An Automated Software Design Methodology Using

to develop a framework for an automated approach to software design. ...... systems is given in Yau, Yang, and Shaltz [44] and is summarized as follows:.
An Automated Software Design Methodology Using CAPO


JAHANGIR KARIMI received a B.S. in Managerial Economics from the University of Tehran, Iran, in 1974 and M.S. and Ph.D. degrees in Management Information Systems from the University of Arizona, Thcson, in 1978 and 1983, respectively. Since 1983, he has been with the Department ofInformation Systems, University of Cincinnati, for a year, and the University of Colorado at Denver, where he is currently an Assistant Professor. His research interests include computer aids in the systems development process, software engineering, user interface design, and information systems modeling techniques. He has published in the IEEE Transactions on Software Engineering. Dr. Karimi is a member of the Association of Computing Machinery, Computing Society, and the Society for Information Management. ABSTRACT: Software design is the process which decomposes a set of requirement specifications into certain basic elements and partitions these decomposed specifications into modules. In this paper, important techniques for the logical design of software and the properties associated with a structured design are analyzed in order to develop a framework for an automated approach to software design. To ensure software quality, a set of matrices is developed to guide the design process and to evaluate the quality of a design for the purpose of comparing different designs. The applicability of the methodology in nonsequential and object-oriented design environments is also discussed. KEY WORDS: Software design methodologies, structured design, modularization, coupling, cohesion.

1. Introduction SOFT WAR E DES IG Nnecessitates development of a network of transformation methods. The input to the design process is a set of the user's requirement specifications. The overall system requirements are considered in terms of feasibility and costbenefit analysis. The functional specification provided a base line for design, verification, and validation processes. Correct specification is immensely important, because an incorrect specification results in a faulty system [37]. The author gratefully acknowledges the helpful comments of the anonymous reviewers and the encouragement and support provided by Professor Benn R. Konsynski in the course of this work. Journal of Management Information Systems/Winter [986-87,Vol. III, No.3

Part of the functional specification is the performance requirement specification, which specifies in detail how system functions are supposed to perform with regard to the constraints on global measures of system behavior, for example, response time. The functional and performance specifications are used in the design process, which consists of two major stages: the architectural and detailed design stages [11, 12, 37]. The objectives ofthe architectural or logical design stage are (l) to decompose the requirement and/or functional specifications into major parts and (2) to establish relationships between the parts in order to form a system structure. The process is associated with the development of nonprocedural specifications of the modules within the system. These specifications are related to all module interconnections and module functions. The detailed design stage is responsible for the procedural specifications of each module. Algorithms are selected and evaluated to implement each module. A major difference between a "good" design and a "poor" design is the complexity of the resulting design structure. In most systems, complexity is reduced by decomposing the system into independent parts, each having identifiable and understandable interfaces. Although decomposition helps in the comprehension of the system, arbitrary partitioning can actually increase complexity if individual parts of the system perform too many unrelated (and thus different) functions [27, 29]. This paper deals with the development of a computer-aided tool for providing assistance in one portion of the software life cycle, namely, the determination of program modules in the design of software. Several problems need immediate consideration when building automated tools for the software design process. Among them are (1) the lack of unique standard attributes of design quality, (2) the lack of quantifiable measures of quality (based on the attributes), and (3) the fact that design process is not merely a search of a solution space, because an infinite number of "correct" solutions might exist. A number of recent studies have focused on the development of matrices to measure the quality of software systems given the design specification. Beane, Giddings, and Silverman in [4, 14] developed rules to quantify notions of good design based on the connectivity and the complexity of the system components. A path matrix is defined to suggest areas needing refinement and to identify potential design problems, such as bottenecks. In Belady and Evangelisti [5] and in Hutchens and Basili [21] similar interconnectivity matrices are defined in order to measure the quality of the design based on interconnectivity and the complexity of the parts within the system. In both studies, the matrices are based on the information flow between system components (coupling) and are demonstrated to be useful in finding structural flaws in the design and implementation of an existing system. Although the above matrices are claimed to be useful in the design evaluation process, their utility is not clear in the architectural design stage. In developing a very large system, a designer must cope with system complexity by factoring the design into subproblems. The designer must also cope with the interaction between

