Lecture overview:

• Total time: ~55 minutes (tight pacing)
• Prerequisites: Students understand information hiding (L6), changeability (L7-L8), requirements analysis (L9)
• Connects to: L9 requirements analysis, L6 information hiding, upcoming architecture lectures

Structure:

• Introduction: Why domain modeling matters (~5 min)
• Formulating a domain model (~15 min)
• Validating with stakeholders (~5 min)
• Translating to OO design (~20 min)
• Representational gap (~10 min)

Key theme: Domain modeling bridges human understanding and code implementation. It's information hiding at the conceptual level.

→ Transition: Let's start with the learning objectives...

CS 3100: Program Design and Implementation II

Lecture 12: Domain Modeling

©2026 Jonathan Bell & Ellen Spertus, CC-BY-SA

Context from previous lectures:

• L6: Information hiding—modules should expose what they do, not how
• L9: Requirements analysis—understanding problems deeply before designing solutions
• Today: We apply information hiding at the conceptual level

Key message: A well-designed domain model hides implementation-level thinking (maps, counters, byte arrays) behind domain-level abstractions (Submissions, Students, GradingSessions).

→ Transition: Here's what you'll be able to do after today...

Learning Objectives

After this lecture, you will be able to:

1. Formulate a domain model given a set of requirements
2. Validate domain models with stakeholders through scenario walkthroughs
3. Translate a domain model into an object-oriented design using responsibility assignment heuristics
4. Evaluate the representational gap between a domain model and an OO design

Time allocation:

• Objective 1: Formulating domain models (~15 min)
• Objective 2: Validation techniques (~5 min)
• Objective 3: Responsibility assignment—Information Expert, Creator, Controller (~20 min)
• Objective 4: Representational gap and strategies (~10 min)

Plus ~5 min intro connecting to prior material.

Why this matters: Domain modeling is how we ensure code stays understandable and maintainable as requirements evolve.

→ Transition: Let's start by connecting to what we've learned...

Poll: Which code is easier to understand, and why?

Option A:

public double process(String id, double amt, String type) {
    double curr = balances.getOrDefault(id, 0.0);
    double fee = type.equals("PREMIUM") ? 0.0 : amt * 0.02;
    double result = curr - amt - fee;
    if (result < 0) throw new RuntimeException("insufficient");
    balances.put(id, result);
    return result;
}

Option B:

public Balance withdraw(Account account, Money amount) {
    Money fee = account.membership().calculateFee(amount);
    Balance newBalance = account.balance().subtract(amount).subtract(fee);
    if (newBalance.isNegative()) throw new InsufficientFundsException(account);
    account.updateBalance(newBalance);
    return newBalance;
}

• Goal: Students see benefit of proper domain modeling.
• Method: Ask them to compare two versions of code.
• Their answer should include their preferred version and why they prefer it.

Transition: The lower code features good domain modeling.

Requirements Are the Input—Domain Modeling Is the Output

In Lecture 9, we learned to gather and analyze requirements:

• Stakeholder interviews and observation
• Functional vs. non-functional requirements
• User stories and acceptance criteria

But requirements are just the input. Today we learn what to do with them.

Domain modeling transforms messy real-world requirements into a structured understanding that guides our code.

Bridging the gap from L9:

• L9 was about gathering requirements—listening, asking, documenting
• L12 is about structuring that understanding into a model
• The model becomes the bridge between stakeholders and code

Acknowledge the break:

• "We've had a review and quiz since L9, so let's reconnect"
• L9 gave us raw material (requirements)
• Today we shape that material into something we can implement

The journey so far:

• L6: Information hiding (hide how, expose what)
• L7-L8: Design for change (coupling, cohesion, SOLID)
• L9: Requirements (understanding the problem)
• L12: Domain modeling (structuring that understanding)

→ Transition: How does this connect to information hiding?

Understandability Is the Ultimate Goal of Good Design

Throughout this course, we've emphasized changeability, readability, and maintainability. But these all serve a more fundamental goal:

Understandability

Code that humans can understand is code that humans can successfully work with, modify, and trust.

But understandability is subjective—it depends on context. One common approach: model the problem domain in the code.

The insight:

• Changeability, readability, maintainability are means to an end
• The end is understandability
• Understandable code can be trusted, modified, evolved

The strategy:

• If code mirrors the problem domain...
• ...then understanding the domain means understanding the code
• Domain experts become code reviewers

→ Transition: Let's see a concrete example...

Real Scenarios Reveal Why Domain Modeling Matters

A student submits their assignment. A grader starts reviewing it. But then the student realizes they forgot something and resubmits.

How should our system handle this?

Let's look at two implementations...

Set up the scenario:

• This is a real problem Pawtograder has to solve
• Involves coordination between submission, grading, and revision
• Multiple stakeholders affected: student, grader, instructor

Ask students: What should happen to the grader's work?

→ Transition: Here are two approaches...

Technical-Focused Design Hides Meaning in Implementation Details

public class SubmissionManager {
    private Map<String, List<byte[]>> fileStorage = new HashMap<>();
    private Map<String, Integer> versionCounters = new HashMap<>();
    private Map<String, Map<String, Object>> gradeData = new HashMap<>();

    public String submitFiles(String userId, String assignmentId, List<byte[]> files) {
        String key = userId + "_" + assignmentId;

        Map<String, Object> existingGrade = gradeData.get(key);
        if (existingGrade != null && existingGrade.get("status").equals("IN_PROGRESS")) {
            int version = versionCounters.getOrDefault(key, 0) + 1;
            versionCounters.put(key, version);
            fileStorage.put(key + "_v" + version, files);

            Map<String, Object> newGradeData = new HashMap<>(existingGrade);
            newGradeData.put("status", "NEEDS_REGRADING");
            gradeData.put(key + "_v" + version, newGradeData);
            return key + "_v" + version;
        }
        fileStorage.put(key, files);
        return key;
    }
}

Walk through the code:

• Maps everywhere: fileStorage, versionCounters, gradeData
• String concatenation for keys
• Status stored as string in nested Map
• What's "v2"? What's "NEEDS_REGRADING"?

Questions to ask:

• What does this code do? Can you tell at a glance?
• What happens to the grader's work?
• Is "NEEDS_REGRADING" documented anywhere?

