1. Requirements

5.2.3.1 The Software Design Description shall include: [SWE-111]

      a. Computer Software Configuration Item (CSCI)-wide design decisions/trade decisions.
      b. CSCI architectural design.
      c. CSCI decomposition and interrelationship between components:

        (1) CSCI components:

              (a) Description of how the software item satisfies the software requirements, including algorithms, data structures, and functional decomposition.
              (b) Software item I/O description.
              (c) Static/architectural relationship of the software units.
              (d) Concept of execution, including data flow, control flow, and timing.
              (e) Requirements, design and code traceability.
              (f) CSCI's planned utilization of computer hardware resources.

         (2) Rationale for software item design decisions/trade decisions including assumptions, limitations, safety and reliability related items/concerns or constraints in design documentation.

         (3) Interface design.

1.1 Notes

The documentation of the architectural design of a software system identifies and describes the architectural elements of the software, the external interfaces, and the interfaces between elements. The description includes element responsibilities (constraints on inputs and guarantees on outputs), and constraints on how the elements interact (such as message and data sharing protocols). The architectural design documentation includes multiple views of the architecture and identifies and supports the evaluation of the key quality attributes of the planned software product. The key quality attributes of the software will depend on the mission in which the software is to be used and the manner in which it is to be developed and deployed. They will usually include: performance, availability, maintainability, modifiability, security, testability and usability (operability.)

1.2 Applicability Across Classes

Classes C through E and Safety Critical are labeled with "P (Center) + SO." "P (Center)" means that an approved Center-defined process that meets a non-empty subset of the full requirement can be used to achieve this requirement, while "SO" means that the requirement applies only for safety-critical portions of the software.

Class C and Not Safety Critical and Class D and Not Safety Critical are labeled with "P (Center.)" This means that an approved Center-defined process that meets a non-empty subset of the full requirement can be used to achieve this requirement.

Classes F and G are labeled with "X (not OTS)." This means that this requirement does not apply to off-the-shelf software for these classes.

2. Rationale

NPR 7150.2, NASA Software Engineering Requirements, section 5.2.3, states, "The Software Design Description describes the design of a CSCI (computer software configuration item). It describes the CSCI-wide design decisions, the CSCI architectural design, and the detailed design needed to implement the software." The software design process transforms the software requirements into a structured, organized set of information appropriate for implementing in code. This design is captured in the software design description (SDD), making the SDD a critical document in the software development process.

3. Guidance

When creating the software design description (SDD), the following minimum content is included. If the content is included in another document or tool, such as separate trade study documents, interface design documents, modeling or simulation tools, or data dictionaries, those documents or tools may be referenced in the SDD.

CSCI-wide design decisions/trade decisions

It is important to document decisions made during the design process, as well as the reasons those decisions were made. (See Rationale for software item design (Item 2 under CSCI decomposition and interrelationship between components) guidance below.) This information is useful for the implementation phase, as well as future software maintenance activities. Consider the following when capturing "decisions about the CSCI's behavioral design (how it will behave from a user's point of view, in meeting its requirements, and ignoring internal implementation) and other decisions affecting the selection and design of the software units that make up the CSCI": ⁰⁹⁶

• Make Decisions based on trade studies, including the options considered or a reference to the document(s) that capture the trade study information.
• Capture design decision dependencies on system states or modes. ⁰⁹⁶
• Capture design decisions "regarding inputs the CSCI will accept and outputs it will produce, including interfaces with other systems, hardware configuration items (HWCIs), CSCIs, and users." ⁰⁹⁶
• Capture design decisions "on CSCI behavior in response to each input or condition, including actions the CSCI will perform, response times, and other performance characteristics, description of physical systems modeled, selected equations, algorithms, or rules, and handling of invalid inputs or conditions." ⁰⁹⁶
• Capture design decisions "on how databases and data files will appear to the user." ⁰⁹⁶
• Capture the "selected approach to meeting safety, security, and privacy requirements." ⁰⁹⁶
• Capture design decisions "made in response to requirements, such as selected approach to providing required flexibility, availability, and maintainability." ⁰⁹⁶

CSCI architectural design

"The architectural design documentation includes multiple views of the architecture and identifies and supports the evaluation of key quality attributes of the planned software product. The key quality attributes of the software will depend on the mission in which the software is to be used and the manner in which it is to be developed and deployed. They will usually include performance, availability, maintainability, modifiability, security, testability and usability (operability)." ⁰⁹⁰

The architectural design may be captured in a variety of ways but is typically captured in one or more diagrams. Consider including diagram conventions, as appropriate, so readers can better understand the architectural design captured in those diagrams. When capturing the architectural design, consider including:

• A subsystem/component context diagram.
• A system design diagram (such as a top-level data flow diagram or UML (Unified Modeling Language) diagram).
• A "list of [software] subsystems, tasks, or major components – e.g., user interface, database, task management." ⁰⁷³
• A map or list of software units that make up each CSCI.

