When creating the software design description (SDD), the following minimum content is included. If the content is included in another document or tool, such as separate trade study documents, interface design documents, modeling or simulation tools, or data dictionaries, those documents or tools may be referenced in the SDD.
CSCI-wide design decisions/trade decisions
It is important to document decisions made during the design process, as well as the reasons those decisions were made. (See Rationale for software item design (Item 2 under CSCI decomposition and interrelationship between components) guidance below.) This information is useful for the implementation phase, as well as future software maintenance activities. CSCI-wide design decisions are “decisions about the CSCI's behavioral design (how it will behave, from a user's point of view, in meeting its requirements, ignoring internal implementation) and other decisions affecting the selection and design of the software units that make up the CSCI.” Glenn Research Center's (GRC's) GRC-SW-TPLT-SDD, Software Design Description Template, suggests considering the following when capturing "decisions about the CSCI's behavioral design (how it will behave from a user's point of view, in meeting its requirements, and ignoring internal implementation) and other decisions affecting the selection and design of the software units that make up the CSCI":
- Capture design decision dependencies on system states or modes.
- Capture design decisions "regarding inputs the CSCI will accept and outputs it will produce, including interfaces with other systems, hardware configuration items (HWCIs), CSCIs, and users."
- Capture design decisions "on CSCI behavior in response to each input or condition, including actions the CSCI will perform, response times, and other performance characteristics, description of physical systems modeled, selected equations, algorithms, or rules, and handling of invalid inputs or conditions."
- Capture design decisions "on how databases and data files will appear to the user."
- Capture the "selected approach to meeting safety, security, and privacy requirements."
- Capture design decisions "made in response to requirements, such as selected approach to providing required flexibility, availability, and maintainability."
- If a design decision depends upon system states or modes, indicate this dependency.
- Make Decisions based on trade studies, including the options considered or a reference to the document(s) that capture the trade study information.
- Capture decisions to use open source components along with a description of the components and their planned use.
- Capture decisions to reuse software components along with a description of those components and their planned use.
Capture decisions to use commercial off the shelf (COTS) components along with a description of those components and their planned use.
CSCI architectural design
Goddard Space Flight Center's (GSFC's) 580-STD-077-01, Requirements for Minimum Contents of Software Documents, notes that "The architectural design documentation includes multiple views of the architecture and identifies and supports the evaluation of key quality attributes of the planned software product. The key quality attributes of the software will depend on the mission in which the software is to be used and the manner in which it is to be developed and deployed. They will usually include performance, availability, maintainability, modifiability, security, testability and usability (operability)."
The architectural design may be captured in a variety of ways but is typically captured in one or more diagrams. Consider including diagram conventions, as appropriate, so readers can better understand the architectural design captured in those diagrams. When capturing the architectural design, consider including:
- A subsystem/component context diagram.
- A system design diagram (such as a top-level data flow diagram or UML (Unified Modeling Language) diagram).
- "A list of [software] subsystems, tasks, or major components – e.g., user interface, database, task management."
- A map or list of software units that make up each CSCI.
CSCI decomposition and interrelationship between components
“Identify the software units that make up the CSCI [the purpose and the CSCI requirements and CSCI-wide design decisions allocated to it]. ...A software unit is an element in the design of a CSCI; for example, a major subdivision of a CSCI, a component of that subdivision, a class, object, module, function, routine, or database. Software units may occur at different levels of a hierarchy and may consist of other software units. Software units in the design may or may not have a one-to-one relationship with the code and data entities (routines, procedures, databases, data files, etc.) that implement them or with the computer files containing those entities. A database may be treated as a CSCI or as a software unit. The SDD may refer to software units by any name(s) consistent with the design methodology being used.”
- CSCI components
- Description of how the software item satisfies the software requirements, including algorithms, data structures, data configuration loads, and functional decomposition, including software and hardware fault management and how software requirements are allocated to processors and tasks.
Consider including the following when describing how each software item satisfies the associated set of software requirements:
Software item input/output (I/O) description.
- Description of functionality and operational modes, data storage concepts, and structures.
- Derived requirements.
- Functional allocations among the software subsystems.
- Databases, data files, and shared data with safety-critical data marked.
- "Identify, state the purpose, and describe in detail the algorithms to be incorporated into the execution of the CSU. The algorithms shall be described in terms of the manipulation of input and local data elements and the generation of output data elements."
- Fault management approach and algorithm implementation.
When capturing the I/O description, consider including the following information, as appropriate:
Static/architectural relationship of the software units.
- Identification and formats of input and output data.
- Purpose, source and destination, data type, data representation, size, units of measure, limit/range, accuracy, precision/resolution.
- Identification of safety-critical input and output data used in interfaces.
- I/O data rates.
Like the CSCI architectural design, the static/architectural relationship of software units is typically captured in one or more diagrams. Consider the following when capturing this information:
Concept of execution, including data flow, control flow, and timing.
- A subsystem/component context diagram.
- A system design diagram (such as a top-level data flow diagram or UML diagram).
- Design diagrams for the task and descriptions of major modules.
- Identification of non-safety-critical units that can interact with safety-critical ones.
- Documentation of the positions and functions of safety-critical components in the design hierarchy.
- Relationship of this software to other software components in the system.
The concept of execution may be captured in "diagrams and descriptions showing the dynamic relationship of the software units, that is, how they will interact during CSCI operation." Consider including the following information when capturing the concept of execution:
Requirements, design, and code traceability.
- Interrupts and/or exception handling, including event, failure detection and correction (FDC), and error messages.
- End-to-end data flow description and/or diagrams.
- "Execution control, interrupt characteristics, initialization, synchronization, and control of the components...include finite state machines."
- Timing and sequencing diagrams.
- States and modes of software operation, including the software units that execute in each state and mode, as well as the execution control and data flow between components in the different states and modes.
- Control and signal flow, interrupt priorities and interrupt handling, error detection and handling.
- "Dynamically controlled sequencing, state transition diagrams..., priorities among units..., concurrent execution, dynamic allocation and de-allocation, dynamic creation and deletion of objects, processes, tasks, and other aspects of dynamic behavior."
- Thread interactions.
Traceability is another type of information that is important for development and maintenance of the software because it allows development personnel to identify affected software products when a change or update is made. Consider the following when capturing the traceability information for the design. (See also the traceability guidance in this Handbook for SWE-059 and SWE-064.)
- "Requirements trace or flow-down of system-level requirements to the subsystem, with any safety-critical requirements highlighted."
- Trace of each safety-critical component back to original safety requirements and how the requirement is implemented.
- Traceability between the architectural design and software components.
f. CSCI's planned utilization of computer hardware resources.
Consider the following when capturing the planned utilization of computer hardware resources for each CSCI:
- Resource limitations, the strategy for managing each resource and its limitations, the margins, and the method for measuring those margins, for example, timing, fault messages, memory.
- "Utilization constraints (e.g., CPU, memory); how the software will adapt to changing margin constraints; performance estimates."
- "Estimates of computer hardware resources usage ... to ensure that the design is within the total hardware resource capacity."
- Storage and memory resource allocations across the software architecture.
- Memory, bus, throughput estimates, and margins.
- Planned CSCI usage of processor capacity, I/O device capacity, auxiliary storage capacity, communication or network capacity.
- “The CSCI requirements or system-level resource allocations being satisfied.
- The assumptions and conditions on which the utilization data are based (for example, typical usage, worst-case usage, assumption of certain events).
- Any special considerations affecting the utilization (such as use of virtual memory, overlays, or multiprocessors or the impacts of operating system overhead, library software, or other implementation overhead).
- The units of measure used (such as percentage of processor capacity, cycles per second, bytes of memory, kilobytes per second).
- The level(s) at which the estimates or measures will be made (such as software unit, CSCI, or executable program).”
g. Whether components are new or previously developed, and, if previously developed, reference to the baseline from which they were taken. This should include a detailed description of the operating system, device drivers and board support package software.
2. Rationale for software item design decisions/trade decisions, including assumptions, limitations, safety and reliability-related items/concerns or constraints in design documentation.
It is important to document the reasons for design decisions for the implementation phase, as well as future software maintenance activities. Design decisions need to be traceable to relevant trade studies and the associated reasoning behind those decisions. Consider the following when capturing the rationale for design decisions:
- Alternatives that were part of the design process but that were excluded, along with the reasons for those exclusions, e.g., did not meet requirements, low probability of success, and exceeded cost and/or schedule constraints.
- Assumptions made during discussions of design options.
- Limitations of various design options that affected the design choice, e.g., technical, cost, schedule limitations.
- Safety and reliability considerations in the design elements and interfaces for each software subsystem, task, or component.
- Design constraints, e.g., feasibility, coupling, extensibility, maintainability.
- Design drivers, e.g., performance, reliability, usability, hardware considerations, established for the project that affected the software design.
- "Design alternatives, including reuse of heritage software and/or COTS tradeoffs."
- Performance parameters that were part of the rationale, e.g., reliability, safety, affordability, schedule, risk.
- "Selection criteria (e.g., adherence to design standards, verifiability, ease of construction, reuse, use of COTS, safety)."
- "Assumptions about the environment including operating system, user interface, component, data management, data interchange, graphics, and network services, especially assumptions on which safety functions and computer security needs may be based."
- "Assumptions and conditions on which the utilization data are based (e.g., typical usage, worst-case usage, and assumption of certain events)."
- Architectural element responsibilities (constraints on inputs and guarantees on outputs) and constraints on how the elements interact (such as message and data sharing protocols).
3. Interface design
Consider the following when capturing the interface characteristics of the software units which can be described as “interfaces among the software units and their interfaces with external entities such as systems, configuration items, and users.“ (See also the guidance in this topic for the interface design description document.) If all or part of this information is captured in one or more interface documents, those documents may be referenced here.
- Internal interfaces between all components.
- Operator interfaces.
- Device interfaces.
- Allocation of the software's external interface requirements to components.
- "Identify the safety-critical ... interfaces throughout the design. Identify non-critical units that can interact with safety-critical ones."
- "Design of each interface in terms of:
- Information description;
- Initiation criteria;
- Expected response;
- Protocol and conventions;
- Error identification, handling and recovery;
- Implementation constraints;
- Requirements relative to safety and computer security."
- Interface type and purpose.
- Interface description, including data transmitted, messages transmitted, priority of interfaces, and messages transmitted across them.
- All direct hardware interfaces like the flight computer interface or application program interface or operation system interface.
CSCI detailed design
The detailed design describes “each software unit of the CSCI. ... If design information falls into more than one paragraph, it may be presented once [in the design document] and referenced from the other paragraphs.” When capturing the detailed design, consider the following:
- Software unit identification and descriptions.
- Unit design decisions, such as algorithms used.
- Constraints, limitations, or unusual features in the design of the software unit.
- Programming language to be used and rationale.
- Procedural commands (such as menu selections in a database management system (DBMS) for defining forms and reports, on-line DBMS queries for database access and manipulation, input to a graphical user interface (GUI) builder for automated code generation, commands to the operating system, or shell scripts), and reference to user manuals or other documents that explain them.
- Description of inputs, outputs, and other data elements and data element assemblies, as applicable. Data local to the software unit shall be described separately from data input to or output from the software unit.
- Logic to be used by the software unit, including, as applicable:
- Conditions in effect within the software unit when its execution is initiated
- Conditions under which control is passed to other software units
- Response and response time to each input, including data conversion, renaming, and data transfer operations
- Sequence of operations and dynamically controlled sequencing during the software unit's operation, including:
- The method for sequence control.
- The logic and input conditions of that method, such as timing variations, priority assignments.
- Data transfer in and out of memory.
- The sensing of discrete input signals and timing relationships between interrupt operations within the software unit.
- Exception and error handling.
- Bidirectional requirements traceability between the software units and requirements allocated to them.
Other candidate information for the software design description includes:
- Scope, including system identification, system overview, document overview, and referenced documents.
- Software operational metrics.
- Design methods and details for their implementation, for example, software updates, user-modifiable software or software parameters, redundancy management approach for the software design or multiple-version dissimilar software.
- If the software contains deactivated code or test code, a description of the means to ensure that the code cannot be enabled in the target computer.
- Security design features.
- Safety considerations addressed in the design, show traceable to all software hazards and software hazard migration steps.
The Software Architecture Review Board, a software engineering sub-community of practice accessible on the NASA Engineering Network, is a good resource of software design information, including sample documents, reference documents, and expert contacts.
Additional guidance related to software design may be found in Topic 7.7 - Software Architecture Description and the following requirements in this Handbook: