Object Model Notation
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Basic Concepts
Class: Association:
Class Name Associaton Name
tases | AS are —{ Class?
ee Qualified Association:
anribute
tribute: data type Associaton Name
atiibute:data-type = int valve Ciase-+ [quattro vow | case?
operation
joperation ( arg list ) : ret Multiplicity of Associations:
—{ ciass | Exact one
 
Generalization (Inheritance):
$a pan ae
ia
Rie! ‘ef poe] toda
[Subciass-1 [suvciass-2| 7
ad Class ‘One or more
 
 
 
 
 
 
 
 
 
 
 
 
=S"| Class | Numericaty specified
 
Aggregation:
 
Assembly Class
 
 
Part-1-Class Part
 
 
 
 
 
Aggregation (alternate form):
 
 
 
 
Assembly Class,
Class, Part-2-Ciass
Object instances:
 
 
 
 
 
 
 
 
 
 
Part
 
 
 
 
 
 
 
 
(Class Name)
(Class Name) } | atiibute_name = vaive
 
 
 
 
 
This page may be freely copied without obtaining permission from the publisherObject Model Notation
 
 
 
 
 
 
 
 
Advanced Concepts
Abstract Operation: Association as Class:
Superciass Class-1 Ww
operation (abstract)| vane is ebewect Association Name
Tk anrbute
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Constraints on Objects: Constraint between Associations:
Case AL
Clase
weet (subset)
we?
(awe > 0) ee
‘This page may be freely copied without obtaining permission from the publisherObject-Oriented
Modeling and Design
James Rumbaugh
Michael Blaha
William Premerlani
Frederick Eddy
William Lorensen
General Electric Research and Development Center
Schenectady, New York
a
PRENTICE HALL
nglewood Cliffs, New Jersey 07632Library of Congress Cate
 
Ing-tn-Publteat ion Oata
Je} ing ane design / Janes Rusdaugh ... (er at.J.
  
 
 
 
190-7600
cP
Editorial’ production supervision: Kathleen Schiaparelli
Cover design: Butler/ Udell Design
Manufacturing buyer: Linda Behrens/ Patrice Fraccio
© 1991 by Prentice-Hall, Inc.
A Simon & Schuster Company
Englewood Cliffs, New Jersey 07632
‘The author and publisher of this book have used their best efforts in preparing this book. These efforts
include the development, research, and testing of the theories and programs to determine their effectiveness.
‘The author and publisher make no warranty of any kind, expressed or implied, with regard to these
programs or the documentation contained in this book. The author and publisher shall not be liable in
any event for incidental or consequential damages in connection with, or arising out of, the furnishing,
performance, or use of these programs.
Apple, Laser Writer, and MacAPP are registered trademarks of Apple Computer, Inc.
DEC and VAX are registered trademarks of Digital Equipment Corporation.
Eiffel i a registered trademark of Interactive Software Engineering. Inc.
FrameMaker is a registered trademark of Frame Technology Corporation,
GemStone is a registered trademark of Servio Logic.
INGRES is a trademark of Ingres Corporation.
Interleat isa trademark of Interleaf, Inc.
Linotronic isa registered trademark of Allied Corporation.
MS-DOS is a trademark of Microsoft Corporation.
registered trademark of Claris Corporation.
NeWS, Sun Workstation, and Sun View are registered trademarks of Sun Microsystems. Inc
Objective-C isa registered trademark of Stepstone Corporation,
ONTOS is a trademark of Ontologic, Inc.
ORACLE is a registered trademark of Oracle Corporation,
rit isa registered trademark of Adobe Systems, Ine.
Ik-$0 is a trademark of ParcPlace Systems.
‘Statemate isa registered trademark of -Logix, Inc.
UNIX isa trademark of AT&T Bell Laboratories.
X Window System is a trademark of Massachusetts Institute of Technology.
All rights reserved. No part of this book may be reproduced, in any
form or by any means, without permission in writing from the publisher.
 
 
 
  
    
   
  
 
Printed in the United States of America
20 19 18 17 16 15 14 13
ISBN 0-13-b29841-9
Prentice-Hall International (UK) Limited, London
Prentice-Hall of Australia Pty. Limited, Sydney
Prentice-Hall Canada Inc., Toronto
Prentice-Hall Hispanoamericana, S.A., Mexico
Prentice-Hall of India Private Limited, New Dethi
Prentice-Hall of Japan, Inc. Tokyo
Simon & Schuster Asia Pte. Ltd., Singapore
Editora Prentice-Hall do Brasil, Ltda., Rio de JaneiroContents
PREFACE
Acknowledgments, xii
CHAPTER 1
La
12
a
14
1s
Bibliographic
Refere
Exercit
INTRODUCTION
What Is Object-Oriented? |
What Is Object-Oriented Development?, 4
Object-Oriented Themes, 7
Evidence for Usefulness of Object-Oriented Development, 9
Organization of this Book, 10
jotes, 12
 
nces, 12
ses, 13
Part 1: Modeling Concepts
   
Exerci
CHAPTER3 OBJECT MODELING
3.1
32
33
34
35
36
37
MODELING AS A DESIGN TECHNIQUE
Modeling, 15
The Object Modeling Technique, 16
Chapter Summary, 19
ses, 19
Objects and Classes, 21
Links and Associations, 27
Advanced Link and Association Concepts, 31
Generalization and Inheritance, 38
Grouping Constructs, 43
A Sample Object Model, 43
Practical Tips, 46
2138
CONTENTS
Chapter Summary, 47
Bibliographic Notes, 48
References, 48
Exercises, 49
CHAPTER 4 ADVANCED OBJECT MODELING 57
4.1 Aggregation, 57
4.2 Abstract Classes, 61
4.3. Generalization as Extension and Restriction, 63
4.4 Multiple Inheritance, 65
4.5 Metadata, 69
46 Candidate Keys, 71
4.7 Constraints, 73
4.8 Chapter Summary, 77
Bibliographic Notes, 79
References, 79
Exercises, 80
CHAPTERS DYNAMIC MODELING 84
5.1 Events and States, 84
5.2 Operations, 92
5.3. Nested State Diagrams, 94
5.4 Concurrency, 99
5.5 Advanced Dynamic Modeling Concepts, 101
5.6 A Sample Dynamic Model, 105
5.7 Relation of Object and Dynamic Models, 110
5.8 Practical Tips, 111
5.9 Chapter Summary, 112
Bibliographic Notes, 113
References, 115
Exercises, 115
CHAPTER 6
6.1
62
63
64
65
6.6
67
FUNCTIONAL MODELING 123
Functional Models, 123
Data Flow Diagrams, 124
Specifying Operations, 130
Constraints, 132
A Sample Functional Model, 133
Relation of Functional to Object and Dynamic Models, 137
Chapter Summary, 139
Bibliographic Notes, 140
References, 140
Exercises, 141CONTENTS v
Part 2: Design Methodology
CHAPTER7 METHODOLOGY PREVIEW 144
7.1 OMT as a Software Engineering Methodology, 144
7.2 The OMT Methodology, 145
7.3 Impact of an Object-Oriented Approach, 146
7.4 Chapter Summary, 146
Exercises, 147
CHAPTER ANALYSIS 148
8.1 Overview of Analysis, 148
8.2 Problem Statement, 150
83 Automated Teller Machine Example, 151
8.4 Object Modeling, 152
8.5 Dynamic Modeling, 169
8.6 Functional Modeling, 179
8.7 Adding Operations, 183
88 — Iterating the Analysis, 185
8.9 Chapter Summary, 187
Bibliographic Notes, 188
References, 188
Exercises, 189
CHAPTERS SYSTEM DESIGN 198
9.1 Overview of System Design, 198
9.2 Breaking a System into Subsystems, 199
9.3. Identifying Concurrency, 202
94 Allocating Subsystems to Processors and Tasks, 203
9.5 Management of Data Stores, 205
9.6 Handling Global Resources, 207
9.7 Choosing Software Control Implementation,
98 Handling Boundary Conditions, 210
9.9 Setting Trade-off Priorities, 210
9.10 Common Architectural Frameworks, 211
9.11 Architecture of the ATM System, 217
9.12 Chapter Summary, 218
Bibliographic Notes, 220
References, 220
Exercises, 221
CHAPTER 10 OBJECT DESIGN 227
10.1 Overview of Object Design,
10.2 Combining the Three Models,
10.3 Designing Algorithms, 230vi
10.4 Design Optimization, 235
10.5 Implementation of Control, 239
10.6 Adjustment of Inheritance, 242
10.7 Design of Associations, 245
10.8 Object Representation, 248
10.9. Physical Packaging, 249
10.10 Documenting Design Decisions, 251
10.11 Chapter Summary, 252
 
 
Exercises, 255
CHAPTER 11 METHODOLOGY SUMMARY
11.1 Analysis, 261
11.2 System Design, 262
11.3. Object Design, 263
11.4 Chapter Summary, 264
Exercises, 264
CHAPTER 12 COMPARISON OF METHODOLOGIES
12.1 Structured Analysis/Structured Design (SA/SD), 266
12.2 Jackson Structured Development (JSD), 268
12.3. Information Modeling Notations, 271
12.4 Object-Oriented Work, 273
12.5 Chapter Summary, 274
References, 275
Exercises, 275
 
Part 3: Implementation
CHAPTER 13 FROM DESIGN TO IMPLEMENTATION
13.1 Implementation Using a Programming Language, 278
13.2. Implementation Using a Database System, 279
13.3. Implementation Outside a Computer, 280
13.4 Overview of Part 3, 280
CHAPTER 14 PROGRAMMING STYLE
14.1 Object-Oriented Style, 281
14.2 Reusability
14.3. Extensibili
14.4 Robustness, 286
14,5 Programming-in-the-Large, 288
14.6 Chapter Summary, 291
Bibliographic Notes, 291
 
 
 
 
CONTENTS‘CONTENTS
References, 292
Exercises, 292
CHAPTER 15 OBJECT-ORIENTED LANGUAGES,
15.1 Translating a Design into an Implementation, 296
15.2. Class Definitions, 297
15.3. Creating Objects, 301
15.4 Calling Operations, 305
15.5 Using Inheritance, 308
15.6 Implementing Associations, 312
15.7 Object-Oriented Language Features, 318
158 Survey of Object-Oriented Languages, 325
15.9 Chapter Summary, 330
Bibliographic Notes, 332
References, 333
Exercises, 334
CHAPTER 16 NON-OBJECT-ORIENTED LANGUAGES
16.1 Mapping Object-Oriented Concepts, 340
16.2 Translating Classes into Data Structures, 342
16.3 Passing Arguments to Methods, 344
16.4 Allocating Objects, 345
16.5 Implementing Inheritance, 347
16.6 Implementing Method Resolution, 351
16.7 Implementing Associations, 355
16.8 Dealing with Concurrency, 358
16.9 Encapsulation, 359
16.10 What You Lose, 361
16.11 Chapter Summary, 362
Bibliographic Notes, 363
References, 364
Exercises, 364
CHAPTER 17 RELATIONAL DATABASES
17.1. General DBMS Concepts, 366
17.2 Relational DBMS Concepts, 368
17.3. Relational Database Design, 373
174 Advanced Relational DBMS, 387
17.5 Chapter Summary, 388
Bibliographic Notes, 389
References, 390
Exercises, 390vill
Part 4: Applications
CHAPTER 18 OBJECT DIAGRAM COMPILER
18.1 Background, 398
18.2 Problem Statement, 399
18.3. Analysis, 401
18.4 System Design, 407
18,5. Object Design, 408
18.6 Implementation, 412
18.7 Lessons Learned, 412
18.8 Chapter Summary, 413
Bibliographic Notes, 413
References, 413
Exercises, 414
CHAPTER 19 COMPUTER ANIMATION
19.1 Background, 417
19.2 Problem Statement, 418.
19.3. Analysis, 420
19.4 System Design, 424
19.5 Object Design, 426
19.6 Implementation, 428
19.7 Lessons Learned, 430
19.8 Chapter Summary, 431
Bibliographic Notes, 431
References, 432
Exercises, 432
CHAPTER 20 ELECTRICAL DISTRIBUTION DESIGN SYSTEM
20.1. Background, 433
20.2 Problem Statement, 435
20.3 Analysis, 436
20.4. System Design, 444
20.5 Object Design, 445
20.6 Implementation, 448
20.7 Lessons Leamed, 448
20.8 Chapter Summary, 449
Bibliographic Notes, 449
References, 449
Exercises, 450
APPENDIX A OMT GRAPHICAL NOTATION
APPENDIX B GLOSSARY
ANSWERS TO SELECTED EXERCISES
INDEX
 
 
 
 
 
 
CONTENTS
397
416
S88Preface
‘This book presents an object-oriented approach to software development based on modeling
‘objects from the real world and then using the model to build a language-independent design
‘organized around those objects. Object-oriented modeling and design promote better under-
standing of requirements, cleaner designs, and more maintainable systems. We describe a set
‘of object-oriented concepts and a language-independent graphical notation, the Object Mod-
ling Technique, that can be used to analyze problem requirements, design a solution to the
problem, and then implement the solution in a programming language or database. Our ap-
proach allows the same concepts and notation to be used throughout the entire software de~
velopment process. The software developer does not need to translate into a new notation at
cach development stage as is required by many other methodologies.
‘We show how to use object-oriented concepts throughout the entire software life cycle,
from analysis through design to implementation. The book is not primarily about object-ori-
ented languages or coding. Instead we stress that coding is the last stage in a process of de-
velopment that includes stating a problem, understanding its requirements, planning a
solution, and implementing a program in a particular language. A good design technique de-
fers implementation details until later stages of design to preserve flexibility. Mistakes in the
front of the development process have a large impact on the ultimate product and on the time
ceded to finish. We describe the implementation of object-oriented designs in object-orient-
ed languages, non-object-oriented languages, and relational databases.
The book emphasizes that object-oriented technology is more than just a way of pro-
gramming. Most importantly, it is a way of thinking abstractly about a problem using real-
‘world concepts, rather than computer concepts. This may be a difficult transition for some
people because older programming languages force one to think in terms of the computer
ixx PREFACE
and not in terms of the application, Books that emphasize object-oriented programming of-
ten fail to help the programmer learn to think abstractly without using programming con-
structs. We have found that the graphical notation that we describe helps the software
developer visualize a problem without prematurely resorting to implementation.
We show that object-oriented technology provides a practical, productive way to devel-
op software for most applications, regardless of the final implementation language. We take
an informal approach in this book; there are no proofs or formal definitions with Greek let-
ters. We attempt to foster a pragmatic approach to problem solving drawing upon the intui-
tive sense that object-oriented technology captures and by providing a notation and
methodology for using it systematically on real problems. We provide tips and examples of
good and bad design to help the software developer avoid common pitfalls. To illustrate the
pragmatic nature of these concepts, we describe several real applications developed by the
authors using object-oriented techniques.
This book is intended for both software professionals and students. The reader will learn
how to apply object-oriented concepts to all stages of the software development life cycle.
“At present, there are few, if any, object-oriented books covering the entire life cycle, as op-
posed to programming or analysis alone. In fact, there are few textbooks on object-oriented
technology of any kind. Although object-oriented technology is currently a “hot” topic, most
readers have limited experience with it, so we do not assume any prior knowledge of object-
oriented concepts. We do assume that the reader is familiar with basic computing concepts,
but an extensive formal background is not required. Even existing object-oriented program-
mers will benefit from learning how to design programs systematically; they may be sur-
prised to discover that certain common object-oriented coding practices violate principles of
good design.
The database designer will find much of interest here. Although object-oriented pro-
gramming languages have previously received the most attention, object-oriented design of
databases is perhaps even more compelling and immediately practical. We include an entire
chapter describing how to implement an object-oriented design using existing relational da-
tabase management systems.
This book can be used as a textbook for a graduate or advanced undergraduate course
on software engineering or object-oriented technology. It can be used as a supplementary
text for courses on databases or programming languages. Prerequisites include exposure to
modem structured programming languages and a knowledge of basic computer science
terms and concepts, such as syntax, semantics, recursion, set, procedure, graph, and state;
a detailed formal background is not required. Exercises of varying difficulty are included in
each chapter along with selected answers at the back of the book.
Many object-oriented books primarily discuss programming issues, usually from the
point of view of a single language. The best of them discuss design issues, but they are nev-
ertheless mainly about programming. Fewer books address object-oriented analysis or de-
sign, We show that object-oriented concepts can and should be applied throughout the entire
software life cycle, Recently books on object-oriented methodology have begun to appear
Our book is compatible with other books on object-oriented analysis and design, and we fee!
that it is complementary to them in content.PREFACE xi
Several existing books on software methodology discuss the entire life cycle from a pro-
cedural viewpoint. The traditional data flow methodologies of DeMarco, Yourdon, and oth-
ers are based mainly on functional decomposition, although recent revisions have been
influenced by object-oriented concepts. Even Jackson's methodology, which superficially
seems to be based on objects, quickly reverts to procedural issues.
‘Our emphasis differs in some respects from the majority of the object-oriented program-
ming community but is in accord with the information modeling and design methodology
communities. We place a much greater emphasis on object-oriented constructs as models of
real things, rather than as techniques for programming. We elevate interobject relationships
to the same semantic level as classes, rather than hiding them as pointers inside objects. We
place somewhat less importance on inheritance and methods. We downplay fine details of
inheritance mechanisms. We come down strongly in favor of typing, classes, modeling, and
advance planning. We use terminology that is universally accepted when possible, otherwise
‘we try to choose the best terms among various alternatives. There is as yet no commonly ac-
cepted graphical notation for object-oriented constructs, so despite concerns about introduc-
ing “yet another notation” we use our own Object Modeling Technique notation, which we
have used extensively on real problems and which has been successfully adopted by others,
In any case, the object-oriented concepts themselves are the most important thing, not the
shape of the symbols used to represent them. We also show how to apply object-oriented
concepts to state machines.
‘The book contains four parts. Part 1 presents object-oriented concepts in a high-level,
language-independent manner. These concepts are fundamental to the rest of the book, al-
though advanced material can be skipped initially. The Object Modeling Technique notation
is introduced in Part | and used throughout the book to show examples. Part 2 describes a
step-by-step object-oriented methodology of software development from problem statement
through analysis, system design, and object design. All but the final stages of the methodol-
ogy are language-independent; even object design is concemed mostly with issues indepen-
dent of any particular language. Part 3 describes the implementation of object-oriented
designs in various target environments, including object-oriented languages, non-object-ori-
ented languages, and relational databases. It describes the considerations applicable to dif.
ferent environments, although it is not intended to replace books on object-oriented
programming. Part 4 presents case studies of actual object-oriented applications developed
by the authors at the General Electric Research and Development Center. The problems cov-
cer a range of application domains and implementation targets.
‘The authors have used object-oriented analysis, design, programming, and database
modeling for several years on a variety of applications. We have also implemented an object
oriented language, developed an object-oriented notation and methodology, and developed
object-oriented support tools, so we are familiar with both theoretical and pragmatic issues
of implementing and using object-oriented technology. We are enthusiastic about the object-
oriented approach and have found that it is applicable to almost any kind of application, We
have found that the use of object-oriented concepts, together with a graphical notation and a
development methodology, can greatly increase the quality, flexibility, and understandability
of software. We hope that this book can help to get that message across.xii PREFACE
ACKNOWLEDGMENTS,
We wish to thank the many individuals who have made this book possible. We especially
want to thank GE and our management at the Research and Development Center for their
foresight in giving us the opportunity to develop the ideas presented here by working on ob-
ject-oriented technology when it was still a new and unproven field as well as for their sup-
port, encouragement, and facilities in writing the book. We also wish to thank our colleagues
at GE who worked with us in exploring this exciting new field. We acknowledge the impor-
tant contribution of Mary Loomis and Ashwin Shah, who participated in the original devel-
opment of the Object Modeling Technique notation.
Many individuals helped in the review of the manuscript, but in particular we wish to
thank David Hentchel, Mark Kornfein, and Mare Laymon for their thorough reviews and
perceptive comments.
Finally and most importantly we wish to thank our wives and families for their patience
and encouragement during the many long weekends and evenings that went into the writing
of this book.
 
 
Production Note
The manuscript of this book was prepared by the authors on SUN workstations using the
FrameMaker document preparation system. We drew the diagrams using the FrameMaker
system, We created most object diagrams using our OMTool editor and converted them to
FrameMaker format. We performed detailed page layout, made the index, and generated the
table of contents using the FrameMaker system. Proof copies of the complete document
were printed on Apple LaserWriter Plus printers. We generated PostScript page description
files from the final document, copied them onto a Unix far tape, and sent the tape to the pub-
lisher for generation of the camera copy on a Linotronic 202 typesetter. The publisher pre-
pared and set the title and copyright pages.1
Introduction
 
Object-oriented modeling and design is a new way of thinking about problems using models
‘organized around real-world concepts. The fundamental construct is the object, which com-
bines both data structure and behavior in a single entity. Object-oriented models are useful
for understanding problems, communicating with application experts, modeling enterprises,
preparing documentation, and designing programs and databases. This book presents an
object-oriented software development methodology, the Object Modeling Technique
(OMT), which extends from analysis through design to implementation. First an analysis
‘model is built to abstract essential aspects of the application domain without regard for even-
tual implementation. This model contains objects found in the application domain, including
a description of the properties of the objects and their behavior. Then design decisions are
made and details are added to the model to describe and optimize the implementation. The
application-domain objects form the framework of the design model, but they are imple~
‘mented in terms of computer-domain objects. Finally the design model is implemented in a
programming language, database, or hardware.
We describe a graphical notation for expressing object-oriented models. Application-
domain and computer-domain objects can be modeled, designed, and implemented using the
‘same object-oriented concepts and notation. The same seamless notation is used from anal-
ysis to design to implementation so that information added in one stage of development need
not be lost or translated for the next stage.
 
1.1. WHAT IS OBJECT-ORIENTED?
‘Superficially the term “object-oriented” means that we organize software as a collection of
discrete objects that incorporate both data structure and behavior. This is in contrast to con-
ventional programming in which data structure and behavior are only loosely connected.
‘There is some dispute about exactly what characteristics are required by an object-oriented
approach, but they generally include four aspects: identity, classification, polymorphism,
and inheritance.2 Chapter 1 / INTRODUCTION
1.1.1 Characteristics of Objects
Identity means that data is quantized into discrete, distinguishable entities called objects. A
paragraph in a document, a window on my workstation, and the white queen in a chess game
are examples of objects. Figure 1.1 shows some additional objects. Objects can be concrete,
such as a file in a file system, or conceptual, such as a scheduling policy in a multiprocessing
operating system. Each object has its own inherent identity. In other words, two objects are
distinct even if all their attribute values (such as name and size) are identical.
Debi
anAccount 98826358 ky
aSavingsAccount| 45208128
 
 
 
 
 
 
a symbol table abinary tree the gray television
Mike's bicycle Brian’s bicycle ‘a white rook
Figure 1.1 Objects
In the real world an object simply exists, but within a programming language each ob-
ject has a unique handle by which it can be uniquely referenced. The handle may be imple-
mented in various ways, such as an address, array index, or unique value of an attribute.
Object references are uniform and independent of the contents of the objects, permitting
mixed collections of objects to be created, such as a file system directory that contains both
files and subdirectories.
Classification means that objects with the same data structure (attributes) and behavior
(operations) are grouped into a class. Paragraph, Window, and ChessPiece are examples of
classes. A class is an abstraction that describes properties important to an application and
ignores the rest. Any choice of classes is arbitrary and depends on the application.
Each class describes a possibly infinite set of individual objects. Each object is said to
be an instance of its class. Each instance of the class has its own value for each attribute but
shares the attribute names and operations with other instances of the class. Figure 1.2 shows
‘two classes and some of their respective instance objects. An object contains an implicit ref-
erence to its own class; it “knows what kind of thing it is.”
Polymorphism means that the same operation may behave differently on different class-
€s. The move operation, for example, may behave differently on the Window and ChessPiece
classes, An operation is an action or transformation that an object performs or is subject to.
Right-justify, display, and move are examples of operations. A specific implementation of an1.1. WHAT IS OBJECT-ORIENTED? 3
Bicycle objects
Bicycle class
Attributes
frame size
wheel size
gears
® ae material
Operations
shift
move
repair
Polygon objects Polygon class
Attributes
vertices
border color
ill
abstract fill color
into’ Operations
draw
erase
move
Figure 1.2 Objects and classes
operation by a certain class is called a method. Because an object-oriented operator is poly-
morphic, it may have more than one method implementing it.
In the real world, an operation is simply an abstraction of analogous behavior across dif-
ferent kinds of objects. Each object “knows how” to perform its own operations. In an ob-
ject-oriented programming language, however, the language automatically selects the
correct method to implement an operation based on the name of the operation and the class
of the object being operated on. The user of an operation need not be aware of how many
methods exist to implement a given polymorphic operation. New classes can be added with-
out changing existing code, provided methods are provided for each applicable operation on
the new classes
Inheritance is the sharing of attributes and operations among classes based on a hicrar-
chical relationship. A class can be defined broadly and then refined into successively finer
subclasses. Each subclass incorporates, or inherits, all of the properties of its superclass and
‘adds its own unique properties. The properties of the superclass need not be repeated in each
subclass. For example, ScrollingWindow and FixedWindow are subclasses of Window. Both
subclasses inherit the properties of Window, such as a visible region on the screen. Scrolling
Window adds a scroll bar and an offset. The ability to factor out common properties of sev-
eral classes into a common superclass and to inherit the properties from the superclass can
greatly reduce repetition within designs and programs and is one of the main advantages of
an object-oriented system.4 Chapter 1 / INTRODUCTION
1.2 WHAT IS OBJECT-ORIENTED DEVELOPMENT?
This book is about object-oriented development as a new way of thinking about software
based on abstractions that exist in the real world. In this context development refers to the
front portion of the software life cycle: analysis, design, and implementation. The essence
of object-oriented development is the identification and organization of application-domain
concepts, rather than their final representation in a programming language, object-oriented
or not. Brooks observes that the hard part of software development is the manipulation of its
essence due to the inherent complexity of the problem, rather than the accidents of its map-
ping into a particular language which are due to temporary imperfections in our tools that
are rapidly being corrected [Brooks-87].
This book does not explicitly address integration, maintenance, and enhancement, but a
cleaner design in a precise notation facilitates these stages of the entire software life cycle.
The same object-oriented concepts and notation used to express a design provide useful doc-
umentation during these stages.
 
 
 
1.2.1 Modeling Concepts, Not Implementation
Most of the effort to date in the object-oriented community has been focused on program-
ming language issues. The current emphasis in the literature is on implementation rather than
analysis and design. Object-oriented programming languages are useful in removing restric
tions due to the inflexibility of traditional programming languages. In a sense, however, this
‘emphasis is a step backwards for software engineering by focusing excessively on imple-
mentation mechanisms, rather than the underlying thought process that they support.
The real payoff comes from addressing front-end conceptual issues, rather than back-
end implementation issues. Design flaws that surface during implementation are more costly
to fix than those that are found earlier. Focusing on implementation issues too early restricts
design choices and often leads to an inferior product. An object-oriented development ap-
proach encourages software developers to work and think in terms of the application domain
through most of the software engineering life cycle. It is only when the inherent concepts of
the application are identified, organized, and understood that the details of data structures
and functions can be addressed effectively.
Object-oriented development is a conceptual process independent of a programming
language until the final stages. Object-oriented development is fundamentally a new way of
thinking and not a programming technique. Its greatest benefits come from helping specifi-
ers, developers, and customers express abstract concepts clearly and communicate them to
each other. It can serve as a medium for specification, analysis, documentation, and interfac-
ing, as well as for programming. Even as a programming tool, it can have various targets,
including conventional programming languages and databases as well as object-oriented
languages.
   
 
 
1.2.2 Object-Oriented Methodology
‘We present a methodology for object-oriented development and a graphical notation for rep-
resenting object-oriented concepts. The methodology consists of building a model of an ap-1.2 WHAT IS OBJECT-ORIENTED DEVELOPMENT? 5
plication domain and then adding implementation details to it during the design of a system.
We call this approach the Object Modeling Technique (OMT). The methodology has the fol-
lowing stages:
=
Analysis: Starting from a statement of the problem, the analyst builds a model of the
real-world situation showing its important properties. The analyst must work with the
requestor to understand the problem because problem statements are rarely complete or
correct. The analysis model is a concise, precise abstraction of what the desired system
must do, not how it will be done. The objects in the model should be application-domain
concepts and not computer implementation concepts such as data structures. A good
model can be understood and criticized by application experts who are not program-
mers. The analysis model should not contain any implementation decisions. For exam-
ple, a Window class in a workstation windowing system would be described in terms of
the attributes and operations visible to a user. Analysis is described in Chapter 8.
‘System design: The system designer makes high-level decisions about the overall archi-
tecture. During system design, the target system is organized into subsystems based on.
both the analysis structure and the proposed architecture. The system designer must de-
cide what performance characteristics to optimize, choose a strategy of attacking the
problem, and make tentative resource allocations. For example, the system designer
might decide that changes to the workstation screen must be fast and smooth even when
windows are moved or erased, and choose an appropriate communications protocol and.
memory buffering strategy. System design is described in Chapter 9.
Object design: The object designer builds a design model based on the analysis model
but containing implementation details, The designer adds details to the design model in
accordance with the strategy established during system design. The focus of object de~
sign is the data structures and algorithms needed to implement each class. The object
classes from analysis are still meaningful, but they are augmented with computer-do-
‘main data structures and algorithms chosen to optimize important performance mea-
sures. Both the application-domain objects and the computer-domain objects are
described using the same object-oriented concepts and notation, although they exist on
different conceptual planes. For example, the Window class operations are now specified
in terms of the underlying hardware and operating system. Object design is described in
Chapter 10.
Implementation: The object classes and relationships developed during object design
are finally translated into a particular programming language, database, or hardware im-
plementation. Programming should be a relatively minor and mechanical part of the de-
velopment cycle, because all of the hard decisions should be made during design. The
target language influences design decisions to some extent, but the design should not de-
pend on fine details of a programming language. During implementation, it is important
to follow good software engineering practice so that traceability to the design is straight-
forward and so that the implemented system remains flexible and extensible. For exam-
ple, the Window’ class would be coded in a programming language, using calls to the
underlying graphics system on the workstation. Implementation is described in Part 3
according to the target vehicle.6 Chapter 1 / INTRODUCTION
Object-oriented concepts can be applied throughout the system development life cycle, from
analysis through design to implementation. The same classes can be carried from stage to
stage without a change of notation, although they gain additional implementation details in
the later stages. Although the analysis view and the implementation view of Window are both
correct, they serve different purposes and represent a different level of abstraction. The same
object-oriented concepts of identity, classification, polymorphism, and inheritance apply
through the entire development cycle.
Some classes are not part of analysis but are introduced as part of the design or imple-
mentation. For example, data structures such as trees, hash tables, and linked lists are rarely
present in the real world. They are introduced to support particular algorithms during design.
‘Such data structure objects are used to implement real-world objects within a computer and
do not derive their properties directly from the real world.
1.2.3 Three Models
‘The OMT methodology uses three kinds of models to describe a system: the object model,
describing the objects in the system and their relationships; the dynamic model, describing
the interactions among objects in the system; and the functional model, describing the data
transformations of the system. Each model is applicable during all stages of development
and acquires implementation detail as development progresses. A complete description of a
system requires all three models.
The object model describes the static structure of the objects in a system and their rela-
tionships. The object model contains object diagrams. An object diagram is a graph whose
nodes are object classes and whose arcs are relationships among classes. The object model
is described in Chapters 3 and 4.
The dynamic model describes the aspects of a system that change over time. The dynam-
ic model is used to specify and implement the control aspects of a system. The dynamic mod-
el contains state diagrams. A state diagram is a graph whose nodes are states and whose ares
are transitions between states caused by events. The dynamic model is described in
Chapter 5.
The functional model describes the data value transformations within a system. The
functional model contains data flow diagrams. A data flow diagram represents a computa-
tion. A data flow diagram is a graph whose nodes are processes and whose arcs are data
flows. The functional model is described in Chapter 6.
The three models are orthogonal parts of the description of a complete system and are
cross-linked. The object model is most fundamental, however, because it is necessary to de~
scribe what is changing or transforming before describing when or how it changes.
1.2.4 Differences from Functional Methodology
Object-oriented development inverts the previous function-oriented methodology, as exem-
plified by the methodologies of Yourdon [Yourdon-89] and DeMarco [DeMarco-79}. In
these methodologies, primary emphasis is placed on specifying and decomposing system1.3 OBJECT-ORIENTED THEMES 7
functionality. Such an approach might seem the most direct way of implementing a desired
goal, but the resulting system can be fragile. If the requirements change, a system based on
decomposing functionality may require massive restructuring. (To be fair, these methodolo-
gies are more complex than this. See Chapter 12 for more details.)
By contrast, the object-oriented approach focuses first on identifying objects from the
application domain, then fitting procedures around them. Although this may seem more in-
direct, object-oriented software holds up better as requirements evolve, because it is based
on the underlying framework of the application domain itself, rather than the ad-hoc func-
tional requirements of a single problem.
 
 
1.3 OBJECT-ORIENTED THEMES
‘There are several themes underlying object-oriented technology. Although these themes are
not unique to object-oriented systems, they are particularly well supported in object-oriented
systems.
1.3.1 Abstraction
Abstraction consists of focusing on the essential, inherent aspects of an entity and ignoring
its accidental properties. In system development, this means focusing on what an object is
and does, before deciding how it should be implemented. Use of abstraction preserves the
freedom to make decisions as long as possible by avoiding premature commitments to de-
tails. Most modem languages provide data abstraction, but the ability to use inheritance and
polymorphism provides additional power. Use of abstraction during analysis means dealing
‘only with application-domain concepts, not making design and implementation decisions
before the problem is understood. Proper use of abstraction allows the same model to be used
for analysis, high-level design, program structure, database structure, and documentation. A
language-independent style of design defers programming details until the final, relatively
mechanical stage of development.
1.3.2 Encapsulation
Encapsulation (also information hiding) consists of separating the external aspects of an ob-
ject, which are accessible to other objects, from the internal implementation details of the
‘object, which are hidden from other objects. Encapsulation prevents a program from becom-
ing so interdependent that a small change has massive ripple effects. The implementation of
aan object can be changed without affecting the applications that use it. One may want to
change the implementation of an object to improve performance, fix a bug, consolidate code,
or for porting. Encapsulation is not unique to object-oriented languages, but the ability to
combine data structure and behavior in a single entity makes encapsulation cleaner and more
powerful than in conventional languages that separate data structure and behavior.8 Chapter 1 / INTRODUCTION
1.3.3 Combining Data and Behavior
The caller of an operation need not consider how many implementations of a given operation
exist. Operator polymorphism shifts the burden of deciding what implementation to use
from the calling code to the class hierarchy. For example, non-object-oriented code to dis-
play the contents of a window must distinguish the type of each figure, such as polygon, cir-
cle, or text, and call the appropriate procedure to display it. An object-oriented program
would simply invoke the draw operation on each figure; the decision of which procedure to
use is made implicitly by each object, based on its class. Itis unnecessary to repeat the choice
of procedure every time the operation is called in the application program. Maintenance is
easier, because the calling code need not be modified when a new class is added. In an object-
oriented system, the data structure hierarchy is identical to the operation inheritance hierar-
chy (Figure 1.3),
 
cern al procedural Object-oriented
data structure hierarchy
see
by
class hierarchy
procedure hierarchy
Figure 1.3 An object-oriented approach has one unified hierarchy
1.3.4 Sharing
Object-oriented techniques promote sharing at several different levels. Inheritance of both
data structure and behavior allows common structure to be shared among several similar
subclasses without redundancy. The sharing of code using inheritance is one of the main ad-
vantages of object-oriented languages. More important than the savings in code is the con-
ceptual clarity from recognizing that different operations are all really the same thing. This
reduces the number of distinct cases that must be understood and analyzed.
Object-oriented development not only allows information to be shared within an applica-
tion, but also offers the prospect of reusing designs and code on future projects. Although this
possibility has been overemphasized as a justification for object-oriented technology, object-
oriented development provides the tools, such as abstraction, encapsulation, and inheritance,
to build libraries of reusable components. Object-orientation is not a magic formula to ensure
reusability, however, Reuse does not just happen; it must be planned by thinking beyond the
immediate application and investing extra effort in a more general design.1.4 EVIDENCE FOR USEFULNESS OF OBJECT-ORIENTED DEVELOPMENT 9
1.3.5 Emphasis on Object Structure, Not Procedure Structure
Object-oriented technology stresses specifying what an object is, rather than how it is used.
The uses of an object depend highly on the details of the application and frequently change
during development. As requirements evolve, the features supplied by an object are much
‘more stable than the ways it is used, hence software systems built on object structure are
more stable in the long run {Booch-86]. Object-oriented development places a greater em-
phasis on data structure and a lesser emphasis on procedure structure than traditional func-
tional-decomposition methodologies. In this respect, object-oriented development is similar
to information modeling techniques used in database design, although object-oriented devel-
‘opment adds the concept of class-dependent behavior.
1.3.6 Synergy
Identity, classification, polymorphism, and inheritance characterize mainstream object-ori-
ented languages. Each of these concepts can be used in isolation, but together they comple-
‘ment each other synergistically. The benefits of an object-oriented approach are greater than
they might seem at first. The greater emphasis on the essential properties of an object forces
the software developer to think more carefully and more deeply about what an object is and
does, with the result that the system is usually cleaner, more general, and more robust than
it would be if the emphasis were only on the use of data and operations. According to Tho-
mas, these various features come together to create a different style of programming {Tho-
‘mas-89]. Cox claims that encapsulation is the foundation for the object-oriented approach,
shifting emphasis from coding technique to packaging, while inheritance builds on encapsu-
lation to make reuse of code practical (Cox-86]
 
1.4 EVIDENCE FOR USEFULNESS OF OBJECT-ORIENTED DEVELOPMENT
We have been actively using object-oriented development in internal applications at the Gen-
eral Electric Research and Development Center (GE R&D). We have used object-oriented
techniques for developing compilers (Chapter 18), graphics (Chapter 19), user interfaces
(Chapter 20), databases [Blaha-89], an object-oriented language [Shah-89], CAD systems,
simulations, meta models, control systems, and other applications. We have used object-ori-
ented models to document existing programs that are ill-structured and difficult to under:
stand. Our implementation targets have ranged from object-oriented languages to non-
object-oriented languages to relational databases. We have successfully taught this approach
to others and have used it to communicate with application experts.
We are enthusiastic supporters of object-oriented development and see no reason it
should not be used on most software projects. The main benefit is not reduced development
time; object-oriented development may take more time than conventional development, be-
cause itis intended to promote future reuse and reduce downstream errors and maintenance.
‘The time until code is first completed is probably about the same as, or slightly greater than,
using a conventional approach. However, subsequent iterations of an object-oriented devel-10 Chapter 1 / INTRODUCTION
‘opment are easier and faster than with conventional development because revisions are more
localized. Furthermore, fewer iterations are usually needed because more problems are un-
covered and corrected during development.
The annual OOPSLA (Object-Oriented Programming Systems, Languages, and Appli
cations) and ECOOP (European Conference on Object-Oriented Programming) conferences
are the most important forums for disseminating new object-oriented ideas and application
results. OOPSLA and ECOOP proceedings describe many applications that have benefited
from an object-oriented approach, [Russo-88] describes a project that used C++ as the target
language for implementing an operating system. [Kerr-87] presents the results of using Fla-
vors to implement a program for statistical analysis. [Jacky-86] describes a large medical ap-
plication that was designed with object-oriented techniques and implemented in Pascal.
[Piersol-86] summarizes the results of using Smalltalk-80 to implement an advanced spread-
sheet package. [Barry-89] describes the implementation of a signal processor prototype us-
ing Smalltalk. We should note that most of the object-oriented literature to date has been
concerned with implementation and languages. We hope that this book will encourage more
emphasis on object-oriented development.
Many persons have heard of object-oriented technology but think of it as inefficient.
This attitude is due to the early object-oriented languages, such as Smalltalk, that were in-
terpreted and were inefficient compared to C or Fortran. Subsequent object-oriented lan-
guages, such as C++, can be used in an efficient manner, and compiler designers are
improving the efficiency of even the “pure” object-oriented languages [Chambers-89]. In
any case, object-oriented design is broader than object-oriented programming and provides
logical benefits regardless of the choice of implementation language.
 
