10

Process Overview

A software development process provides a basis for the organized production of software,
using a collection of predefined techniques and notations. The process in this book starts
with formulation of the problem, then continues through analysis, design, and implementa-
tion. The presentation of the stages is linear, but the actual process is seldom linear.

10.1 Development Stages

Software development has a sequence of well-defined stages, each with a distinct purpose,
input, and output.
■ System conception. Conceive an application and formulate tentative requirements.
■ Analysis. Deeply understand the requirements by constructing models. The goal of
analysis is to specify what needs to be done, not how it is done. You must understand a
problem before attempting a solution.
■ System design. Devise a high-level strategy—the architecture—for solving the appli-
cation problem. Establish policies to guide the subsequent class design.
■ Class design. Augment and adjust the real-world models from analysis so that they are
amenable to computer implementation. Determine algorithms for realizing the operations.
■ Implementation. Translate the design into programming code and database structures.
■ Testing. Ensure that the application is suitable for actual use and that it truly satisfies
the requirements.
■ Training. Help users master the new application.
■ Deployment. Place the application in the field and gracefully cut over from legacy ap-
plications.
■ Maintenance. Preserve the long-term viability of the application.

167
168 Chapter 10 / Process Overview

The entire process is seamless. You continually elaborate and optimize models as your focus
shifts from analysis to design to implementation. Throughout development the same con-
cepts and notation apply; the only difference is the shift in perspective from the initial em-
phasis on business needs to the later emphasis on computer resources.
An OO approach moves much of the software development effort up to analysis and de-
sign. It is sometimes disconcerting to spend more time during analysis and design, but this
extra effort is more than compensated by faster and simpler implementation. Because the re-
sulting design is cleaner and more adaptable, future changes are much easier.
Part 2 covers the first four topics and Part 3 covers implementation. In this book we em-
phasize development and only briefly consider testing, training, deployment, and mainte-
nance. These last four topics are important, but are not the focus of this book.

10.1.1 System Conception

System conception deals with the genesis of an application. Initially somebody thinks of an
idea for an application, prepares a business case, and sells the idea to the organization. The
innovator must understand both business needs and technological capabilities.

10.1.2 Analysis
Analysis focuses on creation of models. Analysts capture and scrutinize requirements by
constructing models. They specify what must be done, not how it should be done. Analysis
is a difficult task in its own right, and developers must fully understand the problem before
addressing the additional complexities of design. Sound models are a prerequisite for an ex-
tensible, efficient, reliable, and correct application. No amount of implementation patches
can repair an incoherent application and compensate for a lack of forethought.
During analysis, developers consider the available sources of information (documents,
business interviews, related applications) and resolve ambiguities. Often business experts are
not sure of the precise requirements and must refine them in tandem with software develop-
ment. Modeling quickens the convergence between developers and business experts, because
it is much faster to work with multiple iterations of models than with multiple implementa-
tions of code. Models highlight omissions and inconsistencies so that they can be resolved.
As developers elaborate and refine a model, it gradually becomes coherent.
There are two substages of analysis: domain analysis and application analysis. Domain
analysis focuses on real-world things whose semantics the application captures. For exam-
ple, an airplane flight is a real-world object that a flight reservation system must represent.
Domain objects exist independently of any application and are meaningful to business ex-
perts. You find them during domain analysis or by prior knowledge. Domain objects carry
information about real-world objects and are generally passive—domain analysis emphasiz-
es concepts and relationships, with much of the functionality being implicit in the class mod-
el. The job of constructing a domain model is mainly to decide which information to capture
and how to represent it.
Domain analysis is then followed by application analysis that addresses the computer
aspects of the application that are visible to users. For example, a flight reservation screen is
10.1 Development Stages 169

part of a flight reservation system. Application objects do not exist in the problem domain
and are meaningful only in the context of an application. Application objects, however, are
not merely internal design decisions, because the users see them and must agree with them.
The application model does not prescribe the implementation of the application. It describes
how the application appears from the outside—the black-box view of it. You cannot find ap-
plication classes with domain analysis, but you can often reuse them from previous applica-
tions. Otherwise, you must devise application objects during analysis as you think about
interfaces with other systems and how your application interacts with users.

10.1.3 System Design

During system design, the developer makes strategic decisions with broad consequences.
You must formulate an architecture and choose global strategies and policies to guide the
subsequent, more detailed portion of design. The architecture is the high-level plan or strat-
egy for solving the application problem. The choice of architecture is based on the require-
ments as well as past experience. If possible, the architecture should include an executable
skeleton that can be tested. The system designer must understand how a new system interacts
with other systems. The architecture must also support future modification of the applica-
tion.
For straightforward problems, preparation of the architecture follows analysis. Howev-
er, for large and complex problems their preparation must be interleaved. The architecture
helps to establish a model’s scope. In turn, modeling reveals important issues of strategy to
resolve. For large and complex problems, there is much interplay between the construction
of a model and the model’s architecture, and they must be built together.

10.1.4 Class Design

During class design, the developer expands and optimizes analysis models; there is a shift
in emphasis from application concepts toward computer concepts. Developers choose algo-
rithms to implement major system functions, but they should continue to defer the idiosyn-
crasies of particular programming languages.

10.1.5 Implementation
Implementation is the stage for writing the actual code. Developers map design elements to
programming language and database code. Often, tools can generate some of the code from
the design model.

10.1.6 Testing
After implementation, the system is complete, but it must be carefully tested before being
commissioned for actual use. The ideas that inspired the original project should have been
nurtured through the previous stages by the use of models. Testers once again revisit the orig-
inal business requirements and verify that the system delivers the proper functionality. Test-
ing can also uncover accidental errors (bugs) that have been introduced. If an application
runs on multiple hardware and operating system platforms, it should be tested on all of them.
170 Chapter 10 / Process Overview

Developers should check a program at several levels. Unit tests exercise small portions
of code, such as methods or possibly entire classes. Unit tests discover local problems and
often require that extra instrumentation be built into the code. System tests exercise a major
subsystem or the entire application. In contrast to unit tests, system tests can discover broad
failures to meet specifications. Both unit and system tests are necessary. Testing should not
wait until the entire application is coded. It must be planned from the beginning, and many
tests can be performed during implementation.

10.1.7 Training
An organization must train users so that they can fully benefit from an application. Training
accelerates users on the software learning curve. A separate team should prepare user docu-
mentation in parallel to the development effort. Quality control can then check the software
against the user documentation to ensure that the software meets its original goals.

10.1.8 Deployment
The eventual system must work in the field, on various platforms and in various configura-
tions. Unexpected interactions can occur when a system is deployed in a customer environ-
ment. Developers must tune the system under various loads and write scripts and install
procedures. Some customers will require software customizations. Staff must also localize
the product to different spoken languages and locales. The result is a usable product release.

10.1.9 Maintenance
Once development is complete and a system has been deployed, it must be maintained for con-
tinued success. There are several kinds of maintenance. Bugs that remain in the original system
will gradually appear during use and must be fixed. A successful application will also lead to
enhancement requests and a long-lived application will occasionally have to be restructured.
Models ease maintenance and transitions across staff changes. A model expresses the
business intent for an application that has been driven into the programming code, user in-
terface, and database structure.

10.2 Development Life Cycle

An OO approach to software development supports multiple life-cycle styles. You can use a
waterfall approach performing the phases of analysis, design, and implementation in strict
sequence for the entire system. However, we typically recommend an iterative development
strategy. We summarize the distinction here and elaborate in Chapter 21.

10.2.1 Waterfall Development

The waterfall approach dictates that developers perform the software development stages in
a rigid linear sequence with no backtracking. Developers first capture requirements, then
construct an analysis model, then perform a system design, then prepare a class design, fol-
10.3 Chapter Summary 171

lowed by implementation, testing, and deployment. Each stage is completed in its entirety
before the next stage is begun.
The waterfall approach is suitable for well-understood applications with predictable
outputs from analysis and design, but such applications seldom occur. Too many organiza-
tions attempt to follow a waterfall when requirements are fluid. This leads to the familiar sit-
uation where developers complain about changing requirements, and the business complains
about inflexible software development. A waterfall approach also does not deliver a useful
system until completion. This makes it difficult to assess progress and correct a project that
has gone awry.

10.2.2 Iterative Development

Iterative development is more flexible. First you develop the nucleus of a system—analyz-
ing, designing, implementing, and delivering working code. Then you grow the scope of the
system, adding properties and behavior to existing objects, as well as adding new kinds of
objects. There are multiple iterations as the system evolves to the final deliverable.
Each iteration includes a full complement of stages: analysis, design, implementation,
and testing. Unlike the strict sequence of the waterfall method, iterative development can in-
terleave the different stages and need not construct the entire system in lock step. Some parts
may be completed early, while other, less crucial parts are completed later. Each iteration ul-
timately yields an executable system that can be integrated and tested. You can accurately
gauge progress and make adjustments to your plans based on feedback from the early itera-
tions. If there is a problem, you can move backward to an earlier stage for rework.
Iterative development is the best choice for most applications because it gracefully re-
sponds to change and minimizes risk of failure. Management and business users get early
feedback about progress.

10.3 Chapter Summary

A software engineering process provides a basis for the organized production of software.
There is a sequence of well-defined stages that you can apply to each of the pieces of a sys-
tem. For example, parallel development teams might develop a database design, key algo-
rithms, and a user interface. An iterative development of software is flexible and responsive
to evolving requirements. First you prepare a nucleus of a system, and then you successively
grow its scope until you realize the final desired software.

analysis domain analysis system conception

application analysis implementation system design
architecture iterative development testing
class design life cycle training
deployment maintenance waterfall development

Figure 10.1 Key concepts for Chapter 10

172 Chapter 10 / Process Overview

Bibliographic Notes
The class design stage is renamed from object design in the first edition of this book.

Exercises
10.1 (2) It seems there is never enough time to do a job right the first time, but there is always time
to do it over. Discuss how the approach presented in this chapter overcomes this tendency of
human behavior. What kinds of errors do you make if you rush into the implementation phase
of a software project? Compare the effort required to prevent errors with that needed to detect
and correct them.
10.2 (4) This book explains how to use OO techniques to implement programs and databases. Dis-
cuss how OO techniques could be applied in other areas, such as language design, knowledge
representation, and hardware design.
11
System Conception

System conception deals with the genesis of an application. Initially some person, who un-
derstands both business needs and technology, thinks of an idea for an application. Develop-
ers must then explore the idea to understand the needs and devise possible solutions. The
purpose of system conception is to defer details and understand the big picture—what need
does the proposed system meet, can it be developed at a reasonable cost, and will the demand
for the result justify the cost of building it?
This chapter introduces the automated teller machine (ATM) case study that threads
throughout the remainder of the book.

11.1 Devising a System Concept

Most ideas for new systems are extensions of existing ideas. For example, a human relations
department may have a database of employee benefit choices and require that a clerk enter
changes. An obvious extension is to allow employees to view and enter their own changes.
There are many issues to resolve (security, reliability, privacy, and so on), but the new idea
is a straightforward extension of an existing concept.
Occasionally a new system is a radical departure from the past. For example, an online
auction automates the ancient idea of buyers bidding against each other for products, but the
first online auction systems were brand new software. The concept became feasible when
several enabling technologies came into place: the Internet, widespread personal computer
access, and reliable servers. The large customer base and low unit cost due to automation
changed the nature of auctions—an online auction can sell inexpensive items and still make
a profit. In addition, online systems have made the auction process concurrent and distribut-
ed.
Here are some ways to find new system concepts.
■ New functionality. Add functionality to an existing system.

173
174 Chapter 11 / System Conception

■ Streamlining. Remove restrictions or generalize the way a system works.

■ Simplification. Let ordinary persons perform tasks previously assigned to specialists.
■ Automation. Automate manual processes.
■ Integration. Combine functionality from different systems.
■ Analogies. Look for analogies in other problem domains and see if they have useful
ideas.
■ Globalization. Travel to other countries and observe their cultural and business practic-
es.

11.2 Elaborating a Concept

Most systems start as vague ideas that need more substance. A good system concept must
answer the following questions.
■ Who is the application for? You should clearly understand which persons and organi-
zations are stakeholders of the new system. Two of the most important kinds of stake-
holders are the financial sponsors and the end users.
The financial sponsor are important because they are paying for the new system.
They expect the project to be on schedule and within budget. You should get the finan-
cial sponsors to agree to some measure of success. You need to know when the system
is complete and meets their expectations.
The users are also stakeholders, but in another sense. The users will ultimately de-
termine the success of the new system by an increase (or decrease) in their productivity
or effectiveness. Users can help you if they are receptive and provide critical comments.
They can improve your system by telling you what is missing and what could be im-
proved. In general, users will not consider new software unless they have a compelling
interest—either personal or business. You should try to help them find a vested interest
in your project so that you can obtain their buy-in. If you cannot get their buy-in, you
should question the need for the project and reconsider doing it.
■ What problems will it solve? You must clearly bound the size of the effort and estab-
lish its scope. You should determine which features will be in the new system and which
will not. You must reach various kinds of users in different organizations with their own
viewpoints and political motivations. You must not only decide which features are ap-
propriate, but you must also obtain the agreement of influential persons.
■ Where will it be used? At this early stage, it is helpful to get a general idea of where
the new system might be used. You should determine if the new system is mission-crit-
ical software for the organization, experimental software, or a new capability that you
can deploy without disrupting the workflow. You should have a rough idea about how
the new system will complement the existing systems. It is important to know if the soft-
ware will be used locally or will be distributed via a network. For a commercial product,
you should characterize the customer base.
11.2 Elaborating a Concept 175

■ When is it needed? Two aspects of time are important. The first is the feasible time, the
time in which the system can be developed within the constraints of cost and available
resources. The other is the required time, when the system is needed to meet business
goals. You must make sure that the timing expectations driven by technical feasibility
are consistent with the timing the business requires. If there is a disconnect, you must
initiate a dialogue between technologists and business experts to reach a solution.
■ Why is it needed? You may need to prepare a business case for the new system if some-
one has not already done so. The business case contains the financial justification for
the new system, including the cost, tangible benefits, intangible benefits, risk, and alter-
natives. You must be sure that you clearly understand the motivation for the new sys-
tem. The business case will give you insight into what stakeholders expect, roughly in-
dicate the scope, and may even provide information for seeding your models. For a com-
mercial product, you should estimate the number of units that can be sold and determine
a reasonable selling price; the revenue must cover costs and a profit.
■ How will it work? You should brainstorm about the feasibility of the problem. For large
systems you should consider the merits of different architectures. The purpose of this
speculation is not to choose a solution, but to increase confidence that the problem can
be solved reasonably. You might need some prototyping and experimentation.

11.2.1 The ATM Case Study

Figure 11.1 lists our original system concept for an Automated Teller Machine (ATM). We
ask high-level questions to elaborate the initial concept.

Develop software so that customers can access a bank’s computers and carry out their own
financial transactions without the mediation of a bank employee.

Figure 11.1 System concept for an automated teller machine

■ Who is the application for? A number of companies provide ATM products. Conse-
quently, only a vendor or a large financial company could possibly justify the cost and
effort of building ATM software.
A vendor would be competing for customers in an established market. A large ven-
dor could certainly enter such a market, but might find it advantageous to partner with
or acquire an existing supplier. A small vendor would need some special feature to dif-
ferentiate itself from the crowd and attract attention.
It is unlikely that a financial company could justify developing ATM software just
for its own use, because it would probably be more expensive than purchasing a product.
If a financial company wanted special features, it could partner with a vendor. Or it
might decide to create a separate organization that would build the software, sell it to
the sponsoring company, and then market it to others.
176 Chapter 11 / System Conception

For the ATM case study, we will assume that we are a vendor building the software.
We will assume that we are developing an ordinary product, since deep complexities of
the ATM problem domain are beyond the scope of this book.
■ What problems will it solve? The ATM software is intended to serve both the bank and
the customer. For the bank, ATM software increases automation and reduces manual
handling of routine paperwork. For the customer, the ATM is ubiquitous and always
available, handling routine transactions whenever and wherever the customer desires.
ATM software must be easy to use and convenient so that customers will use it in pref-
erence to bank tellers. It must be reliable and secure since it will be handling money.
■ Where will it be used? ATM software has become essential to financial institutions.
Customers take it for granted that a bank will have an ATM machine. ATM machines
are available at many stores, sporting events, and other locations throughout the world.
■ When is it needed? Any software development effort is a financial proposition. The in-
vestment in development ultimately leads to a revenue stream. From an economic per-
spective, it is desirable to minimize the investment, maximize the revenue, and realize
revenue as soon as possible. Thoughtful modeling and OO techniques are conducive to
this goal.
■ Why is it needed? There are many reasons why a vendor might decide to build a soft-
ware product. If other companies are making money with similar products, there is an
economic incentive to participate. A novel product could outflank competitors and lead
to premium pricing. Businesses commission internal efforts for technology that is diffi-
cult to buy and critical to them. We have no real motivation to develop ATM software,
other than to demonstrate the techniques in this book.
■ How will it work? We will adopt a three-tier architecture to separate the user interface
from programming logic, and programming logic from the database. In reality, the ar-
chitecture is n-tier, because there can be any number of intermediate programming lev-
els communicating with each other. We will discuss architecture further in the System
Design chapter.

11.3 Preparing a Problem Statement

Once you have fleshed out the raw idea by answering the high-level questions, you are ready
to write a requirements statement that outlines the goals and general approach of the desired
system.
Throughout development, you should distinguish among requirements, design, and im-
plementation. Requirements describe how a system behaves from the user’s point of view.
The system is considered as a black box—all we care about is its external behavior. For ex-
ample, some requirements for a car are that when you press on the accelerator pedal, the car
goes faster, and when you step on the brake, the car slows down. Design decisions are engi-
neering choices that provide the behavior specified by the requirements. For example, some
design decisions are how the internal linkages are routed, how the engine is controlled, and
11.3 Preparing a Problem Statement 177

what kinds of brake pads are on the wheels. Implementation deals with the ultimate realiza-
tion in programming code.
Frequently customers mix true requirements with design decisions. Usually this is a bad
idea. If you separate requirements from design decisions, you preserve the freedom to
change a design. Typically there are many possible ways to design a system, and you should
defer a solution until you fully understand a problem.
A system concept document may include an example implementation. The purpose of
the example is to show how the system could be implemented using current technology at a
reasonable cost. It is a “proof of existence” statement. However, make it clear that the sample
implementation could be done differently in the final system. The sample implementation is
merely proposed as a possibility.
For example, when the Apollo program to put a man on the moon in the 1960s was first
proposed, the plan was to place a rocket in earth orbit, then launch a landing vehicle directly
to the moon’s surface. In the final successful program, the rocket was launched directly into
a lunar orbit, from which the lander was launched to the moon’s surface. It was not a bad thing
to make the first proposal, however, as this gave confidence that there was a feasible approach.
As Figure 11.2 shows, the problem statement should state what is to be done and not
how it is to be implemented. It should be a statement of needs, not a proposal for a system
architecture. The requestor should avoid describing system internals, as this restricts devel-
opment flexibility. Performance specifications and protocols for interaction with external
systems are legitimate requirements. Software engineering standards, such as modular con-
struction, design for testability, and provision for future extensions, are also proper.

Requirements Design Implementation

Statement ■ General approach ■ Platforms
■ Problem scope ■ Algorithms ■ Hardware specs
■ What is needed ■ Data structures ■ Software libraries
■ Application context ■ Architecture ■ Interface standards
■ Assumptions ■ Optimizations
■ Performance needs ■ Capacity planning

Figure 11.2 Kinds of requirements. Do not make early design and implementation
decisions or you will compromise development.

A problem statement may have more or less detail. A requirement for a conventional
product, such as a payroll program or a billing system, may have considerable detail. A re-
quirement for a research effort in a new area may lack details, but presumably the research
has some objective that should be clearly stated.
Most problem statements are ambiguous, incomplete, or even inconsistent. Some re-
quirements are just plain wrong. Some requirements, although precisely stated, have un-
pleasant consequences on the system behavior or impose unreasonable implementation
costs. Some requirements do not work out as well as the requestor thought. The problem
178 Chapter 11 / System Conception

statement is just a starting point for understanding the problem, not an immutable document.
The purpose of the subsequent analysis (next chapter) is to fully understand the problem and
its implications. There is no reason to expect that a problem statement prepared without a
full analysis will be correct.

11.3.1 The ATM Case Study

Figure 11.3 shows a problem statement for an automated teller machine (ATM) network.

Cashier
Station

ATM Account
Bank
Computer
Account
ATM Central
Computer
Account
Bank
Computer
ATM Account

Figure 11.3 ATM network. The ATM case study threads throughout the
remainder of this book.

Design the software to support a computerized banking network including both human cash-
iers and automatic teller machines (ATMs) to be shared by a consortium of banks. Each bank
provides its own computer to maintain its own accounts and process transactions against
them. Cashier stations are owned by individual banks and communicate directly with their
own bank’s computers. Human cashiers enter account and transaction data.
Automatic teller machines communicate with a central computer that clears transac-
tions with the appropriate banks. An automatic teller machine accepts a cash card, interacts
with the user, communicates with the central system to carry out the transaction, dispenses
cash, and prints receipts. The system requires appropriate recordkeeping and security provi-
sions. The system must handle concurrent accesses to the same account correctly.
The banks will provide their own software for their own computers; you are to design
the software for the ATMs and the network. The cost of the shared system will be appor-
tioned to the banks according to the number of customers with cash cards.

11.4 Chapter Summary

The first stage of a project is to devise a new idea. The idea can involve a new system or an
improvement to an existing system. Before investing time and money into development, it is
Exercises 179

necessary to evaluate the feasibility of the system, the difficulty and risk of developing it, the
demand for the system, and the cost-benefit ratio. This process should consider the view-
points of all the stakeholders of the system and should make the trade-offs necessary to pro-
vide a good chance of success, not just technical success, but also business success. This
process usually results in some adjustments to the original idea. When the system conception
stage is complete, write a problem statement that serves as the starting point for analysis. The
problem statement need not be complete, and it will change during development, but the
writing of the statement helps to focus the attention of the project.

business case problem statement

cost-benefit trade-off requirement
design decision stakeholder
implementation constraint system conception