subproblems because they are seldom independent. In such an environment, a designer cannot immediately assess the consequences of design decisions but must be able to explore design possibilities tentatively. In addition, constraints on a design come from many sources, and usually there are no comprehensive guidelines that integrate constraints with design choices. In designing a large system, it is easy to forget the reasons for some design decisions and hard to assess the impact of a change in part of a design. A computer-aided methodology for the architectural design stage that (I) makes use of the important design properties for the purpose of design recommendation and (2) evaluates the impact of change in the system structure before actual implementation would defi·· nitely be useful. Section 2 discusses important design techniques in the logical design stage of the software life cycle. Section 3 discusses the features of the system that relate to the design process and the design decisions that must be made in order to derive a system with the desired properties. Section 4 contains a detailed explanation of a "new" methodology for a computer-aided approach to design. This section also describes how to derive a set of quantifiable measures for the desired system properties that are used as the decision rules for the methodology. Section 5 contains a comparison between a design generated by computer-aided process organization (CAPO) and one generated by manual design techniques. Sections 6 and 7 discuss the applicability of CAPO in nonsequential and object-oriented design environments. Section 8 contains conclusions and suggestions for future research.

2. Software Design Techniques SEVERAL SOFTWARE DESIGN TECHNIQUES have been derived from consideration of information structure, control structure, and information flow [12, 43]. The information structure and information flow techniques emphasize the process of decomposition and structure in creating a software architecture. The main focus of control structure techniques is on the consistency, completeness, and reachability for functional flows. In the following, we briefly discuss these techniques. The Jackson methodology [22] and Warnier's Logical Construction of Programs [46] both (I) rely on the hierarchical organization of input and output data, (2) circumvent direct design derivation of modular structure, (3) move directly toward a processing hierarchy followed by detailed procedural constructs, and (4) provide supplementary techniques for more complex problems. Examples of control structure techniques are the Finite-State Machines [10] and Petri nets [34]. Both techniques have been used independently or together with another methodology in order to contribute to the functional specification of a system. Salter [38] describes an approach to constructing the control Finite-State Machine (FSM) for a system. Salter's methodology includes three basic system' ingredients. These are control, functions, and data. Once the control FSM is defined, it can be mechanically checked for properties

which are important for a well-specified system. A partial list of these properties is given below. For a more complete list, see Karimi and Konsynski [24]. -Consistency. An FSM is consistent if for any given state and any given input only one transition can occur. -Completeness. An FSM is complete iffor any given input and any current state a transition is defined. -Reachability. A state of an FSM is reachable if there is path to it from both the start and end states. In contrast to the Finite-State Machines, which are most appropriate for representing single process systems, Petri nets are ideal where a number of independent, but cooperating, processes need to be coordinated or synchronized. A full understanding of the theoretical principles can be obtained from Peterson [34, 35]. Petri nets provide a powerful notational and analytical tool for defining systems with parallelism and interacting concurrent components. They are also considered an ideal modeling tool-for instance, where events are independent and asynchronous. When used as an adjunct to a methodology such as SREM (Software Requirements Engineering Methodology) [1], Petri nets contribute to the functional specification of a system by representing a graphical model of the system; then, the various analyses of the Petri nets graph can result in evaluating the properties of the modeled system, for example, the unreachability of certain configurations or the impossibility of deadlock. The data flow design method was first prepared by Yourdon and Constantine [49, 50] and has since been extended by Myers [29]. The technique is helpful in a broad range of application areas because it makes use of data flow diagrams, a popular representation tool used by analysts. However, as stated by Yourdon [48], classic methods of data flow analysis are inadequate for modeling systems with complex functions and complex data. Structured analysis is not useful in modeling real-time systems either; previous definitions of the data flow diagram have not provided a comprehensive representation of the interaction between the timing and control aspects of the system and its data transformation behavior. However, an extension of the data flow diagram, called the transformation schema [45], has recently been developed and' 'provides a notation and formation rules for building a comprehensive system model, and a set of execution rules to allow prediction of behavior over time of a system modeled this way." Design begins with an evaluation of the data flow diagram. The information flow category (i.e., transform or transaction flow) is established, and flow boundaries that delineate the transform or transaction center are defined. Based on the location of boundaries, processes are mapped into the software structure as modules. The resulting structure is next optimized in order to develop a representation that will meet all functional and performance requirements and merit acceptance based on design measures and heuristics. A data-flow-oriented design approach is easy to apply, even when no formal data structure exists. The data flow diagram for a large system is often quite complex and may represent

the flow characteristics of both the transaction and transform analysis. In these situations, it is not always clear how to select overriding flow characteristics. Many unnecessary control modules will be specified if transform and transaction mapping is followed explicitly. Successful design using these methodologies relies upon the designer's selfdiscipline and professional judgment to ensure that design decisions are not based on speculation or premature selection of alternatives. There is a growing need for a design tool that can be applied to the logical (architectural) design process regardless of the scope of the design effort. The tool would not replace the designer but rather would support the design activities and provide a unified approach to the design process. The tool should also provide a quantitative measure of design quality to facilitate the design evaluation by the analyst. The goodness of the design should be measured as the degree to which a particular design satisfies the design heuristics.