1.5 ORGANIZATION OF THIS BOOK
‘The remainder of this book is organized into four parts: modeling concepts, methodology,
implementation, and application case studies. Appendices summarize the OMT notation and
provide a glossary of object-oriented terms.
Part I explains object-oriented concepts and presents a graphical notation for expressing
them. It does not discuss the process of developing object-oriented models, which is the sub-
ject of Part 2. Chapter 2 introduces our Object Modeling Technique (OMT) notation. The
OMT consists of three orthogonal views: the object model, dynamic model, and functional
model. Chapters 3 and 4 describe the object model, which deals with the structural “data”
aspects of a system. Chapter 3 presents basic object modeling concepts. Even readers famil-
iar with object-oriented programming should read this chapter, as we introduce modeling
concepts not found in most object-oriented languages. Chapter 4 presents advanced object
modeling concepts; this chapter may be skipped on a first reading of the book. Chapter 5 de-
scribes the dynamic model, which deals with states and events and models the control as
pects of a system. Readers familiar with state machines may skim the beginning of the
chapter, but the remainder of the chapter describes some state machine structuring concepts
that are not widely taught. Chapter 6 describes the functional model, which captures func
tions, values, constraints and derived information, Readers who know conventional func1.5 ORGANIZATION OF THIS BOOK "
tionally-oriented methodologies will find this material familiar. Part 1 of the book deals with
concepts that permeate the software development cycle, applying equally to analysis, design,
and implementation. The notation described in Part 1 is used throughout the book.
Part 2 shows how to develop an object-oriented model and use it to develop a system
using our OMT methodology. Chapter 7 provides an overview of the OMT methodology.
Chapter 8 discusses analysis, the process of describing and understanding the application do-
‘main without imposing implementation decisions. Analysis begins with a problem statement
from the customer. The analyst incorporates customer interviews and application domain
knowledge to construct an object model, a dynamic model, and a functional model
Chapter 9 addresses high-level system design, which is primarily a task of partitioning a sys-
tem into subsystems and making policy decisions. Chapter 10 discusses object design, the
augmentation of the analysis model with design decisions. These decisions include the spec-
ification of algorithms, assigning functionality to objects, introduction of internal objects to
avoid recomputation, and optimization. Chapter 11 summarizes the methodology presented
in Chapters 8 through 10. Chapter 12 compares object-oriented methodologies with other
popular methodologies, including conventional software engineering approaches and infor-
‘mation modeling notations from the database world.
Part 3 addresses implementation issues dependent on the target language. Chapter 13
provides an overview of implementation. Chapter 14 discusses guidelines for enhancing
readability, reusability, and maintainability using good object-oriented programming style.
Chapter 15 discusses problems of implementing object-oriented designs using object-
oriented languages, including varying degrees of support for different concepts by various
languages. The chapter includes a brief survey of several commercially-available languages
and describes current work on integrating object-oriented languages with databases.
‘Chapter 16 describes how to implement an object-oriented design with a non-object-orient-
ed language, such as C or Ada. Chapter 17 shows how to implement an OMT design using
a relational database. Chapter 17 contains a small amount of introductory material for read-
ers unfamiliar with database concepts
Part 4 presents several case studies from our work at the GE R&D Center. These are sub-
stantial applications that we developed using the OMT methodology. Chapter 18 describes
a compiler for object diagrams. The compiler accepts an object diagram as input and gener-
ates a relational database schema as output. This compiler was part of a bill-of-materials ap:
plication and helped motivate a successor project to generate declarations for object-oriented
languages and for Ada. Chapter 19 describes a three-dimensional computer animation sys-
tem that was implemented in C, using conventions on the definition and use of C structures
to obtain object-oriented behavior. The computer animation system produces high quality
video sequences illustrating the results of scientific calculations and experiments. Chapter
20 discusses a computer-aided design tool for electrical power distribution. This chapter il-
lustrates some of the dynamic modeling concepts presented in the book.
All chapters contain exercises. Selected exercises are answered in the back of the book.
We suggest that you try to work the exercises as you read this book, even if you are not a
student. The exercises bring out many subtle points that are only touched upon in the text.
‘The exercises provide practice in using the OMT methodology and serve as a stepping stone
to real applications.12 Chapter 1 / INTRODUCTION
 
abstraction functional model object design
analysis, identity object-oriented
classification implementation Object Modeling Technique (OMT)
dynamic model inheritance polymorphism
encapsulation ‘object model system design
 
Figure 1.4 Key concepts for Chapter 1
BIBLIOGRAPHIC NOTES
Dave Thomas and Peter Wegner have published readable and informative articles on object-
oriented concepts in the March 1989 issue of BYTE magazine. The references listed below
by Grady Booch, Brad Cox, and Bertrand Meyer are particularly good sources of informa-
tion, However, Cox and to a lesser extent Meyer emphasize the language aspects, although
they do devote some space to design issues. Shlaer and Mellor discuss object-oriented anal-
ysis and database implementation.
REFERENCES
[Barry-89] Brian M. Barry. Prototyping a real-time embedded system in Smalltalk. OOPSLA'S9 as
ACM SIGPLAN 24, 10 (Oct. 1989), 255-265.
{Blaha-89] Michael R. Blaha, Nancy L. Eastman, Malcolm M. Hall. An extensible AE&C database
model. Computers and Chemical Engineering 13,7 (July 1989) 753-766.
[Booch-86] Grady Booch. Object-oriented development. [EEE Transactions on Software Engineering
SE-12, 2 (Feb. 1986), 211-221
[Booch-91] Grady Booch. Object-Oriented Design. Redwood City, Calif: Benjamin/Cummings,
1991
[Brooks-87] Frederick P. Brooks. No silver bullet—essence and accidents of software engineering.
IEEE Computer (April 1987), 10-19.
[Chambers-89] Craig Chambers, David Ungar, Elgin Lee. An efficient implementation of SELF, a dy-
namically-typed object-oriented language based on prototypes. OOPSLA'89 as ACM SIGPLAN
24, 10 (Oct, 1989), 49-70,
[Cox-86] Brad J. Cox. Object-Oriented Programming. Reading, Massachusetts: Addison-Wesley,
1986,
[DeMarco-79] Tom DeMarco, Structured Analysis and Systems Specification. Englewood Cliffs, New
Jersey: Prentice Hall, 1979,
Uacky-86] Jonathan Jacky, Ira Kalet, An object-oriented approach to a large scientific application
OOPSLA’86 as ACM SIGPLAN 21, 11 (Nov. 1986), 368-376.
[Kerr-87] R.K. Kerr, D.B. Percival. Use of object-oriented programming in a time series analysis sys-
tem. OOPSLA'S7 as ACM SIGPLAN 22, 12 (Dec. 1987), 1-10.
[Meyer-88] Bertrand Meyer. Object-Oriented Software Construction, Hertfordshire, England: Prentice
Hall International, 1988,
{Piersol-86] Kurt W. Piersol. Object-oriented spreadsheets: the analytic spreadsheet package.
OOPSLA’86 as ACM SIGPLAN 21, 11 (Nov. 1986), 385-390.EXERCISES 13
[Russo-88] Vincent Russo, Gary Johnston, Roy Campbell. Process management and exception han-
dling in multiprocessor operating systems using object-oriented design techniques. OOPSLA'S8
as ACM SIGPLAN 23, 11 (Nov. 1988), 248-258.
[Shah-89} Ashwin Shah, James Rumbaugh, Jung Hamel, Renee Borsari. DSM: an object-relationship
‘modeling language. OOPSLA’S9 as ACM SIGPLAN 24, 11 (Nov. 1989), 191-202,
{Shiaer-88] Sally Shlaer, Stephen J, Mellor. Object-Oriented Systems Analysis: Modeling the World in
Data. Englewood Cliffs, New Jersey: Yourdon Press, 1988.
{Thomas-89] Dave Thomas. What's in an object? BYTE 14, 3 (March 1989), 231-240,
{Wegner-89] Peter Wegner. Learning the language. BYTE /4, 3 (March 1989), 245-253.
[Yourdon-89] Edward Yourdon. Modern Structured Analysis. Englewood Cliffs, New Jersey: Yourdon
Press, 1989.
EXERCISES
‘The number in parentheses next to each exercise indicates the difficulty, from 1 (easy) to 10 (very
difficult). The word “(Project)” in front of an exercise means that the problem statement for the exer-
cise is taken from the literature or that the exercise requires extensive work.
1.1 (2) What major problems have you encountered during past software projects? Estimate what
percentage of your time you spend on analysis, design, coding, and testing/debugging/fixing.
How do you go about estimating how much effort a project will require?
1.2 (3) Recall a system that you created on your own in the past, Briefly describe the system, What
‘obstacles did you encounter in the design? What software engineering methodology, if any, did
you use? What were your reasons for choosing or not choosing a methodology? Are you satis-
fied with the system as it exists? How difficult is it to add new features to the system? Is it main-
tainable?
1.3 (4) Describe a large software system that was supposed to be created in the last five years that
was behind schedule, over budget, or failed to perform as expected. What factors were blamed?
How could the failure have been avoided?
1.4 (3) From a user's point of view, criticize a hardware or software system that has a flaw that par-
ticularly annoys you. For example, some cars require the bumper to be removed to replace a tail
light. Describe the system. the flaw. how it was overlooked, and how it could have been avoided
‘with a bit more thought during design.
1.5 (5) All objects have identity and are distinguishable. However, for large collections of objects,
itmay not be a trivial matter to devise a scheme to distinguish them. Furthermore, a scheme may
depend on the purpose of the distinction, For cach of the following collections of objects, de-
scribe how they could be distinguished:
All persons in the world for the purpose of sending mail
All persons in the world for the purpose of criminal investi
All customers with safe deposit boxes in a given bank.
All telephones in the world for making telephone calls
All customers of a telephone company for billing purposes.
All electronic mail addresses throughout the world.
All employees of a company to restrict access for security reasons,
 
mnpecge14
16
7
18
Chapter 1 / INTRODUCTION
(4) Prepare a list of objects that you would expect each of the following systems to handle:
program for laying out a newspaper
program to compute and store bowling scores
a telephone answering machine
a controller for a video cassette recorder
a catalog store order entry system
paoge
(6) There are two lists below. The first is a list of classes that describe implementation objects.
The second is a list of operations. For each class, select the operations that make sense for ob-
jects in that class. Discuss the behavior of each operation listed for each class.
Classes:
variable length array — ordered collection of objects, indexed by an integer, whose size can
vary at run-time
symbol table — a table that maps text keywords into descriptors
set — unordered collection of objects with no duplicates
Operations:
append — add an object to the end of a collection
copy — make a copy of a collection
count — retum the number of elements in a collection
delete — remove a member from a collection
index — retrieve an object from a collection at a given position
intersect — determine the common members of two collections
insert — place an object into a collection at a given position
update — add a member to a collection, writing over whatever is already there
 
(4) Discuss what the objects in each of the following lists have in common. You may add more
classes to each list.
a. scanning electron microscope, eyeglasses, telescope, bomb sight, binoculars
b. pipe, check valve, faucet, filter, pressure gauge
. bicycle, sailboat, car, truck, airplane, glider, motorcycle, horse
4. nail, screw, bolt, rivet
. tent, cave, shed, garage, bam, house, skyscraper
£. square root, exponential, sine, cosinePART 1: MODELING CONCEPTS
2
Modeling as a Design Technique
 
A model is an abstraction of something for the purpose of understanding it before building
it. Because a model omits nonessential details, it is easier to manipulate than the original en-
tity. Abstraction is a fundamental human capability that permits us to deal with complexity.
Engineers, artists, and craftsmen have built models for thousands of years to try out designs
before executing them. Development of hardware and software systems is no exception. To
build complex systems, the developer must abstract different views of the system, build
models using precise notations, verify that the models satisfy the requirements of the system,
and gradually add detail to transform the models into an implementation.
Part 1 of the book describes the concepts and notations involved in object-oriented mod-
ling. These concepts are applied to analysis, design, and implementation in Parts 2 and 3 of
the book. This chapter discusses modeling in general and then introduces the three kinds of
object-oriented models composing the Object Modeling Technique: the object model, which
describes static structure; the dynamic model, which describes temporal relationships; and
the functional model, which describes functional relationships among values.
 
2.1 MODELING
Designers build many kinds of models for various purposes before constructing things. Ex-
amples include architectural models to show customers, airplane scale models for wind-tun-
nel tests, pencil sketches for composition of oil paintings, blueprints of machine parts,
storyboards of advertisements, and outlines of books. Models serve several purposes:
+ Testing a physical entity before building it, The medieval masons did not know modem
physics, but they built scale models of the Gothic cathedrals to test the forces on the struc:
ture. Scale models of airplanes, cars, and boats have been tested in wind tunnels and water16 Chapter 2 / MODELING
tanks to improve their aerodynamics. Recent advances in computation permit the simulation
of many physical structures without having to build physical models. Not only is simulation
cheaper, but it provides information that is too fleeting or inaccessible to be measured from
sical model. Both physical models and computer models are usually cheaper than
ing a complete system and enable flaws to be corrected early.
 
 
+ Communication with customers, Architects and product designers build models to show
their customers. Mock-ups are demonstration products that imitate some or all of the exter-
nal behavior of a system.
+ Visualization. Storyboards of movies, television shows, and advertisements allow the
writers to see how their ideas flow. Awkward transitions, dangling ends, and unnecessary
segments can be modified before detailed writing begins. Artists’ sketches allow them to
block out their ideas and make changes before committing them to oil or stone.
+ Reduction of complexity. Perhaps the main reason for modeling, which incorporates all the
previous reasons, is to deal with systems that are too complex to understand directly. The
human mind can cope with only a limited amount of information at one time. Models reduce
complexity by separating out a small number of important things to deal with at a time.
2.1.1 Abstraction
Abstraction is the selective examination of certain aspects of a problem. The goal of abstrac-
tion is to isolate those aspects that are important for some purpose and suppress those aspects
that are unimportant. Abstraction must always be for some purpose, because the purpose de-
termines what is and is not important. Many different abstractions of the same thing are pos-
sible, depending on the purpose for which they are made.
All abstractions are incomplete and inaccurate. Reality is a seamless web. Anything we
say about it, any description of it, is an abridgement. All human words and language are ab-
stractions—incomplete descriptions of the real world. This does not destroy their usefulness.
‘The purpose of an abstraction is to limit the universe so we can do things. In building models,
therefore, you must not search for absolute truth but for adequacy for some purpose. There
is no single “correct” model of a situation, only adequate and inadequate ones.
‘A good model captures the crucial aspects of a problem and omits the others. Most com-
puter languages, for example, are poor vehicles for modeling algorithms because they force
cation of implementation details that are irrelevant to the algorithm. A model that
contains extraneous detail unnecessarily limits your choice of design decisions and diverts
attention from the real issues.
 
 
2.2 THE OBJECT MODELING TECHNIQUE
We find it useful to model a system from three related but different viewpoints, each captur-
ing important aspects of the system, but all required for a complete description. The Object2.2 THE OBJECT MODELING TECHNIQUE 7
‘Modeling Technique (OMT) is our name for the methodology that combines the
views of modeling systems. The object model represents the static, structural, “data”
‘of a system. The dynamic model represents the temporal, behavioral, “control” aspects of a
system. The functional model represents the transformational, “function” aspects of a sys-
tem. A typical software procedure incorporates all three aspects: It uses data structures (ob-
ject model), it sequences operations in time (dynamic model), and it transforms values
(functional model). Each model contains references to entities in other models. For example,
‘operations are attached to objects in the object model but more fully expanded in the func-
tional model.
‘The three kinds of models separate a system into orthogonal views that can be represent-
ed and manipulated with a uniform notation. The different models are not completely inde-
pendent—a system is more than a collection of independent parts—but each model can be
examined and understood by itself to a large extent. The interconnections between the dif-
ferent models are limited and explicit. Of course, it is always possible to create bad designs
in which the three models are so intertwined that they cannot be separated, but a good design
isolates the different aspects of a system and limits the coupling between them.
Each of the three models evolves during the development cycle. During analysis, a mod-
el of the application domain is constructed without regard for eventual implementation. Dur-
ing design, solution-domain constructs are added to the model. During implementation, both
application-domain and solution-domain constructs are coded. The word model has two di-
mensions—a view of a system (object model, dynamic model, or functional model) and a
stage of development (analysis, design, or implementation). The meaning is generally clear
from context.
 
 
   
2.2.1 Object Model
‘The object model describes the structure of objects in a system—their identity, their relation-
ships to other objects, their attributes, and their operations. The object model provides the
essential framework into which the dynamic and functional models can be placed. Changes
and transformations are meaningless unless there is something to be changed or transformed.
Objects are the units into which we divide the world, the molecules of our models.
‘Our goal in constructing an object model is to capture those concepts from the real world
that are important to an application. In modeling an engineering problem, the object mode!
should contain terms familiar to engineers; in modeling a business problem, terms from the
business; in modeling a user interface, terms from the application domain, An analysis mod-
¢l should not contain computer constructs unless the application being modeled is inherently
a computer problem, such as a compiler or an operating system. The design model describes
how to solve a problem and may contain computer constructs.
‘The object model is represented graphically with object diagrams containing object
classes. Classes are arranged into hierarchies sharing common structure and behavior and are
associated with other classes. Classes define the attribute values carried by each object in-
stance and the operations which each object performs or undergoes.18 Chapter 2 / MODELING
2.2.2 Dynamic Model
The dynamic model describes those aspects of a system concerned with time and the
sequencing of operations—events that mark changes, sequences of events, states that define
the context for events, and the organization of events and states. The dynamic model cap-
tures control, that aspect of a system that describes the sequences of operations that occur,
without regard for what the operations do, what they operate on, or how they are imple-
mented.
The dynamic model is represented graphically with state diagrams. Each state diagram
shows the state and event sequences permitted in a system for one class of objects. State di-
agrams also refer to the other models. Actions in the state diagrams correspond to functions
from the functional model; events in a state diagram become operations on objects in the ob-
ject model.
2.2.3 Functional Model
The functional model describes those aspects of a system concemed with transformations of
values—functions, mappings, constraints, and functional dependencies. The functional
model captures what a system does, without regard for how or when it is done.
The functional model is represented with data flow diagrams. Data flow diagrams show
the dependencies between values and the computation of output values from input values
and functions, without regard for when or if the functions are executed. Traditional comput-
ing concepts such as expression trees are examples of functional models, as are less tradi-
tional concepts such as spreadsheets. Functions are invoked as actions in the dynamic model
and are shown as operations on objects in the object model
2.2.4 Relationship among Models
Each model describes one aspect of the system but contains references to the other models.
The object model describes data structure that the dynamic and functional models operate
‘on. The operations in the object model correspond to events in the dynamic model and func-
tions in the functional model. The dynamic model describes the control structure of objects.
It shows decisions which depend on object values and which cause actions that change ob-
ject values and invoke functions. The functional model describes functions invoked by op-
erations in the object model and actions in the dynamic model. Functions operate on data
values specified by the object model. The functional model also shows constraints on object
values.
There are occasional ambiguities about which model should contain a piece of informa-
tion. This is natural, because any abstraction is only a rough cut at reality; something will in-
evitably straddle the boundaries. Some properties of a system may be poorly represented by
the models. This is also normal, because no abstraction can capture everything; the goal is to
simplify the system description without loading down the model with so many constructs that
itbecomes a burden and not a help. For those things that the model does not adequately capture,
natural language or application-specific notation is still a perfectly acceptable tool2.3 CHAPTER SUMMARY 19
2.3 CHAPTER SUMMARY
Models are abstractions built to understand a problem before implementing a solution. All
abstractions are subsets of reality selected for a particular purpose.
The Object Modeling Technique (OMT) consists of three kinds of models. The object
model describes the static structure of a system in terms of objects and relationships corre-
sponding to real-world entities. The dynamic model describes the control structure of a sys-
tem in terms of events and states. The functional model describes the computational
structure of a system in terms of values and functions. Different problems place different em-
phasis on the three kinds of models, but all three are necessary for any large system.
 
abstraction modeling
dynamic model ‘object model
functional model relationship among models
 
 
 
Figure 2.1 Key concepts for Chapter 2
EXERCISES
21 (1) Some characteristics of a tire are its size, material, internal construction (bias ply. stee! belt-
‘ed, for example), tread design, cost, expected life, and weight. Which factors are important in
deciding whether or not to buy a tire for your car? Which ones might be relevant to someone
simulating the performance of a computerized anti-skid system for cars? Which ones are impor-
tant to someone constructing a swing for a child?
2.2 (2) Suppose your bathroom sink is clogged and you have decided to try to unclog it by pushing
‘wire into the drain. You have several types of wire available around the house, some insulated
and some not. Which of the following wire characteristics would you need to consider in select-
ing a wire for the job? Explain your answers.
Immunity to electrical noise
Color of the insulation
Resistance of the insulation to saltwater
Resistance of the insulation to fire
Cost
Stiffness
Ease of stripping the insulation
Weight
Availability
‘Strength
Resistance to high temperatures
Resistance to stretching
reer rere pe er20
23
24
25
26
Chapter 2/ MODELING
(3) Wire is used in the following applications. For each application, prepare a list of wire char-
acteristics that are relevant and explain why each characteristic is important for the application.
Selecting wire for a transatlantic cable
Choosing wire that you will use to create colorful artwork
Designing the electrical system for an airplane
Hanging a bird feeder from a tree
Designing a piano
Designing the filament for a light bulb
aoge
(3) Ifyou were designing a protocol for transferring computer files from one computer to anoth-
er over telephone lines, which of the following details would you select as relevant? Explain
how your selected details are relevant:
a. Electrical noise on the communication lines
b. The speed at which serial data is transmitted, typically 300, 1200, 2400, 4800, or 9600 bits
per second
. Availability of a relational database
4. Availability of a good full screen editor
Buffering and flow control such as an XON/XOFF protocol to regulate an incoming stream
of data
Number of tracks and sectors on the hard and/or floppy disk drive
(Character interpretation such as special handling of control characters
File organization, linear stream of bytes versus record-oriented, for example
Math co-processor
ree om
(2) There are several models used in the analysis and design of electrical motors. An electrical
model is concerned with voltages, currents, electromagnetic fields, inductance, and resistance.
‘A mechanical model considers stiffness, density, motion, forces, and torques. A thermal model
is concerned with heat dissipation and heat transfer. A fluid model describes the flow of cooling
air. Which model(s) should be considered to answer the following questions? Discuss your con-
clusions:
a. How much electrical energy is required to run a motor? How much of itis wasted as heat?
b. How much does a motor weigh?
€. How hot does a motor get?
4. How much vibration does a motor create?
€. How long will it take for the bearings of a motor to wear out?
 
(3) Decide which model(s) (object, dynamic, functional) are relevant for the following aspects
of a computer chess player. The board and pieces will be displayed graphically on a video dis-
play. Human moves will be indicated via a cursor controlled by a mouse. Of course, in some
cases, more than one category may apply. Defend your answers:
. User interface which displays computer moves and accepts human moves
. Representation of a configuration of pieces on the board
c. Consideration of a sequence of possible legal moves
4. Validation of a move requested by the human player3
Object Modeling
An object model captures the static structure of a system by showing the objects in the sys-
tem, relationships between the objects, and the attributes and operations that characterize
each class of objects. The object model is the most important of the three models. We em-
phasize building a system around objects rather than around functionality, because an object-
oriented mode! more closely corresponds to the real world and is consequently more resilient
with respect to change. Object models provide an intuitive graphic representation of a sys-
tem and are valuable for communicating with customers and documenting the structure of a
system.
Chapter 3 discusses basic object modeling concepts that will be used throughout the
book. For each concept, we discuss the logical meaning, present the corresponding OMT no-
tation, and provide examples. Some important concepts that we consider are object, class,
link, association, generalization, and inheritance. You should master the material in this
chapter before proceeding in the book.
3.1 OBJECTS AND CLASSES
3.1.1 Objects
The purpose of object modeling is to describe objects. For example, Joe Smith, Simplex com-
pany, Lassie, process number 7648, and the top window are objects. An object is simply
something that makes sense in an application context,
We define an object as a concept, abstraction, or thing with crisp boundaries and mean-
ing for the problem at hand. Objects serve two purposes: They promote understanding of the
real world and provide a practical basis for computer implementation. Decomposition of a
problem into objects depends on judgment and the nature of the problem. There is no one
correct representation.22 Chapter 3 / OBJECT MODELING
All objects have identity and are distinguishable. Two apples with the same color, shape,
and texture are still individual apples; a person can eat one and then eat the other. Similarly,
identical twins are two distinct persons, even though they may look the same. The term
identity means that objects are distinguished by their inherent existence and not by descrip-
tive properties that they may have.
The word object is often vaguely used in the literature. Sometimes object means a single
thing, other times it refers to a group of similar things. Usually the context resolves any am-
biguity. When we want to be precise and refer to exactly one thing, we will use the phrase
object instance. We will use the phrase object class to refer to a group of similar things.
3.1.2 Classes
An object class describes a group of objects with similar properties (attributes), common be-
havior (operations), common relationships to other objects, and common semantics. Person,
company, animal, process, and window are all object classes. Each person has an age, 1Q,
and may work at a job. Each process has an owner, priority, and list of required resources.
Objects and object classes often appear as nouns in problem descriptions
The abbreviation class is often used instead of object class. Objects in a class have the
same attributes and behavior patterns. Most objects derive their individuality from differ-
ences in their attribute values and relationships to other objects. However, objects with iden-
tical attribute values and relationships are possible.
The objects in a class share a common semantic purpose, above and beyond the require-
‘ment of common attributes and behavior. Thus even though a bam and a horse both have a
cost and age, they may belong to different classes. If barn and horse were regarded as purely
financial assets, they may belong to the same class. If the developer took into consideration
that a person paints a barn and feeds a horse, they would be modeled as distinct classes. The
interpretation of semantics depends on the purpose of each application and is a matter of
judgment.
Each object “knows” its class, Most object-oriented programming languages can deter-
mine an object's class at run time. An object’s class is an implicit property of the object.
If objects are the focus of object modeling, why bother with classes? The notion of ab-
straction is at the heart of the matter. By grouping objects into classes, we abstract a problem.
Abstraction gives modeling its power and ability to generalize from a few specific cases to
a host of similar cases. Common definitions (such as class name and attribute names) are
stored once per class rather than once per instance. Operations can be written once for each
class, so that all the objects in the class benefit from code reuse, For example, all ellipses
share the same procedures to draw them, compute their areas, or test for intersection with a
line; polygons would have a separate set of procedures. Even special cases, such as circles
and squares, can use the general procedures, though more efficient procedures are possible.
 
 
 
 
 
 
 
 
3.1.3 Object Diagrams
We began this chapter by discussing some basic modeling concepts, specifically object and
class. We have described these concepts with examples and prose. Since this approach is3.1 OBJECTS AND CLASSES 23
vague for more complex topics, we need a formalism for expressing object models that is
coherent, precise, and easy to formulate.
‘Object diagrams provide a formal graphic notation for modeling objects, classes, and
their relationships to one another. Object diagrams are useful both for abstract modeling and
for designing actual programs. Object diagrams are concise, easy to understand, and work
well in practice. We use object diagrams throughout this book. New concepts are illustrated
by object diagrams to introduce the notation and clarify our explanation of concepts. There
are two types of object diagrams: class diagrams and instance diagrams.
‘Acclass diagram is a schema, pattern, or template for describing many possible instances
of data. A class diagram describes object classes.
‘An instance diagram describes how a particular set of objects relate to each other. An
instance diagram describes object instances. Instance diagrams are useful for documenting
test cases (especially scenarios) and discussing examples. A given class diagram corre-
sponds to an infinite set of instance diagrams.
Figure 3.1 shows a class diagram (left) and one possible instance diagram (right) de-
scribed by it. Objects Joe Smith, Mary Sharp, and an anonymous person are instances of
class Person. The OMT symbol for an object instance is a rounded box. The class name in
is at the top of the object box in boldface. Object names are listed in normal font.
The OMT symbol for a class is a box with class name in boldface.
 
   
 
nae nie $$
Class Objects
Figure 3.1, Class and objects
Class diagrams describe the general case in modeling a system. Instance diagrams are
used mainly to show examples to help to clarify a complex class diagram. The distinction
between class diagrams and instance diagrams is in fact artificial; classes and instances can
appear on the same object diagram, but in general it is not useful to mix classes and in-
stances. (The exception is metadata, discussed in Section 4.5.)
3.1.4 Attributes
An attribute is data value held by the objects in a class. Name, age, and weight are at-
tributes of Person objects. Color, weight, and model-year are attributes of Car objects. Each
attribute has a value for each object instance. For example, attribute age has value “24” in
object Joe Smith. Paraphrasing, Joe Smith is 24 years old. Different object instances may
have the same or different values for a given attribute. Each attribute name is unique within
aclass (as opposed to being unique across all classes). Thus class Person and class Company
may each have an attribute called address.
An attribute should be a pure data value, not an object. Unlike objects, pure data values
do not have identity. For example, all occurrences of the integer “17 are indistinguishable,24 Chapter 3 / OBJECT MODELING
as are all occurrences of the string “Canada.” The country Canada is an object, whose name
attribute has the value “Canada” (the string). The capital of Canada is a city object and
should not be modeled as an attribute, but rather as an association between a country object
and a city object (explained in Section 3.2). The name of this city object is “Ottawa” (the
string).
Attributes are listed in the second part of the class box. Each attribute name may be fol-
lowed by optional details, such as type and default value. The type is preceded by a colon.
‘The default value is preceded by an equal sign. At times, you may choose to omit showing
attributes in class boxes. It depends on the level of detail desired in the object model. Class
boxes have a line drawn between the class name and attributes. Object boxes do not have
this line in order to further differentiate them from class boxes.
Figure 3.2 shows object modeling notation. Class Person has attributes name and age.
Name isa string and age is an integer. One object in class Person has the value Joe Smith for
name and the value 24 for age. Another object has name Mary Sharp and age 52.
 
 
 
 
 
 
 
 
 
Person (Person) (Person)
name: string Joe Smith Mary Sharp
age: integer 24 52
Class with Attributes Objects with Values
Figure 3.2 Attributes and values
Some implementation media, such as many databases, require an object to have a unique
identifier that identifies each object. Explicit object identifiers are not required in an object
model. Each object has its own unique identity. Most object-oriented languages automatical-
ly generate implicit identifiers with which to reference objects. You need not and should not
explicitly list identifiers. Figure 3.3 emphasizes this point. Identifiers are a computer artifact
and have no intrinsic meaning beyond identifying an object.
 
Person
name: string
age: integer
 
 
 
 
 
Wrong Correct
Figure 3.3 Do not explicitly list object identifiers
Do not confuse internal identifiers with real-world attributes. Internal identifiers are
purely an implementation convenience and have no meaning in the problem domain. For ex-
ample, social security number, license plate number, and telephone number are not intemal3.1 OBJECTS AND CLASSES 25
identifiers because they have meaning in the real world. Social security number, license plate
number, and telephone number are legitimate attributes.
3.1.5 Operations and Methods
‘An operation is a function or transformation that may be applied to or by objects in a class.
Hire, fire, and pay-dividend are operations on class Company. Open, close, hide, and redis-
play are operations on class Window. All objects in a class share the same operations.
Each operation has a target object as an implicit argument. The behavior of the operation
depends on the class of its target. An object “knows” its class, and hence the right implemen-
tation of the operation.
‘The same operation may apply to many different classes. Such an operation is polymor-
hic; that is, the same operation takes on different forms in different classes. A method is the
implementation of an operation for a class. For example, the class File may have an opera-
tion print. Different methods could be implemented to print ASCII files, print binary files,
and print digitized picture files. All these methods logically perform the same task—printing
file; thus you may refer to them by the generic operation print. However, each method may
be implemented by a different piece of code.
‘An operation may have arguments in addition to its target object. Such arguments pa-
rameterize the operation but do not affect the choice of method. The method depends only
‘on the class of the target object. (A few object-oriented languages, notably CLOS, permit the
choice of method to depend on any number of arguments, but such generality leads to con-
siderable semantic complexity, which we shall not explore.)
‘When an operation has methods on several classes, it is important that the methods all
have the same signature—the number and types of arguments and the type of result value.
For example, print should not have file-name as an argument for one method and file-pointer
for another. The behavior of all methods for an operation should have a consistent intent, It
is best to avoid using the same name for two operations that are semantically different, even
if they apply to distinct sets of classes. For example, it would be unwise to use the name
invert to describe both a matrix inversion and turning a geometric figure upside-down. In a
very large project, some form of name scoping may be necessary to accommodate accidental
name clashes, but it is best to avoid any possibility of confusion.
Operations are listed in the lower third of the class box. Each operation name may be
followed by optional details, such as argument list and result type. An argument list is writ-
ten in parentheses following the name; the arguments are separated by commas. The name
and type of each argument may be given. The result type is preceded by a colon and should
not be omitted, because it is important to distinguish operations that retum values from those
that do not. An empty argument list in parentheses shows explicitly that there are no argu-
‘ments; otherwise no conclusions can be drawn. Operations may be omitted from high-level
diagrams.
In Figure 3.4, the class Person has attributes name and age and operations change-job
and change-address, Name, age, change-job, and change-address are features of Person.26 Chapter 3 / OBJECT MODELING
 
 
 
 
 
 
 
 
 
 
Person File Geometric
object
name file name
age size in bytes Conia
change eo) last update po:
change-address print ‘move (delta: Vector)
select (p : Point): Boolean
rotate (angle)
 
 
 
Figure 3.4 Operations
Feature is a generic word for either an attribute or operation. Similarly, File has a print op-
eration. Geometric object has move, select, and rotate operations. Move has argument delta,
which is a Vector; select has one argument p which is of type Point and retums a Boolean;
and rotate has argument angle.
During modeling, it is useful to distinguish operations that have side effects from those
that merely compute a functional value without modifying any objects. The latter kind of op-
eration is called a query. Queries with no arguments except the target object may be regarded
as derived attributes. For example, the width of a box can be computed from the positions of
its sides, A derived attribute is like an attribute in that it is a property of the object itself, and
computing it does not change the state of the object. In many cases, an object has a set of
attributes whose values are interrelated, of which only a fixed number of values can be cho-
sen independently. An object model should generally distinguish independent base at-
tributes from dependent derived attributes. The choice of base attributes is arbitrary but
should be made to avoid overspecifying the state of the object. The remaining attributes may
be omitted or may be shown as derived attributes as described in Section 4.7.4.
 
3.1.6 Summary of Notation for Object Classes
Figure 3.5 summarizes object modeling notation for classes. A class is represented by a box
which may have as many as three regions. The regions contain, from top to bottom: class
‘name, list of attributes, and list of operations. Each attribute name may be followed by op-
tional details such as type and default value. Each operation name may be followed by op-
tional details such as argument list and result type. Attributes and operations may or may not
be shown; it depends on the level of detail desired.
  
  
 
Class-Name
attribute-name-1 : data-type-1 = default-value-1
attribute-name-2 : data-type-2 = default-value-2
   
 
1) : result-type-1
(argument-ist-2) ; result-ype-2
 
 
 
 
Figure 3.$ Summary of object modeling notation for classes3.2 LINKS AND ASSOCIATIONS 27
3.2 LINKS AND ASSOCIATIONS
 
Links and associ:
classes.
jons are the means for establishing relationships among objects and
3.2.1 General Concepts
A Link is a physical or conceptual connection between object instances. For example, Joe
Smith Works-for Simplex company. Mathematically, a link is defined as a tuple, that is, an
ordered list of object instances. A link is an instance of an association.
An association describes a group of links with common structure and common seman-
tics. For example, a person Works-for a company. All the links in an association connect ob-
jects from the same classes. Associations and links often appear as verbs in a problem
statement. An association describes a set of potential links in the same way that a class de-
scribes a set of potential objects.
Associations are inherently bidirectional. The name of a binary association usually
reads in a particular direction, but the binary association can be traversed in either direction.
The direction implied by the name is the forward direction; the opposite direction is the in-
verse direction. For example, Works-for connects a person to a company. The inverse of
Works-for could be called Employs, and connects a company to a person. In reality, both di-
rections of traversal are equally meaningful, and refer to the same underlying association; it
is only the names which establish a direction.
Associations are often implemented in programming languages as pointers from one
‘object to another. A pointer is an attribute in one object that contains an explicit reference to
another object. For example, a data structure for Person might contain an attribute emplo
that points to a Company object, and a Company object might contain an attribute employees
that points to a set of Employee objects. Implementing associations as pointers is perfectly
acceptable, but associations should not be modeled this way.
‘A link shows a relationship between two (or more) objects. Modeling a link as a pointer
disguises the fact that the link is not part of either object by itself, but depends on both of
them together. A company is not part of a person, and a person is not part of a company. Fur-
thermore, using a pair of matched pointers, such as the pointer from Person to Company and
the pointer from Company to a set of Employee, hides the fact that the forward and inverse
pointers are dependent on each other. All connections among classes should therefore be
modeled as associations, even in designs for programs. We must stress that associations are
not just database constructs, although relational databases are built on the concept of associ-
ations.
Although associations are modeled as bidirectional they do not have to be implemented
in both directions. Associations can easily be implemented as pointers if they are only tra-
versed in a single direction. Chapter 10 discusses some trade-offs to consider when imple-
menting associations.
Figure 3.6 shows a one-to-one association and corresponding links. Each association in
the class diagram corresponds to a set of links in the instance diagram, just as each class cor-
responds to a set of objects. Each country has a capital city. Has-capital is the name of the28 Chapter 3 / OBJECT MODELING
 
 
Country Has-capital City | class
name name diagram
(Country) >\_Has-capital (City)
Canada Ottawa
(Country) \_Has-capital (City) \. Instance
France Paris diagram
(Country) Has-capital (City) |
‘Senegal Dakar |
Figure 3.6 One-to-one association and links
 
 
 
 
 
 
 
 
 
 
a
association. The OMT notation for an association is a line between classes. A link is drawn
as a line between objects. Association names are italicized. An association name may be
omitted if a pair of classes has a single association whose meaning is obvious. It is good to
arrange the classes to read from left-to-right, if possible.
Figure 3.7 is a fragment of an object model for a program. A common task that arises in
computer-aided design (CAD) applications is to find connectivity networks: Given a line,
find all intersecting lines; given an intersection point, find all lines that pass through it; given
an area on the screen, find all intersection points. (We use the word line here to mean a finite
line segment.)
In the class diagram, each point denotes the intersection of two or more lines; each line
has zero or more intersection points, The instance diagram shows one possible set of lines.
Lines L/, L2, and L3 intersect at point P/. Lines L3 and L4 intersect at point P2. Line LS has
no intersection points and thus has no link. The solid balls and “2+” are multiplicity symbols.
Multiplicity specifies how many instances of one class may relate to each instance of another
class and is discussed in the next section.
Associations may be binary, temary, or higher order. In practice, the vast majority are
binary or qualified (a special form of ternary discussed later). We have encountered a few
general ternary and few, if any, of order four or more. Higher order associations are more
complicated to draw, implement, and think about than binary associations and should be
avoided if possible.
Figure 3.8 shows a ternary association: Persons who are programmers use computer lan-
guages on projects: This ternary association is an atomic unit and cannot be subdivided into
binary associations without losing information. A programmer may know a language and work
on a project, but might not use the language on the project. The OMT symbol for general ter-
nary and n-ary associations is a diamond with lines connecting to related classes. The name of
the association is written next to the diamond. Note that we did not name the association or
links in Figure 3.8. Association names are optional and a matter of modeling judgment. Asso-
ciations are often left unnamed when they can be easily identified by their classes. (This con-
vention does not work if there are multiple associations between the same classes.)3.2 LINKS AND ASSOCIATIONS
Line Intersects Point leis
name x name | diagram
 
 
 
 
 
 
 
 
 
R PI
(Line) (Point) \ Instance
b [pet ) >) diagram
(Line) |
us
|
 
 
 
 
 
 
 
Sample
data
Figure 3.7 Many-to-many association and links
 
 
 
 
Project Language |
I | Class
diagram
 
 
 
 
 
 
 
 
 
 
Instance
diagram
 
Figure 3.8 Temary association and links30 Chapter 3 / OBJECT MODELING
3.2.2 Multiplicity
Multiplicity specifies how many instances of one class may relate to a single instance of an
associated class. Multiplicity constrains the number of related objects. Multiplicity is often
described as being “one” or “many,” but more generally it is a (possibly infinite) subset of
the non-negative integers. Generally the multiplicity value is a single interval, but it may be
set of disconnected intervals. For example, the number of doors on a sedan is 2 or 4. Object
diagrams indicate multiplicity with special symbols at the ends of association lines. In the
‘most general case, multiplicity can be specified with a number or set of intervals, such as “1”
(exactly one), “1+” (one or more), “3-5” (three to five, inclusive), and “2,4,18" (two, four,
or eighteen). There are special line terminators to indicate certain common multiplicity val-
ues. A solid ball is the OMT symbol for “many,” meaning zero or more. A hollow ball indi-
cates “optional,” meaning zero or one. A line without multiplicity symbols indicates a one-
to-one association. In the general case, the multiplicity is written next to the end of the line,
for example, “1+” to indicate one or more.
Reviewing our past examples, Figure 3.6 illustrates one-to-one multiplicity. Each coun-
try has one capital city. A capital city administers one country. (In fact, some countries, such
as Netherlands and Switzerland, have more than one capital city for different purposes. If
this fact were important, the model could be modified by changing the multiplicity or by pro-
viding a separate association for each kind of capital city.)
The association in Figure 3.7 exhibits many-to-many multiplicity. A line may have zero
‘or more intersection points. An intersection point may be associated with two or more lines.
In this particular case, L/, L2, and L4 have one intersection point; L3 has two intersection
points; LS has no intersection points. P/ intersects with three lines; P2 intersects with two
lines.
Figure 3.9 illustrates zero-or-one, or optional, multiplicity. A workstation may have one
of its windows designated as the console to receive general error messages. It is possible,
however, that no console window exists. (The word “console” on the diagram is a role name,
discussed in Section 3.3.3.)
 
 
    
 
 
 
  
 
 
 
Workstation consow]_ Window
 
 
 
 
Figure 3.9 Zero-or-one multiplicity
Multiplicity depends on assumptions and how you define the boundaries of a problem.
Vague requirements often make multiplicity uncertain. You should not worry excessively
about multiplicity early in software development. First determine objects, classes, and asso-
ciations, then decide on multiplicity.
Determining multiplicity often exposes hidden assumptions built into the model. For ex-
ample, is the Works-for association between Person and Company one-to-many or many-to-
many’? It depends on the context. A tax collection application would permit a person to work
for multiple companies. On the other hand, an auto workers’ union maintaining member
records may consider second jobs irrelevant. Explicitly representing a model with object di-
agrams helps elicit these hidden assumptions, making them visible and subject to scrutiny.3.3 ADVANCED LINK AND ASSOCIATION CONCEPTS 1
The most important multiplicity distinction is between “one” and “many.” Underesti-
mating multiplicity can restrict the flexibility of an application. For example, many phone
number utility programs are unable to accommodate persons with multiple phone numbers.
On the other hand, overestimating multiplicity imposes extra overhead and requires the ay
plication to supply additional information to distinguish among the members of a “man
set. In a true hierarchical organization, for example, it is better to represent “boss” with a
mubtiplicity of “zero or one,” rather than allow for nonexistent matrix management.
This chapter only considers multiplicity for binary associations. The solid and hollow
ball notation is ambiguous for n-ary (n > 2) associations, for which multiplicity is a more
complex topic. Section 4.6 extends our treatment of multiplicity to n-ary associations.
  
 
3.2.3 The Importance of Associations
‘The notion of an association is certainly not a new concept. Associations have been widely
used throughout the database modeling community for years. (See Chapter 12 for details.)
In contrast, few programming languages explicitly support associations. We nevertheless
‘emphasize that associations are a useful modeling construct for programs as well as databas-
€s and real-world systems, regardless of how they are implemented. During conceptual mod-
ling, you should not tury pointers or other object references inside objects as attributes.
Instead you should moael them as associations to indicate that the information they contain
is not subordinate to a single class, but depends on two or more classes [Rumbaugh-87].”
‘Some object-oriented authors feel that every piece of information should be attached to
a single class, and they argue that associations violate encapsulation of information into
classes. We do not agree with this viewpoint. Some information inherently transcends a sin-
gle class, and the failure to treat associations on an equal footing with classes can lead to pro-
‘grams containing hidden assumptions and dependencies.
Most object-oriented languages implement associations with object pointers. Pointers
can be regarded as an implementation optimization introduced during the later stages of de-
sign. It is also possible to implement association objects directly, but the use of association
‘objects during implementation is really a design decision (see Chapter 10).
 
3.3 ADVANCED LINK AND ASSOCIATION CONCEPTS
3.3.1 Link Attributes
An attribute is a property of the objects in a class. Similarly, a link attribute is a property of
the links in an association. In Figure 3.10, access permission is an attribute of Accessible by.
Each fink attribute has a value for each link, as illustrated by the sample data at the bottom
"The term association as used in this book is synonymous with the term relation used in {Rumbaugh-87}
and with the use of the term relation as used in discrete mathematics. We have used the term association to
avoid confusion with the more restricted use of the term relation as used in relational databases, which usually
permit relations between pure values only, not between objects with identity32 Chapter 3 / OBJECT MODELING
 
 
 
 
 
 
 
 
Accessible by
User
‘acedss permission
etcltermcap read) ohn Doe
‘etctermeap ‘read-write) Mary Brown
Jusr/doe.login read-write) John Doe
Figure 3.10 Link attribute for a many-to-many association
of the figure. The OMT notation for a link attribute is a box attached to the association by a
loop: one or more link attributes may appear in the second region of the box. This notation
‘emphasizes the similarity between attributes for objects and attributes for links.
Many-to-many associations provide the most compelling rationale for link attributes.
Such an attribute is unmistakably a property of the link and cannot be attached to either ob-
ject. In Figure 3.10, access permission is a joint property of File and User, and cannot be
attached to either File or User alone without losing information.
Figure 3.11 presents link attributes for two many-to-one associations. Each person
working for a company receives a salary and has a job title. The boss evaluates the perfor-
mance of each worker. Link attributes may also occur for one-to-one associations.
Person awe ‘Company
name
name.
    
 
 
 
 
 
 
 
 
 
 
boss | social security no. address
address salaf
Manages = job title
‘wor
 
 
 
 
 
 
 
performance rating
 
Figure 3.11 Link attributes for one-to-many associations
Figure 3.12 shows link attributes for a ternary association. A pitcher may play for many
teams in a given year, A pitcher may also play many years for the same team. Each team has
many pitchers. For each combination of team and year, a pitcher has a won-loss record. Thus
for instance, Harry Eisenstat pitched for the Cleveland Indians in 1939, winning 6 games and
losing 7 games.
Figure 3.13 shows how it is possible to fold link attributes for one-to-one and one-to-
many associations into the class opposite the “one” side. This is not possible for many-to-
many associations. As a rule, link attributes should not be folded into a class because future
flexibility is reduced if the multiplicity of the association should change. Either form in Fig-
ture 3.13 can express a one-to-many association. However, only the link attribute form re-
mains correct if the multiplicity of Works-for is changed to many-to-many.3.3 ADVANCED LINK AND ASSOCIATION CONCEPTS 33
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
m
Pitcher Year
wins
losses
we
Harry Eisenstat Cleveland Indians 1939 67
Harry Eisenstat Detroit Ti 1939 2 2
Wills Hudiin Cl Indians 1989 9-10
Wilis Hudiin Cleveland Indians 1940 21
Wills Hudiin Washington Senators 1940 1 2
Wills Hudiin St.Louis Browns 1940 01
Figure 3.12 Link attributes for a temary association
Works-for
nee: a Preferred
name name form.
address social security no.
salary | | Soorese
job title
Company |—Works-for_ of Person ne y
tJ courage
name ar
address: social security no. fe
address
ipotte
 
 
 
Figure 3.13 Link attribute versus object attribute
3.3.2 Modeling an Association as a Class
‘Sometimes it is useful to model an association as a class. Each link becomes one instance of
the class. The link attribute box introduced in the previous section is actually a special case
of an association as a class, and may have a name and operations in addition to attributes.
Figure 3.14 shows the authorization information for users on workstations. Users may be au-
thorized on many workstations. Each authorization carries a priority and access privileges,
shown as link attributes, A user has a home directory for each authorized workstation, but
the same home directory can be shared among several workstations or among several users.
‘The home directory is shown as a many-to-one association between the authorization class
and the directory class. It is useful to model an association as a class when links can partic
{pate in associations with other objects of when links are subject to operations.34 Chapter 3 / OBJECT MODELING
Authorized on Ww an
 
 
Authorization
 
brivieges
start session
 
 
 
 
aa directory
Directory
 
 
 
 
Figure 3.14 Modeling an association as a class
3.3.3 Role Names
A role is one end of an association. A binary association has two roles, each of which may
have a role name. A role name is a name that uniquely identifies one end of an association.
Roles provide a way of viewing a binary association as a traversal from one object to a set
of associated objects. Each role on a binary association identifies an object or set of objects
associated with an object at the other end. From the point of view of the object, traversing
the association is an operation that yields related objects. The role name is a derived attribute
whose value is a set of related objects. Use of role names provides a way of traversing asso-
ciations from an object at one end, without explicitly mentioning the association. Roles often
appear as nouns in problem descriptions.
Figure 3.15 specifies how Person and Company participate in association Works-for. A
person assumes the role of employee with respect to a company; a company assumes the role
of employer with respect to a person. A role name is written next to the association line near
the class that plays the role (that is, the role name appears on the destination end of the tra-
versal). Use of role names is optional, but it is often easier and less confusing to assign role
names instead of, or in addition to, association names.
 
 
employee ployer,
Works-for ney
 
 
 
 
 
employee — employer
oe Doe Simplex
Mary Brown Simplex
Jean Smith United Widgets
Figure 3.18 Role names for an association
Role names are necessary for associations between two objects of the same class. For
example, boss and worker distinguish the two employees participating in the Manages asso-
ciation in Figure 3,11, Role names are also useful to distinguish between two associations
between the same pair of classes, When there is only a single association between a pair of3.3 ADVANCED LINK AND ASSOCIATION CONCEPTS 35
distinct classes, the names of the classes often serve as good role names, in which case the
role names may be omitted on the diagram.
Because role names serve to distinguish among the objects directly connected to a given
‘object, all role names on the far end of associations attached to a class must be unique. Al-
though the role name is written next to the destination object on an association, it is really a
derived attribute of the source class and must be unique within it. For the same reason, no
role name should be the same as an attribute name of the source class.
Figure 3.16 shows both uses of role names. A directory may contain many other diree-
tories and may optionally be contained in another directory. Each directory has exactly one
user who is an owner, and many users who are authorized to use the directory.
 
owner
   
container
 
 
 
Figure 3.16 Role names for a directory hierarchy
An n-ary association has a role for each end. The role names distinguish the ends of the
association and are necessary if a class participates in an n-ary association more than once.
Associations of degree 3 or more cannot simply be traversed from one end to another as bi-
nary associations can, so the role names do not represent derived attributes of the participat-
ing classes. For example, in Figure 3.12, both a team and a year are necessary to obtain a set
of pitchers.
3.3.4 Ordering
Usually the objects on the “many” side of an association have no explicit order, and can be
regarded as a set. Sometimes, however, the objects are explicitly ordered. For example, Fig-
ture 3.17 shows a workstation screen containing a number of overlapping windows. The win-
dows are explicitly ordered, so only the topmost window is visible at any point on the screen.
‘The ordering is an inherent part of the association. An ordered set of objects on the “many”
end of an association is indicated by writing “(ordered)” next to the multiplicity dot for the
role. This is a special kind of constraint. (See Section 4.7 for a discussion of constraints.)
 
{ordered}
Visible-on
‘Screen
 
 
 
 
 
Figure 3.17 Ordered sets in an association
 
on relates two object classes and a qualifier. The qualifier is a speci
attribute that reduces the effective multiplicity of an association. One-to-many and many-to-
‘many associations may be qualified. The qualifier distinguishes among the set of objects at36 Chapter 3 / OBJECT MODELING
the many end of an association. A qualified association can also be considered a form of ter-
nary association.
For example, in Figure 3.18 a directory has many files. A file may only belong toa single
directory.” Within the context of a directory, the file name specifies a unique file. Directory
and File are object classes and file name is the qualifier. A directory plus a file name yields
a file. A file corresponds to a directory and a file name. Qualification reduces the effective
multiplicity of this association from one-to-many to one-to-one. A directory has many files,
each with a unique name.
 
 
 
 
Directory | file name File
 
 
 
 
 
 
 
 
 
Figure 3.18 A qualified association
Qualification improves semantic accuracy and increases the visibility of navigation
paths, It is much more informative to be told that a directory and file name combine to iden-
tify a file, rather than be told that a directory has many files. The qualification syntax also
indicates that each file name is unique within its directory. One way to find a file is to first
find the directory and then traverse the file name link.
A qualifier is drawn as a small box on the end of the association line near the class it
qualifies. Directory + file name yields a File, therefore file name is listed in a box contiguous
to Directory.
Qualification often occurs in real problems, frequently because of the need to supply
names. There normally is a context within which a name has meaning. For instance, a direc-
tory provides the context for a file name.
Figure 3.19 provides another example of qualification. A stock exchange lists many
companies. However, a stock exchange lists only one company with a given ticker symbol.
Accompany may be listed on many stock exchanges, possibly under different symbols. (This
may actually not be true for stocks.) The unqualified notation cannot accommodate different
ticker symbols for the same company on different exchanges.
Qualification usually reduces multiplicity from many to one, but not always. In Figure
3.20, a company has one president and one treasurer but many persons serving on the board
of directors. Qualification partitions a set of related objects into disjoint subsets, but the sub-
sets may contain more than one object.
 
 
  
  
3.3.6 Aggregation
Aggregation is the “part-whole” or “a-part-of” relationship in which objects representing the
components of something are associated with an object representing the entire assembly. One
 
This is only true for some operating systems. For example, a PC-DOS file does belong to a single direc:
tory. A UNIX file may belong to multiple directories. Once again, the precise nature of an object mode! de
pends upon the application3.3 ADVANCED LINK AND ASSOCIATION CONCEPTS 37
‘Stock ‘Stock
‘exchange exchange
vse ticker symbol
List
‘Company “a
ticker symbol ‘Company
Unqualified Qualified
Figure 3.19 Unqualified and qualified association
 
 
 
 
 
 
 
 
ice
widgets President Ri Slick
Treasurer doe Embezze
‘common example is the bill-of-materials or parts explosion tree. For example, a name, argu-
‘ment list, and a compound statement are part of a C-language function definition, which in
tum is part of an entire program. Aggregation is a tightly coupled form of association with
some extra semantics. The most significant property of aggregation is transitivity, that is, if
Ais part of B and B is part of C, then A is part of C. Aggregation is also antisymmetric, that
is, if A is part of B, then B is not part of A. Finally, some properties of the assembly propagate
to the components as well, possibly with some local modifications. For example, the envi-
ronment of a statement within a function definition is the same as the environment of the
whole function, except for changes made within the function. The speed and location of a
door handle is obtained from the door of which it is a part; the door in turn obtains its prop-
erties from the car of which it is a part. Unless there are common properties of components
that can be attached to the assembly as a whole, there is little point in using aggregation. A
parts tree is clearly an aggregation, but there are borderline cases where the use of aggrega-
tion is not clear-cut. When in doubt, use ordinary association. Section 4.1 explores the use
of aggregation in more detail.
‘We define an aggregation relationship as relating an assembly class to one component
class. An assembly with many kinds of components corresponds to many aggregation rela-
tionships. We define each individual pairing as an aggregation so that we can specify the
multiplicity of each component within the assembly. This definition emphasizes that aggre-
gation is a special form of association.38 Chapter 3 / OBJECT MODELING
Aggregation is drawn like association, except a small diamond indicates the assembly
end of the relationship. Figure 3.21 shows a portion of an object model for a word processing,
program. A document consists of many paragraphs, each of which consists of many sentenc-
es.
Document Jo Paragraph b+ ——4 Sentence
Figure 321 Aggregation
 
 
 
 
 
The existence of a component object may depend on the existence of the aggregate ob-
ject of which it is part. For example, a binding is a part of a book. A binding cannot exist
apart from a book. In other cases, component objects have an independent existence, such as
‘mechanical parts from a bin.
Figure 3.22 demonstrates that aggregation may have an arbitrary number of levels. A
microcomputer is composed of one or more monitors, a system box, an optional mouse, and
a keyboard. A system box, in tur, has a chassis, a CPU, many RAM chips, and an optional
fan, When we have a collection of components that all belong to the same assembly, we can
combine the lines into a single aggregation tree in the diagram. The aggregation tree is just
a shorthand notation that is simpler than drawing many lines connecting components to an
assembly. An object model should make it easy to visually identify levels in a part hierarchy.
 
 
 
 
 
 
 
 
 
 
 
 
 
Microcomputer
vel
Monitor feral Mouse Keyboard
a 4
Chassis cpu RAM Fan
 
 
 
 
 
 
 
 
 
Figure 3.22 Multilevel aggregation
3.4 GENERALIZATION AND INHERITANCE
3.4.1 General Concepts
Generalization and inheritance are powerful abstractions for sharing similarities among
classes while preserving their differences, For example, we would like to be able to model
the following situation: Each piece of equipment has a manufacturer, weight, and cost.3.4 GENERALIZATION AND INHERITANCE 39
Pumps also have suction pressure and flow rate. Tanks also have volume and pressure. We
would like to define equipment features just once and then add details for pump, tank, and
other equipment types.
Generalization is the relationship between a class and one or more refined versions of
it. The class being refined is called the superclass and each refined version is called a sub-
class. For example, Equipment is the superclass of Pump and Tank. Attributes and opera-
tions common to a group of subclasses are attached to the superclass and shared by each
subclass. Each subclass is said to inherit the features of its superclass. For example, Pump
inherits attributes manufacturer, weight, and cost from Equipment. Generalization is some-
times called the “is-a” relationship because each instance of a subclass is an instance of the
superclass as well.
Generalization and inheritance are transitive across an arbitrary number of levels. The
terms ancestor and descendent refer to generalization of classes across multiple levels. An
instance of a subclass is simultaneously an instance of all its ancestor classes. The state of
an instance includes a value for every attribute of every ancestor class. Any operation on any
ancestor class can be applied to an instance. Each subclass not only inherits all the features
of its ancestors but adds its own specific attributes and operations as well. For example,
Pump adds attribute flow rate, which is not shared by other kinds of equipment.
‘The notation for generalization is a triangle connecting a superclass to its subclasses.
The superclass is connected by a line to the apex of the triangle. The subclasses are connect-
ced by lines to a horizontal bar attached to the base of the triangle. For convenience, the tri-
angle can be inverted, and subclasses can be connected to both the top and bottom of the bar,
but if possible the superclass should be drawn on top and the subclasses on the bottom.
Figure 3.23 shows an equipment generalization. Each piece of equipment is a pump,
heat exchanger, tank, or another type of equipment. There are several kinds of pumps: cen-
trifugal, diaphragm, and plunger. There are several kinds of tanks: floating roof, pressurized,
and spherical. Pump type and tank type both refine second level generalization classes down
to a third level; the fact that the tank generalization symbol is drawn below the pump gener-
alization symbol is not significant. Several object instances are displayed at the bottom of
the figure. Each object inherits features from one class at each level of the generalization.
‘Thus P/0/ embodies the features of equipment, pump, and diaphragm pump. E302 assumes
the properties of equipment and heat exchanger.
The dangling subclass ellipsis (triple dot) in Figure 3.23 indicates that there are addi-
tional subclasses that are not shown on the diagram, perhaps because there is no room on the
sheet and they are shown elsewhere, or maybe because enumeration of subclasses is still in-
complete.
‘The words written next to the triangles in the diagram, such as equipment type, pump
type, and tank type, are discriminators. A discriminator is an attribute of enumeration type
that indicates which property of an object is being abstracted by a particular generalization
relationship. Only one property should be discriminated at once. For example, class Vehicle
can be discriminated on propulsion (wind, gas, coal, animal, gravity) and also on operating
environment (land, air, water, outer space). The discriminator is simply a name for the basis
of generalization. Discriminator values are inherently in one-to-one correspondence with the
subclasses of a generalization. For example, the operating environment discriminator forChapter 3 / OBJECT MODELING
 
Equipment
name
manufacturer
weight
cost
 
 
 
 
IN equipment type
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Pump Heat exchanger Tank
suction pressure surface area °° | volume
discharge pressure tube diameter pressure
flow rate tube length
tube pressure
shell pressure
pump type
I
Centrifugal pump |{ Diaphragm pump |/ Plunger pump.
impeller diameter diaphragm material plunger length =r
number of blades en Anne r dameter
axis of rotation number of cylinders
tank type
Spherical tank Pressurized tank | | Floating roof tank
* diameter diameter diameter
height height
 
 
 
 
 
 
(Diaphragm pump) (Heat exchanger) (Floating root tank)
name = P101 name = £302 name = T111
manuf = Simplex manut = Brown manut = Simplex
weight = 100 kg weight = 5000 kg weight = 10000 kg
5000 cost = $20000 cost = $50000
‘suct pres = 1.1 atm
disch pres = 3.3 atm
flow rate = 300 Vhr
dia matt = Teflon
 
  
 
surface area = 300 m2
tube diameter = 2 cm
tube length = 6 m
tube pres = 15 atm
‘shell pres = 1.7 atm
    
  
 
 
 
 
      
     
       
    
 
volume = 400000 liter
pressure = 1.1 atm
diameter = 8m
height = 9 m
 
   
Figure 3.23 A multilevel inheritance hierarchy with instances
Boat is water. The discriminator is an optional part of a generalization relationship; if a dis-
criminator is included, it should be drawn next to the generalization triangle
Figure 3.24 shows classes of graphic geometric figures. This example has more of a pro-
gramming flavor and emphasizes inheritance of operations. Move, select, rotate, and display3.4 GENERALIZATION AND INHERITANCE 4
 
 
 
 
 
 
 
 
 
 
Figure
color
center position
pen thickness
en type
move
select
rotate
display
dimensionality
0 Dimensional 1 Dimensional 2 Dimensional
orientation orientation
fill type
scale scale
ith
 
 
 
 
 
 
 
eee ha a
Point Line Arc ‘Spline Polygon, Circle
‘endpoints | [radius control pts || num of sides | [diameter
 
 
start je
arc angi a
| display display ||“ *" | |display || display eniey,
Figure 3.24 Inheritance for graphic figures
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
are operations inherited by all subclasses, Scale applies to one- and two-dimensional figures.
Fill applies only to two-dimensional figures.
Do not nest subclasses too deeply. Deeply nested subclasses can be difficult to under-
stand, much like deeply nested blocks of code in a procedural language, Often with some
careful thought and a little restructuring, you can reduce the depth of an overextended inher-
itance hierarchy. In practice, whether or not a subclass is “too deeply nested” depends upon
judgment and the particular details of a problem, The following guidelines may help: An in-
heritance hierarchy that is two or three levels deep is certainly acceptable; ten levels deep is
probably excessive; five or six levels may or may not be proper.
3.4.2 Use of Generalization
Generalization is a useful construct for both conceptual modeling and implementation. Gen-
ralization facilitates modeling by structuring classes and succinctly capturing what is sim-
ilar and what is different about classes. Inheritance of operations is helpful during
implementation as a vehicle for reusing code.42 Chapter 3 / OBJECT MODELING
Object-oriented languages provide strong support for the notion of inheritance. (The
concept of inheritance was actually invented far earlier, but object-oriented languages made
it popular.) In contrast, current database systems provide little or no support for inheritance.
Object-oriented database programming languages (Section 15.8.5) and extended relational
database systems (Section 17.4) show promise of correcting this situation.
Inheritance has become synonymous with code reuse within the object-oriented pro-
gramming community. After modeling a system, the developer looks at the resulting classes
and tries to group similar classes together and reuse common code. Often code is available
from past work (such as a class library) which the developer can reuse and modify, where
necessary, to get the precise desired behavior. The most important use of inheritance, how-
ever, is the conceptual simplification that comes from reducing the number of independent
features in a system.
‘The terms inheritance, generalization, and specialization all refer to aspects of the same
idea and are often used interchangeably. We use generalization to refer to the relationship
among classes, while inheritance refers to the mechanism of sharing attributes and opera-
tions using the generalization relationship. Generalization and specialization are two differ-
ent Viewpoints of the same relationship, viewed from the superclass or from the subclasses.
The word generalization derives from the fact that the superclass generalizes the subclasses.
Specialization refers to the fact that the subclasses refine or specialize the superclass. In prac-
tice, there is little danger of confusion.
3.4.3 Overriding Features
A subclass may override a superclass feature by defining a feature with the same name. The
overriding feature (the subclass feature) refines and replaces the overridden feature (the su-
perclass feature). There are several reasons why you may wish to override a feature: to spec-
ify behavior that depends on the subclass, to tighten the specification of a feature, or for
better performance. For example, in Figure 3.24, display must be implemented separately for
each kind of figure, although it is defined for any kind of figure. Operation rotate is overrid-
den for performance in class Circle to be a null operation. Chapter 4 discusses overriding
features in more detail.
You may override default values of attributes and methods of operations. You should
never override the signature, or form, of a feature. An override should preserve attribute
type, number, and type of arguments to an operation and operation return type. Tightening
the type of an attribute or operation argument to be a subclass of the original type is a form
of restriction (Section 4.3) and must be done with care. It is common to boost performance
by overriding a general method with a special method that takes advantage of specific infor-
‘mation but does not alter the operation semantics (such as rovate-circle in Figure 3.24).
A feature should never be overridden so that it is inconsistent with the signature or se-
mantics of the original inherited feature. A subclass is a special case of its superclass and
should be compatible with it in every respect. A common, but unfortunate, practice in object-
oriented programming is to “borrow” a class that is similar to a desired class and then modify
it by changing and ignoring some of its features, even though the new class is not really a3.5 GROUPING CONSTRUCTS 43
special case of the original class. This practice can lead to conceptual confusion and hidden
assumptions built into programs. (See Section 4.3 for further discussion of overrides.)
3.5 GROUPING CONSTRUCTS
3.5.1 Module
A module is a logical construct for grouping classes, associations, and generalizations. A
module captures one perspective or view of a situation, For example, electrical, plumbing,
and ventilation modules are different views of a building. The boundaries of a module are
somewhat arbitrary and subject to judgment.
An object model consists of one or more modules. Modules enable you to partition an
‘object model into manageable pieces. Modules provide an intermediate unit of packaging
between an entire object model and the basic building blocks of class and association. Class
names and association names must be unique within a module. As much as possible, you
should use consistent class and association names across modules. The module name is usu-
ally listed at the top of each sheet. There is no other special notation for modules.
‘The same class may be referenced in different modules. In fact, referencing the same
lass in multiple modules is the mechanism for binding modules together. There should be
fewer links between modules (external binding) than within modules (internal binding).
3.5.2 Sheet
A complex model will not fit on a single piece of paper. A sheet is the mechanism for break-
ing a large object model down into a series of pages. A sheet is a single printed page. Each
module consists of one or more sheets. As a rule, we never put more than one module per
sheet. A sheet is just a notational convenience, not a logical construct.
Each sheet has a title and a name or number. Each association and generalization ap-
pears on a single sheet. Classes may appear on multiple sheets. Multiple copies of the same
class form the bridge for connecting sheets in an object model. Sheet numbers or sheet
names inside circles contiguous to a class box indicate other sheets that refer to a class. Use
of sheet cross-reference circles is optional
 
3.6 A SAMPLE OBJECT MODEL
Figure 3.25 shows an object mode! of a workstation window management system, such as
the X Window System or Sun View. This model is greatly simplified—a real model of a win-
dowing system would require a number of pages—but it illustrates many object modeling
constructs and show’ how they fit together into a large model.44 Chapter 3 / OBJECT MODELING
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Window
i
%
y2
display
undisplay
raise
lower
Scrolling Canvi
window. ox Panel
oy} z
yteet a item name
sao) add-element
delete-element Event
eon action
elements Panel
2 item keyboard
Shape Z event
color i
line width label
Text | | Scrollins Line Closed Button | | Choice Text
window | | “Canvas? | 3 snape | ing nao =
string fy fill color th
ee Yo fillpattem|  (opressed Le
y2
delete
draw A
prea
Etlipse | | Polygon] Choice
¥ draw om
ri
3 i value
draw | Vertcess (ordered)
Point
x
y
 
 
 
 
Figure 3.25 Object model of windowing system
Class Window defines common parameters of all kinds of windows, including a rectan-
gular boundary defined by the attributes x/, y/, x2, y2, and operations to display and undis-
play a window and to raise it to the top (foreground) or lower it to the bottom (background)3.6 A SAMPLE OBJECT MODEL 45
of the entire set of windows. Panel, Canvas, and Text window are varieties of windows. A
canvas is a region for drawing graphics. It inherits the window boundary from Window and
adds the dimensions of the underlying canvas region defined by attributes cx/, cy, ex2, cy2
A canvas contains a set of elements, shown by the association to class Shape. All shapes have
color and line width. Shapes can be lines, ellipses, or polygons, each with their own param-
eters. A polygon consists of an ordered list of vertices, shown as an aggregation of many
points, Ellipses and polygons are both closed shapes, which have a fill color and a fill pat-
tem. Lines are one-dimensional and cannot be filled. Canvas windows have operations to
add elements and to delete elements.
Text window is a kind of a Scrolling window, which has a 2-dimensional scrolling offset
within its window, as specified by x-offser and y-offset, as well as an operation scroll to
change the scroll value. A text window contains a string, and has operations to insert and
delete characters. Scrolling canvas is a special kind of canvas that supports scrolling; it is
both a Canvas and a Scrolling window. This is an example of multiple inheritance, to be ex-
plained in Section 4.4.
A Panel contains a set of Panel item objects, each identified by a unique item name
within a given panel, as shown by the qualified association. Each panel item belongs to a
single panel. A panel item is a predefined icon with which a user can interact on the screen.
Panel items come in three kinds: buttons, choice items, and text items. A button has a string
which appears on the screen; a button can be pushed by the user and has an attribute de-
pressed. A choice item allows the user to select one of a set of predefined choices, each of
which is a Choice entry containing a string to be displayed and a value to be returned if the
entry is selected. There are two associations between Choice item and Choice enn
‘one-to-many association defines the set of allowable choices, while a one-to-one associat
identifies the current choice. The current choice must be one of the allowable choices, so one
association is a subset of the other as shown by the arrow between them labeled “| subset}.”
‘This is an example of a constraint, to be explained in Section 4.7.
‘When a panel item is selected by the user, it generates an Event, which is a signal that
something has happened together with an action to be performed. All kinds of pane! items
have notify event associations. Each panel item has a single event, but one event can be
shared among many panel items. Text items have a second kind of event, which is generated
when a keyboard character is typed while the text item is selected. Association keyboard
event shows these events. Text items also inherit the notify event from superclass Panel item;
the notify event is generated when the entire text item is selected with a mouse.
There are many deficiencies in this model. For example, perhaps we should define a type
Rectangle, which can then be used for the window and canvas boundaries, rather than having
two similar sets of four position attributes. Maybe a line should be a special case of a polyline
(a connected series of line segments), in which case maybe both Polyline and Polygon
should be subclasses of a new common superclass that defines an ordered list of points,
Many attributes, operations, and classes are missing from a description of a realistic win-
dowing system. Certainly the windows have associations among themselves, such as over-
lapping one another. Nevertheless, this simple model gives a flavor of the use of object
modeling. We can criticize its details because it says something precise. It would serve as
the basis for a fuller model.46 Chapter 3 / OBJECT MODELING
3.7 PRACTICAL TIPS
We have gleaned the following tips for constructing object diagrams from our application
work. Many of these tips have been mentioned throughout this chapter.
+ Don’t begin constructing an object model by merely jotting down classes, associations,
and inheritance. First, you must understand the problem to be solved. The content of an
object model is driven by relevance to the solution.
+ Strive to keep your model simple. Avoid needless complications.
+ Carefully choose names. Names are important and carry powerful connotations. Names
should be descriptive, crisp, and unambiguous. Names should not be biased towards one
aspect of an object. Choosing good names is one of the most difficult aspects of object
modeling.
+ Do not bury pointers or other object references inside objects as attributes. Instead mod-
el these as associations. This is clearer and captures the true intent rather than an imple-
mentation approach,
+ Try to avoid general ternary and n-ary associations. Most of these can be decomposed
into binary associations, with possible qualifiers and link attributes.
+ Don’t try to get multiplicity perfect too early in software development.
+ Do not collapse link attributes into a class.
+ Use qualified associations where possible.
+ Try to avoid deeply nested generalizations.
+ Challenge one-to-one associations. Often the object on either end is
or-one multiplicity may be more appropriate. Other times many multiplicity is needed.
 
 
+ Don’t be surprised if your object model requires revision. Object models often require
multiple iterations to clarify names, repair errors, add details, and correctly capture
structural constraints (Section 4,7). Some of our most complex models, which are only
a few pages long, have required half a dozen iterations.
+ Try to get others to review your model, Object models can be a focal point for stimulat-
ing the involvement of others.
+ Always document your object models. The diagram specifies the structure of a model
but cannot describe the reasons behind it. The written explanation guides the reader
through the model and explains subtle reasons why the model was structured a particular
way. The written explanation clarifies the meaning of names in the model and should
convey the reason for each class and relationship.
+ Do not feel bound to exercise all object modeling constructs. The OMT notation is an
idealization, Not all constructs are needed for every problem, Many constructs are op-
tional and a matter of taste. Use only what you need for the problem at hand.3.8 CHAPTER SUMMARY 47
3.8 CHAPTER SUMMARY
Object models describe the static data structure of objects, classes, and their relationships to
‘one another. The content of an object model is a matter of judgment and is driven by its rel-
evance to an application. An object is a concept, abstraction, or thing with crisp boundaries
and meaning for an application. All objects have identity and are distinguishable. An object
class describes a group of objects with common attributes, operations, and semantics. An at-
tribute is a property of the objects in a class; an operation is an action that may be applied to
objects in a class.
Links and associations establish relationships among objects and classes. A link con-
nects two or more objects. An association describes a group of links with common structure
and common semantics. Multiplicity specifies how many instances of one class may relate
to each instance of another class. An association is a logical construct, of which a pointer is
an implementation alternative. There are other ways of implementing associations besides
using pointers.
Additional constructs for modeling associations include: link attribute, role, qualifier,
and aggregation. A link attribute is a property of the links in an association. Many-to-many
associations demonstrate the most compelling rationale for link attributes. Such an attribute
is unmistakably a property of the link and cannot be attached to either object. A role is a di-
rection across an association, Roles are particularly useful in dealing with associations be-
tween objects of the same class. A qualifier reduces the effective multiplicity of an
association by selecting among the set of objects at the many end. Names are often qualifiers.
Aggregation is a tightly coupled form of association with special semantics, such as transi-
tive closure and attribute value propagation. Aggregation is commonly encountered in bill-
of-material or parts explosion problems.
Generalization and inheritance are fundamental concepts in object-oriented languages that
are missing in conventional languages and databases. Generalization is a useful construct for
both conceptual modeling and implementation. During conceptual modeling, generalization
enables the developer to organize classes into a hierarchical structure based on their similarities
and differences. During implementation, inheritance facilitates code reuse. The term general-
‘zation refers to the relationship among class; the term inheritance refers to the mechanism of
obtaining attributes and operations using the generalization structure. Generalization provides
the means for refining a superclass into one or more subclasses. The superclass contains fea-
tures common to all classes; the subclasses contain features specific to each class. Inheritance
‘may occur across an arbitrary number of levels where each level represents one aspect of an
object. An object accumulates features from each level of a generalization hierarchy.
Module and sheet are grouping constructs. An object model consists of one or more
modules. A module is a logical grouping construct which captures one perspective or view
of a situation. Most references to classes lie within modules; a few span modules. Each mod-
ule has one or more sheets. A sheet is merely a notational convenience for fitting object mod-
els onto fixed sized pieces of paper.
The various object modeling constructs work together to describe a complex system
precisely, as shown by our example of a model for a windowing system. Once an object mod-
el is available, even a simplified one, the model can be compared against knowledge of the
real world of the desired application, criticized, and improved.48 Chapter 3 / OBJECT MODELING
 
aggregation generalization method ‘override
association identity module qualification
attribute inheritance multiplicity role
class instance object sheet
discriminator fink operation signature
feature link attribute ordering specialization
 
 
 
Figure 3.26 Key concepts for Chapter 3
BIBLIOGRAPHIC NOTES
The object modeling approach described in this book builds on the OMT notation originally
proposed in [Loomis-87]. [Blaha-88] extends the OMT notation for the purpose of database
design. This book redefines the term OMT; in this book OMT does not merely refer to a no-
tation but refers to our entire methodology. Our object model is analogous to the OMT nota-
tion discussed in the papers. This book refines object modeling notation beyond that shown
in the papers and sets forth a complete methodology for its use.
The object modeling notation is one of a score of approaches descended from the sem-
inal entity-relationship (ER) model of [Chen-76]. All the descendents attempt to improve on
the ER approach. Enhancements to the ER model have been pursued for several reasons. The
ER technique has been successful for database modeling and as a result, there has been great
demand for additional power. Also, ER modeling only addresses database design and not
programming. There are too many extensions to ER for us to discuss them all here. (Chapter
12 discusses some extensions to ER.)
A noteworthy aspect of our approach to object modeling is the emphasis we place on
associations. Just as inheritance is useful for conceptual modeling and implementation, so
too associations are important for conceptual modeling and implementation. Most existing
object-oriented programming languages ({Cox-86], [Goldberg-83], and [Meyer-88}) lack
the notion of associations and require the use of pointers. Most database design techniques
recognize the importance of associations. [Rumbaugh-87] is the original source of our asso-
ciation ideas. The use of the term relation in [Rumbaugh-87] is synonymous with our use of
association in this book.
[Khoshafian-86] defines the concept of object identity and its importance to program-
ming languages and database systems.
REFERENCES
{Blaha-88] Michael Blaha, William Premerlani, James Rumbaugh, Relational database design using
an object-oriented methodology. Communications of the ACM 31, 4 (April 1988) 414-427,
{Chen-76] PPS. Chen. The Entity-Relationship model—toward a unified view of data, ACM Transac-
tions on Database Systems 1, | (March 1976)
{Cox-86] Brad J. Cox. Object-Oriented Programming. Reading, Mass.: Addison-Wesley, 1986,EXERCISES 49
[Goldberg-83} Adele Goldberg, David Robson. Smalltalk-80: The Language and its Implementation.
Reading, Mass. Addison-Wesley, 1983.
{Khoshafian-86} S.N. Khoshafian, G.P. Copeland. Object identity. OOPLSA’86 as ACM SIGPLAN 21,
11 (Nov. 1986), 406-416.
[Loomis-87] Mary E.S. Loomis, Ashwin V. Shah, James E. Rumbaugh. An object modeling technique
for conceptual design. European Conference on Object-Oriented Programming, Paris, France,
June 15-17, 1987, published as Lecture Notes in Computer Science, 276, Springer-Verlag.
[Meyer-88] Bertrand Meyer. Object-Oriented Software Construction. Hertfordshire, England: Prentice
Hall International, 1988,
{Rumbaugh-87} James E. Rumbaugh. Relations as semantic constructs in an object-oriented language.
OOPSLA'87 as ACM SIGPLAN 22, 12 (Dec.1987), 466-481.
EXERCISES
3. (2) Prepare a class diagram from the instance diagram in Figure E3.1.
 
Figure E3.1 Instance diagram for a portion of Europe
42 (2) Prepare a class diagram from the instance diagram in Figure E3.2. Explain your multiplicity
decisions. Each point has an x coordinate and a y coordinate. What is the smallest number of
points required to construct a polygon? Does it make a difference whether or not a given point
‘may be shared between several polygons? How can you express the fact that points are in a se-
 
 
 
 
 
quence?
(Point) 4. ea)
“10 10
10 10
(Potgon)|
(Point) 126 Has { (Point)
10 10
10 “10
Figure E3.2 Instance diagram of a polygon that happens to be a square
3.3 (3) Consistent with the object diagram that you prepared in exercise 3.2, draw an instance dia-
‘gram for two triangles with a common side under the following conditions:
|& A point belongs to exactly one polygon.
'b. A point belongs to one or more polygons.50 Chapter 3 / OBJECT MODELING
34 (3) Prepare a class diagram from the instance diagram in Figure E3.3. Explain your multiplicity
sram express the fact that points are in a sequence?
  
next
 
(Polygon)
next
(Point) last
 
 
 
 
 
“10
-10
 
 
 
 
Figure E3.3 Another instance diagram of a polygon that happens to be a square
35 (5) Prepare a written description for the object diagrams in exercise 3.2 and exercise 3.4.
3.6 (5) Prepare a class diagram from the instance diagram in Figure E3.4
 
 
 
 
 
 
 
 
 
 
Mate
(Person) (Person)
grandmother) | a grandfather
child
(Person) Sibling eal (Person)
an aunt your father your mother)
hits child child
(Person)) Cousin _((Person)
acousin you
Figure E3.4 Instance diagram for part of your family tree
3.7 (3) Prepare a class diagram from the instance diagram of a geometrical document shown in Fig-
ure E3.S. This particular document has 4 pages. The first page has a red point and a yellow
square displayed on it. The second page contains a line and an ellipse. An are, a circle, and a
rectangle appear on the last two pages. In preparing your diagram, use exactly one aggregation
relationship and one or more generalization relationships,
38 (6) a. Prepare an instance diagram for the class diagram in Figure 3.6 for the expression
(X+¥/2)/(X/3 + Y) . Parentheses are used in the expression for grouping, but are not need-
ed in the diagram. The many multiplicity indicates that a term may be used in more than one
expression
b. Modify the class diagram so that terms are not shared and to handle unary minus.EXERCISES 51
(Line) (Arc) (Circle)
dimensions = 0|| dimensions = 1 dimensions = 1 dimensions = 2
color = blue color = green color = orange
position = (12,9) position = (25,36) position = (10,78)
= 36 degrees || orientation = 45 degrees =5
length = 7 diameter = 13 height = 5
(Page) (Page) (Page)
page number =2] [page number = 3] | page number = 4
(Square) (Ellipse) (Rectangle)
dimensions = 2 dimensions = 2 dimensions = 2
color = yellow color aes color = blue
position = (54,88) position = (-300,49) position = (102,158)
Orientation = 22 degrees | | orientation = 0 degrees | | orientation = 30 degrees
width = 10 width = 100 width = 5
height = 10 height = 50 height = 10
 
Figure E3.$ Instance diagram for a geometrical document
 
 
 
 
 
 
 
 
 
 
 
 
 
 
first operand
Term
‘second operand
Expression | | Variable) | Constant
binary operator | |name | | value
 
Figure E3.6 Class diagram for simple arithmetic expressions
39 (3) Figure E3.7 is a partially completed object diagram of an air transportation system. Multi-
plicity balls have been left out. Add them to the diagram. Defend your decisions. Demonstrate
‘how multiplicity decisions depend on your perception of the world,
3.10 (4) Revise Figure £3.7 to make seat location a qualifier.
au
an
3.13 (4) Prepare an instance diagram for an imaginary round trip you took last weekend to London.
. Include at least one instance of each object class. Fortunately, direct fights on a hypersonic
(3) Add association names to the unlabeled associations in Figure E3,7,
(3) Add role names to the unlabeled associations in Figure E3.7.31d
AS
3.16
a7
Chapter 3 / OBJECT MODELING
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
City Airline |_| Pilot
name name | | name
Depart Plane
Airport Flight
“Anh model
name date serial #
flight # hours flown
|
Passenger Seat
name location
 
 
 
 
 
 
Figure E3.7 Partially completed model of an air transportation system.
plane were available. A friend of yours went with you but decided to stay a while and is still
there. Captain Johnson was your pilot on both flights. You had a different seat each way, but
you noticed it was on the same plane because of a distinctive dent in the tail section.
(1) Add the following operations to the object diagram in Figure E3.7: heat, hire, fire, refuel,
reserve, clean, de-ice, takeoff, land, repair, cancel, delay. It is permissible to add an operation
to more than one object class.
 
Prepare object diagrams showing at least 10 relationships among the following object classes.
Include associations, aggregations, and generalizations. Use qualified associations and show
‘multiplicity balls in your diagrams. You do not need to show attributes or operations. Use asso-
ciation names where needed. As you prepare the diagrams, you may add additional object
classes.
a. (4) school, playground, principal, schoo! board, classroom, book, student, teacher, cafeteria,
rest room, computer, desk, chair, ruler, door, swing
b. (4) castle, moat, drawbridge, tower, ghost, stairs, dungeon, floor, corridor, room, window,
stone, lord, lady, cook
. (7) expression, constant, variable, function, argument list, relational operator, term, factor,
arithmetic operator, statement, program
d. (6) file system, file, directory, file name, ASCII file, executable file, directory file, disk,
drive, track, sector
€. (4) automobile, engine, wheel, brake, brake light, door, battery. muffler, tail pipe
f. (6) gas furnace, blower, blower motor, room thermostat, furnace thermostat, humidifier, hu-
midity sensor, gas control, blower control, hot air vents
i. (5) chess piece, rank. file, square, board, move, position, sequence of moves
h. (5) sink, freezer, refrigerator, table, light, switch, window, smoke alarm, burglar alarm, cab-
inet, bread, cheese, ice, door, kitchen
 
(5) Add at least 15 attributes and at least 5 operations to each of the object diagrams you pre-
pared in the previous exercise.
(5) Figure E3.8 is a portion of an object diagram for a computer program for playing several
types of card games. Deck, hand, discand pile, and draw pile are collections of cards. The initialEXERCISES 53
3s
a9
size of a hand depends on the type of game, Each card has a suit and rank. Add the following
‘operations to the diagram: display, shuffle, deal, initialize, sor, insert, delete, top-of-pile, bot-
tom-of-pille, draw. and discard. Some operations may appear in more than one object class. For
cach class in which an operation appears, describe the arguments to the operation and what the
operation should do to an instance of that class.
 
 
 
 
 
 
 
 
 
 
Deck | | Hand | Discard pile| | Draw pile
initial size
 
 
 
 
 
 
 
 
 
 
Figure E38 Portion of an object diagram for a card playing system
(5) Figure E3.9 is a portion of an object diagram for a computer system for laying out a news-
paper. The system handles several pages which may contain, among other things, columns of
text. The user may edit the width and length of a column of text, move it around on a page, or
move it from one page to another. As shown, a column is displayed on exactly one page. It is
desired to modify the system so that portions of the same column may appear on more than one
page. If the user edits the text on one page, the changes should appear automatically on other
Pages. Modify the object diagram to handle this enhancement. You should change x location
and y location into link attributes.
 
 
 
 
 
 
 
 
 
Page Column | Line
width x location text
length y location
left margin width
right margin length
top margin
bottom margin
 
Figure E3.9 Portion of an object diagram for a newspaper publishing system
(4) Figure £3.10 is an object diagram that might be used in designing a system to simplify the
scheduling and scoring of judged athletic competitions such as gymnastics, diving, and figure
skating. There are several events and competitors. Each competitor may enter several events and
‘cach event has many competitors. Each event has several judges who subjectively rate the per-
formance of competitors in that event. A judge rates every competitor for an event. In some cas-
es, a judge may score more than one event. The focal points of the competition are trials. Each
{rial is an attempt by one competitor to tum in the best performance possible in one event. A trial
is scored by the panel of judges for that event and a net score determined. Add role names and
‘multiplicity balls to the associations,3.20
321
3.22
323
424
328
326
327
3.28
Chapter 3 / OBJECT MODELING
 
Competitor Trial Event
 
 
 
 
 
 
 
Score Judge
 
 
 
 
 
 
Figure E3.10 Portion of an object diagram for an athletic event scoring system
(3) Add the following attributes to Figure E3.10: address, age, date, difficulty factor, name. In
some cases, you may wish to use the same attribute in more than one class.
(2) Add an association to Figure E3.10 to make it possible to directly determine what events a
competitor intends to try without involving the class Trial,
(6) Prepare an object diagram for the dining philosopher's problem. There are 5 philosophers
and 5 forks around a circular table. Each philosopher has access to 2 forks on either side. Each
fork is shared by 2 philosophers. Each fork may be either on the table or in use by one philoso-
pher. A philosopher must have 2 forks to eat.
(5) Prepare an object model to describe undirected graphs. An undirected graph consists of a set
of vertices and a set of edges. Edges connect pairs of vertices. Your model should capture only
the structure of graphs (i.e., connectivity), and need not be concemed with geometrical details
such as location of vertices or lengths of edges. A typical graph is shown in Figure E3.11.
v5, el v4
Q
   
Figure E3.11 Sample undirected graph
(3) Prepare an instance diagram for Figure E3.11.
(4) Extend the object diagram you prepared in exercise 3.23 to accommodate geometrical de-
tails, including locations of vertices and names of vertices and edges.
(5) Prepare an object model to describe directed graphs. A directed graph is similar to an undi-
rected graph, except the edges are oriented. A typical graph is shown in Figure E3.12. Use di-
rection as a qualifier in your diagram so that it is possible to determine the vertex that is con-
nected to the head oto the tail of each edge.
(3) Prepare an instance diagram for Figure E3.12
(6) Several object classes shown in Figure E3.13 have attributes that are really pointers to other
object classes and which could be replaced with associations. A person may have up to three
‘companies as employers. Each person has an ID. A car is assigned an ID. Cars may be ownedEXERCISES 55
   
v2
Figure E3.12 Sample directed graph
by persons, companies, or banks. Car owner ID is the ID of the person, company, or bank who
‘owns the car. A car loan may be involved in the purchase of a car.
Burying object references as pointers is the incorrect way to construct an object model. Pre
pare an object diagram in which the pointers are replaced with relationships. Try to get multi-
plicities right. You may need to add one or more object classes of your own. Eliminate all IDs.
‘Some attributes may be converted to discriminators.
 
 
 
 
 
 
 
 
Car Car loan Company Bank
‘owner ID. vehicle ID name name
vehicle 1D | | customer company ID | | bank ID
‘owner type | | customer I
model account number
year
 
 
 
 
  
Figure E3.13 Object classes with some attributes that are pointers.
3.29 (3) A problem arises when several independent systems need to identify the same object. For
‘example, the department of motor vehicles, an insurance company. a bank, and the police may
‘wish to identify a given motor vehicle. Discuss the relative merits of using the following iden-
tification methods:
&. Identify by its owner
b. Identify by attributes such as manufacturer, model. and year
c, Use the vehicle identification number (VIN) assigned to the car by its manufacturer
d. Use IDs generated internally by each interested agency
3.80 (7) Prepare an object model that might be used to troubleshoot a 4-cycle lawn mower engine,
Use three sheets for the model, with one sheet for each of the following paragraphs:
Power is developed in such an engine by the combustion of a mixture of air and gasoline
against a piston. The piston is attached to a crankshaft via a connecting rod, and moves up and
down inside a cylinder as the shaft rotates. As the piston moves down, an intake valve opens,
allowing the piston to draw a mixture of fuel and air into the cylinder. At the bottom of the
stroke, the intake valve closes. The piston compresses and heats the mixture as it moves upward.
Rings in grooves around the piston rub against the cylinder wall providing a seal necessary for
compression and spreading lubricating oil. At the top of the stroke, an electrical spark from a3.32
Chapter 3 / OBJECT MODELING
spark plug detonates the mixture. The expanding gases develop power during the downward
stroke. At the bottom, an exhaust valve is opened. On the next upward stroke, the exhaust gases
are driven out.
Fuel is mixed with air in a carburetor. Dust and dirt in the air, which could cause excessive
mechanical wear, are removed by an air filter. The optimum ratio of fuel to air is set by adjusting
tapered mixture screw. A throttle plate controls the amount of mixture pulled into the cylinder.
‘The throttle plate, in tum, is controlled through springs by the operator throttle control and a
governor, a mechanical device which stabilizes the engine speed under varying mechanical
loads. Intake and exhaust valves are normally held closed by springs, and are opened at the right
time by a cam shaft which is gear driven by the crankshaft.
The electrical energy for the spark is provided and timed by a magnet, coil, condenser, and
normally closed switch called the points. The coil has a low voltage primary circuit connected
to the points and a high voltage secondary connected to the spark plug. The magnet is mounted
‘on a flywheel and as it rotates past the coil, it induces a current in the shorted primary circuit.
‘The points are driven open at the right instant by a cam on the crankshaft. With the aid of the
condenser, they interrupt the current in the primary circuit, inducing a high voltage pulse in the
secondary.
(5) The tower of Hanoi is a problem frequently used to teach recursive programming techniques.
‘The object is to move a stack of disks from one of three long pegs to another, using the third peg
for maneuvering. Each disk is a different size. Disks may be moved from the top of a stack on
‘4 peg to the top of the stack on any other peg, one at a time, provided a disk is never placed on
another disk that is smaller than itself. The details of the algorithm for listing the sequence of
required moves will depend on the structure of the object diagram used. Prepare object diagrams
for each of the following descriptions. Show object classes and associations. Do not show at-
tributes or operations:
a. A tower consists of several (3) pegs. Each peg has several disks on it, in a certain order.
b. A tower consists of several (3) pegs. Disks on the pegs are organized into subsets called
stacks. A stack is an ordered set of disks. Every disk is in exactly one stack. A peg may have
several stacks on it, in order.
¢. A tower consists of several (3) pegs. Disks on the pegs are organized into subsets called
stacks, as in (b), with several stacks on a peg. However, the structure of a stack is recursive.
‘A stack consists of one disk (the disk that is physically on the bottom of the stack) and zero
or one stack, depending on the height of the stack.
4d. Similar to (c), except only one stack is associated with a peg. Other stacks on the peg are
associated in a linked list
 
  
 
(7) The recursive algorithm for producing the sequence of moves described in the previous ex-
ercise focuses on a stack of disks. To move a stack of height N, where N> I, first move the stack
of height N-1 to the free peg using a recursive call. Then move the bottom disk to the desired
peg. Finally, move the stack on the free peg to the desired peg. The recursion terminates, be-
cause moving a stack of height 1 is trivial. Which one of the several object diagrams that you
prepared in the previous exercise is best suited for this algorithm? Discuss why. Also, add at-
tributes and operations to the diagram. What are the arguments for each operation? Describe
what each operation is supposed to do to each class for which it is defined.4
Advanced Object Modeling
 
Chapter 4 continues our discussion of object modeling concepts with treatment of advanced
topics such as aggregation, inheritance, metadata, and constraints. This chapter provides
subtleties for improved modeling that can be skipped upon a first reading of this book.
4.1 AGGREGATION
Aggregation is a strong form of association in which an aggregate object is made of compo-
nents. Components are part of the aggregate. The aggregate is semantically an extended ob-
ject that is treated as a unit in many operations, although physically it is made of several
lesser objects. A single aggregate object may have several parts; each part-whole relation-
ship is treated as a separate aggregation in order to emphasize the similarity to association,
Parts may or may not exist apart from the aggregate or appear in multiple aggregates. Ag-
gregation is inherently transitive; an aggregate has parts, which may in turn have parts. Many
aggregate operations imply transitive closure” and operate on both direct and indirect parts.
Recursive aggregation is common.
 
* Tramsitive closure isa term from graph theory. If E denotes an edge and N denotes a node and S is the
‘<1 of all pairs of nodes connected by an edge, then S* (the transitive closure of 5) i the set ofall pairs of nodes
directly oF indirectly connected by a sequence of edges. Thus 5* includes all nodes which are directly connect
ed, nodes connected by two edges. nodes connected by three edges, and so forth58 Chapter 4 / ADVANCED OBJECT MODELING
4.1.1 Aggregation Versus Association
Aggregation is a special form of association, not an independent concept. Aggregation adds
semantic connotations in certain cases. If two objects are tightly bound by a part-whole re-
lationship, itis an aggregation. If the two objects are usually considered as independent, even
though they may often be linked, it is an association. Some tests include:
+ Would you use the phrase part of?
‘+ Are some operations on the whole automatically applied to its parts?
+ Are some attribute values propagated from the whole to all or some parts?
+ Is there an intrinsic asymmetry to the association, where one object class is subordinate
to the other?
Aggregations include part explosions and expansions of an object into constituent parts. In
Figure 4.1 a company is an aggregation of its divisions, which are in turn aggregations of
their departments; a company is indirectly an aggregation of departments. A company is not
an aggregation of its employees, since company and person are independent objects of equal
stature.
Company bd Division b—_—_4 Department
Works for
 
 
 
 
 
Person
 
 
 
Figure 4.1 Aggregation and association.
The decision to use aggregation is a matter of judgment and is often arbitrary. Often it
is not obvious if an association should be modeled as an aggregation. To a large extent this
kind of uncertainty is typical of modeling; modeling requires seasoned judgment and there
are few hard and fast rules. Our experience has been that if you exercise careful judgment
and are consistent, the imprecise distinction between aggregation and ordinary association
does not cause problems in practice.
4.1.2 Aggregation Versus Generalization
Aggregation is not the same thing as generalization, Aggregation relates instances. Two dis-
tinct objects are involved; one of them is a part of the other. Generalization relates classes
and is a way of structuring the description of a single object. Both superclass and subclass
refer to properties of a single object. With generalization, an object is simultaneously an in-
stance of the superclass and an instance of the subclass. Confusion arises because both ag-
gregation and generalization give rise to trees through transitive closure. An aggregation tree
is composed of object instances that are all part of a composite object; a generalization tree4.1 AGGREGATION 59
is composed of classes that describe an object. Aggregation is often called “a-part-of” rela-
tionship; generalization is often called “a-kind-of” or “is-a” relationship.
Figure 4.2 illustrates aggregation and generalization for the case of a desk lamp. Parts
explosions are the most compelling examples of aggregation. Base, cover, switch, and wir-
ing are all part of a lamp. Lamps may be classified into several different subclasses: fluores-
cent and incandescent, for example. Each subclass may have its own distinct parts. For
‘example, a fluorescent lamp has a ballast, twist mount, and starter; an incandescent lamp has
a socket.
 
 
 
 
 
 
 
 
 
 
 
 
 
big pag tncancep | | Base|| Cover|| Switch || Wiring
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
:
(ees)
Figure 4.2 Aggregation and generalization
 
 
 
 
 
Aggregation is sometimes called an “and-relationship” and generalization an “or-rela-
tionship.” A lamp is made of a base and a cover and a switch and wiring and so on. A lamp
is a fluorescent lamp or an incandescent lamp.
4.1.3 Recursive Aggregates
Aggregation can be fixed, variable, or recursive. A fixed aggregate has a fixed structure; the
number and types of subparts are predefined. The lamp in Figure 4.2 has a fixed aggregate
structure.
A variable aggregate has a finite number of levels, but the number of parts may vary.
The company in Figure 4.1 is a variable aggregate with a two-level tree structure. There are
‘many divisions per company and many departments per division.
A recursive aggregate contains, directly or indirectly, an instance of the same kind of
aggregate; the number of potential levels is unlimited. Figure 4.3 shows the example of a
computer program. A computer program is an aggregation of blocks, with optionally recur-
sive compound statements; the recursion terminates with simple statements. Blocks can be
nested to arbitrary depth.
Figure 4.3 illustrates the usual form of a recursive aggregate: a superclass and two sub-
classes, one of which is an intermediate node of the aggregate and one of which is a terminal
node of the aggregate. The intermediate node is an assembly of instances of the abstract su-
perclass.60 Chapter 4 / ADVANCED OBJECT MODELING
 
Program
 
 
 
 
 
 
 
 
 
 
Figure 4.3 Recursive aggregate
4.1.4 Propagation of Operations
Propagation (also called triggering) is the automatic application of an operation to a net-
work of objects when the operation is applied to some starting object [Rumbaugh-88].” For
example, moving an aggregate moves its parts; the move operation propagates to the parts.
Propagation of operations to parts is often a good indicator of aggregation.
Figure 4.4 shows an example of propagation. A person owns multiple documents. Each
document is composed of paragraphs that are, in turn, composed of characters. The copy op-
eration propagates from documents to paragraphs to characters. Copying a paragraph copies
all the characters in it. The operation does not propagate in the reverse direction; a paragraph
can be copied without copying the whole document. Similarly, copying a document copies
the owner link but does not spawn a copy of the person who is owner.
 
 
Person Document | PY { Paragraph | °°P% | Character
ail ] ae
copy ‘copy ‘copy }
 
 
 
 
 
 
 
 
 
Figure 4.4 Propagation of operations
Most other approaches present an all-or-nothing option: copy an entire network with
deep copy, or copy the starting object and none of the related objects with shallow copy. The
concept of propagation of operations provides a concise and powerful way for specifying an
entire continuum of behavior. An operation can be thought of as starting at some initial ob-
ject and flowing from object to object through links according to propagation rules. Propa-
gation is possible for other operations including save/restore, destroy, print, lock, and
display.
Propagation is indicated on object models with a special notation. The propagation be-
havior is bound to an association (or aggregation), direction, and operation. Propagation is
* The term association as used in this book is synonymous with the term relation used in {Rumbaugh-B8).4.2 ABSTRACT CLASSES 61
indicated with a small arrow and operation name next to the affected association. The arrow
indicates the direction of propagation.
4.2 ABSTRACT CLASSES
An abstract class is a class that has no direct instances but whose descendent classes have
direct instances. A concrete class is a class that is instantiable; that is, it can have direct in-
stances. A concrete class may have abstract subclasses (but they in tum must have concrete
descendants). A concrete class may be a leaf class in the inheritance tree; only concrete class-
es may be leaf classes in the inheritance tree. Figure 4.5 summarizes the definition of abstract
and concrete class. (The dotted line is the object modeling notation for instantiation and is
discussed in Section 4.5.1.)
subclass subclass
 
enna Has subclasses
Concrete Abstract
Ce Pacer S| [ARE boa
re ieee
aera Non-leat
Lr conte tee Lest class.
Figure 4.5 Object model defining abstract and concrete class
 
 
 
 
 
 
 
 
 
 
 
 
 
 
All the occupations shown in Figure 4.6 are concrete classes. Butcher, Baker, and Can-
dlestick Maker are concrete classes because they have direct instances. The ellipsis notation
(...) indicates that additional subclasses exist but have been omitted from the diagram, per-
haps for lack of space or lack of relevance to the present concem. Worker also is a concrete
lass because some occupations may not be further specified
 
 
 
 
 
Worker
Butcher | { Baker Candlestick]. . «
 
 
 
 
 
 
 
Figure 4.6 Concrete classes62 Chapter 4 / ADVANCED OBJECT MODELING
Class Employee in Figure 4.7 is an example of an abstract class. All employees must be
either hourly, salaried, or exempt.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Employee
year-to-date earnings
compute pay {abstract}
Hourly Salaried Exempt
Employee Employee Employee
hourly rate weekly rate monthly rate
overtime rate
et ‘compute pay ‘compute pay
 
 
 
 
 
 
 
 
Figure 4.7 Abstract class and abstract operation
Abstract classes organize features common to several classes. It is often useful to create
an abstract superclass to encapsulate classes that participate in the same association or ag-
gregation. Some abstract classes appear naturally in the application domain. Other abstract
classes are artificially introduced as a mechanism for promoting code reuse.
Abstract classes are frequently used to define methods to be inherited by subclasses. On.
the other hand, an abstract class can define the protocol for an operation without supplying
a corresponding method. We call this an abstract operation. (Recall that in Chapter 3 we de-
fined an operation as the protocol for an action that may be applied to objects in a class. A
method is the actual implementation of an operation.) An abstract operation defines the form
of an operation for which each concrete subclass must provide its own implementation. A
concrete class may not contain abstract operations because objects of the concrete class
‘would have undefined operations.
Figure 4.7 shows an abstract operation. An abstract operation is designated by a com-
ment in braces. Compute-pay is an abstract operation of class Employee; its form but not its
implementation is defined. Each subclass must supply a method for this operation.
The origin class of a feature is the topmost defining class. The origin class defines the
protocol of the feature, that is the type of an attribute or the number and type of arguments
and result type for operations, as well as the semantic intent. Descendent classes can refine
the protocol by further restricting the types or by overriding the initialization or method
code. Descendent classes may not expand or change the protocol.
Note that the abstract nature of a class is always provisional, depending on the point of
view. A concrete class can usually be refined into several subclasses, making it abstract.
Conversely, an abstract class may become concrete in an application in which the difference
among its subclasses is unimportant.4.3 GENERALIZATION AS EXTENSION AND RESTRICTION 63
4.3 GENERALIZATION AS EXTENSION AND RESTRICTION
‘An instance of a class is an instance of all ancestors of the class. This is part of the definition
of generalization. Therefore all ancestor class features must apply to the subclass instances.
A descendent class cannot omit or suppress an ancestor attribute because then it would not
truly be an ancestor instance. Similarly operations on an ancestor class must apply to all de-
scendent classes. A subclass may reimplement an operation for reasons of efficiency but can-
not change the external protocol.
A subclass may add new features. This is called extension. For example, Figure 4.7 ex-
tends class Employee with three subclasses that inherit all Employee features and add new
features of their own.
A subclass may also constrain ancestor attributes. This is called restriction because it
restricts the values that instances can assume. For example, a circle is an ellipse whose major
and minor axes are equal. Arbitrary changes to the attribute values of a restricted subclass
‘may cause it to violate the constraints, such that the result no longer belongs to the original
subclass. This is not a problem from the perspective of the superclass because the result is
still a valid superclass instance. For example, a circle that is scaled unequally in the x and y
dimensions remains an ellipse but is no longer a circle. Class Ellipse is closed under the scal-
ing operation, but Circle is not.
Inherited features can be renamed in a restriction. The inherited major and minor axes
of a circle must be equal and could be renamed the diameter.
Class membership can be defined in two ways: implicitly by rule or explicitly by enu-
meration. A rule defines a condition for membership in a class; all objects whose values sat-
isfy the rule belong to the class. This is the usual mathematical usage. Polygons, triangles,
ellipses, circles, and other mathematical objects are defined by rule, This works well for im-
mutable values but not so well for objects that can undergo changes yet remain the same ob-
ject. Most object-oriented languages consider an object to be a discrete unit with explicit
Properties, one of which is the class of the object. An object has explicit class membership
and the attributes it bears flows from its class. In contrast, for rule-based definition, class
membership flows from attribute values.
In an explicit definition of class membership, operations that would invalidate class
membership constraints must be disallowed on semantic grounds, Restriction implies that
subclass may not inherit all the operations of its ancestors. In an ideal world, such operations
would be automatically detected by a support system, but for now they must be specified by
the designer. Thus the Circle class must suppress the unequal scale operation. On the other
hand, an object declared to be an ellipse is not restricted to remain a circle even if its major
and minor axes happen to be temporarily equal.
Failing to note the difference between restriction and extension has caused confusion in
the past. Some authors have been bothered by the fact that subclasses must suppress some
operations. Chapter 10 of (Meyer-88] notes that subclasses can be viewed as both specializ~
ing and extending superclass features. These meanings are complementary. Some operations
are meaningful only to a subset of instances; narrowing the set of instances broadens the
number of applicable operations. Meyer also notes that the intemal implementation of an op-
eration can be overridden, provided the external protocol remains the same.64 ‘Chapter 4 / ADVANCED OBJECT MODELING
4.3.1 Overriding Operations
‘There is tension between use of inheritance for abstract data types and for sharing implemen-
tation. Most of this tension relates to overriding methods. The trouble arises when the over-
riding method substantially differs from the overridden method, rather than just refining it.
Overriding is done for the following reasons:
Overriding for extension. The new operation is the same as the inherited operation, ex-
cept it adds some behavior, usually affecting new attributes of the subclass. This concept is
supported by Eiffel (redefine) and Smalltalk (SUPER). For example, Window may have a
draw operation that draws the window boundary and contents. Window’ could have a sub-
class called LabeledWindow that also has a draw operation. The draw-LabeledWindow
method could be implemented by invoking the method to draw a Window and then adding
code to draw the label.
Overriding for restriction. The new operation restricts the protocol, such as tightening
the types of arguments. This may be necessary to keep the inherited operation closed within
the subclass. For example, the superclass Set may have the operation add(object). The sub-
class IntegerSet would then have the more restrictive operation add(integer).
Overriding for optimization. An implementation can take advantage of the constraints
imposed by a restriction to improve the code for an operation, and this is a valid use of over-
riding. The new method must have the same external protocol and results as the old one, but
its internal representation and algorithm may differ completely.
For example, superclass /ntegerSet could have an operation to find the maximum inte-
.er. The method for finding the maximum of an Ince gerSet may be implemented as a sequen-
tial search. The subclass SortedIntegerSet could provide a more efficient implementation of
the maximum operation, since the contents of the set are already sorted.
Overriding for convenience. A common practice in developing new classes is to look
for a class similar to what is desired. The new class is made a subclass of the existing class
and overrides the methods that are inconvenient. This ad hoc use of inheritance is semanti-
cally wrong and leads to maintenance problems because there is no inherent relationship be-
‘tween the parent and child classes. A better approach is to generalize the common aspects of
the original and new classes into a third class, from which the first two classes both inherit.
We propose the following semantic rules for inheritance. Adherence to these rules will
make your software easier to understand, easier to extend, and less prone to errors of oversight.
 