→ Transition: Now let's see a domain-aligned approach...

Domain-Aligned Design Makes Code Read Like the Business Process

public class Submission {
    private final Student student;
    private final Assignment assignment;
    private final List<SourceFile> files;
    private GradingSession activeGradingSession;

    public Submission createRevision(List<SourceFile> newFiles) {
        Submission revision = new Submission(student, assignment, newFiles);

        if (hasActiveGrading()) {
            GradingDraft draft = activeGradingSession.convertToDraft();
            revision.attachDraftGrading(draft);

            activeGradingSession.getGrader().notify(
                new RevisionSubmittedEvent(this, revision)
            );
        }
        return revision;
    }

    public boolean hasActiveGrading() {
        return activeGradingSession != null && !activeGradingSession.isComplete();
    }
}

Walk through the code:

• Classes named after domain concepts: Submission, Student, Assignment
• Methods use domain language: createRevision, hasActiveGrading
• Behavior is explicit: converting to draft, notifying grader
• The code reads like a description of the business process

Contrast with Approach A:

• No mysterious keys or version counters
• The grader's work is explicitly preserved as a draft
• Notification happens—we can see it in the code

→ Transition: Which is more understandable?

Domain-Aligned Code Is Easier to Navigate, Predict, and Change

Approach A Problems:

• What does "v2" mean?
• Why concatenate strings for keys?
• What happens to grader's work?
• What triggers "NEEDS_REGRADING"?

Approach B Clarity:

• Submission has a GradingSession
• GradingSession → GradingDraft
• Grader is notified explicitly
• Code reads like business process

Business logic: the rules, workflows, and decisions that define how a domain actually operates—independent of how we store or display data.

When code uses the same concepts, relationships, and vocabulary as the problem domain, it becomes easier to:

• Navigate from requirement to implementation
• Predict where functionality lives
• Understand the impact of changes
• Communicate with non-technical stakeholders

Defining "business logic":

• This is likely a new term for students—pause to make sure they absorb it
• Business logic = the rules specific to THIS domain (grading, not storage)
• Contrast: "save to file" is NOT business logic; "grader can't review their own work" IS

The benefits:

• Navigate: "Where's the regrade logic?" → look in RegradeRequest
• Predict: "How do we handle deadlines?" → probably in Assignment or Submission
• Understand: Changes to grading affect GradingSession, not random Maps
• Communicate: Product managers can review domain classes

Connection to L6-L8 (Changeability):

• "Understand the impact of changes" is the key benefit
• Domain-aligned code makes change impact predictable
• "Change regrade rules" → look in RegradeRequest
• "Change how we store submissions" → look in storage layer, NOT Submission class
• Technical-focused code: changes ripple unpredictably through Maps and counters

→ Transition: But achieving this alignment is difficult...

Code Is For Humans First

"Programs must be written for people to read, and only incidentally for machines to execute."
— Harold Abelson & Gerald Sussman, Structure and Interpretation of Computer Programs, 1984

The SICP philosophy:

• This quote opens one of the most influential CS textbooks ever written
• The wizard imagery from SICP treats programming as a form of "magic" - but magic that must be understood
• A spell that only the machine understands is useless to the next wizard who maintains it

Connection to domain modeling:

• Domain modeling is how we make the "spell" readable
• The domain concepts (Student, Submission, GradingSession) are the words humans understand
• The machine doesn't care what we call things - but our fellow programmers do

Transition: But here's the challenge - different people use the same words differently...

Stakeholders Use the Same Words to Mean Different Things

A "submission" means different things to different stakeholders:

Stakeholder	"Submission" means...
Student	"My attempt at the assignment"
Grader	"Work I need to evaluate"
System	"An execution of grading script on student code"

Domain modeling forces us to be explicit about our understanding before making implementation decisions.

The problem:

• Real-world concepts are messy, full of exceptions
• Different stakeholders have different views
• Without explicit modeling, we embed implicit assumptions

Domain modeling as a tool:

• Forces explicit discussion of terminology
• Creates a shared vocabulary
• Becomes a map from requirements to code

→ Transition: Let's learn how to create domain models...

Formulating a Domain Model: A 4-Step Process

Creating a domain model is iterative discovery and refinement:

1. Extract candidate concepts from requirements
2. Filter and consolidate—remove synonyms, distinguish attributes from concepts
3. Discover hidden concepts implied but not named
4. Build the initial model with relationships

The process:

• Not linear—expect to iterate
• Step 3 (hidden concepts) is often the most valuable—that's where Strategy patterns hide

For lecturers familiar with OOD but not domain modeling:

• Classic OOD starts with "find the nouns" → but that's only Step 1
• Steps 2-4 apply design principles to refine the raw extraction
• Think of it as: Extract → Apply SRP (filter) → Apply Strategy/OCP (hidden concepts) → Build

Connection to L9 (Requirements):

• L9 taught stakeholder analysis and elicitation
• Domain modeling is what you DO with those requirements
• L9 = gathering, L12 = structuring

Connection to L6-L8 (Design Principles):

• Every step uses principles: SRP for filtering, Strategy for hidden policies, Liskov for inheritance decisions
• This lecture shows domain modeling as applied SOLID

→ Transition: But first, what are we actually looking for?

Nouns Become Classes; Heavy Verbs Become Interfaces

Nouns → Classes or Fields

In requirements	Becomes
"students", "graders"	Classes (they have identity, behavior)
"email", "due date"	Fields (just data on something else)
"score"	Depends! Could be either.

Verbs → Methods... or Classes

In requirements	Becomes
"submit", "grade"	Methods (usually)
"request regrade"	A class! (it has lifecycle, data)
"ensure fair distribution"	Strategy object (remember L7?)

When a verb has a lifecycle, carries data, or varies in implementation → promote it to a class (or interface!).

For lecturers familiar with OOD but not domain modeling: This slide bridges classic OO thinking to domain modeling. Students know nouns→classes from intro courses, but the verb→class insight is new and powerful.

Connection to L5/L7 (Strategy Pattern):

• L5 introduced Strategy with Comparator—the comparison algorithm became an object
• L7 revisited Strategy for build systems—JavaBuildStrategy, PythonBuildStrategy
• Same pattern here: "ensure fair distribution" → AssignmentStrategy interface
• The requirement describes behavior that varies—classic Strategy territory

Connection to L8 (Open/Closed Principle):

• When a verb becomes a class/interface, we get Open/Closed for free
• New distribution policies = new strategy classes, not modified switch statements
• This is why L8 said "favor composition over inheritance"

Key insight for students:

• Nouns are obvious candidates (they learned this in CS 2500/2510)
• Verbs that "feel heavy" are the non-obvious candidates—this is the new skill

→ Transition:

• I'll say more about lifecycles later.
• First, let's see this in action with real requirements...

Example: Pawtograder Grading System Requirements

The university wants to modernize how graders provide feedback on programming assignments. Graders can provide inline comments on specific lines of code, rate code quality on various dimensions (correctness, style, design), and assign scores based on a rubric. Some graders ("meta-graders") have additional privileges—they can review other graders' work and handle regrade requests.

Students can request regrades if they believe their submission was scored incorrectly. The original grader handles the initial regrade request. If the student is still dissatisfied, they can escalate to a meta-grader. As a last resort, the instructor can review any grading decision.

The system needs to ensure fair distribution of grading work and prevent the same grader from repeatedly grading the same student (to avoid bias). Meta-graders should review a sampling of each grader's work to ensure consistency. All grading actions must be tracked for audit purposes.

Notice:

• Real requirements are dense with concepts
• Some concepts are explicit, some implied
• Business rules are embedded in prose
• Multiple stakeholders mentioned

We'll use this throughout the lecture.

→ Transition: Step 1: Extract candidate concepts...

Step 1: Extract Candidate Concepts

Read the requirements like a detective. Every noun could be a class:

The university wants to modernize how graders provide feedback on programming assignments. Graders can provide inline comments on specific lines of code, rate code quality on various dimensions (correctness, style, design), and assign scores based on a rubric. Some graders ("meta-graders") have additional privileges...

Students can request regrades if they believe their submission was scored incorrectly. The original grader handles the initial regrade request. If the student is still dissatisfied, they can escalate to a meta-grader...

Don't filter yet! "Lines of code" might become a class. "Dimensions" might not. We decide later.

Live demo possibility:

• Project the requirements on screen
• Highlight nouns as class suggests them
• Build the list collaboratively—students often spot things you miss

Connection to L4 (Specifications):

• Just as L4 taught us to read method specs carefully for preconditions/postconditions...
• Here we read requirements carefully for domain concepts
• Same skill: precise reading to extract meaning

Key points:

• Over-extract now, filter later (like brainstorming)
• Verbs matter too—they become methods, or sometimes classes (next slide)
• Some nouns will merge, some will disappear

→ Transition: Now we filter and consolidate...

Step 2: Filter and Consolidate

Now we sculpt. Not everything survives:

Merge synonyms — pick one name and stick with it:

programming assignments + assignments → Assignment ✓

Demote to attributes — not everything deserves to be a class:

lines of code → just an int lineNumber on InlineComment

Spot variation — where things get interesting:

Grader vs Meta-grader... inheritance? role attribute? We'll decide.

Ask the class: "Should meta-grader be a subclass or a role?"

Connection to L2 and L8 (Liskov Substitution):

• If MetaGrader extends Grader, can we substitute freely? (L2)
• Does a MetaGrader do everything a Grader does, plus more? Or differently?
• If "plus more" → inheritance works. If "differently" → maybe composition (L8)

Connection to L8 (Single Responsibility):

• Each class should have one reason to exist
• "lines of code" isn't a concept with its own responsibility—it's just data
• "RubricItem" might be—it has behavior (max points, descriptions, scoring logic)

The goal: Fewer, cleaner concepts that match stakeholder vocabulary (L4's "ubiquitous language" idea).

→ Transition: Step 3 is where the magic happens...

Step 3: Discover Hidden Concepts

The requirements never mention these. But read between the lines:

📝 "ensure fair distribution of grading work"
→ Who distributes? A GradingAssignment or WorkloadManager

📝 "prevent same grader from repeatedly grading same student"
→ Someone tracks history. A GradingHistory or constraint object.

📝 "tracked for audit purposes"
→ An AuditLog or GradingEvent we never discussed.

⚠ Hidden concepts often become the most architecturally critical classes. Miss them, and logic scatters everywhere.

This is the detective work:

• Requirements describe what should happen
• Hidden concepts are how it gets enforced

Connection to L7 (Strategy Pattern):

• "Ensure fair distribution" is a policy—and policies often vary!
• Round-robin? Workload-balanced? Random? That's a Strategy interface (L7)
• The hidden concept isn't just "WorkloadManager"—it's AssignmentStrategy

Connection to L6 (Information Hiding):

• Hidden concepts often enforce invariants
• "Prevent same grader repeatedly grading same student" → who enforces this?
• That enforcer is a hidden concept with a clear responsibility

Ask the class: "What would I need to build to make this rule actually work?"

→ Transition: Now we assemble what we've found...

Step 4: Assemble the Model

From filtered concepts and hidden discoveries, our first sketch emerges:

Walk through the model:

• Core entities: Grader, Assignment, Submission, GradingSession
• MetaGrader extends Grader (we chose inheritance—revisit L2's Liskov test: can we substitute?)
• Relationships show who does what to whom

Connection to L2 (Inheritance) and L8 (Liskov):

• We drew MetaGrader extending Grader—is this valid?
• L2/L8 test: Can a MetaGrader be used anywhere a Grader is expected?
• If MetaGrader has additional capabilities (can review others), inheritance works
• If MetaGrader behaves differently in core grading, maybe composition is better

Connection to L8 (Interface Segregation):

• Notice we didn't create one giant Person class with all behaviors
• Student, Grader, Instructor are separate—each has focused responsibilities
• This is ISP: clients depend only on interfaces they use

Note: This is simplified—full model would include RubricItem, InlineComment, connections between the top and bottom graphs, etc.

→ Transition: A few key modeling techniques to keep in mind...