CSCI decomposition and interrelationship between components

1. CSCI components
   
   1. Description of how the software item satisfies the software requirements, including algorithms, data structures, and functional decomposition.
      Consider including the following when describing how each software item satisfies the associated set of software requirements:
      
      • Description of functionality and operational modes, data storage concepts, and structures. ⁰⁷²
      • Derived requirements. ⁰⁷³
      • Functional allocations among the software subsystems.
      • Databases, data files, and shared data with safety-critical data marked. ²⁷⁶
      • "Identify, state the purpose, and describe in detail the algorithms to be incorporated into the execution of the CSU. The algorithms shall be described in terms of the manipulation of input and local data elements and the generation of output data elements." ¹⁷⁶
   2. Software item input/output (I/O) description.
      When capturing the I/O description, consider including the following information, as appropriate:
      
      • Identification and formats of input and output data. ⁰⁷²
      • Purpose, source and destination, data type, data representation, size, units of measure, limit/range, accuracy, precision/resolution. ³⁸⁷
      • Identification of safety-critical input and output data used in interfaces. ²⁷⁶
      • I/O data rates.
   3. Static/architectural relationship of the software units.
      Like the CSCI architectural design, the static/architectural relationship of software units is typically captured in one or more diagrams. Consider the following when capturing this information:
      
      • A subsystem/component context diagram. ⁰⁷²
      • A system design diagram (such as a top-level data flow diagram or UML diagram). ⁰⁷²
      • Design diagrams for the task ⁰⁷² and descriptions of major modules. ⁰⁷³
      • Identification of non-safety-critical units that can interact with safety-critical ones. ²⁷⁶
      • Documentation of the positions and functions of safety-critical components in the design hierarchy. ²⁷⁶
      • Relationship of this software to other software components in the system. ³⁸⁷
   4. Concept of execution, including data flow, control flow, and timing.
      The concept of execution may be captured in "diagrams and descriptions showing the dynamic relationship of the software units, that is, how they will interact during CSCI operation." ⁰⁹⁶ Consider including the following information when capturing the concept of execution:
      
      • Interrupts and/or exception handling, including event, failure detection and correction (FDC), and error messages. ⁰⁷²
      • End-to-end data flow description and/or diagrams. ⁰⁷³
      • "Execution control, interrupt characteristics, initialization, synchronization, and control of the components...include finite state machines." ²⁷⁶
      • Timing and sequencing diagrams.
      • States and modes of software operation, including the software units that execute in each state and mode, as well as the execution control and data flow between components in the different states and modes. ³⁸⁷
      • Control and signal flow, interrupt priorities and interrupt handling, error detection and handling. ³⁸⁷
      • "Dynamically controlled sequencing, state transition diagrams..., priorities among units..., concurrent execution, dynamic allocation and de-allocation, dynamic creation and deletion of objects, processes, tasks, and other aspects of dynamic behavior." ⁰⁹⁶
      • Thread interactions.
   5. Requirements, design, and code traceability.
      Traceability is another type of information that is important for development and maintenance of the software because it allows development personnel to identify affected software products when a change or update is made. Consider the following when capturing the traceability information for the design. (See also the traceability guidance in this Handbook for SWE-059 and SWE-064.)
      