Figure 11.4 Key concepts for Chapter 11

Exercises
11.1 (3) Consider a new antilock braking system for crash avoidance in an automobile. Elaborate the
following high-level questions and explain your answers.
a. Who is the application for? Who are the stakeholders? Estimate how many persons in your
country are potential customers.
b. Identify three features that should be included and three features that should be omitted.
c. Identify three systems with which it must work.
d. What are two of the largest risks?
11.2 (3) Repeat Exercise 11.1 for software that supports Internet selling of books.
11.3 (3) Repeat Exercise 11.1 for software that supports the remodeling of kitchens.
11.4 (3) Repeat Exercise 11.1 for an online auction system.
11.5 (4) Prepare a problem statement, similar to that for the ATM system, for each of the following
systems. You may limit the scope of the system, but be precise and avoid making implementa-
tion decisions. Use 75–150 words per specification.
a. bridge player
b. change-making machine
c. car cruise control
d. electronic typewriter
e. spelling checker
f. telephone answering machine
11.6 (3) Rephrase the following requirements to make them more precise. Remove any design deci-
sions posing as requirements:
a. A system to transfer data from one computer to another over a telecommunication line. The
system should transmit data reliably over noisy channels. Data must not be lost if the receiv-
180 Chapter 11 / System Conception

ing end cannot keep up or if the line drops out. Data should be transmitted in packets, using
a master–slave protocol in which the receiving end acknowledges or negatively acknowl-
edges all exchanges.
b. A system for automating the production of complex machined parts. The parts will be de-
signed using a three–dimensional drafting editor that is part of the system. The system will
produce tapes that can be used by numerical control (N/C) machines to actually produce the
parts.
c. A desktop publishing system, based on a what-you-see-is-what-you-get philosophy. The
system will support text and graphics. Graphics include lines, squares, rectangles, polygons,
circles, and ellipses. Internally, a circle is represented as a special case of an ellipse and a
square as a special case of a rectangle. The system should support interactive, graphical ed-
iting of documents.
d. A system for generating nonsense. The input is a sample document. The output is random
text that mimics the input text by imitating the frequencies of combinations of letters of the
input. The user specifies the order of the imitation and the length of the desired output. For
order N, every output sequence of N characters is found in the input and at approximately
the same frequency. As the order increases, the style of the output more closely matches the
input.
The system should generate its output with the following method: Select a position at ran-
dom in the document being imitated. Scan forward in the input text until a sequence of char-
acters is found that exactly matches the last N − 1 characters of the output. If you reach the
end of the input, continue scanning from the beginning. When a match is found, copy the
letter that follows the matched sequence from the input to the output. Repeat until the desired
amount of text is generated.
e. A system for distributing electronic mail over a network. Each user of the system should be
able to send mail from any computer account and receive mail on one designated account.
There should be provisions for answering or forwarding mail, as well as saving messages in
files or printing them. Also, users should be able to send messages to several other users at
once through distribution lists. Each computer on the net should hold any messages destined
for computers that are down.
12
Domain Analysis

Domain analysis, the next stage of development, is concerned with devising a precise, con-
cise, understandable, and correct model of the real world. Before building anything complex,
the builder must understand the requirements. Requirements can be stated in words, but these
are often imprecise and ambiguous. During analysis, we build models and begin to under-
stand the requirements deeply.
To build a domain model, you must interview business experts, examine requirements
statements, and scrutinize related artifacts. You must analyze the implications of the require-
ments and restate them rigorously. It is important to abstract important features first and de-
fer small details until later. The successful analysis model states what must be done, without
restricting how it is done, and avoids implementation decisions.
In this chapter you will learn how to take OO concepts and apply them to construct a
domain model. The model serves several purposes: It clarifies the requirements, it provides
a basis for agreement between the stakeholders and the developers, and it becomes the start-
ing point for design and implementation.

12.1 Overview of Analysis

As Figure 12.1 shows, analysis begins with a problem statement generated during system
conception. The statement may be incomplete or informal; analysis makes it more precise
and exposes ambiguities and inconsistencies. The problem statement should not be taken as
immutable but should serve as a basis for refining the real requirements.
Next, you must understand the real-world system described by the problem statement,
and abstract its essential features into a model. Statements in natural language are often am-
biguous, incomplete, and inconsistent. The analysis model is a precise, concise representa-
tion of the problem that permits answering questions and building a solution. Subsequent
design steps refer to the analysis model, rather than the original vague problem statement.

181
182 Chapter 12 / Domain Analysis

Users
Generate
Developers
requests System Conception
Managers

Problem
Statement
User interviews

Domain knowledge Analysis:

Build Domain Analysis
models
Real-world experience Application Analysis
Related systems
Class Model
State Model
Interaction Model

Design
Figure 12.1 Overview of analysis. The problem statement should not be taken as im-
mutable, but rather as a basis for refining the requirements.

Perhaps even more important, the process of constructing a rigorous model of the problem
domain forces the developer to confront misunderstandings early in the development process
while they are still easy to correct.
The analysis model addresses the three aspects of objects: static structure of objects
(class model), interactions among objects (interaction model), and life-cycle histories of ob-
jects (state model). All three submodels are not equally important in every problem. Almost
all problems have useful class models derived from real-world entities. Problems concerning
reactive control and timing, such as user interfaces and process control, have important state
models. Problems containing significant computation as well as systems that interact with
other systems and different kinds of users have important interaction models.
Analysis is not a mechanical process. The exact representations involve judgment and
in many regards are a matter of art. Most problem statements lack essential information,
which must be obtained from the requestor or from the analyst’s knowledge of the real-world
problem domain. Also there is a choice in the level of abstraction for the model. The analyst
must communicate with the requestor to clarify ambiguities and misconceptions. The anal-
ysis models enable precise communication.
We have divided analysis into two substages. The first, domain analysis, is covered in
this chapter and focuses on understanding the real-world essence of a problem. The second,
application analysis, is covered in the next chapter and builds on the domain model—incor-
porating major application artifacts that are seen by users and must be approved by them.
12.2 Domain Class Model 183

12.2 Domain Class Model

The first step in analyzing the requirements is to construct a domain model. The domain
model shows the static structure of the real-world system and organizes it into workable piec-
es. The domain model describes real-world classes and their relationships to each other. Dur-
ing analysis, the class model precedes the state and interaction models because static
structure tends to be better defined, less dependent on application details, and more stable as
the solution evolves. Information for the domain model comes from the problem statement,
artifacts from related systems, expert knowledge of the application domain, and general
knowledge of the real world. Make sure you consider all information that is available and do
not rely on a single source.
Find classes and associations first, as they provide the overall structure and approach to
the problem. Next add attributes to describe the basic network of classes and associations.
Then combine and organize classes using inheritance. Attempts to specify inheritance direct-
ly without first understanding classes and their attributes can distort the class structure to
match preconceived notions. Operations are usually unimportant in a domain model. The
main purpose of a domain model is to capture the information content of a domain.
It is best to get ideas down on paper before trying to organize them too much, even
though they may be redundant and inconsistent, so as not to lose important details. An initial
analysis model is likely to contain flaws that must be corrected by later iterations. The entire
model need not be constructed uniformly. Some aspects of the problem can be analyzed in
depth through several iterations while other aspects are still sketchy.
You must perform the following steps to construct a domain class model.
■ Find classes. [12.2.1–12.2.2]
■ Prepare a data dictionary. [12.2.3]
■ Find associations. [12.2.4–12.2.5]
■ Find attributes of objects and links. [12.2.6–12.2.7]
■ Organize and simplify classes using inheritance. [12.2.8]
■ Verify that access paths exist for likely queries. [12.2.9]
■ Iterate and refine the model. [12.2.10]
■ Reconsider the level of abstraction. [12.2.11]
■ Group classes into packages. [12.2.12]

12.2.1 Finding Classes

The first step in constructing a class model is to find relevant classes for objects from the ap-
plication domain. Objects include physical entities, such as houses, persons, and machines,
as well as concepts, such as trajectories, seating assignments, and payment schedules. All
classes must make sense in the application domain; avoid computer implementation con-
structs, such as linked lists and subroutines. Not all classes are explicit in the problem state-
ment; some are implicit in the application domain or general knowledge.
184 Chapter 12 / Domain Analysis

As Figure 12.2 shows, begin by listing candidate classes found in the written description
of the problem. Don’t be too selective; write down every class that comes to mind. Classes
often correspond to nouns. For example, in the statement “a reservation system to sell tickets
to performances at various theaters” tentative classes would be Reservation, System, Ticket,
Performance, and Theater. Don’t operate blindly, however. The idea to is capture concepts;
not all nouns are concepts, and concepts are also expressed in other parts of speech.

Requirements Tentative Eliminate Classes

Extract nouns spurious classes
sources classes

Figure 12.2 Finding classes. You can find many classes by considering nouns.

Don’t worry much about inheritance or high-level classes; first get specific classes right
so that you don’t subconsciously suppress detail in an attempt to fit a preconceived struc-
ture. For example, if you are building a cataloging and checkout system for a library, iden-
tify different kinds of materials, such as books, magazines, newspapers, records, videos,
and so on. You can organize them into broad categories later, by looking for similarities and
differences.
ATM example. Examination of the concepts in the ATM problem statement from Chap-
ter 11 yields the tentative classes shown in Figure 12.3. Figure 12.4 shows additional classes
that do not appear directly in the statement but can be identified from our knowledge of the
problem domain.

Software Banking Cashier ATM Consortium Bank

Network
network

Bank Account Transaction Cashier Account Transaction

Computer Station Data Data

Central Cash User Cash Receipt System

Computer Card
network

Recordkeeping Security Access Cost Customer

Provision Provision

Figure 12.3 ATM classes extracted from problem statement nouns

Communications Transaction
Line Log

Figure 12.4 ATM classes identified from knowledge of problem domain

12.2 Domain Class Model 185

12.2.2 Keeping the Right Classes

Now discard unnecessary and incorrect classes according to the following criteria. Figure
12.5 shows the classes eliminated from the ATM example.

Bad Classes

vague attribute irrelevant

Account Receipt Cost
System Data
Security Cash
Provision implementation
Transaction
Recordkeeping Data Transaction Access
Provision Log
Software
Banking redundant
Network Communications
User Line

Good Classes
Account ATM Bank Bank Cash Cashier
Computer Card

Cashier Central Consortium Customer Transaction

Station Computer

Figure 12.5 Eliminating unnecessary classes from ATM problem

■ Redundant classes. If two classes express the same concept, you should keep the most
descriptive name. For example, although Customer might describe a person taking an
airline flight, Passenger is more descriptive. On the other hand, if the problem concerns
contracts for a charter airline, Customer is also an appropriate word, since a contract
might involve several passengers.
ATM example. Customer and User are redundant; we retain Customer because it
is more descriptive.
■ Irrelevant classes. If a class has little or nothing to do with the problem, eliminate it.
This involves judgment, because in another context the class could be important. For ex-
ample, in a theater ticket reservation system, the occupations of the ticket holders are
irrelevant, but the occupations of the theater personnel may be important.
ATM example. Apportioning Cost is outside the scope of the ATM software.
■ Vague classes. A class should be specific. Some tentative classes may have ill-defined
boundaries or be too broad in scope.
186 Chapter 12 / Domain Analysis

ATM example. RecordkeepingProvision is vague and is handled by Transaction.

In other applications, this might be included in other classes, such as StockSales, Tele-
phoneCalls, or MachineFailures.
■ Attributes. Names that primarily describe individual objects should be restated as at-
tributes. For example, name, birthdate, and weight are usually attributes. If the indepen-
dent existence of a property is important, then make it a class and not an attribute. For
example, an employee’s office would be a class in an application to reassign offices af-
ter a reorganization.
ATM example. AccountData is underspecified but in any case probably describes
an account. An ATM dispenses cash and receipts, but beyond that cash and receipts are
peripheral to the problem, so they should be treated as attributes.
■ Operations. If a name describes an operation that is applied to objects and not manip-
ulated in its own right, then it is not a class. For example, a telephone call is a sequence
of actions involving a caller and the telephone network. If we are simply building tele-
phones, then Call is part of the state model and not a class.
An operation that has features of its own should be modeled as a class, however.
For example, in a billing system for telephone calls a Call would be an important class
with attributes such as date, time, origin, and destination.
■ Roles. The name of a class should reflect its intrinsic nature and not a role that it plays
in an association. For example, Owner would be a poor name for a class in a car manu-
facturer’s database. What if a list of drivers is added later? What about persons who
lease cars? The proper class is Person (or possibly Customer), which assumes various
different roles, such as owner, driver, and lessee.
One physical entity sometimes corresponds to several classes. For example, Person
and Employee may be distinct classes in some circumstances and redundant in others.
From the viewpoint of a company database of employees, the two may be identical. In
a government tax database, a person may hold more than one job, so it is important to
distinguish Person from Employee; each person can correspond to zero or more instanc-
es of employee information.
■ Implementation constructs. Eliminate constructs from the analysis model that are ex-
traneous to the real world. You may need them later during design, but not now. For ex-
ample, CPU, subroutine, process, algorithm, and interrupt are implementation con-
structs for most applications, although they are legitimate classes for an operating sys-
tem. Data structures, such as linked lists, trees, arrays, and tables, are almost always
implementation constructs.
ATM example. Some tentative classes are really implementation constructs.
TransactionLog is simply the set of transactions; its exact representation is a design is-
sue. Communication links can be shown as associations; CommunicationsLine is simply
the physical implementation of such a link.
■ Derived classes. As a general rule, omit classes that can be derived from other classes.
If a derived class is especially important, you can include it, but do so only sparingly.
Mark all derived classes with a preceding slash (‘/’) in the class name.
12.2 Domain Class Model 187

12.2.3 Preparing a Data Dictionary

Isolated words have too many interpretations, so prepare a data dictionary for all modeling
elements. Write a paragraph precisely describing each class. Describe the scope of the class
within the current problem, including any assumptions or restrictions on its use. The data
dictionary also describes associations, attributes, operations, and enumeration values. Figure
12.6 shows a data dictionary for the classes in the ATM problem.

12.2.4 Finding Associations

Next, find associations between classes. A structural relationship between two or more class-
es is an association. A reference from one class to another is an association. As we discussed
in Chapter 3, attributes should not refer to classes; use an association instead. For example,
class Person should not have an attribute employer; relate class Person and class Company
with association WorksFor. Associations show relationships between classes at the same lev-
el of abstraction as the classes themselves, while object-valued attributes hide dependencies
and obscure their two-way nature. Associations can be implemented in various ways, but
such implementation decisions should be kept out of the analysis model to preserve design
freedom.
Associations often correspond to stative verbs or verb phrases. These include physical
location (NextTo, PartOf, ContainedIn), directed actions (Drives), communication (TalksTo),
ownership (Has, PartOf), or satisfaction of some condition (WorksFor, MarriedTo, Manag-
es). Extract all the candidates from the problem statement and get them down on paper first;
don’t try to refine things too early. Again, don’t treat grammatical forms blindly; the idea is
to capture relationships, however they are expressed in natural language.
ATM example. Figure 12.7 shows associations. The majority are taken directly from
verb phrases in the problem statement. For some associations the verb phrase is implicit in
the statement. Finally, some associations depend on real-world knowledge or assumptions.
These must be verified with the requestor, as they are not in the problem statement.

12.2.5 Keeping the Right Associations

Now discard unnecessary and incorrect associations, using the following criteria.
■ Associations between eliminated classes. If you have eliminated one of the classes
in the association, you must eliminate the association or restate it in terms of other
classes.
ATM example. We can eliminate Banking network includes cashier stations and
ATMs, ATM dispenses cash, ATM prints receipts, Banks provide software, Cost appor-
tioned to banks, System provides recordkeeping, and System provides security.
■ Irrelevant or implementation associations. Eliminate any associations that are out-
side the problem domain or deal with implementation constructs.
ATM example. For example, System handles concurrent access is an implementa-
tion concept. Real-world objects are inherently concurrent; it is the implementation of
the access algorithm that must be concurrent.
188 Chapter 12 / Domain Analysis

Account—a single account at a bank against which transactions can be applied. Ac-
counts may be of various types, such as checking or savings. A customer can hold
more than one account.
ATM—a station that allows customers to enter their own transactions using cash
cards as identification. The ATM interacts with the customer to gather transaction in-
formation, sends the transaction information to the central computer for validation
and processing, and dispenses cash to the user. We assume that an ATM need not
operate independently of the network.
Bank—a financial institution that holds accounts for customers and issues cash
cards authorizing access to accounts over the ATM network.
BankComputer—the computer owned by a bank that interfaces with the ATM net-
work and the bank’s own cashier stations. A bank may have its own internal comput-
ers to process accounts, but we are concerned only with the one that talks to the ATM
network.
CashCard—a card assigned to a bank customer that authorizes access of accounts
using an ATM machine. Each card contains a bank code and a card number. The
bank code uniquely identifies the bank within the consortium. The card number de-
termines the accounts that the card can access. A card does not necessarily access
all of a customer’s accounts. Each cash card is owned by a single customer, but mul-
tiple copies of it may exist, so the possibility of simultaneous use of the same card
from different machines must be considered.
Cashier—an employee of a bank who is authorized to enter transactions into cashier
stations and accept and dispense cash and checks to customers. Transactions,
cash, and checks handled by each cashier must be logged and properly accounted
for.
CashierStation—a station on which cashiers enter transactions for customers.
Cashiers dispense and accept cash and checks; the station prints receipts. The cash-
ier station communicates with the bank computer to validate and process the trans-
actions.
CentralComputer—a computer operated by the consortium that dispatches transac-
tions between the ATMs and the bank computers. The central computer validates
bank codes but does not process transactions directly.
Consortium—an organization of banks that commissions and operates the ATM net-
work. The network handles transactions only for banks in the consortium.
Customer—the holder of one or more accounts in a bank. A customer can consist of
one or more persons or corporations; the correspondence is not relevant to this prob-
lem. The same person holding an account at a different bank is considered a different
customer.
Transaction—a single integral request for operations on the accounts of a single
customer. We specified only that ATMs must dispense cash, but we should not pre-
clude the possibility of printing checks or accepting cash or checks. We may also
want to provide the flexibility to operate on accounts of different customers, although
it is not required yet.

Figure 12.6 Data dictionary for ATM classes. Prepare a data dictionary
for all modeling elements.
12.2 Domain Class Model 189

Verb phrases
Banking network includes cashier stations and ATMs
Consortium shares ATMs
Bank provides bank computer
Bank computer maintains accounts
Bank computer processes transaction against account
Bank owns cashier station
Cashier station communicates with bank computer
Cashier enters transaction for account
ATMs communicate with central computer about transaction
Central computer clears transaction with bank
ATM accepts cash card
ATM interacts with user
ATM dispenses cash
ATM prints receipts
System handles concurrent access
Banks provide software
Cost apportioned to banks
Implicit verb phrases
Consortium consists of banks
Bank holds account
Consortium owns central computer
System provides recordkeeping
System provides security
Customers have cash cards
Knowledge of problem domain
Cash card accesses accounts
Bank employs cashiers

Figure 12.7 Associations from ATM problem statement

■ Actions. An association should describe a structural property of the application domain,

not a transient event. Sometimes, a requirement expressed as an action implies an un-
derlying structural relationship and you should rephrase it accordingly.
ATM example. ATM accepts cash card describes part of the interaction cycle be-
tween an ATM and a customer, not a permanent relationship between ATMs and cash
cards. We can also eliminate ATM interacts with user. Central computer clears transac-
tion with bank describes an action that implies the structural relationship Central com-
puter communicates with bank.
■ Ternary associations. You can decompose most associations among three or more
classes into binary associations or phrase them as qualified associations. If a term in a
ternary association is purely descriptive and has no identity of its own, then the term is
an attribute on a binary association. Association Company pays salary to person can be
rephrased as binary association Company employs person with a salary value for each
Company-Person link.
Occasionally, an application will require a general ternary association. Professor
teaches course in room cannot be decomposed without losing information. We have not
encountered associations with four or more classes in our work.
190 Chapter 12 / Domain Analysis

ATM example. Bank computer processes transaction against account can be bro-
ken into Bank computer processes transaction and Transaction concerns account. Cash-
ier enters transaction for account can be broken similarly. ATMs communicate with cen-
tral computer about transaction is really the binary associations ATMs communicate
with central computer and Transaction entered on ATM.
■ Derived associations. Omit associations that can be defined in terms of other associa-
tions, because they are redundant. For example, GrandparentOf can be defined in terms
of a pair of ParentOf associations. Also omit associations defined by conditions on at-
tributes. For example, youngerThan expresses a condition on the birth dates of two per-
sons, not additional information.
As much as possible, classes, attributes, and associations in the class model should
represent independent information. Multiple paths between classes sometimes indicate
derived associations that are compositions of primitive associations. Consortium shares
ATMs is a composition of the associations Consortium owns central computer and Cen-
tral computer communicates with ATMs.
Be careful, because not all associations that form multiple paths between classes in-
dicate redundancy. Sometimes the existence of an association can be derived from two
or more primitive associations and the multiplicity can not. Keep the extra association
if the additional multiplicity constraint is important. For example, in Figure 12.8 a com-
pany employs many persons and owns many computers. Each employee is assigned
zero or more computers for the employee’s personal use; some computers are for public
use and are not assigned to anyone. The multiplicity of the AssignedTo association can-
not be deduced from the Employs and Owns associations.

Employs
Company Person
1 *
1 0..1

Owns * Computer * AssignedTo

Figure 12.8 Nonredundant associations. Not all associations that form

multiple paths between classes indicate redundancy.

Although derived associations do not add information, they are useful in the real
world and in design. For example, kinship relationships such as Uncle, MotherInLaw,
and Cousin have names because they describe common relationships considered impor-
tant within our society. If they are especially important, you may show derived associ-
ations in class diagrams, but put a slash in front of their names to indicate their depen-
dent status and to distinguish them from fundamental associations.
Further specify the semantics of associations as follows:
■ Misnamed associations. Don’t say how or why a situation came about, say what it is.
Names are important to understanding and should be chosen with great care.
12.2 Domain Class Model 191

ATM example. Bank computer maintains accounts is a statement of action; re-

phrase as Bank holds account.
■ Association end names. Add association end names where appropriate. For example,
in the WorksFor association a Company is an employer with respect to a Person and a
Person is an employee with respect to a Company. If there is only one association be-
tween a pair of classes and the meaning of the association is clear, you may omit asso-
ciation end names. For example, the meaning of ATMs communicate with central com-
puter is clear from the class names. An association between two instances of the same
class requires association end names to distinguish the instances. For example, the as-
sociation Person manages person would have the end names boss and worker.
■ Qualified associations. Usually a name identifies an object within some context; most
names are not globally unique. The context combines with the name to uniquely identify
the object. For example, the name of a company must be unique within the chartering
state but may be duplicated in other states (there once was a Standard Oil Company in
Ohio, Indiana, California, and New Jersey). The name of a company qualifies the asso-
ciation State charters company; State and company name uniquely identify Company.
A qualifier distinguishes objects on the “many” side of an association.
ATM example. The qualifier bankCode distinguishes the different banks in a con-
sortium. Each cash card needs a bank code so that transactions can be directed to the
appropriate bank.
■ Multiplicity. Specify multiplicity, but don’t put too much effort into getting it right, as
multiplicity often changes during analysis. Challenge multiplicity values of “one.” For
example, the association one Manager manages many employees precludes matrix man-
agement or an employee with divided responsibilities. For multiplicity values of
“many” consider whether a qualifier is needed; also ask if the objects need to be ordered
in some way.
■ Missing associations. Add any missing associations that are discovered.
ATM example. We overlooked Transaction entered on cashier station, Customers
have accounts, and Transaction authorized by cash card. If cashiers are restricted to spe-
cific stations, then the association Cashier authorized on cashier station would be need-
ed.
■ Aggregation. Aggregation is important for certain kinds of applications, especially for
those involving mechanical parts and bills of material. For other applications aggrega-
tion is relatively minor and it can be unclear whether to use aggregation or ordinary as-
sociation. For these other applications, don’t spend much time trying to distinguish be-
tween association and aggregation. Aggregation is just an association with extra conno-
tations. Use whichever seems more natural at the time and move on.
ATM example. We decide that a Bank is a part of a Consortium and indicate the
relationship with aggregation.
ATM example. Figure 12.9 shows a class diagram with the remaining associations. We have
included only significant association names. Note that we have split Transaction into Re-
192 Chapter 12 / Domain Analysis

moteTransaction and CashierTransaction to accommodate different associations. The dia-

gram shows multiplicity values. We could have made some analysis decisions differently.
Don’t worry; there are many possible correct models of a problem. We have shown the anal-
ysis process in small steps; with practice, you can elide several steps together in your mind.

Consortium bankCode
0..1
Bank
1 * Account * 1
Customer
1
1
1 1 1 1 1 * 1

Employs

1 1
Communicates *
Central With Bank
Computer 1 Computer Cashier
*
1 1
1
CommunicatesWith EnteredBy

* * * *
Communicates Cashier EnteredOn Cashier
With Station 1 Transaction
*

*
EnteredOn Remote * *
ATM CashCard
1 Transaction
* * AuthorizedBy 1 *
Figure 12.9 Initial class diagram for ATM system

12.2.6 Finding Attributes

Next find attributes. Attributes are data properties of individual objects, such as weight, ve-
locity, or color. Attribute values should not be objects; use an association to show any rela-
tionship between two objects.
Attributes usually correspond to nouns followed by possessive phrases, such as “the col-
or of the car” or “the position of the cursor.” Adjectives often represent specific enumerated
attribute values, such as red, on, or expired. Unlike classes and associations, attributes are
less likely to be fully described in the problem statement. You must draw on your knowledge
of the application domain and the real world to find them. You can also find attributes in the
artifacts of related systems. Fortunately, attributes seldom affect the basic structure of the
problem.
Do not carry discovery of attributes to excess. Only consider attributes directly relevant
to the application. Get the most important attributes first; you can add fine details later. Dur-
12.2 Domain Class Model 193

ing analysis, avoid attributes that are solely for implementation. Be sure to give each attribute
a meaningful name.
Normally, you should omit derived attributes. For example, age is derived from birth-
date and currentTime (which is a property of the environment). Do not express derived at-
tributes as operations, such as getAge, although you may eventually implement them that
way.
Also look for attributes on associations. Such an attribute is a property of the link be-
tween two objects, rather than being a property of an individual object. For example, the
many-to-many association between Stockholder and Company has an attribute of numberOf-
Shares.

12.2.7 Keeping the Right Attributes

Eliminate unnecessary and incorrect attributes with the following criteria.
■ Objects. If the independent existence of an element is important, rather than just its val-
ue, then it is an object. For example, boss refers to a class and salary is an attribute. The
distinction often depends on the application. For example, in a mailing list city might be
considered as an attribute, while in a census City would be a class with many attributes
and relationships of its own. An element that has features of its own within the given
application is a class.
■ Qualifiers. If the value of an attribute depends on a particular context, then consider re-
stating the attribute as a qualifier. For example, employeeNumber is not a unique prop-
erty of a person with two jobs; it qualifies the association Company employs person.
■ Names. Names are often better modeled as qualifiers rather than attributes. Test: Does the
name select unique objects from a set? Can an object in the set have more than one name?
If so, the name qualifies a qualified association. If a name appears to be unique in the
world, you may have missed the class that is being qualified. For example, department-
Name may be unique within a company, but eventually the program may need to deal with
more than one company. It is better to use a qualified association immediately.
A name is an attribute when its use does not depend on context, especially when it
need not be unique within some set. Names of persons, unlike names of companies, may
be duplicated and are therefore attributes.
■ Identifiers. OO languages incorporate the notion of an object identifier for unambigu-
ously referencing an object. Do not include an attribute whose only purpose is to iden-
tify an object, as object identifiers are implicit in class models. Only list attributes that
exist in the application domain. For example, accountCode is a genuine attribute; Banks
assign accountCodes and customers see them. In contrast, you should not list an internal
transactionID as an attribute, although it may be convenient to generate one during im-
plementation.
■ Attributes on associations. If a value requires the presence of a link, then the property
is an attribute of the association and not of a related class. Attributes are usually obvious
on many-to-many associations; they cannot be attached to either class because of their
194 Chapter 12 / Domain Analysis

multiplicity. For example, in an association between Person and Club the attribute mem-
bershipDate belongs to the association, because a person can belong to many clubs and
a club can have many members. Attributes are more subtle on one-to-many associations
because they could be attached to the “many” class without losing information. Resist
the urge to attach them to classes, as they would be invalid if multiplicity changed. At-
tributes are also subtle on one-to-one associations.
■ Internal values. If an attribute describes the internal state of an object that is invisible
outside the object, then eliminate it from the analysis.
■ Fine detail. Omit minor attributes that are unlikely to affect most operations.
■ Discordant attributes. An attribute that seems completely different from and unrelated
to all other attributes may indicate a class that should be split into two distinct classes.
A class should be simple and coherent. Mixing together distinct classes is one of the ma-
jor causes of troublesome models. Unfocused classes frequently result from premature
consideration of implementation decisions during analysis.
■ Boolean attributes. Reconsider all boolean attributes. Often you can broaden a boolean
attribute and restate it as an enumeration [Coad-95].
ATM example. We apply these criteria to obtain attributes for each class (Figure 12.10).
Some tentative attributes are actually qualifiers on associations. We consider several aspects
of the model.
■ BankCode and cardCode are present on the card. Their format is an implementation de-
tail, but we must add a new association Bank issues CashCard. CardCode is a qualifier
on this association; bankCode is the qualifier of Bank with respect to Consortium.
■ The computers do not have state relevant to this problem. Whether the machine is up or
down is a transient attribute that is part of implementation.
■ Avoid the temptation to omit Consortium, even though it is currently unique. It provides
the context for the bankCode qualifier and may be useful for future expansion.
Keep in mind that the ATM problem is just an example. Real applications, when fleshed out,
tend to have many more attributes per class than Figure 12.10 shows.

12.2.8 Refining with Inheritance

The next step is to organize classes by using inheritance to share common structure. Inheritance
can be added in two directions: by generalizing common aspects of existing classes into a su-
perclass (bottom up) or by specializing existing classes into multiple subclasses (top down).
■ Bottom-up generalization. You can discover inheritance from the bottom up by
searching for classes with similar attributes, associations, and operations. For each gen-
eralization, define a superclass to share common features. You may have to slightly re-
define some attributes or classes to fit in. This is acceptable, but don’t push too hard if
it doesn’t fit; you may have the wrong generalization. Some generalizations will suggest
themselves based on an existing taxonomy in the real world; use existing concepts
whenever possible. Symmetry will suggest missing classes.
12.2 Domain Class Model 195

1 Issues
card
Code
account
Consortium bank
Code Bank Code 1 0..1 Account Customer
0..1
1
1 balance * 1
name
name employee
1 Code creditLimit address
station type
Code 1 1
1 Employs 1 1 *

1 1 0..1
Central Bank Cashier
bank 1 0..1
Computer Code Computer
name
station Communicates station 1
Code With Code
EnteredBy
1 1
CommunicatesWith
* *
0..1 0..1 CashierTransaction
Communicates CashierStation EnteredOn kind
With 1 * dateTime
amount
0..1
ATM EnteredOn RemoteTransaction
*
*
cashOnHand 1 * kind 1 CashCard
dateTime * *
amount AuthorizedBy password
0..1

Figure 12.10 ATM class model with attributes

ATM example. RemoteTransaction and CashierTransaction are similar, except in

their initiation, and can be generalized by Transaction. On the other hand, CentralCom-
puter and BankComputer have little in common for purposes of the ATM example.
■ Top-down specialization. Top-down specializations are often apparent from the appli-
cation domain. Look for noun phrases composed of various adjectives on the class
name: fluorescent lamp, incandescent lamp; fixed menu, pop-up menu, sliding menu.
Avoid excessive refinement. If proposed specializations are incompatible with an exist-
ing class, the existing class may be improperly formulated.
■ Generalization vs. enumeration. Enumerated subcases in the application domain are
the most frequent source of specializations. Often, it is sufficient to note that a set of
enumerated subcases exists, without actually listing them. For example, an ATM ac-
count could be refined into CheckingAccount and SavingsAccount. While undoubtedly
useful in some banking applications, this distinction does not affect behavior within the
ATM application; type can be made a simple attribute of Account.
196 Chapter 12 / Domain Analysis

■ Multiple inheritance. You can use multiple inheritance to increase sharing, but only if
necessary, because it increases both conceptual and implementation complexity.
■ Similar associations. When the same association name appears more than once with
substantially the same meaning, try to generalize the associated classes. Sometimes the
classes have nothing in common but the association, but more often you will uncover an
underlying generality that you have overlooked.
ATM example. Transaction is entered on both CashierStation and ATM; EntrySta-
tion generalizes CashierStation and ATM.
■ Adjusting the inheritance level. You must assign attributes and associations to specific
classes in the class hierarchy. Assign each one to the most general class for which it is
appropriate. You may need some adjustment to get everything right. Symmetry may
suggest additional attributes to distinguish among subclasses more clearly.
Figure 12.11 shows the ATM class model after adding inheritance.

12.2.9 Testing Access Paths

Trace access paths through the class model to see if they yield sensible results. Where a
unique value is expected, is there a path yielding a unique result? For multiplicity “many” is
there a way to pick out unique values when needed? Think of questions you might like to
ask. Are there useful questions that cannot be answered? They indicate missing information.
If something that seems simple in the real world appears complex in the model, you may
have missed something (but make sure that the complexity is not inherent in the real world).
It can be acceptable to have classes that are “disconnected” from other classes. This usu-
ally occurs when the relationship between a disconnected class and the remainder of the
model is diffuse. However, check disconnected classes to make sure you have not overlooked
any associations.
ATM example. A cash card itself does not uniquely identify an account, so the user
must choose an account somehow. If the user supplies an account type (savings or checking),
each card can access at most one savings and one checking account. This is probably reason-
able, and many cash cards actually work this way, but it limits the system. The alternative is
to require customers to remember account numbers. If a cash card accesses a single account,
then transfers between accounts are impossible.
We have assumed that the ATM network serves a single consortium of banks. Real cash
machines today often serve overlapping networks of banks and accept credit cards as well as
cash cards. The model would have to be extended to handle that situation. We will assume
that the customer is satisfied with this limitation on the system.

12.2.10 Iterating a Class Model

A class model is rarely correct after a single pass. The entire software development process
is one of continual iteration; different parts of a model are often at different stages of com-
pletion. If you find a deficiency, go back to an earlier stage if necessary to correct it. Some
refinements can come only after completing the state and interaction models.
There are several signs of missing classes.
12.2 Domain Class Model 197

EntryStation Transaction
1 EnteredOn * kind
dateTime
amount *

ATM CashierStation 0..1

cashOnHand
0..1 Cashier Remote
0..1
Transaction Transaction
CommunicatesWith CommunicatesWith
* *
EnteredBy
1 1
1
stationCode stationCode
Cashier
Central 1 0..1 Bank
Computer bankCode Computer AuthorizedBy
name
Communicates 0..1
1 With 1
Employs
1
Issues 0..1
CashCard
Customer password
1 1 *
station
name *
Code address
1 1 employee 1 1
Bank Code
Consortium
bankCode name card
1 0..1 Code 1 *
account Account *
Code
1 0..1 balance
creditLimit 1
type

Figure 12.11 ATM class model with attributes and inheritance

■ Asymmetries in associations and generalizations. Add new classes by analogy.

■ Disparate attributes and operations on a class. Split a class so that each part is coher-
ent.
■ Difficulty in generalizing cleanly. One class may be playing two roles. Split it up and
one part may then fit in cleanly.
■ Duplicate associations with the same name and purpose. Generalize to create the
missing superclass that unites them.
■ A role that substantially shapes the semantics of a class. Maybe it should be a sepa-
rate class. This often means converting an association into a class. For example, a person
198 Chapter 12 / Domain Analysis

can be employed by several companies with different conditions of employment at each;

Employee is then a class denoting a person working for a particular company, in addition
to class Person and Company.
Also look out for missing associations.
■ Missing access paths for operations. Add new associations so that you can answer
queries.
Another concern is superfluous model elements.
■ Lack of attributes, operations, and associations on a class. Why is the class needed?
Avoid inventing subclasses merely to indicate an enumeration. If proposed subclasses
are otherwise identical, mark the distinction using an attribute.
■ Redundant information. Remove associations that do not add new information or
mark them as derived.
And finally you may adjust the placement of attributes and associations.
■ Association end names that are too broad or too narrow for their classes. Move the
association up or down in the class hierarchy.
■ Need to access an object by one of its attribute values. Consider a qualified associa-
tion.
In practice, model building is not as rigidly ordered as we have shown. You can combine sev-
eral steps, once you are experienced. For example, you can find candidate classes, reject the
incorrect ones without writing them down, and add them to the class diagram together with
their associations. You can take some parts of the model through several steps and develop
them in some detail, while other parts are still sketchy. You can interchange the order of steps
when appropriate. If you are just learning class modeling, however, we recommend that you
follow the steps in full detail the first few times.
ATM example. CashCard really has a split personality—it is both an authorization unit
within the bank allowing access to the customer’s accounts and also a piece of plastic data that
the ATM reads to obtain coded IDs. In this case, the codes are actually part of the real world,
not just computer artifacts; the codes, not the cash card, are communicated to the central com-
puter. We should split cash card into two classes: CardAuthorization, an access right to one
or more customer accounts; and CashCard, a piece of plastic that contains a bank code and a
cash card number meaningful to the bank. Each card authorization may have several cash
cards, each containing a serial number for security reasons. The card code, present on the
physical card, identifies the card authorization within the bank. Each card authorization iden-
tifies one or more accounts—for example, one checking account and one savings account.
Transaction is not general enough to permit transfers between accounts because it con-
cerns only a single account. In general, a Transaction consists of one or more updates on in-
dividual accounts. An update is a single action (withdrawal, deposit, or query) on a single
account. All updates in a single transaction must be processed together as an atomic unit; if
any one fails, then they all are canceled.
The distinction between Bank and BankComputer and between Consortium and Cen-
tralComputer doesn’t seem to affect the analysis. The fact that communications are pro-
12.2 Domain Class Model 199

cessed by computers is actually an implementation artifact. Merge BankComputer into Bank

and CentralComputer into Consortium.
Customer doesn’t seem to enter into the analysis so far. However, when we consider op-
erations to open new accounts, it may be an important concept, so leave it alone for now.
Figure 12.12 shows a revised class diagram that is simpler and cleaner.

Transaction
EnteredOn * 1
dateTime
*
Update
1
amount
EntryStation Cashier Remote kind
Transaction Transaction
*
* *
EnteredBy
ATM CashierStation 1
AuthorizedBy
cashOnHand
0..1 0..1 Cashier
0..1
name
1
Employs Issues 0..1 Card
1 Authorization
1
station station CashCard password
1
Code Code * 1 limit
1 0..1 employee serialNumber
Consortium bank Bank Code * *
Code
name card 1
Code 1
account Customer
Code 1
Account * name
1 0..1
balance address
creditLimit *
type
1

Figure 12.12 ATM class model after further revision

12.2.11 Shifting the Level of Abstraction

So far in analysis, we have taken the problem statement quite literally. We have regarded
nouns and verbs in the problem description as direct analogs of classes and associations. This
is a good way to begin analysis, but it does not always suffice. Sometimes you must raise the
level of abstraction to solve a problem. You should be doing this throughout as you build a
model, but we put in an explicit step to make sure you do not overlook abstraction.
200 Chapter 12 / Domain Analysis

For example, we encountered one application in which the developers had separate
classes for IndividualContributor, Supervisor, and Manager. IndividualContributors report
to Supervisors and Supervisors report to Managers. This model certainly is correct, but it
suffers from some problems. There is much commonality between the three classes—the
only difference is the reporting hierarchy. For example, they all have phone numbers and ad-
dresses. We could handle the commonality with a superclass, but that only makes the model
larger. An additional problem arose when we talked to the developers and they said they
wanted to add another class for the persons to whom managers reported.
Figure 12.13 shows the original model and an improved model that is more abstract. In-
stead of “hard coding” the management hierarchy in the model, we can “soft code” it with
an association between boss and worker. A person who has an employeeType of “individual-
Contributor” is a worker who reports to another person with an employeeType of “supervi-
sor.” Similarly, a person who is a supervisor reports to a person who is a manager. In the
improved model a worker has an optional boss, because the reporting hierarchy eventually
stops. The improved model is smaller and more flexible. An additional reporting level does
not change the model’s structure; it merely alters the data that is stored.

IndividualContributor
*
1

Supervisor
boss
* Person
1 0..1
employeeType *
Manager / reportingLevel
worker

Original model Improved model that is more abstract

Figure 12.13 Shifting the level of abstraction. Abstraction makes a model more
complex but can increase flexibility and reduce the number of classes.

One way that you can take advantage of abstraction is by thinking in terms of patterns.
Different kinds of patterns apply to the different development stages, but here we are inter-
ested in patterns for analysis. A pattern distills the knowledge of experts and provides a prov-
en solution to a general problem. For example, the right side of Figure 12.13 is a pattern for
modeling a management hierarchy. Whenever we encounter the need for a management hi-
erarchy, we immediately think in terms of the pattern and place it in our application model.
The use of tried and tested patterns gives us the confidence of a sound approach and boosts
our productivity in building models.
ATM example. We have already included some abstractions in the ATM model. We dis-
tinguished between a CashCard and a CardAuthorization. Furthermore, we included the no-
tion of transactions rather than trying to list each possible kind of interaction.
12.3 Domain State Model 201

12.2.12 Grouping Classes into Packages

The last step of class modeling is to group classes into packages. A package is a group of
elements (classes, associations, generalizations, and lesser packages) with a common theme.
Packages organize a model for convenience in drawing, printing, and viewing. Furthermore,
when you place classes and associations in a package, you are making a semantic statement.
Generally speaking, classes in the same package are more closely related than classes in dif-
ferent packages.
Normally you should restrict each association to a single package, but you can repeat
some classes in different packages. To assign classes to packages, look for cut points— a cut
point is a class that is the sole connection between two otherwise disconnected parts of a
model. Such a class forms the bridge between two packages. For example, in a file manage-
ment system, a File is the cut point between the directory structure and the file contents. Try
to choose packages to reduce the number of crossovers in the class diagrams. With a little
care, you can draw most class diagrams as planar graphs, without crossing lines.
Reuse a package from a previous design if possible, but avoid forcing a fit. Reuse is eas-
iest when part of the problem domain matches a previous problem. If the new problem is
similar to a previous problem but different, you may have to extend the original model to en-
compass both problems. Use your judgment about whether this is better than building a new
model.
ATM example. The current model is small and would not require breakdown into pack-
ages, but it could serve as a core for a more detailed model. The packages might be:
■ tellers—cashier, entry station, cashier station, ATM
■ accounts—account, cash card, card authorization, customer, transaction, update, cashier
transaction, remote transaction
■ banks—consortium, bank
Each package could add details. The account package could contain varieties of transactions,
information about customers, interest payments, and fees. The bank package could contain
information about branches, addresses, and cost allocations.

12.3 Domain State Model

Some domain objects pass through qualitatively distinct states during their lifetime. There
may be different constraints on attribute values, different associations or multiplicities in the
various states, different operations that may be invoked, different behavior of the operations,
and so on. It is often useful to construct a state diagram of such a domain class. The state
diagram describes the various states the object can assume, the properties and constraints of
the object in various states, and the events that take an object from one state to another.
Most domain classes do not require state diagrams and can be adequately described by
a list of operations. For the minority of classes that do exhibit distinct states, however, a state
model can help in understanding their behavior.
202 Chapter 12 / Domain Analysis

First identify the domain classes with significant states and note the states of each class.
Then determine the events that take an object from one state to another. Given the states and
the events, you can build state diagrams for the affected objects. Finally, evaluate the state
diagrams to make sure they are complete and correct.
The following steps are performed in constructing a domain state model.
■ Identify domain classes with states. [12.3.1]
■ Find states. [12.3.2]
■ Find events. [12.3.3]
■ Build state diagrams. [12.3.4]
■ Evaluate state diagrams. [12.3.5]

12.3.1 Identifying Classes with States

Examine the list of domain classes for those that have a distinct life cycle. Look for classes
that can be characterized by a progressive history or that exhibit cyclic behavior. Identify the
significant states in the life cycle of an object. For example, a scientific paper for a journal
goes from Being written to Under consideration to Accepted or Rejected. There can be some
cycles, for example, if the reviewers ask for revisions, but basically the life of this object is
progressive. On the other hand, an airplane owned by an airline cycles through the states of
Maintenance, Loading, Flying, and Unloading. Not every state occurs in every cycle, and
there are probably other states, but the life of this object is cyclic. There are also classes
whose life cycle is chaotic, but most classes with states are either progressive or cyclic.
ATM example. Account is an important business concept, and the appropriate behavior
for an ATM depends on the state of an Account. The life cycle for Account is a mix of pro-
gressive and cycling to and from problem states. No other ATM classes have a significant
domain state model.

12.3.2 Finding States

List the states for each class. Characterize the objects in each class—the attribute values that
an object may have, the associations that it may participate in and their multiplicities, at-
tributes and associations that are meaningful only in certain states, and so on. Give each state
a meaningful name. Avoid names that indicate how the state came about; try to directly de-
scribe the state.
Don’t focus on fine distinctions among states, particularly quantitative differences, such
as small, medium, or large. States should be based on qualitative differences in behavior, at-
tributes, or associations.
It is unnecessary to determine all the states before examining events. By looking at
events and considering transitions among states, missing states will become clear.
ATM example. Here are some states for an Account: Normal (ready for normal access),
Closed (closed by the customer but still on file in the bank records), Overdrawn (customer
withdrawals exceed the balance in the account), and Suspended (access to the account is
blocked for some reason).
12.3 Domain State Model 203

12.3.3 Finding Events

Once you have a preliminary set of states, find the events that cause transitions among states.
Think about the stimuli that cause a state to change. In many cases, you can regard an event
as completing a do-activity. For example, if a technical paper is in the state Under consider-
ation, then the state terminates when a decision on the paper is reached. In this case, the de-
cision can be positive (Accept paper) or negative (Reject paper). In cases of completing a do-
activity, other possibilities are often possible and may be added in the future—for example,
Conditionally accept with revisions.
You can find other events by thinking about taking the object into a specific state. For
example, if you lift the receiver on a telephone, it enters the Dialing state. Many telephones
have pushbuttons that invoke specific functions. If you press the redial button, the phone
transmits the number and enters the Calling state. If you press the program button, it enters
the Programming state.
There are additional events that occur within a state and do not cause a transition. For
the domain state model you should focus on events that cause transitions among states. When
you discover an event, capture any information that it conveys as a list of parameters.
ATM example. Important events include: close account, withdraw excess funds, re-
peated incorrect PIN, suspected fraud, and administrative action.

12.3.4 Building State Diagrams

Note the states to which each event applies. Add transitions to show the change in state
caused by the occurrence of an event when an object is in a particular state. If an event ter-
minates a state, it will usually have a single transition from that state to another state. If an
event initiates a target state, then consider where it can occur, and add transitions from those
states to the target state. Consider the possibility of using a transition on an enclosing state
rather than adding a transition from each substate to the target state. If an event has different
effects in different states, add a transition for each state.
Once you have specified the transitions, consider the meaning of an event in states for
which there is no transition on the event. Is it ignored? Then everything is fine. Does it rep-
resent an error? Then add a transition to an error state. Does it have some effect that you for-
got? Then add another transition. Sometimes you will discover new states.
It is usually not important to consider effects when building a state diagram for a domain
class. If the objects in the class perform activities on transitions, however, add them to the
state diagram.
ATM example. Figure 12.14 shows the domain state model for the Account class.

12.3.5 Evaluating State Diagrams

Examine each state model. Are all the states connected? Pay particular attention to paths
through it. If it represents a progressive class, is there a path from the initial state to the final
state? Are the expected variations present? If it represents a cyclic class, is the main loop
present? Are there any dead states that terminate the cycle?
204 Chapter 12 / Domain Analysis

Account
Closed

close account
withdraw excess funds
open account
Normal Overdrawn
deposit sufficient funds

suspected fraud release hold

administrative action
Suspended
repeated incorrect PIN

Figure 12.14 Domain state model. The domain state model documents important
classes that change state in the real world.

Use your knowledge of the domain to look for missing paths. Sometimes missing paths
indicate missing states. When a state model is complete, it should accurately represent the
life cycle of the class.
ATM example. Our state model for Account is simplistic but we are satisfied with it.
We would require substantial banking knowledge to construct a deeper model.

12.4 Domain Interaction Model

The interaction model is seldom important for domain analysis. During domain analysis the
emphasis is on key concepts and deep structural relationships and not the users’ view of
them. The interaction model, however, is an important aspect of application modeling and
we will cover it in the next chapter.

12.5 Iterating the Analysis

Most analysis models require more than one pass to complete. Problem statements often
contain circularities, and most applications cannot be approached in a completely linear way,
because different parts of the problem interact. To understand a problem with all its implica-
tions, you must attack the analysis iteratively, preparing a first approximation to the model
and then iterating the analysis as your understanding increases. There is no firm line between
analysis and design, so don’t overdo it. Verify the final analysis with the requestor and appli-
cation domain experts.
12.5 Iterating the Analysis 205

12.5.1 Refining the Analysis Model

The overall analysis model may show inconsistencies and imbalances within and across
models. Iterate the different portions to produce a cleaner, more coherent model. Try to refine
classes to increase sharing and improve structure. Add details that you glossed over during
the first pass.
Some constructs will feel awkward and won’t seem to fit in right. Reexamine them care-
fully; you may have the wrong concepts. Sometimes major restructuring in the model is
needed as your understanding increases. It is easier to do now than it will ever be, so don’t
avoid changes just because you already have a model in place. When there are many con-
structs that appear similar but don’t quite fit together, you have probably missed or miscast
a more general concept. Watch out for generalizations factored on the wrong aspects.
A common difficulty is a physical object that has two logically distinct aspects. Each as-
pect should be modeled with a distinct object. An indication of this problem is a class that
doesn’t fit in cleanly and seems to have two sets of unrelated attributes, associations, and op-
erations.
Other indications to watch for include exceptions, many special cases, and lack of ex-
pected symmetry. Consider restructuring your model to capture constraints better within its
structure.
Be wary of codifying arbitrary business practices in your model. Software should facil-
itate operation of the business and not inhibit reasonable changes. Often you can introduce
abstractions that increase business flexibility without substantially complicating a model.
Remove classes or associations that seemed useful at first but now appear extraneous.
Often two classes in the analysis can be combined, because the distinction between them
doesn’t affect the rest of the model in any meaningful way. There is a tendency for models
to grow as analysis proceeds. This is a concern, since the amount of development work es-
calates as a model becomes larger in size. Take a close look at your model for minor concepts
to cut or abstractions that can simplify the model.
A good model feels right and does not appear to have extraneous detail. Don’t worry if
it doesn’t seem perfect; even a good model will often have a few small areas where the design
is adequate but never feels quite right.

12.5.2 Restating the Requirements

When the analysis is complete, the model serves as the basis for the requirements and defines
the scope of future discourse. Most of the real requirements will be part of the model. In ad-
dition you may have some performance constraints; these should be stated clearly, together
with optimization criteria. Other requirements specify the method of solution and should be
separated and challenged, if possible.
You should verify the final model with the requestor. During analysis some requirements
may appear to be incorrect or impractical; confirm corrections to the requirements. Also
business experts should verify the analysis model to make sure that it correctly models the
real world. We have found analysis models to be an effective means of communication with
business experts who are not computer experts.
206 Chapter 12 / Domain Analysis

The final verified analysis model serves as the basis for system architecture, design, and
implementation. You should revise the original problem statement to incorporate corrections
and understanding discovered during analysis.

12.5.3 Analysis and Design

The goal of analysis is to specify the problem fully without introducing a bias to any partic-
ular implementation, but it is impossible in practice to avoid all taints of implementation.
There is no absolute line between the various development stages, nor is there any such thing
as a perfect analysis. Don’t treat the rules we have given too rigidly. The purpose of the rules
is to preserve flexibility and permit changes later, but remember that the goal of modeling is
to accomplish the total job, and flexibility is just a means to an end.
ATM example. We have no further changes to the ATM model at this time. A true ap-
plication is more likely to incur revision than a textbook example, because you have review-
ers who are passionate about the application and have a vested interest in it.

12.6 Chapter Summary

The domain model captures general knowledge about an application—concepts and rela-
tionships known to experts in the domain. The domain model has class models and some-
times state models, but seldom has an interaction model. The purpose of analysis is to
understand the problem and the application so that a correct design can be constructed. A
good analysis captures the essential features of the problem without introducing implemen-
tation artifacts that prematurely restrict design decisions.
The domain class model shows the static structure of the real world. First find classes.
Then find associations between classes. Note attributes, though you can defer minor ones.
You can use generalization to organize and simplify the class structure. Group tightly cou-
pled classes and associations into packages. Supplement the class models with a data dictio-
nary—brief textual descriptions, including the purpose and scope of each element.
If a domain class has several qualitatively different states during its life cycle, make a
state diagram for it, but most domain classes will not require state diagrams.
Methodologies are never as linear as they appear in books. This one is no exception. Any
complex analysis is constructed by iteration on multiple levels. You need not prepare all parts
of the model at the same pace. The result of analysis replaces the original problem statement
and serves as the basis for design.

Bibliographic Notes
Abbott explains how to use nouns and verbs in the problem statement to seed thinking about
an application [Abbott-83]. [Coad-95] is a good book with some examples of analysis pat-
terns.
References 207

building the domain class model finding classes

building the domain state model finding events
data dictionary finding states
domain analysis refining a model with inheritance
finding associations shifting the level of abstraction
finding attributes testing the model

Figure 12.15 Key concepts for Chapter 12

References
[Abbott-83] Russell J. Abbott. Program Design by Informal English Descriptions. Communications of
the ACM 26, 11 (November 1983), 882–894.
[Coad-95] Peter Coad, David North, and Mark Mayfield. Object Models: Strategies, Patterns, and Ap-
plications. Upper Saddle River, NJ: Yourdon Press, 1995.

Exercises
12.1 (3) For each of the following systems, identify the relative importance of the three aspects of
modeling: 1) class modeling, 2) state modeling, 3) interaction modeling. Explain your answers.
For example, for a compiler, the answer might be 3, 1, and 2. Interaction modeling is most im-
portant for a compiler because it is dominated by data transformation concerns.
a. bridge player
b. change-making machine
c. car cruise control
d. electronic typewriter
e. spelling checker
f. telephone answering machine
12.2 (7) Create a class diagram for each system from Exercise 11.6. Note that the requirements are
incomplete, so your class models will also be incomplete.

Exercises 12.3–12.8 are related. Do the exercises in sequence. The following are tentative specifica-
tions for a simple diagram editor that could be used as the core of a variety of applications.
The editor will be used interactively to create and modify drawings. A drawing contains several
sheets. Drawings are saved to and loaded from named ASCII files. Sheets contain boxes and links.
Each box may optionally contain a single line of text. Text is allowed only in boxes. The editor must
automatically adjust the size of a box to fit any enclosed text. The font size of the text is not adjustable.
Any pair of boxes on the same sheet may be linked by a series of alternating horizontal and vertical
lines. Figure E12.1 shows a simple, one sheet drawing.
The editor will be menu driven, with pop-up menus. A three-button mouse will be used for menu,
object, and link selections. The following are some operations the editor should provide: create sheet,
delete sheet, next sheet, previous sheet, create box, link boxes, enter text, group selection, cut selec-
tions, move selections, copy selections, paste, edit text, save drawing, and load drawing. Copy, cut,
208 Chapter 12 / Domain Analysis

+
x+y
y

Figure E12.1 A sample drawing

and paste will work through a buffer. Copy will create a copy of selections from a sheet to the buffer.
Cut will remove selections to the buffer. Paste will copy the contents of the buffer to the sheet. Each
copy and cut operation overwrites the previous contents of the buffer. Pan and zoom will not be al-
lowed; sheets will have fixed size. When boxes are moved, enclosed text should move with them and
links should be stretched.
12.3 (3) The following is a list of candidate classes. Prepare a list of classes that should be eliminated
for any of the reasons given in this chapter. Give a reason for each elimination. If there is more
than one reason, give the main one.
character, line, x coordinate, y coordinate, link, position, length, width, collection, selection,
menu, mouse, button, computer, drawing, drawing file, sheet, pop-up, point, menu item, se-
lected object, selected line, selected box, selected text, file name, box, buffer, line segment
coordinate, connection, text, name, origin, scale factor, corner point, end point, graphics ob-
ject.
12.4 (3) Prepare a data dictionary for proper classes from the previous exercise.
12.5 (3) The following is a list of candidate associations and generalizations for the diagram editor.
Prepare a list of associations and generalizations that should be eliminated or renamed for any
of the reasons given in this chapter. Give a reason for each elimination or renaming. If there is
more than one reason, give the main one.
a box has text, a box has a position, a link logically associates two boxes, a box is moved, a
link has points, a link is defined by a sequence of points, a selection or a buffer or a sheet is
a collection, a character string has a location, a box has a character string, a character string
has characters, a line has length, a collection is composed of links and boxes, a link is delet-
ed, a line is moved, a line is a graphical object, a point is a graphical object, a line has two
points, a point has an x coordinate, a point has a y coordinate
12.6 Figure E12.2 is a partially completed class diagram for the diagram editor. Show how could it
be used for each of the following queries. Use a combination of the OCL (see Chapter 3) and
pseudocode to express your queries.
a. (2) Find all selected boxes and links.
b. (4) Given a box, determine all other boxes that are directly linked to it.
c. (8) Given a box, find all other boxes that are directly or indirectly linked to it.
d. (2) Given a box and a link, determine if the link involves the box.
e. (3) Given a box and a link, find the other box logically connected to the given box through
the other end of the link.
f. (4) Given two boxes, determine all links between them.
g. (6) Given a selection, determine which links are “bridging” links. If a selection does not in-
clude all boxes on a sheet, “bridging” links may result. A “bridging” link is a link that con-
Exercises 209

2 *
Text Box Collection Link
0..1 1 * 1 1 *

Selection Buffer Sheet

Figure E12.2 Partially completed class diagram for a diagram editor

nects a box that has been selected to a box that has not. A link that connects two boxes that
are selected or two boxes that are not selected is not a “bridging” link. “Bridging” links re-
quire special handling during a cut or a move operation on a selection.
12.7 (6) Figure E12.3 is a variation of the class diagram in which the class Connection explicitly rep-
resents the connection of a link to a box. Redo the queries from the previous exercise using this
representation.

* Connection 2

1 1

Text Box Collection Link

0..1 1 * 1 1 *

Selection Buffer Sheet

Figure E12.3 Alternative partially completed class diagram for a diagram editor

12.8 (5) What classes require state diagrams? Describe some relevant states and events.

Exercises 12.9–12.13 are related. Do the exercises in sequence. These exercises concern a computer-
ized scoring system that you have volunteered to create for the benefit of a local children’s synchro-
nized swimming league. Teams get together for competitions called meets during which the children
perform in two types of events: figures and routines. Figure events, which are performed individually,
are particular water ballet maneuvers such as swimming on your back with one leg raised straight up.
Routines, which are performed by the entire team, are water ballets. Both figures and routines are
scored, but your system need only address figures.
Each child must provide his or her name, age, address, and team name to register prior to the meet.
To simplify scoring, each contestant is assigned a number.
During a meet, figure events are held simultaneously at several stations that are set up around a
swimming pool, usually one at each corner. There are volunteer judges and scorekeepers. Scorekeep-
ers tend to tire, so there is often turnover in their ranks. Several judges and scorekeepers are assigned
to each station during a meet. Over the course of a season each judge and scorekeeper may serve sev-
210 Chapter 12 / Domain Analysis

eral stations. For scoring consistency, each figure is held at exactly one station with the same judges.
A station may process several figure events in the course of a meet.
Contestants are organized into groups, with each group starting at a different station. When a child
is finished at one station, he or she proceeds to another station for another event. When everyone has
been processed at a station for a given event, the station switches to the next event assigned to it.
Each competitor gets one try at each event, called a trial. Just before a trial, the child’s number is
announced to the child and to the scorekeepers. Sometimes the children get out of order or the score-
keepers become confused and the station stops while the problem is fixed. Each judge indicates a raw
score for each observed trial by holding up numbered cards. The raw scores are read to the scorekeep-
ers, who record them and compute a net score for the trial. The highest and lowest raw scores are dis-
carded, and the average of the remaining scores is multiplied by a difficulty factor for the figure.
Individual and team prizes are awarded at the conclusion of a meet based on top individual and
team scores. There are several age categories, with separate prizes for each category. Individual prizes
are based on figures only. Team prizes are based on figures and routines.
Your system will be used to store all information needed for scheduling, registering, and scoring.
At the beginning of a season, all swimmers will be entered into the system and a season schedule will
be prepared, including deciding which figures will be judged at which meets. Prior to a meet, the sys-
tem will be used to process registrations. During a meet, it will record scores and determine winners.

12.9 (3) The following is a list of candidate classes for the scoring system. Prepare a list of classes
that should be eliminated for any of the reasons given in this chapter. Give a reason for each
elimination. If there is more than one reason, give the main one.
address, age, age category, average score, back, card, child, child’s name, competitor, com-
pute average, conclusion, contestant, corner, date, difficulty factor, event, figure, file of team
member data, group, individual, individual prize, judge, league, leg, list of scheduled meets,
meet, net score, number, person, pool, prize, register, registrant, raw score, routine, score,
scorekeeper, season, station, team, team prize, team name, trial, try, water ballet.

12.10 (3) Prepare a data dictionary for proper classes from the previous exercise.

12.11 (4) The following is a list of candidate associations and generalizations for the scoring system.
Prepare a list of associations and generalizations that should be eliminated or renamed for any
of the reasons given in this chapter. Give a reason for each elimination or renaming. If there is
more than one reason, give the main one.
a season consists of several meets, a competitor registers, a competitor is assigned a number,
a number is announced, competitors are split into groups, a meet consists of several events,
several stations are set up at a meet, several events are processed at a station, several judges
are assigned to a station, routines and figures are events, raw scores are read, highest score
is discarded, lowest score is discarded, figures are processed, a league consists of several
teams, a team consists of several competitors, a trial of a figure is made by a competitor, a
trial receives several scores from the judges, prizes are based on scores.

12.12 Figure E12.4 is a partially completed class diagram for the scoring system. The association be-
tween meet and event is not derived, because an event may be determined for a meet before a
station is assigned to it. Show how it could be used for each of the following queries. Use a com-
bination of the OCL (see Chapter 3) and pseudocode to express your queries.
a. (2) Find all the members of a given team.
b. (6) Find which figures were held more than once in a given season.
Exercises 211

Season Meet Station Scorekeeper

1 * 1 * * *
startingDate date location name
endingDate location
0..1 *
1
* *
Figure * Event Judge
League
figureTitle startingTime name
difficultyFactor 1 *
1 description 1 *
* *
Team Competitor Trial *
1 * 1 *
name name netScore
age rawScore
address
telephoneNumber

Figure E12.4 Partially completed class diagram for a scoring system

c. (6) Find the net score of a competitor for a given figure at a given meet.
d. (6) Find the team average over all figures in a given season.
e. (6) Find the average score of a competitor over all figures in a given meet.
f. (6) Find the team average in a given figure at a given meet.
g. (4) Find the set of all individuals who competed in any events in a given season.
h. (7) Find the set of all individuals who competed in all of the events held in a given season.
i. (6) Find all the judges who judged a given figure in a given season.
j. (6) Find the judge who awarded the lowest score during a given event.
k. (6) Find the judge who awarded the lowest score for a given figure.
l. (7) Modify the diagram so that the competitors registered for an event can be determined.
12.13 (5) What classes require state diagrams? Describe some relevant states and events.
12.14 (7) Revise the diagrams in Figure E12.5, Figure E12.6, Figure E12.7, and Figure E12.8 to elim-
inate ternary associations. In some cases you will have to promote the association to a class.
Figure E12.5 is a relationship between Doctor, Patient, and DateTime that might be encoun-
tered in a system used by a clinic with several doctors on the staff. The combination of DateTime
+ Patient is unique as well as DateTime + Doctor.
Figure E12.6 is a relationship between Student, Professor, and University that might be used
to express the contacts between students attending and professors teaching at several universi-
ties. There is one link in the relationship for a student that takes one or more classes from a pro-
fessor at a university. The combination of Student + Professor + University is unique.
Figure E12.7 shows the relationship expressing the seating arrangement at a concert.
Concert + Seat is unique.
Figure E12.8 expresses the connectivity of a directed graph. Each edge of a directed graph
is connected in a specific order to exactly two vertices. More than one edge can be connected
between a given pair of vertices. The attribute Edge is unique for the relationship.
In each case, try to come as close as possible to the original intent and compare the merits of
the original and the revised models.
212 Chapter 12 / Domain Analysis

Doctor * * DateTime

*
Patient

Figure E12.5 Ternary association for Doctor, Patient, and DateTime

Student
* * University

*
Professor

Figure E12.6 Ternary association for Student, Professor, and University

Seat * * Concert
*
Person

Figure E12.7 Ternary association for Seat, Person, and Concert

* toVertex
*
Edge Vertex
* fromVertex

Figure E12.8 Ternary association for directed graphs

12.15 (9) Figure E12.9 lists requirements for a document manager. We then prepared the initial model
in Figure E12.10. Note some flaws in the model.

Develop software for managing professional records of papers, books, journals, notes, and
computer files. The system must be able to record authors of published works in the appro-
priate order, name of work, date of publication, publisher, publisher city, an abstract, as well
as a comment. The software must be able to group published works into various categories
that are defined by the user to facilitate searching. The user must be able to assign a quality
indicator of the perceived value of each work.
Only some of the papers in each issue of a journal may be of interest. It would also be
helpful to be able to attach comments to sections or even individual pages of a work.

Figure E12.9 Requirements for a document manager

Exercises 213

Publisher
publisherName 0..1
publisherCity * Document 1 0..1
sectionName Section
name comment
Author * {ordered} * date
name abstract pageNumber
qualityScore 1
DocumentCategory
* * comment
0..1
categoryName Page
comment

Paper Journal Book Note File FilePath

* 0..1 * *
journalVolume pathName
journalNumber

Figure E12.10 Initial model for a document manager

■ There is little difference between subclasses. Is an outline of a paper a “paper” or a “note”?

How should we handle a paper that is in both an electronic file and a binder? How should
we represent information about slides for talks?
■ We would like to handle both standard comments (applicable to many documents and cho-
sen by point and click in a user interface) and custom comments (applicable to one document
and specifically typed by the user).
■ We should be able to comment on a numbered page without having sections.
Improve the model by making it more abstract. (Hint: You should have generic classes for lo-
cation, document properties, and comments. It is adequate to represent document composition
with a hierarchy.)

Exercises 12.16–12.19 are related. Do the exercises in sequence. The following are tentative specifi-
cations for scheduling software.
The scheduling software must support the following functions: arranges meetings, schedules ap-
pointments, plans tasks, and tracks holidays (including vacations).
The scheduler runs on a network that many users share. Each user may have a schedule. A schedule
contains multiple entries. Most entries belong to a single schedule; however, a meeting entry may ap-
pear in many schedules.
There are four kinds of entries: meetings, appointments, tasks, and holidays. Meetings and ap-
pointments both occur within a single day and have a start time and end time. In contrast, tasks and
holidays may extend over several days and just have a start date and end date. Any entry may be
repeated. Repeat information includes how often the entry should be repeated, when it starts, and
when it ends.
12.16 (3) The following is a list of candidate classes. Prepare a list of classes that should be eliminated
for any of the reasons given in this chapter. Give a reason for each elimination. If there is more
than one reason, give the main one.
214 Chapter 12 / Domain Analysis

scheduling software, function, meeting, appointment, task, holiday, vacation, scheduler, net-
work, user, schedule, entry, meeting entry, day, start time, end time, start date, end date, re-
peat information.
12.17 (3) Prepare a data dictionary for proper classes from the previous exercise.
12.18 (4) The following is a list of candidate associations and generalizations for the scoring system.
Prepare a list of associations and generalizations that should be eliminated or renamed for any
of the reasons given in this chapter. Give a reason for each elimination or renaming. If there is
more than one reason, give the main one.
■ scheduling software that supports the following functions
■ the scheduler runs on a network that many users share
■ user may have a schedule
■ a schedule contains multiple entries
■ entries pertain to a single schedule
■ a meeting entry may appear in many schedules
■ meetings and appointments both occur within a single day and have a start time and end time
■ tasks and holidays may extend over several days and just have a start date and end date.
12.19 (5) Construct a class model for the scheduling software.

Exercises 12.20–12.23 are related. Do the exercises in sequence. The following provides requirements
for meetings and extends the scheduling software from Exercises 12.16–12.19.
The scheduling software facilitates meetings. When a user (the chairperson) arranges a meeting,
the software places a meeting entry in the schedule of each attendee. The chairperson uses the sched-
uler to reserve a room for the meeting, to identify the attendees, and to find time on their schedules
when everyone is available. The chairperson can indicate whether the attendance for each attendee is
required or optional. The system tracks the acceptance status for each attendee—whether an attendee
has accepted or declined.
The scheduler manages meeting notices. When a meeting is set up, the scheduler sends invitations
to all attendees, who are able to view meeting information. Each invitee can accept or refuse as well
as possibly cancel later on. The system also manages notices in case the meeting is rescheduled or can-
celled.
12.20 (3) The following is a list of candidate classes. Prepare a list of classes that should be eliminated
for any of the reasons given in this chapter. Give a reason for each elimination. If there is more
than one reason, give the main one.
scheduling software, meeting, user, chairperson, software, meeting entry, schedule, attend-
ee, scheduler, room, time, everyone, attendance, acceptance status, meeting notice, invita-
tion, meeting information, invitee, notice.
12.21 (3) Prepare a data dictionary for proper classes from the previous exercise.
12.22 (4) The following is a list of candidate associations and generalizations. Prepare a list of asso-
ciations and generalizations that should be eliminated or renamed for any of the reasons given
in this chapter. Give a reason for each elimination or renaming. If there is more than one reason,
give the main one.
■ scheduling software facilitates meetings
Exercises 215

■ user (the chairperson) arranges a meeting

■ software places a meeting entry in the schedule of each attendee
■ chairperson uses the scheduler to reserve a room for the meeting, to identify the attendees,
and to find time on their schedules when everyone is available
■ chairperson can indicate whether the attendance for each attendee is required or optional
■ system tracks the acceptance status for each attendee—whether an attendee has accepted or
declined
■ scheduler manages meeting notices
■ scheduler sends invitations to all attendees, who are able to view meeting information
■ system also manages notices in case the meeting is rescheduled or cancelled.
12.23 (7) Construct a class model for the extension to the scheduling software. Your answer should
resolve a problem from Exercise 12.19. In the class model for our answer to Exercise 12.19, we
cannot tell which user owns an entry. (Hint: You should reconcile the chairperson and attendee
associations from the extended requirements with the association between Schedule and Entry
from the Exercise 12.16–12.19 requirements.)