Actions With Lifecycles Deserve Their Own Classes

When an action carries weight, it deserves to be a class:

// Starting point: "regrade" as a method
class Grader {
    void regradeSubmission(Submission s) { }
}

// Leveled up: "RegradeRequest" captures the full lifecycle
class RegradeRequest {
    Student requester;
    GradingSession originalSession;
    String reason;
    RegradeStatus status;
    List<RegradeResponse> responses;  // Can have multiple as it escalates
}

Promote when: the action has a lifecycle, carries data, or needs to be referenced later.

Signs a verb should become a class:

• It has states (created → in progress → resolved)
• Multiple parties interact with it
• You need to refer to "that regrade" later
• It carries its own data (reason, responses)

Connection to L7/L8 (Strategy and Open/Closed):

• This is exactly what Strategy pattern does—the algorithm becomes an object
• Remember L7: "ensure fair distribution" → AssignmentStrategy interface
• L8's Open/Closed: new regrade policies = new classes, not modified switch statements

Connection to L8 (Single Responsibility):

• Once promoted, RegradeRequest has ONE job: manage a regrade's lifecycle
• The Grader class is relieved of that responsibility
• Each class does one thing well

Classic examples: "submit" → Submission, "grade" → GradingSession

→ Transition: Another useful technique...

Lifecycles

An object has a lifecycle if it moves through different states over time, affecting which actions are possible and how they behave.

RegradeRequest example

• Submitted → student has requested a regrade
• UnderReview → grader, meta-grader, or instructor is looking at it
• Resolved → grader made a decision
• Escalated → student appeals decision to next level
• Closed → either
  • highest authority has performed review
  • student did not object to resolution in allowed time

Not Everything Deserves to Be a Class

Not everything deserves to be a class. Find the right level:

// Too fine-grained:
class LineNumber { private int value; }
class CommentText { private String value; }

// Right level: primitives for simple values, classes for real concepts
class InlineComment {
    int lineNumber;      // Just an int
    String comment;      // Just a String
    SourceFile file;     // This IS a concept worth modeling
}

Make it a class when: it has behavior, invariants to protect, or domain experts talk about it as a distinct thing.

Connection to L7 (Cohesion):

• L7 warned against "coincidental cohesion"—things grouped for no good reason
• LineNumber class has no cohesion—it's just an int pretending to be important
• InlineComment has functional cohesion—all its parts work together for one purpose

Connection to L6 (Information Hiding):

• L6: classes exist to protect invariants
• LineNumber has no invariant worth protecting (any int is valid)
• EmailAddress DOES—must contain @, valid format → worth a class
• The L6 PhoneNumber example: class exists because digits must be 0-9

Connection to L8 (Single Responsibility):

• Over-modeling creates classes with no responsibility
• Under-modeling overloads classes with too many responsibilities
• Right granularity = each class has exactly one reason to exist

The balance: Simple enough to understand, rich enough to express the domain.

→ Transition: Now let's validate our model with stakeholders...

Validate Early: Misunderstandings Are Cheaper to Fix Before Code

A domain model is a communication tool. Before writing code, validate your understanding with stakeholders.

Validation exposes critical misunderstandings early, when they're cheap to fix.

Key validation techniques:

• Scenario walkthroughs
• Terminology review
• Multiplicity verification
• Missing concepts discovery

Why validate:

• Models are hypotheses about the domain
• Stakeholders are domain experts
• Early feedback prevents expensive rework

When to validate:

• Before significant implementation
• When adding major features
• When stakeholders change

→ Transition: Let's see each technique...

Walk Through Scenarios to Expose Hidden Assumptions

Take specific scenarios and trace them through the model:

"A student is unhappy with their grade and requests a regrade. According to our model, they create a RegradeRequest linked to their GradingSession. The original Grader creates a RegradeResponse. If the student is still unsatisfied, what happens?"

This might expose issues like:

• "Students can't escalate directly to instructors—it must go through meta-graders first"
• "We need a cooling-off period—students can't request a regrade within 24 hours"
• "Meta-graders can't handle regrades for submissions they already reviewed"

The technique:

• Pick a concrete scenario (ideally a tricky edge case)
• Walk through it step by step using model terminology
• Ask stakeholders: "Is this right? What did I miss?"

Benefits:

• Exposes implicit assumptions
• Reveals missing states and transitions
• Creates shared understanding

→ Transition: Another validation technique...

Use the Language Stakeholders Already Use

Ensure you're using the right words:

You: "We're calling them 'meta-graders'. Is that the right term?"

Professor: "Actually, we call them 'head TAs' and regular graders are just 'TAs'."

This reveals we should align our model with existing terminology.

Using unfamiliar terms creates a translation burden. Use the language stakeholders already use.

Why terminology matters:

• Wrong terms create confusion in meetings
• Stakeholders won't recognize their domain
• Translation burden increases cognitive load

The ubiquitous language (DDD concept):

• Same terms in code, docs, and conversations
• No translation layer
• Everyone speaks the same language

→ Transition: What validation often reveals...

Validation Uncovers Business Rules You Never Knew Existed

Category	Example discovery
Hidden business rules	"Regrades can only adjust scores up to 10% without instructor approval"
Temporal constraints	"Grading must be completed within one week of submission deadline"
Hidden actors	"The department administrator can override grading assignments"
Complex states	"A regrade isn't just 'pending' or 'resolved'—it can be 'awaiting-response', 'under-review', 'escalated', 'requires-meeting'"
Cross-cutting concerns	"We need to track TIME spent on grading for workload credits"

The model after validation often looks quite different from the initial attempt—but it much better represents the actual problem.

Why this matters:

• These discoveries would otherwise become bugs
• Or emergency feature requests
• Or architectural refactors

The investment:

• A few hours of validation saves weeks of rework
• Stakeholders appreciate being consulted
• Builds trust in the development process

→ Transition: Now let's translate our model to code...

Responsibility Assignment Determines Code Structure

Now we translate our validated domain model into working code.

The critical question: Which classes own which behaviors?

We'll use three key heuristics:

1. Information Expert — Who has the data needed?
2. Creator — Who should create new objects?
3. Controller — Who coordinates complex operations?

The challenge:

• Domain model shows concepts and relationships
• OO design assigns behavior to classes
• Wrong assignments lead to tangled code

Why heuristics:

• No single "right" answer
• Heuristics guide toward good designs
• Experience refines judgment

→ Transition: Let's start with Information Expert...

Assign Behavior to the Class That Has the Data

Assign responsibility to the class that has the information needed to fulfill it.

Example: Who should determine if a regrade can be escalated?

❌ Ignoring the heuristic:

// Service must extract all data from request
class RegradeService {
  boolean canEscalate(RegradeRequest req) {
    List<RegradeResponse> responses =
        req.getResponses();       // extract
    RegradeStatus status =
        req.getStatus();          // extract
    if (responses.isEmpty()) return false;
    if (status == RESOLVED) return false;
    // ... more extraction and logic
  }
}

Service becomes a "logic hog" that pulls data from passive objects.

✓ Following the heuristic:

// RegradeRequest knows its own history
class RegradeRequest {
  private List<RegradeResponse> responses;
  private RegradeStatus status;

  boolean canEscalate() {
    if (responses.isEmpty()) return false;
    if (status == RESOLVED) return false;
    // Data is RIGHT HERE—no extraction
    return coolingOffPeriodPassed();
  }
}

Data and behavior stay together. Self-contained.

The contrast:

• Left: Service becomes a "god class" that knows everyone's business
• Right: Each class is expert on its own state

Connection to L7 (Cohesion):

• Left side has low cohesion—service does unrelated things
• Right side has functional cohesion—RegradeRequest manages its own lifecycle

Why this enables changeability:

• Escalation rules WILL change (24h → 48h, add new conditions, etc.)
• Left: hunt through service code that extracts data from multiple objects
• Right: change ONE method in ONE class
• The data needed for the decision is already there—no ripple effects

→ Transition: Let's see another example...

The Class That Knows Its Constraints Should Enforce Them

Who should check if a grader can review a regrade?

❌ Logic scattered in service:

class RegradeService {
  boolean canGraderReview(Grader g, RegradeRequest r) {
    // Pull data from grader
    GraderType type = g.getType();
    int activeCount = g.getActiveGradingCount();
    int max = g.getMaxConcurrentGradings();

    // Pull data from request
    Grader original = r.getOriginalSession()
                        .getGrader();

    // Service implements the logic
    if (original.equals(g)) return false;
    if (activeCount >= max) return false;
    return true;
  }
}

Service knows too much about Grader's internals.

✓ Grader is the expert on itself:

class Grader {
  private GraderType type;
  private int activeGradingCount;

  boolean canReviewRegrade(RegradeRequest req) {
    // Can't review own work
    if (req.getOriginalSession()
           .getGrader().equals(this)) {
      return false;
    }
    // Check MY workload (I know it!)
    if (activeGradingCount >= getMax()) {
      return false;
    }
    return true;
  }
}

Grader knows its own constraints. Easy to test.

The contrast:

• Left: Service has to know Grader's fields, how max is calculated, etc.
• Right: Grader encapsulates its own rules

Connection to L6-L8 (Changeability via Hyrum's Law):

• Left: Service depends on Grader's internal structure—if fields change, service breaks
• Right: Grader can change its internals freely—only canReviewRegrade() matters
• Example: "max concurrent gradings" changes from 5 to dynamic based on experience level
  • Left: hunt through all services that extract maxConcurrent
  • Right: change getMax() in Grader only

Why this matters for testing:

• Left: To test this, you need a service AND mock graders
• Right: To test this, you just create a Grader and call the method

→ Transition: Now let's look at Creator...

Containers Should Create What They Contain

Assign class B the responsibility to create instances of class A if B aggregates, contains, or has the initializing data for A.

Example: Who should create InlineComment objects?

❌ Ignoring the heuristic:

// External service creates comments
class CommentService {
  InlineComment createComment(
      GradingSession session,
      SourceFile file, int line, String text) {
    InlineComment c = new InlineComment(
        session, file, line, text, now());
    session.getComments().add(c);  // Reaches in!
    return c;
  }
}

Service reaches into GradingSession's internals. Session loses control of its own state.

✓ Following the heuristic:

// Container creates what it contains
class GradingSession {
  private List<InlineComment> comments = ...;

  InlineComment addComment(
      SourceFile file, int line, String text) {
    if (!isActive()) throw new ...;
    InlineComment c = new InlineComment(
        this, file, line, text, now());
    comments.add(c);
    return c;
  }
}

GradingSession controls its own contents. Can enforce invariants (must be active).

The contrast:

• Left: Service bypasses GradingSession, reaches into its list directly
• Right: GradingSession is gatekeeper for its own contents

Connection to L6 (Information Hiding):

• Left exposes the comments list (or needs a setter)
• Right hides the list—only GradingSession can modify it

Connection to L6-L8 (Changeability):

• Invariant "can only add comments to active sessions" is likely to evolve:
  • "Allow comments during grace period"
  • "Allow TAs to add late comments"
• Left: hunt for all places creating comments, add checks everywhere
• Right: change addComment() in ONE place

When to break this heuristic:

• Complex creation logic → Factory pattern
• Creation needs external resources (network, etc.) → Service

→ Transition: Sometimes services ARE the right creator...

Services Create When Coordination Is Required

For complex creation involving multiple entities, a service may be the creator:

public class RegradeService {
    private final NotificationService notificationService;
    private final AuditLog auditLog;

    public RegradeResponse handleRegradeRequest(
            Grader grader, RegradeRequest request,
            Decision decision, String explanation,
            List<RubricScore> adjustedScores) {

        if (!grader.canReviewRegrade(request)) {
            throw new UnauthorizedRegradeException();
        }

        // Service creates RegradeResponse with all necessary data
        RegradeResponse response = new RegradeResponse(
            grader, request, decision, explanation, adjustedScores
        );

        request.addResponse(response);
        auditLog.recordRegradeResponse(grader, request, response);
        notificationService.notifyStudent(request.getStudent(), response);
        return response;
    }
}

Why service creates here:

• Creation involves coordination (notification, audit)
• Multiple entities need to be updated
• Transaction boundary

The service:

• Has all the data needed
• Coordinates the operation
• But delegates business logic to domain objects (canReviewRegrade)

→ Transition: Now let's look at Controller...

Controllers Coordinate—They Don't Implement Business Logic

Assign responsibility for handling system events to a controller class that coordinates—not implements—the response.