3. Evaluation Criteria MANY DESIGN HEURISTICS are devoted to attaining modules that have three specific properties, expressed by White and Booth [47] as properties they "would like to see a design possess": 1. Components are relatively independent. 2. Existing dependencies can be easily understood. 3. There are no hidden or unforeseen interactions between modules. Myers [29] and Yourdon and Constantine [50] have proposed a series of qualitative rules and guidelines for obtaining software modules with these properties. In particular, they introduce the terms "internal module strength" (or cohesion), which refers to the level of association between component elements of a module, and "module coupling, " which refers to the strength ofthe interconnection between modules.

3.1 Cohesion Stevens, Myers, and Constantine [39] have recognized seven levels of module cohesion. They state that "these levels have been distinguished over the years through experience of many designers. " The seven levels are, in order of decreasing strength or cohesion, functional, sequential, commmunicational, procedural, temporal, logical, and coincidental. A brief description of each level of cohesion is given below. For more detail, see [29, 31, 39, 50]. Afunctionally cohesive module contains elements that all contribute to the execution of one, and only one, problem-oriented task. This is the strongest type of cohesion. The order of processing in sequentially cohesive modules is determined by data. The data that result from one processing function are the input for the next process-

ing function. Sequentially cohesive modules are almost as maintainable as functionally cohesive ones; however, they are not as easily reused, because they usually contain activities that will not, in general, be useful together. Communicational cohesion occurs when the activities are procedural but are performed on a unique data stream. The functions reference the same data and pass data among themselves. In contrast to sequentially cohesive modules, the order of processing is unimportant. In procedurally cohesive modules, activities are performed together because they can be accomplished in the same procedure, not because they should be. The elements are involved in different, and possibly unrelated, activities in which control (not necessarily data) flows from each activity to the next one. Crossing from easily maintainable modules with higher levels of cohesion to less easily maintainable modules with low levels of cohesion, we reach temporally cohesive modules. Elements within a temporally cohesive module are related in time. Temporally cohesive modules are similar to the procedurally cohesive ones in that they tend to be composed of partial functions whose only relationship to one another is that they all are carried out at a certain time. Logically cohesive modules consist of groups of activities that in some way belong logically to the same class. Because a generalized class of problems is performed, some specific piece of data is usually required to tell the function what specific actions to take. Logical cohesion results in tricky program code and the passing of unnecessary parameters which make support difficult. Coincidentally cohesive modules occur where there is no meaningful relationship among activities in a module. Like logical modules, they have no well-defined function. However, the activities in a logically cohesive module are at least in the same category; in a coincidentally cohesive module, even that is not true.

3.2 Coupling Coupling is defined as the degree of connections between modules [31]. The five different levels of coupling that may occur between a pair of modules, in increasing order of tightness, are: data, stamp, control, common, and content coupling. Two modules may be coupled by more than one level of coupling or by the same level a number oftimes. The higher the degree of coupling between two modules, the lower the degree of understandability, modifiability, and usability of the modules and the system as a whole. A number of researchers have reported studies in support of the above findings [9, 4l]. In Yau and Collofello [41], an algorithm is presented for calculating the design stability of a system and its module based upon the assumption counting ideas for module interfaces. The stability is defined as the resistance to the amplification of changes (ripple effect) in a system. The results confirm that the modules found to possess low stability were of weak functional cohesion and were commonly coupled to many other modules. In addition to the properties of the individual module, the collective structure

assumed by those modules must also be considered. For more detail, see [31, 50]. As Yourdon and Constantine [50] state, "These heuristics can be extremely valuable if properly used, but actually can lead to poor design if interpreted too literally.... Results often have been catastrophic." The concept of modularity also leads to the fundamental problem of finding the appropriate decomposition criteria. The principle of information hiding [32] suggests that modules should be specified and designed so that the information (procedure and data) contained within a module is inaccessible to other modules that do not require the information. Deriving a set of independent modules that communicate only that information necessary to achieve the software function, supplemented by a hierarchically structured document called "module guide" [33], would, by and large, satisfy the information-hiding principle. The volume of data transported between modules within the software structure also has a significant influence on the quality of the design. The higher the volume of data transported between modules, the higher the processing time of the executing software. The total transport volume is a useful measure for comparing candidate designs. The procedure for computing the transport volume and its usage are presented in Section 4.5.

4. CAPO Methodology Steps and Sequence of Activities FIGURE I depicts the overall structure of CAPO for grouping processes to form software modules. The system provides interactive design, is related to other analyzers (e.g., PSA [40]), and fits within the PLEXSYS methodology [26]. In order to systematize the design process, a process-structuring workbench has been developed to organize the activities in the logical design stage of the software life cycle. The objective is to derive a nonprocedural specification of modules, given the logical model of a system. The term "process" is characterized to be some sequence of operations which accepts information, uses resources to act upon it, and communicates with other processes to produce outputs that have some logical meaning. In other words, a "process" is a logical unit of computation or manipulation of data. This definition allows the process to be anything from a single operation, such as an addition, to a system itself. The scope of a process is determined based on the decision criteria involved in a particular design effort. Different levels of process interaction could be defined based on different levels of design efforts. Processes can be combined in several different ways based on their pattern of references to data and their executing functions. A framework is recommended in [23] for classifying different process interactions. The classification presented in Table I summarizes the conditions for binary combination of interacting processes. The processes are defined when the requirement specification is partitioned into a set of functional specifications. This partitioning is done with respect to the environ-

Table 1 The Nature of Binary Process Combinations Condition based on

Intersecting executing functions

Disjoint executing functions

• Reference similar data

• Serial combination • Scheduling necessary • Competition or cooperation

• Asynchronous combination • Scheduling possible • Competition

• Reference unsimilar data

• Synchronous combination • Parallel • Cooperation or interference

• Disjoint combination • Scheduling freedom • Non-interference

ment in which the software system is expected to operate and for the purpose of identifying the data sets, the processes, and the control and functional relations between them. Processes and process groups can be designed and implemented as either sequential, distributed, or concurrent processes. The complexity of the design largely depends on how the processes communicate and share resources. The nature of these interactions largely depends on the operational environment of the software system. Different graphical representation tools are needed to capture all the data, control, and functional relationships between the processes. From the analysis of the system under study, a flow-graph is generated. For the purpose of this discussion, "flow-graph" is defined as a generic term that refers to data flow diagrams, FSMS, and Petri nets. The flow-graph represents (1) a logical model of the system and (2) the network of processes within the system. Processes and their relationships are represented as the graph nodes and the links joining the nodes, respectively. Processes must be performed and data supplied in a certain sequence. The logical view ofthe system may be expanded by functional decomposition of processes. Essentially, one process on the flow-graph is selected and broken down into its subprocesses. These lower level processes then become processes on a new flow-graph. The information represented by the flow-graph is used by the CAPO analysis package. The system reads an input file (which is created interactively) with the information about each process. The methodology starts by converting the flow-graph into a series of six matrices. The objective is to capture all the control, data, logical, and timing interdependencies between the processes. The purpose of each matrix and the procedure for deriving it are explained below. These definitions are extensions of the work of Nunamaker, Nylin, and Konsynski [30].

4.1. STEP ONE-Generating an Internal Representation of the Processes (1) Incidence matrix (E). The incidence matrix shows the relationships of the processes (Pi) and files (fj) or data sets.

Copvriqht © 2001. All Rights Reserved.



Let: eij = 1 if Jj is an input to Pi, i = 1, 2, .. , , n, eij = -1 if Jj is an output of Pi, j = 1, 2, ... , k, eij = 0 if there is no incidence between Jj and Pi' (2) Precedence matrix (P). The precedence matrix shows whether a particular process is a direct precedent to any other process.

Let: Pij = 1 if Pi is a direct precedent to Pj, Pij = 0 otherwise.

(R). The reachability matrix shows if a process has any precedence relation with any other process. In other words, it shows whether there is a logical path between any two processes. (3) Reachability matrix

Let: R ij = 1 if Pi has any precedence relationship with Pj, R ij = 0 otherwise. (4) Partial reachability matrix (R*). The partial reachability matrix is used to check the precedence violations which are necessary in order to compute the matrix of feasible grouping (G).

Let: R't}· = 1 if Pi has a higher (two or more) order precedence with Pj, Rij = 0 otherwise.