 
+ All query operations (operations that read, but do not change, attribute values) are in-
herited by all subclasses.
+ All update operations (operations that change attribute values) are inherited across all
extensions,
  
+ Update operations that change constrained attributes or associations are blocked across
a restriction, For example, the scale-x operation is permitted for class Ellipse, but must
be blocked for subclass Circle.
+ Operations may not be overridden to make them behave differently (in their extemnally-
visible manifestations) from inherited operations. All methods that implement an oper-
ation must have the same protocol.4.4 MULTIPLE INHERITANCE 65
‘+ Inherited operations can be refined by adding additional behavior.
The implementation and use of many existing object-oriented languages violates these prin-
ciples.
4.4 MULTIPLE INHERITANCE
Multiple inheritance permits a class to have more than one superclass and to inherit features
from all parents. This permits mixing of information from two or more sources. This is a
‘more complicated form of generalization than single inheritance, which restricts the class hi-
erarchy to a tree. The advantage of multiple inheritance is greater power in specifying classes
and an increased opportunity for reuse. It brings object modeling closer to the way people
think. The disadvantage is a loss of conceptual and implementation simplicity. In principle,
all kinds of different mixing rules can be defined to resolve conflicts among features defined
on different paths.
 
4.4.1 Definition
A class may inherit features from more than one superclass. A class with more than one su-
perclass is called a join class. A feature from the same ancestor class found along more than
‘one path is inherited only once; itis the same feature. Conflicts among parallel definitions
create ambiguities that must be resolved in implementations. In practice, such conflicts
should be avoided or explicitly resolved to avoid ambiguities or misunderstandings, even if
a particular language provides a priority rule for resolving conflicts.
In Figure 4.8, AmphibiousVehicle is both LandVehicle and WaterVehicle. In Figure 4.9,
VestedHourlyEmployee is both VestedEmployee and HourlyEmployee. AmphibiousVehicle
and VestedHourlyEmployee are join classes.
  
 
 
Vehicle
eee
LandVehicle WaterVehicle
A A
Car AmphibiousVehicle | | Boat
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Figure 4.8 Multiple inheritance from overlapping classes
Each generalization should cover a single property, for example where a vehicle travels
If a class can be refined on several distinct and independent dimensions, then use multiple
generalizations. Recall that the content of an object model is driven by its relevance to an66 Chapter 4 / ADVANCED OBJECT MODELING
Employee
pay status A ‘\\ pension status
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Hourly Salaried | { Exempt Vested Unvested
Employee | | Employee | | Employee Employee | | Employee
Hourly
jour
Employee
 
 
 
Figure 4.9 Multiple inheritance from disjoint classes
application solution, so do not list all possible generalizations, just show the important ones.
In Figure 4.9, class Employee independently specializes on pay status and pension status.
This is shown with two separate generalizations,
The generalization subclasses may or may not be disjoint. For example, LandVehicle
and WaterVehicle overlap because some vehicles travel on both land and water. HourlyEm-
ployee, SalariedEmployee, and ExemptEmployee are disjoint; each employee must belong to
exactly one of these. A hollow triangle indicates disjoint subclasses; a solid triangle indicates
overlapping subclasses. A class can multiply inherit from distinct generalizations or from
different classes within an overlapping generalization but never from two classes in the same
disjoint generalization,
The term multiple inheritance is used somewhat imprecisely to mean either the concep-
tual relationship between classes or the language mechanism that implements that relation
ship by sharing of behavior and data. Whenever possible, we try to distinguish between
generalization (the conceptual relationship) and inheritance (the language mechanism), but
in the case of multiple inheritance the term is so widely used already that use of the term
“multiple generalization” would be confusing.
 
 
4.4.2 Accidental Multiple Inheritance
An instance of a join class is inherently an instance of all the ancestors of the join class. For
example, an instructor is inherently both faculty and student. But what about a Harvard Pro-
fessor taking classes at MIT? There is no class to describe the combination (it would be ar-
tificial to make one). This is an example of “accidental” multiple inheritance, in which one
instance happens to participate in two overlapping classes. This case is poorly handled by
most object-oriented languages. As shown in Figure 4.10, the best approach using conven-
tional languages is to treat Person as an object composed of multiple UniversityMember ob-
jects. This workaround replaces inheritance with delegation (discussed in the next section).
This is not totally satisfactory because there is a loss of identity between the separate roles,
but the alternatives involve radical changes to the OO framework [McAllester-86).4.4 MULTIPLE INHERITANCE 67
Barack University
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Figure 4.10 Workaround for accidental multiple inheritance
4.4.3 Workarounds
Dealing with lack of multiple inheritance is really an implementation issue, but early restruc-
turing of a model is often the easiest way to work around its absence. Some restructuring
techniques are described below. Two of the following approaches make use of delegation,
which is an implementation mechanism by which an object forwards an operation to another
object for execution. See Section 10.6.3 for further discussion of delegation.
Delegation using aggregation of roles. A superclass with multiple independent general-
izations can be recast as an aggregate in which each component replaces a generalization.
This approach is similar to that for accidental multiple inheritance in the previous section.
This approach replaces a single object having a unique ID by a group of related objects that
compose an extended object. Inheritance of operations across the aggregation is not automat-
ic. They must be caught by the join class and delegated to the appropriate component.
For example, in Figure 4.11 EmployeePayroll becomes a superclass of HourlyEmploy-
ee, SalariedEmployee, and ExemptEmployee. EmployeePension becomes superclass of
VestedEmployee and UnvestedEmployee. Then Employee can be modeled as an aggregation
of EmployeePayroll and EmployeePension. An operation such as compute-pay sent to an
Employee object would have to be redirected to the EmployeePayroll component by the Em-
ployee class.
In this approach, the various join classes need not actually be created as explicit classes.
All combinations of subclasses from the different generalizations are possible.
Inherit the most important class and delegate the rest. Figure 4.12 makes a join class a
subclass of its most important superclass. The join class is treated as an aggregation of the
remaining superclasses and their operations are delegated as in the previous alternative. This
approach preserves identity and inheritance across one generalization.
Nested generalization. Factor on one generalization first, then the other. This approach
multiplies out all possible combinations. For example, in Figure 4.13 under each of Hourly-
Employee, SalariedEmployee, and ExemptEmployee, add two subclasses for vested and un-
vested employees. This preserves inheritance but duplicates declarations and code and
violates the spirit of object-oriented programming.68 Chapter 4 / ADVANCED OBJECT MODELING
Fa a
jaya) A pension status
| Hourly Salaried || Exempt Vested Unvested
Employee || Employee || Employee Employee Employee
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Aspe hewn Amor
 
Hourly Salaried Exempt Exempt
Vested Unvested | Vested Unvested Vested Unvested
Employee Employee Employee Employee | Employee
 
 
 
 
 
 
 
 
 
 
 
Figure 4.13 Multiple inheritance using nested generalization
Any of these workarounds can be made to work. but all compromise logical structure
and maintainability. Some issues to consider when selecting the best workaround are:
‘+ Ifa subclass has several superclasses, all of equal importance, it may be best to use del-
gation (Figure 4.11) and preserve symmetry in the model.|
 
4.5 METADATA 69
+ fone superclass clearly dominates and the others are less important, implementing mul-
tiple inheritance via single inheritance and delegation may be best (Figure 4.12).
+ Ifthe number of combinations is small, consider nested generalization (Figure 4.13). If
the number of combinations is large, avoid it.
+ Ifone superclass has significantly more features than the other superclasses or one su-
perclass clearly is the performance bottleneck, preserve inheritance through this path
(Figure 4.12 or Figure 4.13).
+ If you choose to use nested generalization (Figure 4.13), factor on the most important
criterion first, the next most important second, and so forth.
‘Try to avoid nested generalization (Figure 4.13) if large quantities of code must be du-
plicated.
‘+ Consider the importance of maintaining strict identity. Only nested generalization (Fig-
ure 4.13) preserves this.
4.5 METADATA
Metadata is data that describes other data. For example, the definition of a class is metadata.
Models are inherently metadata, since they describe the things being modeled (rather than
being the things). Many real-world applications have metadata, such as parts catalogs, blue-
prints, and dictionaries. Computer language implementations also use metadata heavily. Fig-
ure 4.5 is another example of metadata. In Section 4.2 while explaining the modeling
‘concept of concrete and abstract classes we found it useful to use an object model to explain
object modeling constructs. The case study in Chapter 18 presents an actual application that
required a model of metadata (a metamodel),
Relational database management systems (see Chapter 17) also use metadata. A person
can define database tables for storing information. Similarly, a relational DBMS has several
metatables that store table definitions. Thus a data table may store the fact that the capital of
Japan is Tokyo, the capital of Thailand is Bangkok, and the capital of India is New Delhi. A
metatable would store the fact that a country has a capital city.
Metadata is frequently confusing because it blurs the normal separation between the
model and the real world. With ordinary applications, the same terms can be used to refer to
both the model and the real world; the context of usage distinguishes which is meant. With
metadata, the context is not sufficient to distinguish the description from the thing being de-
scribed, so a more precise distinction must be made.
4.5.1 Patterns and Metadata
A class describes a set of object instances of a given form. /nstantianion relates a class to its
instances. In a broader sense, any pattem describes examples of the patter; the relationship
between pattern and example can be regarded as an extension of instantiation.70 Chapter 4 / ADVANCED OBJECT MODELING
Figure 4.14 shows an example of instantiation. Joe Smith and Mary Wilson are instances
of class Person. The dotted arrows connect the instances to the class. Explicitly showing the
instantiation relationship is useful when both instances and classes must be manipulated as
objects, for example in interpreters, modeling tools, and language support mechanisms. In-
stantiation is also useful for documenting examples and test cases. For most problems, how-
ever, classes and their instances need not be shown together.
 
(Person)
Joe Smith
Person 9
name
ae (Person)
 
 
 
Mary Wilson
27
 
Figure 4.14. Notation for instantiation
Real-world things may be metadata. There are real-world things that describe other real-
world things. A part description in a catalog describes manufactured parts. A blueprint de-
scribes a house. An engineering drawing describes a system.
For example, consider models of cars made by different manufacturers, such as a 1969
Ford Mustang or a 1975 Volkswagen Rabbit. Each CarModel in Figure 4.15 describes a par-
ticular kind of car; each CarModel has its own attributes and associations. Each CarModel
object also describes a set of physical cars owned by persons. For example, John Doe may
‘own a blue Ford with serial number /FABP and a red Volkswagen with serial number 7E8/F.
Each car receives the common attributes from CarModel but also has its own list of partic-
ular attributes, such as serial number, color, and list of options. It would be possible to create
a class to describe each kind of car, but the list of models keeps growing. It is better to con-
sider the CarModel object as a pattern, a piece of metadata, that describes Car objects.
 
 
 
 
 
 
 
 
 
CarModel je a Car
model name serial #
year color
se price options
joa eae
Company Person
 
 
 
 
 
 
Figure 4.15 Patterns and individuals4.6 CANDIDATE KEYS m1
4.5.2 Class Descriptors
Classes can also be considered as objects, but they are meta-objects and not real-world ob-
jects. Class descriptor objects have features, and they in turn have their own classes, which
are called metaclasses. Treating everything as an object provides a more uniform implemen-
tation and greater functionality for solving complex problems.
A class attribute describes a value common to an entire class of objects, rather than data
peculiar to each instance. Class attributes are useful for storing default information for cre-
ating new objects or summary information about instances of the class.
‘A class operation is an operation on the class itself. The most common kind of class op-
erations are operations to create new class instances. Operations to create instances must be
class operations because the instance being operated on does not initially exist. A query that
provides summary information for instances in a class is also a class operation. Operations
‘on class structure, such as scanning the list of attributes or methods, are class operations.
Figure 4.16 shows a class Window with class features indicated by leading dollar signs.
Window has class attributes for the set of all windows, the set of visible windows, default
window size, and maximum window size. Window contains class operations to create a new
window object and to find the existing window with the highest priority.
 
‘Window
ie
vebilty Bodean
Satlerwncions Seaton
wi
$detautt-size
Smaximum-size: Rectangle
 
 
 
Snow Window
Sget-highest-priority- Window
 
 
 
Figure 4.16 Class with class features
4.6 CANDIDATE KEYS
The ball notation discussed in Chapter 3 works fine when discussing multiplicity for binary
associations and is the preferred notation for binary associations. However, multiplicity balls
are ambiguous for n-ary (n>2) associations. The best approach for n-ary associations is to
specify candidate keys.
A candidate key is a minimal set of attributes that uniquely identifies an object or link.
By minimal, we mean that you cannot discard an attribute from the candidate key and still
distinguish all objects and links. A class or association may have one or more candidate keys,
cach of which may have different combinations and numbers of attributes. The object ID is72 Chapter 4 / ADVANCED OBJECT MODELING
always a candidate key for a class. One or more combinations of related objects are candi-
date keys for associations.
Candidate key is a term commonly used within the database community. However can-
didate key is really not a database concept; candidate key is a logical concept. Each candi-
date key constrains the instances in a class or the multiplicity of an association. Most
programming languages lack the notion of a candidate key. A candidate key is delimited in
‘an object model with braces. (This is the object modeling notation for constraints, which are
discussed in the next section.)
Figure 4.17 compares multiplicity and candidate keys for binary associations. Multiplic~
ity and candidate keys have nearly the same expressive power for binary associations. (Mul-
tiplicity also includes the notion of existence dependency—whether an object must
participate in an association.) A many-to-many association requires both related objects to
‘uniquely identify each link. A one-to-many association has a single candidate key: the object
on the many end. A one-to-one association has two candidate keys: either of the objects. If
we specify the country, or specify the capital city, there is no ambiguity. Note that a candidate
key may be specified even when one or both classes are optional. For example, a city may
not be a capital at all, but a city is capital of at most one country.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Many-to-many One-to-many Optional-to-one
association association ‘association
Person Person Country
‘Owns-stock Jere =
Company Company City
{Candidate key: {Candidate key: {Candidate keys:
(person, company)} (person) oa
(city)
Figure 4.17 Comparison of multiplicity with candidate keys for binary associations
Figure 4.18 shows a ternary association that has one candidate key consisting of all three
objects. Persons who are programmers use computer languages on projects. Several links are
presented at the bottom of the figure. No combination of just one or two objects will uniquely
identify each link.
Figure 4.19 contains another ternary association. A student has one advisor at a univer-
sity. A student may attend more than one university. A professor may be an advisor at more
than one university, Here the instances suggest that (student, university) is the only candidate
key. This candidate key involves only two of the three related objects.
We deduce the candidate key by considering all the possibilities. Student is not a can-
didate key; two links have the value Mary. Professor and University are not candidate keys.
Student+Professor, Professor+University are not candidate keys; Susan+Weaver,4.7 CONSTRAINTS
 
 
 
 
 
 
Person
 
 
Language
 
{Candidate key: (project, person, language)}
Project
CAD program
contol sofware
C++ compiler
CAD program
CAD program
CAD program
 
Language
c
Ada
c
assembler
iC
assembler
Figure 4.18 Temary association
 
‘Student
 
 
 
 
 
 
University
 
 
 
 
Professor
 
 
(Cancidate key: (student, university)
meee
Professor
Prot Weaver
Prot Rumrow
Prot Weaver
Prot Weaver
Prof Shapiro
University
SUNY
RPI
API
‘SUNY
Oxtord
Figure 4.19 Ternary association
Weaver+SUNY appear twice. Student+University may be a candidate key, since no links
share the same values. Based on the problem statement, we decide that Student+University
really is a candidate key and would distinguish other links beyond the five in Figure 4.19.
Student+Professor+University is not a candidate key, because it is not a minimal set of at-
tributes.
4.7 CONSTRAINTS
4.7.1 Definition
Constraints are functional relationships between entities of an object model. The term entity
includes objects, classes, attributes, links, and associations. A constraint restricts the values
that entities can assume. Examples include: No employee's salary can exceed the salary of74 Chapter 4 / ADVANCED OBJECT MODELING
the employee's boss (a constraint between two things at the same time). No window will
have an aspect ratio (Iength/width) of less than 0.8 or greater than 1.5 (a constraint between
properties of a single object). The priority of a job may not increase (constraint on the same
object over time). Figure 4.20 lists these examples. Simple constraints may be placed in ob-
ject models. Complex constraints should be specified in the functional model (see
Chapter 6).
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Window
Employee [205° Job
length
salary Pe width priority
{salary < boss.salary} {0.8 < length/width < 1.5) {priority never increases}
Figure 4.20 Constraints on objects
We favor expressing constraints in a declarative manner. Ordinarily, constraints must be
converted to procedural form before they can be stated in a programming language. Ideally
conversion should be automatic, but this may be difficult or impossible to achieve. Object
models capture some constraints through their very structure. For example, single inherit-
ance implies that subclasses are mutually exclusive.
Constraints provide one criterion for measuring the quality of an object model; a “good”
object model captures many constraints through its structure. It often requires several itera~
tions to get the structure of a model right from the perspective of constraints. In principle,
we could embellish object modeling notation with all kinds of special constructs to capture
more and more structural constraints. This is probably not a good idea. The object modeling
notation advanced by this book represents a compromise between expressive power and sim-
plicity. There will always be constraints that must be expressed in natural language.
Object modeling syntax for constraints is as follows: Constraints are delimited by braces
and positioned near the constrained entity. A dotted line connects multiple constrained enti-
ties. An arrow may be used to connect a constrained entity to the entity it depends on. Instan-
tiation is a kind of constraint and therefore uses the same notation.
4.7.2 Constraints on Links
Multiplicity constrains an association, It restricts the number of objects related to a given ob-
ject. Object modeling notation has a special syntax for showing common multiplicity values
({0,1], exactly 1, and 0+). Other values of multiplicity can be shown by a numerical interval
near an association role. For example, Figure 4.5 specifies “1+” for two association roles.
The notation “| ordered)” indicates that the elements of the “many” end of an associa-
tion have an explicit order that must be preserved. Figure 4.21 shows an object mode! for the
officers of a country. Each office (such as president, chief justice, king) for each country has
a set of persons who have held the office, ordered chronologically.4.7 CONSTRAINTS 75
omy) [once p — 8 pen
Figure 4.21 Constraints on association links
 
 
 
 
 
 
 
 
4.7.3 General Constraints
General constraints must be expressed with natural language or equations. You should draw
a dotted line between classes involved in the constraint and specify the details with com-
‘ments in braces. Sometimes it may be impractical to draw lines to all the classes, so make
the best of it. Sometimes it is better to have an unattached constraint than to draw lines all
‘over the place.
For example, one association may be a subset of another. In Figure 4,22 the chair of a
committee must be a member of the committee; the Chair-of association is a subset of the
Member-of association.
Member-of
Person (subset) | Committee
Chair-of
 
 
 
 
Figure 4.22 Subset constraint between associations
4.7.4 Derived Objects, Links, and Attributes
A derived object is defined as a function of one or more objects, which in tum may be de-
rived. The derived object is completely determined by the other objects. Ultimately, the der-
ivation tree terminates with base objects. Thus a derived object is redundant but may be
included in an object model to ease comprehension; it often represents a meaningful real-
world concept. Similarly, there are also derived links and derived attributes.
‘The notation for a derived entity is a slash or diagonal line (on the comer of a class box,
‘on an association line, or in front of an attribute). You should show the constraint that deter-
mines the derived value. Like most of the object modeling notation, the derived value nota-
tion is optional
‘As shown in Figure 4.23, age provides a good example of a derived attribute. Age can
be derived from birth date and the current date.
In Figure 4.24, a machine consists of several assemblies that in turn consist of parts. An.
assembly has a geometrical offset with respect to machine coordinates; each part has an off-
set with respect to assembly coordinates. We can define a coordinate system for each part
that is derived from machine coordinates, assembly offset, and part offset. This coordinate
system can be represented as a derived object class called Offset related to each part by a de-
rived association called NetOffset.76 Chapter 4 / ADVANCED OBJECT MODELING
 
 
 
 
 
 
Person Current
date
birthdate
lage
 
 
(age = currentdate — birthdate}
Figure 4.23 Derived attribute
Machine bot Assentty Jo Part
offset offset ‘Nettie
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
{offset = assembly-machine ottset =
part-assembly offset)
Figure 4.24 Derived object and association
Real world concepts are highly redundant, therefore we expect to see many derived en-
tities in models; itis desirable to use concepts that appear in the application domain. Never-
theless it is important to distinguish independent and dependent entities in a model so that
the true complexity can be seen. Derived entities are constrained by their base entities and
the derivation rule.
 
4.7.5 Homomorphisms
A homomorphism maps between two associations as illustrated by Figure 4.25, For example,
in a parts catalog for an automobile, a catalog item may contain other catalog items. Each
catalog item is specified by a mode! number that corresponds to thousands or millions of in-
dividual manufactured items, each with its own serial number. The individual items are also
composed of subitems. Each physical item’s parts explosion tree has the same form as the
catalog item’s parts explosion tree. The contains aggregation on catalog items is a homomor-
phism of the contains aggregation on physical items. This form of homomorphism between
two trees is common,
In general, a homomorphism involves four relationships among four classes as shown
in Figure 4.26. The homomorphism maps links of one general association (1) into links of
another general association (1) as a many-to-one mapping. Two instantiation relationships
map elements of one class into another: r is a many-to-one mapping from class B to class A
and s is a many-to-one mapping from class D to class C. In the common case where ¢ is on
a single class and w is on a single class, then A=C, B=D, and r=s, as in Figure 4.25,4.8 CHAPTER SUMMARY 7
Contains _— Contains
 
Catalogitem tem
Model number _j* ‘Describes « serial number
{item contains item2 = item1.model contains item2.model}
 
 
 
 
 
Figure 4.25 Homomorphism for a parts catalog
«
u {u(b,d) = t(b.r, d.s)} i
 
 
 
 
 
c il 5 o
 
Figure 4.26 General homomorphism
At first, the homomorphism may seem to be an esoteric concept. However, our experi-
‘ence has been that they really do appear in practice. Homomorphisms are most likely to oc-
cur for complex applications that deal with metadata. The homomorphism is essentially just
an analogy—a special type of relationship between relationships. Proper use of homomor-
phisms constrain the structure of an object model and improve the correspondence between
the model and the real world.
4.8 CHAPTER SUMMARY
This chapter covers several diverse topics that explain subtleties of object modeling. These
concepts are not needed for simple models but may be important for complex applications.
Remember, the content of any object model should be driven by its relevance to an applica-
tion. Only use the advanced concepts in this chapter if they truly add to your application, ei-
ther by improving clarity, tightening structural constraints, of permitting expression of a
difficult concept.
Aggregation is a special form of transitive association where a group of component ob-
jects form a single semantic entity. Operations on an aggregate often propagate to the com-
ponents. Recursive aggregates allow a component to also be an aggregate, Aggregation must
not be confused with generalization, even though both constructs form trees; aggregation is
a tree of instances, generalization is a tree of classes
Abstract and concrete are useful terms for referring to classes in an inheritance hierar-
chy. Abstract classes help organize the class hierarchy and have no direct instances. Concrete78 Chapter 4 / ADVANCED OBJECT MODELING
classes may have direct instances. Abstract classes are frequently used to define methods in
‘one place for use by several subclasses. Abstract classes can also be used to define the form
or protocol of an operation, leaving the implementation to each subclass.
Inheritance has two different but complementary aspects. Extension means that a subclass
may add new features, Restriction means that a subclass may constrain inherited features. For
semantic reasons, a subclass should not suppress a superclass attribute or change the extemal
protocol of a superclass operation, An instance of a subclass is simultaneously an instance of
aa superclass; thus it is not permissible for a subclass to violate superclass behavior. Unfortu-
nately, it is common practice in existing object-oriented languages to abuse inheritance in this
way. The price that is paid is more obscure code and awkward maintenance.
Multiple inheritance permits a subclass to inherit features from more than one super-
class, A class with more than one superclass is called a join class. Each generalization should
discriminate a single semantic quality. The subclasses of a given superclass should be ar-
ranged into more than one generalization if the superclass specializes on more than one dis-
criminator. A join class may combine classes from different generalizations, or it may
combine classes from an overlapping generalization, but it may not combine classes from
the same disjoint generalization. Accidental inheritance is a property of instances and must
be represented by delegation.
Metadata is data that describes other data. Object classes are metadata, since they de-
scribe objects. The instantiation relationship links class descriptor objects to class instances.
Metadata is a useful concept for two reasons: It occurs in the real world and it is a powerful
tool for implementing complex systems. Modeling metadata can be confusing because the
distinction between descriptor and referent is blurred.
A candidate key is a minimal set of attributes that uniquely identifies an object or link.
Candidate keys constrain the multiplicity of an association. Multiplicity balls serve as a
shorthand notation; candidate keys express the fundamental abstraction. Multiplicity balls
are fine for binary associations but are ambiguous for n-ary associations. The best approach
for n-ary associations is to use candidate keys.
Explicit constraints among objects, links, and attributes are sometimes needed to ex-
press application semantics. The notation for a constraint is a comment in braces near the
constrained entity; a dotted line can be added to bind constrained entities. Generalization and
multiplicity are examples of constraints built into the fabric of object modeling. Homomor-
phisms are mappings between associations; a frequent usage is the mapping between a de-
scriptor tree and a part tree. Derived entities may appear in a model for organizational or
naming purposes, but do not add fundamental information,
 
 
 
 
 
abstract class constraint instantiation origin class
aggregation derived entity join class override
candidate key ‘generalization ‘metaclass propagation
class feature homomorphism ‘metadata protocol
concrete class inheritance multiple inheritance
 
 
Figure 4.27 Key concepts for Chapter 4BIBLIOGRAPHIC NOTES 79
BIBLIOGRAPHIC NOTES
There have been a number of attempts to understand types, sometimes going considerably
beyond the object-oriented paradigm. [Cardelli-85] describes a lattice of type definition
models, of which object-oriented models are seen to be just one case (and not the most gen-
eral). Extremely powerful type definition systems tend to be hard to understand and imple-
‘ment, so most language implementors have been more restrained,
{Teorey-89] presents an interesting approach to improving the understandability of
large, complex models. The basic idea is that a model can be viewed at various levels of de-
tail. High-level views hide low-level details within clusters. A cluster is a group of classes,
associations, generalizations, and possibly other clusters which are abstracted into a single
entity for presentation in a higher level view. Clusters can be recursively constructed until
the proper level of abstraction is achieved. Teorey uses a heavy outline box to indicate clus-
tering which is compatible with our OMT notation.
We choose not to present clustering as a section in this book because there are several
unresolved issues. We are uncomfortable with Teorey’s approach for handling associations
between the external world and an entity within a cluster. In one sense, a cluster hides the
fact that an entity is buried within, but this is contradicted by the visibility required to make
the association. Also we regard the priority rules for forming clusters as vague and confus-
ing. Nevertheless, we recommend the reading of Teorey’s paper as it represents significant
progress in an important area.
Many of the basic premises and details of object-oriented technology are controversial.
‘The annual OOPSLA (Object-Oriented Programming Systems, Languages, and Applications)
and ECOOP (European Conference on Object-Oriented Programming) conferences are the ve~
hicles for new concepts, novel implementations, and philosophical arguments about the object-
‘oriented field. Past theoretical controversies include the proper role of inheritance (single ver-
sus multiple, inheritance versus delegation, the need for metaclasses), more general forms of
type systems, handling of metadata, treatment of constraints, and handling of aggregation.
REFERENCES
[Atwood-85} Thomas M. Atwood. An object-oriented DBMS for design support applications. IEEE
COMPINT'8S. 299-307
(Cardelli-85) Luca Cardelli, Peter Wegner. On understanding types, data abstraction, and polymor-
phism. ACM Computing Surveys 17,4, 471-522.
(McAllester-86] David McAllester, Ramin Zabih. Boolean classes. OOPSLA’87 as SIGPLAN 22, 12
(Dec. 1987), 417-424.
(Meyer-88] Bertrand Meyer. Object-Oriented Software Construction. Hertfordshire, England: Prentice
‘Hall International, 1988,
[Rumbaugh-88) James E, Rumbaugh. Controlling propagation of operations using attributes on rela-
tions. OOPSLA’8S as ACM SIGPLAN 23, 11 (Nov. 1988), 285-296,
(Teorey-89) Toby J. Teorey. Guangping Wei, Deborah L. Bolton, John A Koenig. ER model clustering
a8 an aid for user communication and documentation in database design. Communications of the
ACM 32, 8 (August 1989), 975-987.80 Chapter 4 / ADVANCED OBJECT MODELING
EXERCISES
4.1 (4) The object diagram in Figure E4.1 is a partial representation of the structure of an automo-
bile. Improve it by changing some of the associations to aggregations.
 
Door jo —{Boay {Gas tank:
 
 
 
 
 
Automobile
I
Power train| | Steering system | | Braking system
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*
Engine] |Transmission| | Whee! | al Brake switch |-@ Brake light
ice nee cea eee
Exhaust system _| Electrical system Tt
Muffler co Starter || Battery || Alternator
 
 
 
 
 
 
 
 
Figure E4.1 Portion of an object diagram of the assembly hierarchy of an automobile
4.2 (4) Figure E4,2 isa partially completed object diagram for an interactive diagram editor. A sheet
isa collection of links and boxes. A link is a sequence of line segments that connect two boxes.
Each line segment is specified by two points. A point may be shared by a vertical and a horizon-
tal line segment in the same link. A selection is a collection of links and boxes that have been
highlighted in anticipation of an editing operation. A buffer is a collection of links and boxes
 
that have been cut or copied from the sheet. As it stands, the diagram does not express the con-
straint that Tink or a box belongs to one buffer or one selection or one sheet. Revise the object
diagram and use generalization to express the constraint by creating a superclass for the classes
Buffer, Selection, and Sheet. Discuss the merits of the revision.
 
  
 
 
 
 
 
 
 
 
 
Line segment eal Point
1
Figure E4.2 Portion of an object diagram for a simple diagram editor
 
 
 
4.3 (3) Categorize the following relationships into generalization, aggregation, or association. Be-
‘ware, there may be temary or n-ary associations in the list, so do not assume every relationship
involving three or more object classes is a generalization. Defend your answersEXERCISES 81
47
A country has a capital city.
A dining philosopher is using a fork.
A file is an ordinary file or a directory file
Files contain records.
‘A polygon is composed of an ordered set of points.
A drawing object is text, a geometrical object, or a group.
‘A person uses a computer language on a project.
Modems and keyboards are input/output devices.
‘Object classes may have several attributes.
‘A person plays for a team in a certain year.
A route connects two cities.
A student takes a course from a professor.
(7) Prepare an object diagram for a graphical document editor that supports grouping, which is
concept used in a variety of graphical editors. Assume that a document is composed of several
sheets. Each sheet contains drawing objects, including text, geometrical objects, and groups. A
group is simply a set of drawing objects, possibly including other groups. A group must contain
at least two drawing objects. A drawing object can be a direct member of at most one group.
Geometrical objects include circles, ellipses, rectangles, lines, and squares.
(6) A directory file contains information about files in a directory, including both ordinary files
as well as other directory files. Prepare an object diagram which models directory files and or-
dinary files. Since a directory plus a file name uniquely identifies a file, you will probably want
to use file name as a qualifier.
reer em me eo ee
  
(6) Prepare a verbal description of a situation that involves recursion, similar to the previous two
‘exercises, and prepare the corresponding object diagram. Defend the need for recursion in your
description.
(8) Descriptions of operations on some object classes in exercise 4.2 are given below. The no-
tation is class::operation(arguments). Think about how operations on some classes trigger oper-
ations on other classes through associations. For each operation on each class, prepare a list of
propagated operations. The list should contain class-operation pairs that are triggered through
associations.
bbuffer:;paste(offset) - Copy and translate the contents of the buffer into the sheet. The x and
¥ translation is specified by offse.
selection::cut() - Transport the selected contents of the sheet from the sheet to the buffer.
Links between a box that is selected and a box that is not selected are deleted. The pre-
‘vious contents of the buffer, if any, are deleted.
selection::copy() - Make a copy of the selected contents of the sheet in the buffer. Links be-
tween a box that is selected and a box that is not selected are not copied. The previous
contents of the buffer, if any, are deleted.
selection::move(offset) - Translate the selected contents of the sheet by the specified offset.
Links between a box that is selected and a box that is not selected are stretched.
link::select() ~ Highlight the link and add it to the selected links if it has not already been se-
lected.
 
link::deselect() - Tur off highlighting of the link and remove it from the selected list if it has
not already been deselected.
link::toggle_selection() - Select the link if it is not selected, otherwise deselect it,82
49
4.10
40
4.12
43
44
Chapter 4 / ADVANCED OBJECT MODELING
box::select() - Highlight the box and add it to the selected boxes if it has not already been
selected,
box::deselect() - Tur off highlighting of the box and remove
not already been deselected.
box::toggle_selection() - Select the box if it is not selected, otherwise deselect it.
it from the selected list if it has
 
(6) The following is a partial taxonomy of rotating electrical machines. Electrical machines may
be categorized for analysis purposes into alternating current (ac) or direct current (dc). Some
machines run on ac, some on de, and some will run on either. An ac machine may be synchro-
nous or induction. A few examples of electrical machines include large synchronous motors,
small induction motors, universal motors, and permanent magnet motors. Most motors found in
the home are usually induction machines or universal motors. Universal motors are typically
used in where high speed is needed such as in blenders or vacuum cleaners. They will run on
either ac or de. Permanent magnet motors are frequently used in toys and will work only on de.
Prepare an object diagram showing how the categories and the machines just described relate to
‘one another. Use multiple inheritance where it is appropriate to do so.
(6) Revise the object diagram that you prepared for the previous exercise to eliminate all use of
multiple inheritance. You may wish to use delegation and/or nested generalizations,
(7) Prepare a metamodel that supports only the following subset of the OMT notation: object
classes, attributes, and binary associations, including multiplicity and roles. Use only object
classes, attributes, and binary associations to build your metamodel,
  
 
(8) Prepare an instance diagram of the metamodel you prepared in the previous diagram. Treat
the metamodel as an object diagram that can be represented by instances of the classes of the
metamodel. As a minimum your instance diagram should include an instance for each class, at-
tribute, and binary association in the metamodel.
(10) (a) Prepare an object diagram for undirected graphs. Refer to exercise 3.23.
(b) Two undirected graphs G and H are isomorphic to each other if there exists a 1:1 correspon-
dence between the edges of G and H such that the incidence relationships will be preserved. Ex-
tend your object diagram using a homomorphism to express the conditions under which two un-
directed graphs are isomorphic to each other.
(5) Figure E4.3 is a portion of a metamodel which describes generalization. A generalization is
associated with several generalization roles, which are the roles that object classes play in gen-
eralization relationships. Role type is either subclass or superclass. Does this model support
‘multiple inheritance? Explain your answer.
 
Generalization | ——@ Generalization role je 1 Object class
discriminator role type class name
 
 
 
 
 
 
 
 
Figure E4.3 Metamodel of generalization relationships
(7) Describe how to find which class is the superclass of a generalization using the metamodel
in Figure E4.3. Revise the metamodel to simplify the query. Describe how to determine the su-
perclass of a generalization using your revised metamodel. Make sure that your revised meta-
model supports multiple inheritance.EXERCISES 83
4s
416
(7) How well does the metamodel in Figure E4.3 enforce the constraint that every generalization
has exactly one superclass? Discuss how accurately it reflects the logical structure of generali-
zation relationships as it stands. Revise it to improve the enforcement of the constraint.
(9) Figure E43 is a metamodel which describes object models such as in Figure E4.4. Prepare
an instance diagram using the object classes from the metamodel to describe the mode! in Figure
E4.4. To simplify the problem of identifying instances in your diagram, the generalizations have
been labeled. Use the same labels in your answer.
 
47
418
 
 
Human powered vehicle Land powered vehicle
: AY
Bicycle
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Figure B44 Object diagram with multiple inheritance
(7) Prepare a portion of an object diagram for a library book checkout system that shows the
ddate a book is due and the late charges for an overdue book as derived objects.
(10) Prepare a metamodel of Backus-Naur (BNF) representations of computer languages. The
model could be used by a compiler-compiler (such as the UNIX program YACC) that accepts
these representations in graphical form as input and which produces a compiler for the repre-
sented language. An example of a Backus-Naur form that the compiler-compiler will accept is
shown in Figure E4.5. Nonterminals are shown in rectangles and terminals are shown in circles
‘or rectangles with rounded comers. Circles are used for single characters. Rectangles with
rounded edges are used for a sequence of several characters. Arrows indicate the direction of
flow through the diagram, Where several directed paths diverge, it is permissible to take any one
of them. The name of the nonterminal being described appears at the beginning of its represen-
 
 
Figure E4.S Portion of a BNF diagram5
Dynamic Modeling
 
Temporal relationships are difficult to understand, A system can best be understood by first
examining its static structure, that is, the structure of its objects and their relationships to
each other at a single moment in time. Then we examine changes to the objects and their re-
lationships over time. Those aspects of a system that are concemed with time and changes
are the dynamic model, in contrast with the static, or object model. Control is that aspect of
system that describes the sequences of operations that occur in response to external stimuli,
without consideration of what the operations do, what they operate on, or how they are im-
plemented.
This chapter describes concepts dealing with flow of control, interactions, and sequene-
ing of operations in a system of concurrently-active objects. The major dynamic modeling
concepts are events, which represent external stimuli, and states, which represent values of
objects. The state diagram is a standard computer science concept (a graphical representa-
tion of finite state machines) that has been handled in different ways in the literature, depend-
ing on its use. We emphasize the use of events and states to specify control, rather than as
algebraic constructs. We show that states and events can be organized into generalization hi-
cerarchies to share structure and behavior.
In this chapter we mainly follow the notation of David Harel (Harel-87] for drawing
structured state diagrams using nested contours to show structure
5.1 EVENTS AND STATES
An object model describes the possible patterns of objects, attributes, and links that can exist
in a system. The attribute values and links held by an object are called its state. Over time,
the objects stimulate each other, resulting in a series of changes to their states. An individual
stimulus from one object to another is an event. The response to an event depends on the state
of the object receiving it, and can include a change of state or the sending of another event5.1 EVENTS AND STATES 85
to the original sender or to a third object. The pattern of events, states, and state transitions
for a given class can be abstracted and represented as a state diagram. A state diagram is a
network of states and events, just as an object diagram is a network of classes and relation-
ships. The dynamic model consists of multiple state diagrams, one state diagram for each
cclass with important dynamic behavior, and shows the pattern of activity for an entire sys-
tem. Each state machine executes concurrently and can change state independently. The state
diagrams for the various classes combine into a single dynamic model via shared events.
5.1.1 Events
‘An event is something that happens at a point in time, such as user depresses left button or
Flight 123 departs from Chicago. An event has no duration. Of course, nothing is really in-
stantancous; an event is simply an occurrence that is fast compared to the granularity of the
time scale of a given abstraction.
‘One event may logically precede or follow another, or the two events may be unrelated.
Flight 123 must depart Chicago before it can arrive in San Francisco; the two events are
causally related. Flight 123 may depart before or after Flight 456 departs Rome; the two
events are causally unrelated. Two events that are causally unrelated are said to be concur-
rent; they have no effect on each other. If the communications delay between two locations
exceeds the difference in event times, then the events must be concurrent because they can-
not influence each other. Even if the physical locations of two events are not distant, we con-
sider the events concurrent if they do not affect each other. In modeling a system we do not
try to establish an ordering between concurrent events because they can occur in any order.
Any realistic model of a distributed system must include concurrent events and activities.
‘An event is a one-way transmission of information from one object to another. It is not
like a subroutine call that returns a value. In the real world, all objects exist concurrently. An
‘object sending an event to another object may expect a reply, but the reply is a separate event
under the control of the second object, which may or may not choose to send it.
Every event is a unique occurrence, but we group them into event classes and give each
event class a name to indicate common structure and behavior. This structure is hierarchical,
just as object class structure is hierarchical, For example, Flight 123 departs from Chicago
and Flight 456 departs from Rome are both instances of event class airplane flight departs.
‘Some events are simple signals, but most event classes have attributes indicating the infor-
mation they convey. For example, airplane flight departs has attributes airline, flight num-
ber, and city. The time at which an event occurs is an implicit attribute of all events,
‘An event conveys information from one object to another. Some classes of events may
be simply signals that something has occurred, while other classes of events convey data val-
vues. The data values conveyed by an event are its attributes, like the data values held by ob-
jects. Attributes are shown in parentheses after the event class name. Figure 5.1 shows some
‘examples of event classes with attributes. Showing attributes is optional.
The term event is often used ambiguously. Sometimes event refers to an event instance,
at other times to an event class. In practice, this ambiguity is usually not a problem and the
precise meaning is apparent from the context.86 Chapter 5 / DYNAMIC MODELING
 
airplane flight departs (airline, flight number, city)
mouse button pushed (button, location)
input string entered (text)
phone receiver ltted
digit dialed (digit)
engine speed enters danger zone
 
 
 
Figure 5.1. Event classes and attributes
Events include error conditions as well as normal occurrences. For example, motor
jammed, transaction aborted, and time-out are typical error events. There is nothing differ-
ent about an error event; only our interpretation makes it an “error.”
5.1.2 Scenarios and Event Traces
A scenario is a sequence of events that occurs during one particular execution of a system.
‘The scope of a scenario can vary; it may include all events in the system, or it may include
only those events impinging on or generated by certain objects in the system. A scenario can
be the historical record of executing a system or a thought experiment of executing a pro-
posed system.
Figure 5.2 shows a scenario for using a telephone line. This scenario only contains
events affecting the phone line.
caller lifts receiver
dial tone begins
caller dials digit (5)
dial tone ends
caller dials digit (5)
caller dials digit (5)
caller dials digit {i}
caller dials digit (2
caller dials dt (3
caller dials di
called phone AGE Finging
jing tone appears in calling phone
called party answers:
called phone stops ringing
Tinging tone disappears in caling phone
phones are connected
called party hangs up
phones are disconnected
caller hangs up
 
 
 
Figure $.2 Scenario for phone call
Each event transmits information from one object to another. For example, dial tone be-
gins transmits a signal from the phone line to the caller, The next step after writing a scenario
is to identify the sender and receiver objects of each event, The sequence of events and the
objects exchanging events can both be shown in an augmented scenario called an event trace5.1 EVENTS AND STATES 87
diagram. This diagram shows each object as a vertical line and each event as a horizontal
arrow from the sender object to the receiver object. Time increases from top to bottom, but
is only the sequences of events that are shown, not their exact,
timing. (Real-time systems impose time constraints on event sequences, but that is a separate
‘matter requiring extra notation.) Figure 5.3 shows an event trace for a phone call. Note that
concurrent events can be sent (Phone line sends events to Caller and Calle concurrently)
and events between objects need not altemate (Caller dials several digits in succession).
 
Caller Phone line Callee
caller lifts receiver
dial tone begins
dials (5)
dial tone ends
dials (5)
dials (5)
dials (1)
dials (2)
dials (3)
dials (4)
ringing tone phone rings
answers phone
tone stops ringing stops
phones connected phones connected
calle hangs up
connection broken connection broken
ere
caller hangs up
eee
Figure $.3 Event trace for phone call
5.1.3 States
A state is an abstraction of the attribute values and links of an object. Sets of values are
‘grouped together into a state according to properties that affect the gross behavior of the ob-
ject. For example, the state of a bank is either solvent or insolvent, depending on whether its
assets exceed its liabilities, A state specifies the response of the object to input events, The
response to an event received by an object may vary quantitatively depending on the exact
values of its attributes, but the response is qualitatively the same for all values within the
same state, and may be qualitatively different for values in different states, The response of88 Chapter 5 / DYNAMIC MODELING
an object to an event may include an action or a change of state by the object. For example,
if a digit is dialed in state Dial tone, the phone line drops the dial tone and enters state Dial-
ing; if the receiver is replaced in state Dial tone, the phone line goes dead and enters state
Idle.
A state corresponds to the interval between two events received by an object. Events
represent points in time; states represent intervals of time. For example, after the receiver is
lifted and before the first digit is dialed, the phone line is in state Dial rone. The state of an
object depends on the past sequence of events it has received, but in most cases past events
are eventually hidden by subsequent events. For example, events that happened before the
phone is hung up have no effect on future behavior; the /dle state “forgets” events received
Prior to the hang up event.
A state has duration; it occupies an interval of time. A state is often associated with a
continuous activity, such as the ringing of a telephone, or an activity that takes time to com-
plete, such as flying from Chicago to San Francisco. Events and states are duals of one an-
other; an event separates two states, and a state Separates two events.
A state is often associated with the value of an object satisfying some condition. For ex-
ample, water is liquid is equivalent to saying “the temperature of the water is greater than 0
C and less than 100 C.” In the simplest case, each enumerated value of an attribute defines
a separate state. For example, an automobile transmission might be in states Reverse, Neu-
tral, First, Second, ot Third.
In defining states, we ignore those attributes that do not affect the behavior of the object,
and we lump together in a single state all combinations of attribute values and links that have
the same response to events. Of course, every attribute has some effect on behavior or it
would be meaningless, but often some attributes do not affect the pattern of control and can
be thought of as simple parameter values within a given state. Recall that the purpose of
modeling is to focus on those qualities of an entity that are relevant to the solution of an ap-
plication problem and abstract away those that are irrelevant. The three different OMT mod-
els (object, dynamic, and functional) present different views of a system; the particular
choice of attributes and values are not equally important in these three different views. For
example, except for leading 0s and 1s, the exact digits dialed do not affect the control of the
phone line, so we can summarize them all with state Dialing and track the phone number as
parameter. Sometimes, all possible values of an attribute are important but usually only
when the number of possible values is small,
Both events and states depend on the level of abstraction used. For example, a travel
agent planning an itinerary would treat each segment of a journey as a single event; a flight
status board in an airport would distinguish departures and arrivals; an air traffic control sys-
tem would break each flight into many geographical legs.
A state can be characterized in various ways. Figure 5.4 shows various characterizations
of the state Alarm ringing on a watch. The state has a suggestive name and a natural-lan-
guage description of its purpose. The event sequence that leads to the state consists of setting
the alarm, doing anything that doesn’t clear the alarm, and then having the target time occur.
A declarative condition for the state is given in terms of parameters, such as alarm and target
time; the alarm stops ringing after 20 seconds. Finally, a stimulus-response table shows the5.1 EVENTS AND STATES 89
 
State: Alarm ringing
Description: alarm on watch is ringing to indicate target time
Event sequence that produces the state:
set alarm (target time)
any sequence not including clear alarm
current time = target time
Condition that characterizes the state:
alarm = on, and target time < current time < target time + 20 seconds,
and no button has not been pushed since target time
Events accepted in the state:
event action next state
current time = target time +20 reset alarm. normal
button pushed (any button) reset alarm normal
 
 
 
Figure 5.4 Various characterizations of a state
effect of events current time and button pushed, including the action that occurs and the next
state. The different descriptions of a state may overlap.
Can links have state? In as much as they can be considered objects, links can have state.
As a practical matter, it is generally sufficient to associate state only with objects. The state
‘of an object can include the values of its links.
5.1.4 State Diagrams
A state diagram relates events and states. When an event is received, the next state depends
con the current state as well as the event; a change of state caused by an event is called a tran-
sition. A state diagram is a graph whose nodes are states and whose directed ares are tran
tions labeled by event names. A state is drawn as a rounded box containing an optional name.
A transition is drawn as an arrow from the receiving state to the target state; the label on the
arrow is the name of the event causing the transition. All the transitions leaving a state must
correspond to different events,
‘The state diagram specifies the state sequence caused by an event sequence. If an object
is in a state and an event labeling one of its transitions occurs, the object enters the state on
the target end of the transition. The transition is said to fire. If more than one transition leaves
4 state, then the first event to occur causes the corresponding transition to fire. If an event
‘occurs that has no transition leaving the current state, then the event is ignored. A sequence
of events corresponds to a path through the graph.
Figure 5.5 shows a state diagram describing the behavior of a telephone line. The dia-
gram is drawn for one phone line, not the caller or callee. The diagram contains sequences
‘associated with normal calls as well as some abnormal sequences, such as timing out while90 Chapter 5 / DYNAMIC MODELING
on-hook ae con-hook
    
   
      
digit(n)|
 
called phone answers
called phone hangs up
 
 
Disconnected)
Figure 8.5 State diagram for phone line
dialing or getting busy lines. The event on-hook causes a transition from any state to the /dle
state; this is drawn as a bundle of transitions leading to Idle. Later we will show a more gen-
eral notation that represents events applicable to groups of states with a single transition,
Note that the states do not totally define all values of the object. For example, state Di-
aling includes all sequences of incomplete phone numbers. It is not necessary to distinguish
between different numbers as separate states since they all have the same behavior, but the
actual number dialed must of course be saved as an attribute.
A state diagram describes the behavior of a single class of objects. Since all instances of
‘aclass have the same behavior (by definition), they all share the same state diagram, as they
all share the same class features. But as each object has its own attribute values, so too each
object has its own state, the result of the unique sequence of events that it has received. Each
object is independent of other objects and proceeds at its own pace.5.1 EVENTS AND STATES 1
State diagrams can represent one-shot life cycles or continuous loops. The diagram for
the phone line is a continuous loop. In describing ordinary usage of the phone, we do not
know or care how the loop is started. (If we were describing installation of new lines, the
initial state would be important.) One-shot diagrams represent objects with finite lives. A
‘one-shot diagram has initial and final states. The initial state is entered on creation of an ob-
ject; entering the final state implies destruction of the object. An initial state is shown by a
solid circle. The circle can be labeled to indicate different initial conditions. A final state is
shown by a bull’s-eye. The bull’s-eye can be labeled to distinguish final conditions. Figure
5.6 shows the life cycle of a chess game (with some simplifications). A one-shot diagram can
be considered a state diagram “subroutine” that can be referenced from various places in a
high-level diagram. Later we will show how creation and termination of an object fit into an
 
Figure $.6 One-shot state diagram for chess game
‘The dynamic model is a collection of state diagrams that interact with each other via
shared events. An object model represents the static structure of a system, while a dynamic
model represents the control structure of a system. A state diagram, like an object class, is a
pattern; it describes an entire, possibly infinite, range of sequences. A scenario is to adynam-
ic model as an instance diagram is to an object model.
5.1.5 Conditions
‘A condition is a Boolean function of object values, such as “the temperature is below freez-
ing.” A condition is valid over an interval of time. For example, “the temperature was below
freezing from November 15, 1921 until March 3, 1922.” It is important to distinguish con-
ditions from events, which have no time duration. A state can be defined in terms of a con-
dition; conversely, being in a state is a condition,
Conditions can be used as guards on transitions. A guarded transition fires when its
event occurs, but only if the guard condition is true. For example, “when you go out in the
moming (event), if the temperature is below freezing (condition), then put on your gloves
(next state).” A guard condition on a transition is shown as a Boolean expression in brackets
following the event name.
Figure 5.7 shows a state diagram with guarded transitions for traffic lights at an inter-
section. One pair of electric eyes checks the north-south left turn lanes; another pair checks92 Chapter 5 / DYNAMIC MODELING
 
 
   
 
time-out [cars in N/S left lanes)
   
North/south
may go straight
     
      
 
 
time-out [no cars
in N/S left lanes}
time-out
 
 
   
 
   
time-out {no cars
in E/W lett lanes}
Time-out [ears in EW left lanes}
Figure $.7 State diagram with guarded transitions
the east-west turn lanes. If no car is in the north-south and/or east-west turn lanes then the
traffic light control logic is smart enough to skip the left turn portion of the cycle
5.2 OPERATIONS
‘The state diagrams presented so far describe the patterns of events and states for a single ob-
ject class. In this section we show how events trigger operations.
5.2.1 Controlling Operations
State diagrams would be of little use if they just described patterns of events. A behavioral
description of an object must specify what the object does in response to events. Operations
attached to states or transitions are performed in response to the corresponding states or
events.
‘An activity is an operation that takes time to complete. An activity is associated with a
state, Activities include continuous operations, such as displaying a picture on a television
screen, as well as sequential operations that terminate by themselves after an interval of time,
such as closing a valve or performing a computation. A state may control a continuous ac-
tivity, such as ringing a telephone bell, that persists until an event terminates it by causing a
transition from the state, The notation “do: A” within a state box indicates that activity A
arts on entry to the state and stops on exit. A state may also control a sequential activity,
such as a robot moving a part, that progresses until it completes or until it is interrupted by
an event that terminates it prematurely. The same notation “do: A” indicates that sequential
activity A begins on entry to the state and stops when complete. If an event causes a transition
from the state before the activity is complete, then the activity is terminated prematurely. For
example, a robot might encounter resistance, causing it to cease moving. The two uses are
not really different; a continuous activity may be viewed as a sequential activity that lasts
indefinitely
An action is an instantaneous operation. An action is associated with an event. An ac-
tion represents an operation whose duration is insignificant compared to the resolution of the5.2 OPERATIONS 93
state diagram. For example, disconnect phone line might be an action in response to an on-
‘hook event for the phone line in Figure 5.5. A real-world operation is not really instanta-
neous, of course, but modeling it as an action indicates that we do not care about its internal
structure for control purposes. If we do care, then an operation should be modeled as an ac-
tivity, with a starting event, ending event, and possibly some intermediate events.
Actions can also represent intemal control operations, such as setting attributes or gen-
erating other events. Such actions have no real-world counterparts but instead are mecha-
nisms for structuring control within an implementation. For example, an internal counter
might be incremented every time a particular event occurs, In a computer, of course, even
simple operations take some time, but they can be considered instantaneous with respect to
the granularity of real events under consideration.
‘The notation for an action on a transition is a slash (‘/") and the name (or description) of
the action, following the name of the event that causes it. Figure 5.8 shows the state diagram
for a pop-up menu on a workstation. When the right button is depressed, the menu is dis-
played; when the right button is released, the menu is erased. While the menu is visible, the
highlighted menu item is updated whenever the cursor moves.
 
cursor moved /highight menu item
Figure 8. Actions for pop-up menu
5.2.2 Summary of Notation for State Diagrams with Operations
Figure 5.9 summarizes the notation presented in Sections 5.1 and 5.2 for unstructured state
diagrams. Section 5.3 discusses extensions for structured state diagrams.
Stater event? (attnbs) {condition} / actions
do: activity!
Figure $.9 Summary of notation for unstructured state diagrams
As shown in Figure 5.9, a state name is written in boldface within a rounded box. An
event name is written on a transition arrow and may optionally be followed by one or more
attributes within parentheses. A condition may be listed within square brackets after an event
‘name. An activity is indicated within a state box by the keyword “do;” followed by the name
or description of the activity. An action is indicated on a transition following the event name
by a“/" character followed by the event name. All these constructs are optional in state
diagrams.94 Chapter 5 / DYNAMIC MODELING
Figure 5.10 shows the state diagram for the phone line, previously shown in Figure 5.5,
but now with actions and activities.
‘on-hook
   
  
 
  
     
 
 
 
    
Fast
busy tone
go: fast busy ton
called phone answers
fconnect line
 
called phone hangs up
‘disconnect line
 
Figure 5.10 State diagram for phone line
5.3 NESTED STATE DIAGRAMS
State diagrams can be structured to permit concise descriptions of complex systems. The
ways of structuring state machines are similar to the ways of structuring objects: generaliza-
tion and aggregation. Generalization is equivalent to expanding nested activities. It allows
aan activity to be described at a high level, then expanded at a lower level by adding details,
similar to a nested procedure call. In addition, generalization allows states and events to be
arranged into generalization hierarchies with inheritance of common structure and behavior,5.3 NESTED STATE DIAGRAMS 95
similar to inheritance of attributes and operations in classes. Aggregation allows a state to be
broken into orthogonal components, with limited interaction among them, similar to an ob-
ject aggregation hierarchy. Aggregation is equivalent to concurrency of states. Concurrent
states generally correspond to object aggregations, possibly an entire system, that have in-
teracting parts.
5.3.1 Problems with Flat State Diagrams
State diagrams have often been criticized because they allegedly lack expressive power and
are impractical for large problems. These problems are true of flat, unstructured state dia-
‘grams. Consider an object with independent Boolean attributes that affect control. Repre-
senting such an object with a single flat state diagram would require 2" states. By partitioning
the state into m independent state machines, however, only 2n states are required. Or consider
the state diagram shown in Figure 5.11, in which n? transitions are needed to connect every
state to every other state. If this model can be reformulated using structure, the number of
transitions could be reduced as low as n. All complex systems contain a large amount of re-
dundancy that can be used to simplify state diagrams, provided appropriate structuring
mechanisms are available.
 
Figure §.11 Combinatorial explosion of transitions in flat state diagram
5.3.2 Nesting State Diagrams
‘An activity in a state can be expanded as a lower-level state diagram, each state representing
fone step of the activity. Nested activities are one-shot state diagrams with input and output
transitions, similar to subroutines. The set of nested state diagrams forms a lattice. (It is a
tree if we expand out different copies of the same nested diagram.).
Figure 5.12 shows a top-level model for a vending machine. This diagram contains an
activity dispense item and an event select(item) that are expanded in more detail in nested
state diagrams. The diagram also shows a bit of alternate notation. The event coins in(a-
‘mount) is written within the Collecting money state. This indicates a transition that remains
within a single state. Also, the transition from the unnamed state containing “do: dispense
item” to state /dle has no event label. The lack of event label indicates that the transition fires
automatically when the activity in the state is complete.96 Chapter 5 / DYNAMIC MODELING
coins in(amount) / set balance
  
 
 
 
 
Collecting money
coins in(amount) / add to balance,
| select(item) | [change<0]
do: test item and compute change
[change>0)
Figure 5.12 Vending machine mode!
           
‘cancel / refund coins
   
   
 
{item empty]
 
Figure 5.13 shows a subdiagram for the dispense item activity of Figure 5.12. This ac-
tivity corresponds to a sequence of lower-level states and events that are invisible in the orig-
inal high-level state diagram.
arm ready (Gy: move arm afm ready
fo correct column
Figure 5.13 Dispense item activity of vending machine
   
Events can also be expanded into subordinate state diagrams. Figure 5.14 shows the se-
ect item event from Figure 5.12, which actually involves several low-level events. The cus-
tomer keys in an item number and can start over by hitting clear; the selection is confirmed.
by hitting enter. The label on the bull’s-eye indicates the event generated on the higher-level
state diagram.
 
Figure §.14 Select item transition of vending machine
5.3.3 State Generalization
A nested state diagram is actually a form of generalization on states. Generalization is the
“or-relationship.” An object in a state in the high-level diagram must be in exactly one state
in the nested diagram. It must be in the first state, or the second state, or in one of the other5.3 NESTED STATE DIAGRAMS 97
 
States. The states in the nested diagram are all refinements of the state in the high-level
gram. In the previous section, the states in the nested diagram are unaffected by transitions
in the high-level diagram, but in general the states in a nested state diagram may interact with
other states.
States may have substates that inherit the transitions of their superstates, just as classes
have subclasses that inherit the attributes and operations of their superclasses. Any transition
or action that applies to a state applies to all its substates, unless overridden by an equivalent
transition on the substate. For example, the phone line model in Figure 5.5 could be simplified
by replacing the transitions from each state to /dle on event on-hook with a single transition
from a superstate Active to Idle. All the original states except /dle are substates of Active. The
‘occurrence of event on-hook in any active substate causes a transition to state Idle.
Figure 5.15 shows a state diagram for an automatic transmission, The transmission can
be in reverse, neutral, or forward; if it is in forward, it can be in first, second, or third gear.
States First, Second, and Third are substates of state Forward. The generalization notation
for states is different from that used for classes, to avoid a large number of lines that could
be confused with transitions. A superstate is drawn as a large rounded box enclosing all of
its substates. Substates in turn can enclose further substates. Because the rounded boxes rep-
resenting the various states are nested, Harel calls them contours
 
  
 
Figure $.15 State diagram of car transmission with generalization
The transitions of a superstate are inherited by each of its substates. Selecting “N” in any
forward gear causes a transition to neutral. The transition from Forward to Neutral implies
three inherited transitions, one from each forward gear to neutral. Selecting “F” in neutral
causes a transition to forward. Within state Forward, substate First is the default initial state,
shown by the unlabeled transition from the solid circle within the Forward contour. Forward
is just an abstract state; control must be in a real state, such as First
The transition on event stop from the Forward contour to state First represents a transi-
tion inherited by all three substates. In any forward gear, stopping the car causes a transition
to First.
It is possible to represent more complicated situations, such as an explicit transition
from a substate to a state outside the contour, or an explicit transition into the contour, In such
cases, all the states must appear on one diagram using the contour notation. In simpler cases98 Chapter 5 / DYNAMIC MODELING
where there is no interaction except for initiation and termination, the nested states can sim-
ply be drawn as a separate diagram and referenced by name in a “do” statement, as in the
vending machine example of Figure 5.12.
 
5.3.4 Event Generalization
Events can be organized into a generalization hierarchy with inheritance of event attributes.
Figure 5.16 shows part of a tree of input events for a workstation. Events mouse button down
and keyboard character are two kinds of user input. Both events inherit attribute time from
event event (the root of the hierarchy) and attribute device from event user input. Mouse but-
ton down and mouse button up inherit location from mouse button. Keyboard characters can
be divided into control characters and graphic characters. Ultimately every actual event can
be viewed as a leaf on a generalization tree of events. Inherited event attributes are shown in
the second part of each box. An input event triggers transitions on any ancestor event type.
For example, typing an ‘a’ would trigger a transition on event alphanumeric as well as event
keyboard character.
 
 
 
 
 
 
 
‘event
time
user input|
device
 
 
 
ree
mouse Keyboard
character
pai character
=
mouse | { mouse
button || button
down || up
space| | alphanumeric} | punctuation}
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Figure $.16 Partial event hierarchy for keyboard events
Providing an event hierarchy permits different levels of abstraction to be used at differ-
ent places in a model. For example, in some states all input characters might be handled the
same and would lead to the same next state; in other states control characters would be treat-
ed differently from printing characters; still others might have different actions on individual
characters,5.4 CONCURRENCY 99
5.4 CONCURRENCY
5.4.1 Aggregation Concurrency
‘A dynamic model describes a set of concurrent objects, each with its own state and state di-
agram. The objects in a system are inherently concurrent and can change state independently.
The state of the entire system cannot be represented by a single state in a single object; it is
the product of the states of all the objects in it. In many systems, the number of objects can
change dynamically as well.
A state diagram for an assembly is a collection of state diagrams, one for each compo-
nent. Aggregation implies concurrency. The aggregate state corresponds to the combined
states of all the component diagrams. Aggregation is the “and-relationship.” The aggregate
state is one state from the first diagram, and a state from the second diagram, and a state from
each other diagram. In the more interesting cases, the component states interact. Guarded
transitions for one object can depend on another object being in a given state. This allows
interaction between the state diagrams, while preserving modularity.
Figure 5.17 shows the state of a Car as an aggregation of component states: the /gnition,
Transmission, Accelerator, and Brake (plus other unmentioned objects). Each component
state also has substates. The state of the car includes one substate from each component.
Each component undergoes transitions in parallel with all the others, The state diagrams of
the components are almost, but not quite, independent: The car will not start unless trans-
mission is in neutral. This is shown by the guard expression Transmission in Neutral on the
transition from /gnition-Off to Ignition-Starting.
 
5.4.2 Concurrency within an Object
Concurrency within the state of a single object arises when the object can be partitioned into
subsets of attributes or links, each of which has its own subdiagram. The state of the object
comprises one state from each subdiagram. The subdiagrams need not be independent; the
‘same event can cause transitions in more than one subdiagram. Concurrency within a single
composite state of an object is shown by partitioning the composite state into subdiagrams
with dotted lines. The name of the overall composite state can be written in a separate region
of the box, separated by a solid line from the concurrent subdiagrams. Figure 5.18 shows the
state diagram for the play of a bridge rubber. When a side wins a game, it becomes “vulner-
able”; the first side to win two games wins the rubber. During the play of the rubber, the state
of the rubber consists of one state from each subdiagram. When the Playing rubber compos-
ite state is entered, both subdiagrams are initially in their respective default states Not vul-
nerable. Each subdiagram can independently advance to state Vulnerable when its side wins
4 game. When one side wins a second game, a transition occurs to the corresponding Wins
rubber state. This transition terminates both concurrent subdiagrams because they are part
of the same composite state Playing rubber and are only active when the top-level state di-
agram is in that state100
 
Car
 
 
 
Chapter 5 / DYNAMIC MODELING
cele eee
 
Ignition
 
Transmission| | Brake
 
 
Accelerator
 
 
 
 
 
 
Ignition
turn key to start
[Transmission
aaa a meas
Transmission
turn key off5.5 ADVANCED DYNAMIC MODELING CONCEPTS 101
5.5 ADVANCED DYNAMIC MODELING CONCEPTS
In this section we present advanced dynamic modeling concepts as well as some refinements
‘on the notation.
5.5.1 Entry and Exit Actions
AS an alternative to showing actions on transitions, actions can be associated with entering
or exiting a state. There is no difference in expressive power between the two notations, but
frequently all transitions into a state perform the same action, in which case attaching the
action to the state is more concise.
For example, Figure 5.19 shows the control of a garage door opener. The user generates
depress events with a push-button to open and close the door. Each event reverses the direc-
tion of the door, but for safety the door must open fully before it can be closed. The control
generates motor up and motor down actions for the motor. The motor generates door open
and door closed events when the motion has been completed. Both transitions entering state
Opening cause the door to open.
 
 
Figure 8.19 Actions on transitions
Figure 5.20 shows the same model using actions on entry to states. An entry action is
shown inside the state box following the keyword entry and a “/" character. Whenever the
state is entered, by any incoming transition, the entry action is performed. An entry action is
equivalent to attaching the action to every incoming transition. If an incoming transition al-
ready has an action, its action is performed first.
Exit actions are less common than entry actions, but they are occasionally useful. An
exit action is shown inside the state box following the keyword exit and a “/" character.
Whenever the state is exited, by any outgoing transition, the exit action is performed first.
If multiple operations are specified on a state, they are performed in the following order:
actions on the incoming transition, entry actions, do activities, exit actions, actions on the
‘outgoing transition. Do activities can be interrupted by events that cause transitions out of
the state, but entry actions and exit actions are completed regardless, since they are consid-
ered to be instantaneous actions. If a do activity is interrupted, the exit action is nevertheless
performed.102 Chapter 5 / DYNAMIC MODELING
  
     
  
Opening
entry / motor up 222" 96”
depress,
 
      
Closed
entry / motor off
door closed
Closing
entry / motor down
Figure 5.20 Actions on entry to states
Entry and exit actions are particularly useful in nested state diagrams because they per-
mit a state (possibly an entire subdiagram) to be expressed in terms of matched entry-exit
actions without regard for what happens before or after the state is active. It is possible to
use actions attached to transitions as well as entry and exit actions in a diagram.
Transitioning into or out of a substate in a nested diagram can cause execution of several
entry or exit actions, if the transition reaches across several levels of generalization. The en-
try actions are executed from the outside in and the exit actions from the inside out. This per-
mits behavior similar to nested subroutine calls.
 
5.5.2 Internal Actions
An event can cause an action to be performed without causing a state change. The event
name is written inside the state box, followed by a“/” and the name of the action. (Keywords
entry, exit, and do are reserved words within the state box.) When such an event occurs, its
action is executed but not the entry or exit actions for the state. There is therefore a difference
between an intemal action and a self-transition; the self-transition causes the exit and entry
actions for the state to be executed. Figure 5.12 shows an internal action within the Collect-
ing money state.
Figure 5.21 summarizes the additional notation for entry, exit, and internal actions.
Statet
0: actvity1 event! (attribs1) [condition] / action
entry / action2
exit/ action
event/ actions
 
‘event2 (attribs2)
Figure $.21 Summary of extended notation for state diagrams5.5 ADVANCED DYNAMIC MODELING CONCEPTS 103
5.5.3 Automatic Transition
Frequently the only purpose of a state is to perform a sequential activity. When the activity
is completed, a transition to another state fires. An arrow without an event name indicates an
automatic transition that fires when the activity associated with the source state is completed.
If there is no activity, the unlabeled transition fires as soon as the state is entered (but the en-
try and exit actions are always performed). Such unlabeled transitions are sometimes called
lambda transitions, after the Greek letter used to indicate them in some textbooks. Figure
5.12 shows four unlabeled transitions from the state containing activity “test item and com-
pute change.” Each transition has a guard condition. When the activity is complete, the tran-
sition with a valid guard condition fires.
Ifa state has one or more automatic transitions, but none of the guard conditions are sat-
isfied, then the state remains active until one of the conditions is satisfied or until an event
‘causes another transition to fire. The change in value of a condition is an implicit event (re-
ferred to in digital hardware as “edge triggering”). For example, “the temperature is below
freezing” is a condition. “The temperature goes belong freezing” is the edge-triggered event
associated with the condition.
   
5.5.4 Sending Events
An object can perform the action of sending an event to another object. A system of objects
interacts by exchanging events.
The action “send E(attributes)” sends event E with the given attributes to the object or
objects that receive it. For example, the phone line sends a connect(phone-number) event to
the switcher when a complete phone number has been dialed. An event can be directed at a
set of objects or a single object. Any and all objects with transitions on the event can accept
it concurrently. The word “send” can be omitted if itis clear that £ is the name of an event.
In our diagrams, event names are shown in italics and action names in normal text, so there
is no confusion.
igure 5.21 shows another notation for sending an event from one object to another. The
dotted line from a transition to an object indicates that an event is sent to the object when the
transition fires. The arrow could be connected directly to a transition within the state diagram
Of the target object to indicate that the target transition depends on the event.
If a state can accept events from more than one object, the order in which concurrent
‘events are received may affect the final state; this is called a race condition. For example, in
Figure 5.20 the door may or may not remain open if the button is pressed at about the time
the door becomes fully open. A race condition is not necessarily a design error, but concur-
rent systems frequently contain unwanted race conditions which must be avoided by careful
design. A requirement of two events being received simultaneously is never a meaningful
condition in the real world, as slight variations in transmission speed are inherent in any
tributed system,
When an object interacts with an external object, such as a person or device, sending an
event is often indistinguishable from an action. For example, in the event trace of Figure 5.3,104 ‘Chapter 5 / DYNAMIC MODELING
actions dial tone begins and ringing tone are actually events between the phone line and the
caller.
5.5.5 Synchronization of Concurrent Activities
Sometimes one object must perform two (or more) activities concurrently. The internal steps
of the activities are not synchronized, but both activities must be completed before the object.
can progress to its next state. For example, consider a cash dispensing machine that dispens-
es cash and returns the user’s card at the end of a transaction. The machine must not reset
itself until the user takes both the cash and the card, but the user may take them in either order
or even simultaneously. The order in which they are taken is irrelevant, only the fact that both
of them have been taken. This is an example of splitting control into concurrent activities
and later merging control.
Figure 5.22 shows a concurrent state diagram for the emitting activity. Concurrent ac-
tivities within a single composite activity are shown by partitioning a state into regions with
dotted lines, as explained previously. Each region is a subdiagram that represents a concur-
rent activity within the composite activity. The composite activity assumes exactly one state
from each subdiagram.
 
