From Testability to Excellence: A Systematic Approach to Software Design.
We began this journey into the world of software testing by observing that one of the primary characteristics of quality software is the reliability, where software reliability can be defined as the probability of failure-free operation of a computer program.
In the previous ten stages of this journey, we have seen that a testing phase plays a fundamental role in identifying errors. We've also seen that the software development literature is rich of discussions explaining the various approaches, the different phases, the test techniques and the benefits of a good testing process.
In this article, I want to shift the focus to a less discussed aspect: the "software testability", which we can define as the ease of developing testing procedures.
Testability aims to predict how effectively a set of components can be exercised, making it a design aspect. Ensuring a uniform degree of testability should be one of the goals pursued from the earliest design stages.
In previous articles we showed that treating an entire software system as a monolithic block imposes significant limitations on ensuring complete testing. From a testability perspective, it's necessary to define the smallest unit reasonably testable in isolation. We will call this elementary unit as "component".
A component should be a set of classes forming an independent abstraction with a good degree of cohesion (6.). Often, there is a correspondence between a component and a package, but this is not a rule. We should be careful not to confuse a component with the package. A class, in fact, can appear within many components but is defined in a single package.
But how can one learn to design testable software? Well, let's be honest, the question is reductive. The real question to ask is: how can one learn to design good software? In fact, a good architecture will certainly also be testable.
There are four different approaches:
The key idea of Sys-OOD is to learn to generate, evaluate, and compare alternative solutions. No real problem has a "perfect" solution. It is essential to learn to identify alternative solutions, evaluate and compare the pros and cons of them, and finally choose the most suitable one, considering the project's various factors. We can establish a new principle that precedes the rules of Sys-OOD: "Do not fall in love with the first solution you encounter."
And now let's look at the structure of sys-OOD: The Sys-OOD is based on four design rules and some transformation techniques.
Each rule is objectively verifiable and clarifies the consequences of its violation. Each rule is associated with a number of transformations.
Each transformation is a schema with an initial configuration and a final configuration (that respects the rule) and provides some heuristic criteria that guide the designer in selection and once chosen, is systematically applicable.
Adhering to all four Sys-OOD rules on all occasions is not simple, nor often necessary. It is our job (as software designers) to assess when the consequences of a violation are acceptable compared to the effort required to bring the design into compliance with the rules. In the context of Sys-OOD, violating a rule is certainly allowed, provided it is a conscious decision by the designer who has appropriately weighed the costs and benefits.
Let's look at the first rule of Systematic Object Oriented Design: the "Layering Rule".
This rule comes from a fundamental design principle: "abstractions should not depend on details". Otherwise, we cannot reuse abstractions without bringing along the details, and we cannot extend the details without modifying the abstractions.
However, "abstraction" and "detail" are informal, unverifiable concepts. We can't look at a class diagram and say, "this is wrong" without knowing the problem domain and other surrounding factors.
So, instead of a very general but informal rule, we need a verifiable condition. The Layering Rule addresses this with the following procedure:
A classical simple example to explain this rule is the Point and Rect classes with the InRect method in the Point class. The Rect is identified by two points, the corner top-left (p1) and the corner bottom-right (p2), so Rect must depend on the Point class.
This is a design error because we cannot use the Point class without the Rect class. We can be easily fixed this problem by reversing the responsibility for checking if a point is inside a rectangle from the point "Point.inRect(Rect)" to the rectangle "Rect.contains(Point)".
This example is trivial, in more real situations there are several transformation techniques to "break" a circular dependency, such as:
Asymmetric Splitting.
Symmetric Splitting.
A2::A2(C1& c) { ........ }
B2::B2(C1& c) { ........ }
C2 c2;
A2 a2(c2);
B2 b2(c2);
Generic Class.
Recursive Parent.
Before moving on to the next rule, always remember that by following these techniques, we ensure a design that is layered, reusable, and extendable, aligning with the fundamental principles of object-oriented design, but pay close attention to applying the most appropriate technique to your specific context.
Now let's look at the second rule of Sys-OOD called "Concrete Class Dependency Rule".
The rule says: "If class A depends on class B, B should be abstract. Violating this rule means reducing the reusability of A independently from the concrete class B. It also means we cannot extend B to similar classes while keeping A's ability to interact with them".
Here’s an example:
We have a DialogBox that contains a button, and its concrete class depends on the Button class. It makes sense if we don't want to use an alternative confirmation mechanism. But what if we want to use an alternative confirmation mechanism, like selecting a choice from a list-box while preserving all the logic of the DialogBox?
The solution is to use an interface class that decouples from the concrete class and provides a point of extensibility.
Let's not confuse this rule with the "Layering Rule". The "Layering Rule" governs the dependency of use, this one instead governs dependencies on concrete classes, even if as we will see they share some transformation techniques.
Let's look at the transformation rules to manage this "Concrete Class Dependency Rule" in detail:
Interface Class.
Be careful if we encounter difficulties in naming B* because it could indicate the following 3 situations:
A final consideration on this technique is that in some languages, introducing an interface class impacts performance, which designers must carefully evaluate in their cost-benefit analysis.
Generic Class.
Abstract Wrapper.
However, it has the highest overhead among the techniques presented here: as always, flexibility and efficiency are in contrast.
Let's move on to the third rule of the sys-OOD the "Creation Dependency Rule". This is one of the most common problems and strangely, it is often overlooked by designers. The rule says: "If class A creates objects of class B, class B should be "final" (Java), or the creation operation must be redefinable, at least in the subclasses of A".
The consequences of violating these rules are quite simple: If we extend A, the derived classes won't be able to use extended versions of B. Moreover Class A will not be able to use extended versions without modifying its own code.
Here’s an example:
We have a dependency between concrete classes, the Client and the NamedPipe. We are violating the second rule of Sys-OOD. Let's apply the "Interface Class" transformation and we satisfy rule 2.
Now let's consider a small variation to the example: the client class owns the pipe. By applying the same transformation the Client class still remains non-reusable separately from the NamedPipe class and non-extendable, because there is a creation dependency (Rule 3).
Sometimes, the consequences of the violation are acceptable, but in other cases it means giving up the benefits of object-oriented programming.
Now, let's look at some transformation techniques that can be used to satisfy the Creation Dependency Rule:
Factory Method.
Abstract Factory Method.
Indexed Creation Method.
class A {
int g() {
F.CreateProduct( “pippo” ) ;
// ...
// ...
class F {
static Object CreateProduct( String s ) {
Class c = Class.forName( s ) ;
return( c.newInstance() ) ;
// ...
Generic Creator.
Now let's look at the 4th and final rule of Sys-OOD: the "Law of Demeter" (LoD). The Law of Demeter is a guideline for designing software to ensure loose coupling and high cohesion. It states: Every method M of a class C should use only: its arguments, the immediate sub-objects of C, objects created locally within M, or global objects.
In simpler terms, each method should only interact with immediate "friends" and not with the "friends of friends". A violation occurs when a method of an object interacts with an object it received indirectly, such as calling a method on an object returned by another method.
As with any Sys-OOD rule, it’s important to clarify the consequences of violating it. In the case of the Demeter Law, we have potential instability in navigation, both in depth and breadth. If the sub-objects tend to grow in number or change in type, we will have instability in breadth. If the sub-objects are not stable as associations (e.g., they are moved into another sub-object), we have instability in depth, again requiring modifications to the caller.
We could consider the Law of Demeter as the formalized version of the "information hiding" principle.
Let's see a simple example of "Demeter Law" violation:
Consider a computer burn-in program that tests different components of a computer to ensure they work correctly. Here's how the program might look if it violates the Law of Demeter.
// function Test in class Computer
void Test() {
In this design, the CPU class directly interacts with its Serial and Parallel classes. This setup creates a dependency chain, violating the Law of Demeter.
Now, let's look at a transformation technique that can be used to satisfy the "Law of Demeter": the "Pushdown".
The "Pushdown" technique involves moving methods or attributes from a base class to one of its subclasses to reduce direct and indirect dependencies between classes. This helps maintain the principle of the "LoD", which limits interactions between classes.