Higher order of precedence between two processes indicates that the two may not be executed in parallel and/or in sequence. There is at least one step of processing that needs to take place between the two. (5) Feasible process pair grouping matrix (G). The G matrix is derived using the precedence matrix and the partial reachability matrix. The element of the G matrix shows the feasible and/or profitable process pairs grouping. If Gij = -1, there exist two or more higher order relationships between Pi and Pj and Pi cannot be combined with Pj. They also cannot be executed in

parallel. Therefore, let: Gij = -1 if Rij or RJi


1 or i

= j,

Copyright © 2001. All Rights Reserved.



If Gij =0, there is no precedence ordering (direct link), and Pi can be grouped with Pj. This indicates a feasible but not necessarily profitable grouping (no saving on input/output time). However, they can be executed in parallel. See Table 2. Gij

= 0 if (R t = 0 and R Ii = 0)


(P ij = 0 and Pji = 0)

except when: [(Pu = I and Pjl = 1) or (P/i = 1 and P/j = 1)]

(Grouping is feasible but not necessarily profitable.) Table 2

Conditions for G ij = 0 Notation




= 0 and R J; = 0

There is no higher order precedence between (Pi and P) and between (Pj and Pi) and no direct precedence between (Pi and Pj) and between (Pj and Pi) except when

and Pi}

= 0 and Pji = 0 except when




and (Pjl = 1) or


If Gij



and (P lj



= 1, there is a direct precedent relationship, and Pi can be grouped with PJ. This indicates a feasible and profitable grouping. See Table 3.



1 if (R

t = 0 and R Ii = 0)


[(Pij = 1) or (Pji = 1) or (P u = 1) and (Pjl = 1) or (Plj = 1) and (Pli = 1)] Table 3

Conditions for G ij = 1 Notation



and either Pi} = 1 or Pji = or Pit = 1 and Pji = 1 or Plj


1 and P/i



There is no higher order precedence between (Pi and Pj) and (Pj and Pi) and either or ~ or


~ or ~ ~~

Copvriqht © 2001. All Rights Reserved.



If Gij = 2, there is an immediate reduction in logical input/output requirements when Pi and Pj are grouped. See Table 4. Therefore,

let: Gij = 2 if


= 0 and RJi = 0)


[(Pi! = 1 and Pjl = 1) or

(Rti Table 4


1 and Rtj



Conditions for Gij = 2 Notation



and either Pa = I and Pjl


There is no higher order precedence between (Pi and Pj) and between (Pj and Pi) and i either

~ PI



RIt = I



or There is a higher order precedence between (PI and Pi) and between (PI and Pj).

~--~ ...... ..rP1


(6) Timing relationship matrix (T). The Marimont procedure [28] is used to find the earliest time and latest time of execution of each process. Using the procedure, we define the matrix T in the following manner:


Tij Tij

1 if Pi is invoked in the same time interval as Pj, = 0 otherwise. =

The matrices ofreachability, partial reachability, feasible process pair groupings, and timing relationship are useful when analyzing the periodicity of processing and invocation. By analyzing invocation procedures and data usage, we can determine precedence relations and assess potential savings from parallel invocation of processes. These criteria take on special importance when mixed or multiple processors and/or pipelining is involved. For more detail, see [24].

4.2. STEP TWO-The Interdependency Weight Assignment Each process on the flow-graph is an independent functional entity that might best be

Copyright © 2001. All Rights Reserved.



performed as a separate module. Combining the processes into a single module can reduce the degree of cohesiveness within the system. However, since the objective is to increase cohesion and to decrease coupling, increasing the cohesion within the system by itself would not create a satisfactory design. What we hope to create is a set of functionally cohesive modules that are also data coupled. Simply designating each process in the flow-graph as a separate module would create a system with an excessive number of calls (one per each module) and with a high degree of data transport. The level of cohesion of each module depends on the processes which constitute that module. A module consisting of several logically related complete processes would be more cohesive than a module consisting of fragments of several processes. Depending on the size of the module and the size of the processes that constitute the module, different process groupings will result in different levels of cohesiveness. Relatively high levels of coupling would also occur when modules were tied to an environment external to the software. For example, input/output (I/O) couples a module to specific devices, formats, and communication protocols. External coupling is essential but should be limited to a small number of modules within a structure. Achieving these objectives would require a balanced level between cohesion, coupling (both internal and external), and volume of data transported within the system. Such a balance would be accomplished by proper grouping of the processes within the modules. Using the matrices defined in Section 4.1 above, we examine the relationship between each pair of processes to determine the extent of their interdependencies with respect to implementation alternatives in the target system. This examination would generate an interdependency weight that would be assigned to the link joining each pair of processes. In order to assign an interdependency weight (Wi), a weighting scheme is first developed. Second, appropriate weights are assigned to the appropriate link in the [0, I J range. Weight is assigned to links joining any two processes to discourage or encourage their grouping in a single module. Modules should be designed with a high level of cohesion and a low level of coupling. A high level of cohesion results when the processing elements within a module have a strong data or functional relationship. There are seven levels of cohesion that might result from grouping different processing elements in a module. These are shown, in order, in Table 5. The order indicates the degree of association between processes within a module (i.e., how closely they are data, functionally, logically related). Different attempts have been made in the literature to assign a relative weight or "cohesion factor" to each level [29, 50J. The objective has been to show the extent of the difference between levels by the cohesion factor rather than to show just a simple ranking. The same principle is used here to assign interdependency weights. However, the weights are chosen in the [0, I J range for normalization and, later, decomposition purposes. A close look at each level of cohesion and the above six matrices, which identify the process relationships, suggests the following weighting scheme to be used when