❌ Fat controller (logic in controller):

void escalate(RegradeRequest request) {
  // Business logic IN the controller!
  if (request.getResponses().isEmpty()) {
    throw new BadRequestException("No responses");
  }
  if (request.getStatus() == RESOLVED) {
    throw new BadRequestException("Already resolved");
  }
  RegradeResponse last = request.getResponses().getLast();
  if (hoursBetween(last.getCreatedAt(), now()) < 24) {
    throw new BadRequestException("Wait 24h");
  }

  request.setStatus(ESCALATED);  // More logic...
}

✓ Thin controller (delegates to domain):

void escalate(RegradeRequest request) {
  if (!request.canEscalate()) {  // Domain decides!
    throw new EscalationNotAllowedException();
  }

  regradeService.escalateRequest(request);
}

Controller coordinates. Domain objects own business rules.

The contrast:

• Left: Controller is full of business logic, hard to test
• Right: Controller is thin—just wiring. Business logic is in canEscalate()

Connection to L7 (Coupling):

• Left: If escalation rules change, you modify the controller
• Right: If rules change, you modify RegradeRequest.canEscalate()—controller untouched

Why this matters:

• Fat controllers are hard to test (need HTTP mocking)
• Domain objects are easy to test (just Java)

→ Transition: Let's see how these heuristics work together...

Example: Escalating a Regrade Request

The flow:

1. Student clicks "Escalate" button in the GUI
2. RegradeController receives the event, authenticates the student
3. Controller calls RegradeService.escalateRequest(request)
4. Service asks RegradeRequest.canEscalate() — domain owns the rule
5. Service tells RegradeRequest.escalate() — domain changes its own state
6. Service calls NotificationService to notify the next reviewer
7. Controller updates the GUI with the result

Key point: Business logic (canEscalate, escalate) lives in the domain object. Service coordinates. Controller handles the UI boundary.

Each Class Has One Clear Job

// Information Expert: Domain objects know about themselves
public class RegradeRequest {
    public boolean canEscalate() { /* uses its own data */ }
    public void escalate() { /* uses its own data */ }
}

// Creator: Containers create their components
public class GradingSession {
    public InlineComment addComment(SourceFile f, int line, String text) {
        /* creates and contains comments */
    }
}

// Creator: Services create complex aggregates
public class RegradeService {
    public RegradeResponse handleRegradeRequest(...) {
        /* coordinates creation with notifications, audit */
    }
}

// Controller: Coordinates without business logic
public class RegradeController {
    public Response escalate(...) {
        /* authenticate, authorize, delegate, update GUI */
    }
}

The result:

• Each class has clear responsibilities
• Business logic stays in domain objects
• Services coordinate complex operations
• Controllers handle external interactions

Benefits:

• Code structure mirrors domain understanding
• Easy to navigate from requirement to code
• Easy to test each piece in isolation

→ Transition: But there's always a gap...

Poll: Where Should This Logic Live?

"Check if a student has exceeded their maximum regrade requests for the semester"

A. Student

B. RegradeRequest

C. RegradeService

D. RegradeController

E. A new RegradePolicy class

Discussion after poll:

• Student: might have a list of requests but shouldn't have to change if the policy changes
• RegradeRequest: knows one request, not all requests
• RegradeService: has access to repository, can count
• RegradeController: should not have business logic
• RegradePolicy: encapsulates the business rule

Best answer: RegradeService or RegradePolicy

• No single domain object has all the data needed
• RegradeService is pragmatic; RegradePolicy is more testable
• Either is better than putting it in the controller

→ Transition: Now let's discuss the representational gap...

Some Gap Between Domain and Implementation Is Inevitable

The representational gap:

• Domain model = how we understand the problem
• Implementation = how we solve it in code
• Gap = difference between the two

Some gap is inevitable:

• Technical requirements (storage, network)
• Performance optimizations
• Framework constraints

Connection to L6-L8 (Changeability):

• The gap exists because technical details WILL change
• Storage format, network protocol, caching strategy—all change
• Goal: keep domain code stable when technical code changes
• Smaller, well-contained gap = easier to change technical infrastructure

→ Transition: Let's see where gaps come from...

Technical Infrastructure Creates the Gap

Our implementation requires technical code absent from the domain model:

Saving and Loading Data

// Domain model has no concept of:
class RegradeStorage {
    void save(RegradeRequest request) {
        // Write to file? Send to server?
        // Domain doesn't care!
    }
    RegradeRequest load(String id) {
        // Read from somewhere...
    }
}

Map<String, Object> toJson(RegradeRequest r) {
    // Convert domain object to JSON
    // for sending over the network
}

Performance Optimization

// Domain: "Grader has graded many students"
// Simple but slow:
class Grader {
    Set<Student> gradedStudents; // Thousands!
}

// Actual implementation:
class Grader {
    // Only keep recent ones in memory
    Set<String> recentStudentIds;

    boolean hasGradedStudent(String studentId) {
        if (recentStudentIds.contains(studentId))
            return true;
        return loadFromStorage(studentId);
    }
}

Infrastructure gap:

• Saving/loading objects (files, network, etc.)
• Converting to JSON for web responses
• Handling errors and retries

Performance gap:

• Can't load everything into memory
• Need caching, external storage
• Trade-off between simple code and fast code

Connection to L6-L8 (Changeability):

• These technical concerns are likely to change:
  • Storage: files → database → cloud
  • Format: JSON → Protocol Buffers → new format
  • Performance: add caching, change strategy
• Goal: isolate technical code so domain code doesn't change when infra changes

Both are necessary but should be isolated from domain.

→ Transition: How do we minimize this gap?

Rich Domain Models Keep Business Logic Close to Data

Put behavior in domain classes, not just data:

Anemic Model (larger gap)

public class RegradeRequest {
    private List<RegradeResponse> responses;
    private RegradeStatus status;

    // Just getters and setters
    public List<RegradeResponse> getResponses() {
        return responses;
    }
    public void setStatus(RegradeStatus s) {
        this.status = s;
    }
}

// Business logic lives elsewhere
class RegradeService {
    boolean canEscalate(RegradeRequest r) {
        // Logic here, far from data
    }
}

Rich Model (smaller gap)

public class RegradeRequest {
    public boolean canEscalate() {
        // Business logic lives WITH the data
        return hasResponse() &&
               !isResolved() &&
               hasCoolingOffPeriodPassed();
    }

    public void escalate(Grader newReviewer) {
        if (!canEscalate()) {
            throw new EscalationNotAllowedException();
        }
        this.status = RegradeStatus.ESCALATED;
        this.currentReviewer = newReviewer;
    }
}

Anemic model problems:

• Business logic scattered across services
• To change escalation rules: hunt through multiple files
• "Where is this rule enforced?" → good luck finding it

Rich model enables change:

• Business rules live in ONE place
• To change escalation: modify canEscalate() only
• Business rules are the most common axis of change!

Connection to L6-L8 (Changeability):

• This is Information Expert applied for changeability
• "24-hour cooling off" becomes "48-hour" → one method changes
• New escalation condition? → one method changes
• Compare to anemic: rule scattered in 5 services...

→ Transition: Another strategy...

Hide Storage Details to Enable Future Change

When you need to save/load data, use method names that speak domain language:

❌ Technical language exposed:

class RegradeService {
    void handleEscalation(String id) {
        // Caller sees storage details
        String json = fileSystem.read(
            "regrades/" + id + ".json");
        RegradeRequest r = parseJson(json);
        // ...
    }
}

✓ Domain language only:

class RegradeService {
    void handleEscalation(String id) {
        // Storage is hidden
        RegradeRequest r =
            storage.findPendingRequest(id);
        // ...
    }
}

Domain vocabulary: findPendingRequest, not readJsonFile. Storage is a likely axis of change.

Connection to L6-L8 (Changeability):

• This is information hiding for changeability
• Storage technology is a common axis of change:
  • Start with JSON files → migrate to database
  • Local storage → cloud storage
  • Single server → distributed system

Why this enables change:

• Domain code never mentions JSON, files, or network
• To change storage: swap ONE class, not touch domain code
• Tests use in-memory storage (fast), production uses real storage

Real example:

• Early Pawtograder: stored submissions as files
• Later: migrated to cloud storage
• Domain code unchanged—only storage layer rewired

→ Transition: How do we measure the gap?

A Domain Expert Should Understand Your Core Classes

Ask these questions to evaluate your representational gap:

1. Can a domain expert read your core classes and understand them?
2. Do method names use domain vocabulary or technical jargon?
3. Is domain logic mixed with technical concerns (persistence, HTTP)?
4. How many layers between user story and implementation?
5. Could you explain the code structure by sketching the domain model?

Some gap is inevitable. The goal is not zero gap, but ensuring the gap exists only where necessary and is well-contained.

Practical test:

• Show domain classes to a stakeholder
• Can they recognize the concepts?
• Can they spot missing behavior?

Red flags:

• Service classes longer than domain classes
• Domain classes that are just data bags
• Business terms only in comments, not code

→ Transition: One more consideration...

Domain Models Are Expensive to Change—Choose Wisely

Domain models are expensive to change once code depends on them.

Every domain model embeds assumptions that may need revision:

• Whose vocabulary? A medical system modeling "patient compliance" may shift to "patient autonomy"
• Whose categories? A system with boolean isMale will need refactoring for broader gender representation
• Whose workflows? A recipe app designed around cookbooks may struggle with video integration

Domain concepts propagate through the codebase—into method names, class hierarchies, database schemas, API contracts.

The compounding cost:

• Changing "Submission" affects everywhere it's used
• Database migrations
• API versioning
• Client code updates

The question isn't "is our model right?"

• All models are simplifications
• Question: what future changes are we making easy or hard?

Pragmatic practice:

• Identify assumptions explicitly
• Ask "what would trigger a rewrite?"
• Design to make likely changes cheaper

→ Transition: A cautionary tale...

Small Assumptions Can Have Catastrophic Consequences

In December 2004, regional airline Comair experienced a catastrophic scheduling system failure caused by a 16-bit signed integer counter tracking crew assignments.

The counter reset annually with a maximum value of 32,767. Bad weather combined with airline expansion meant unusually high scheduling activity. The counter overflowed.

Result: Three consecutive days of complete flight cancellations (December 24-26). The airline never fully recovered.

The worst part? An updated version fixing the overflow was already available—Comair declined to migrate because the upgrade seemed "too expensive."

A seemingly trivial decision—"16 bits should be plenty"—became an existential threat.

The lesson for domain modeling:

• Small assumptions can have huge consequences
• What if this value grows 10x? 100x?
• What if unusual circumstances cluster?

Connection to our course:

• We'll revisit risk management in later lectures
• Today's point: domain models embed assumptions
• Make those assumptions explicit

→ Transition: Let's wrap up...

Domain Modeling Is Where All the Principles Come Together

Domain Modeling Step	Uses This Principle	From Lecture
Extract nouns → classes	Encapsulation, Abstraction	L1, L2
Filter with SRP	Single Responsibility	L8
Hidden concepts → Strategy	Strategy Pattern, Open/Closed	L5, L7, L8
Validate with stakeholders	Requirements Analysis	L9
Information Expert	Cohesion, Information Hiding	L6, L7
Creator heuristic	Encapsulation, Invariant Protection	L6
Rich domain model	Behavior with data, not anemic objects	L6, L7

Domain modeling isn't a new topic—it's where all the principles come together.

The big picture:

• L1-L2: Basic OO (encapsulation, inheritance, polymorphism)
• L5: Strategy pattern, lambdas
• L6: Information hiding, immutability
• L7: Coupling, cohesion
• L8: SOLID principles
• L9: Requirements gathering
• L12: Apply ALL of these to structure a real problem

This is the synthesis lecture.

→ Transition: Quick summary of what you should remember...

Key Takeaways

• Domain modeling transforms requirements (L9) into code structure
• Four-step process: Extract → Filter (SRP) → Discover hidden concepts (Strategy) → Build
• Validate early with stakeholders—cheaper than fixing later
• Responsibility heuristics apply Information Expert (L6) and cohesion (L7)
• Minimize the gap between domain understanding and implementation

Good OO design creates code that reflects human understanding of the problem—not just technical machinery.

