Professional Documents
Culture Documents
Quality Attribute Scnerios and Tactics - Bass - CH - 4-6
Quality Attribute Scnerios and Tactics - Bass - CH - 4-6
Quality Attribute Scnerios and Tactics - Bass - CH - 4-6
Part Two:
Creating an Architecture
2nd Ed.
Len Bass, Paul Clements, Rick Kazman
Chapter 4:
Understanding Quality Attributes
• ABC: business considerations determine qualities
that must be accommodated in a system’s
architecture.
• Systems are frequently redesigned not because
they’re functionally deficient - the replacements are
often functionally identical - but because they are
difficult to maintain, port, or scale, or are too slow, or
have been compromised by network hackers.
2
Functionality, Architecture, and Quality
Attributes
4
Key Message
• Architecture is critical to deliver quality
requirements, and these qualities should be designed
in and can be evaluated at the architectural level.
• Architecture, by itself, is unable to achieve qualities -
attention must be paid to the details.
• Within complex systems, quality attributes can never
be achieved in isolation. The achievement of one
will have an effect, positive or negative, on others.
5
Classes of Quality Attributes
Figure 4.1
8
A QA-specific Requirement
• Source of stimulus - generating entity
• Stimulus - arriving condition needing consideration
• Environment - system condition
• Artifact - part of or entire system
• Response - activity caused by the stimulus
• Response measure - measurable results that tests the
requirements
9
10
Modifiability Scenario
11
QUALITY ATTRIBUTE
SCENARIO GENERATION
14
failures and faults
17
Availability General Scenarios
• Already discussed
18
Failure classes
21
Modifiability General Scenarios
• Source of stimulus. This portion specifies who makes the
changes—the developer, a system administrator, or an end user.
Clearly, there must be machinery in place to allow the system
administrator or end user to modify a system, but this is a
common occurrence. In Figure 4.4, the modification is to be
made by the developer.
• Stimulus. This portion specifies the changes to be made. A
change can be the addition of a function, the modification of an
existing function, or the deletion of a function. It can also be
made to the qualities of the system—making it more responsive,
increasing its availability, and so forth. The capacity of the
system may also change. Increasing the number of simultaneous
users is a frequent requirement. In our example, the stimulus is a
request to make a modification, which can be to the function,
quality, or capacity. 22
• Artifact. This portion specifies what is to be changed—the functionality
of a system, its platform, its user interface, its environment, or another
system with which it interoperates. In Figure 4.4, the modification is to the
user interface.
• Environment. This portion specifies when the change can be made—
design time, compile time, build time, initiation time, or runtime. In our
example, the modification is to occur at design time.
• Response. Whoever makes the change must understand how to make it,
and then make it, test it and deploy it. In our example, the modification is
made with no side effects.
• Response measure. All of the possible responses take time and cost
money, and so time and cost are the most desirable measures. Time is not
always possible to predict, however, and so less ideal measures are
frequently used, such as the extent of the change (number of modules
affected). In our example, the time to perform the modification should be
less than three hours. 23
24
Performance (p. 82)
• Performance is about timing:
– interrupts, messages, requests from users, or the passage of
time
– basically: how long it takes the system to respond when an
event occurs
• Complexity:
– number of event sources & arrival patterns
– this characterization is the language to construct general
performance scenarios
25
Performance Scenarios
• Performance Scenarios:
– Start with a request for service arriving at the system.
Satisfying the request consumes resources. Usually
events are handled in parallel.
• Arrival Patterns:
– periodic - most often seen in real-time systems
– stochastic - events arrive according to some
probabilistic distribution
– sporadic - a pattern that can’t be represented by either
26
Sample Performance Scenario
Figure 4.5
27
General Scenarios
Table 4.3
28
Usability (p. 90)
Figure 4.8
30
31
32
33
Communicating Concepts
• Each attribute community has its own vocabulary;
different terms can mean the same thing.
• The problem is for the architect to understand
which stimuli represent the same occurrence,
which are aggregates of other stimuli, and which
are independent.
– Ex: a performance event may be atomic or an aggregate
of other lower-level occurrences.
34
General Scenarios
Table 4.7
35
Exercise: Quality attribute scenarios
37
Chapter 5:
Achieving Qualities
• The tactics used by the architect to create a design
using design patterns, architectural patterns, or
architectural strategies.
• An architectural pattern or strategy implements a
collection of tactics.
38
Introducing Tactics
• A tactic is a design decision that influences the
control of a quality attribute response.
• A collection of tactics is an architectural strategy
(more in Ch. 12).
• Tactics can refine other tactics: redundancy can be
refined into data or computational redundancy.
• Patterns package tactics: an availability pattern
uses both redundancy & synchronization tactics.
39
Availability Tactics
• Fault Detection
– Ping/echo
– Heartbeat
– Exceptions
• Fault Recovery
– Voting – space shuttle
– Active redundancy (hot restart)
– Passive redundancy (warm restart)
– Spare
– Shadow operation • Fault Prevention
– State synchronization – Removal from service
– Checkpoint/rollback – Transactions
– Process monitor
40
Modifiability Tactics
• Localize modifications
– Maintain semantic coherence
– Anticipate expected changes
– Generalize the module
– Limit possible options
41
Modifiability, con’t
• Prevent Ripple Effects
– There are eight types of dependencies:
1. Syntax of data and service
2. Semantics of data and service
3. Sequence of data and control
4. Identity of an interface of A
5. Location of A (runtime)
6. Quality of service/data provided by A
7. Existence of A
8. Resource behavior of A
42
Ripple Effects, con’t
• Hide information
• Maintain existing interfaces
– Adding interfaces
– Adding adapter
– Providing a stub A
• Restrict communication paths
• Use an intermediary
– Data (syntax)
– Service (syntax)
– Identity of an interface of A
– Location of A (runtime)
– Resource behavior of A or Resource controlled by A
– Existence of A
43
Modifiability, con’t
• Defer Binding Time
– Runtime registration
– Configuration files
– Polymorphism
– Component replacement
– Adherence to defined protocols
44
General Definition & Performance
Definition of tactics
46
Response Time
• Two basic contributors:
– resource consumption
• CPU, data stores, network communication bandwidth,
memory, buffers, etc.
– blocked time
• contention for resources
• availability of resources
• dependency on other computation
47
Resource Demand
• Event streams are the source of resource demand.
• Two characteristics:
– time between events in a stream
– how much of a resource is consumed by each request
• Tactic: reduce resources required to process an
event stream
– increase computational efficiency
– reduce computational overhead
48
Resource Demand, con’t
• Tactic: reduce the number of events processed
– manage event rate
– control frequency of sampling
• Tactic: control use of resources
– bound execution times
– bound queue lengths
49
Resource Management
• If the demand for resources isn’t controllable, they
might be managed by these tactics:
– introduce concurrency
– maintain multiple copies of either data or computations
– increase available resources
50
Resource Arbitration
• When there is contention for a resource, the
resource must be scheduled:
– processors, buffers, networks are all scheduled
• A scheduling policy has two parts:
– a priority assignment
– dispatching
51
Common Scheduling Policies
• First-in/First-out all requests are equal
• Fixed-priority scheduling are prioritized based on:
– semantic importance - statically assigned based on
domain characteristics (mainframes)
– deadline monotonic - statically assigned with higher
priority to streams with shorter deadlines (real-time)
– rate monotonic - statically assigned with higher priority
to streams with shorter periods (real-time)
52
Scheduling Policies, con’t
• Dynamic priority scheduling
– round robin
– earliest deadline first
• Static scheduling - cyclic executive schedule with
pre-emption points & sequence determined offline
53
Performance Tactic Hierarchy
Figure 5.7
54
Additional Tactics
• Security
– Resisting attacks
– Detecting attacks
– Recovering from attacks
• Testability
– Input/Output
– Internal monitoring
• Usability
– Runtime
– Design-time
55
Tactics & Patterns
• An architect usually chooses a pattern or collection of
patterns, but any pattern implements several tactics.
• Each of these is often concerned with different quality
attributes, & any implementation of the pattern makes
choices about tactics.
• So, the analysis process involves understanding all tactics
embedded in an implementation.
• The design process involves making a judicious choice of
what combination of tactics will achieve the system’s
desired goals.
56
Patterns & Styles
• Key features & rules for combining them to
preserve architectural integrity:
– a set of element types
– a topological layout indicating their
relationships
– a set of semantic constraints
– a set of interaction mechanisms that determine
coordination
57
Categorized Patterns
Figure 514
58
Chapter 6:
Air Traffic Control
• One of the most demanding of software
applications:
– Hard real time – timing deadlines must be met
absolutely
– Safety critical – human lives at stake
– Highly distributed – dozens of controllers at
wide geographic locations
– Intense public visibility – multibillion dollar
investment of public funds
59
ISSS
1. Ultrahigh availability - .99999 = unavailable for less than 5
minutes/year
2. High performance – process up to 2,440 aircraft without
“losing” any
3. Additional drivers:
• Openness – commercial components
• Designed for incremental deployment
• Modifiability in functionality and hardware upgrades
• Integratable with a bewildering set of external systems, some decades
old, others not yet built
• Users could reject delivery, even if operational requirements
were met!
60
Views
• Physical view – hardware, networks, peripherals
(Figure 6.5)
• Module decomposition view – CSCIs based on
semantic coherence:
– Display Management
– Common System Services – abstract common services
– Recording, Analysis, and Playback – testing
– Two others
61
Views, con’t
• Process view – uses several availability tactics:
– State resynchronization
– Shadowing
– Active redundancy
– Removal from service
• Layered view
• Fault tolerance view – C&C view identifying
exception handling and monitoring
62
Code Template
• Has architectural implications:
– Simple to add new applications to the system
– Developers don’t need to know details of message-
handling
– Developers don’t ensure fault tolerance
• Details in Figure 6.10
• Refinement of the “abstract common services”
tactic.
63