Copvriqht © 2001. All Rights Reserved.



Table 5

Comparisons of Levels of Cohesion

Level of cohesion

Cohesion factor


Coincidental Logical Temporal Procedural Communicational Sequential Functional

I 3 5 7 9 10

automating the design. When processing elements have no logical or data relationships and they are grouped in a poor design just to avoid repeating a segment of code, the resulting module will have coincidental cohesion. Therefore, let: Wij = 0 if Gij = - 1 and, for all time periods, Tij

= o.

In other words, if two processes have no direct precedence relationships and they are not required to be invoked at the same time, then a zero weight would be assigned to the link joining the two processes, indicating the coincidental cohesion as a result of their grouping. When two processes do not have a data relationship but they are invoked at the same time, grouping them would result in a module with temporal cohesion. A weight of 0.3 is assigned to the link joining them. Let: Wij

= 0.3 if Gij = 0 and at time t (Tij = 1).

Two processes have procedural cohesion if they are activated by the same process but do not necessarily use the same data set as input files. Let: W ij


0.5 if G ij


2 and not



1 and




Communicational cohesion results when the processing elements within the module use the same input data sets or they produce the same output data sets. Therefore,

let: Wij = 0.7 if Gij = 2 and


1 and


Copyright © 2001. All Rights Reserved.




A higher weight indicates a higher level of cohesion. Sequential cohesion between processes is easily recognizable from the flow-graph and related matrices. In terms of a data flow graph, sequential association results from a linear chain of successively transformed data. Sequential cohesion produces fewer intermodule communications. Therefore, let:


= 0.9

if Gij



Two processes may be logically cohesive by being part of a single operation. For example, processing elements that perform all the edit functions within a module are logically related. In such cases, the designer would be asked to identify the processes. A weight of 0.1 is assigned to the link joining them.

4.3. STEP THREE-The Generation of the Similarity Matrix The method used to generate the similarity matrix for the flow-graph was first suggested by Gottleib and Kumar [15] in the context of clustering index terms in library management. The approach is based on the concept of core set, which is used in heuristic graph decomposition techniques to find high strength subgraphs. The core set concept is defined below: Assuming O:[O;i; i = 1, ... , n] set of (n) nodes in a flow-graph then

A = aij is the graph adjacency matrix, such that

ai) = 0 aij = wi)

if no link connects nodes i and j, if there is a link with a weight of (wi) between nodes i and j.




j: aij > 0 is the core set of nodes connected to i in the graph including i itself.

The core set concept has been used by Huff and Madnick [20] to define the similarity measure between a pair of nodes in a weighted, directed graph in

Copyriqht © 2001. All Rights Reserved.



the following manner. Let: average (mean) weight on links joining nodes i and j to nodes within (Q(l) n Q(J). average (mean) weight on all links from nodes i and j to other nodes in Q(l) U Q(J). Then, define the similarity measure as:

p .. I]


IQ(i) n IQ(i) U

Q(j) I Q(j) I






The above procedure reemphasizes the importance of the weighting scheme to the decomposition procedure and to the methodology as a whole. A higher weight on the link joining any two processes indicates a higher level of cohesion, which would result from their grouping in a single module. For the same reason, a higher interdependency weight also produces a higher similarity weight, which, in effect, puts the two processes in some sort of "priority" list as being the next appropriate candidates to be selected to form a cluster.

4.4. STEP FOUR-Cluster Analysis for the Purpose of Modularization As a result ofthe preceding analysis, the flow-graph is transformed into a weighted directed graph. The weighted graph must be decomposed into a set of nonoverlapping subgraphs which have the objective function of the design. There are a number of different methods available in current practice. These techniques are divided into two main categories: the theoretic approach and the heuristic approach. Cluster analysis has been defined as "grouping similar objects" [16]. One major assumption made in using any clustering method deals with the characteristics of the information employed to define similarities among objects. The procedure used to define similarity depends on the characteristics of the objects and their attributes. The objects are considered to be similar or dissimilar with respect to their contributions to the objective of the clustering analysis. Based on the procedure for the hierarchical clustering methods, each node is originally viewed as a separate cluster. Then, each method proceeds to join together the most "similar" pair of clusters. Subsequently, the similarity matrix is searched to find the most similar pair (cluster). Different clustering methods are implemented by varying the procedure used for defining the most similar pair. The cluster pair with the largest similarity value is then merged to form a single cluster, producing the next higher level in the clustering tree. The joining of similar pairs continues until

Copyright © 2001. All Rights Reserved.



the number of clusters is reduced to one (the entire set of objects). The order in which the objects are assigned to clusters is then used to select a reasonable set of clusters. At each stage of clustering, the identity of clusters merged is recorded. Also, the goodness measure (the objective function) ofthe clustering after each cluster merger is calculated, and the information is recorded in order to find the decomposition exhibiting the highest objective function. In a recent study [21], a technique based on data bindings and cluster analysis was used to produce a hierarchical module decomposition for a system. The study showed that cluster analysis and data bindings hold promise of providing meaningful pictures of high-level system interactions. However, the question of how to compute measures of strength and coupling remained unresolved.

4.5. STEP FIVE-Design Quality Assessment A goodness measure is needed for assessing subgraph cohesion and subgraph coupling. The procedure for deriving the goodness measure for a given partition is explained below. Let: number of links within a subgraph (i), number of nodes within a subgraph (i), subgraph cohesion, number of links connecting nodes in subgraph (i) to nodes in subgraph (j), number of nonoverlapping subgraphs, sum of the weights on the links in subgraph (i), sum of the weights on the links connecting nodes in subgraph (l) to nodes in subgraph (j), coupling between subgraph (z) and subgraph (j), goodness measure for a partition. Therefore:

L; - (N; N;

* (N;





Copvriqht © 2001. All Rights Reserved.





E Si i=1








Goodness measures for a partition have been used previously (for example [3, 18, 20]). There is no "theorem" that can be used to "prove" that these are the best measures for cohesion and coupling. Cumulative indirect evidence from past research efforts, together with the author's best judgment, supports the above choices. The above cohesion measure, however, is not well defined for a subgraph with only two nodes, because the denominator becomes zero in such a case. The difficulty is resolved by special calculations. Considering the general applicability of the methodology and the fact that subgraphs of such a small size are of little interest, the approach that is taken is to assign a cohesion value of 1.0 (modified by the link weight factor) to subgraphs with two nodes. There are nice properties to the cohesion and coupling measures. They both carry equal weights in the determination of the M index. Both fall in the range [0,1]. The measures are also normalized in terms of the size of the subgraphs (i.e., for a given number of links, larger subgraphs have lower cohesiveness). The measures are invariant in terms of "proportional connectness" regardless of N. A tree-connected subgraph always has cohesiveness of zero, and a fully connected subgraph always has cohesiveness of one (assuming all links have unity weight). Using the CAPO analysis package, the analyst can ask the system to compute the goodness measure for each stage of clustering and for any of the different clustering methods that are available. The value of the objective function changes as the number of processes in the clusters increases. It starts at a low level (low cohesion, high coupling), reaches a maximum level (high cohesion, low coupling), and then begins to decline (low cohesion, low coupling). As mentioned earlier, one property of a "good" design is lower data transport volume in the system. Lower transport volume results in lower processing time and lower data organization complexity. Using the CAPO analysis package, the analyst can ask the system to provide volume of data transported between processes and determine total transport volume within the system. This would indicate (1) the necessity of grouping any pair of processes and/or (2) the effect of grouping any number of processes on the total transport volume of data within the system. The incidence matrix (E) is useful for finding the total transport volume of data between processes and files within the system. Let: volume of file ii, the number of logical inputs and output of Pi, multiplicity of file transport for ii or the number of times ii is an input or output of a set of processes;

Copyright © 2001. All Rights Reserved.



then: k




Ieij I, i

1,2, ... , n

n i=1

The transport volume for Jj is

The transport volume for the set of data files is

Success in producing designs that result in reliable software, even using structured design techniques, is dependent on the experience level of the designer. CAPO provides a quantitative measure of quality necessary to ease dependence on the availability of expert designers, which is rare.