      • "Requirements trace or flow-down of system-level requirements to the subsystem, with any safety-critical requirements highlighted." ⁰⁷³
      • Trace of each safety-critical component back to original safety requirements and how the requirement is implemented. ²⁷⁶
      • Traceability between the architectural design and software components.
   6. CSCI's planned utilization of computer hardware resources.
      Consider the following when capturing the planned utilization of computer hardware resources for each CSCI:
      
      • "Utilization constraints (e.g., CPU, memory); how the software will adapt to changing margin constraints; performance estimates." ⁰⁷²
      • "Estimates of computer hardware resources usage ... to ensure that the design is within the total hardware resource capacity." ⁰⁰¹
      • Storage and memory resource allocations across the software architecture.
      • Memory, bus, throughput estimates, and margins. ³⁸⁷
      • Planned CSCI usage of processor capacity, I/O device capacity, auxiliary storage capacity, communication or network capacity. ⁰⁹⁶
2. Rationale for software item design decisions/trade decisions, including assumptions, limitations, safety and reliability-related items/concerns or constraints in design documentation.
   It is important to document the reasons for design decisions for the implementation phase, as well as future software maintenance activities. Design decisions need to be traceable to relevant trade studies and the associated reasoning behind those decisions. Consider the following when capturing the rationale for design decisions:
   
   • Alternatives that were part of the design process but that were excluded, along with the reasons for those exclusions, e.g., did not meet requirements, low probability of success, exceeded cost and/or schedule constraints. ⁰⁰¹
   • Assumptions made during discussions of design options.
   • Limitations of various design options that affected the design choice, e.g., technical, cost, schedule limitations.
   • Safety and reliability considerations in the design elements and interfaces for each software subsystem, task, or component. ⁰⁷³
   • Design constraints, e.g., feasibility, coupling, extensibility, maintainability.
   • Design drivers, e.g., performance, reliability, usability, hardware considerations, established for the project that affected the software design.
   • "Design alternatives, including reuse of heritage software and/or COTS tradeoffs." ⁰⁷³
   • Performance parameters that were part of the rationale, e.g., reliability, safety, affordability, schedule, risk. ⁰⁰¹
   • "Selection criteria (e.g., adherence to design standards, verifiability, ease of construction, reuse, use of COTS, safety)." ⁰⁰¹
   • "Assumptions about the environment including operating system, user interface, component, data management, data interchange, graphics, and network services, especially assumptions on which safety functions and computer security needs may be based." ³⁸⁷
   • "Assumptions and conditions on which the utilization data are based (e.g., typical usage, worst-case usage, and assumption of certain events)." ⁰⁹⁶
   • "Architectural element responsibilities (constraints on inputs and guarantees on outputs) and constraints on how the elements interact (such as message and data sharing protocols)." ⁰⁹⁰
3. Interface design
   Consider the following when capturing the interface characteristics of the software units. (See also the guidance in this Handbook for SWE-112, which describes the content for the interface design description document.) If all or part of this information is captured in one or more interface documents, those documents may be referenced here.
   
   • Internal interfaces between all components.
   • Operator interfaces.
   • Device interfaces.
   • Allocation of the software's external interface requirements to components.
   • "Identify the safety-critical ... interfaces throughout the design. Identify non-critical units that can interact with safety-critical ones." ²⁷⁶
   • "Design of each interface in terms of:
     • Information description;
     • Initiation criteria;
     • Expected response;
     • Protocol and conventions;
     • Error identification, handling and recovery;
     • Queuing;
     • Implementation constraints;
     • Requirements relative to safety and computer security." ³⁸⁷
   • Interface type and purpose.
   • Interface description, including data transmitted, messages transmitted, priority of interfaces, and messages transmitted across them. ³⁸⁷

The Software Architecture Review Board ³²³, a software engineering sub-community of practice, is a good resource of software design information, including sample documents, reference documents, and expert contacts.

Additional guidance related to software design may be found in Topic 7.07 - Software Architecture Description and the following related requirements in this handbook:

4. Small Projects

Projects with limited personnel or budgets need to consider the guidance and use of software design document templates from the local Center PAL, because a local tailoring via "P (Center)" may be applicable. Center Engineering Technical Authorities also have been empowered to provide specific relief when the software classification specifies required design description items, i.e., "X" in Requirements Mapping Matrix in NPR 7150.2.

5. Resources

5.1 Tools

Tools to aid in compliance with this SWE, if any, may be found in the Tools Library in the NASA Engineering Network (NEN).

NASA users find this in the Tools Library in the Software Processes Across NASA (SPAN) site of the Software Engineering Community in NEN.

The list is informational only and does not represent an “approved tool list”, nor does it represent an endorsement of any particular tool. The purpose is to provide examples of tools being used across the Agency and to help projects and centers decide what tools to consider.

6. Lessons Learned

No Lessons Learned have currently been identified for this requirement. However, there are relevant lessons learned in the related requirements named in the guidance section. Lessons Learned related to software design may be found in the following related requirements in this handbook: