Quality

Quality

Process Quality Block C0001

Process quality can be measured by analyzing the reports and other workproducts
that have been created during different phases at engineering and during operation.

Quality, Product Quality

Product Quality Block C0002

Product quality refers to characteristics that can be measured
by analyzing the product that was created and that is in use.

Quality

How to create? Comment C0115

Process quality is defined by
a set of rules
how to create a product.

Quality

What characteristics? Comment C0116

Product quality is defined by
a set of characteristics
of the product to be created.

Product Quality, Quality Characteristics

Ext/Int Product Quality Package C0003

Product quality are internal and externally visible qualities,
such as memory consumption or startup timings.

This category of product quality was introduced in ISO/IEC 9126-1 and extended in ISO-25010:2011.

Product Quality, Quality Characteristics

Quality in Use Package C0004

Quality in use can be measured when the product is already in use,
e.g. the percentage of satisfied customers can be determined.

This category was proposed in ISO/IEC 9126-4 and extended by context coverage in ISO-25010:2011

Quality, Product Quality

Product Quality Block C0002

Product quality refers to characteristics that can be measured
by analyzing the product that was created and that is in use.

Domains

Aerospace Actor C0051

Domains

Automotive Actor C0052

Domains

Defense Actor C0053

Domains

Avionics Actor C0054

Domains

Industrial Machinery Actor C0055

Domains

Medical Actor C0056

Domains

Backend Server / Cloud / AI Actor C0057

Domains

Finance Actor C0105

Domains

Tele- communication Actor C0106

Domains

Rail Actor C0107

Domains

Energy Actor C0110

Domains

Transport and Logistics Actor C0111

Domains

Government Actor C0112

Domains

Travel / Tourism Actor C0119

Domains

Media/Press/Publishing Actor C0120

Domains

Entertainment, Sports Actor C0145

Domains

Home Automation Actor C0146

Construction / Home Automation

Domains

Education Actor C0147

Domains

Agriculture Actor C0221

Domains

Mobile Devices / Wearables Actor C0222

Clothes / Wearables

Product Quality Taxonomy

Quality Characteristic Class C0156

A characteristic is a set of subcharacteristics.

Product Quality Taxonomy

Quality Subcharacteristic Class C0157

A subcharacterstic is a
property of a system
that expresses
how well it fits to a quality expectation.

Product Quality Taxonomy

Quality Attribute Class C0158

An attribute is an internal property of an entity (e.g. software).

Product Quality Taxonomy

Quality Measure Element verification Class C0159

A measurement value.
It can be objectively measured
but may possibly need interpretation
to state if the measured value is sutable
to support a subcharacteristic.

Further Glossary Terms, Product Quality Taxonomy

Tactic solution space Class C0160

A tactic is a method to influence a system to inherit a subcharacteristic.

It is a precise, detailed action plan that produces an outcome. The outcome may be a step in a overarching strategy.

See: Software Architecture in Practice (C0165) in Bibliography.

Further Glossary Terms, Product Quality Taxonomy

Quality Scenario problem space Class C0161

A quality scenario is a use case in which one or more quality subcharacteristics are an important outcome.

Scenarios as linking elements between a quality tree and requirements are described in arc42 (C0168), see Bibliography.

Further Glossary Terms, Product Quality Taxonomy

Solution Strategy Class C0162

A strategy is a plan to reach a long-term goal. The plan consists of high-level steps. These high-level steps shall produce expected outcomes and need to be broken further down into tactics.

Product Quality Taxonomy

Topic/Group (Quality tree) Class C0163

A quality tree starts at the quality characteristics as the main branches and ends at detailed quality requirements as the leaves.

The detailed quality requirements then may refer to quality scenarios where these are of significance.

Product Quality Taxonomy

entity Component C0190

Entity is some system element of which some quality is expected.
It exhibits one or more quality attributes.

Product Quality Taxonomy

Quality Measure verification Class C0191

A quality measure is a metric based on a set of observed values indicating the qualiity of an entity.

Further Glossary Terms, Product Quality Taxonomy

Design Pattern solution space Class C0208

Design patterns are design parts that are recurring in multiple different software designs. These typically answer one or more design questions and realize a couple of tactics to achieve product quality.

See: Software Architecture in Practice (C0165) in Bibliography.

Further Glossary Terms, Product Quality Taxonomy

Quality Requirement Class C0209

Further Glossary Terms, Product Quality Taxonomy

Quality Scenario problem space Class C0161

A quality scenario is a use case in which one or more quality subcharacteristics are an important outcome.

Scenarios as linking elements between a quality tree and requirements are described in arc42 (C0168), see Bibliography.

Further Glossary Terms, Product Quality Taxonomy

Quality Requirement Class C0209

Further Glossary Terms, Product Quality Taxonomy

Tactic solution space Class C0160

A tactic is a method to influence a system to inherit a subcharacteristic.

It is a precise, detailed action plan that produces an outcome. The outcome may be a step in a overarching strategy.

See: Software Architecture in Practice (C0165) in Bibliography.

Further Glossary Terms, Product Quality Taxonomy

Design Pattern solution space Class C0208

Design patterns are design parts that are recurring in multiple different software designs. These typically answer one or more design questions and realize a couple of tactics to achieve product quality.

See: Software Architecture in Practice (C0165) in Bibliography.

Further Glossary Terms, Product Quality Taxonomy

Solution Strategy Class C0162

A strategy is a plan to reach a long-term goal. The plan consists of high-level steps. These high-level steps shall produce expected outcomes and need to be broken further down into tactics.

Further Glossary Terms

concept Stereotype C0288

A concept is an abstraction for a recurring structural and/or behavioural pattern.

In contrast to a tactic and a strategy, it does not define a clear goal - its purpose depends on the context in which it is used.

<path stroke="#555555" fill="#aaddff"
d="M 26,12 l -1.5,0.25 l -0.4375,2.375 l 1.3125,0.75 l 0.6875,1 l -0.8125,1.5 l -1.1875,-0 l -1.375,-0.6875 l -1.75,1.6875 l 0.625,1.375 l -0,1.1875 l -1.5625,0.75 l -0.9375,-0.6875 l -0.6875,-1.375 l -2.375,0.3125 l -0.3125,1.5 l -0.75,0.9375 l -1.6875,-0.3125 l -0.375,-1.125 l 0.1875,-1.5 l -2.125,-1.125 l -1.125,1 l -1.125,0.375 l -1.1875,-1.25 l 0.375,-1.125 l 1.0625,-1.125 l -1.0625,-2.125 l -1.5,0.1875 l -1.125,-0.375 l -0.25,-1.6875 l 1,-0.6875 l 1.5,-0.25 l 0.4375,-2.375 l -1.3125,-0.75 l -0.6875,-1 l 0.8125,-1.5 l 1.1875,0 l 1.375,0.6875 l 1.75,-1.6875 l -0.625,-1.375 l 0,-1.1875 l 1.5625,-0.75 l 0.9375,0.6875 l 0.6875,1.375 l 2.375,-0.3125 l 0.3125,-1.5 l 0.75,-0.9375 l 1.6875,0.3125 l 0.375,1.125 l -0.1875,1.5 l 2.125,1.125 l 1.125,-1 l 1.125,-0.375 l 1.1875,1.25 l -0.375,1.125 l -1.0625,1.125 l 1.0625,2.125 l 1.5,-0.1875 l 1.125,0.375 l 0.25,1.6875 l -1,0.6875 "
/>
<path stroke="none" fill="#7f7f7f"
d="M 14,12 C 14,10.875 14.875,10 16,10 S 18,10.875 18,12 S 17.125,14 16,14 S 14,13.125 14,12 "
/>

Further Glossary Terms

Use Case Class C0289

A use case is a description of the usage of a system.
The described usage is restricted to one or few concrete scenarios, it does not try to describe all possible interactions.
A use case consists of
- one or more actors
- pre-conditions
- one or few scenarios which describe the sequence of interactions
- post-conditions

Further Glossary Terms

concept-img concept Image C0290

Further Glossary Terms

principle Stereotype C0291

A principle is a guideline to adhere when performing a task or when evaluating the result of a task.

<path fill="#ccffcc" stroke="none" d="m 2,2 28,0 0,28 -28,0 z" />
<path d="m 8,12 l -4,7 1,1 6,0 1,-1 -4,-7 l 8,-4 9,0 l -4,7 1,1 6,0 1,-1 -4,-7 " />
<path d="m 15,5 l 1,3 m 0,2 l 0,17 " />

Further Glossary Terms

principle-img principle Image C0292

Functional Suitability Subcharacteristics, Quality Characteristics

Functional Suitability Requirement C0015

Quality Characteristics, Compatibility Subcharacteristics

Compatibility Requirement C0022

Reliability Subcharacteristics, Quality Characteristics

Reliability Requirement C0021

Portability Subcharacteristics, Quality Characteristics

Portability Requirement C0020

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Quality Characteristics

Performance Efficiency Requirement C0023

Usability Subcharacteristics, Quality Characteristics

Usability Requirement C0017

Quality Characteristics, Maintainability Subcharacteristics

Maintainability Requirement C0012

Quality Characteristics, Security Subcharacteristics

Security Requirement C0018

Quality Characteristics, Quality in Use Subcharacteristics

Satisfaction Requirement C0180

Quality Characteristics, Quality in Use Subcharacteristics

Context Coverage Requirement C0182

Quality Characteristics, Quality in Use Subcharacteristics

Freedom from Risk Requirement C0181

see Strategies for Safety Risk Mitigation.

Quality Characteristics, Quality in Use Subcharacteristics

Effectiveness Requirement C0178

Quality Characteristics, Quality in Use Subcharacteristics

Efficiency Requirement C0179

Product Quality, Quality Characteristics

Ext/Int Product Quality Package C0003

Product quality are internal and externally visible qualities,
such as memory consumption or startup timings.

This category of product quality was introduced in ISO/IEC 9126-1 and extended in ISO-25010:2011.

Product Quality, Quality Characteristics

Quality in Use Package C0004

Quality in use can be measured when the product is already in use,
e.g. the percentage of satisfied customers can be determined.

This category was proposed in ISO/IEC 9126-4 and extended by context coverage in ISO-25010:2011

Functional Suitability Subcharacteristics, Quality Characteristics

Functional Suitability Requirement C0015

Functional Suitability Subcharacteristics

Correctness Class C0014

Functional Suitability Subcharacteristics

Appropriateness Class C0013

Functional Suitability Subcharacteristics

Completeness Class C0016

Usability Subcharacteristics, Quality Characteristics

Usability Requirement C0017

Usability Subcharacteristics

Operability Class C0024

Usability Subcharacteristics

Accessibility Class C0029

Usability Subcharacteristics

Recogni-zability Class C0030

Usability Subcharacteristics

Aesthetics Class C0031

Usability Subcharacteristics

Learnability Class C0032

Usability Subcharacteristics

User Error Protection Class C0033

Portability Subcharacteristics, Quality Characteristics

Portability Requirement C0020

Portability Subcharacteristics

Replaceability Class C0153

Portability Subcharacteristics

Adaptability Class C0152

Portability Subcharacteristics

Installability Class C0154

Tactics for Maturity, Strategies for Reliability/Maturity, Reliability Subcharacteristics

Maturity Class C0035

Strategies for Reliability/A.+F.T.+R., Reliability Subcharacteristics

Availability Class C0034

Strategies for Reliability/A.+F.T.+R., Tactics for Error Handling, Reliability Subcharacteristics

Recoverability Class C0037

Strategies for Reliability/A.+F.T.+R., Reliability Subcharacteristics

Fault Tolerance Class C0036

Reliability Subcharacteristics, Quality Characteristics

Reliability Requirement C0021

Strategies for Reliability/A.+F.T.+R., Tactics for Error Handling, Reliability Subcharacteristics

Recoverability Class C0037

Strategies for Reliability/A.+F.T.+R., Reliability Subcharacteristics

Fault Tolerance Class C0036

Strategies for Reliability/A.+F.T.+R., Reliability Subcharacteristics

Availability Class C0034

Strategies for Reliability/A.+F.T.+R.

Fault injection Tests concept Block C0063

Strategies for Reliability/A.+F.T.+R., Strategies for Safety Risk Mitigation, Tactics for Safety II

Redundancy concept Class C0074

Strategies for Reliability/A.+F.T.+R., Tactics for Safety I, Strategies for Security/Integrity

Input Signal Validation concept Block C0083

Precondition is a specification of valid input signals.

This can be implemented by different means, e.g.
- assert() statements
as declared in assert.h
- if(COND) {...} else {...} statements
where the else-path logs the error

For Security: Check input signals already at the gate, not later.

Strategies for Reliability/A.+F.T.+R., Tactics for Partitioning, Tactics for Safety I, Strategies for Safety Risk Mitigation, Strategies for Security/Integrity

Partitioning concept Block C0075

synonym for Compartments

see Tactics for Partitioning.

Strategies for Reliability/A.+F.T.+R., Tactics for Error Handling

Error Handling Concept concept Class C0220

An error handling concept
1) defines which and how faults
and anomalies are detected,
2) which faults and anomalies
are treated as errors,
3) how errors are propagated
from the point of occurrence
to a point where these are handled,
e.g. throw/raise of exceptions or
passing on error codes,
4) by which categories errors are classified,
5) which category is handled in which way,
6) who shall be informed on which way,
e.g. a user by a popup-window,
an operator by an error log,
7) if and how to resume operation.

Strategies for Reliability/A.+F.T.+R., Tactics for Error Handling

Error Handling Concept concept Class C0220

An error handling concept
1) defines which and how faults
and anomalies are detected,
2) which faults and anomalies
are treated as errors,
3) how errors are propagated
from the point of occurrence
to a point where these are handled,
e.g. throw/raise of exceptions or
passing on error codes,
4) by which categories errors are classified,
5) which category is handled in which way,
6) who shall be informed on which way,
e.g. a user by a popup-window,
an operator by an error log,
7) if and how to resume operation.

Strategies for Reliability/A.+F.T.+R., Tactics for Error Handling, Reliability Subcharacteristics

Recoverability Class C0037

Tactics for Error Handling

Error Handling Example Activity C0224

Tactics for Error Handling

detect and interpret Activity C0225

Tactics for Error Handling

propagate and re-interpret Activity C0226

re-interpretation is necessary when
higher-level functions know how to
interpret errors reported by lower level
functions.
E.g. a search function may fail to find a
record. The caller may be able to decide
if this is intended or if this is a severe error.

Tactics for Error Handling

inform stakeholder Activity C0227

stakeholders may be:
- developer
- operator
- user

Tactics for Error Handling

abort, degrade, retry or continue Activity C0228

Tactics for Error Handling

detect multiple errors and interpret optional Activity C0229

Strategies for Reliability/Maturity

Code Generation concept Block C0087

An understandable model and a small code generator
allow to generate mature software.

Strategies for Reliability/Maturity

Layered Architecture concept Block C0061

Strategies for Reliability/Maturity

Static Code Analysis concept Block C0086

Strategies for Reliability/Maturity

Mature Platform concept Block C0109

Strategies for Maintainability, Strategies for Reliability/Maturity

automated Tests concept Block C0118

Tactics for Maturity, Strategies for Reliability/Maturity, Reliability Subcharacteristics

Maturity Class C0035

Strategies for Reliability/Maturity

Control and Manage Resources strategy Class C0175

see Scenarios relating to Performance Efficiency.

Tactics for Maturity, Strategies for Reliability/Maturity

Coding Guidelines concept Block C0062

Coding guidelines define how to get reproducible behavior of software.
Managing system resources is a key factor.

Tactics for Maturity, Strategies for Reliability/Maturity, Reliability Subcharacteristics

Maturity Class C0035

Tactics for Maturity, Strategies for Reliability/Maturity

Coding Guidelines concept Block C0062

Coding guidelines define how to get reproducible behavior of software.
Managing system resources is a key factor.

Tactics for Maturity

Example Guidelines Block C0176

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Quality Characteristics

Performance Efficiency Requirement C0023

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Resource Utilization Class C0019

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Time Behaviour Class C0025

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Capacity Class C0026

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Quality Characteristics

Performance Efficiency Requirement C0023

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Time Behaviour Class C0025

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Resource Utilization Class C0019

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Capacity Class C0026

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Preallocate Memory concept Requirement C0202

For dedicated use cases and functions, the software shall access required memory within 1 usec.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Sufficient Memory concept Requirement C0203

For dedicated use cases and functions, the software shall be able to access sufficient memory.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Delay Function concept Requirement C0204

For dedicated use cases and functions, the software shall delay processing till enough memory is available.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Degrade Result concept Requirement C0205

For dedicated use cases and functions, the software shall calculate a result where accuracy may degrade if memory is sparse.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Stop and Restart Later concept Requirement C0206

In case of insufficient amount of memory, the software shall stop operating and be started again at a later point in time.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Abort Function concept Requirement C0207

In case of insufficient memory, the software shall abort the function.

Scenarios relating to Performance Efficiency

Background-Fkt Use-Case2 problem space Use Case C0184

This use case is a proxy for use cases
that can be delayed if resources are sparse,

e.g. polling for software updates or
performing data backups.

Scenarios relating to Performance Efficiency

Dynamic-Fkt Use-Case problem space Use Case C0185

This use case is a proxy for use cases that
allow to produce degraded or no results
if memory gets low.

E.g. A list of search results may be truncated,
an undo-history may have limited size,
the number of simultaneously open windows may be limited by the available memory.

Scenarios relating to Performance Efficiency

Reliable-Fkt Use-Case problem space Use Case C0186

This use case is a proxy for use cases that shall always work (available and reliable).

Scenarios relating to Performance Efficiency

Bounded-Fkt Use-Case problem space Use Case C0187

This use case is a proxy for use cases that
allow to produce degraded results
if memory gets low or an upper boundary
of resource-consumption is reached.

This is use-ful e.g. to enhance security
when processing input data of unknown size
or to prevent stealing resources from higher-priority dynamic functions.

Scenarios relating to Performance Efficiency

Quality expectations depend on use cases problem space Comment C0188

A program/application typically solves
several use cases with
different quality expectations.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Sufficient Memory concept Requirement C0203

For dedicated use cases and functions, the software shall be able to access sufficient memory.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Preallocate Memory concept Requirement C0202

For dedicated use cases and functions, the software shall access required memory within 1 usec.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Stop and Restart Later concept Requirement C0206

In case of insufficient amount of memory, the software shall stop operating and be started again at a later point in time.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Delay Function concept Requirement C0204

For dedicated use cases and functions, the software shall delay processing till enough memory is available.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Degrade Result concept Requirement C0205

For dedicated use cases and functions, the software shall calculate a result where accuracy may degrade if memory is sparse.

Quality Tree for Performance Efficiency, Scenarios relating to Performance Efficiency

Abort Function concept Requirement C0207

In case of insufficient memory, the software shall abort the function.

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Resource Utilization Class C0019

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Time Behaviour Class C0025

Quality Tree for Performance Efficiency, Performance Efficiency Subcharacteristics, Strategies for Performance Efficiency

Capacity Class C0026

Strategies for Performance Efficiency

Memory problem space Comment C0164

On one hand, main memory is cheap,
and there is plenty of it.

On the other hand, there are limits.
When reaching these,
suitable concepts need to be in place
that support the defined quality goals.

Memory Controlling Patterns/Tactics, Strategies for Performance Efficiency

Control Resource Command strategy Class C0169

For detailed tactics, see Memory Controlling Patterns/Tactics.

Source: Software Architecture in Practice (C0165) in Bibliography.

Memory Management Patterns/Tactics, Strategies for Performance Efficiency

Manage Resources strategy Class C0170

For detailed tactics, see Memory Management Patterns/Tactics.

Source: Software Architecture in Practice (C0165) in Bibliography.

Strategies for Performance Efficiency

Resource Competition solution space Comment C0201

There are two main strategies
to solve resource contention:
control (plan) in advance vs.
manage (handle) on the fly.

Memory Controlling Patterns/Tactics

Schedule tasks concept Class C0148

- Schedule tasks that require memory
to prevent contention

E.g. only one memory-intensive task may run at a time

Memory Controlling Patterns/Tactics

Region based Memory Management concept Class C0149

A region/arena/stack is valid while performing
one operation/thread.
It provides single-threaded access only.
It is either used stack-like
or cleaned up when the operation/thread is finished.

This concept allows to fast allocate
and completely release memory arenas.
It prevents fragementation within the stack.
It supports NUMA architectures.
It may be faster than concurrent access to single heap.
It allows to reserve appropriate memory arenas for more important tasks

see https://en.wikipedia.org/wiki
/Region-based_memory_management

Implementation support by e.g.
polymorphic_allocator and memory_resource(C++17/20)
rust allocator: https://rust-lang.github.io/rfcs/1398-kinds-of-allocators.html

Memory Controlling Patterns/Tactics

Static Allocation concept Class C0150

All memory is statically allocated
except for stacks.
The number of threads is static.

Example implementations:
- classic AUTOSAR, MISRA-C, MISRA-C++,
- Ada-Spark,
- NASA Power-of-Ten
- crystal_facet_uml (except gtk3+sqlite3)
- GPSd deamon (see the_architecture_of
_open_source_applications__volume_ii.pdf)

Memory Controlling Patterns/Tactics

Object Pools concept Class C0151

Pools of same-type objects
are pre-allocated.

This concept guarantees
a predefined amount of memory
and prevents fragmentation

Examples:
synchronized_pool_resource(C++17)
unsynchronized_pool_resource(C++17)

Memory Controlling Patterns/Tactics

Streaming/Static Size Buffering concept Class C0194

- Windowing concept
- Streaming with buffering
- Caching with re-fetching data at misses

Memory Controlling Patterns/Tactics

Concepts to plan and control memory usage Package C0197

Memory Controlling Patterns/Tactics, Strategies for Performance Efficiency

Control Resource Command strategy Class C0169

For detailed tactics, see Memory Controlling Patterns/Tactics.

Source: Software Architecture in Practice (C0165) in Bibliography.

Memory Controlling Patterns/Tactics

Stacks concept Class C0199

A stack deallocates memory only in the reverse order as it was allocated before.

Variant:
monotonic_buffer_resource(C++17)

Memory Management Patterns/Tactics

Dynamic Allocation accepting controlled death concept Class C0123

- Accept memory fragmentation
(physical pages as well as virtual addresses)
- Swap memory pages to flash
- End a process if no memory available

Memory Management Patterns/Tactics

Weak Pointers / Caches concept Class C0125

- There are managed data structures
(hashmaps, caches) that hold data
as long as much memory is available
and that drop data
when memory becomes sparse

Example implementations:
Java Weak Hashmap, sqlite,
OS file system caches

Challenge: The cache needs to know
when memory is needed elsewhere.

Memory Management Patterns/Tactics

Moving Memory Objects concept Class C0126

Some instance manages memory (e.g. OS)
while another instance uses it (e.g. App).

This mamagement may reduce/fix fragmentation issues.

Examples:
- The java virtual machine can move objects
while a java application runs
- The classic MacOS7-9 could move memory
while the application holds a handle
(pointer to a pointer)
- Todays processors convert virtual
to physical addresses on the fly
(reallocations via e.g. sbrk, mmap)

Memory Management Patterns/Tactics

Dynamic Allocation accepting degradation concept Class C0155

Continue working, accept that some requested functionality
- cannot be performed at current point in time
- with expected precision
- within expected timeframe

Memory Management Patterns/Tactics

Remote Execution concept Class C0195

Required memory may be provided
on a different hardware, e.g. Cloud

Memory Management Patterns/Tactics

Dynamic Allocation accepting sudden death concept Class C0196

- Linux overcommit
- Compress memory pages
- End any process if page-fault by r/w operation
to overcommitted memory

Example Implementations:
Android App Management
(see low memory killer daemon: lmkd)
Linux OOM-Killer

Memory Management Patterns/Tactics

Concepts to manage memory on the fly Package C0198

Memory Management Patterns/Tactics, Strategies for Performance Efficiency

Manage Resources strategy Class C0170

For detailed tactics, see Memory Management Patterns/Tactics.

Source: Software Architecture in Practice (C0165) in Bibliography.

Memory Management Patterns/Tactics

Memory Estimation concept Class C0200

Estimate required memory,
expected fragmentation overhead and
additional buffer
to prevent out-of-memory situations.

Compatibility Subcharacteristics

Inter-operability Class C0028

Compatibility Subcharacteristics

Co-existence Class C0027

Quality Characteristics, Compatibility Subcharacteristics

Compatibility Requirement C0022

Quality Characteristics, Maintainability Subcharacteristics

Maintainability Requirement C0012

Strategies for Maintainability, Maintainability Subcharacteristics

Reusability Class C0044

To be able to re-use the solution in another operational context

Strategies for Maintainability, Maintainability Subcharacteristics

Testability Class C0047

To determine a level of quality of a product

Strategies for Maintainability, Maintainability Subcharacteristics

Analyzability Class C0045

To find a cause of an observed (unwanted) behavior

Strategies for Maintainability, Maintainability Subcharacteristics

Modularity Class C0043

To keep effects of changes local to few components/functions

Strategies for Maintainability, Maintainability Subcharacteristics

Modifyability Class C0046

To be able to adapt the software/system to changed requirements

Strategies for Maintainability, Maintainability Subcharacteristics

Testability Class C0047

To determine a level of quality of a product

Strategies for Maintainability, Maintainability Subcharacteristics

Modifyability Class C0046

To be able to adapt the software/system to changed requirements

Strategies for Maintainability, Maintainability Subcharacteristics

Analyzability Class C0045

To find a cause of an observed (unwanted) behavior

Strategies for Maintainability, Maintainability Subcharacteristics

Reusability Class C0044

To be able to re-use the solution in another operational context

Strategies for Maintainability, Maintainability Subcharacteristics

Modularity Class C0043

To keep effects of changes local to few components/functions

Strategies for Maintainability, SOLID Principles

SOLID principle Block C0096

Strategies for Maintainability, Simplicity Terms

Simplicity principle Package C0098

Strategies for Maintainability

Loose Coupling principle Block C0101

split an entity that consists of multiple loosely coupled parts

Strategies for Maintainability

Information Hiding principle Block C0102

A sofware component shall hide its implementation details and
make information accessible only via defined interfaces

Strategies for Maintainability

Least Astonishment principle Block C0103

A reader shall not be surprised when looking at the design.

Strategies for Maintainability

Strong Cohesion principle Block C0104

Strategies for Maintainability, Strategies for Reliability/Maturity

automated Tests concept Block C0118

Strategies for Maintainability, Simplicity Terms

Simplicity principle Package C0098

Simplicity Terms

KISS principle Block C0094

Keep it simple and stupid

Simplicity Terms

Occam's razor principle Class C0097

Among competing hypotheses, the one with the fewest assumptions should be selected

Simplicity Terms

YAGNI principle Block C0095

You aren't gonna need it

Strategies for Maintainability, SOLID Principles

SOLID principle Block C0096

SOLID Principles

Single Responsability principle Block C0089

A software component shall be responsible for one topic only

SOLID Principles

Open/Closed principle Block C0090

Open for extension, closed for modification

SOLID Principles

Interface Segregation principle Block C0092

Avoid general purpose interfaces,
design multiple interfaces specific to the needs of different users/clients

SOLID Principles

Liskov Substitution principle Block C0091

An implementation of an interface can be replaced
by another implementation of the same interface.
In object oriented design, types can be replaced by subtypes.

SOLID Principles

Dependency Inversion principle Block C0093

A software component shall depend on abstractions, not on concrete implementations

Quality Characteristics, Security Subcharacteristics

Security Requirement C0018

Strategies for Security w/o Integr., Security Subcharacteristics

Confidentiality Class C0039

Tactics for Integrity, Security Subcharacteristics, Strategies for Security/Integrity

Integrity Class C0040

Strategies for Security w/o Integr., Security Subcharacteristics

Accountability Class C0041

Strategies for Security w/o Integr., Security Subcharacteristics

Authenticity Class C0042

Strategies for Security w/o Integr., Security Subcharacteristics

Non-Repudiation Class C0038

Non-Repudiation is a proof:
which person(enitiy) authorized an action (at which time, based on what input)

Strategies for Security w/o Integr., Security Subcharacteristics

Resistence Requirement C0287

Keep functionality while under attack

Strategies for Security w/o Integr., Security Subcharacteristics

Confidentiality Class C0039

Strategies for Security w/o Integr., Security Subcharacteristics

Authenticity Class C0042

Strategies for Security w/o Integr., Tactics for Safety I

Cryptographic Signatures concept Block C0079

Strategies for Security w/o Integr.

Encryption concept Block C0080

Strategies for Security w/o Integr., Strategies for Security/Integrity

Least Priviledge principle Block C0099

Entities shall have only the access rights they need for their purpose

Strategies for Security w/o Integr., Security Subcharacteristics

Non-Repudiation Class C0038

Non-Repudiation is a proof:
which person(enitiy) authorized an action (at which time, based on what input)

Strategies for Security w/o Integr., Security Subcharacteristics

Accountability Class C0041

Strategies for Security w/o Integr., Strategies for Security/Integrity

Secure Boot concept Class C0108

Strategies for Security w/o Integr.

Groups concept Block C0113

Grouping Clients/Actors/Users and
grouping Services
helps in administration of access rights

Strategies for Security w/o Integr.

Certificates concept Block C0114

Strategies for Security w/o Integr.

Fail Secure principle Class C0133

Do not expose data or system details when a fault occurs.

Strategies for Security w/o Integr.

Secure Defaults concept Class C0135

The default settings/configuratoin of a system shall be tuned for security.

Strategies for Security w/o Integr., Security Subcharacteristics

Resistence Requirement C0287

Keep functionality while under attack

Tactics for Public/Private Keys

Factorization based Class C0284

These cryptographic algorithms are based on the difficulty to calculate the prime factors of a given large number.

Tactics for Public/Private Keys

Discrete Logarithm based Class C0285

These cryptographic algorithms are based on the difficulty to calculate the discrete logathithm of a given large number.

Tactics for Public/Private Keys

Post Quantum Cryptography Class C0286

Starting in 2016, NIST searches for new alternatives that are not vulnerable to the possibilities of quantum computers

Tactics for Integrity, Security Subcharacteristics, Strategies for Security/Integrity

Integrity Class C0040

Strategies for Security/Integrity

Over-the-Air Updates concept Block C0078

Strategies for Reliability/A.+F.T.+R., Tactics for Partitioning, Tactics for Safety I, Strategies for Safety Risk Mitigation, Strategies for Security/Integrity

Partitioning concept Block C0075

synonym for Compartments

see Tactics for Partitioning.

Strategies for Security w/o Integr., Strategies for Security/Integrity

Secure Boot concept Class C0108

Strategies for Reliability/A.+F.T.+R., Tactics for Safety I, Strategies for Security/Integrity

Input Signal Validation concept Block C0083

Precondition is a specification of valid input signals.

This can be implemented by different means, e.g.
- assert() statements
as declared in assert.h
- if(COND) {...} else {...} statements
where the else-path logs the error

For Security: Check input signals already at the gate, not later.

Strategies for Security/Integrity

Reduce Attack Surface principle Class C0136

Remove unused functions

Strategies for Security/Integrity

Secure Weakest Link principle Class C0134

Strategies for Security w/o Integr., Strategies for Security/Integrity

Least Priviledge principle Block C0099

Entities shall have only the access rights they need for their purpose

Tactics for Integrity

TOCTOU Class C0223

Design and use interfaces in a way that time of check (TOC) (e.g. access rights, existance, ...) is not different from the time of use (TOU)

Tactics for Integrity, Security Subcharacteristics, Strategies for Security/Integrity

Integrity Class C0040

Strategies for Reliability/A.+F.T.+R., Tactics for Partitioning, Tactics for Safety I, Strategies for Safety Risk Mitigation, Strategies for Security/Integrity

Partitioning concept Block C0075

synonym for Compartments

see Tactics for Partitioning.

Tactics for Partitioning

SoC HW Partitions Block C0121

The HW provides e.g.
- a trusted execution environment
for cryptographic computations
- a separated monitoring CPU
to supervise the functional CPUs

Tactics for Partitioning

Network Partitioniong Block C0076

Tactics for Partitioning

SW Partitions Block C0077

Tactics for Partitioning

Trust Levels concept Class C0132

Create a Multi-Layer security,
where elements of one layer mistrust these of other layers.
If one layer is compromized, the next still holds up.

Examples:
1) Internet - DMZ - Intranet
2) OS-Process (user), root-acess, OS(kernel-space), Hypervisor, Trusted Execution Environment of SoC

Quality Characteristics, Quality in Use Subcharacteristics

Effectiveness Requirement C0178

Quality Characteristics, Quality in Use Subcharacteristics

Efficiency Requirement C0179

Quality Characteristics, Quality in Use Subcharacteristics

Freedom from Risk Requirement C0181

see Strategies for Safety Risk Mitigation.

Quality Characteristics, Quality in Use Subcharacteristics

Context Coverage Requirement C0182

Quality Characteristics, Quality in Use Subcharacteristics

Satisfaction Requirement C0180

Quality in Use Subcharacteristics

Economic risk mitigation Class C0234

Quality in Use Subcharacteristics

Health and safety risk mitigation Class C0235

Quality in Use Subcharacteristics

Environmental risk mitigation Class C0236

Quality in Use Subcharacteristics

Flexibility Class C0237

Quality in Use Subcharacteristics

Context completeness Class C0238

Quality in Use Subcharacteristics

Usefulness Class C0239

Quality in Use Subcharacteristics

Trust Class C0240

Quality in Use Subcharacteristics

Pleasure Class C0241

Quality in Use Subcharacteristics

Comfort Class C0242

Strategies for Reliability/A.+F.T.+R., Tactics for Partitioning, Tactics for Safety I, Strategies for Safety Risk Mitigation, Strategies for Security/Integrity

Partitioning concept Block C0075

synonym for Compartments

see Tactics for Partitioning.

Tactics for Safety I, Strategies for Safety Risk Mitigation, Tactics for Safety II

Functional Safety Class C0081

Tactics for Safety I, Strategies for Safety Risk Mitigation

Monitoring concept Block C0084

Tactics for Safety I, Strategies for Safety Risk Mitigation

Real Time Execution concept Block C0085

Strategies for Reliability/A.+F.T.+R., Strategies for Safety Risk Mitigation, Tactics for Safety II

Redundancy concept Class C0074

Tactics for Safety I, Strategies for Safety Risk Mitigation, Tactics for Safety II

Functional Safety Class C0081

Tactics for Safety I, Strategies for Safety Risk Mitigation

Monitoring concept Block C0084

Strategies for Reliability/A.+F.T.+R., Tactics for Safety I, Strategies for Security/Integrity

Input Signal Validation concept Block C0083

Precondition is a specification of valid input signals.

This can be implemented by different means, e.g.
- assert() statements
as declared in assert.h
- if(COND) {...} else {...} statements
where the else-path logs the error

For Security: Check input signals already at the gate, not later.

Tactics for Safety I, Strategies for Safety Risk Mitigation

Real Time Execution concept Block C0085

Tactics for Safety I

Trusted Data Paths concept Block C0082

Strategies for Security w/o Integr., Tactics for Safety I

Cryptographic Signatures concept Block C0079

Strategies for Reliability/A.+F.T.+R., Tactics for Partitioning, Tactics for Safety I, Strategies for Safety Risk Mitigation, Strategies for Security/Integrity

Partitioning concept Block C0075

synonym for Compartments

see Tactics for Partitioning.

Tactics for Safety I

freedom from interference (FFI) principle Class C0233

Strategies for Reliability/A.+F.T.+R., Strategies for Safety Risk Mitigation, Tactics for Safety II

Redundancy concept Class C0074

Tactics for Safety I, Strategies for Safety Risk Mitigation, Tactics for Safety II

Functional Safety Class C0081

Tactics for Safety II

Lockstep CPUs concept Class C0260

Two CPUs execute the same program with the same input data at the same time.
A deviation in the result is detected.

Tactics for Safety II

ECC on memory concept Class C0261

Error correction codes on volatile or persistant storages allow to correct one or two bitflips and to detect if more bitflips occurred.

Main causes for bitflips may be x-rays and cosmic rays; also reading nearby cells may cause bitflips in physically-close cells.

Process Quality

Process process Class C0005

Process Quality

With What Class C0006

Process Quality

Output Class C0007

Process output,
Evidence on performed process

Process Quality

How Class C0008

Guidelines, Checklists,
Templates

Process Quality

What Results Class C0009

Process Quality

Who Class C0010

Roles,
Skills, Knowledge,
Trainings

Process Quality

Input Class C0011

Standard Process Models

CMMI process Block C0058

Standard Process Models

Medical SPICE process Block C0060

Standard Process Models

Automotive SPICE process Block C0219

V Model

Requirements Definition process Activity C0064

System Requirements Definition consists of

- elicitating requirements
- baselining requirements
- analyzing requirements

V Model

System Architecture process Activity C0065

V Model

Requirements Refinement process Activity C0066

Software Requirements Refinement

- refines system requirements so that only the parts that shall be implemented in software are addressed
- states requirements in a form that these are testable by software/qualification tests
- distinguishes functional requirements
- quality/non-functional requirements
- non-requirements (what must not happen)
- process requirements

V Model

Software Architecture process Activity C0067

Template: arc42, see Bibliography.

Method to check quality: ATAM, see C0165.

V Model

Construction process Activity C0068

This process group consists of

- detailed design
- creating source code (implementation)
- integrating 3rd party software

V Model

Software Integration and Test process Activity C0069

Software integration consists of

- integration (building, linking, packaging, ...)
- integration test checks compliance to software architecture

V Model

Software Qualification Test process Activity C0070

V Model

System Integration and Test process Activity C0071

System integration consists of

- installing software and configuration to devices
- managing versions (upgrade/downgrade/cross-variant-grade)
- integration test checks compliance to system architecture

V Model

System Qualification Test process Activity C0072

V Model

Unit Test process Activity C0117

Standard Methods

FMEA (Technical Risk Management) Object C0129

Failure Mode and Effects Analysis is performed later during project development and checks if the requirements defined by the HARA are met during the development process.

see https://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis

Standard Methods

TARA (Security Analysis) Object C0130

Threat and Risk Analysis

Standard Methods

Safety Case (Goal Structured Notation) Object C0131

A safety case is an argument within a concrete project to provide evidence that a safety requirement is met in scope of the project context. This argument may be visualized using the Goal Structured Notation (GSN)

Standard Methods

ATAM (Architecture Tradeoff Analysis) Object C0177

Architecture Tradeoff Analysis

see C0165 at Bibliography.

Standard Methods

HARA (Hazard and Risk Analysis) Object C0258

A HARA is performed at project start, classifies the risks and defines the requirements towards the development process.

Security Analysis

start analysis Initial Node C0137

Security Analysis

Define Assets to Protect Activity C0138

This step

- defines which assets to protect
- determines risks for the case these are spied, modified, etc.

Security Analysis

Define System Context Activity C0139

Security Analysis

Show Locations of Assets Activity C0140

Show the components where assets are located
and network lines where the assets pass along.

Security Analysis

Define Attack Vectors Activity C0141

Define attack vectors, likelihoods and impacts. Based on this criticality, the mitigations are defined.

a good checklist for attack vectors is the stride model:
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege

Security Analysis

Define Mitigations Activity C0142

Security Analysis

Re-evaluate Risks Activity C0143

Security Analysis

finish analysis Final Node C0144

Security Analysis

security analysis process Activity C0192

Security Analysis

Define Trust Boundaries Activity C0210

Trust boundaries are measures to keep attackers out.

Security Incident Management

start planning Initial Node C0211

Security Incident Management

Define activities to observe the operation Activity C0212

Plan to actively identify events and weaknesses.

Security Incident Management

par Fork C0213

Security Incident Management

Define rating for observed events Activity C0214

Plan analysis and assessment of events.

Security Incident Management

Define reactions based on rating Activity C0215

Plan corrective measures.

Security Incident Management

end par Join C0216

Security Incident Management

start operation Final Node C0217

Security Incident Management

incident management process Activity C0218

FMEA

List all system elements (hierarchical) Activity C0270

FMEA

List the functions of each system element Activity C0271

FMEA

List system functions and severities of failure Activity C0272

FMEA

Analyze all failures of system elements Activity C0273

FMEA

Define effects on system and severity Activity C0274

FMEA

Define mitigations Activity C0275

Structure of FMEA

Function of System abstract Class C0262

A functionality of the system

Structure of FMEA

Logical Block abstract Class C0263

An abstract system element that organizes functionalities.
This is the result of the "form follows function" principle.

Structure of FMEA

Port abstract Class C0264

A port/connector/pin of an abstract system element.

Structure of FMEA

Physical Element Class C0265

Any concrete system element like hardware, configuration data or software.

Structure of FMEA

Function of Element Class C0266

A functionality of a concrete physical system element.

Structure of FMEA

Risk Class C0267

A risk describes a situation that

Structure of FMEA

Cause Class C0268

The fault or failure mechanism that caused the failure mode.

Structure of FMEA

Mitigation Class C0269

An action to mitigate or to reduce a risk.

Create a System Architecture

Understand Stakeholder Requirements Activity C0278

This process may produce use cases that show usage scenarios.

Create a System Architecture

Derive System Requirements Activity C0279

Create a System Architecture

Create functional view Activity C0280

Create a System Architecture

Create Logical View Activity C0281

Create a System Architecture

Create Physical View Activity C0282

Create a System Architecture

Review Test Cases Activity C0283

Process Documentation

term: Goal concept Class C0244

What to achieve? A goal should be
- a desired result
- realistic
- measurable

Process Documentation

term: Objective concept Class C0245

An objective is a step towards a goal.
It may be a goal broken down to
- short-term objectives
- responsible team
- partial results

Process Documentation

term: Strategy concept Class C0246

Process Documentation

term: Tactic concept Class C0247

Tactic

Process Documentation

term: What Class C0248

Process Documentation

term: How Class C0249

Process Documentation

Project Execution Plan Class C0250

A plan/strategy document that explains how a project shall be executed.

Process Documentation

Plan of Artifacts Class C0251

A plan document that defines workflow, tools, needed skills, review and approval processes.

Process Documentation

Artifact (e.g. Document) Class C0252

Process Documentation

Template Class C0253

Process Documentation

Guidelines Class C0254

Process Documentation

Report on Results Class C0255

For example review reports or test results

Process Documentation

How-To Class C0256

Process Documentation

foreach artifact type Class C0257

Bibliography

Software Architecture in Practice Object C0165

Software Architecture in Practice (3rd Edition)
by Len Bass, Paul Clements, and Rick Kazman.
Addison Wesley / Pearson, 2013.
ISBN 978-0-321-81573-6

Bibliography

ISO/IEC 9126 Object C0166

ISO/IEC 9126 Software engineering — Product quality

Bibliography

ISO/IEC 25010:2011 Object C0167

ISO/IEC 25010:2011

Bibliography

arc42 Object C0168

https://arc42.org

Bibliography

Software Estimation Object C0171

Software Estimation - Demystifying the Black Art
by Steve McConnell,
Microsoft Press, 2006.
ISBN:0735605351

Bibliography

Internet Security Object C0172

Internet-Security aus Software-Sicht
by Kriha/Schmitz
Springer, 2008.
ISBN 978-3-540-22223-1

Bibliography

High Integrity Software Object C0173

High Integrity Software - The Spark Approach to Saftey and Security
by John Barnes
Addison Wesley / Pearson, 2003.
ISBN 978-0-321-13616-0

Bibliography

Engineering a Safer World Object C0174

Engineering a Safer World - Systems Thinking Applied to Safety
by Nancy G. Leveson
MIT Press, 2011.
ISBN: 9780262016629

Bibliography

Software Quality Engineering Object C0189

Software Quality Engineering - A practitioners approach by
Witold Suryn
Wiley, 2014
ISBN 978-1-118-59249-6

Bibliography

Adaptive AUTOSAR Coding Guidelines Object C0259

Guidelines for the use of the
C++14 language in critical and
safety-related systems
https://www.autosar.org/fileadmin/standards/R18-10/AP/AUTOSAR_RS_CPP14Guidelines.pdf

Bibliography

Systems Engineering Handbook Object C0276

Systems Engineering Handbook, 5th Edition
by INCOSE
Wiley, 2023
ISBN: 978-1-119-81429-0

Bibliography

SEBoK Object C0277

Guide to the Systems Engineering Body of Knowledge (SEBoK)
Lead Editor: Nicole Hutchison
SEBoK v. 2.11, released 25 November 2024
https://sebokwiki.org/

Notation

Class Metaclass Stereotype C0230

Notation

process Stereotype C0231

<path d="

M 0 5
L 2 4.5
L 3 3.5
l -1 -1 0 -1 1 0.5 1 0.75
c 2 -0.5 3 -1 5 0.25
l -1 -1 0 -1 2 1.5 0 1.5
l 1 0 0.5 -0.5 1.5 1.5

M 0 5
L 2 5.5
L 3 6.5
l -1 1 0 1 1 -0.5 1 -0.75
c 2 0.5 3 1 5 -0.25
l -1 1 0 1 2 -1.5 0 -1.5
l 1 0 0.5 0.5 1.5 -1.5

"/>

Notation

turtle process Image C0232

Internet Articles

Principles of technical documentation Comment C0243

https://www.innoq.com/en/articles/2022/01/principles-of-technical-documentation/