August 2017

How to Achieve High Velocity in Software Development

How do you achieve high velocity in software development? The main challenge to high velocity is tight coupling. Coupling is the degree of interdependence between software modules, or a measure of how closely connected two routines or modules are, or the strength of the relationships between modules. Let’s break down exactly what coupling is, the problems with tightly coupled software, and how to reduce coupling.

What is Tight Coupling

According to John Lakos in Large Scale C++ Software Design, there are two types of coupling: logical and physical. Physical coupling is putting classes, structs, etc. in the same component or creating dependencies from one component to another. Logical coupling is when types (classes, structs, etc.) that are used in one component are supplied by another component. Tight coupling is when a group of component or modules are highly dependent on one another.

tight coupling

Often this happens when components assume too many responsibilities. Large files are sometimes a quick way to find tightly coupled components.

Problems with Tightly Coupled Systems

Tight coupling is a challenge when you want to make changes to a software system. Coupling causes a ripple effect - like circles in a still pond.

coupling ripple effect

You make a small change and suddenly twenty other seemingly unrelated things need to be changed as well. While zero coupling is impossible, what level of coupling is right? The answer, according to Jeppe Cramon in his slideshare presentation “The Why, What, and How of Microservices,” highly depends on how likely the component/system/service is to change and what components need to change together because of the design.

Maintainability suffers in tightly coupled systems. One example from “Large Scale C++ Software Design” is creating interfaces that only contain primitive functionality. If you need non-primitive functionality it should be put into a separate class or operator without private access.

Blithe Rocher, in her talk “Avoiding testing headaches with tightly coupled services,” discusses how tightly coupled services are the most common mistake she sees in microservices. When services are tightly coupled they produce headaches all the way down the deployment stack. In production, if one service goes down, both (or all) services go down. In development, both services need to be running to develop either one. If one service is broken, you can’t work on the other service even if another team is responsible for that service. This adds to development time and makes working in the development environment harder. All of this results in a higher learning curve for new engineers to a project because a great deal of time is spent learning the development environment.

In automated testing, tight coupling means more tests need to be created and the environment needs to be set up for all the coupled services. Blithe’s advice is to not build tightly coupled services. A loosely coupled service or component can be developed, put into production, and tested independently of other services or components.

In the Harvard Business School paper "Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case,” the authors make the case that there is a strong relationship between security vulnerabilities and architecture coupling metrics. Coupling affects quality, productivity, maintenance costs, and security vulnerabilities. In the Google Chrome codebase, component metrics and coupling metrics were significantly correlated with vulnerabilities.

How to Reduce Coupling

Interfaces are a way to reduce tightly coupled components. By communicating through interfaces you break the dependency and any component can be on the other end of that communication. Steve McConnell, in Code Complete, has these guidelines:

  • Minimize accessibility of classes and members
  • Avoid friend classes, because they are tightly coupled
  • Make data private rather than protected in a base class to make derived classes less tightly coupled to the base class
  • Avoid exposing member data in a class’s public interface
  • Be wary of semantic violations of encapsulation
  • Observe the “Law of Demeter

Finally, John Lakos states you should keep both physical and logical coupling to a minimum. As an example, minimize the use of external types in an interface. This will make the component easier to use and to maintain.

Conclusion

Coupling is a measure of the dependencies between components. Tight coupling affects development velocity, quality, maintenance costs, and security. Lattix Architect analyzes your software dependencies and will help you reduce coupling. Click here if you would like to try it out.

Software Architecture and GDPR Compliance

The General Data Protection Regulation (GDPR) is an EU regulation on privacy protection that goes into effect in May 2018. GDPR applies not only to EU companies that process personal data on EU residents but also to companies not located in the EU. As Article 3 states, it is “applied to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union.”

Software architecture is an important part of GDPR compliance. An architectural model of the software gives you a complete view of everything connected to the personal data in your system. The GDPR defines personal data as any information that has the potential, alone or paired with other information, to identify a person. You need to preserve the identity of an individual across different names and properties and be able to trace them across the system and disparate data points as stated in Article 30. You have to record what you do with personal data and define which applications use it.

The Automated Decision Making section of the GDPR states that any system which undertakes automated individual decision-making, including profiling (Article 22), is now contestable by law. This includes automation components such as calculation engines, scoring systems, or other processing of personal data. You need to be able to trace the personal information through these systems and demonstrate compliance. Article 5 states “the controller shall be responsible for, and be able to demonstrate compliance…”

Compliance Steps for GDPR

As part of ensuring compliance for GDPR, you will need a good overview of the personal data involved.

  1. Identity all data that the GDPR considers personal data. Lattix Architect will give you this information with its member level expansion feature that allows you to see all of the variables associated with personal data.

    software architecture (see our video on Member Level Expansion)

  2. Once you have identified the personal data, you need to analyze its use. Lattix Architect understands all of the dependencies in your software system, so it will know all of the dependencies on the personal data. Now you will be able to model the data flow and show which applications, processes, etc. use the personal data.
  3. Once you have modeled the data flow, you will be able to demonstrate compliance with GDPR by using the Impact Analysis Report in Lattix Architect. This report tells you all the dependencies on selected elements (in this case variables) and can be exported to Excel, csv, or XML formats.

    software architecture (see our video on Impact Analysis)

GDPR compliance is something you need to regularly revisit. You must go through the above steps frequently to ensure you remain compliant. This becomes part of your governance framework.

Summary

Non-compliance with GDPR can result in large fines. Penalties,as outlined in Article 38, include “fines up to 20,000,000 EUR or in the case of an undertaking, up to 4% of the total worldwide annual turnover.” There is personal damage that can be claimed by any individuals who are the data subjects and there is personal liability for directors and senior managers. This all makes it worthwhile for organizations to take these risks seriously.

Using Escalation to Solve Cyclic Dependencies

As we discussed in the previous blog post, cyclic dependencies degrade the quality of a software system, leaving it inflexible and difficult to manage. As the size of a software system grows, the importance of catching and fixing cyclic dependencies grows because the overall cost of developing and maintaining the system increases.

How Cyclic Dependencies are Created

Software systems usually start out with clean, well thought-out designs that don’t have bad dependencies (cyclic dependencies). But, as software development starts in earnest, custom enhancements or bug fixes are requested, usually with quick turnaround times. This can lead to situations where the design is compromised because of insufficient development time and can lead to architectural problems like cyclic dependencies.

As an example, here is some C++ code that has two similar classes in a software system that do similar things (hold similar info), Circle and Tire, both representing a circular shape. A Circle is a defined by a radius.

// circle.h
class Circle {
// ...
public:
    Circle(int Radius);
    // ...
    double getarea();
};

While a Tire is defined by a center point and a radius.

// tire.h
class Tire {
// ...
public:
    Tire(int xCenter,
           int yCenter,
           int radius);
     // ...
     double getCircumference() const;
};

Both provide similar functions and hold similar information but might also have custom functionality or different performance characteristics. What if we now have a client request to convert between these two types of circular shapes? One solution is to add a constructor which has one argument: a const reference to the other class. In this solution, the conversion is performed implicitly. Allowing two components to “know” about each other via #include directories implies a cyclic dependency.

// circle.h
#include "tire.h"

class Circle {
// ...
public:
    Circle(int Radius);
    Circle(const Time &T);
    // ....
    double getarea();
};
// tire.h
#include "circle.h"

class Tire {
// ...
public:
    Tire(int xCenter,
           int yCenter,
           int radius);
     Tire(const Circle &c);
     // ...
     double getCircumference();
};
This solution has two problems:
  • Performance degrades because you have to create a temporary object of the other type when you call the constructor.
  • You have introduced a cyclic dependency between two components. Now you can't compile, link, test, or use one class without the other.

How to Solve Cyclic Dependencies with Escalation

One solution is to move the functionality that is causing the cyclic dependency to a higher level. If peer components are cyclically dependent, it may be possible to escalate the interdependent functionality from each of these components to static members in a potentially new, higher level component that depends on each of the original components. We can create a utility class calledCircUtil that knows about the Circle and Tire classes and place the definitions in a separate component.
// circutil.h

class Circle;
class Tire;

struct CircUtil {
    static Tire toTire(const Circle &c);
    static Circle toCircle(const Tire &t);
};
// circle.h

class Circle {
    // ...
    public:
    // ...
};
// tire.h

class Tire {
    // ...
    public:
    // ...
};
Now you can use, test, etc. each class independently.

Summary

While this is a simple example, cyclic dependencies in larger systems have the potential to greatly increase the cost of developing and maintaining software systems. Escalating mutual dependencies to a higher level can fix cyclic dependencies. This reduces the maintenance costs of a system by getting rid of unnecessary dependencies among components at the same level. This also makes the system more flexible and reusable. If you are interested in identifying your bad dependencies, check out Lattix Architect.