Contracts: Preconditions and Postconditions
Chapter 2 • Object-Oriented Software Engineering
81
We already encountered system sequence diagrams in Section 2.2.4 above. As Figure 2-9 illustrates, in the design phase we are zooming-in inside the system and specifying how its
software objects interact to produce the behaviors observed by the actors.
Software designer’s key activity is assigning responsibilities to the acquired software objects. Figure 2-10 shows an example of responsibility assignment. Here the dilemma is, who should
invoke the method
setOpen
on the LockCtrl once the key validity is established? Although the Checker is the first to acquire the information about the key validity, we decide to assign the
responsibility to notify the LockCtrl to the Controller. This is because Controller would need to know this information anyway—to signal to the user the outcome of the key validity checking. In
this way we maintain the Checker focused on its specialty and avoid assigning too many responsibilities to it.
INTERACTION DIAGRAMS
select function“unlock
: System
User
«initiating actor» prompt for the key
enter key verify key
signal: valid key, lock open open the lock,
turn on the light
Timer
«offstage actor»
start duration“
checkKey sk := getNext
setOpentrue : Checker
: KeyStorage
val == null : setLittrue
alt val = null
[else]
ystem ystem
Controller : LockCtrl
System Sequence Diagram Design
Sequence Diagram
Figure 2-9: Designing object interactions: from system sequence diagrams to interaction diagrams. The magnifier glass symbolizes looking at interactions inside the system.
Ivan Marsic • Rutgers
University 82
♦
Interaction diagrams display protocols—permitted dynamic relations among objects in the course of a given activity. Here I highlight the main points and the reader should check the
details in a UML reference. You read a UML sequence diagram from the top down: •
At the top, each box represents an object, which may be named or not. If an object is named, the name is shown in the box to the left of the colon. The class to which the
object belongs is shown to the right of the colon.
• Each timeline dashed vertical line describes the world from the vantage point of the
object depicted at the top of the timeline. As a convention, time proceeds downward, although in a concurrent program the activities at the same level do not necessarily
occur at the same time see Section 5.3 below.
• Thin elongated boxes on a timeline represent the activities of the particular object the
boxesbars are optional and can be omitted •
Links solid horizontal lines with arrows between the timelines indicate the followed- by relation not necessarily the immediately-followed-by relation. The link is
annotated with a message being sent from one object to another or to itself.
• Normally, all “messages” are method calls and, as such, must return. This is denoted
by a dashed horizontal link at the bottom of an activity box, oriented opposite of the message arrow. Although this link is often omitted if the method has no return value,
the call returns nonetheless. I have noticed that some novices just keep drawing message arrows in one direction and forget that these must return at some point.
Our goal is to come up with a “good” design or, ideally, an
optimal design
. Unfortunately, at present software engineering discipline is unable to precisely specify the quantitative criteria for
evaluating designs. Some criteria are commonly accepted, but there is no systematic framework. For example, good software designs are characterized with
• Short communication chains between the objects
• Balanced workload across the objects
• Low degree of connectivity associations among the objects
While optimizing these parameters we must ensure that messages are sent in the correct order and other important constraints are satisfied. As already stated, there are no automated methods for
checkKey setOpentrue
: Checker : LockCtrl
?
a b
ok := checkKey setOpentrue
: Checker : LockCtrl
: Controller : Controller
Figure 2-10: Example of assigning responsibilities. a Once the Checker decides the key is valid, the LockCtrl should be notified to unlock the lock. Whose responsibility should this
be? b The responsibility is assigned to the Controller. See text for explanation.