5. Comparison of Design Generated by CAPO and Manual Design Techniques To ILLUSTRATE THE APPLICATION of the approach discussed in this paper, including the use of the CAPO analysis package, a small design problem [15] is presented below. The problem addressed is the design of an order-entry subsystem. The narrative statement of requirements for the order-entry subsystem is taken from system specifications and is presented below. Orders will be received by mail, or taken over the phone by the inward WATS line. Each order will be scanned to see that all important information is present. Where payment is included, the amount is to be checked for correctness. Where payment is not with the order, the customer file must be checked to see if the order comes from a person or organization in good credit standing; if not, the person must be sent a confirmation of the order and a request for a prepayment. For orders with good credit, inventory is then to be checked to see if the order can be filled. If it can, a shipping note with an invoice (marked' 'paid" for prepaid orders) is prepared and sent out with the books. If the order can only be partially filled, a shipping note and invoice is prepared for the partial shipment, with a confirmation of the unfilled part (and paid invoice where payment was sent with the order), and a back-order record is created. Figure 2 depicts the graphical representation of the data flow for this design problem. In the graph of Figure 2, for example, grouping the two processes GETBOOK-DETAIL (P 3) and GEN-PREPAY-REQ-ITEMS (P8) would result in a coinci-

Copyriqht © 2001. All Rights Reserved.

dental cohesion module. In contrast, sequential cohesion would result if two processes, GET-INVT-LEVEL (P 12) and DET-QTY-FIL-UNFIL (P13), were grouped as a separate module. In a procedurally cohesive module, the processing elements are part of the same procedure (i.e., they are driven by a unique process); however, they do not necessarily use the same data set(s). For example, grouping processes PROC-SHIP-ITEMS (P I4 ), PROC-PFIL-ITEMS (PIS), and PROC-UNFIL-ITEMS (P16) would create a procedurally cohesive module because all of them are controlled by the process GET-QTY-FIL-UNFIL (P13)' Communicational cohesion would result if the two processes GEN-PREPAYREQ-ITEMS (P a) and GEN-REJECT-ORDR-ITEMS (P9 ) were grouped in a single module because both are controlled by the process VERIFY-CREDIT-INFO (P7), and both use information related to NONCREDIT-WORTHY-ORDERS (F1l)' However, grouping the two processes GEN-PREPAY-REQ-ITEMS (Pa) and GENORDR-HSTRY (P Il ) would result in a procedurally cohesive module. Figure 3 shows the recommended design produced by CAPO. The data flow diagram is decomposed into ten nonoverlapping subgraphs. Comparing this design with the one in Figure 4, generated manually in Gane and Sarson [13], one concludes that the system has provided an effective partitioning of the data flow diagram. The structure chart in Figure 4 is produced after a number of iterations on the data flow diagram by an expert designer. Note also that in Figure 4 the corrresponding numbers for the processes generated by the CAPO (i.e., Ph Ph ... P2O ) are added to the structure chart for comparing the two designs. As is noted by Yourdon and Constantine [50], the level of cohesion of a given module is easily determined by finding the weakest type of connection that exists between processes within that module. In Figure 3, there are four jitnctionally cohesive (F) modules, (1), (2), (6), and (12); one sequentially cohesive (S) module, (13,15); one communicationally cohesive (C) module, (8,9); and four procedurally cohesive (P) modules, (3,4,5), (7,IO,Il), (14,17,18), and (16,19,20). There are no temporally, logically, or coincidentally cohesive modules generated. Coupling within the system is low; apart from a few instances, modules are coupled largely by the passage of data, with a few control variables "reporting back" what has happened. One of the nice features of the CAPO analysis package is the natural presentations of the results to the user. A number of reports are generated for the purpose of the decomposition only. Analysts have the option to look at them if they choose to do so. For a complete review of the types of the reports that can be generated using CAPO, see [23, 25 J. Although CAPO does not provide a structure chart, it does provide a hierarchical tree (Figure 5) that shows the sequence in which the clusters are formed. The associated goodness measure for each level of aggregation (a maximum of 25 levels is presented on the tree) can also be read from the output of each clustering algorithm. There are six different clustering algorithms in the CAPO analysis package. The decomposition shown in Figure 3 is produced just before step 10 of the aggregation process. The highest value for the goodness measure, M, is produced at this

Copvriqht © 2001. All Rights Reserved.

