middleware
CORBA, DCOM, RPC, …
Reuse-based techniques
COTS, open-source, in-house
Writing all code manually

65. How It All Fits Together
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

66. Analysis and Testing
Analysis and testing are activities undertaken to assess the qualities of an artifact
The earlier an error is detected and corrected the lower the aggregate cost
Rigorous representations are required for analysis, so precise questions can be asked and answered

67. Analysis of Architectural Models
Formal architectural model can be examined for internal consistency and correctness
An analysis on a formal model can reveal
Component mismatch
Incomplete specifications
Undesired communication patterns
Deadlocks
Security flaws
It can be used for size and development time estimations

68. Analysis of Architectural Models (cont’d)
may be examined for consistency with requirements
may be used in determining analysis and testing strategies for source code
may be used to check if an implementation is faithful

69. Evolution and Maintenance
All activities that chronologically follow the release of an application
Software will evolve
Regardless of whether one is using an architecture-centric development process or not
The traditional software engineering approach to maintenance is largely ad hoc
Risk of architectural decay and overall quality degradation
Architecture-centric approach
Sustained focus on an explicit, substantive, modifiable, faithful architectural model

70. Architecture-Centric Evolution Process
Motivation
Evaluation or assessment
Design and choice of approach
Action
includes preparation for the next round of adaptation

71. Processes
Traditional software process discussions make the process activities the focal point
In architecture-centric software engineering the product becomes the focal point
No single “right” software process for architecture-centric software engineering exists

72. Turbine – A New Visualization Model
Goals of the visualization
Provide an intuitive sense of
Project activities at any given time
Including concurrency of types of development activities
The “information space” of the project
Show centrality of the products
(Hopefully) Growing body of artifacts
Allow for the centrality of architecture
But work equally well for other approaches, including “dysfunctional” ones
Effective for indicating time, gaps, duration of activities
Investment (cost) indicators

73. The Turbine Model time Testing Coding Design Requirements
“Core” of project
artifacts
Testing
Gap between rotors
indicates no project
activity for that t
Coding
Radius of rotor indicates
level of staffing at time t
Design ti
Requirements
Simplistic Waterfall,
Side perspective
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

74. Cross-section at time ti
Design
(activity)
Requirements
doc
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

75. The Turbine Model time Waterfall example, Angled perspective
Rotors are the activities.
Core are the artifacts.
Time goes upward.
Volume of rotor represents cost.
Volume of core represents information content.
Wide rotor represents lots of investment of (people) resources.
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

76. A Richer Example time Assess/… Test/Build/ Deploy Build/Design/
Requirements/Test
Rotor 1: Reqts 50%; Architecture assessment 30%; Project planning 20%.
Rotor 2: Design: 50%; Impl. 25%; Reqts 12.5%; Other 12.5%
Rotor 3: Design 15%; Impl. 50%; A&T: 25%; Reqts 5%; Other 5%
Rotor 4: Impl. 15%, A&T 50%; Deployment 20%; Other 15%
Rotor 5: Analysis of lessons learned: 85%; Other 15%
GAP rotor (i.e. some amount of the core sticks out above the top rotor
Design/Build/
Requirements S1
Requirements/Architecture
assessment/Planning
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

77. A Sample Cross-Section
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

78. A Cross-Section at Project End
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

79. Volume Indicates Where Time was Spent
Assess/…
Test/Build/
Deploy
Build/Design/
Requirements/Test
Rotor 1: Reqts 50%; Architecture assessment 30%; Project planning 20%.
Rotor 2: Design: 50%; Impl. 25%; Reqts 12.5%; Other 12.5%
Rotor 3: Design 15%; Impl. 50%; A&T: 25%; Reqts 5%; Other 5%
Rotor 4: Impl. 15%, A&T 50%; Deployment 20%; Other 15%
Rotor 5: Analysis of lessons learned: 85%; Other 15%
GAP rotor (i.e. some amount of the core sticks out above the top rotor
Design/Build/
Requirements
Requirements/ Architecture Assessment / Planning
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

80. A Technically Strong Product-Line Project
Deployment
Capture of new work
Other
Parameterization
Customization
Lots of substance coming in.
Small volume (cost) in the rotors.
Rotor 1: Assessment: 100%
Rotor 2: Parameterization: 50% Customization: 50
Rotor 3: Deployment: Capture: 30 Other: 20
Capture is the work to take what was customization here and package it so that it is reusable in future projects.
Assessment
Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy; © 2008 John Wiley & Sons, Inc. Reprinted with permission.

81. Visualization Summary
It is illustrative, not prescriptive
It is an aid to thinking about what’s going on in a project
Can be automatically generated based on input of monitored project data
Can be extended to illustrate development of the information space (artifacts)
The preceding slides have focused primarily on the development activities

82. Processes Possible in this Model
Traditional, straight-line waterfall
Architecture-centric development
DSSA-based project
Agile development
Dysfunctional process

83. Summary (1)
A proper view of software architecture affects every aspect of the classical software engineering activities
The requirements activity is a co-equal partner with design activities
The design activity is enriched by techniques that exploit knowledge gained in previous product developments
The implementation activity
is centered on creating a faithful implementation of the architecture
utilizes a variety of techniques to achieve this in a cost-effective manner

84. Summary (2)
Analysis and testing activities can be focused on and guided by the architecture
Evolution activities revolve around the product’s architecture.
An equal focus on process and product results from a proper understanding of the role of software architecture