Summary:

1. Domain modeling makes understanding explicit
2. The process applies principles you already know
3. Validation catches misunderstandings early
4. Heuristics are just cohesion/information hiding applied
5. Technical gap is real but manageable

→ Transition: Looking ahead...

Looking Ahead

Domain modeling connects to many upcoming topics:

Lecture	Connection
L19: Software Architecture	Domain models inform system boundaries
L20: Design Patterns	Patterns implement domain concepts
L35: Safety and Reliability	Domain assumptions become safety requirements

When we succeed, our code becomes a precise yet understandable expression of the solution to real-world problems.

Preview:

• Architecture: How domain concepts map to services
• Design patterns: Standard solutions to domain challenges
• Safety: What happens when domain assumptions fail

The big picture:

• Domain modeling is foundational
• Every design decision reflects domain understanding
• Good domain models make everything else easier

Questions?

Bonus Slide

Optional Practice Exercises

The following slides contain practice exercises for applying domain modeling concepts to a library hold system.

These exercises are not required during lecture time. They are provided for:

• Lab activities and discussion
• Homework practice
• Self-study and review

Important: These slides are NOT part of the main lecture flow.

Usage recommendations:

• Skip during lecture if time is tight
• Use in lab sessions for hands-on practice
• Assign as homework for students to work through
• Great for office hours discussions

Key difference from main example:

• Main lecture uses Regrade/Pawtograder (familiar to students)
• Library example provides different domain for practice
• Same principles, different context

→ Transition: Start with library requirements...

Practice Example: Library Hold System

The library wants to modernize how patrons request books that are currently checked out. Patrons can place holds on unavailable items, and when an item is returned, the next patron in the queue is notified. They have 7 days to pick up the item before the hold expires and the next patron is notified.

Some books have multiple copies; when any copy is returned, it fulfills the next hold. Patrons can cancel holds anytime and can have at most 10 active holds.

Exercise goal: Apply the 4-step domain modeling process to a different domain.

Students should:

1. Extract candidate concepts (nouns)
2. Filter and consolidate
3. Discover hidden concepts
4. Build initial model

→ Transition: Let's extract candidate concepts...

Exercise: Select Candidate Concepts

Choose nouns to be classes. They could be explicit or implicit.

The library wants to modernize how patrons request books that are currently checked out. Patrons can place holds on unavailable items, and when an item is returned, the next patron in the queue is notified. They have 7 days to pick up the item before the hold expires and the next patron is notified.

Some books have multiple copies; when any copy is returned, it fulfills the next hold. Patrons can cancel holds anytime and can have at most 10 active holds.

Have students do a word cloud poll or think-pair-share. Hide the results at first, then share and discuss the results.

Obvious nouns

• Patron
• Something to represent an individual book, such as BookCopy or Copy or Item
• Something to represent all copies of the same book, such as Book or Title
• Hold

Less obvious nouns

• HoldQueue
• Notification (possibly)

Hidden concept

• ExpirationTracker

→ Transition: Now we filter and consolidate...

Exercise: One Possible Domain Model

Discussion points:

• Why is Copy separate from Book?
• What about the queue? Is it explicit or implicit?
• Where does expiration tracking live?

→ Transition: Now apply responsibility assignment heuristics...

Exercise Poll: Who should create Copy objects?

A. Book

B. Copy

C. Hold

D. Patron

Heuristic: Assign responsibility to the class that has the information needed to fulfill it.

Answer: A (Book). Book contains Copies, so Book is the natural creator. The Creator heuristic says: assign creation to the class that contains or aggregates the new object.

Teaching points:

• Container creates what it contains
• Book has the initializing data (title, author)
• Book needs to track its copies anyway

→ Transition: Let's see the implementation...

Exercise: Creating Copy Objects

In Book (contains copies):

class Book {
  private List<Copy> copies;

  Copy addCopy(String barcode) {
    Copy copy = new Copy(barcode, this);
    copies.add(copy);
    return copy;
  }
}

In Copy (doesn't contain copies):

class Copy {
  private String barcode;
  private Book book;

  static Copy create(String barcode, Book book) {
    Copy copy = new Copy(barcode, book);
    book.getCopies().add(copy); // reaching in!
    return copy;
  }
}

Copy must reach into Book's internal list.
Book can manage its own collection.

Key point: Copy doesn't know about other copies—it has no list to add itself to. It must reach into Book to register itself, which exposes Book's internals and splits the responsibility for managing the collection.

Discussion:

• What if we need validation (barcode format)?
• Where does that logic belong?
• How does this connect to Information Expert?

→ Transition: Another exercise...

Exercise Poll: Who should check if a patron can place a hold?

A. Book

B. Copy

C. Hold

D. Patron

Heuristic: Assign responsibility to the class that has the information needed to fulfill it.

Answer: D (Patron). Patron has the data needed (their activeHolds list), so Patron is the Information Expert for questions about their own holds.

Teaching points:

• Information Expert: who has the data?
• Patron knows its own holds
• This makes testing easier (just test Patron)

→ Transition: Let's see the code...

Exercise: Checking if a Patron Can Place a Hold

In Patron (has the data):

class Patron {
  private List<Hold> activeHolds;

  boolean canPlaceHold(Book book) {
    if (activeHolds.size() >= 10) return false;
    for (Hold h : activeHolds) {
      if (h.getBook().equals(book)) return false;
    }
    return true;
  }
}

In Hold (doesn't have the data):

class Hold {
  private HoldStatus status;

  boolean canPatronPlaceHold(Patron p, Book b) {
    // I don't know about other holds!
    // Need to ask Patron for their list
    List<Hold> holds = p.getActiveHolds();
    if (holds.size() >= 10) return false;
    for (Hold h : holds) {
      if (h.getBook().equals(b)) return false;
    }
    return true;
  }
}

Hold must extract data from Patron to answer the question. Patron already has it.

Key point: The code is almost identical, but Hold has to reach into Patron to get the data. This is a sign the responsibility is in the wrong place. When you find yourself extracting data from another object to make a decision, ask: should that object make the decision instead?

Discussion questions:

• What if the "10 holds max" rule changes?
• Where would you make that change in each approach?
• Which design makes that change easier?

End of optional exercises