 
 
Figure 5.22. Synchronization of control
Splitting of control into concurrent parts is shown by an arrow that forks. The forked
arrow selects one state from each concurrent subdiagram. In the example, the transition on
event ready splits into two concurrent parts, one to each concurrent subdiagram. When this
transition fires, two concurrent substates become active and execute independently. Each
concurrent substate could be a whole state diagram.
Any transition into a state with concurrent subdiagrams activates each of the subdia-
grams, If any subdiagrams are omitted from the transition, they start in their default initial
states. In this example, a forked arrow is not actually necessary. A transition could be drawn
to the Emitting state, with a default initial state indicated in each subdiagram.
Merging of concurrent control is shown by an arrow with a forked tail, The target state
becomes active when both events occur in any order. The events need not be simultaneous,
Each subdiagram terminates as soon as its part of the transition fires, but all parts of the tran-
sition must fire before the entire transition fires and the composite state is terminated. If there
are any subdiagrams in the composite state that are not part of the merge, then they are5.6 A SAMPLE DYNAMIC MODEL 105,
automatically terminated when the merge transition fires. The exit actions (if any) of all sub-
diagrams are performed when the merge transition fires. In the example, the transitions cash
taken and card taken are part of a single merge transition. When both parts of the merge tran-
sitions fire, state Ready to reset becomes active. Drawing a separate transition from each sub-
state to the target state would have a different meaning; either transition would terminate the
other subdiagram without waiting for the other transition.
In this example, the number of concurrently-active states varies during execution from.
‘one to two and back to one again.
 
5.6 A SAMPLE DYNAMIC MODEL
We present a sample dynamic model of a real device to show how the various modeling con-
structs fit together. This is a model of a Sears “Weekender” Programmable Thermostat. This
‘model was constructed by reading the instruction manual and by experimenting with the ac-
tual device. This device controls a furnace and air conditioner according to time-dependent
attributes which the owner enters using a pad of buttons,
While running, the thermostat operates the furnace or air conditioner to keep the current
temperature equal to the target temperature. The target temperature is taken from a table of
program values supplied by the user. The table specifies target temperature for 8 different
time periods, 4 on weekdays and 4 on weekends, with start times specified by the user. The
target temperature is reset from the table at the beginning of each program period. The user
can override the target temperature for the remainder of the current period or indefinitely.
The user programs the thermostat using a pad of 10 push buttons and 3 switches. The user
sees parameters on an alphanumeric display. A switch illuminates a night light, The thermo-
stat has a temperature sensor that reads the air temperature, The thermostat operates power
relays for a furnace and an air conditioner, and an indicator lights up when the furnace or air
conditioner is operating
Each push button generates an event every time it is pushed. We assign one input event
per button:
TEMP UP raises target temperature or program temperature
TEMP DOWN lowers target temperature or program temperature
TIMEFWD —_ advances clock time or program time
TIME BACK —_retards clock time or program time
SET CLOCK sets current time of day
SET DAY sets current day of the week
RUNPRGM leaves setup or program mode and runs the program
VIEW PRGM enters program mode to examine and modify 8 program time and
Program temperature settings
HOLD TEMP —_ holds current target temperature in spite of the program
F.C BUTTON alternates temperature display between Fahrenheit and Celsius106 Chapter 5 / DYNAMIC MODELING.
Each switch supplies a parameter value chosen from two or three possibilities. We mod-
el each switch as an independent concurrent subdiagram with one state per switch setting.
Although we assign event names to a change in state, it is the state of each switch that is of
interest. The switches and their settings are:
 
Light switch Lights the alphanumeric display. Values: light off, light on.
Season switch Specifies which device the thermostat controls. Values: heat (fur-
nace), cool (air conditioner), off (none).
Fan switch Specifies when the ventilation fan operates. Values: fan on (fan
runs continuously), fan auto (fan runs only when fumace or air
conditioner is operating).
The thermostat controls the furnace, air conditior
this control by a i
The thermostat has a temperature sensor that it reads continuously, which we model by
an external parameter femp. The thermostat also has an internal clock that it reads and dis-
plays continuously. We model the clock as another external parameter time, since we are not
interested in building a state model of the clock. In building a dynamic model, it is important
to only include states that affect the flow of control and to model other information as pa-
rameters or variables. We introduce an internal state variable target temp, which represents
the current temperature that the thermostat is trying to maintain. This state variable is read
by some actions and set by other actions; it permits communication among parts of the dy-
namic model.
Figure 5.23 shows the top-level state diagram of the programmable thermostat. It con-
tains 7 concurrent subdiagrams. The user interface is too large to show and is expanded sep-
arately. The diagram includes trivial subdiagrams for the season switch and the fan switch.
The other 4 subdiagrams show the output of the thermostat: the furnace, air conditioner, and
fan relays, and the run indicator light. Each of these subdiagrams contains an Off and an On
substate. The state of each subdiagram is totally determined by conditions on input parame-
ters and the state of other subdiagrams, such as the season switch or the fan switch. The state
of the 4 subdiagrams on the right is totally derived and contains no additional information.
Figure 5.24 shows the subdiagram for the user interface. The diagram contains 3 concur-
rent subdiagrams, one for the interactive display, one for the temperature mode, and one for the
night light. The night light is controlled by a physical switch, so the default initial state is irrel-
evant; its value can be determined directly. The temperature display mode is controlled by a
single push button that toggles the temperature units between Fahrenheit and Celsius. The de-
fault initial state is necessary; when the device is powered on, the initial temperature mode is
Fahrenheit.
The subdiagram for the interactive display is more interesting. The device is either op-
crating or being set up. Substate Operate contains two substates, Run and Hold, in addition
to two concurrent substates, one which controls the target temperature display and one which
controls the current time and temperature display. Every 2 seconds the display altemates be-
tween the current time and current temperature,
, and fan power relays. We model5.6 A SAMPLE DYNAMIC MODEL 107
( Programmable thermostat
Furnace relay
 
temp < target temp
‘and season switch in Heat]
 
[temp > target temp +d
or season switch not in Heat)
Air conditioner relay
{temp>target temp
and season switch in Cool]
 
 
[temp < target temp -d
‘or season switch not in Coot]
Run indicator
[in Furnace on or in AC on]
 
[in Furnace off and in AC off]
Fan relay
{in ‘on or
in Fan switch on]
 
     
 
 
{in Everything off and
in Fan auto}
Figure §.23 State diagram for programmable thermostat108
 
 
Chapter 5 / DYNAMIC MODELING
User interface
power on
| run program Interactive display Aad standard program
Operate
 
   
      
1 sec [time=program time]
Jadvance program
   
    
  
(ce)
(ci
do: show agi incl
  
      
Run
entry’set target
(temp from program)
 
  
 
   
   
   
 
   
   
 
   
xs target (temp)/reset target temp
temp upiincrement
target temp
un program
temp downtiecrement
target temp
90 sec
without input
 
entry/ convent
temp to F.
 
 
 
Figure $.24 Subdiagram for thermostat user interface5.6 A SAMPLE DYNAMIC MODEL 109
 
Figure $.25 Subiagrams for thermostat user interface setup
‘The target temperature is displayed continuously and is modified by the femp up and
temp down buttons, as well as the set target event that is generated only in the Run state, Note
that the target temp parameter set by this subdiagram is the same parameter that controls the
output relays.
‘While in the Operate state, the device is either in the Run or Hold substates. Every sec-
‘ond in the Rum state, the current time is compared to the stored program times in the program
table: if they are equal, then the program advances to the next program period, and the Run
state is reentered. The run state is also entered whenever the run program button is pressed110 Chapter 5 / DYNAMIC MODELING
in any state, as shown by the transition from the contour to the Operate state and the default
initial transition to Run. Whenever the Run state is entered, the entry action on the state resets
the target temperature from the program table. While the program is in the Hold state, the
program temperature cannot be advanced automatically, but the temperature can still be
modified directly by the ¢emp up and temp down buttons. The default substate on power on
is the Run substate. If the interface is in one of the setup states for 90 seconds without any
input, the system enters the Hold state. This transition is shown as an arrow from the Setup
contour directly to the Hold substate. Entering the Hold substate also forces entry to the de-
fault initial states of the other two concurrent subdiagrams of Operate. The Setup state was
included in the model just to group the three setup substates for the 90-second time-out tran-
sition, Note a small anomaly of the device: The hold button has no effect within the Setup
state, although the Hold state can be entered by waiting for 90 seconds.
‘The three setup subdiagrams are shown in Figure 5.25. Pressing set clock enters the Set
minutes substate as initial default. Subsequent set clock presses toggle between the Set hours
and the Set minutes substates. The time fivd and time back buttons modify the program time.
Pressing set day enters the Set day substate and shows the day of the week. Subsequent press-
es increment the day directly. Pressing view program enters the Set program substate, which
has three concurrent subdiagrams, one each controlling the display of the program time, pro-
gram temperature, and program period. The Set program state always starts with the first
program period, while subsequent view: program events cycle through the 8 program peri-
ods. The view program event is shown on all three subdiagrams, each diagram advancing the
setting that it controls. Note that the time fivd and time back events modify time in 15 minute
increments, unlike the same events in the set clock state. Note also that the femp up and temp
down transitions have guard conditions to keep the temperature in a fixed range.
None of the Interactive display substates has an explicit exit transition. Each substate is
implicitly terminated by a transition into another substate from the main Interactive display
contour.
 
  
 
 
5.7 RELATION OF OBJECT AND DYNAMIC MODELS
The dynamic model specifies allowable sequences of changes to objects from the object
model. A state diagram describes all or part of the behavior of one object of a given class.
States are equivalence classes of attribute and link values for the object. Events can be rep-
resented as operations on the object model.
Dynamic model structure is related to and constrained by object model structure. A sub-
state refines the attribute and link values that the object can have. Each substate restricts the
values that the object can have. But this refinement of object values is exactly generalization
by restriction, as discussed in Section 4.3. A hierarchy of states of an object is equivalent to
a restriction hierarchy of the object class. Object-oriented models and languages do not usu-
ally support restriction in the generalization hierarchy, so the dynamic model is the proper
place to represent it, Both generalization of classes and generalization of states partition the
set of possible object values. A single object can have different states over time—the object5.8 PRACTICAL TIPS 11
reserves its identity—but it cannot have different classes. Inherent differences among ob-
jects are therefore properly modeled as different classes, while temporary differences are
properly modeled as different states of the same class.
A composite state is the aggregation of more than one concurrent substate. There are
three sources of concurrency within the object model. The first is aggregation of objects:
Each component of an aggregation has its own independent state, so the assembly can be
considered to have a state that is the composite of the states of all its parts. The second source
is aggregation within an object: The attributes and links of an object are its parts, and groups
of them taken together define concurrent substates of the composite object state. The third
source is concurrent behavior of an object, such as found in Figure 5.22. The three sources
of concurrency are usually interchangeable. For example, an object could contain an at-
tribute to indicate that it was performing a certain activity.
The dynamic model of a class is inherited by its subclasses. The subclasses inherit both
the states of the ancestor and the transitions. The subclasses can have their own state dia-
grams. But how do the state diagrams of the superclass and the subclass interact? We have
noted that states are equivalent to restriction on classes. If the superclass state diagrams and
the subclass state diagrams deal with disjoint sets of attributes, there is no problem. The sub-
class has a composite state composed of concurrent state diagrams. If, however, the state di-
agram of the subclass involves some of the same attributes as the state diagram of the
superclass, a potential conflict exists, The state diagram of the subclass must be a refinement
Of the state diagram of the superclass. Any state from the parent state diagram can be gener-
alized or split into concurrent parts, but new states or transitions cannot be introduced into
the parent diagram directly because the parent diagram must be a projection of the child di-
agram. Although refinement of inherited state diagrams is possible, usually the state diagram
of a subclass should be an independent, orthogonal, concurrent addition to the state diagram
inherited from a superclass, defined on a different set of attributes (usually the ones added in
the subclass).
The event hierarchy is independent of the class hierarchy, in practice if not in theory.
Events can be defined across different classes of objects. Events are more fundamental than
states and more parallel to classes. States are defined by the interaction of objects and events.
Transitions can often be implemented as operations on objects. The operation name corre-
sponds to the event name. Events are more expressive than operations, however, because the
effect of an event depends not only on the class of an object but also on its state,
 
    
 
5.8 PRACTICAL TIPS
‘The precise content of all OMT models depends on the needs of the application. This is true
for the object, dynamic, and functional models. The examples in this chapter illustrate the
various modeling constructs without showing the process for constructing a model in the
first place. Parts 2 and 3 of this book show how to apply these principles; Part 4 presents
several real applications.112 Chapter 5 / DYNAMIC MODELING
The following practical tips have been mentioned throughout the chapter but are sum-
marized here for convenience.
+ Only construct state diagrams for object classes with meaningful dynamic behavior. Not
all object classes require a state model
+ Check the various state diagrams for consistency on shared events so that the full dy-
namic model will be correct.
+ Use scenarios to help you begin the process of constructing state diagrams, (Chapter 8
describes this process in detail.)
+ Only consider relevant attributes when defining a state. All attributes shown in an object
model need not be used in state diagrams.
+ Consider the needs of the application when deciding on the granularity of events and
states,
+ Let the application distinguish between activities and actions. Activities occur over a pe-
riod of time; actions are instantaneous compared to the time scale’of an application.
+ When a state has multiple incoming transitions and all transitions cause the same action
to occur, put actions within state boxes preceded by an entry event instead of listing
them on transition ares. Do likewise for exit events,
+ Use nested states when the same transaction applies to many states.
+ Most concurrency arises from object aggregation and need not be expressed explicitly
in the state diagram. Use composite states to show independent facets of the behavior of
a single object.
+ Try to make the state diagrams of subclasses independent of the state diagrams of their
superclasses. The subclass state diagrams should concentrate on attributes unique to the
subclasses.
+ Beware of unwanted race conditions in state diagrams. Race conditions may occur when
a state can accept events from more than one object.
5.9 CHAPTER SUMMARY
‘The dynamic model represents control information: the sequences of events, states, and op-
erations that occur within a system of objects. Like the object model, the dynamic model is
‘pattern that specifies the allowable scenarios that may occur, The notation for the dynamic
model represents a compromise between simplicity and expressiveness; there are some
‘meaningful constraints that cannot be expressed by the notation we present. As with the ob-
ject model, these constraints must be expressed in natural language.
‘An event is a signal that something has happened. A state represents the interval be-
‘tween events and specifies the context in which events are interpreted. A transition between
states represents the response to an event, including the next state and possible actions andBIBLIOGRAPHIC NOTES. 113
events sent to other objects. A condition is a Boolean function that controls whether a tran-
sition is allowed to occur. A state diagram is a graph of states and transitions labeled by
events.
An action is an instantaneous operation in response to an event, often purely formal or
internal. One kind of action is sending an event to another object. Actions can be attached to
transitions or to entering or exiting a state. An activity is a sequence of actions that takes time
to complete. An activity can be equated with a state or an entire state diagram. The result of
an activity can be used as a decision to choose the next state,
States and events can both be expanded into nested state diagrams to show greater detail.
Events and states can both be organized into inheritance hierarchies. Substates inherit the
transitions of their superstates. Subevents trigger the same transitions as their superevents.
‘Objects are inherently concurrent. Each object is a collection that has its own state. State
diagrams show concurrency as an aggregation of concurrent states, each operating indepen-
dently. Concurrent objects interact by exchanging events and by testing conditions of other
objects, including states. Transitions can split or merge flow of control.
Entry and exit actions permit actions to be associated with a state, to indicate all the tran-
sitions entering or exiting the state. They make self-contained state diagrams possible for use
in multiple contexts, Internal actions represent transitions that do not leave the state. Auto-
matic transitions fire when the their conditions are satisfied and any activity in the source
‘state has terminated.
‘States are really restriction generalizations on a class and are complementary to ordinary
extension generalizations. A subclass inherits the state diagrams of its ancestors, to be con-
current with any state diagram that it defines. It is also possible to refine an inherited state
diagram by expanding states into substates or concurrent subdiagrams.
A realistic model of a programmable thermostat takes three pages and illustrates subtle-
ties of behavior that are not apparent from the instruction manual or from everyday opera-
tion.
 
 
action ‘contour ‘generalization scenario
activity contro guard state
aggregation dynamic model nested diagram state diagram
‘concurrency event ‘operation transition
condition ‘event trace race condition
 
 
 
Figure 8.26 Key concepts for Chapter
BIBLIOGRAPHIC NOTES
A comparison of several techniques for specifying dynamic behavior of systems is given in
[Davis-88)
Much of this chapter follows the work of David Harel, who has formalized his concepts
in a notation called statecharts [Harel-87}. Harel’s treatment is the most successful attempt114 Chapter 5 / DYNAMIC MODELING
to date to structure finite state machines and avoid the combinatorial explosion that has
plagued them, Harel’s statecharts are part of a larger development methodology that has been
implemented as a commercial product called STATEMATE (Harel-88a]. Harel describes a
contour-based notation for state diagrams, as well as object diagrams as special cases of a
general diagram notation that he calls higraphs (Harel-88b].
‘We have used treelike notation for object diagrams and contour notation for state dia
grams, although the notations are logically equivalent. As Harel indicates, the contour nota-
tion could also be used for object diagrams. Nested contours are good for conveying the
intuitive feel that the general case includes all its specialized varieties. Contours have the dis-
advantage of being awkward to draw if nesting exceeds two or three levels. It is particularly
inconvenient to develop top-down diagrams because the initial outer contours are usually too
small and have to be redrawn. On the other hand, trees extend cleanly to any depth, and
nodes at all levels can be drawn at the same resolution, We have chosen to use contours for
states, which do not have a lot of text contents, but to use trees of object class boxes in a flat
space to describe classes, which do have a lot of contents. In an earlier work, we had devel-
oped a treelike notation for states called state trees (Rumbaugh-88}, but Harel’s notation
seems superior in most cases.
Finite state machines are a basic computer science concept that are described in any
standard text on automata theory, such as [Hopcroft-79]. They are often described as recog-
nizers or generators of formal languages. Basic finite state machines are limited in expres-
sive power. They have been extended with local variables and recursion as Augmented
Transition Networks [Woods-70] and Recursive Transition Networks. These extensions ex-
and the range of formal languages they can express but do little to address the combinatorial
explosion that makes them unwieldy for practical control problems.
[Shlaer-90} attaches a finite state machine to each object class. Actions attached to state
entry are expressed in natural language. An object interacts with another object by sending
an event to it as part of an action. There is no multilevel structure on the state machines and
the interactions between objects tend to get buried in the code for actions.
Traditional finite automata have been approached from a synchronous viewpoint. Petri
nets [Reisig-85] are a formalization of concurrency and synchronization of systems with dis-
tributed activity without resort to any notion of global time. Although they succeed well as
an abstract conceptual model, they are too low level and inexpressive to be useful for spec-
ifying large systems.
Finite state machines have been used widely for specifying control of computer archi-
tectures and programs. Typically the problem is divided into data flow and control parts, the
control part being specified by a finite state machine. Much of the thrust of previous work is
to transform the finite state machines to minimize the size of the hardware. Details can be
found in a standard text on switching theory or logic design, such as (Comer-84] or [Miller-
79)
The need to specify interactive user interfaces has created several techniques for speci-
fying control. This work is directed toward finding notations that clearly express powerful
kinds of interactions while also being easily implementable. See [Green-86} for a compari-
son of some of these techniques.REFERENCES 15,
{Comer-84) David J. Comer. Digital Logic and State Machine Design. New York: Holt, Rinehart,
1984,
[Davis-88] Alan M. Davis. A comparison of techniques for the specifi
ior. Communications of ACM 31,9 (September 1988), 1098-1115.
{Green-86] Mark Green. A survey of three dialogue models. ACM Transactions on Graphics S, 3 July
1986), 244-275.
{Harel-87] David Harel. Statechans: a visual formalism for complex systems. Science of Computer
Programming 8 (1987), 231-274.
{Harel-88a} D. Harel, H. Lachover, A. Naamad, A. Pnueli, M. Politi, R. Sherman, A. Shtul-Trauring.
STATEMATE: A working environment for the development of complex reactive systems. Pro-
ceedings of 10th IEEE International Conference on Software Engineering, Singapore, April 1988.
{Harel-88b} David Harel. On visual formalisms. Communications of ACM 31, 5 (May 1988), 514-530.
(Hopcroft-79] J.£. Hopcroft, J.D. Ullman, Introduction to Automata Theory, Languages, and Compu-
tation. Reading, Mass.: Addison-Wesley, 1979.
{Miller-79] Raymond A. Miller. Switching Theory. Huntington, New York: Robert E. Krieger, 1979.
[Reisig-85]. W. Reisig. Petri Nets: An Introduction. Berlin: Springer-Verlag, 1985.
[Rumbaugh-88} James Rumbaugh. State trees as structured finite state machines for user interfaces
ACM SIGGRAPH Symposium on User Interface Software, Banff, Alberta, October 17-19, 1988,
[Shlaer-90} Sally Shlaer, Stephen J. Mellor. Object Life Cycles: Modeling the World in States. Engle-
wood Cliffs, New Jersey: Yourdon Press, 1990.
[Woods-70] W.A. Woods. Transition network grammars for natural language analysis. Communica-
tions of ACM 13, 10 (Oct. 1970), 591-606.
ion of extemal system behay-
 
 
 
 
5.1 (3) Write scenarios for the following activities:
&. Moving a bag of com, a goose, and a fox across a river in a boat. Only one thing may be
carried in the boat at a time. If the goose is left alone with the com, the com will be eaten. If
the goose is left alone with the fox, the goose will be eaten. Prepare two scenarios, one in
which something gets eaten and one in which everything is safely transported across the riv-
er.
b. Getting ready to take a trip in your car. Assume an automatic transmission. Don’t forget your
seat belt and emergency brake.
‘© Am elevator ride to the top floor.
4. Operation of a car cruise control. Include an encounter with slow moving traffic that requires
you to disengage and then resume control.
$2 (4) Some combined bath-showers have two faucets and a lever for controlling the flow of the
‘water. The lever controls whether the water flows from the shower head or directly into the tub.
‘When the water is first turned on, it flows directly into the tub. When the lever is pulled, a valve
closes and latches, diverting the flow of water to the shower head. To switch from shower to
‘bath with the water running. one must push the lever. Shutting off the water releases the lever
so that the next time the water is turned on, it flows directly into the tub, Write a scenario for a
shower that is interrupted by a telephone call.116
53
34
35
5.6
37
38
Chapter 5 / DYNAMIC MODELING
(3) The direction control for some of the first toy electric trains was accomplished by interrupt-
ing the power to the train. Prepare state diagrams for the headlight and wheels of the train, cor-
responding to the following scenario:
Power is off, train is not moving.
Power is turned on, train moves forward and train headlight shines.
Power is tumed off, train stops and headlight goes out.
Power is turned on, headlight shines and train does not move.
Power is tuned off, headlight goes out.
Power is tuned on, train runs backward with its headlight shining.
Power is turned off, train stops and headlight goes out
Power is tured on, headlight shines and train does not move.
Power is tuned off, headlight goes out.
Power is tuned on, train runs forward with its headlight shining,
(4) An extension ladder has a rope, pulley, and latch for raising, lowering, and locking the ex-
tension. When the latch is locked, the extension is mechanically supported and you may safely
climb the ladder. To release the latch, you raise the extension slightly with the rope. You may
then freely raise or lower the extension. The latch produces a clacking sound as it passes over
rungs of the ladder. The latch may be reengaged while raising the extension by reversing direc-
tion just as the latch is passing a rung. Prepare a state diagram of an extension ladder,
(4) A simple digital watch has a display and two buttons to set it, the A button and the B button.
The watch has two modes of operation, display time and set time. In the display time mode,
hours and minutes are displayed, separated by a flashing colon. The set time mode has two sub-
‘modes, set hours and set minutes. The A button is used to select modes. Each time it is pressed,
the mode advances in the sequence: display, set hours, set minutes, display, etc. Within the sub-
modes, the B button is used to advance the hours or minutes once each time it is pressed. Buttons
‘must be released before they can generate another event. Prepare a state diagram of the watch.
(5) Revise the dynamic mode! from the previous exercise to provide for more rapid setting of
the time by pressing and holding the B button. If the B button is pressed and held for more than
5 seconds in set time mode, the hours or minutes (depending on the submode) increment once
every 1/2 second,
(6) Figure E5.1 is a partially completed, simplified, state diagram for the control of a telephone
answering machine. Calls are automatically answered as follows: An incoming call is detected
‘on the first ring and the machine answers the call with a prerecorded announcement. When the
announcement is complete, the caller's message is recorded. When the caller hangs up, the ma-
chine hangs up and shuts off. Place the following in the diagram: call detected, answer call, play
announcement, record message, caller hangs up, announcement complete.
 
Figure ES.1 Partially completed state diagram for an answering machine
(7) The telephone answering machine in the previous exercise is activated on the first ring. Re~
vise the state diagram to have the machine answer after five rings. If the telephone is answeredEXERCISES 117
5.10
before five rings, the machine should do nothing. Be careful to distinguish between five calls in
which the telephone is answered on the first ring and one call that rings five times.
(3) In a personal computer, a disk controller is typically used to transfer a stream of bytes from
a floppy disk drive to a memory buffer with the help of a host such as the central processing unit
(CPU) or a direct memory access (DMA) controller. A partially completed, simplified, state di-
agram for the control of the data transfer is shown in Figure ES.2, The controller signals the host
each time a new byte is available. The data must then be read and stored before another byte is
ready. When the disk controller senses the data has been read, it indicates that data is not avail-
able, in preparation for the next byte. If any byte is not read before the next one comes along,
the disk controller asserts a data lost error signal until the disk controller is reset. Add the fol-
Towing to the diagram: reset, indicate data not available, indicate data available, data read by
host, new data ready, indicate data lost.
 
 
 
 
Figure ES.2 Partially completed state diagram of a data transfer protocol
(6) Figure ES.3 is a partially completed state diagram for one kind of motor control that is com-
monly used in household appliances. A separate appliance control determines when the motor
should be on and continuously asserts “on” as an input to the motor control when the motor
should be running.
Ga eaeen Cre
Figure ES.3 Partially completed state diagram for a motor control
 
 
‘When “on” is asserted, the motor control should start and run the motor. Starting is accom:
lished by applying power to both the “start” and the “run” windings of the motor. A sensor,
Called a "starting relay,” determines when the motor has started, at which point the “start” wind-
ing is turned off, leaving only the “run” winding powered. Both windings are shut off when “on”
is not asserted.
Appliance motors could be damaged by overheating if they are overloaded or fail to start. To
‘protect against thermal damage, the motor control often includes an aver-temperature sensor. If
the motor becomes too hot, the motor control removes power from both windings and ignores
‘any “on assertion from the appliance control until a reset button on the motor control is pressed
land the motor has cooled off,118 Chapter 5 / DYNAMIC MODELING
‘Add the following to the diagram. Activities: apply power to run winding, apply power to
start winding. Conditions: motor is overheated, on is asserted, motor is running. Events: reset.
   
S.11 (8) Convert the state diagram that you prepared in the previous exercise into a nested state di
‘gram to take advantage of the commonality between the starting and running state, There is a
transition from either the starting or the running state to the off state when “on” is not wanted.
 
$.12 (8) There was a single, continuously active input to the control in exercise 5.10. In another com-
‘mon motor control, the user is provided two push buttons, one for “start” and one for “stop.” To
start the motor, the user depresses the “start” button. The motor continues to run after the “start”
button is released.To stop the motor, the “stop” button is pressed. The “stop” button takes pre-
cedence over the “start” button so that the motor does not run while both buttons are depressed.
If both buttons are depressed and released, whether or not the motor starts depends on the order
in which the buttons are released. If the “stop” button is released first, the motor starts. Other-
wise the motor does not start. Modify the state diagram that you prepared in exercise 5.10 to
accommodate “start” and “stop” buttons.
$.13 (8) Figure E5.4 is a partially completed, simplified, state diagram for the receiver in a universal
asynchronous receiver transmitter (UART). A UART is used to transmit digital information one
character at a time over a serial communications link. To simplify the exercise, we have ignored
several features of actual UARTs, such as detection of parity, framing, and overrun errors.
 
Receive start bit
 
Detect start bit _Verify start bit
 
 
Receive data bits
Figure E5.4 Partially completed state diagram for an asynchronous receiver
 
Characters are transmitted as a sequence of bits at a fixed and predefined rate. A character
consists of a start bit, several data bits, and a stop bit. The number of data bits in a character
varies between 5 and 8 and can be set by the user. Within a character, bits are assigned precise
time slots, A transmitter sends a 1 or a 0 bit by setting the polarity of its output throughout theEXERCISES 119
Sd
51S
S16
time slot for that bit. The receiver decides whether a bit is a | ora 0 by sampling it at the center
of its time slot. The transmitter sends a start bit at the beginning of each character to resynchro-
nize the receiver. The edge of the start bit triggers the receiver, which then verifies the start bit
at the center of the time slot. If itis not the correct polarity at that time, the assumption is that a
short pulse of noise falsely triggered the receiver, and it goes back to waiting for a valid start bit
‘AO stop bit is used at the end of a character to separate characters, otherwise a I bit at the end
‘of a character could interfere with the detection of the next start bit.
‘Once a valid start bit is found, the receiver proceeds to assemble bits into a character by sam-
pling them in the centers of their time slots. When all of the bits have been assembled into a char-
acter, the receiver transfers it to an interface.
Complete the state diagram in Figure ES.4 with events, actions, activities, ete. The Transfer
character state is used to move a character from the shift register to a holding register.
(9) Prepare concurrent state diagrams to control the buffered copying of an ASCII file to a per-
sonal computer from a remote computer through a UART (see exercise 5.13 for a description of
@ UART). You may assume that a program has already initiated the transfer from the remote
‘computer and is waiting for data. The program must process interrupts from the UART and from
«disk controller. The UART and the disk controller operate independently.
‘There will be an interrupt from the UART each time it receives a byte. To process the inter-
‘pt, the program must check for UART errors and add the byte into a buffer. If there is a UART.
error, the program must close the file, terminate the transfer and display an error message.
The disk controller generates an interrupt when it is ready for more data. Whenever the disk
driver is ready and there is data in the buffer, write a byte to the file.
AA special control character is used to signify the end of transmission. When the UART re-
ceives this character the program should close the file, terminate the transfer, and display a
‘message that the transfer is complete,
‘Because the remote computer may send data faster than the disk can handle, the program will
need to control the buffer. Whenever the buffer becomes nearly full, the program must send a
request to the remote computer 10 suspend transmission, When the buffer becomes nearly emp-
ty, send a request to resume transmission,
(5) Three phase induction motors will spin either clockwise or counterclockwise, depending on
the connection to the power lines. In applications requiring motor operation in both directions,
two separate contactors (power relays) might be used to make the connections, one for each di-
rection. Also, in some applications of large motors, the motor starts through a transformer that
reduces the impact on the power supply. The transformer is bypassed by a third contactor after
the motor has been given enough time to come up to speed. There are three momentary control
inputs: requests for forward, reverse, or off. When the motor is off, forward or reverse requests
‘cause the motor to start up and run in the requested direction. A reverse request is ignored if the
‘motor is starting or running in the forward direction. and vice versa, An off request at any time
shuts the motor off.
Figure E5.5 is a state diagram for one possible motor control. Convert it from a single state
diagram into two concurrent state diagrams, one to control the direction of the motor and one
for starting control.
(3) The control in the previous exercise does not provide for thermal protection.
& Modify the state diagram in Figure ES.5 to shut the motor off if an overheating condition is
detected at any time120
Chapter 5 / DYNAMIC MODELING
off request
 
off request
 
forward request
 
 
    
 
Running forward
do: energize running contactor
do: energize forward contactor
Starting forward
entry/sta timer
do: energize forward contactor
    
   
 
 
    
      
   
   
  
   
Starting reverse
entryistan timer
do: energize reverse contactor
reverse request
off request
Running reverse
   
do: energize running contactor
do: energize reverse contactor
    
 
 
 
 
 
 
 
off request
 
 
Figure ES.S State diagram for a reduced-voltage-star, reversing,
three phase induction motor control
. Modify the concurrent state diagrams that you produced in exercise 5.15 to shut the motor
off if an overheating condition is detected at any time.
 
$.17 2) Place the following event classes into a generalization hierarchy with inheritance of event
attributes: pick operation, character input, line pick, circle pick, box pick, text pick, event.
5.18 (6) Prepare a state diagram for selecting and dragging items with the diagram editor described
in exercises 4.2 and 4.7.
 
A cursor on the diagram tracks a two-button mouse. If the left button is pressed with the cur-
sor on an item (a box or a link), the item is selected, otherwise previously selected items are de-
selected. Moving the mouse with the left button held down drags any selected items.
5.19 (9) A gas-fired, forced hot air, home heating system maintains room temperature and humidity
in the winter using distributed controls. The comfort of separate rooms may be controlled some-
what independently. Heat is requested from the furnace for each room based on its measured
temperature and the desired temperature for that room. When one or more rooms require heat,
the furnace is turned on. When the temperature in the furnace is high enough, a blower on the
furnace is tumed on to send hot air through heating ducts. If the temperature in the furnace ex-
ceeds a safety limit, the furnace is shut off and the blower continues to run, Flappers in the ducts
are controlled by the system to deliver heat only to those rooms which need it. When the room(s)
no longer requires heat, the furnace is shut off, but the blower continues to deliver hot air until
the furnace has cooled off.
Humidity is also maintained based on a strategy involving desired humidity, measured hu-
midity, and outside temperature. The desired humidity is set by the user for the entire home, Hu-EEE —t
EXERCISES 121
midity of the cool air returning to the blower is measured. When the system determines that the
‘humidity is too low, a humidifier in the furnace is turned on, whenever the blower is on, to inject
moisture into the air leaving the blower.
Partition the control of this system into concurrent state machines. Describe the functioning
of each state machine without actually going into the details of states, actions, or activities.
(7) While exploring an old castle, you and a friend discovered a bookcase that you suspected to
bbe the entrance to a secret passageway. While you examined the bookcase, your friend removed
a candle from its holder, only to discover that the candle holder was the entrance control. The
bookcase rotated a half tum, pushing you along, separating you from your friend. Your friend
put the candle back. This time the bookcase rotated a full tun, still leaving you behind it. Your
friend took the candle out. The bookcase started to rotate a full tum again, but this time you
stopped it just shy of a full turn by blocking it with your body. Your friend handed you the can-
dle and together you managed to force the bookcase back a half tum, but this left your friend
‘behind it and you in front of it. You put the candle back. As the bookcase began to rotate, you
took out the candle, and the bookcase stopped after a quarter tum. You and your friend then en-
tered to explore further.
Develop a state diagram for the control of the bookcase that is consistent with the previous
scenario. What should you have done at first to gain entry with the least fuss?
 
(10) Figure E5.6 is a portion of the state diagram for the control of a video cassette recorder
(VCR). The VCR has several buttons, including select, on/off, and set for setting the clock and
automatic start-stop timers, auto for enabling automatic recording, ver for bypassing the VCR,
and timed for recording for a while, Many of the events in Figure E5.6 correspond to pressing
the button with the same name, Several buttons have a toggling behavior. For example, pressing
ver toggles between VCR and TV mode. Several buttons used for manual control of the VCR
are not accounted for in Figure E5.6 such as play, record, fast forward, rewind, pause, and eject
‘These buttons are enabled only in the Manual state. Do the following:
a. Prepare lists of events, actions, and activities.
'b. Prepare a user's manual explaining how to operate the VCR.
‘¢. By adding states, extend the state diagram to accommodate another start-stop timer for a sec-
‘ond channel.
4. There is a great deal of commonality in your answer to the previous part. For example, set-
ting the hour may be done in several contexts with similar results, Discuss how duplication
of effort could be reduced.122 Chapter 5 / DYNAMIC MODELING
 
Day Hour
do:flash day do:flash hour
setnext day setinext hour
 
 
Set start timer
initialize start time
do:display start time
Set stop timer
enttryinitialize stop time
do:
Timed record
doxrecord
timedmore time
 
 
 
 
 
do:display time
do:update time
 
 
 
Figure E5.6 Portion of a state diagram for a video cassette recorder6
Functional Modeling
‘The functional model describes computations within a system. The functional model is the
third leg of the modeling tripod, in addition to the object mode! and the dynamic model. The
functional model specifies what happens, the dynamic model specifies when it happens, and
the object model specifies what it happens to.
The functional model shows how output values in a computation are derived from input
values, without regard for the order in which the values are computed. The functional mode!
consists of multiple data flow diagrams which show the flow of values from external inputs,
through operations and intemal data stores, to external outputs. The functional model also
includes constraints among values within an object model. Data flow diagrams do not show
control or object structure information; these belong to the dynamic and object models. We
mainly follow the traditional exposition of data flow diagrams.
6.1 FUNCTIONAL MODELS
‘The functional model specifies the results of a computation without specifying how or when
they are computed. The functional model specifies the meaning of the operations in the ob-
ject model and the actions in the dynamic model, as well as any constraints in the object
‘model. Noninteractive programs, such as compilers, have a trivial dynamic model; their pur-
pose is to compute a function. The functional model is the main model for such programs,
although the object model is important for any problem with nontrivial data structures. Many
interactive programs also have a significant functional model. By contrast, databases often
have a trivial functional model, since their purpose is to store and organize data, not to trans-
form it.
A spreadsheet is a kind of functional model. In most cases, the values in the spreadsheet
are trivial and cannot be structured further. The only interesting object structure is the cells
in the spreadsheet itself. The purpose of the spreadsheet is to specify values in terms of other
values.
123124 Chapter 6 / FUNCTIONAL MODELING
A compiler is almost a pure computation. The input is the text of a program in a partic-
ular language; the output is an object file that implements the program in another language,
often the machine language of a particular computer. The mechanics of compilation are ir-
relevant to the application.
‘The tax code is a large functional description. It specifies formulas for computing taxes,
based on income, expenses, donations, marital status, and so on. The tax code also defines
objects (income, deductions) and contains dynamic information (when taxes are due, when
estimated taxes are due, when income forms must be sent to employees). A set of tax forms
and instructions is an algorithm implementing the functional model. Tax forms specify how
to compute taxes based on a set of input values, such as income, expenses, deductions, and
withholding. Note that tax forms only provide an algorithm for computing taxes; they do not
define the actual tax due function. By contrast, the tax code usually defines the tax due fune-
tion without specifying the algorithm for computing it. A taxpayer need not fill in the form
in the exact sequence given in the instructions to get the correct answer.
 
6.2 DATA FLOW DIAGRAMS
The functional model consists of multiple data flow diagrams which specify the meaning of
operations and constraints, A data flow diagram (DFD) shows the functional relationships of
the values computed by a system, including input values, output values, and internal data
stores. A data flow diagram is a graph showing the flow of data values from their sources in
objects through processes that transform them to their destinations in other objects. A data
flow diagram does not show control information, such as the time at which processes are ex-
ecuted or decisions among alternate data paths; this information belongs to the dynamic
‘model. (Some authors do include control information in DFDs, primarily to show everything
on one diagram, but we have broken out the control information into a separate diagram, the
state diagram.) A data flow diagram does not show the organization of values into objects;
this information belongs to the object model.
A data flow diagram contains processes that transform data, dara flows that move data,
actor objects that produce and consume data, and data store objects that store data passively.
Figure 6.1 shows a data flow diagram for the display of an icon on a windowing system. The
icon name and location are inputs to the diagram from an unspecified source. The icon is ex-
panded to vectors in the application coordinate system using existing icon definitions. The
vectors are clipped to the size of the window, then offset by the location of the window on
the screen, to obtain vectors in the screen coordinate system. Finally the vectors are convert
ed to pixel operations that are sent to the screen buffer for display. The data flow diagram
shows the sequence of transformations performed, as well as the external values and objects
that affect the computation
 
 
6.2.1 Processes
A process transforms data values. The lowest-level processes are pure functions without side
effects. Typical functions include the sum of two numbers, the finance charge on a set of6.2 DATA FLOW DIAGRAMS. 125
 
 
 
 
 
 
 
 
Operations
Figure 6.1 Data flow diagram for windowed graphics display
credit card transactions, and the spline through a list of points. An entire data flow graph is
a high-level process. A process may have side effects if it contains nonfunctional compo-
nents, such as data stores or external objects. The functional model does not uniquely specify
the results of a process with side effects. The functional model only indicates the possible
functional paths; it does not show which path will actually occur. The results of such a pro-
‘cess depend on the behavior of the system, as specified by the dynamic model. Examples of
nonfunctional processes include reading and writing files, a voice recognition algorithm that
learns from experience, and the display of images within a workstation windowing system.
A process is drawn as an ellipse containing a description of the transformation, usually
its name. Each process has a fixed number of input and output data arrows, each of which
carries a value of a given type. The inputs and outputs can be labeled to show their role in
the computation, but often the type of value on the data flow is sufficient. Figure 6.2 shows
two processes. Note that a process can have more than one output. The display icon process
fepresents the entire data flow diagram of Figure 6.1 at a higher level of abstraction,
  
dividend quotient
=o
location
divisor remainder
Figure 6.2 Processes
The diagram only shows the pattem of inputs and outputs. The computation of output
values from input values must also be specified. A high-level process can be expanded into
an entire data flow diagram, much as a subroutine can be expanded into lower-level subrou-
tines. Eventually the recursion must stop, and the atomic processes must be described direct-
ly, in natural language, mathematical equations, or by some other means, For example,
“integer division” could be defined mathematically and “display icon” would be defined in
terms of Figure 6.1, Frequently the atomic processes are trivial and simply access a value
from an object, for example.126 Chapter 6 / FUNCTIONAL MODELING
Processes are implemented as methods (or method fragments) of operations on object
classes. The target object is usually one of the input flows, especially if the same class of ob-
ject is also an output flow. In some cases, however, the target object is implicit. For example,
in Figure 6.2, the target of display icon is the window that receives the pixel operations.
6.2.2 Data Flows
A dara flow connects the output of an object or process to the input of another object or pro-
cess, It represents an intermediate data value within a computation. The value is not changed
by the data flow.
A data flow is drawn as an arrow between the producer and the consumer of the data
value. The arrow is labeled with a description of the data, usually its name or type. The same
value can be sent to several places; this is indicated by a fork with several arrows emerging
from it, The output arrows are unlabeled because they represent the same value as the input.
Figure 6.3 shows some data flows.
 
Figure 6.3 Data flows to copy a value and split an aggregate value
‘Sometimes an aggregate data value is split into its components, each of which goes to a
different process. This is shown by a fork in the path in which each outgoing arrow is labeled
with the name of its component. The combination of several components into an aggregate
value is just the opposite.
Each data flow represents a value at some point in the computation. The data flows in-
ternal to the diagram represent intermediate values within a computation and do not neces-
sarily have any significance in the real world.
Flows on the boundary of a data flow diagram are its inputs and outputs. These flows
may be unconnected (if the diagram is a fragment of a complete system), or they may be con-
nected to objects. The inputs of Figure 6.1 are icon name and location; their sources must be
specified in the larger context in which the diagram is used. The outputs of Figure 6.1 are
pixel operations, which are sent to the screen buffer object. The same inputs and outputs ap-
pear in the bottom part of Figure 6.2, in which the entire data flow diagram of Figure 6.1 has
been abstracted into a process.
 
 
6.2.3 Actors
An actor is an active object that drives the data flow graph by producing or consuming val-
tues, Actors are attached to the inputs and outputs of a data flow graph. In a sense, the actors6.2 DATA FLOW DIAGRAMS: 127
lie on the boundary of the data flow graph but terminate the flow of data as sources and sinks
of data, and so are sometimes called terminators. Examples of actors include the user of a
program, a thermostat, and a motor under computer control. The actions of the actors are out-
side the scope of the data flow diagram but should be part of the dynamic model.
An actor is drawn as a rectangle to show that it is an object. Arrows between the actor
and the diagram are inputs and outputs of the diagram. The screen buffer in Figure 6.1 is an
actor that consumes pixel operations.
6.2.4 Data Stores
A data store is a passive object within a data flow diagram that stores data for later access.
Unlike an actor, a data store does not generate any operations on its own but merely responds
to requests to store and access data. A data store allows values to be accessed in a different
order than they are generated. Aggregate data stores, such as lists and tables, provide access
of data by insertion order or index keys. Sample data stores include a database of airline seat
reservations, a bank account, and a list of temperature readings over the past day.
A data store is drawn as a pair of parallel lines containing the name of the store. Input
arrows indicate information or operations that modify the stored data; this includes adding
elements, modifying values, or deleting elements. Output arrows indicate information re-
trieved from the store. This includes retrieving the entire value or some component of it. The
actual structure of the object must be described in the object model, together with a descrip-
tion of the update and access operations permitted.
Figure 6.4a shows a data store for temperature readings. Every hour a new temperature
reading enters the store. At the end of the day, the maximum and minimum reading are re-
trieved from the store. In addition to introducing delays in the use of data, data stores permit
many pieces of data to be accumulated and then used at once.
Figure 6.4b shows a data store for a bank account. The double-headed arrow indicates
that balance is both an input and an output of the subtraction operation. This could be drawn
with two separate arrows, but accessing and updating a value in a data store is a common
Figure 6.4c shows a price list for items, Input to the store consists of pairs of item name
and cost values. Later an item is given, and the corresponding cost is found. The unlabeled
arrow from the data store to the process indicates that the entire price list is an input to the
selection operation. Note that the item name is not an input to the data store during the se~
lection operation because it does not modify the store but merely supplies input to the selec
tion process.
Figure 6.44 shows the periodic table being accessed to find the atomic weight of an el-
‘ement. Obviously the properties of chemical elements are constant and not a variable of the
Program. It is convenient to represent the operation as a simple access of a constant data
store object. Such a data store has no inputs.
Both actors and data stores are objects. We distinguish them because their behavior and
usage is generally different, although in an object-oriented language they might both be im-
plemented as objects. On the other hand, a data store might be implemented as a file and an
actor as an external device. Some data flows are also objects, although in many cases they128 ‘Chapter 6 / FUNCTIONAL MODELING
 
 
 
 
‘Account
temperature —————_ max temp
————> Readings balance
Sy Customer | withdrawal
(a) (b)
Se eo Periodic
list
atomic weights
(©) (@)
 
Figure 6.4 Data stores
are pure values, such as integers, which lack individual identity. (In an object-oriented lan-
guage, however, objects and pure values are often implemented the same.)
There is a difference between viewing an object as a single value and as a data store con-
taining many values. In Figure 6.5, the customer name selects an account from the bank. The
result of this operation is the account object itself, which is then used as a data store in the
update operation. A data flow that generates an object used as the target of another operation
is indicated by a hollow triangle at the end of the data flow. In contrast, the update operation
modifies the balance in the account object, as indicated by the small arrowhead. The hollow
triangle indicates a data flow value that subsequently is treated as an object, usually a data
store. (This is a new construct that we have introduced. Traditional data flow notation does
not adequately represent the dynamic creation or selection of an object for later use in the
diagram as an aggregate.)
  
accounts God) caer
name balance
Custom | SOPH + 
Figure 6.5 Selection with an object as result
 
 
Figure 6.6 shows the creation of a new account in a bank. The result of the create ac-
Count process is a new account, which is stored in the bank. The customer's name and de-
posit are stored in the account. The account number from the new account is given to the
customer. In this example, the account object is viewed both as a data value (stored in the
bank) and as a data store (used to store and retrieve values),6.2 DATA FLOW DIAGRAMS. 129
ena
Bonk
name, deposit _\7
>
‘Customer ‘Account
fee IS SCORN Fs ee
number
 
 
 
 
 
Figure 6.6 Creation of a new object
6.2.5 Nested Data Flow Diagrams
A data flow diagram is particularly useful for showing the high-level functionality of a sys-
tem and its breakdown into smaller functional units. A process can be expanded into another
data flow diagram. Each input and output of the process is an input or output of the new di-
agram. The new diagram may have data stores that are not shown in the higher-level dia-
gram. The display icon process of Figure 6.2 corresponds to the data flow diagram of Figure
6.1. Diagrams can be nested to an arbitrary depth, and the entire set of nested diagrams forms
a tree. Nesting of a data flow diagram permits each level to be coherent and understandable
yet the overall functionality can be arbitrarily complex. A diagram that references itself rep-
resents a recursive computation, (The nesting of diagrams has also been called leveling,
since the diagrams are organized into different levels.)
Eventually the nesting of diagrams terminates with simple functions. These functions
must be specified as operations, to be explained in Section 6.3.
6.2.6 Control Flows
‘A data flow diagram shows all possible computation paths for values; it does not show which
paths are executed and in what order. Decisions and sequencing are control issues that are
part of the dynamic model. A decision affects whether one or more functions are even per-
formed, rather than supplying a value to the functions. Even though the functions do not have
input values from these decision functions, it is sometimes useful to include them in the
functional mode! so that they are not forgotten and so their data dependencies can be shown.
This is done by including control flows in the data flow diagram,
A control flow is a Boolean value that affects whether a process is evaluated. The control
flow is not an input value to the process itself. A control flow is shown by a dotted line from
44 process producing a Boolean value to the process being controlled.
Figure 6.7 shows a data flow diagram for a withdrawal from a bank account. The cus-
tomer supplies a password and an amount. The withdrawal occurs only if the password is
successfully verified. The update process could be expanded with a similar control flow to
guard against overdrafts
‘Control flows can occasionally be useful, but they duplicate information in the dynamic
model and should be used sparingly.130 Chapter 6 / FUNCTIONAL MODELING
   
  
  
 
coded ey fa
password _Account
mes Cory Yong | ee
amount
Customer
 
 
cash
Figure 6.7 Control flow
6.3 SPECIFYING OPERATIONS
Processes in data flow diagrams must eventually be implemented as operations on objects.
Each bottom-level, atomic process is an operation. Higher-level processes may also be con-
sidered operations, although an implementation may be organized differently from the data
flow diagram it represents because of optimization. Each operation may be specified in var-
ious ways, including the following:
— mathematical functions, such as trigonometric functions;
— table of input and output values (enumeration) for small finite sets;
‘equations specifying output in terms of input;
— pre-and post-conditions (axiomatic definition);
~ decision tables;
— pseudocode;
— natural language
Specification of an operation includes a signature and a transformation. The signature de-
fines the interface to the operation: the arguments it requires (number, order, and types) and
the values it returns (number, order, and types). The operation is usually listed in the object
model to show the pattern of inheritance; the signature of all methods implementing an op-
eration must match. The transformation defines the effect of an operation: the output values
as functions of the input values and the side effects of the operation on its operand objects.
The external specification of an operation only describes changes visible outside the op-
eration, During the implementation of an operation, internal values may be created for con-
venience or optimization. Some values may even be part of the internal state of an object.
For example, a sorted list of values can be implemented using various data structures, such
as a linear list or a balanced tree, whose internal organization can be freely changed provided
it does not change the extemal ordering of the list. Such internal details are private to an op-
eration (and possibly to an object class) and do not appear in its external specification. The
purpose of the specification is to indicate what an operation must do logically, not how it
must be implemented. Therefore the state of the object itself must be divided into extemally
  
 
ject that are not externally visible do not change the value of the object.6.3 SPECIFYING OPERATIONS 131
Access operations are operations that read or write attributes or links of an object. It is,
unnecessary to list or specify access operations during analysis, since they are trivial. During
design, it is necessary to note which access operations will be public and which will be pri-
vate to the object class. (See Section 1.2.2 for an explanation of analysis and design.) The
reason for restricting access is not for reasons of logical correctness but rather to encapsulate
classes for protection against bugs and to permit modifications to the implementation in the
future. Access operations are derived directly from the attributes and associations of a class
in the object model.
Nontrivial operations can be divided into three categories: queries, actions, and activi-
ties. A query is an operation that has no side effects on the externally visible state of any ob-
ject; it is a pure function. A query with no parameters (except for the target object) is a
derived attribute; it has the form (although not necessarily the implementation) of an at-
tribute, For example, if a point is specified in Cartesian coordinates, then the radius and angle
are derived attributes. In the object model, query operations can be grouped with attributes,
bbut their derived status should be indicated because they do not contribute additional infor-
mation to the state of the object. In many cases, the choice of certain attributes as base at-
tributes and others as derived attributes is arbitrary. For example, a point may be expressed
in both Cartesian and polar coordinates; neither is more correct. Because query operations
have no extemal effects, they are less important in analyzing and designing a system than
base attributes and actions. They can often be specified with equations written in terms of
other attributes and do not require a control component. Query operations are derived from
paths in the object model or by repackaging data from the object model.
An action is a transformation that has side effects on the target object or other objects in
the system reachable from the target object. An action has no duration in time; it is logically
instantaneous (although any actual implementation will take some time, of course). Because
the state of an object is defined by its attributes and links, all actions must be definable in
terms of updates to base attributes and links. An action can be defined in terms of the state
of the system before and after the action; a control component is unnecessary. For example,
the action of scaling a window on a workstation involves scaling the window boundary and
all of the contents of the window by a fixed factor. The order in which the scaling is per-
formed is irrelevant to the specification of the action; only the final result matters. Actions
are usually derived from processes in the functional model
Actions can be described in various ways, including mathematical equations, decision
trees, decision tables, enumeration of all possible inputs, predicate calculus, and natural lan-
guage. It is important that a specification be clear and unambiguous, not that it be formal,
Figure 6.8 shows the specification for a telephone switcher connecting a call. There are sev-
‘eral elements of a specification: the function name, the inputs and outputs, the transforma-
tions to values, and the constraints that must be observed. Note that no algorithm for
determining connections is given. The specification is informal and still ambiguous, For ex-
ample, the topology of the network must be specified in more detail. Nevertheless, this will
do for an initial top-level specification
‘One way of specifying an action is to give an algorithm (English, pseudocode, or actual
code) for computing it. Frequently a simple but inefficient algorithm for a function is easy
to define. This does not imply that the program must use the same algorithm, only that the
results be identical, although proving that two algorithms yield the same result can be diffi-132 Chapter 6 / FUNCTIONAL MODELING
 
 
Funetion: connect
Inputs: phone line, number dialed, current settings of switches
Outputs: new settings of switches, connection status
‘Transformation: Connect the calling phone to the dialed phone by closing con-
nections in the switcher, observing the following constraints:
Constraints: Only two lines are a time may be connected on any one circuit.
Previous connections must not be disturbed.
If the called line is already in use, then no switches are closed, and the status is,
reported as busy.
Ifa connection is impossible because too many switches are in use, then no switch-
es are closed, and the status is reported as switcher busy.
 
 
 
Figure 6.8 Action for telephone switcher connection
cult. Some functions can be specified in ways that do not provide a basis for an algorithm,
even an inefficient one. For example, the inverse of a matrix A is defined as “that matrix B
such that A times B yields the identity matrix.” Matrix multiplication is easily defined, but
deriving an algorithm to compute the inverse requires a considerable amount of linear alge-
bra. Supplying an algorithm is part of design.
An activity is an operation to or by an object that has duration in time, as opposed to
queries and actions, which are considered as instantaneous (logically, if not actually). An ac-
tivity inherently has side effects because of its extension in time. Activities only make sense
for actors, objects that generate operations on their own, because passive objects are mere
data repositories. An operating system demon, such as an output spooler, is considered an
actor because it has an active role in controlling the flow of information. The details of an
activity are specified by the dynamic model as well as the functional model and cannot be
considered just as a transformation. In most cases, an activity corresponds to a state diagram
in the dynamic model.
6.4 CONSTRAINTS
‘A constraint shows the relationship between two objects at the same time (such as frequency
and wavelength) or between different values of the same object at different times (such as
the number of outstanding shares of the mutual fund). A constraint may be expressed as a
total function (one value is completely specified by another) or a partial function (one value
is restricted, but not completed specified, by another). For example, a coordinate transforma-
tion might specify that the scale factor for the x-coordinate and the y-coordinate will be
‘equal; this constraint totally defines one value in terms of the other. The Second Law of Ther-6.5 ASAMPLE FUNCTIONAL MODEL 133
modynamics expresses a partial constraint; it states that the entropy (disorder) of the Uni-
verse can never decrease.
Constraints can appear in each of the kinds of model. Object constraints specify that
some objects depend entirely or partially on other objects. Dynamic constraints specify re-
lationships among the states or events of different objects. Functional constraints specify re-
strictions on operations, such as the scaling transformation described above.
A constraint between values of an object over time is often called an invariant. Conser-
vation laws in physics are invariants: The total energy, or charge, or angular momentum of
4 system remains constant. Invariants are useful in specifying the behavior of operations.
6.5 A SAMPLE FUNCTIONAL MODEL
In this section, we describe the functional model for a flight simulator. The simulator is re-
sponsible for handling pilot input controls, computing the motion of the airplane, computing
and displaying the outside view from the cockpit window, and displaying the cockpit gauges.
‘The simulator is intended to be an accurate but simplified model of flying an airplane, ignor-
ing some of the smaller effects and making some simplifying assumptions. For example, we
‘omit the rudder, under the assumption that it is held so as to keep the plane pointing in the
direction of motion. Figure 6.9 shows the top-level data flow diagram for the flight simulator.
‘There are two input actors: the Pilot, who operates the airplane controls, and the Weather,
which varies according to some specified pattern. There is one output actor: the Screen,
which displays the pilot's view. There are two read-only data stores: the Terrain database,
which specifies the geometry of the surrounding terrain as a set of colored polygonal surfac-
es, and the Cockpit database, which specifies the shape and location of the cockpit viewport
and the locations of the various gauges. There are three internal data stores: Spatial param-
eters, which holds the 3-D position, velocity, orientation, and rotation of the plane; Fuel,
which holds the amount of fuel remaining; and Weight, which holds the total weight of the
plane (consumption of fuel causes the weight to decrease). The initialization of the internal
data stores is necessary but is not shown on the data flow diagram.
‘The processes in the diagram can be divided into three kinds: handling controls, motion
computation, and display generation, The control handling processes are adjust controls,
which transforms the position of the pilot's controls (such as joysticks) into positions of the
airplane control surfaces and engine speed; consume fuel, which computes fuel consumption
as a function of engine speed; and compute weight, which computes the weight of the air-
plane as the sum of the base weight and the weight of the remaining fuel. Process adjust con-
trols is expanded on Figure 6.10, where it can be seen as comprising three distinct controls:
the elevator, the ailerons, and the throttle, There is no need to expand these processes further,
as they can be described by input-output functions (we do not attempt to specify them here).
‘The motion computation processes are compute forces, which computes the various
forces and torques on the plane and sums them to determine the net acceleration and the ro-
tational torques, and integrate motion, which integrates the differential equations of motion.
Process compute forces incorporates both geometrical and aeronautical computations. It is
expanded on Figure 6.11. Net force is computed as the vector sum of drag, lift, thrust, and134 Chapter 6 / FUNCTIONAL MODELING
 
 
Pilot Weather
 
 
 
 
 
 
 
   
   
  
wind velocity,
pressure,
temperature
acceleration,
torque
attitude,
velocity,
controls
    
  
   
  
control surfaces,
engine speed
    
 
integrate
motion
   
 
  
    
   
 
         
 
 
  
 
 
 
 
 
engine orientation, ony
speed rotation veo
Weight ;
oo rotation
position,
orientation
    
geometry Terrain
  
transformed
image
  
 
 
Figure 6.9 Functional mode! of flight simulator
elevator
i & cre se
Pilot a <-> ED Ga) “—
throttle ED ea Spaed
Figure 6.10 Expansion of adjust controls process
 
 
 
 
weight. These forces in turn depend on intermediate parameters, such as airspeed, angle of
attack, and air density. The aerodynamic calculations must be made relative to the air mass,
so the wind velocity is subtracted from the plane's velocity to give the airspeed relative to6.5 A SAMPLE FUNCTIONAL MODEL
 
Figure 6.11. Expansion of compute forces processes
the air mass; the orientation of the plane must be transformed also. Air density is also com-
puted and used in subsequent processes. The intermediate parameters are computed in terms
of data store parameters, such as airplane velocity, orientation, rotation rates roll rate and
pitch rate, and altitude, obtained from Spatial parameters; wind velocity, temperature, and
pressure, obtained from Weather; weight, obtained from Weight; and in terms of output data
flows from other processes, such as elevator angle, aileron angle, and engine speed, obtained
135136
transform view process
Terrain
database
polygon (3D)
Position ‘subtract,
vectors
plane-centered
polygon (3D)
rotate
vectors
 
orientation
rent
polygon (3D)
 
  
jected
Potgon (2D)
Chapter 6 / FUNCTIONAL MODELING
display view process
  
  
     
  
     
projected
Polygon (2D)
  
Zlip polygon
Cockpit
to viewport database
viewport
outline
clipped
polygon (2D)
 
 
 
 
display gauges process
   
 
altitude
 
Figure 6.12 Expansion of display processes
from process adjust controls. The internal processes, such as compute drag, compute lift, and
compute density, would be specified by aeronautical formulas and look-up tables for the spe-
cific airplane. For example, compute lift is specified by the equation L = C(ae)SpV"/2, where
Lis lift, cris the angle of attack, S is the wing area, p is the air density, V is the airspeed, and
Cis the coefficient of lift as a function of angle of attack, specified by a table for the partic~
ular kind of wing. Process integrate motion is the solution to the differential equations of6.6 RELATION OF FUNCTIONAL TO OBJECT AND DYNAMIC MODELS 137
motion. It is easy to specify, but its implementation involves careful numerical analysis con-
siderations.
The display processes are transform view, display view, display gauges, and display
cockpit. These processes convert the airplane parameters and terrain into a simulated view
‘on the screen. They are expanded on Figure 6.12. Process transform view transforms the co-
ordinates of a set of polygons in the Terrain database into the pilot's coordinate system, by
first offsetting them by the plane’s position, rotating the polygons by the plane’s orientation,
and then transforming the polygons” perspective onto the viewing plane to produce a 2-D
image in the pilot’s eye view. The position and orientation of the plane are input parameters,
Process display view clips the image of the transformed polygons to remain within the output
of the cockpit viewport, whose shape is specified in a Cockpit database. The clipped 2-D
polygons are drawn on the screen using the colors specified in the Terrain database. Process
display gauges displays various airplane parameters as gauges, using locations specified in
the cockpit database. Process display cockpit displays a fixed image of the stationary parts
of the cockpit and needed not be expanded.
Note that the functional model does not specify when, why, and how often values are
computed. In a simulation such as this one, the motion integration might be performed more
often than view computation because integration is subject to cumulative errors if too large
‘an interval is used. Other computations can be omitted by sorting data cleverly. A smart
view-mapping algorithm would quickly eliminate most of the terrain polygons using crude
direction or distance checks so that only a few polygons would require costly full transfor-
mations and visibility checks. The set of active polygons would have to be updated occasion-
ally as the plane moves, but hopefully not too often. Such considerations are part of the
implementation algorithm but do not show up in the data flow diagram, which shows the un-
derlying flow of data and computations but not the control decisions added by an implemen-
tation.
6.6 RELATION OF FUNCTIONAL TO OBJECT AND DYNAMIC MODELS
‘The functional model shows what “has to be done” by a system. The leaf processes are the
operations on objects. The object model shows the “doers—the objects. Each process is im-
plemented by a method on some object. The dynamic model shows the sequences in which
the operations are performed. Each sequence is implemented as a sequence, loop, of alterna
tion of statements within some method. The three models come together in the implementa-
tion of methods. The functional model is a guide to the methods,
The processes in the functional model correspond to operations in the object model. Of-
{en there is a direct correspondence at each level of nesting. A top-level process corresponds
to an operation on a complex object, and lower-level processes correspond to operations on
more basic objects that are part of the complex object or that implement it. Sometimes one
[process corresponds to several operations, and sometimes one operation corresponds to sev-
eral processes.
Processes in the functional model show objects that are related by function. Often one
Cf the inputs to a process can be identified as the target object, with the rest being parameters138 Chapter 6 / FUNCTIONAL MODELING
to the operation. The target object is a client of the other objects (called suppliers) because
it uses them in performing the operation. The target knows about the clients, but the clients
do not necessarily know about the target. The target object class is dependent on the argu-
‘ment classes for its operations. The client-supplier relationship establishes implementation
dependencies among classes; the clients are implemented in terms of, and are therefore de-
pendent on, the supplier classes.
A process is usually implemented as a method. If the same class of object is an input and
an output, then the object is usually the target, and the other inputs are arguments. If the output
of the process is a data store, the data store is the target. If an input of the process is a data store,
the data store is the target. Frequently a process with an input from or output to a data store
corresponds to two methods, one of them being an implicit selection or update of the data store.
If an input or output is an actor, then it is the target. If an input is an object and an output is a
part of the object or a neighbor of the object in the object model, then the object is the target.
If an output object is created out of input parts, then the process represents a class method. If
none of these rules apply, then the target is often implicit and is not one of the inputs or outputs.
Often the target of a process is the target of the entire subdiagram. For example, in Figure 6.9,
the target of compute forces is actually the airplane itself. Data stores weight and spatial pa-
rameters are simply components of the airplane accessed during the process.
Actors are explicit objects in the object model. Data flows to or from actors represent
operations on or by the objects. The data flow values are the arguments or results of the op-
erations. Because actors are “self-motivated” objects, the functional model is not sufficient
to indicate when they act. The dynamic model for an actor object specifies when it acts.
Data stores are also objects in the object model, or at least fragments of objects, such as
attributes. Each flow into a data store is an update operation. Each flow out of a data store is
a query operation, with no side effects on the data store object. Data stores are passive ob-
jects that respond to queries and updates, so the dynamic model of the data store is irrelevant
to its behavior. The dynamic model of the actors in a diagram is necessary to determine the
order of operations.
Data flows are values in the object model. Many data flows are simply pure values, such
as numbers, strings, or lists of pure values. Pure values can be modeled as classes and im-
plemented as objects in most languages, but they do not have identity. A pure value is not a
container whose value can change but just the value itself. A pure value therefore has no state
and no dynamic model. Operations on pure values yield other pure values and have no side
effects. Arithmetic operations are examples of such operations.
Other data flows represent normal objects. The selection data flow notation of Figure 6.5
explicitly produces a data store object to be operated on by other flows. Some input data
flows to processes represent objects that are the targets of the processes. For example, the
polygons in the top half of Figure 6.12 are the targets of several operations. In the object
‘model, class polygon would have operations subtract position, rotate, transform perspective,
and clip to viewport. In still other cases, a data flow represents an object that remains encap-
sulated; it is created by one process and passed through to another without change. Such data
flows represent arguments to operations, rather than targets. For example, in Figure 6.6, the6.7 CHAPTER SUMMARY 139
input account to bank is an object that is stored within hank without being operated on; the
same object is treated as a target object with respect to deposits from the customer.
Relative to the functional model: The object model shows the structure of the actors,
data stores, and flows in the functional model. The dynamic model shows the sequence in
which processes are performed.
Relative to the object model: The functional mode! shows the operations on the classes
and the arguments of each operation. It therefore shows the supplier-client relationship
among classes. The dynamic model shows the states of each object and the operations that
are performed as it receives events and changes state.
Relative to the dynamic model: The functional model shows the definitions of the leaf
actions and activities that are undefined with the dynamic model. The object model shows
what changes state and undergoes operations.
6.7 CHAPTER SUMMARY
The functional model shows a computation and the functional derivation of the data values
in it without indicating how, when, or why the values are computed. The dynamic model
controls which operations are performed and the order in which they are applied. The object
model defines the structure of values that the operations operate on. For batch-like compu-
{ations, such as compilers or numerical computations, the functional model is the primary
model, but in large systems all three models are important.
Data flow diagrams show the relationship between values in a computation. A data flow
diagram is a graph of processes, data flows, data stores, and actors, Processes transform data
values. Low-level processes are simple operations on single objects, but higher-level pro-
cesses can contain intemal data stores subject to side effects. A data flow diagram is a pro-
cess. Data flows relate values on processes, data stores, and actors. Actors are independent
objects that produce and consume values. Data stores are passive objects that break the flow
of control by introducing delays between the creation and the use of data. As a rule, control
information should be shown in the dynamic mode! and not the functional model, although
contro! flows in data flow diagrams are occasionally useful.
Data flow diagrams can be nested hierarchically, but ultimately the leaf processes must
be specified directly as operations. Operations can be specified by a variety of means, includ-
ing mathematical equations, tables, and constraints between the inputs and outputs. An o
eration can be specified by pseudocode, but a specification does not imply a particular
implementation; it may be implemented by a different algorithm that yields equivalent re-
sults. Operations have signatures that specify their external interface and transformations
that specify their effects. Queries are operations without side effects; they can be implement-
‘ed as pure functions. Actions are operations with side effects but without duration; they can
be implemented as procedures. Activities are operations with side effects and duration; they
must be implemented as tasks. Operations can be attached to classes within the object model
and implemented as methods.140 Chapter 6 / FUNCTIONAL MODELING
Constraints specify additional relationships that must be maintained between values in
the object model. Invariants specify that some functions of values remain constant over time.
The object model, dynamic model, and functional model all involve the same concepts,
namely data, sequencing, and operations, but each model focuses on a particular aspect and
leaves the other aspects uninterpreted. Alll three models are necessary for a full understand-
ing of a problem, although the balance of importance among the models varies according to
the kind of application. The three models come together in the implementation of methods,
which involve data (target object, arguments, and variables), control (sequencing con-
structs), and operations (calls, expressions, and data access). Data flow diagrams are partic-
ularly useful for showing the high-level functionality of a system and for showing complex
transformations with multiple inputs, outputs, and intermediate values.
 
action data flow diagram nested data flow diagram
activity data store ‘operation
actor derived attribute process
client function query
‘constraint functional model signature
control flow invariant terminator
data flow leveling
 
 
 
 
ure 6.13 Key concepts for Chapter 6
BIBLIOGRAPHIC NOTES
Data flow diagrams are the primary modeling construct in a number of traditional software
development methodologies. Many readers will be familiar with these concepts from previ-
‘ous work. [Yourdon-89] presents the classic exposition of the leading traditional methodol-
ogy, including an explanation of data flow diagrams. [DeMarco-79] and [Gane-78] are
earlier pioneering books in the area. [Ward-86] adds control concepts to the standard data
flow diagram notation. Engineers commonly use several equivalent data flow notations, such
as signal processing diagrams. PERT charts are another familiar example, albeit with some
additional semantics.
 
 
REFERENCES
[DeMarco-79] Tom DeMarco. Structured Analysis and Systems Specification. Englewood Cliffs, New
Jersey: Prentice Hall, 1979.
{Gane-78} Chris Gane and Trish Sarson. Structured Systems Analysis: Tools and Techniques. Engle-
wood Cliffs, New Jersey: Prentice Hall, 1978.
{Ward-X6] Paul Ward and Steve Mellor. Structured Development of Real-Time Systems. Englewood
Cliffs, New Jersey: Yourdon Press, 1986.
[Yourdon-89] Edwand Yourdon, Modern Structured Analysis. Englewood Cliffs, New Jersey; Yourdon
Press, 1989.EXERCISES 144
ot
(2) Describe the meaning of the data flow diagram in Figure E6.1.
load characteristics
 
Figure E6.1. Data flow diagram of motor analysis.
(6) Figure E6.1 cannot be considered a description of how to actually compute the performance
‘of a motor because it contains circular dependencies. For example, electrical analysis uses speed
4s an input and computes electrical torque. Mechanical analysis uses electrical torque as an input
in computing speed. Suppose you were given four subroutines that performed the computations
involved in each of the four processes. Each subroutine computes the outputs of the associated
process from the inputs. Discuss how to compute the temperature of a motor in view of the cir~
cular dependencies.
(6) Prepare a data flow diagram for computing the net score for a trial in judged athletic compe-
titions that describes the following method. Each attempt of a competitor in an event is observed
bby several judges. Each judge rates the attempt and holds up a score. A reader assigned to the
‘group of judges announces the scores one at a time to a panel of scorekeepers. Three scorekeep-
ef» write the scores down, cross off the highest and the lowest scores, and total up the rest. They
‘check each other's total to detect errors in recording and/or arithmetic. In some cases, they may
ask the reader to repeat the scores. When they are satisfied, they hand their figures to three other
scorekeepers who multiply the total score by a difficulty factor for the event and take the average
to determine a net score. The net scores are compared to detect and correct scoring errors.
(3) Prepare a data flow diagram for computing the volume and surface area of a cylinder. Inputs
are the height and radius of the cylinder. Outputs are volume and surface area. Discuss several
ways of implementing the data flow diagram.
(6) Prepare a data flow diagram for computing the mean of a sequence of input values. A sepa:
‘ate control input is provided to reset the computation. Each time a new value is input, the mean
of all values input since the last reset command should be output. Since you have no way of
{knowing how many values will be processed between resets, the amount of data storage that you
‘use should not depend on the number of input values. Detail your diagram down to the level of
multiplications, divisions, and additions142
6.6
67
68
69
Chapter 6 / FUNCTIONAL MODELING
(3) Using the quadratic formula as a starting point, prepare a data flow diagram for computing
the roots of the quadratic equation ax” + bx +¢ = 0. Real numbers, a, b and c are inputs. Out-
puts are values of x = RI and x = R2, which satisfy the equation. Remember, Ri and R2 may
be real or complex, depending on the values of a, b, and c. The quadratic formula for RI and R2
is (0, else
SIGN(x) = 0. (SIGN(x) could be itself computed or provided by the hardware.)
a. Using if statements, express an algorithm for computing the following real periodic function
T(x) for all real values of x: For a portion of the domain of T(x), -3