Imagine we have a base class C with a method M that violates the Law of Demeter by directly accessing sub-objects of other objects. The "simple pushdown" technique moves the method M from the base classes C to the appropriate subclass, which has direct access to the necessary attributes. This reduces the need to traverse several levels of objects.
Suppose we have the following class structure:
class A {
B b;
class B {
C c;
class C {
void doSomething() {
// ........
And class A has a method that accesses the sub-object of B to call doSomething() of C class:
class A {
B b;
void doSomethingInA() {
b.c.doSomething(); // Law of Demeter violation
To apply the "pushdown" technique, we move the doSomethingInA() method directly into class B, which has direct access to C:
class B {
C c;
void doSomethingInB() {
class A {
B b;
void doSomethingInA() {
Now the Law of Demeter is satisfied and the benefits are:
Here is the pushdown transformation technique in UML notation
Let's now try to apply the "pushdown" technique to the computer burn-in program example.
To adhere to the Law of Demeter, we can refactor the design so that each method only interacts with its immediate "friends."
In the refactored design, the Computer class calls the test() method of the Peripheral class which inside calls the test() methods on the Serial and Parallel classes
// method Test in class Computer
void Test() {
// method Test in class Peripheral
void Test() {
In the refactored design, the Computer class calls the test() method of the Peripheral class which inside calls the test() methods on the Serial and Parallel classes.
By following the Law of Demeter, our computer burn-in program becomes more robust, easier to understand, and maintainable. Each class has clearly defined responsibilities and interactions, leading to a well-structured and reliable system.
I would like to conclude this article by summarizing the reasons why we should adopt Sys-OOD.
The first reason is that simply following Design Principles tells us little about how to achieve a design that adheres to those principles. Design principles are usually too general and non-constructive, meaning they don't guide the designer toward a solution.
On the other hand Design Patterns offer a good alternative but are not easy to understand deeply. Designing "by pattern" requires a significant ability to anticipate problems to select the best pattern. It is difficult to use patterns to solve problems "after the fact."
Instead the Systematic Object Oriented Design reminds us that the essence of object-oriented design is transforming a model from the problem space to the solution space. This transformation must consider many surrounding factors: technical factors (such as the extensibility of some parts, reusability, and sharing of others), and extra-technical factors (for example, sub-optimal solutions are sometimes acceptable to speed up development or because the reusability of certain classes is not important to the company, etc.). The result must respect the design principles mentioned above, or it must be clear where it doesn't, why, and what can be done to respect them.
The four rules of Sys-OOD are simple, objectively verifiable, and free from the ambiguities of the major "Design Principles." Despite this, they capture a wide range of cases, and a design that respects them has a good chance of ensuring those famous properties of extendability, reusability, and maintainability that are always discussed in object-oriented design.
Moreover, Sys-OOD is incremental, meaning we can start with a simple design and improve it as problems are identified. We can also acknowledge some problems (e.g., the impossibility of extending certain parts) and accept them due to surrounding factors. In any case, it remains clear where and how we should intervene. Additionally, it works well during maintenance.
Since all transformations are constructive, after a while, we learn to apply them "on the fly." Unlike patterns, these techniques have formal foundations.
With these last considerations on the effectiveness of a systemic approach to software design, this article and also our journey into the realm of software testing ends.
I remind you my newsletter "Sw Design & Clean Architecture"? : where you can find my previous articles and where you can register, if you have not already done, so you will be notified when I publish new articles.
Thanks for reading my article, and I hope you have found the topic useful,
Feel free to leave any feedback.
Your feedback is very appreciated.
Thanks again.
1. Robert Martin, “Clean Architecture - a craftsman's guide to software structure and design” Prentice-Hall (November 2018).
2. Gamma, Helm, Johnson, Vlissides, “Design Patterns” Addison Wesley (2° Edition October 2002).
3. Carlo Pescio, "Systematic Object Oriented Design" - Computer Programming n.76.
4. Carlo Pescio,""
6. S.Santilli: ""
8. S.Santilli: ""
12. S.Santilli: ""
13. S.Santilli: ""