a review of software change impact analysis · 2018-10-17 · different software artifacts and to...

39
Steffen Lehnert A review of software change impact analysis Technische Universität Ilmenau Ilmenau, 2011 URN: urn:nbn:de:gbv:ilm1-2011200618

Upload: others

Post on 24-May-2020

5 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Steffen Lehnert

A review of software change impact analysis

Technische Universität Ilmenau Ilmenau, 2011 URN: urn:nbn:de:gbv:ilm1-2011200618

Page 2: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

A Review of Software Change Impact AnalysisSteffen Lehnert

Department of Software Systems / Process InformaticsIlmenau University of Technology

Ilmenau, [email protected]

Abstract—Change impact analysis is required for constantlyevolving systems to support the comprehension, implementa-tion, and evaluation of changes. A lot of research effort hasbeen spent on this subject over the last twenty years, and manyapproaches were published likewise. However, there has notbeen an extensive attempt made to summarize and reviewpublished approaches as a base for further research in thearea. Therefore, we present the results of a comprehensiveinvestigation of software change impact analysis, which isbased on a literature review and a taxonomy for impactanalysis. The contribution of this review is threefold. First,approaches proposed for impact analysis are explained re-garding their motivation and methodology. They are furtherclassified according to the criteria of the taxonomy to enablethe comparison and evaluation of approaches proposed in lit-erature. We perform an evaluation of our taxonomy regardingthe coverage of its classification criteria in studied literature,which is the second contribution. Last, we address and discussyet unsolved problems, research areas, and challenges ofimpact analysis, which were discovered by our review toillustrate possible directions for further research.

I. INTRODUCTION

Performing impact analysis is an important step whenchanging or maintaining software, especially in incrementalprocesses [1]. It allows to judge the amount of workrequired to implement a change [2], proposes softwareartifacts which should be changed [3], and helps to identifytest cases which should be re-executed to ensure that thechange was implemented correctly [4]. Impact analysis alsoenables developers and project leaders to ask ”what if...?”questions, and to simulate alternative scenarios withouthaving to implement them.

However, maintenance is considered to be the mostexpensive [5] and long-lasting phase in the lifecycle of mostsoftware systems, where more than 50% of all maintenancecosts arise from changing software [6]. Therefore, everydevelopment or analysis step which can be automated cansave a lot of time and money. On the other hand, partialimplemented changes present high risks. They are likelyto cause unintended side effects, introduce new bugs, andlead to more instability, rather than improving the software.Today’s evolutionary development and frequent changesdemand for changing software, and change has becomea daily routine for architects, programmers, and projectleaders

The challenges of impact analysis have been addressedfor many years and date back to the 1970s when main-

taining software and software evolution started to attractthe interest of researchers in software engineering. Bohnerand Arnold [2], [3], [7], [8] investigated the foundations ofimpact analysis, and provided the following definition ofthe term impact analysis, which has been adapted by mostresearchers:

”Identifying the potential consequences of achange, or estimating what needs to be modifiedto accomplish a change [2]”.

Today, there are several hundred studies which are con-cerned with impact analysis. Thus, we felt the need tostructure the field by establishing a taxonomy for impactanalysis in previous work [9], and to review publishedliterature, which is the aim of this paper.

A. Scope and Contribution of the Review

As in our previous work, we limit our focus on studiesdescribing automated and semi-automated impact analysisapproaches. Several experiments have shown that intuition,experience, and skill alone are not sufficient to capture allimpacts in complex software, which is why tool and methodsupport is required. Toth et al. [10] conducted an experi-ment to compare the results of manual impact analysis toresults achieved by several automated approaches, and theyconcluded by strengthening the need for solid tool support.Likewise, an earlier experiment of Lindvall [11] impliessimilar results, as the author has shown that developersare not able to determine the impacts of a change in areliable way. The results of his experiment illustrated thegap between what developers assume to be impacted andwhat is really impacted. Lindvall quantified this differenceas 60% in his experiment.

The focus of this review is not on organizational aspectsof impact analysis or the definition of concepts. However,we also reviewed such literature to structure the field ofimpact analysis, and to develop a classification scheme fortechnical approaches [9]. This study reviews the follow-ing kinds of literature. Articles published at conferencesand workshops, articles published in books and journals,technical reports, as well as master and PhD thesis whichhave been published between 1991 and 2011. We reviewedstudies which focus on developing or improving impactanalysis approaches, studies which describe experimentsto assess the effectiveness of impact analysis techniques,and studies which compare different techniques. We do not

Page 3: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

consider manual approaches such as reviews and audits, asexplained in our previous work [9].

The main contribution of this work is a comprehensivereview of approximately 150 studies, which propose orimprove impact analysis approaches. We name their motiva-tion, describe the proposed methodology, and classify eachapproach according to the criteria of our taxonomy [9]. Asa byproduct of this classification, we evaluate our taxonomyby checking the coverage of its criteria. This allows us todraw conclusions about its usefulness in practice. The thirdcontribution is the identification of future research work,based on the review of current studies. The following listingsummarizes the contribution of this article:

1) A comprehensive review, includinga) the summary of 150 approaches,b) the classification of 150 approaches.

2) Evaluation of the taxonomy and its criteria.3) Identification of future research areas.

B. Organization of the Paper

This short section explains the structure of the article.The goals of section II are to provide an overview ofexisting reviews and to introduce the classification criteria,which have been developed in [9] and are used to classifystudied literature. The main part of this article, section III,is concerned with analyzing and classifying impact analysisapproaches. This section is accompanied by Table II at theend of this article, which contains the results of the actualclassification. Section III is further divided according to thedifferent scopes of impact analysis which are explained insection II-B, to allow for easy navigation. Finally, sectionIV reports and summarizes major results of the review,according to the goals of this article.

II. TOWARDS A REVIEW

In this section, we investigate and evaluate existingattempts to review the field of impact analysis. We analyzestudies which are aimed at evaluating approaches, com-paring tools, and analyzing the role of certain concepts forimpact analysis. Secondly, this section explains the differentscopes of impact analysis. Finally, a short summary of ourclassification criteria is given, which will be used to classifyapproaches in section III.

A. Previous and related Studies

One of the first attempts to review and structure the fieldof impact analysis were made by Arnold and Bohner backin 1993 [7]. They established a framework for classifyingand comparing approaches which we discussed in [9]according to our goals. Arnold and Bohner reviewed fiverather different studies and classified them according totheir criteria.

Orso et al. [12] and Breech et al. [13] compared severalsource code based impact analysis techniques regardingtheir performance. Orso et al. [12] analyzed two dynamic

impact analysis algorithms called PathImpact and Cover-ageImpact, and focused their analysis on achieved preci-sion, memory consumption, and execution time. Breechet al. [13] analyzed and compared two dynamic (PathIm-pact, CoverageImpact) and two online impact analysis al-gorithms (InstrumentedPathImpact, DynamicCompilation).They evaluated the performance of the algorithms accordingto their scalability, precision, recall, memory consumption,and execution time. However, both studies examine rathersimilar approaches and do not provide an overview of thewide field of impact analysis.

In a similar fashion, Hattori et al. [14], [15] examinedseveral impact analysis algorithms which they implementedin their Impala tool. The authors measured the performanceof the algorithms using the information retrieval metricsprecision and recall, and compared their results againstresults achieved with the DesginWizard tool.

A review of Bohner [3] is concerned with the questionwhere and how impact analysis is applied during the de-velopment and maintenance process. The author proposes aseries of models, which assist with understanding and man-aging impact detection, change modeling, change imple-mentation, testing, and related tasks. His focus is thereforenot on reviewing specific approaches, but on illustrating theintegration of impact analysis into the development process.

De Lucia et al. [16] analyzed the role of traceabilityrelations in impact analysis, as they allow to connectdifferent software artifacts and to analyze impact relationsbetween them. The interconnection of different types ofartifacts for analytical purpose is important, as changes donot only occur in code and their affects are not limited tocode either. Several techniques for establishing traceabilitylinks are explored in their work. However, they do notanalyze and compare specific impact analysis studies.

A study of different scope was conducted by Robbes etal. [17] who reported on the trend to evaluate impact anal-ysis approaches with development data stored in versioningsystems such as CVS or SVN. However, their analysis hasshown that these sources cannot always provide accurateand reliable data for an objective evaluation of approaches.Thus, they proposed a benchmark and evaluation procedurefor impact analysis approaches to overcome this limitation.

A review of Kagdi et al. [18]–[20] on the topic of MiningSoftware Repositories (MSR) explores impact analysis asone possible application of MSR. This review is valuablefor the impact analysis community, as many studies areexamined which apply MSR techniques for change predic-tion and the detection of co-change patterns which can beutilized for impact analysis.

Kilpinen [21] examined the practical applicability ofimpact analysis approaches in her PhD thesis. The authoridentified a gap between approaches proposed for impactanalysis and their application in practice. However, mostauthors neglect this fact and thereby limiting the appli-cability of their approach. In contrast, experiments andcase studies conducted within the scope of her thesis have

Page 4: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

shown a sharp decrease in required design work whenmarginally improving the integration of impact analysis intothe development process.

The conclusion of this section is as follows. All reviewedstudies have a very different focus, e.g. they analyzedtechniques and algorithms for impact analysis or the inte-gration of impact analysis into the development process. Sofar, there is no comprehensive review which explains andclassifies research approaches which have been proposedfor the task of impact analysis. In contrast, we identifiedroughly 150 studies which are concerned with impactanalysis. Thus, ordering them according to well-definedcriteria is an important and necessary task to understandimpact analysis.

B. Scopes of Interest

We identified three different scopes of impact analysisapproaches [9], as most approaches either analyze sourcecode, formal models or miscellaneous artifacts. Source codeanalysis can either be static, dynamic or online. Formalmodels are further divided into architectural and require-ments models, to reflect the earlier phases of softwaredevelopment, i.e. requirements capturing and architecturalreasoning. Miscellaneous artifacts span a wide range ofdocuments and data sources, such as documentation, bugtrackers, and configuration files. Figure 1 illustrates thescopes. The following five subsections outline each scopein more detail, to explain why we have chosen such adistinction.

Combined Scopes

Code Models Misc. Artifacts

Static Dynamic Online Documentation Configuration

Architecture Requirements

Fig. 1. Scopes of impact analysis

1) Source Code: Many approaches investigate the im-pacts of changes by reasoning about inheritance relations,method-call behavior, and other dependencies between pro-gram entities. Source code files, class packages, classes,methods, statements, and variables are analyzed to predictthe propagation of changes. However, such techniques arenot applicable in the early phases of software design andrequirements analysis, when no source code is available.Their rather technical nature also limits their applicationto programmers and is of little use for other stakeholders,such as project leaders.

Static code analysis extracts facts from source code tobuild call graphs, slices, and other representations which areused to assess the impacts of a change. In contrast, dynamic

and online approaches instrument the code or compiledbinaries to collect information about method executions.These so called execution traces are either analyzed afterprogram execution (dynamic) or on the fly (online) toenable the concurrent assessment of changes.

2) Architectural Models: Williams and Carver [22] high-light the importance of change impact analysis for softwarearchitectures to keep their quality and correctness at anacceptable level.

Architectural models, such as UML component dia-grams, enable the assessment of architectural changes on amore abstract level than source code. This enables impactanalysis in earlier stages of development and in modelbased development (MBD), which has become more im-portant in recent years. But dependent on the underlyingmodeling language, even architectural analysis allows forfine-grained results, for example when analyzing detailedUML class diagrams. Typical levels of granularity aresystems, sub-systems, components, and classes.

3) Requirements Models: Formalized requirements arethe first available artifacts during the software developmentprocess, and undergo many changes until the final versionof a program has been implemented. If requirements areencoded in formal modeling languages such as UML, GRL[23] or UCM [23], they can be subject of formal analysisas they adhere to a well-structured metamodel. In contrast,if they are expressed as plain text, only textual retrievalmethods such as information retrieval (IR) can be applied.

4) Miscellaneous Artifacts: It is an acknowledged factthat changes do not only occur in source code or archi-tectural models. Documentation, configuration files, bugtrackers, and similar auxiliary content of software are alsosubject of frequent changes. However, changes to suchentities can also affect the software, e.g. when a configura-tion file was changed. Performing impact analysis amongsuch entities, mostly different types of files, has thereforebecome an issue to the research community as well.

5) Combined Scopes: The typical software developmentprocess is comprised of different phases, i.e. starting withrequirements analysis and architectural reasoning, whichare then followed by the implementation. When changingsoftware, impacts do not limit themselves to certain kindsof artifacts. Changing a requirement can affect differentarchitectural models, as well as already implemented sourcecode components. Therefore, comprehensive analysis isrequired to trace impacts across all available artifacts. Thishowever requires sophisticated concepts that are able to dealwith a wide variety of possible types of artifacts.

C. Classification Criteria

Our taxonomy [9] was established after evaluating ex-isting work which is aimed at providing a classificationscheme for impact analysis. We reviewed the frameworkfor comparison proposed by Arnold and Bohner [7], ataxonomy for software change established by Mens andBuckley [24], [25], and a taxonomy for impact analysis

Page 5: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

by Kilpinen [21]. The following listing summarizes ourclassification criteria, whereas detailed descriptions can befound in [9].

• Scope of analysis - what is analyzed?• Granularity of analysis - how fine-grained are entities,

changes, and proposed results?• Utilized technique - which algorithms are used?• Scalability - how scalable is the approach?• Supported languages - which languages are supported?• Tool support - is there a tool available?• Style of analysis - is the analysis performed globally,

search-based or exploratory?• Experimental results - what experimental results are

available to judge the performance?

III. IMPACT ANALYSIS: A REVIEW

A. Abbreviations

This rather short section explains the abbreviations,which will be used throughout the review to ensure theusability of its results, especially concerning Table II whichcontains the results of the classification. All algorithms andtechniques which can be found in the following Table I areexplained by our taxonomy in [9].

Abbr. Type ExplanationPM Techn. Probabilistic ModelsDG Techn. Dependency GraphMDG Techn. Message Dependency GraphSL Techn. SlicingIR Techn. Information RetrievalTR Techn. TraceabilityHM Techn. History MiningCG Techn. Call GraphER Techn. Explicit RulesET Techn. Execution Traceschg. Change unspecified changevis. Change visibility changetyp. Change change of data typeval. Change change of valueinh. Change change of inheritance relationsig. Change change of method signaturemod. Change change of modifierr. Change renamem. Change move+ Change addition of an entity- Change deletion of an entityT Misc. time complexityS Misc. space complexity

TABLE IABBREVIATIONS FOR TECHNOLOGIES, ALGORITHMS AND CHANGES

B. Source Code

This section is focused on approaches which analyzesource code. Due to the large amount of studies, we furtherstructure this section according to the techniques used bythe approaches, to group approaches according to theirsimilarity.

1) Call Graphs: Changed methods or procedures canaffect other source code entities, which either call themdirectly or indirectly. Analyzing the call-behavior of asystem can therefore help to assess the impact of amethod/procedure change. Thus, source code is analyzedstatically while method calls are extracted and stored ina graph or matrix. This graph then enables developers toestimate the propagation of a given change.

Ryder and Tip [4] developed an approach to check whichtests are affected by a change and should be re-executed.In addition, their approach is able to tell which change isresponsible for a test’s failure, based on call graph analysis.They support fine-grained change operations, such as thedeletion of method from a class and implemented theirapproach in a tool called Chianti, which is presented inthe work of Ren et al. [26]–[28]. The tool is implementedas Eclipse 1 plug-in but does not seem to be availableany longer2. Chianti performs the following four steps todetermine affected test cases. First, it analyzes code editsto obtain sets of interdependent atomic changes. Secondly,it constructs a call graph for each test case which is thenused for correlating obtained change sets against the callgraph of the original program to determine which test isaffected. Finally, it constructs a call graph of the editedversion of a program and correlates this graph against theoriginal call graph to determine which changes affect a test.The PhD thesis of Ren [29] continues the work and actu-ally implemented the Chianti prototype, and investigatesdependencies between atomic changes. Ren implementeda heuristic to rank atomic changes according to theirlikelihood of affecting a test case failure based on the typeof dependency between changes. Ren distinguishes betweenstructural dependencies (sequence when elements are addedor deleted), declaration dependencies (java element declara-tions), mapping dependencies (mapping changes to method-level changes), and syntactic dependencies between atomicchanges to exclude changes which do not affect certaintests.

Xia and Srikanth [30] are concerned with measuringinternal software artifacts to reflect on the external viewof maintainability, and therefore propose a measure toestimate the change impact. Their approach assumes thatonly source code is available for analysis and that thereis no knowledge about change types. They trace changesto program statements by examining the call hierarchy ofthe code until the change rippled across two levels of thegraph, after which further propagation is stopped.

The goal of the work presented by Badri et al. [31]is to increase the precision of call graph based changeprediction while keeping the analysis costs on a moderatelevel. Therefore, they combine static call graphs with staticcontrol flow information to so called Control Flow Graphs,to overcome the lack of precision of traditional call graph

1http://eclipse.org/2http://aria.cs.vt.edu/projects/chianti/

Page 6: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

based approaches. Their proposed methodology recordscontrol flow between method calls to enhance the callgraph with information about the call order, and to removeexcluded calls in order to remove infeasible paths. Controlcall graphs (CCG) are constructed by analyzing source codewhile ignoring all statements and instructions which donot invoke a method call. CCGs are further enhanced withsequence information to enable the generation of compactedsequences, which are then used to further prune infeasiblepaths. As a result of this process, the behavioral profileof a program is obtained. The proposed approach is calledCCGImpact and implemented in the PCIA tool. However,their approach does not yet consider object oriented speci-fities [31], such as inheritance.

2) Dependency Analysis: There exist a variety of de-pendencies between source code entities, such as control,data or inheritance dependencies. They can be extracted bystatic source code analysis and either stored in a graph or amatrix. Based on dependencies between software artifacts,one can estimate the change propagation between them.

Briand et al. [32] investigate the complex nature ofobject oriented programs. The OO paradigm results in largenumbers of dependencies when analyzed with traditionaldependency analysis, which in turn leads to an explosionof possible impacts computed by dependency analysis.Therefore, they investigate whether dependency-based cou-pling measures can be used for impact analysis. Couplingbetween object classes (CBO) and data abstraction coupling(DAC) are two examples for such a coupling measures.Two classes, A and B, are coupled via CBO if B calls amethod of A. They are coupled via DAC if B containsan instance of A. Their approach computes all possiblecoupling measures and ranks classes according to achievedvalues, where a high ranking indicates a strong couplingand therefore implies that an entity is impact by a changeto the coupled entity.

The work of Kung et al. [33] is concerned with codechanges in object oriented libraries. They developed amodel to capture and reason about changes, as the under-standing of combined relations and dependencies betweenclasses is more complicated than ripple effect analysis inprocedural languages. Their proposed model describes con-trol structures, inheritance relations, and the like betweenclasses, methods, and attributes. The model is further buildupon three types of diagrams, namely Object Relation Dia-grams (ORD), Block Branch Diagrams (BBD), and ObjectState Diagrams (OSD). These diagrams are generated fromsource code and applied for analysis, using the class firewallconcept. Attributes which are affected by a change aredetected by computing the differences between the sourcecode and the current BBD, whereas impacted methodsare indicated by removed nodes and edges in the BDD.Impacted library classes are determined by ORD analysis.

Rajlich [34] discusses two approaches of change prop-agation, which are based on program dependencies andhave been implemented in the tool Ripples 2. The utilized

dependency graph is computed by a code parser whichscans project files and identifies dependencies. Changesin the dependency graph are modeled by graph rewriting,whereas the evolution of the dependency graph is modeledas a sequence of snapshots. The proposed ”change-and-fix-approach” consists of two steps, which are repeateduntil the change has been implemented. First, the developerchanges an entity which then triggers a dependency analysisto propose possible impacted entities. This process is re-peated, as long as the developer is changing further entities.In contrast, the ”top-down-approach” marks entities aseither top elements if they do not support other entitiesor bottom elements otherwise. The analysis then starts byfirst examining top elements and then moving along thedependencies if no change is required in the top-elements.

The approach of Pirklbauer et al. [35] is based on thetool developed by Fasching [36] for visualizing softwaredependencies, and is comprised of six steps as proposedby Bohner [2], [37]. Impacted elements are computed byanalyzing the dependency graph of a program while usingthree parameters to prune infeasible paths: dependencytype, minimal importance of dependency, and maximumdependency depth. However, the developer has to inspectthe remaining graph manually and decide which entity hasbeen correctly identified as impacted. In the underlyingmaster’s thesis of Fasching [36], the author highlights theimportance of visualizing dependencies to enable develop-ers to understand the changes. The thesis outlines importantrequirements for impact and dependency visualization, suchas interaction, navigation, zoom, merge, hiding, reload ofdata, and focus, and it also discusses various visualizationtechniques and compares existing tools for impact visual-ization.

Similar to the work of Kung et al. [33], Zalewski andSchupp [38] are also concerned with assessing the impactsof library changes. They propose a methodology calledconceptual change impact analysis (CCIA) which is basedon the principle of pipes and filters. In a first step, theylocate changes which impact conceptual specifications andthen apply optional filters to refine the output to detectspecific kinds of impacts. Therefore, they provide twofilter algorithms: one to detect the impact of a changeto the degree of generality, and one to detect the com-patibility to different versions. The second step involvesthe implementation of the change and the identificationof differences between the original and altered versionof the program. Next, a dependency graph is constructedand nodes are annotated with information gained by thedifferencing process (e.g. they are marked as ”added”).The last step involves a depth-first-search to propagatethe impacts of a change through the graph, which usesthe additional node information to prune the propagationof changes, e.g. when reaching a node which is markedas ”deleted”. As a further contribution, they provide twoalgorithms to search for specific kinds of impacts, namelyconstraints change which checks whether requirements for

Page 7: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

algorithm parameters changed, and concept compatibilitywhich checks whether a concept is compatible betweenversions.

Petrenko and Rajlich [39] are concerned with enhanc-ing impact analysis to cope with variable granularity ofanalyzed software artifacts. Therefore, they construct adependency graph of the program and use marks to annotatenodes as either changed, propagates, next, inspected orblank. If an impacted element is found, it is the programmerwho decides whether the impact propagates at the same, acoarser or even a finer level of granularity. All children ofthe impacted element will be marked, if the programmerrefines the granularity, e.g. from ”class” to ”method”. Incontrast, all parent elements will be marked if the pro-grammer coarsens the granularity, e.g. from ”attribute” to”method”. If no granularity is sufficient, the programmercan select entire code fragments where all encompassingentities will be marked and used for further impact propa-gation. They extended the JRipples tool to cope with thisvariable approach.

Black [40] is concerned with reformulating the ripple-effect algorithm as proposed by Yau et al. [41], andimplemented the improved version in the REST tool toanalyze C programs. REST builds a dependency matrix ofthe program and applies four different McCabe complexitymeasures to compute the ripple effect and stability measuresfor the source code. Black performed an evaluation togauge the correlation between the original algorithm andthe REST tool and concluded that both match, whereasREST achieves more accurate results.

The aim of Bilal and Black [42] is to improve the rippleeffect algorithm introduced by Yau et al. [41] in 1978,by optimizing the ripple effect metric. Their analysis isbased on two types of change propagation to calculatethe ripple effects, namely intra-module change propagationand inter-module change propagation. Both types of changepropagation are implemented in four different algorithms.The first algorithm concatenates all the code within a classapart from local method calls, and computes the rippleeffect between this class and others. The second algorithmcomputes ripple effects across methods and classes, butignores change propagation within methods. The thirdcomputes ripple effects between methods, within methods,and between classes. The forth and last algorithm computesripple effects across the methods of each class, by ignoringthe change propagation between classes. However, theauthors did not provide any details on the results achievedwith each algorithm and based on the paper one cannotjudge which is more suitable.

Lee et al. [6] utilize three different object oriented depen-dency graphs of which they compute the transitive closureto identify impacted elements. The authors propose theconcepts of intra-method data dependency graphs to calcu-late impacts on entities inside method bodies, inter-methoddata dependency graphs to calculate change dependenciesbetween methods, and object oriented system dependency

graphs which are used to calculate the change impact atsystem level. Furthermore, they distinguish between fourdifferent types of impacts between two related entities,namely contaminated (both are impacted), clean (both arenot impacted), semi-contaminated (the source does notimpact the target, but the source can be impacted), andsemi-clean (the source is not impacted, but it propagateschanges to the target). These types are used to assignweights to relationships among entities, according to thetype of impact relations between them. The total changeimpact weight is then computed as the sum of all weightswhich are assigned to the relations between two entities.Finally, the total change impact weight is assigned to allthree graphs to enable the computation of impacts.

The question which types of changes can occur in objectoriented systems and how they affect other classes is thedriving motivation for the work of Li and Offut [43].Their proposed algorithm computes the transitive closureof the program dependency graph, before applying theactual analysis procedure. The analysis starts by groupingall classes that are related to a changed class into a set ofaffected classes. Secondly, the union of all sets is computed.The computation of the total effects is then comprised ofthe following three sub-computations: the identification ofeffects within a class, the identification of effects amongrelated classes (clients), and finally the identification ofeffects caused by inheritance relations between classes.

Beszedes et al. [44] propose the use of Static ExecutionAfter relations (SEA) to approximate static slicing with lesscosts. The computation of SEA relations is achieved byanalyzing methods to unveil hidden dependencies betweenclasses. This is accomplished by constructing a Compo-nent Control Flow Graph (CCFG) for each method, whichcollects method calls by static source code analysis. TheCCFG is build by adding one entry-node for each methodand one component-node for every other method that iscalled within the method itself. Both nodes are then con-nected with ”control flow” connections. The algorithm thencomputes all SEA relations by determining the transitivecalls for each method. Then, all identified methods areprocessed again to compute the sequence information byordering components topologically, and determining the setof methods which are called in each component.

Jasz et al. extend [45] the work of Beszedes et al.[44] by introducing Static Execution Before/After relations(SEA/SEB), where SEB are the inverse to SEA. The SEAand SEB relations are computed based on the interpro-cedural component control flow graph (ICCFG), which iscomprised of call site nodes and control flow edges thatexist between them. An experiment has shown that theconcept of SEA/SEB results in decreased computation time,but also in a loss of precision of about 4%. One of theprograms analyzed in the scope of this experiment (Mozilla)could not even be analyzed with traditional dependencyanalysis due to space and time requirements, but withSEA/SEB relations.

Page 8: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Supporting development activities with solid tool supportis the main goal of the work presented by Chen andRajlich [46]. They introduce their tool RIPPLES, whichuses an Abstract System Dependency Graph (ASDG) toestimate the propagation of changes. RIPPLES combinesdependencies obtained through static analysis with concep-tual dependencies, as not all dependencies between code-components can be captured by static analysis. Nodes of theASDG are comprised of program variables, methods, anddata types, whereas edges in the graph are based on controlflow information. The size and complexity of the ASDGis reduced by removing statements containing no functioncall or variable modification. Next, nodes of the ASDG areeither marked as unmarked (default), candidate or changed,where edges are also marked as either unmarked (default),forward or backward. When a programmer inspects theASDG and updates program entities, assigned marks areupdated according to the actions taken by the programmerto signal possible impacts, e.g. when deleting an entity.

Gwizdala et al. [47] propose the JTracker tool to guideprogrammers while changing software. JTracker analyzesthe program and builds a dependency database, which isupdated after each operation. The tool considers inher-itance, aggregation, and other relations between classesas dependencies. JTracker marks classes which requireinspection by the programmer until no marked class isleft in the program database. Gwizdala et al. analyzed aprogram consisting of 400 classes in a case study, butunfortunately they did not provide any results in terms ofprecision and recall.

The traditional tradeoff between achieved precision andrequired computation time is the motivation for Bishop[48] to propose an incremental approach which requiresless analysis effort to compute impacts. The main goalis to reuse earlier results of impact calculations, and toupdate them according to changes made to the program. Adependency graph of the program is constructed based ona method input-output-mapping and enhanced with staticdata flow information which are obtained from methodbodies. The incremental approach stores the results ofeach analysis process to enable an incremental search forimpacted entities, which results in reduced costs.

3) Program Slicing: Slicing is one application of staticsource code analysis and is build upon code dependencyanalysis. A comprehensive study on slicing can be foundin the work of Tip who conducted a survey on the topic[49]. Slicing removes all program statements which are notrelated to the slicing criterion, i.e. which do not affect thestate of a variable and thereby being of no use for impactanalysis. A short tabular comparison of several slicing toolswhich can be used for impact analysis is contained inthe work of Korpi and Koskinen [50] which will also bediscussed in this section.

The work of Gallagher and Lyle [51] is concerned withforming slice-based decompositions of programs, contain-ing only those parts which are affected by a change. They

use the concept of decomposition to break the programinto manageable pieces and to guarantee that there areno ripple effects. Decomposition slices are constructedby applying an algorithm which was originally designedfor dead code detection and locates all instructions whichare useful regarding the slicing criterion. The detectionalgorithm marks all output instructions as critical and tracesinstructions that impact the output statements (called ”use-definition”). Detected relations are then examined to buildthe actual decomposition slices, by forming a lattice ofslices for each variable and ordering them by set inclusions.Finally, all output statements are removed from the slices,as they do not contribute anything to the variables. Theresult of this process is a slice which only contains impactedcode elements.

Visualizing impacts is a useful technique for developersto understand which entities are affected by a change.However, current visualization techniques which are basedon acyclic graphs flood developers with too much informa-tion, and are less useful for slicing. The aim of Hutchinsand Gallagher [52] is therefore to reduce the amount ofslicing information which must be displayed to assessthe impact of a change. They introduce the concept ofinference between variables, which distinguishes betweenstrong (directly related) and weak dependencies (mutuallydependent on other variables), and result in two differentimpact graphs. They further propose a set of interfacefeatures to reduce the size of slices. Their approach allowsto hide any variable of a particular procedure, hide variableswith empty slices (|slice| ≤ 2), group equivalent variablesof the same procedure into one entity, group all slices of allvariables of a procedure into one entity, and hide variableswithout relationships to current selection.

Tonella [53] investigates how decomposition slice graphscan be combined with concept lattices which group ele-ments sharing common attributes, to increase the precisionand recall of impact analysis. Tonella combines nodesfrom both approaches via and and or relations to obtain alattice of decomposition slices (and-lattice, or-lattice). Twodecomposition slices are considered to interfere, if thereexists a non-empty intersection of them, i.e. decompositionslices provide strong-intersections, whereas lattices provideweak and strong-intersections. The identification of nodeswhich are directly affected by a change is achieved bytraversing the lattices upwards, as all upwards nodes sharethe same line of code.

The concepts of dependence clusters and dependencepollution are introduced in the work of Binkley and Har-man [54], who also propose a visualization technique forlocating such clusters. Their approach is based on the sizeof computed slices, i.e. they create slices for each variableand check whether the slices have the same size. If so, suchvariables contribute to a cluster and changes to one variablein the cluster are likely to cause changes to other variablesof the same cluster. They implemented their idea in theconcept of monotone slice-size graphs (MSG), which is

Page 9: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

used to visualize detected clusters. An experiment revealedthat 80% of all studied programs contained clusters whichconsist of 10% of the original program.

Korpi and Koskinen [50] developed an automated PDG-based forward slicer for Visual Basic called GRACE, toenable impact analysis for Visual Basic programs. GRACEapplies static forward slicing to capture all possibly affectedparts of the program, and consists of two main components.The parser translates Visual Basic programs into abstractsyntax trees (AST) and symbol tables. The PDG-generatorfinally converts the ASTs into graphs. GRACE combinessingle graphs to system graphs, and performs a straightfor-ward reachability analysis on the PDG to compute impactedcode entities. An evaluation based on a program consistingof 18700 LOC revealed that parsing the code and generatingthe PDG took five seconds with GRACE.

Preprocessor macros are a useful concept in program-ming languages. However, they result in sometimes in-comprehensible and unmaintainable code. Also, there is noimpact analysis approach available which is able to analyzethe effects of macro changes. Therefore, Vidacs et al. [55]propose a slicing algorithm for C++ preprocessor macrosto enable impact analysis on macro level. They build amacro dependency graph which is used to compute dynamicforward slices, as they contain possibly affected programentities. The edges of this graph are based on macro de-pendencies, whereas nodes are based on macro invocationsand macro definitions. Their approach is enhanced with theconcepts of coloring and multiple edges to provide supportfor later defined and re-defined macros in dynamic forwardslices.

Santelices and Harrold [56] are concerned with thequestion how static slicing or slicing in general can beenhanced to reduce the set of proposed impacts by utilizingprobabilistic algorithms. Their research is based on thefollowing three observations:

1) Not all statements have a similar probability of beingimpacted by a certain change.

2) Some data dependencies are less likely to be covered.3) Data dependencies propagate changes with a higher

probability than control dependencies.The probability that A is affected by B is computed bystatically analyzing whether the execution of a programreaches A after executing B, if there are sequences ofdata or control dependencies between B and A, and ifa modification of a program state propagates from B toA. Standard slicing procedures are used to generate adependency graph that covers all possible executions, whichis then used to create an interprocedural dependency graph.This graph is annotated with the probabilities that depen-dencies are affected by a change and will propagate thechange themselves. After this step, each path is annotatedwith the probability of propagating changes from the sourcenode to the target node, which is composed of all singleprobabilities on the path. This composition is achieved bycomputing the coverage and propagation probabilities and

executing a data-flow analysis on the PDG to combine alldependencies between the source node and the target node.The decision whether an entity is impacted or not is thendependent on computed probabilities.

4) Execution Traces: In contrast to static call graphs,dynamic execution traces contain only those methods whichhave been called during the execution of a program. Similarto call graphs, they allow to assess the impact of a method-change by analyzing which methods were called afterthe changed method, thus being possibly impacted too.Approaches which rely on dynamic execution data wereestablished to overcome the limitations of static slicing(expensive) and call graphs (imprecise).

Law and Rothermel [57], [58] developed two dynamicimpact analysis algorithms: PathImpact and its improvedversion EvolveImpact which are explained in this section.

PathImpact [57] instruments methods to collect methodentry and method exit events as execution traces. How-ever, traces suffer from duplicated entries and have to becompressed, since methods can be called more than once.Law and Rothermel compressed traces to DAGs usingthe SEQUITUR compression algorithm to overcome thisproblem. A traversal of the DAG reveals all methods whichwere called after a changed method was called, or in whicha changed method returned into. All these methods aretherefore considered as being potentially impacted.

EvolveImpact [58] was proposed to overcome the prob-lem of updating the DAG after changes, as rebuilding theentire DAG for larger programs is an expensive task. Thegoal is to incrementally update the DAG by observingchanges to test suites and system components. Therefore,each test case is tagged with a unique identifier which alsoappears at the beginning of each trace and is supplementedby special ending symbols. These keys and ending symbolsare then used to remove traces from the DAG if they containchanged methods and indicate that some traces shouldbe refreshed. Law and Rothermel developed a modifiedversion of the SEQUITUR compression algorithm calledModSEQUITUR to cope with these new symbols and keys.

Orso et al. [59] claim that program testing and analysisunder development conditions is not realistic, since realworld factors such as different hardware, different usersetc. have a big influence on the behavior of software.They are concerned with gathering ”field data” from realusers under real world conditions, to evaluate softwareand perform impact analysis. They investigate the use ofthe Gamma-approach for impact analysis, which has beenintroduced by the same authors. This approach enablesremote analysis and the collection of field data from realusers. Developers have to instrument their programs tocollect dynamic data (i.e. execution data) in a lightweightmanner. The users execute the programs and send back theexecution data (coverage data at block and method levels).The developer then computes dynamic slices, which arebased on execution data of entities that traversed a changedentity. This kind of analysis also allows to estimate the

Page 10: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

impact of a change on different users by asking questionslike ”How many % of the users will be impacted by thischange?”. Orso et al. compared their approach against staticslicing and call graphs and concluded that real field data isdifferent to synthetically computed data.

Breech et al. [60] proposed an approach for onlineimpact analysis. The authors instrumented a compiler toadd callbacks to each function, in order to be able to gatherexecution data during runtime. Once the data has beencollected, they analyze the call stack to judge whether afunction is affected by a change of other functions. Allfunctions which were called by a changed function areconsidered as impacted, and all functions which remain inthe call stack after the changed function’s return event arealso considered as being impacted.

In further work, Breech et al. [61] are concerned withcombining the precision of static techniques and the anal-ysis speed of dynamic techniques. As a first step, theybuild an influence graph of the program, as changes canonly ripple through return values, parameters, and globalvariables. The graph is comprised of methods (nodes) andtheir relations (edges), and is used to compute the transitiveclosure of the source code. A dynamic analysis is thenperformed and results are merged with information inferredfrom the influence graph. That is, only those methodsare considered as impacted, which are connected in theinfluence graph with the same type of relation as inferredby the dynamic analysis. However, case studies have shownthat this approach can only achieve a 3-5% gain of precisioncompared to PathImpact [57].

Apiwattanapong et al. [62] are concerned with overcom-ing the performance limitations of PathImpact [57] and thelack of precision of CoverageImpact [59]. Therefore, theauthors introduce the concept of Execute-After sequences(EA). They achieve their goal by simplifying recordedtraces in terms that they only record the first and last eventof each method, i.e. they neglect method return eventsand instead only record method return into events. EachEA-sequence is enhanced with additional timestamps todetermine impacted methods. If a method is changed, allpossibly impacted methods are determined by searching formethods whose timestamp is equal or higher than the firsttimestamp of the changed method. The algorithm proposedby Apiwattanapong et al. is called CollectEA, and results ofseveral case studies have shown that CollectEA is almostas precise as PathImpact, but only slightly more expensivethan CoverageImpact.

Existing dynamic techniques introduce too much over-head in terms of space and time costs, as stated by Huangand Song [63]. Therefore, the authors propose a dynamicimpact analysis technique which collects method returninto events, rather than method return events. The aim ofthe authors is to achieve the same precision and recall asPathImpact [57] and CollectEA [62], but with less timeand space complexity. Their algorithm retrieves informa-tion about the execution order of methods by correlating

method events with methods executed after the event. Theseinformation are then used to reduce the redundancy inexecution traces. Execution events which do not traverse achanged method are skipped, and methods whose events arelisted before any event of a changed method took place areremoved as well. As a result of this process, only methodsexecuted after the execution of a changed method remainin the estimated impact set.

Beszedes et al. [64] introduce a new coupling measure,Dynamic Function Coupling (DFC), in order to take bothdirections of an Execute-After relation into account. Thebasic idea of DFC is to utilize the closeness of twofunctions to estimate whether one impacts the other. Thecloseness of two functions is determined for each pair offunctions, by computing the distance between their calllevels, therefore using forward and backward Execute-Afterrelations. The DFC measure is used to select function pairs,whose distance is below a certain cut-off level (threshold).The DFC values are computed based on a dynamic calltree, which is comprised of method entry and method exitevents. Each function pair selected according to the DFCmeasure is then considered as being impacted by a changeto one of the functions.

Gupta et al. [65] propose a new dynamic algorithm tocompute the impact of a method change, which allowsto trace the impact of a change on other program vari-ables: CallImpact. Tracing impacts relies on dependenciesbetween program entities, which can be distinguished basedon their type and usage, based on the types of paths betweendefinition and usage, and based on the reach of the datadependency. They build a control flow graph (CFG) of theprogram while inserting variable definitions or assignmentsas nodes. This control flow graph and the different types ofdependencies between the nodes enable them to distinguishbetween directly and indirectly impacted entities. Directimpacts are computed by collecting all usage traces of thechanged node. Indirect impacts are computed by analyzingpreviously collected directs sets and further tracing them,according to the type of dependency.

Gupta et al. [66] extended their work, and addi-tionally propose a classification of changes to improveimpact detection. They distinguish between functionalchanges (changed statements which affect functions), logi-cal changes (control-flow changes), structural changes (ad-dition/deletion of code entities) and behavioral changes(change of execution order, change of program entry andexit). Their revised algorithm works as follows. The originaland the modified version of the program are analyzed fordifferences, which are stored together with their respectiveCFGs in a database. A classification algorithm is appliedon the collected differences to calculate functional impactsbased on the connectivity of changed statements in theCFG. This step adds all changed statements and their directimpacts to the impact set. As a second step, all logicalchanges are computed by analyzing statements in the CFGwhich resulted in control flow changes. All these statements

Page 11: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

and those which depend on them via definition or usage arealso added to the impact set. Structural changes are thencomputed by identifying all added or removed statements ofthe original code, whereas behavioral changes are computedby adding all statements to the impact set which causebehavioral changes in the original program.

Hidden dependencies play an important role in softwareevolution and even exist in well structured software. Vanciuand Rajlich [67] propose an approach for dynamic dataflow analysis to uncover such hidden dependencies forimpact analysis. Their approach is based on ExecutedCompletely After (ECA) relations, which state that methodscalling others must be terminated, before the other methodis executed. They also introduce the Interclass ExecutedCompletely After relations (IECA), which extend ECA re-lations by stating that both methods must not belong to thesame class. ECA/IECA relations consist of preconditions(required state of memory before executing a method) andpostconditions (state of memory after executing a method).The potential hidden dependencies between two methods fand g are revealed, if there is one post-condition of f whichis implied by at least one pre-condition of g, which theycall significant precondition conjunction SPC(f,g). Finally,a potential hidden dependency is a true hidden dependency,if both methods share the same domain or programmingconcept.

5) Explicit Rules: Design, domain, and expert knowl-edge can be used to form strict impact rules, which de-termine which entities have to change if a certain entitychanges. For example, if an interface is changed, all classeswhich implement this interface must be changed as well,dependent on the type of change (e.g. deletion of a method).

The aim of the work of Han [68] is to support developerswith a framework for software change management, whichis integrated into the software engineering environment toenable impact analysis for forward engineering and reengi-neering. The proposed impact analysis approach combinesautomated techniques with guided user intervention, byaugmenting the kernel of the software engineering envi-ronment with change management features. The impactanalysis process is accomplished as follows. First, theapproach extracts a dependency graph from the programand then applies a set of propagation rules to determineimpacted entities. The obtained set of possibly impactedentities is then presented to the developer, who is then ableto decide which one to implement.

Chaumun et al. [69] are interested in measuring the influ-ence of high-level design on maintainability, and how inter-class dependencies influence changeability. They propose achange impact model which is defined at the conceptuallevel, and map it to the C++ programming language. Theconceptual model is comprised of components (classes,methods, variables), relationships between them (associa-tion, aggregation, inheritance, invocation), and 66 changetypes, such as the addition of a component. The impact ofa change now depends on two main factors in their model:

the type of change and the type of relation between bothcode entities. Chaumun et al. define a set of impact ruleswhich are comprised of change types and relation types,and are expressed as boolean equations.

Many coupling measures do not capture all aspectsof object oriented software, such as multiple inheritance.Therefore, Arisholm et al. [70] propose a new dynamiccoupling measure which can be used for impact analysisin object oriented software. Dynamic coupling measuresare collected in two different ways. First, the program isexecuted and message traces and other information suppliedby the Java Virtual Machine (JVM) are used, rather thaninstrumenting the source code. Secondly, dynamic UMLdiagrams (e.g. sequence diagrams) are analyzed to extractinformation about the dynamic behavior of the system.Based on the monitored behavior, a set of 12 couplingmeasures built on rules is derived.

The main motivation for the work of Sun et al. [71]is that different change types result in different impacts,and therefore require specific rules to compute the impacts.They propose a static impact analysis approach, whichconsiders different change types and impact mechanisms,by classifying change types at class and class memberlevel. Their approach starts by constructing an intermediaterepresentation of Java programs, called Object OrientedClass and Member Dependence Graph (OOCMDG), whichcontains classes, methods, variables, and their dependen-cies. The proposed model for change propagation considersdifferent change types and dependency types for classes,methods, and variables which are used to formulate impactrules. The starting impact set (SIS) [9] is obtained byperforming forward and backward walks on the OOCMDG,starting at the changed entity. The estimated impact set(EIS) [9] is obtained by classifying changes according totheir change types and then computing the union of allchange types for each entity. Based on this union of changetypes, the appropriate impact rules are chosen which thencompute the final impact set for a given change.

6) Information Retrieval: Information retrieval (IR)techniques exploit natural languages by searching for simi-lar terms in different documents, to infer a relation betweenthem. The interested reader might be referred to a recentsurvey of Binkley and Lawrie [72] on the application of IRin software evolution and maintenance.

In contrast to most impact analysis approaches thatestimate which software entities are affected by a change,Antoniol et al. [73] propose an approach to identify entitieswhich must initially be changed to fulfill a change request,i.e. the identification of the starting impact set (SIS) [9].They apply two IR techniques (a vector-space model anda probabilistic model) to score documents associated withthe software, according to their likelihood of belongingto the SIS of a change request. First, their approach ex-tracts ”meaningful” words from documents, which are thenmatched with code entities. Thereby, they are ranking thedocuments to limit the amount of retrieved documents to the

Page 12: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

relevant ones only. The whole process consists of two steps,and starts with identifying the set of high-level documentsand then using documentation-to-code traceability linksto identify source code components which are initiallyaffected. They performed an early evaluation while studyingthe LEDA C++ library and achieved a precision of 48%with 70% of recall.

Uncovering evolutionary patterns from source code canassist with impact analysis, if developers are aware of fre-quent change patterns and involved code entities. The workof Vaucher et al. [74] is therefore aimed at identifying suchpatterns on the level of classes, using IR techniques. Theycalculate the level of change for each class evolution byretrieving information regarding the implementational andfunctional changes from code, which are then stored in avector. Their technique retrieves the relative implementationchanges by counting the number of added, removed, andmodified instructions of methods. Functional changes inpublic interfaces of classes are identified by dividing thenumber of added and removed public methods throughthe total number of public methods. The total changeof a class is then computed as the sum of all relativeand functional changes. Once all information have beengathered, classes are clustered according to their changebehavior, where dynamic time warping (DTW) is appliedto identify similar groups of class-clusters (patterns). Classpatterns are further grouped according to categories such asusual suspects (classes which frequently change together),code stabilizations (new classes that require a few versionsbefore becoming stable), punctual changes (classes groupeddue to change in specific version), and common concern(classes implementing same concern).

Similar to Arisholm et al. [70], Poshyvanyk et al. [75]are also concerned with overcoming the limitations of staticcoupling measures, and claim that different dimensionsmust be covered by a reliable coupling measure to be ofuse for impact analysis. They propose a new set of couplingmeasures for classes, which are based on IR techniques.Their approach utilizes overlappings in identifiers, names,and comments to detect similarities between code entitiesusing latent semantic indexing (LSI). However, they donot use common IR techniques such as word stemming,expansion of abbreviations, and word replacement to limitthe amount of extracted terms. LSI creates a term-by-document matrix which captures the distribution of wordsin methods, and which represents each document as a vectorin the LSI subspace. Based on this matrix, they compute thecosine between vectors to measure the conceptual couplingbetween methods and then apply coupling measures to rankclasses for impact analysis, based on their coupling value.

7) Probabilistic Models: Probabilistic models, such asMarkow chains and Bayesian Belief Networks (BBN),allow to model the propagation of changes based on wellexplored mathematical models and theorems. Thus, they al-low to compute the probability of an entity being impactedby a change.

Zhou et al. [76] state that most MSR approaches neglectcode ownership and the age of changes in their analysis pro-cess, as code of the same author is more likely to change aswell and entities affected by recent changes are candidateswhich most likely change again. They propose an approachwhich is based on BNNs, and is able to predict changecouplings. Changes are mapped onto different significancelevels, which are based on several complexity indicators(e.g. nesting depth) or whether they modify or preservefunctionality. First, the change history and transactions arerecovered from version control repositories in order toextract fine-grained code changes, which are then classified.During this data import, a sliding window approach is usedto extract co-changes for preparing a static source codedependency model. The second step consists of feature ex-traction and instance generation, by selecting features thatinfluence whether entities might co-change. The number offeatures per entity is counted to classify them into impactgroups of low, middle, high, and uncertain, by taking intoaccount the change significance level, co-change frequency,age of change (old = stable, latest = most likely to change),and the author. The third phase is comprised of trainingand validation, therefore using the selected entities and theirinstances to build the structure of the BNN. This is achievedby applying the K2 algorithm and the SimpleEstimatoralgorithm for calculating feature frequencies, which areused to derive the probabilities.

To evaluate how each class will be affected by a change,Tsantalis et al. [77] propose an approach to measure thechange proness of object oriented software. They distin-guish between three ways how a class can be affectedexternally by inheritance, references or dependencies. Fur-thermore, they also consider the ”inner axis”, i.e. changeswithin the class itself. Their proposed tool computes theprobability of a change for each axis while scanning thedevelopment database of the software, where the devel-oper has to classify changes as either internal or rippleeffect (external). The calculation of probabilities starts withclasses which are not part of a dependency cycle to enablethe stepwise computation of classes, where either theirinternal or external axis belongs to a dependency cycle.In the case of two classes being mutually dependent, thefollowing additional steps are performed. First, all relationsbetween the classes are temporarily removed to calculateprobabilities for single classes. Finally, the relations areadded again to adjust the probabilities accordingly.

Abdi et al. [78], [79] use static analysis to uncoverpotentially affected classes and apply machine learningto score each detected, possible impact with probabilities.They consider 13 change types for classes, methods, vari-ables, and distinguish between four types of links betweenentities (association, aggregation, inheritance, invocation).The impact depends on the type of link between two entitiesand the type of change applied upon them. It is computedby static code analysis based on couplings between classes,using several coupling metrics. Four different machine

Page 13: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

learning techniques (J48, Jrib, PART, NBTree) are then usedto compute the likelihoods of previously discovered poten-tial impacts. Their approach is implemented in PTIDEJ forJava, and achieved a precision of 69% in a case study of asystem consisting of 394 classes.

Further work of Abdi et al. [80], [81] is concerned withthe problem that causality relations between software arti-facts are still not explained. Therefore, they propose a prob-abilistic approach using BBNs to model impact propagationon the level of source code. The proposed methodologyconsists of three steps. First, the structure of the BNNis constructed by analyzing the structure of the softwareand by manually assigning initial probabilities. Secondly,the parameter affectation is computed by distinguishingbetween entry variables which can be directly measured,and intermediate variables which are influenced by parentnodes and are obtained through machine learning. The thirdand last step performs the actual bayesian inference andupdates all conditional probabilities assigned to the nodesof the BNN.

Mirarab et al. [82] also propose the usage of BBNs forchange impact analysis. Their proposed solution consistsof the three steps data extraction, network generation, andnetwork analysis. Data extraction recovers changes andextracts dependencies from repositories through static cou-pling measures. Meanwhile, IR heuristics are used to limitthe number of dependencies, and co-change patterns areextracted from version control repositories. Secondly, net-work generation uses three different models for prediction,the bayesian dependency model (BDM), bayesian historymodel (BHM), and the combination of both, the bayesiandependency and history model (BDHM). The creation ofthe models is based on the previously extracted informa-tion and uses parameter learning to incorporate historicalinformation into the models. Last, the network analysis isexecuted by applying bayesian inference to predict changesfrom the network models, while using the EPIS samplingalgorithm. A case study conducted on a 263 kLOC systemrevealed a precision of 63% while achieving a recall of26%.

Similar to the work presented by Poshyvanyk et al. [75],Gethers and Poshyvanyk [83] are concerned with detectingconceptual couplings which are encoded in identifiers, com-ments, and other attributes. They propose a new probability-based coupling detection technique, Relation Topic basedCoupling (RTC), to compute the coupling between classes.The applied RTM model is an unsupervised probabilistictopic modeling technique, which associates topics withdocuments by predicting links between documents, basedon topics and relations among documents. RTM extends thelatent dirichlet allocation (LDA) technique and representsthe software as a collection of documents, where a word isthe basic element, e.g. an identifier. In the RTC model,each document corresponds to a class and is thereforea collection of words (identifiers, methods etc.). Theyconducted a case study on 13 programs, where Eclipse with

1.9 mLOC was the largest among them and achieved anaverage precision of 12% and an average recall of 45%.

8) History Mining: History Mining is one possible tech-nique for impact analysis and related to MSR [19]. It minesclusters or patterns of entities from software repositorieswhich often changed together, as a change to one entity ofa cluster is likely to affect all the other entities within thiscluster as well.

Fluri et al. [84] acknowledge that MSR is able to detectpatterns of co-changing entities. However, most approachesare not able to tell which co-changes were caused by struc-tural changes and therefore being important for impact anal-ysis, and which ones were caused by other, less important oreven non-relevant changes. They present an approach whichadds structural information to change couplings to improvehistory-based impact analysis. Their approach consists ofthe following four steps. First, modification records areretrieved from CVS to build a release history database(RHDB). Secondly, change coupling clusters are calculatedbased on the information stored in the RHDB. Thirdly,subsequent CVS versions are structurally compared, usingthe following two techniques: the comparison of their ASTsand the comparison of code entities (classes, methods, etc.).Finally, change coupling clusters and structural differencesare used to filter changes that were not caused by structuralmodifications. An early experiment with a 26 kLOC Eclipseplug-in has shown that the distinction between structuralchanges and other changes can help to reduce the amountof mined change couplings, thereby increasing the precisionof impact analysis.

Fluri and Gall [85] continued their work presented in[84] and analyze the impact of different change types.They propose a taxonomy for change types and definesource code changes as tree edit operations on the ASTof a program. They further classify changes according totheir significance level, which can either be low, medium,high or crucial. For example, they consider local changesto have a low significance, whereas interface changes areconsidered to be crucial. Their approach assigns a label toeach source code entity in the AST, which represents thetype of the entity. They also add a textual description (calledvalue), which contains the actual source code, e.g. a methodcall with parameters. As a next step, they extract changecouplings from the RHDB which have a similar totalsignificance level, and weight them according to the numberof transactions they occurred in. The remaining changecouplings are then the most likely candidates for beingimpacted by changes to coupled entities. The approachhas been implemented in the ChangeDistiller plug-in forEclipse, and was evaluated in a case study containing 1400classes.

In earlier work, Gall et al. [86] proposed an approach toextract software evolution patterns and dependencies fromCVS data. Their proposed methodology, QCR, investigatesthe historical development of classes by analyzing thestructural information of programs, modules, and subsys-

Page 14: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

tems in combination with version numbers and changeinformation obtained from CVS. QCR consists of threeanalysis methods: the quantitative analysis (QA) to analyzethe change and growth rate of modules, the change se-quence analysis (CAS) to identify common change historiesof modules, and the relation analysis (RA) to comparemodules and identify dependencies. The RA methodologyis able to detect couplings which refer to similar changepatterns among different parts of the software, to identifyclasses which were most frequently changed together. Thedetection is based on the comparison of class changes,regarding the author, date, and time of the change, and usesa time window of four minutes. The underlying assumptionof this analysis is, that all changes implemented by the samedeveloper at the same day point towards a logical couplingbetween involved entities. The more congruities are found,the stronger is the observed coupling. For example, if theaverage class was changed five times a day, the analysisis focused on classes which were changed more than fivetimes a day.

Zimmermann et al. [87] apply data mining techniquesto uncover couplings between fine-grained entities toguide programmers among related changes. Their approach,which has been implemented in the ROSE tool, consists oftwo steps. First, the preprocessing extracts data sets fromCVS and maps changes to concrete entities of the program.The second step involves the actual mining process touncover association rules between related program entities.Each analyzed entity consists of three attributes, namelycategory (e.g. file, method), identifier, and parent entity(can be NULL). The process of mining association rules isthen based on these entities and different change types (e.g.added, removed, altered), and uses the Apriori -algorithm tocompute rules from the data sets. Finally, mined associationrules are interpreted based on two different measures:support count (number of transactions this rule has beenderived from) and confidence (how often did the rulepredict changes correctly).

Treating history as an explicit first class entity requiresthe existence of a (meta-)model for software evolution,which is proposed in the work of Gırba et al. [88]–[91].The authors define four characteristics for categorizing classevolution [89], [90], namely age of hierarchy, stability ofinheritance relations, stability of class size, and balanceof development effort to define history as a sequence ofversions of the same kind of entities. Based on their Hismometamodel, they developed an approach to characterize andvisualize the evolution of classes [89], [90] called ClassHierarchy History Complexity View, which utilizes treelayouts and polymetric views, and two impact analysis ap-proaches: Yesterday’s Weather [92] and the work presentedin [93].

Yesterday’s Weather [92] is build on the everyday phe-nomena that today’s weather can be used to forecast to-morrow’s weather. This also applies to software evolution,where previous changes can be used to predict future

changes. The approach is build on top of two assumptions:not every change is useful, and classes which changed inthe most recent past are most likely to change again. Classchanges in general are measured by monitoring changesto their total number of methods. The authors measurethe evolution of the total number of methods (ENOM), thelatest evolution of number of methods (LENOM) which issimilar to ENOM but ranks changes according to theirtime stamp, and the earliest evolution of number of meth-ods (EENOM) which is the opposite to LENOM. Thedetection of classes as potential candidate is then basedon intersections between EENOM (classes that did change)and LENOM (classes likely to change). The final value ofYester Weather’s forecast is then computed by counting thehits for all versions and divide them by the total numberof possible hits.

Gırba et al. [93] use formal concept analysis (FCA) todetect common change patterns, which affect many entitiesat the same time. They utilize a historical measure to detectchanges between two versions by identifying an excerptof history in which a certain change condition is met,built upon the Hismo model. For identifying changes, FCAuses a matrix to associate entities with properties. Theproperty matrix of two versions is then compared usinglogical expressions to identify changes among properties.This detection process applies three different measures toidentify changes: number of packages (NOP), number ofclasses (NOC), and number of methods (NOM). Once allchanges have been retrieved, a concept lattice is constructedbased on the matrix. Meanwhile, a heuristic is used toremove entities which changed more often than the detectedconcept and to remove concepts with less than two entities.The remaining co-change patterns can then be used forimpact analysis as they contain the entities which changedtogether the most.

Dependencies between source code entities encoded indifferent programming languages are difficult to determineusing traditional impact analysis techniques. Ying et al. [94]propose an approach which is based on mining changepatterns among files to suggest possibly impacted sourcecode files to the developer, independent of the programminglanguage. First, their approach extracts historical data fromrepositories and preprocesses them, by dividing them intosets of atomic changes and by skipping non-useful changes(e.g. changed comments). Then, an association rule miningalgorithm is applied to detect reoccurring patterns, usingthe FP-tree algorithm. All relevant source code files areidentified by querying the file under consideration againstthe mined patterns, to identify files which should changetogether with this one. Finally, query results are sortedinto three groups according to their relevance: surprising,neutral, and obvious based on structural information of thechanges.

Hassan and Holt [95] investigate how changes of oneentity propagate towards other entities of the same pro-gram. They analyze historical development data stored in

Page 15: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

source code versioning systems by transforming changeinformation (granularity: files) into the more appropriatelevel of source code entities. The transformation processconsists of the classification changes into the groups ofchanges containing added code entities, and such containingno added code entities. Their approach utilizes severalheuristics to capture impacts, namely historical co-changerecords, code structure relations (i.e. calls, uses, defines),code layout (i.e. location of entities relative to classes andcomponents), developer data (entities changed frequentlyby same developer), process data (change propagationdepending on the used process), and the similar namesheuristic. Each heuristic uses several pruning techniques tocut off unlikely results: frequency pruning (i.e. remove theleast frequent ones), recency technique (i.e. return thosethat where related in the past), and a combination offrequency pruning and recency technique together with adecay function or a counter. An evaluation of all heuristicsrevealed that the hybrid ones achieved the best results.

The approach presented by Bouktif et al. [96] proposesfiles that should co-change with a given entity, based on thedetection of change-patterns through dynamic time warping(DTW). The approach computes distance measures betweentwo files within a certain time window to filter unrelatedfiles, using distance thresholds. The actual identification ofchange patterns is a three pronged process, which starts bybuilding an XML-based log file containing all momentsin time when files were added, removed, or changed.The second step involves the transformation of data bycomputing appropriate time windows to limit the effectsof past changes, where the length of a window can bedetermined by either imposing a fixed distance in time(”changes not older than...”), or by imposing a fixed numberof past changes (”the last X changes”). Finally, DTW isused to identify change patterns by aligning each possiblepair of file histories, and by grouping histories with adistance below a predefined threshold.

Instead of extracting evolutionary data from version con-trol repositories, which involves expensive preprocessing[97], it is also possible to extend IDEs to record changes onthe fly. Robbes et al. [98], [99] propose a new concept for aCASE tool supporting software evolution by recording de-veloper activities in an IDE and demonstrate their SpyWareplatform in [100]. When recording every step of developers,there is no more need for extracting data from repositories,which contain only those information which have actuallybeen committed. The tight integration into the IDE alsoeases the work for developers, who no longer must copewith a multitude of different tools. Automatically recordedchanges enable to model the change history as a sequenceof first-class change operations, in contrast to the concept ofprogram versions. There exist a variety of embedded toolswithin SpyWare to facilitate impact analysis and to assistdevelopers when changing software.

9) Combined Technologies: Combining MSR which an-alyzes a series of versions with traditional impact analysis

which is focused on a single version could yield several ad-vantages. Traditional analysis applied on single versions ofa program is not adaptive, whereas MSR-based approachesrely on historical data, which might be incomplete or out-dated and therefore inferring wrong impacts [101]. There-fore, Kagdi and Maletic [102], [103] are concerned withcombining both methodologies to improve the prediction ofchanges. The basic idea is to apply traditional techniqueson single revisions and to infer additional dependenciesfrom version histories using MSR approaches. Using theachieved results to cross validate each other is a potentialtechnique to further improve impact analysis. In [104],Kagdi and Maletic further refine the idea by proposing toconvert the source code into an XML representation usingsrcML to enable source code dependency analysis. Theauthors plan to use the mining tool sqminer and the diff-toolcodeDiff to mine fine-grained co-changes at code level. Thelast step is focused on matching the granularity of entitiesobtained through MSR and traditional analysis to incorpo-rate both results by either forming the union (DisjunctiveApproach) or intersection (Conjunctive Approach) of bothsets.

The approach of German et al. [105] is aimed at identify-ing parts of a program which have been forgotten to change,by utilizing prior code changes to determine what functionshave been modified. The approach is based on the con-struction of a dependency graph for each function, whichcontains all invoked functions (similar to a call graph), bydefining a window of interest which contains a sequence ofchanges. This change information is extracted from versioncontrol systems by comparing subsequent versions of theprogram. Each changed node of the dependency graph ismarked as changed, whereas all successor nodes are markedas affected. Unmarked nodes and nodes outside the area ofinterest are pruned using the following two metrics: ratioof affected functions, and ratio of changed functions. Theresult of this process is a change impact graph (CIG), whichvisualizes the impacted elements and can be used for furtherjudging the effects of a change.

Canfora and Cerulo [106] want to combine the infor-mation stored in CVS and Bugzilla3 to improve impactanalysis. The authors combine MSR with IR techniques tobridge between both data sources. Therefore, the authorsassume that commit reports and previous change requestswhich focus on a certain file are a good indicator to predictfurther changes of the same file. The proposed approachcomputes the similarity between old and new change re-quests, which is based on textual similarities of bug reports,feature proposals, commit messages, and change requeststhemselves. The computation of similarities uses standardIR procedures, such as stop word elimination, word stem-ming, and a probabilistic IR comparison algorithm. Finally,a ranked list of files is presented to the developer listinglikely candidates.

3http://www.bugzilla.org/

Page 16: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Both authors present a refinement of their approach in[107] to enable more fine-grained analysis. The improvedapproach recovers the history of source code modifications(added, removed, and changed LOC) from CVS, and createsa line history table, which states when each LOC wasmodified. Therefore, they are storing each LOC togetherwith related free text (e.g. comments). The associationbetween free text and LOC is established by an indexingprocess, which generates a ranked list of code entitiesthrough IR techniques. The index process is comprisedof free text analysis, building document descriptions, andscoring each document description to match documents andcode. Free text analysis divides free text into a sequence ofindex terms, which is compressed by word stemming andstop word elimination. Obtained index terms are countedper document to build the document description, which isthen used to describe each source code file together witha change request. Finally, a scoring function is applied tomatch the document descriptions with related lines of code.

A typical limitation of existing MSR-based techniquesis the large amount of data which is spread over a longperiod of time, which typically complicates the mining ofassociation rules. Ceccarelli et al. [108] propose a newMSR approach which is combined with a statistical learn-ing algorithm to overcome this limitation. The proposedmethodology infers mutual relationships between softwareartifacts and utilizes the Granger causality test to identifyconsequent changes. Evolutionary dependencies betweenmultiple time series are captured using the Vector Auto-Regression model, whereas the Granger test is used toidentify changes which are useful for forecasting futurechanges of other software artifacts. Canfora et al. [109]extend the work presented by Ceccarelli et al. [108] by per-forming a more detailed case study, including the analysisof the Firefox web browser. However, the average precisionachieved with the Granger test is below 25% in two of fourstudies, at approximately 25% for one study and 60% forthe fourth study, while recall is also between 15% and 60%.

Kabaili et al. [110] investigate how developers can evalu-ate the changeability of object oriented software, based on aformal model for impact detection proposed by Chaumun etal. [69]. The developed extension of the model encompassesimpact analysis and regression testing by analyzing classes,methods, and variables of a program. According to theutilized impact model, the impact of a change depends onthe type of the change and the type of relation betweentwo program entities. The process of computing rippleeffects begins with identifying directly affected classes.Indirectly affected classes are then computed by analyzingthe relations between affected and related classes, whileconsidering the type of change. The identification of af-fected regression tests to be re-executed is achieved in asimilar fashion, based on affected classes.

The contribution of Queille et al. [111] is twofold. First,they separate the definition of impact analysis from programcomprehension. Secondly, they develop an impact analysis

model which is based on propagation rules and programdependencies. The proposed impact model is based onstatic source code analysis, i.e. the extraction of a programdependency graph, which is combined with closeness infor-mation of textual entities. They define a set of propagationrules for the computation of change impacts, which isbased on the dependency graph and is implemented intheir IAS prototype tool. Barros et al. [112] continue thework of Queille et al. by refining the concept of impactrules and providing steps required for an interactive impactanalysis process. The extended rule concept distinguishesbetween rules which result in a strict impact, and thosewhich result in a potential impact, by assigning a virtualorder to potential impacts when recursively propagatingchanges. Barros et al. enhanced the IAS tool by reactingon developer feedback to enable interactive impact analysis,i.e. allowing developers to invalidate proposed impacts andedit the dependency graph.

The goal of the work presented by Huang and Song[113] is to combine static dependencies and dynamic sourcecode analysis to improve the precision of impact anal-ysis. The proposed dynamic approach calculates impactsaccording to binary dependency information gathered atruntime, by collecting execution traces and consideringdifferent entry and exit types (e.g. method entry withoutpassing arguments). The impact of method body changesis then computed as follows. First, the execution-after set iscalculated for the changed method. Secondly, the approachconstructs a dependency graph for the changed methodand adds all related methods to the impact set, accordingto the relation between them, e.g. returns into or passesparameter. In contrast, the impact of method interfacechanges is calculated as follows. First, recorded executiontraces are searched for method entry events of the changedmethod. A backwards trace is then computed to identify themethod’s caller, and both methods are added to the impactset. Finally, the impacts of atomic changes of attributesare calculated by determining methods which depend onthem and adding transitively related methods to the impactset. Huang and Song later improved the first version oftheir methodology and implemented the approach in theJDIA tool [114]. They added support for the identificationof runtime inheritance relations, which is achieved byidentifying how the inheritance hierarchy is reflected in anexecution trace. Therefore, they monitor constructor callsand investigate the differences in event sequences of certainJava-instantiation rules to identify inheritance relationships.

Walker et al. [115] propose a new approach to assessand communicate technical risks, which is based on weaklychange estimations, historical change behavior, and thecurrent structure of the software. The approach is built ona probabilistic algorithm, which is combined with depen-dency analysis and history mining. A structural dependencygraph is constructed where each edge is annotated withthe probability of propagating changes from the source tothe target node. The initial probabilities are computed by

Page 17: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

extracting atomic change sets from CVS repositories andcounting how often two entities changed together. Theseinitial probabilities are then propagated through the graphusing a modified version of the Dijkstra-algorithm. Oncethe graph and all probabilities have been computed, theTRE tool presents the graph to the developer who thendecides which entity is truly impacted, based on assignedprobabilities.

Similar to the work of Huang and Song [113], [114],Maia et al. [116] propose a new approach to combinestatic and dynamic impact analysis to improve the detectionof impacted entities, and to reduce the number of false-positives. The approach combines execution after sequenceswith the analysis of program dependencies for impactprediction. First, a dependency graph is extracted fromsource code while using a fixed distance to cut off branches.Secondly, execution after sequences and frequency informa-tion are recorded to derive further dependencies (successionrelations) for impact analysis. The required frequency in-formation are collected by counting the number of callsper method, as long as the successor-stop-distance has notbeen reached. Finally, results of both steps are joined andranked based on the impact factor gained in the 2nd step,where the impact factor is the probability of an entity beingthe successor of an event in the change set, obtained bydynamic analysis.

Wong et al. [117] emphasize the importance of con-sidering the temporal dimension of history when miningchange couplings from version history, as the choice ofthe timespan to be analyzed impacts the achieved results.The authors provide a formalization of logical couplings asstochastic processes, which are based on Markov chains,and define families of stochastic dependencies. The pro-posed methodology applies a sliding window approach,which equals a discrete k-th order Markow process tolimit the length of the historical data which should beanalyzed. The probability of dependencies is computedby a smoothing function, which controls how much eachtransaction contributes to a dependency. This is achievedby preferring recent history over distant history. Stochasticdependencies obtained through this process are then usedto reason whether an element will be impacted or not.

By combining information retrieval (IR) and evolutionarycouplings for impact analysis, Kagdi et al. [118] provide adeveloper centric technique which focuses on identifiers,comments, and other source code entities. Their approachobtains conceptual information using IR techniques, andmines evolutionary information (co-change patterns) fromversion control repositories. The process of identifyingpossible impacts starts with computing conceptual cou-plings between entities of the same program version (themost recent version) using IR techniques. Next, evolu-tionary couplings are mined from version history whilenot considering the current (most recent) version. Themining process consists of itemset mining, as the order ofentities is not important and fine-grained change sets are

searched for evolutionary couplings. In a final step, bothcoupling information are combined to predict the impact.However, it still remains an open question whether to usethe intersection or union of both as shown in earlier workof Kagdi and Maletic [104].

Sun et al. [119] propose a static impact analysis tech-nique called HSMImpact, which is based on hierarchicalslicing models. They apply a stepwise slicing algorithmon four types of hierarchical dependency graphs: package-level dependency graph (PLDG), class-level dependencygraph (CLDG), method-level dependency graph (MLDG),and statement-level dependency graph (SLDG). The en-tire HSM analysis process consists of three steps. First,hierarchical change sets are defined at different levels ofgranularity. Secondly, the slicing algorithm is applied usingappropriate slicing criteria for each level of granularity, e.g.variables or classes. Finally, hierarchical impact sets arecompute ranging from package to statement level.

The aim of the master thesis of Mohamad [120] isto improve program comprehension by applying impactanalysis techniques, where the actual impact analysis isachieved with the help of program slicing and traceabilitylinks. The approach of Mohamad is based on the CATIAtool developed by Ibrahim et al. [121]–[123]. It supportsimpact analysis by visualizing program dependencies andtraceability links, which are used to trace changes acrossdifferent entities of the program. The author enhanced thetool by providing a graph view for impacted elements,which replaced the former textual output of CATIA.

The PhD thesis of Kagdi [20] is build upon a compre-hensive survey of MSR approaches conducted by Kagdiet al. [19], and the work presented by Kagdi and Maleticin [102]–[104]. The author proposes an approach to mineevolutionary couplings from version histories, which iscombined with static dependency analysis of single versionsto improve coupling detection. The goal of his work is tobuild a holistic approach for software change recommenda-tion, by validating the outcome of dependency analysis withresults achieved by MSR techniques. The mining processis comprised of training and validation phases. The trainingprocess mines a certain potion of the version history to inferchange couplings between software entities. The validationprocess then examines extracted couplings to check whetherchanges were predicted correctly. Apart from impact anal-ysis, his thesis also addresses the application of MSR formining traceability links from software repositories, andother related tasks.

Lee [124] investigates the additional challenges of rippleeffect analysis in object oriented software, which due toits nature and many hidden dependencies, is more compli-cated than ripple effect analysis in procedural programminglanguages. The contribution of her PhD thesis is a set ofobject oriented data dependency graphs, impact analysisalgorithms, and evaluation metrics, which have been imple-mented in the ChaT tool. The proposed algorithms, such asFindEffectInClass or FindEffectByInheritance, rely on the

Page 18: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

computation of the transitive closure of object oriented datadependency graphs (OODG), which are based on controland data flow information extracted from the program. Thealgorithms analyze relationships among components andweight them according to the type of relation, which isexpressed by a set of impact propagation rules.

Similar to the work of Kagdi and Maletic [102], [103],Hattori et al. [14] combine traditional impact analysis andMSR by applying Bayes’ theorem to combine results com-puted with both techniques. First, their approach computesa dependency graph that represents the source code anduses dependency types like contains, isAccessedBy, andmany others. A reachability analysis is then applied onthe graph to estimate possibly impacted elements. Next,a MSR approach using a sliding window of 200 secondsis used to extract change sets. Computed change setsand possibly impacted entities are then analyzed by aprobabilistic algorithm using Bayes’ theorem to removefalse-positives, which is based on the frequency of commits.In a final step, the Apriori and Disjunctive AssociationRule (DAR) algorithms are used to weight and sort possibleimpacts according to their likelihood. As a result of theirconducted case study, DAR turned out to be more reliableand less resource consuming then Apriori when analyzingfine-grained entities.

Many software systems are comprised of different mid-dleware and other COTS components, which communicatevia messages. Popescu et al. [125], [126] are concernedwith analyzing impacts which spread across system bordersdue to message communication in event based systems.Their approach analyzes control and data flow to iden-tify incoming and outgoing message interfaces, and dis-tinguishes between inter-component and intra-componentdependencies. Inter-component dependencies are collectedwhile analyzing incoming and outgoing component inter-faces and matching message types of sinks and sources. Incontrast, the intra-component dependencies are identifiedby calculating a call graph which is annotated with messagetypes and access permission information to analyze themessage control flow within a component. Finally, bothdependencies are merged into a system dependency graphwhere reachability analysis is used to detect impactedentities.

10) Other Technologies: There are two studies whichcannot be classified according to their utilized technology,as one is using a unique method [127], and the other studyprovides no details on the utilized method [128].

The approach of Moonen [127] introduces a lightweightimpact analysis technique, which is based on the conceptof island grammars, and provides a reusable and generativeframework for impact analysis. The author developed theISCAN tool, which uses a extract-query-view-approach andconsists of a parser, a repository, and a user interface. Theparser utilizes syntactical analysis which is based on islandgrammars and consist of two parts: the detailed productions(the language constructs of interest; the islands) and the

liberal productions (the remainder of the input; the water).In this case, the language constructs of interest are COBOLdata fields. The remainder of the code, which is not relatedto these data fields is considered to be water. The techniqueof island grammars brushes aside non interesting parts ofthe code to speed up the analysis. Every entity whichremains in one island after brushing aside the water isreported to be impacted by a change.

Hoffman [128] investigates the complex nature of re-lationships in object oriented software, which are causedby information hiding, encapsulation, polymorphism, andrelated concepts. The author concludes that developers mustbe able to trace such relations, as they support the testingand understanding of software. The proposed approach isbased on a multistaged process, the comparative softwaremaintenance (CSM) methodology. CSM enables developersto determine the components of a system and their rela-tionships. It allows to model components as extended lowlevel software architecture (ELLSA), which creates a virtualsoftware system and can be used for predictive impactanalysis (PIA). It further allows to compare the ELLSAmodel structure for PIA and comparative impact analysis(CIA) to determine affected components, and to instrumentsource code for checking test execution coverage. CSMperforms change analysis as a base for impact analysisand is implemented in JFlex, which scans source filesand compiles obtained data into the ELLSA model. ThisELLSA model (a copy of original system) can be used toask ”what if” questions (PIA) and enables the comparisonof two different versions of ELLSA model.

C. Architectural Models

Existing impact analysis techniques require source codeor architectural representations in order to predict changes.However, such data is not always available for all softwaresystems or they are not useful for the person performingthe impact analysis (e.g. a requirements engineer might findit hard to analyze source code). Therefore, Aryani et al.[129], [130] propose an approach to predict the changepropagation based on information which are visible andunderstandable to domain users. The approach operateswithout requiring access to source code or developmenthistories, as it derives information from user manuals andexpert knowledge, and stores them in a weighted depen-dency graph. Logical relations between domain functions(functions provided to users), domain variables (data withclear meaning at domain level, e.g. a date) and user inter-face components (contains at least one domain function) areused to derive the dependency graph, and enable to reasonabout change propagation, using reachability analysis.

The work of Briand et al. [131], [132] is concerned withkeeping the architecture of a software system in a consistentstate and synchronized with the underlying source code.Therefore, the authors propose an impact analysis approachfor architectural models, which operates on UML modelsand supports the entire UML2 specification. The authors

Page 19: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

use OCL4 to express explicit rules, which are used to searchfor impacted elements, where a set of 97 OCL rules isprovided in [131]. The propagation of changes to indirectlyrelated software entities is controlled by a distance measure,which is used to either cut off the change propagation orto weight impact paths according to their nesting depth.Another contribution of their work is a taxonomy of changetypes proposed in [131], which provides three elementalchange types: add, remove, and change.

Analysis and design models must change when softwareevolves. Which elements of design models should changedue to a given change, and which elements changed to-gether and are likely to do so again are the motivatingquestions for the work of Dantas et al. [133]. Their pro-posed methodology uses historical information to uncovertraceability links between UML models, based on minedassociation rules. Each traceability link can be enhancedwith the information who, when, where, why, what, andhow it was changed to support the developer. The actualmining of association rules is based on the Apriori al-gorithm which uses support and confidence metrics, andminimum thresholds for pruning proposed impacts.

The work of Xing and Stroulia [134]–[136] is focusedon the evolution of UML class diagrams. The motivationfor their work is the insufficient support of diff -tools forthe differencing of logical models. Existing tools are onlyable to perform a line-based differencing which is not suit-able for hierarchical models. However, understanding classevolution is essential for understanding the current designof the software. Thus, they developed the UMLDiff toolwhich provides fine-grained change information betweensubsequent versions of a class diagram. The tool allows toextract hidden evolutionary dependencies between classesand creates class evolution profiles which can be used topredict future changes.

Current visualization approaches are useful for under-standing software evolution, but they assume that evolutionof a system can be displayed as an unbroken sequenceof time, which does not hold for every system [137].McNair et al. [137] developed a lightweight approach toexamine the impact of changes on a system’s architectureby visualizing ripple effects and incomplete histories, whichis implemented in the Motive prototype. The required in-formation are collected by analyzing a development periodwithin a certain timeframe. This is achieved by prepro-cessing data from CVS repositories to compute the impactof a change-set by scanning files which were modifiedby this change. Motive then uses these information todisplay software as a graph and annotates entities as eitheradded, deleted or phantom objects (added and deletedwithin analyzed timeframe) to visualize the evolution ofthe system.

Many systems are interconnected with other softwarecomponents, as they offer special interfaces or services.

4http://www.omg.org/spec/OCL/

Changes to one system or its interface are therefore likely toaffect connected systems as well. However, it is difficult toestimate the impact of changes, which are spread acrosssystem borders. Yoo and Choi [138] propose an XMLbased approach for Interface Impact Analysis, which buildsa common information architecture between connectedsystems to facilitate impact assessment. Their approachtranslates system specific messages into a more comprehen-sible and extensible XML format, and constructs a messagedependency graph to keep track of system communicationand data exchange. Message flow between components isrecorded and a interface message filtering algorithm is usedto prune paths of messages, which are of no interest forthe current change. The obtained message communicationgraph can then be used to assess the impact of a changeon related systems.

Enterprise architectures combine organizational struc-tures, business processes, and the actual software architec-ture. A single change can affect many different domains ofenterprise architectures, since these combined structures arevery change prone. Therefore, de Boer et al. [139] analyzeand assess impacts on the enterprise-level of an architecture.The proposed analytic process is based on an enterprisearchitecture modeling language called ArchiMate, which isa combination of Testbed (a business modeling language)and UML concepts at a very general level. It features abusiness layer, an application layer, and a technology layer.Architectural entities and dependencies between them arestored in a dependency graph to enable impact analysis,which is based on the tree architectural layers supportedby ArchiMate.

Vora [140] defines an architectural modeling style calledtemporal control flow rule-based architecture (TeCFRA)and a corresponding ADL called TeCFRADL. Both areused to model the design and evolution of software ar-chitectures, while supporting non-functional properties atcomponent level. TeCFRA consists of an execution andevolution management framework. The execution frame-work provides external control flow graphs, which allow forflexibility during the analysis and are focused on methodinvocations. This enables developers to separate applica-tions into activities and tasks, where the later correspond tomethods and method calls. Control flow rules are then usedto compute the impacts of changes, based on the controlflow graphs. The evolution management framework on theother hand captures dependencies between architecturalcomponents by mapping evolution specifications to ADLspecifications, which contributes to the process of impactanalysis.

Analyzing the static structure of component-based soft-ware architectures is an important step of architecturalimpact analysis, which can further be improved by incorpo-rating dynamic UML diagrams, such as sequence diagrams,into the analysis process. Feng and Maletic [141] proposean approach to support dynamic impact analysis on thearchitectural level by providing a taxonomy of changes

Page 20: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

in component-based architectures, and a set of impactrules to transfer changes among affected components. Theirapproach derives component interaction traces from com-ponent diagrams and sequence diagrams, which are slicedby impact rules to obtain the set of affected entities. Theproposed taxonomy for change types distinguishes betweenatomic changes such as the addition or deletion of an entityand compound changes. The approach is implemented inthe SOCIAT tool.

The goal of Tang et al. [142] is to record architecturaldecisions in a structured way, as design rationale is oftennot documented and therefore getting lost. However, suchdecisions are a useful source for later impact analysis.Tang et al. use the architectural rationale and linkage model(AREL) to capture design decisions and design elementson an architectural level, based on their earlier work onthe architecture rationalization method (ARM). The authorsanalyze causal relationships between architectural elementsto perform what-if reasoning with elements and relationsof the architecture, which are modeled as Bayesian beliefnetworks (BBN). The transformation of architectural ele-ments and relations into a BBN is achieved by mappingARM elements to BBN nodes, and ARM relations toBBN edges. The architect then assigns initial probabilitiesto elements by making estimations, which are based onpersonal experiences and architectural assessment. Finally,the BBN and Bayes’ theorem are used to compute thelikelihood of a change, which also depends on the typeof dependency between two entities.

Zhao et al. [143] observed that the affects of changesdo not limit themselves on source code, but also spreadacross architectural models and other design documents.They emphasize the need of addressing the question ofimpact analysis on an architectural level by expanding tooland method support. The authors propose an approach forautomated change effect assessment, which is based on aformal architecture specification using the WRIGHT ADL,and define new slicing and chopping methods for softwarearchitectures. The approach infers information flow withincomponents from WRIGHT -descriptions to construct anarchitectural flow graph. This graph is then used to computearchitectural slices to reveal possibly impacted entities.

Approaches which are trying to predict and assess rippleeffects based on historical data alone suffer from incom-plete and inconsistent version histories. Therefore, Wongand Cai [101] propose an approach to extract logicalmodels from UML class diagrams and combine themwith historical information from software repositories. Theproposed approach is based on a logical framework calledaugmented constraint network (ACN), which is used tomodel design decisions and their relations. UML elementsare transformed into ACNs, where relations are added asconstraints, and the interface and implementation of a classare added as variables. Impacted elements are identifiedby weighting classes according to their number of ACNs,where more sub-ACNs result in a higher rank. The distance

between two classes also influences the weight, as closelyrelated classes receive a higher ranking. Obtained weightsare multiplied with the co-change frequency of entities,which is mined from version histories. Finally, the tenhighest ranked elements are reported to the user.

van den Berg [144] proposes an approach for impactanalysis, which is based on traceability relations betweenelements of software artifacts. The author provides formaldefinitions of specific dependency types, and an algorithmwhich computes and stores dependencies in matrices. Theapproach computes traces between dependency matrices ofdifferent entities in a double-staged process: the matricesare multiplied and a crosscutting matrix is derived from theobtained product. A crosscutting dependency is defined asa relation where both, source and target node, are involvedin other relations as either source or target. The proposedapproach also allows for multiple levels of dependencies, byapplying a series of matrix operations. Identified crosscut-ting dependencies are then used to detect possibly impactedelements.

D. Requirements Models

Changing customer needs and constantly changing tech-nology demand for impact analysis on the level of soft-ware requirements [145]. A study which investigates theinfluence of requirements changes in evolutionary devel-opment was conducted by Nurmuliani et al. [146], whoconcluded that late additions of requirements are likelyto inflict high costs and long delays in software devel-opment. Thus, requirements impact analysis is essentialto assess the possible costs and affects of introducingnew requirements or of changing existing requirements.Further, a graphical representation of requirements, basedon a requirements modeling language, is often consideredas helpful for understanding and changing them. How-ever, it is not clear if it really improves the detectionof impacts among requirements. Mellegard and Staron[147] conducted an experiment to find out how graphicalrequirements models influence impact analysis. Therefore,the authors examined differences between traditional text-based requirements and requirements models. The authorsuse a domain specific modeling language called graph-ical Requirements Abstraction Model (gRAM) for com-paring against textual requirements. The gRAM languageprovides four levels of requirements-abstraction: product-requirements, feature-requirements, function-requirements,and component-requirements. gRAM further supports threetypes of traceability-links to connect requirements: owns,satisfies, and depends-on. Eighteen students took part inthe experiment, and Mellegard and Staron measured the re-quired effort, achieved accuracy, and perceived confidencewhile changing requirements, presented either as text orgRAM models. The use of graphical models resulted inconsiderably decreased analysis time, but slightly decreasedaccuracy on the other hand.

Only little work has been spent on creating suitable

Page 21: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

impact analysis techniques for requirements, which is dueto their abstract nature. Lock and Kotonya [148] proposea hybrid technique, which combines traceability links andprobability estimations for analyzing the impacts of re-quirements changes. First, traceability links are extractedfrom the project and combined to a single traceabilitygraph. Each link is further annotated with a probabilityvalue, expressing the likelihood that the link will propagatechanges. This probability value is based on developerexperience gained through case studies, and is a measure forhow often this impact path was taken by former changes.The result of this process is the final impact propagationgraph, which enables the propagation of changes based onweighted traceability links.

ten Hove et al. [149] investigate the role of traceabilityfor requirements impact analysis and distinguish betweenthe domain (what the stakeholders want to be modeled) andthe actual model, which is used by analysts and containsknowledge for certain purposes. Their proposed approachconsists of two phases: the validation of external inconsis-tencies, which define differences between the domain andthe model, and the actual model change. External incon-sistencies are evaluated by identifying domain changes andsplitting them into sets of primitive and atomic changes.A set of impact rules is then applied to propagate changesacross the model. The final model change is achieved bymapping and implementing the detected external inconsis-tencies onto the model.

Hewitt and Rilling [145] analyze scenarios and compo-nents, which are stored in use case maps (UCM) [23] toassess the impact of requirements changes on a system,where UCM scenarios provide information how systemcomponents interact to fulfill the requirements. Their pro-posed approach is based on dependency analysis amongUCM scenarios and components, and operates as follows.First, scenarios are related by common functionality, wherefunctional groups of scenarios are created that carry out thesame goal. Secondly, forward and backward dependenciesof components are determined and the transitive closureof the obtained dependency graph is computed to enableimpact propagation.

Similar to the work presented by Hewitt and Rilling[145], Hassine et al. [150] analyze the impact of require-ments changes based on UCM models. They introduce anUCM slicing algorithm to enable early analysis and lo-calization of changes. Therefore, they define dependenciesbetween UCM elements and group them by functional,temporal, containment, and component dependencies. Theproposed slicing algorithm tries to isolate a set of scenariosand is based on dependencies, which is similar to sourcecode slicing which isolates statements affecting a programvariable. The scenario slicing algorithm is implemented inthe CIA tool, which allows users to decide what they wantto change and assess, e.g. adding or removing a functionor changing a behavior.

Goknil et al. [151] propose a metamodel for require-

ments, which is based on well defined requirements rela-tions to enable the tracing of changes for impact analysis.The metamodel contains four types of relations (refine,require, conflict, contain) and supports the addition of newrelations as specializations of existing ones. They combinethe knowledge of change types (e.g. ”add a requirement”)with the type of relation (e.g. ”A contains B”) to proposepossible impacted elements, and provide information howthey are impacted (e.g. ”X must be deleted”) by establishinga set of impact rules, which operate on traceability relations.

The automated handling of traceability relations forimpact analysis is the driving force of the work of Leeet al. [152]. The authors propose a goal-driven traceabilityapproach for analyzing requirements, which combines theconcepts of goals and use cases. The utilized goal concept isvery similar to GRL [23], as it distinguishes between rigidgoals and softgoals (GRL contains goals and softgoals).Goals and use case are connected via three different trace-ability relations (evolution, dependency, and satisfaction),which are stored in a design structure matrix. Impactedentities can then be determined by applying a reachabilityanalysis on the matrix.

According to the work of Spijkerman [153], requirementsare subject to frequent changes right from the beginning,as they are the first artifacts of the software developmentprocess. The author exploits the semantics of requirementsrelations to perform impact analysis by establishing aclassification of requirements changes. The contribution ofhis thesis is a refinement of requirements relations, whichare captured by traceability links and a set of impact rulesthat distinguish between different types of traceability linksto facilitate impact analysis.

The PhD thesis of Jonsson [154] explores impact analysisin the light of requirements, and presents organizationalviews of impact analysis. One central result of his thesisis that most studies focus on technical views of impactanalysis, thereby neglecting organizational views, such ashelping to understand how impact analysis is actually usedin practice. The author further discusses twenty differentuses for impact analysis in software development, e.g. ana-lyzing system impacts or time-cost-tradeoffs, and proposesan information retrieval based approach for impact analysis.The proposed IR approach uses latent semantic indexing(LSI) in combination with a term-by-document matrix toassociate terms with documents. Once the indexing processhas been completed, inferred relations can be used forimpact analysis.

O’Neal and Carver [155] analyze the affects of changeson already completed work products, and compare re-quirements changes based on their severity. The authorspropose an impact analysis approach, which is based ontraceability and a method to prioritize requirements changesbased on an impact metric. The impact metric analyzestraceability links between work products and requirements,which are annotated with additional properties. A developercan assign the following properties: complexity of the work

Page 22: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

product, effort to create the work product in person hours,development phase in which the work product was created,and the influence of the source work product on the targetwork product. The impact metric is then used to calculatethe required effort of changing existing work products,where changes are further grouped into fuzzy compatibilityclasses by ranking the mean of impact metrics on theclasses of a work product.

In later work, O’Neal [156] proposes an predictiveapproach for requirements impact analysis, which is alsobased on traceability, the Trace-based Impact AnalysisMethodology (TIAM). TIAM utilizes traceability links anda requirements change impact metric to assess the impact ofrequirements changes. The proposed methodology operateswith different types of changes, each having a differentimpact, and generates a set of potentially impacted workproducts for each requirements change. The predictionprocess operates in different steps and starts with groupingwork products by a fuzzy-algorithm. Secondly, the impactmetric is applied on work products to calculate their impactvalues. The obtained set of work products is then orderedaccording to the impact value to evaluate the risk ofimplementing a requirements change.

E. Miscellaneous Files and Artifacts

Antoniol et al. [157] focus their effort on extractingco-changing files from CVS repositories. Their approachenables impact analysis on file level, as co-changing filescontain non-trivial dependencies, which are otherwise hardto determine. The proposed approach extracts file historiesfrom CVS repositories, according to the time window ofinterest. Then, Dynamic Time Warping (DTW) is usedto compute the distance between pairs of histories bycomputing non-linear mappings of one history to another,and by minimizing the distance between them. Finally,obtained distance measures are used to group and filtersimilar evolution histories, in order to detect groups of co-changing files and to trace how long they have co-changed.

Clusters of artifacts which frequently change together aregood candidates to be grouped in subsystems, and can beused for assessing the impact of changes on single artifacts.Beyer and Noack [158] propose a two-staged methodologyfor identifying artifacts which should form a subsystembased on their co-change behavior. The authors deriveseveral requirements for co-change layouts, and introducea model to produce co-change layouts. They extract aco-change graph from version control repositories, whichcontains vertices (files) and edges (change transactions).The computed layout of the graph reveals clusters of co-changing artifacts, as each edge is labeled with the degreeof co-change between two nodes.

Askari and Holt [159] propose three algorithms to predictthe likelihood that a certain file will change, where onealgorithm also detects co-changing file patterns. The algo-rithms extract change information from CVS repositories,count the number of modifications for each file, and sort

them into a list. This list is used to create a sequence offile changes which based on the Most Likely Estimation(MLE) model, can be used for change prediction. The 2ndalgorithm enhances the concept of MLE with Reflexive Ex-ponential Decay (RED), which decreases the rank of eachfile periodically if the file is not modified again. The 3rdalgorithm, RED-Co-Change (REDCC), is an improvementof RED which integrates co-change information into theprediction process by updating the rank when co-changingfiles are modified. Developers concerned with impact anal-ysis can benefit from the ranked list, as the highest rankedfiles are worth to be inspected when changing the software.

Most impact analysis techniques are limited to sourcecode, and do not consider non-source files. Thus, Sherriffand Williams [160] propose an impact analysis approachwhich is able to analyze any type of file, and is not restrictedto source code files only. Their approach extracts changerecords from a repository, compiles them into a matrix,and computes association clusters through singular valuedecomposition. Each file of a cluster is weighted accordingto its degree of participation in the cluster. High singularvalues are a good indicator that a file will be affected bychanges to other files of the same cluster.

Jashki et al. [161] share the same motivation as Sher-riff and Williams [160], and extend impact analysis tofiles other than source code files. Their approach analyzeschange logs from software repositories to derive mutualfile manipulations, which are then stored in a matrix.Secondly, Principle Component Analysis (PCA) is appliedto reduce the dimension of the matrix in order to reducethe complexity of further analysis steps. Finally, clusters ofclosely related files are identified by applying five standardclustering algorithms (K-means, X-means, Spectral cluster-ing, EM, DBscan) on the reduced matrix.

Configuration Management Databases (CMDB) providean alternative to version control repositories such as CVSor SVN when mining change-couplings. Nadi et al. [162]extract historical change data from a CMDB system, anduse support and confidence measures to assess how closelytwo entities are related. In this context, support states howoften two entities changed together where confidence isthe ratio of co-changes compared to the total amount ofchanges of one entity. Both measures are stored in separatematrices and enable a transitive reachability analysis. Thereachability analysis is supported by three different pruningtechniques: minimum support, minimum confidence, andexponential forgetting, which utilizes the concept of half-life time to forget about coupling information from changeswhich took place long ago.

F. Combined Scopes

The work of Kim et al. [163] is focused on impactanalysis for product-line development in huge companies,which requires assessment of source code and architecturalmodels once basic components have changed. The proposedimpact analysis approach for software architecture and

Page 23: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

source code is build on the concept of reflexion models,as proposed by Murphy et al. [164], [165]. The simplifiedreflexion model is computed as follows. First, a hypoth-esized high-level architectural model is defined, which isthen mapped to the extracted source code model, usingmapping rules. The resulting model is then analyzed usingdependency and reachability analysis. The proposed processhas been implemented in the iCIA tool, which is capableof visualizing impacts and the computed reflexion model.

An approach which determines, whether code changesimpact the system’s architecture is proposed by Hammad etal. [166]. Their aim is to keep the architecture synchronizedwith source code, therefore applying impact analysis onboth levels. They distinguish between code changes thataffect the design (e.g. ”add a method”), and such whichdo not affect the design (e.g. ”change a control loop”).Their approach ignores changes that do not affect design,which is achieved by applying the tool srcTracer. The tooltransforms source code into XML using the srcML tool,and identifies changes by applying the srcDiff tool on theXML output. Rules encoded as XPath queries are then usedto identify changes that impact the design. For example, ifa rule detects a class in code which is not represented indesign models, a design change took place and there is animpact on the architecture.

Sharafat and Tahvildari [167], [168] propose a proba-bilistic approach to enable the change prediction of classes,which is based on analyzing UML class diagrams andJava source code. Their approach combines dependencieswhich have been extracted from UML class diagrams andsource code metrics. They distinguish between internaland external dependencies, where internal dependenciesare computed with source code metrics, and external de-pendencies require comprehensive analysis. Cyclic externaldependencies are resolved by either applying systems of lin-ear and non-linear equations [167] or by using depth-first-search [168]. Once all dependencies have been resolved,the probability of internal changes and the probability ofpropagating external changes is computed based on Bayes’theorem. However, probabilities must still be normalized, asthe authors assume that internal changes which took placein different development periods are independent of eachother.

The use of COTS components adds new challenges to themaintenance of software, as the black-box nature of suchcomponents decreases the usefulness of most impact analy-sis approaches. However, without proper analysis of COTScomponents, software is hard to maintain and adapt tochanging requirements. Therefore, Hutchinson et al. [169]define a process for COTS-based software development:component oriented software engineering method (COM-POSE). COMPOSE is comprised of an ADL (CADL )and a model for impact analysis, which is based on theADL. The system’s architecture is described in CADLand linked with requirements via traceability relations.Based on dependencies expressed as traceability links,

they conduct a simple reachability analysis on the CADLgraph to determine possibly impacted entities. Kotonyaand Hutchinson [170] extend COMPOSE, as presented intheir earlier work [169]. COMPOSE is transformed into acyclic process, which includes a verification of the softwareafter each step. An additional intermediate layer is addedto CADL to facilitate the mapping between componentsand requirements. Furthermore, they distinguish betweendirectly affected (connected to a changed entity), secondaryimpacted (connected via CADL with an impacted element),and peripheral impacted entities.

Business processes undergo many changes, which mustbe reflected on the source code of the underlying businessapplication. However, mapping such changes to sourcecode is not trivial. Therefore, Xiao et al. [171] investigateimpact analysis in the scope of business processes in serviceoriented business applications. Their approach combines theanalysis of requirements encoded in BPEL, and source codeanalysis via call graphs. Data and control dependenciesbetween BPEL elements are analyzed by a set of impactrules to determine the impact of a change, while a call graphis constructed from the underlying source code. Impacts ofBPEL elements are mapped to methods, which then act asstarting impact set for source code impact analysis. Changesare then propagated through the call graph, where a distancemetric is used to estimate the likelihood of impacts.

The work of Bohner [37], [172] is concerned withimpact analysis in systems, which are composed of existingsolutions, as more software is build upon middleware andother preexisting components. The author proposes the useof a dependency graph and a dependency matrix, whichare combined with a distance measure to limit the impactpropagation. The author further discusses the use of XMLto facilitate impact analysis in COTS software. Bohnerand Gracanin [173] extended this work by focusing onpossibilities for 3d visualization of impact relations anddependencies between software entities.

Khan and Lock [174] are concerned with tracing require-ments to architecture, and utilizing these traces for impactanalysis. They investigate, whether concern-based depen-dencies help to identify unstable components and anticipatechanges. A taxonomy of dependencies is established as thebasis of their proposed impact analysis approach. Depen-dencies are divided into goal, task, service, conditional,infrastructural, and usability dependencies, which can over-lap, intertwine or confirm to each other. Their approachuses concentration metrics to measure how often entitiesare connected via a certain dependency type to evaluatetheir likelihood for being impacted.

Yu et al. [175] propose the concept of requirementschange probabilities to estimate whether a change to onecomponent will spread to other components. Architecturalcomponents are extracted and compiled into a N × Nmatrix, which is used to store the propagation probabilitiesbetween pairs of components. The required probabilities arepredicted by applying three metrics on each component:

Page 24: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

backward functional call dependency (How many func-tions of this component are called by other components?),forward functional call dependency (How many functionsfrom other components are called by this component?), andtotal functional call dependency (both combined). Impactedcomponents can then be determined by applying a mini-mum probability threshold.

When changing software, it requires testing to verify thecorrectness of implemented changes. However, executingall test cases again after each change is not feasible inpractice. Regression testing is required to identify thosetests which are affected by a change. Briand et al. [176]propose an approach for regression test selection, which isbased on impact analysis of software architectures modeledin UML. They distinguish between three classes of tests:reusable (the test is valid), retestable (the test is valid,but must be rerun), and obsolete (the test can no longerbe used). The software architecture is connected withregression tests through traceability links, and impacts arepropagated across the traceability relations. The impactestimation and selection of tests is based on identifyingdifferences between two versions of the system architec-ture, where UML sequence diagrams are used to identifyimpacted test cases.

von Knethen and Grund [177] emphasize the usefulnessof traceability links for software maintenance. However,there remain of couple of open questions, which limit theapplicability of traces for impact analysis: which kinds oftraces should be established, who has to establish them,and who has to analyze them? To answer these ques-tions, they investigate impact analysis based on differentstakeholder roles: project planner, requirements engineer,and developer. They developed a tool suite which allowsdifferent stakeholders to view traces and execute differentanalysis steps, where two components are of special inter-est for developers when performing impact analysis. Thecomponent RelationFinder searches entities for traceabilityrelations based on similarities of textual attributes. TheRelationViewer orders traces according to the type of therelation, and displays them as tree. The developer then hasto decide which related entities are affected based on anassessment of identified traces.

Connecting requirements, source code, and test cases viatraceability links enables comprehensive impact analysis,as proposed by Ibrahim et al. [121]–[123]. The authorsdeveloped an approach which gathers traceability relationsfrom different sources. Requirements and test cases areconnected while analyzing the system documentation. Testcases and methods are linked via test execution, wheremethods and classes are linked by static program analysis.In [121] and [122], the authors propose three traceabilitydetection techniques: explicit links (dependency analysis),name tracing (IR-based), and concept location. Ibrahimet al. [123] added a 4th technique called cognitive links[178], which enables designers to specify traces manuallyto improve impact detection. The result of this multistaged

process is a dependency graph spanning all available ar-tifacts, which can then be used for propagating changesand determining impacted elements based on reachabilityanalysis.

Looman [179] highlights that requirements are the driv-ing force when developing a system, where architectureimplements the requirements and both undergo constantchanges. The author proposes an impact analysis processfor software architectures, which is based on functionalrequirements. Functional requirements are transformed intoformal behavior descriptions that state which requirementsshould be present or absent in the current architecture.Architectural entities are then related with correspondingrequirements via traceability links, to enable impact anal-ysis by evaluating behavior descriptions. A failed behaviordescription indicates that there is a change impact betweenthe requirement and the linked architectural component.

Bridging between architecture and source code to allowfor impact analysis on both levels is the goal of the workpresented by Hassan et al. [180]. The authors propose thearchitectural software components model (ASCM), whichis able to express architectures that have been modeledin different ADLs, and the software component structuralmodel (SCSM) to couple source code with ASCM models.The approach is based on an expert system, which providesautomated impact rule management to cope with softwareevolution. The utilized expert system consists of a factbase containing the ASCM architecture, a rule base whichcontains propagation rules, and the inference engine whichapplies the rules on the fact base. The utilized rules are ableto add and remove entities, and consist of preconditions andinvariants. An entity is impacted, if a precondition is metand at least one of its invariants is violated. The detectedimpact is then propagated to its neighbors according tothe incoming and outgoing relations between the entities.The connection between architecture and source code isestablished by linking ASCM entities via projection rela-tionships to corresponding SCSM entities, which enablesthe propagation of impacts between both models.

IV. RESULTS OF THE REVIEW

The following section discusses the results of the reviewregarding the goal of reviewing and classifying impact anal-ysis approaches (Section IV-A), evaluating the taxonomy(Section IV-B), and identifying open research questions andfuture work (Section IV-C).

A. Classification of Approaches

Section III-B to Section III-F of this article are con-cerned with classifying and exploring approaches proposedfor impact analysis. The motivation and methodology of150 approaches were described to summarize their mainidea. The work presented here can therefore be used asa starting point for exploring the field of impact analysis.Furthermore, we classified the 150 approaches according

Page 25: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

to the criteria of our taxonomy [9]. Table II presents theresults of this classification process.

The classification revealed that 65% of all studied lit-erature is concerned with analyzing source code changesand the impact on source code. Only 11% analyze changesand their impacts on software architectures, another 7%analyze requirements. The impacts of changes on othersoftware development artifacts, such as documentation orconfiguration files, are investigated by 4% of all approaches.Finally, 13% include several kinds of artifacts in theiranalysis process, e.g. source code and architecture. Figure2 summarizes these findings.

98

17 10 6 19

Fig. 2. Amount of approaches ordered by the Scope of Analysis criterion

B. Evaluation of our Taxonomy

A problem of existing classification schemes, such asthe ones proposed by Arnold and Bohner [7] or Kilpinen[21], is the lack of practical evaluation, i.e. demonstratingthat the proposed classification is applicable on reviewedliterature. The evaluation of our taxonomy and its criteriawas done by checking the coverage of each single criterion.The results of this coverage analysis are depicted in Figure3 and will be discussed in the following section for eachcriterion.

100% 99% 94%

60%

91% 75% 73%

10% 22%

60%

25% 21% 13%

Fig. 3. Coverage of criteria in literature

The criterion Scope of Analysis could be retrieved fromall studied literature, as the aim of an approach is easy toidentify. The utilized technology could also be determined

from all but one approach and proposed ideas were clus-tered into the ten groups as proposed in [9]. Details aboutthe analyzed artifacts and computed results are provided bymore than 90% of all studies, whereas only 60% mentionsupported change types. However, this information mightbe required if a developer has to choose an approach.

More than 70% of all studies provide informationwhether the approach has been implemented (and by whichtool) and what programming or modeling languages aresupported by the analysis process. In contrast, only 22%of all studies provide any information about how theirproposed approach can be used for impact analysis inpractice, i.e. whether their approach is exploratory, search-based or simply analyzes the whole software at once(global). Likewise, even less studies (10%) provide detailedscalability estimations in terms of time and space complex-ity. This is most likely caused by the complex notion ofsuch estimations in Bachmann-Landau notation. However,studies which contain no evaluation by case studies shouldat least provide scalability estimations to be comparable toother approaches.

The additional criterion of evaluation results is coveredby 67% of all studies and therefore fulfills its purpose ofassisting with comparing approaches. 60% of all examinedstudies provide information about the size of the conductedcase study or experiment in terms of LOC, the number ofclasses, and similar measures. 25% of all studies reporton achieved precision, 21% on achieved recall, and 13%on required computation time. Further details on memoryconsumption were provided by two studies only, so weexcluded this as a criterion due to the lack of coverageby 99% of the literature.

Our main criteria (scope of analysis, utilized technology,granularity of artifacts/changes/results, tool support, sup-ported language) are covered by 85% of all approaches inaverage. The auxiliary criteria (scalability, style of analysis,size of study, precision, recall, computation time) are cov-ered by 25% of all approaches in average. Therefore, weconclude that our taxonomy in its current state is usefuland applicable for classifying, comparing, searching, andevaluating impact analysis approaches based on its criteria.

C. Identification of Future Work

Based on the performed validation of the taxonomy,which revealed that 33% of all proposed approaches arenot yet evaluated, we investigated how many approachesof a certain scope lack any validation. Figure 4 showsthat 80% of all requirements approaches, and more than50% of architectural and combined approaches were notevaluated by case studies or experiments. Also, as revealedby Table II, many approaches were evaluated with rathersmall case studies and therefore actually prevent any gen-eralization of results. One possible solution to overcomethis limitation would be to establish a universal benchmark,which provides a set of different artifacts, ranging fromrequirements specifications to source code, to provide a

Page 26: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

common database for evaluating approaches. However, thisis not feasible in practice. Instead, a set of evaluationguidelines could be developed, i.e. stating which measures(e.g. precision and recall) should be used. This guidelinecould also contain clusters for classifying a system basedon its size and complexity, which would allow for bettercomparison of results.

22%

53%

80%

17%

61%

Fig. 4. Amount of approaches not yet evaluated, ordered by Scope ofAnalysis criterion

Another possible aspect for further research is to over-come the lack of approaches which span the entire soft-ware development process. Impact analysis is required inthe early stage of requirements capturing, in the phaseof architectural design, and the final implementation andmaintenance phases. However, only 13% of all approachescombine two or more scopes in their analysis process asshown by Figure 2. Therefore, we advocate that moreattention should be paid on linking requirements, architec-ture, and code to enable comprehensive impact analysis.Figure 5 illustrates the amount of combined approaches perscope. Also, according to the work of Kilpinen [21] moreinformation are required how to incorporate a proposed ap-proach into the actual maintenance or development process.This flaw is also supported by the fact that only 22% ofall studies reported on the interactivity of the proposedapproach, as illustrated by the coverage of the Style ofAnalysis criterion in Figure 3.

We also noticed that many authors (e.g. [33], [43], [71],[76], [85], [141]) provide a taxonomy of change typesto facilitate the identification of impacts. However, themajority of established classifications is not based on areview of related studies on change types, such as thework of Baldwin and Clark [181] (pp. 132-142). We areconvinced that more work should be spent on creating ataxonomy of change types for source code, architecturalmodels, requirements, and other artifacts which can beintegrated into impact analysis.

In a similar fashion, many approaches are build on aclassification of dependency types (e.g. [29], [125], [126],[174]) and suffer from the same problem. The proposeddependency types can be mapped to a set of elementaldependencies which should be defined by a taxonomy. As

3

8

1

7

Co

de

- A

rch

itec

ture

-

Req

uir

emen

ts

Co

de

- A

rch

itec

ture

Co

de

- R

equ

irem

ents

Arc

hit

ectu

re -

R

equ

irem

ents

Fig. 5. Combined approaches, ordered by their supported Scope ofAnalysis

suggested for change types, we emphasize the need for amore thorough investigation of dependency types in thescope of impact analysis.

V. CONCLUSION

The evolution of software systems and ongoing changesdemand for explicit means to assess the impact of a changeon existing artifacts and concepts. Thus, software changeimpact analysis is in the focus of researchers in softwareengineering. As a result, the amount of studies publishedin the field of impact analysis is vast. However, there is noextensive review on published literature, which could beused as a starting point for further investigations of impactanalysis.

We presented a comprehensive review of impact analysis,which includes the analysis of 150 approaches and related,auxiliary literature. All 150 studies were classified accord-ing to the referred taxonomy to provide a tabular overviewof the field.

We evaluated our taxonomy by checking the coverage ofits criteria in practice, which revealed a coverage of 85% forthe main criteria, and 25% for the secondary criteria. Thus,the taxonomy is applicable in practice and assists with thetasks of classifying, searching, comparing, and evaluatingimpact analysis approaches.

The review also identified a series of open researchquestions and opportunities for further investigations. First,the review revealed a lack of empirical validations of pro-posed ideas, which can be quantified as 33% of all studies.Secondly, there is still a lack of approaches spanning the en-tire software development process, which requires a tightercoupling between different analysis phases. Finally, manyauthors propose classification schemes for change typesand dependency types, which influence impact analysis.However, a more systematic investigation is required, whichalso compares and incorporates existing work.

Page 27: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

App

roac

hSc

opes

Tech

niqu

esG

ranu

lari

tyof

Ent

ities

Tool

Supp

orte

dSc

alab

ility

Styl

eof

Exp

erim

enta

lR

esul

tsE

ntiti

esC

hang

esR

esul

tsSu

ppor

tL

angu

ages

Ana

lysi

sSi

zeP

RTi

me

Ryd

eran

dTi

p[4

]C

ode

CG

clas

s,m

etho

d,va

riab

le,

test

case

+/-

clas

s,+/

-/ch

g.m

etho

d,+/

-va

riab

le

test

case

noJa

va-

--

--

-

Ren

etal

.[2

6]–[

28]

Cod

eC

Gcl

ass,

met

hod,

vari

able

,te

stca

se

+/-

clas

s,+/

-/ch

g.m

etho

d,+/

-va

riab

le

test

case

Chi

anti

Java

-E

xpl.

123

kLO

C,

11k

chan

ges

-1.

010

min

Xia

and

Srik

anth

[30]

Cod

eC

Gst

atem

ents

-st

atem

ents

no-

--

--

--

Bad

riet

al.[

31]

Cod

eC

Gm

etho

dch

g.m

etho

dm

etho

dPC

IATo

olJa

va-

-77

clas

ses

--

-B

rian

det

al.

[32]

Cod

eD

Gcl

ass

-cl

ass

Con

cert

o2/

AU

DIT

C++

--

40kL

OC

--

-

Kun

get

al.[

33]

Cod

eD

Gcl

ass,

met

hod,

vari

able

+/-/

inh.

/vis

.cla

ss,

+/-/

sig.

/vis

.m

etho

d,+/

-/ty

p./v

is.

vari

able

clas

s,m

etho

d,va

riab

le

OO

TM

EC

++-

->

140

clas

ses

--

-

Li

and

Off

utt

[43]

Cod

eD

Gcl

ass,

met

hod,

vari

able

+/-

clas

s,+/

-/si

g./v

is.

met

hod,

+/-/

typ.

/val

./vi

s.va

riab

le

clas

sno

-T: O(m

3n2)

--

--

-

Raj

lich

[34]

Cod

eD

Gcl

ass

+/-/

chg.

clas

scl

ass

Rip

ples

2C

,C++

-E

xpl.

2kL

OC

--

-Pi

rklb

auer

etal

.[3

5]C

ode

DG

--

-C

IAM

SSC

OB

OL

--

--

--

Zal

ewsk

ian

dSc

hupp

[38]

Cod

eD

GST

Lsp

ec.

+/-

STL

spec

.ST

Lsp

ec.

noC

++-

--

--

-

Petr

enko

and

Ra-

jlich

[39]

Cod

eD

Gcl

ass,

met

hod,

stat

emen

t,va

riab

le

-cl

ass,

met

hod,

stat

emen

t,va

riab

le

plug

-in

for

JRip

ples

Java

-E

xpl.

550

kLO

C<

0.19

--

Bla

ck[4

0]C

ode

DG

vari

able

-va

riab

leR

EST

C-

-72

5L

OC

--

-L

eeet

al.[

6]C

ode

DG

clas

s,m

etho

d-

clas

sC

hAT

--

-30

kLO

C-

--

Bes

zede

set

al.

[44]

Cod

eD

Gcl

ass,

met

hod

-cl

ass

-C

++,J

ava

T:O(n

∗e+

n∗k∗m)

-40

0cl

asse

s0.

851.

0-

Bila

lan

dB

lack

[42]

Cod

eD

Gcl

ass,

met

hod

-cl

ass,

met

hod

RE

ST,

Cod

eSur

fer

C++

--

--

--

Jasz

etal

.[45

]C

ode

DG

met

hod

-m

etho

dC

odeS

urfe

rC

,C++

,A

daT:

O(n

+e)

-1.

4m

LO

C,

83k

met

hods

0.87

1.0

3h

Che

nan

dR

ajlic

h[4

6]C

ode

DG

met

hod,

vari

able

-m

etho

d,va

riab

leR

IPPL

ES

C-

Exp

l.-

0.09

1.0

-

Gw

izda

laet

al.

[47]

Cod

eD

Gcl

ass,

met

hod,

vari

able

-cl

ass

JTra

cker

Java

-E

xpl.

400

clas

ses

--

-

Bis

hop

[48]

Cod

eD

Gcl

ass,

met

hod,

vari

able

+/-

met

hod

clas

sIn

crem

enta

lIm

pact

Ana

lyze

r

Java

--

9K

LO

C-

-35

0ms

Page 28: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Fasc

hing

[36]

Cod

eD

G-

--

CIA

MSS

--

Glo

abl

6kar

tifac

ts-

--

Tone

lla[5

3]C

ode

SLva

riab

lech

g.st

atem

ent

vari

able

reac

habi

lity

tool

C-

-2

kLO

C-

1,0

-

Kor

pian

dK

oski

-ne

n[5

0]C

ode

SLva

riab

le-

vari

able

GR

AC

EV

isua

lB

asic

--

18.7

kLO

C-

-5

s

Vid

acs

etal

.[55

]C

ode

SLm

acro

chg.

mac

rode

fini-

tion

clas

s,m

etho

d,va

riab

le,

mac

ro

Col

umbu

sC

/C++

fron

tend

C,C

++-

Sear

ch-

base

d-

--

-

Bin

kley

and

Har

man

[54]

Cod

eSL

vari

able

-va

riab

leC

odeS

urfe

rC

O(n

2)

Sear

ch-

base

d17

9kL

OC

-1.

0-

Gal

lagh

eran

dLy

le[5

1]C

ode

SLva

riab

le+/

-/va

l.va

riab

leva

riab

le-

-T: O(n

2eloge)

--

--

-

Hut

chin

san

dG

alla

gher

[52]

Cod

eSL

vari

able

val.

vari

able

vari

able

Surg

eon’

sA

ssis

tant

C-

Sear

ch-

base

d-

--

-

Kor

pian

dK

oski

-ne

n[5

0]C

ode

SLva

riab

le-

vari

able

GR

AC

EV

isua

lB

asic

--

18.7

kLO

C-

-5

s

Bin

kley

and

Har

man

[54]

Cod

eSL

vari

able

-va

riab

leC

odeS

urfe

rC

O(n

2)

Sear

ch-

base

d17

9kL

OC

-1.

0-

Sant

elic

esan

dH

arro

ld[5

6]C

ode

SLst

atem

ent

chg.

stat

emen

tst

atem

ent

DU

AFo

rens

ics

Java

-Se

arch

-ba

sed

21kL

OC

--

2h

Api

wat

tana

pong

etal

.[62

]C

ode

ET

met

hod

chg.

met

hod

met

hod

EA

TJa

vaT:

O(n

)S:

O(n

)-

33kL

OC

0,24

--

Bre

ech

etal

.[6

0]C

ode

ET

met

hod

chg.

met

hod

met

hod

Dyn

amoR

IO,

RVM

Java

,C++

,C

,For

tran

-Se

arch

-ba

sed

131

kLO

C-

-4

h

Law

and

Rot

herm

el[5

7]C

ode

ET

met

hod

chg.

met

hod

met

hod

Cod

esur

fer

CT:

O(n

)Se

arch

-ba

sed

>6

kLoc

--

-

Law

and

Rot

herm

el[5

8]C

ode

ET

met

hod

chg.

met

hod

met

hod

-C

T:O(n

)S:

O(n

)-

>6

kLoc

--

58m

in

Ors

oet

al.[

59]

Cod

eE

Tm

etho

dch

g.m

etho

dm

etho

dJA

BA

Java

--

60kL

OC

--

-B

reec

het

al.

[61]

Cod

eE

Tm

etho

dch

g.m

etho

dm

etho

d-

CT:

O(n

3)

S:O(n

2)

-40

kLO

C-

-38

min

Gup

taet

al.[

65]

Cod

eE

Tva

riab

leva

l.va

riab

leva

riab

le-

--

--

--

-G

upta

etal

.[66

]C

ode

ET

met

hod,

stat

emen

t+/

-/ch

g.m

etho

d,+/

-/ch

g.st

atem

ent

met

hod

--

--

--

--

Hua

ngan

dSo

ng[6

3]C

ode

ET

met

hod

+/-

met

hod

met

hod

no-

--

--

--

Van

ciu

and

Raj

lich

[67]

Cod

eE

Tm

etho

d-

met

hod

Rev

eal

-T:

O(s

∗T+

s∗n2)

-19

0cl

asse

s,1.

6km

eth-

ods

0.54

3-

5h

Bes

zede

set

al.

[64]

Cod

eE

Tm

etho

d-

met

hod

JIm

pact

Java

T:O(n

)S:

O(m

∗n)

Glo

bal

2,3

kLO

C0.

35-

-

Cha

umun

etal

.[6

9]C

ode

ER

clas

s,m

etho

d,va

riab

le

+/-/

vis.

clas

s,+/

-/si

g./v

is.

met

hod,

+/-/

vis.

/typ.

vari

able

clas

s,m

etho

d,va

riab

le

-C

++-

->

1kcl

asse

s-

--

Page 29: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Sun

etal

.[71

]C

ode

ER

clas

s,m

etho

d,va

riab

le

+/-/

inh.

/mod

./vis

.cl

ass,

+/-/

mod

./vis

.m

etho

d,+/

-/m

od./

vis.

vari

able

clas

s,m

etho

d,va

riab

le

JHD

GJa

va-

-15

7cl

asse

s0.

541

0.71

2-

Han

[68]

Cod

eE

Rm

odul

e,cl

ass,

met

hod,

stat

emen

t

+/-/

inh.

clas

s,+/

-/ch

g.m

etho

dcl

ass,

met

hod

-C

++-

--

--

-

Ari

shol

met

al.

[70]

Cod

eE

Rcl

ass

-cl

ass

JDis

sect

Java

--

17kL

OC

,40

8cl

asse

s-

--

Posh

yvan

yket

al.

[75]

Cod

eIR

clas

s,m

etho

d-

clas

sIR

C2

MC

++-

-4

mL

OC

<0.

28<

0.66

-

Vau

cher

etal

.[7

4]C

ode

IRcl

ass

+/-/

chg.

met

hod

clas

sPT

IDE

JJa

va-

-79

0cl

asse

s-

--

Ant

onio

let

al.

[73]

Cod

eIR

--

--

C++

--

-0.

487

0.69

6-

Zho

uet

al.[

76]

Cod

ePM

clas

s,m

etho

d,va

riab

le

+/-/

m.c

lass

,+/

-/m

.met

hod,

+/-/

m./v

al.v

aria

ble

clas

s,m

etho

d,va

riab

le

Evo

lizer

Java

-E

xpl.

-0.

815

0.62

3-

Tsa

ntal

iset

al.

[77]

Cod

ePM

clas

s,m

etho

din

h.cl

ass,

+/-

met

hod

clas

sye

s,un

nam

edJa

va-

Glo

bal

169

clas

ses

0.55

4-

-

Abd

iet

al.

[78]

,[79

]C

ode

PMcl

ass,

met

hod,

vari

able

+/-/

vis.

clas

s,+/

-/vi

s.m

etho

d,+/

-/vi

s.va

riab

le

clas

sPT

IDE

JJa

va-

-39

4cl

asse

s0.

689

--

Abd

iet

al.

[80]

,[81

]C

ode

PMcl

ass

-cl

ass

BN

J-

--

--

--

Mir

arab

etal

.[8

2]C

ode

PMad

apta

ble

adap

tabl

ead

apta

ble

Smile

and

othe

r,no

tna

med

tool

s

Java

--

263

kLO

C,

>6k

revi

-si

ons

0.63

0.25

9-

Get

hers

and

Posh

yvan

yk[8

3]C

ode

PMcl

ass

-cl

ass

-C

++,J

ava

--

1.9

mL

OC

0.11

80.

446

-

Has

san

and

Hol

t[9

5]C

ode

HM

clas

s,m

etho

d,va

riab

le

CV

Sre

cord

clas

s,m

etho

d,va

riab

le

-C

--

>15

kre

vi-

sion

s0.

510.

49

Yin

get

al.[

94]

Cod

eH

Mso

urce

file

CV

Sre

cord

sour

cefil

e-

C++

,Jav

a-

Glo

bal

>20

kfil

es,

>10

0kre

-vi

sion

s

0.4

0.2

55m

in

Kag

di[1

03]

Cod

eH

Mcl

ass,

met

hod,

stat

emen

t

chan

gere

cord

clas

s,m

etho

d,st

atem

ent

sqm

iner

,sr

cML

,dw

diff

,co

deD

iff

--

--

--

-

Gal

let

al.[

86]

Cod

eH

Mcl

ass

CV

Sre

cord

clas

s-

Java

-G

loba

l50

0kL

OC

--

-Z

imm

erm

ann

etal

.[87

]C

ode

HM

met

hod,

vari

able

+/-/

chg.

met

hod,

+/-/

val.

vari

able

met

hod,

vari

able

RO

SEJa

va,C

++,

C,P

ytho

n-

Exp

l.>

34k

files

,>

53k

revi

-si

ons

0.38

0.41

6-

Gır

baet

al.[

92]

Cod

eH

Mcl

ass

+/-

met

hod

clas

sV

an,M

oose

Smal

ltalk

-G

loba

l>

500

revi

-si

ons

--

-

Gır

baet

al.[

93]

Cod

eH

Mpa

ckag

e,cl

ass,

met

hod

+/-/

chg.

met

hod,

+/-/

chg.

stat

emen

tpa

ckag

e,cl

ass,

met

hod

--

--

281

kLO

C-

--

Page 30: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Bou

ktif

etal

.[9

6]C

ode

HM

sour

cefil

eC

VS

reco

rdso

urce

file

noJa

va,C

++,

C-

Glo

bal

>9k

files

0.77

20.

792

3m

in

Rob

bes

and

Lan

za[9

8]C

ode

HM

pack

age,

clas

s,m

etho

d,st

atem

ent,

vari

able

+/-

pack

age,

+/-/

inh.

clas

s,+/

-m

etho

d,+/

-/va

l.va

riab

le

-Sp

yWar

eSm

allta

lk-

--

--

-

Rob

bes

etal

.[99

]C

ode

HM

pack

age,

clas

s,m

etho

d,st

atem

ent,

vari

able

+/-

pack

age,

+/-/

inh.

clas

s,+/

-m

etho

d,+/

-/va

l.va

riab

le

-Sp

yWar

eSm

allta

lk-

-40

clas

ses

--

1m

in

Rob

bes

and

Lan

za[1

00]

Cod

eH

Mpa

ckag

e,cl

ass,

met

hod,

stat

emen

t,va

riab

le

+/-

pack

age,

+/-/

inh.

clas

s,+/

-m

etho

d,+/

-/va

l.va

riab

le

-Sp

yWar

e-

--

--

--

Flur

iet

al.[

84]

Cod

eH

Mcl

ass,

met

hod,

vari

able

+/-/

chg.

clas

s,+/

-/ch

g.m

etho

d,+/

-/ch

g.va

riab

le

clas

s,m

etho

d,va

riab

le

-Ja

vaT:

O(n

2)

Glo

bal

26kL

OC

--

-

Flur

ian

dG

all

[85]

Cod

eH

Mcl

ass,

met

hod,

stat

emen

t,va

riab

le

+/-/

inh.

/mod

./vis

./r.

clas

s,+/

-/si

g./m

od./v

is./r

.m

etho

d,+/

-/ch

g.st

atem

ent,

+/-/

vis.

/mod

./typ

./r.

vari

able

clas

s,m

etho

d,st

atem

ent,

vari

able

Cha

ngeD

istil

ler

Java

--

1.4k

clas

ses

--

-

Pope

scu

etal

.[1

25]

Cod

eM

DG

,SL

com

pone

nt-

com

pone

ntH

elio

sJa

va,C

#,C

++-

-19

kLO

C-

--

Pope

scu

[126

]C

ode

MD

G,S

Lco

mpo

nent

-co

mpo

nent

Hel

ios

--

-19

kLO

C-

--

Kag

dian

dM

alet

ic[1

02],

[104

]

Cod

eH

M,D

Gad

apta

ble

chan

gere

cord

adap

tabl

esq

min

er,

srcM

L,d

wdi

ff,

code

Diff

--

--

--

-

Cec

care

lliet

al.

[108

]C

ode

HM

,PM

sour

cefil

eC

VS

reco

rdso

urce

file

--

--

>10

kre

vi-

sion

s0.

8<

0.3

-

Can

fora

etal

.[1

09]

Cod

eH

M,P

Mso

urce

file

CV

Sre

cord

sour

cefil

e-

Java

,C,

C++

--

>50

0fil

es,

>1.

7kre

vi-

sion

s

0.31

<0.

6-

Won

get

al.[

117]

Cod

ePM

,HM

--

--

Java

--

278

kLO

C0.

618

0.35

5-

Hat

tori

etal

.[14

]C

ode

DG

,HM

,PM

clas

s,m

etho

d,va

riab

le

+/-/

vis.

/inh.

clas

s,+/

-/vi

s.m

etho

d,+/

-/vi

s.va

riab

le

clas

s,m

etho

d,va

riab

le

Impa

laJa

va-

-3.

6kL

OC

0.87

50.

775

-

Ger

man

etal

.[1

05]

Cod

eD

G,H

Mm

etho

dre

nam

e,m

erge

,sp

lit,c

lone

met

hod

-C

--

--

--

Kab

aili

etal

.[1

10]

Cod

eD

G,E

Rcl

ass,

met

hod,

vari

able

+/-/

inh.

clas

s,+/

-m

etho

d,+/

-va

riab

le

clas

s-

C++

--

--

--

Can

fora

and

Cer

ulo

[106

]C

ode

HM

,IR

sour

cefil

e-

sour

cefil

eye

s,un

amed

--

->

1.4k

files

<0.

36<

0.67

-

Que

ille

etal

.[1

11]

Cod

eD

G,E

R-

--

IAS

C,C

++-

-2

kLO

C-

--

Page 31: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Bar

ros

etal

.[1

12]

Cod

eD

G,E

R-

--

IAS

--

--

--

-

Hua

ngan

dSo

ng[1

13]

Cod

eE

T,D

Gm

etho

d,va

riab

le+/

-m

etho

d,+/

-/va

l.va

riab

lem

etho

d,va

riab

leno

Java

--

--

--

Hua

ngan

dSo

ng[1

14]

Cod

eD

G,E

R,

ET

clas

s,m

etho

d,va

riab

le

+/-/

inh.

clas

s,+/

-m

etho

d,+/

-/va

l.va

riab

le

clas

s,m

etho

d,va

riab

le

JDIA

Java

--

903

kLO

C-

-10

3s

Wal

ker

etal

.[1

15]

Cod

eD

G,P

M,

HM

type

CV

Sre

cord

type

TR

EJa

vaT: O(n

logn)

Glo

bal

--

--

Mai

aet

al.[

116]

Cod

eD

G,E

Tcl

ass,

met

hod,

vari

able

+/-

clas

s,+/

-m

etho

d,+/

-va

riab

le

-SD

-Im

pala

Java

--

6kL

OC

0.27

40.

566

-

Kag

diet

al.

[118

]C

ode

IR,H

Mst

atem

ent

CV

Sre

cord

stat

emen

tsr

cML

,sr

cDiff

,sq

min

er

C++

,C,

Java

--

367

kLO

C,

2kfil

es0.

852

0.45

5-

Sun

etal

.[11

9]C

ode

SL,D

Gpa

ckag

e,cl

ass,

met

hod,

stat

emen

t,va

riab

le

+/-

pack

age,

+/-/

r.cl

ass,

+/-/

sig.

/r.m

etho

d,+/

-/r.

/t.va

riab

le

pack

age,

clas

s,m

etho

d,st

atem

ent,

vari

able

JHSA

Java

--

3.9

kLO

C0.

184

--

Buc

kner

etal

.[1

82]

Cod

e-

clas

s-

clas

sJR

ippl

esJa

va-

Exp

l.-

--

-

Moh

amad

[120

]C

ode

TR

,SL

pack

age,

clas

s,m

etho

d

-pa

ckag

e,cl

ass,

met

hod

CIA

-VC

++-

Exp

l.4

KL

OC

--

-

Kag

di[2

0]C

ode

DG

,HM

file,

clas

s,m

etho

d,va

riab

le

-fil

e,cl

ass,

met

hod,

vari

able

code

Diff

,sq

min

er-

-G

loba

l60

0K

LO

C-

--

Lee

[124

]C

ode

DG

,ER

clas

s,m

etho

d,va

riab

le

+/-/

inh.

clas

s,+/

-/vi

s./r.

/sig

.m

etho

d,+/

-/ty

p./v

al.

vari

able

clas

s,m

etho

d,va

riab

le

Cha

TC

++-

Glo

bal

29K

LO

C-

--

Ren

[29]

Cod

eC

G,E

Tcl

ass,

met

hod,

vari

able

+/-

clas

s,+/

-/si

g.m

etho

d,+/

-va

riab

le

test

case

Chi

anti

Java

-G

loba

l12

3K

LO

C,

700

clas

ses,

7km

etho

ds

--

-

Can

fora

and

Cer

ulo

[107

]C

ode

HM

,IR

sour

cefil

e,st

atem

ent

+/-/

chg.

stat

emen

tso

urce

file,

stat

emen

tJi

mpa

Java

,C++

-G

loba

l27

2kL

OC

,1.

5kfil

es<

0.15

>0.

740

0s

Hof

fman

[128

]C

ode

-cl

ass,

met

hod

-cl

ass,

met

hod

JFle

xJa

va-

Glo

bal

--

--

Moo

nen

[127

]C

ode

Isla

ndG

ram

mar

vari

able

-va

riab

leIS

CA

NC

OB

OL

--

901

kLO

C-

-26

min

Ary

ani

etal

.[1

29]

Arc

h.D

Gco

mpo

nent

-co

mpo

nent

--

--

--

--

Ary

ani

etal

.[1

30]

Arc

h.D

G,P

Mdo

mai

nva

r.,do

mai

nfu

nc.,

UI

com

p.

-do

mai

nva

r.,do

mai

nfu

nc.,

UI

com

p.

--

--

104

kLO

C0.

614

0.42

8-

Bri

and

etal

.[1

31],

[132

]A

rch.

ER

entir

eU

ML

-en

tire

UM

LiA

CM

Tool

UM

L-

--

--

-

Page 32: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Dan

tas

etal

.[1

33]

Arc

h.T

R,H

Men

tire

UM

L-

entir

eU

ML

Ody

ssey

-SC

MU

ML

--

60kL

OC

0.6

0.15

-

Xin

gan

dSt

roul

ia[1

34],

[135

]

Arc

h.H

Mcl

ass

+/-/

r./m

.cla

sscl

ass

JRefl

eXU

ML

--

144

clas

ses

--

-

Xin

gan

dSt

roul

ia[1

36]

Arc

h.H

Mpa

ckag

e,cl

ass,

inte

rfac

e,va

riab

le

+/-

pack

age,

+/-/

r./m

./vis

.cla

ss,

+/-/

r./m

./vis

.in

terf

ace,

+/-/

r./m

./vis

.va

riab

le

pack

age,

clas

s,in

terf

ace,

vari

able

JDE

vAn

UM

L-

-80

0cl

asse

s0.

955

-58

min

McN

air

etal

.[1

37]

Arc

h.H

Mco

mpo

nent

,pa

ckag

e,cl

ass

+/-/

chg.

com

pone

nt,

+/-/

chg.

pack

age,

+/-/

chg.

clas

s

com

pone

nt,

pack

age,

clas

s

Mot

ive

Java

--

1.5k

clas

ses

--

-

Yoo

and

Cho

i[1

38]

Arc

h.M

DG

syst

em-

syst

em-

XM

L-

--

--

-

deB

oer

etal

.[1

39]

Arc

h.D

Gco

mpo

nent

,pr

oces

s,da

taob

ject

+/-/

chg.

com

pone

nt,

+/-/

chg.

proc

ess,

+/-/

chg.

data

obje

ct

com

pone

nt,

proc

ess,

data

obje

ct

-A

rchi

Mat

e-

--

--

-

Vora

[140

]A

rch.

ER

,CG

clas

s,m

etho

d-

com

pone

nt-

TeC

FRA

DL

--

10kL

OC

--

-

Feng

and

Mal

etic

[141

]A

rch.

ER

,SL

com

pone

nt,

inte

rfac

e,m

etho

d

+/-

inte

rfac

e,+/

-m

etho

dco

mpo

nent

,in

terf

ace,

met

hod

SOC

IAT

UM

L-

--

--

-

Tang

etal

.[14

2]A

rch.

PMen

tire

UM

L-

entir

eU

ML

AR

EL

UM

L-

--

--

-Z

hao

etal

.[14

3]A

rch.

SLco

mpo

nent

,co

nnec

tor

-co

mpo

nent

,co

nnec

tor

Cia

saW

righ

t-

--

--

-

Won

gan

dC

ai[1

01]

Arc

h.PM

,HM

clas

s-

clas

s-

UM

L-

-14

revi

sion

s0.

021

0.06

1-

van

den

Ber

g[1

44]

Arc

h.T

R,D

Gad

apta

ble

-ad

apta

ble

noU

ML

--

--

--

ten

Hov

eet

al.

[149

]R

eq.

ER

requ

irem

ent

+/-

requ

irem

ent

requ

irem

ent

plug

-in

for

Blu

ePri

ntSy

sML

--

--

--

Hew

ittan

dR

illin

g[1

45]

Req

.D

Gsc

enar

io,

com

pone

nt-

scen

ario

,co

mpo

nent

exte

nded

UC

MN

av2

UC

M-

-

Loc

kan

dK

oton

ya[1

48]

Req

.T

R,P

Mre

quir

emen

t-

requ

irem

ent

AR

Chl

Vis

T-

--

--

--

Has

sine

etal

.[1

50]

Req

.SL

entir

eU

CM

spec

.-

entir

eU

CM

spec

.C

IATo

olU

CM

--

--

--

Gok

nil

etal

.[1

51]

Req

.E

Rre

quir

emen

t,pr

edic

ate,

rela

tion

+/-

requ

irem

ent,

+/-

pred

icat

e,+/

-/ty

p.re

latio

n

requ

irem

ent

no-

--

--

--

Lee

etal

.[15

2]R

eq.

TR

goal

,us

eca

se-

goal

,us

eca

se-

--

--

--

-

Spijk

erm

an[1

53]

Req

.T

R,E

Rre

quir

emen

t,co

nstr

aint

,pr

oper

ty,

rela

tion

+/-

requ

irem

ent,

+/-/

chg.

prop

erty

,+/

-/va

l.co

nstr

aint

,+/

-/ty

p.re

latio

n

requ

irem

ent

--

--

--

--

Jons

son

[154

]R

eq.

IRre

quir

emen

t-

requ

irem

ent

SVD

LIB

C-

--

400

requ

ire-

men

ts0.

171

0.17

7-

Page 33: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

O’N

eal

[156

]R

eq.

TR

requ

irem

ent,

mis

c.ar

tifac

ts

-re

quir

emen

t-

--

-12

0ar

tifac

ts,

1100

trac

es

--

-

O’N

eal

and

Car

ver

[155

]R

eq.

TR

requ

irem

ent

+/ch

g.re

quir

emen

tre

quir

emen

t-

--

--

--

-

Ant

onio

let

al.

[157

]M

isc.

Art

.H

Mfil

eC

VS

reco

rdfil

eno

--

-10

kfil

es,

3.7

mL

OC

--

-

Bey

eran

dN

oack

[158

]M

isc.

Art

.H

Mfil

eC

VS

reco

rdfil

eSt

atC

VS,

cvs2

cl2

,C

roco

Pat

--

-4

mL

OC

,3.

9kfil

es-

-

Ask

ari

and

Hol

t[1

59]

Mis

c.A

rt.

PM,H

Mfil

eC

VS

reco

rdfil

eno

--

--

--

-

Sher

riff

and

Will

iam

s[1

60]

Mis

c.A

rt.

HM

file

chan

gere

cord

file

Mat

lab

-T:

O(n

2)

-12

kfil

es,

240k

revi

sion

s

--

-

Jash

kiet

al.[

161]

Mis

c.A

rt.

HM

file

CV

Sre

cord

file

Mat

lab

--

-3k

files

,31

kre

visi

ons

--

-

Nad

iet

al.[

162]

Mis

c.A

rt.

HM

--

-D

RA

CA

--

-27

kch

ange

s0.

885

0.69

8-

Ham

mad

etal

.[1

66]

Arc

h.,

Cod

eE

RC

++cl

ass,

C++

met

hod

+/-

C++

clas

s,+/

-C

++m

etho

dU

ML

clas

ssr

cTra

ceC

++,U

ML

--

550

files

,20

0ch

ange

s

--

-

Shar

afat

and

Tahv

ildar

i[1

67]

Arc

h.,

Cod

ePM

clas

s,m

etho

d,va

riab

le

+/-

met

hod,

+/-/

val.

vari

able

clas

s-

Java

,UM

L-

-58

clas

ses

0.70

2-

-

Shar

afat

and

Tahv

ildar

i[1

68]

Arc

h.,

Cod

ePM

clas

s,m

etho

d,va

riab

le

-cl

ass

-Ja

va,U

ML

--

58cl

asse

s0.

707

--

Kot

onya

and

Hut

chin

son

[170

]A

rch.

,R

eq.

DG

com

pone

nt,

requ

irem

ent

+/-

com

pone

nt,

chg.

prop

erty

,ch

g.co

nstr

aint

com

pone

nt,

requ

irem

ent

EC

O-A

DM

CA

DL

--

--

--

Xia

oet

al.[

171]

Req

.,C

ode

CG

,ER

BPE

Lta

sk+/

-ta

sk,

chg.

task

-pro

pert

y,ch

g.ta

sk-d

ata

met

hod

-B

PEL

--

--

--

Boh

ner

[37]

,[1

72]

Arc

h.,

Cod

eD

G-

--

--

--

--

--

Boh

ner

and

Gra

cani

n[1

73]

Arc

h.,

Cod

eD

G-

--

--

--

--

--

Hut

chin

son

etal

.[1

69]

Arc

h.,

Req

.T

Rco

mpo

nent

,re

quir

emen

t-

com

pone

nt,

requ

irem

ent

noC

AD

L-

--

--

-

Kha

nan

dL

ock

[174

]A

rch.

,R

eq.

TR

com

pone

nt,

use

case

-co

mpo

nent

--

--

--

--

Yu

etal

.[17

5]A

rch.

,R

eq.

CG

com

pone

nt,

requ

irem

ent

-co

mpo

nent

--

--

--

--

Bri

and

etal

.[1

76]

Arc

h.,

Req

.T

Rcl

ass,

met

hod,

sequ

ence

,us

eca

se,

vari

able

,m

essa

ge,

test

case

+/-

use

case

,+/

-/ch

g.m

essa

ge,

+/-/

sig.

/chg

.m

etho

d,+/

-/vi

s./ty

p.va

riab

le

test

case

RT

SToo

lU

ML

--

320k

test

case

s-

--

Page 34: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Ibra

him

etal

.[1

21]–

[123

]A

rch.

,R

eq.,

Cod

e

TR

clas

s,m

etho

d,re

quir

emen

t,te

stca

se

chg.

met

hod

clas

s,m

etho

d,re

quir

emen

t,te

stca

se

Cat

iaC

++,U

ML

--

4kL

OC

--

-

von

Kne

then

and

Gru

nd[1

77]

Arc

h.,

Req

.T

R,I

Ren

tire

UM

L-

entir

eU

ML

Qua

Trac

eU

ML

--

--

--

Kim

etal

.[16

3]A

rch.

,C

ode

DG

sour

cefil

e,cl

ass,

met

hod,

vari

able

-so

urce

file,

clas

s,m

etho

d,va

riab

le

iCIA

C,C

++-

-7

mL

OC

--

3m

in

Has

san

etal

.[1

80]

Arc

h.,

Cod

eE

Rco

mpo

nent

,in

terf

ace,

conn

ecto

r,po

rt

+/-

com

pone

nt,

+/-

inte

rfac

e,+/

-co

nnec

tor,

+/-

port

com

pone

nt,

inte

rfac

e,co

nnec

tor,

port

set

ofE

clip

sepl

ug-i

nsA

da,P

erl,

PHP,

Java

,A

AD

L,

XA

DL

2.0

--

--

--

Loo

man

[179

]A

rch.

,R

eq.

TR

com

pone

nt,

requ

irem

ent

+/-/

chg.

req.

,+/

-re

q.pr

edic

ate,

+/-/

chg.

com

pone

nt

com

pone

nt,

requ

irem

ent

Allo

yA

AD

L-

--

--

-

TAB

LE

II:

All

stud

ies

clas

sifie

dac

cord

ing

toth

ecr

iteri

aof

our

taxo

nom

y[9

]

Page 35: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

REFERENCES

[1] V. Rajlich and P. Gosavi, “Incremental change in object-orientedprogramming,” IEEE Software, vol. 21, no. 4, pp. 62–69, 2004.

[2] S. A. Bohner and R. S. Arnold, Software Change Impact Analysis.Los Alamitos, CA, USA: IEEE Computer Society PublicationsTutorial Series, 1996.

[3] S. A. Bohner, “Impact analysis in the software change process: ayear 2000 perspective,” in Proceedings of the 12th InternationalConference on Software Maintenance (ICSM’96), Monterey, CA,November 1996, pp. 42–51.

[4] B. Ryder and F. Tip, “Change impact analysis for object-orientedprograms,” in Proceedings of the 2001 ACM SIGPLAN-SIGSOFTworkshop on Program analysis for software tools and engineering(PASTE ’01), Snowbird, Utah, USA, June 2001, pp. 46–53.

[5] K. H. Bennett, “An introduction to software maintenance,” Infor-mation and Software Technology, vol. 12, no. 4, pp. 257–264, 1990.

[6] M. Lee, A. J. Offutt, and R. T. Alexander, “Algorithmic analysis ofthe impacts of changes to object-oriented software,” in Proceedingsof the 34th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS 34), Santa Barbara, CA, USA, July 2000, pp. 61–70.

[7] R. S. Arnold and S. A. Bohner, “Impact analysis - towards aframework for comparison,” in Proceedings of the Conferenceon Software Maintenance (CSM ’93), Montreal, Que., Canada,September 1993, pp. 292–301.

[8] S. A. Bohner, “A graph traceability approach for software changeimpact analysis,” Ph.D. dissertation, George Mason University,Fairfax, VA, USA, 1995.

[9] S. Lehnert, “A taxonomy for software change impact analysis,”in Proceedings of the 12th International Workshop on Principlesof Software Evolution and the 7th annual ERCIM Workshop onSoftware Evolution (IWPSE-EVOL 2011). Szeged, Hungary: ACM,September 2011, pp. 41–50.

[10] G. Toth, P. Hegedus, A. Beszedes, T. Gyimothy, and J. Jasz, “Com-parison of different impact analysis methods and programmer’sopinion: an empirical study,” in Proceedings of the 8th InternationalConference on the Principles and Practice of Programming in Java(PPPJ ’10), New York, USA, 2010.

[11] M. Lindvall, “Evaluating impact analysis - a case study,” EmpiricalSoftware Engineering, vol. 2, no. 2, pp. 152–158, 1997.

[12] A. Orso, T. Apiwattanapong, J. Law, G. Rothermel, and M. J.Harrold, “An empirical comparison of dynamic impact analysisalgorithms,” in Proceedings of the 26th International Conferenceon Software Engineering (ICSE’04), Edinburgh, Scotland, 2004, pp.491–500.

[13] B. Breech, M. Tegtmeyer, and L. Pollock, “A comparison of onlineand dynamic impact analysis algorithms,” in Proceedings of theEuropean Conference on Software Maintenance and Reengineering2005, March 2005, pp. 143–152.

[14] L. Hattori, G. d. Santos Jr., F. Cardoso, and M. Sampaio, “Min-ing software repositories for software change impact analysis: Acase study,” in Proceedings of the 23rd Brazilian symposium onDatabases, Campinas, Sao Paulo, Brazil, October 2008, pp. 210–223.

[15] L. Hattori, D. Guerrero, J. Figueiredo, J. a. Brunet, and J. Damasio,“On the precision and accuracy of impact analysis techniques,” inProceedings of the Seventh IEEE/ACIS International Conferenceon Computer and Information Science (icis 2008), Portland, OR,May 2008, pp. 513–518.

[16] A. De Lucia, F. Fasano, and R. Oliveto, “Traceability managementfor impact analysis,” in Proceedings of Frontiers of SoftwareMaintenance (FoSM 2008), Beijing, China, October 2008, pp. 21–30.

[17] R. Robbes, M. Lanza, and D. Pollet, “A benchmark for change pre-diction,” Faculty of Informatics, Universit della Svizzerra Italiana,Lugano, Switzerland, Tech. Rep. 06, October 2008.

[18] H. Kagdi, M. L. Collard, and J. I. Maletic, “Towards a taxonomy ofapproaches for mining of source code repositories,” in Proceedingsof the 2nd International Workshop on Mining Software Repositories(MSR ’05), New York, 2005, pp. 90–94.

[19] ——, “A survey and taxonomy of approaches for mining softwarerepositories in the context of software evolution,” Journal of Soft-

ware Maintenance and Evolution: Research and Practice, vol. 19,pp. 77–131, 2007.

[20] H. Kagdi, “Mining software repositories to support software evo-lution,” Ph.D. dissertation, Kent State University, August 2008.

[21] M. Kilpinen, “The emergence of change at the systems engineeringand software design interface - an investigation of impact analysis,”Ph.D. dissertation, Cambridge University, Engineering Department,2008.

[22] B. J. Williams and J. C. Carver, “Characterizing software archi-tecture changes: A systematic review,” Information and SoftwareTechnology, vol. 52, no. 1, pp. 31–51, July 2009.

[23] ITU-T, “Recommendation ITU-T Z.151 User requirements notation(URN) – Language definition,” ITU-T, Nov 2008.

[24] T. Mens, J. Buckley, M. Zenger, and A. Rashid, “Towards a taxon-omy of software evolution,” in Proceedings of the 2nd InternationalWorkshop on Unanticipated Software Evolution, Warsaw, Poland,April 2003.

[25] J. Buckley, T. Mens, M. Zenger, A. Rashid, and G. Kniesel,“Towards a taxonomy of software change,” Journal of SoftwareMaintenance and Evolution: Research and Practice, vol. 17, pp.309–332, September 2005.

[26] X. Ren, F. Shah, F. Tip, B. G. Ryder, O. Chesley, and J. Dolby,“Chianti: A prototype change impact analysis tool for Java,”Rutgers University, Department of Computer Science, Tech. Rep.DCS-TR-533, September 2003.

[27] X. Ren, F. Shah, B. Tip, and O. Chesley, “Chianti: A tool forchange impact analysis of Java programs,” in Proceedings ofthe 19th annual ACM SIG-PLAN Conference on Object-orientedprogramming, systems, languages, and applications (OOPSLA ’04),Vancouver, BC, Canada, 2004, pp. 432–448.

[28] X. Ren, B. G. Ryder, M. Stoerzer, and F. Tip, “Chianti: A changeimpact analysis tool for Java programs,” in Proceedings of the27th international conference on Software Engineering (ICSE ’05).New York, NY, USA: ACM, 2005, pp. 664–665.

[29] X. Ren, “Change impact analysis for Java programs and ap-plications,” Ph.D. dissertation, New Brunswick Graduate School,Rutgers University, New Brunswick, New Jersey, USA, October2007.

[30] F. Xia and P. Srikanth, “A change impact dependency measure forpredicting the maintainability of source code,” in Proceedings ofthe 28th Annual International Computer Software and ApplicationsConference (COMPSAC ’04), vol. 2, September 2004, pp. 22–23.

[31] L. Badri, M. Badri, and D. St-Yves, “Supporting predictive changeimpact analysis: a control call graph based technique,” in Proceed-ings of the 12th Asia-Pacific Conference on Software Engineering(APSEC ’05), December 2005, p. 9.

[32] L. C. Briand, J. Wuest, and H. Lounis, “Using coupling measure-ment for impact analysis in object-oriented systems,” in Proceed-ings of the IEEE International Conference on Software Mainte-nance (ICSM ’99), Oxford , UK, 1999, pp. 475–482.

[33] D. Kung, J. Gao, P. Hsia, and F. Wen, “Change impact identificationin object oriented software maintenance,” in International Confer-ence on Software Maintenance, Victoria, BC, Canada, September1994, pp. 202–211.

[34] V. Rajlich, “A model for change propagation based on graphrewriting,” in Proceedings of the 13th International Conference onSoftware Maintenance (ICSM ’97), Bari, Italy, October 1997, pp.84–91.

[35] G. Pirklbauer, C. Fasching, and W. Kurschl, “Improving changeimpact analysis with a tight integrated process and tool,” in Pro-ceedings of the Seventh International Conference on InformationTechnology, Las Vegas, Nevada, USA, April 2010, pp. 956–961.

[36] C. Fasching, “A tool for software visualization to support Im-pact Analysis (in German: Ein Visualisierungswerkzeug zur Un-terstutzung der Auswirkungsanalyse),” Master’s thesis, Upper Aus-tria University of Applied Sciences, Hagenberg, Austria, 2009.

[37] S. A. Bohner, “Extending software change impact analysis intoCOTS components,” in Proceedings of the Annual NASA GoddardSoftware Engineering Workshop, 2002, pp. 175–182.

[38] M. Zalewski and S. Schupp, “Change impact analysis for generic li-braries,” in Proceedings of the 22nd IEEE International Conferenceon Software Maintenance (ICSM’06), Philadelphia, Pennsylvania,September 2006, pp. 35–44.

Page 36: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

[39] M. Petrenko and V. Rajlich, “Variable granularity for improvingprecision of impact analysis,” in Proceedings of the IEEE 17thInternational Conference on Program Comprehension (ICPC ’09),Vancouver, BC, May 2009, pp. 10–19.

[40] S. Black, “Computing ripple effect for software maintenance,”Journal of Software Maintenance and Evolution: Research andPractice, vol. 13, pp. 263–279, 2001.

[41] S. S. Yau, J. S. Collofello, and T. M. McGregor, “Ripple effect anal-ysis of software maintenance,” in Proceedings Computer Softwareand Applications Conference (COMPSAC 78). IEEE ComputerSociety Press: Piscataway NJ, 1978, pp. 60–65.

[42] H. Bilal and S. Black, “Computing ripple effect for object ori-ented software,” in Proceedings of the 10th ECOOP Workshop onQuantitative Approaches in Object-Oriented Software Engineering(QAOOSE ’06), Nantes, France, July 2006, pp. 51–60.

[43] L. Li and A. J. Offutt, “Algorithmic analysis of the impact ofchanges on object-oriented software,” in Proceedings of the In-ternational Conference on Software Maintenance, Monterey, CA ,USA, November 1996, pp. 171–184.

[44] A. Beszedes, T. Gergely, J. Jasz, G. Toth, T. Gyimothy, andV. Rajlich, “Computation of static execute after relation withapplications to software maintenance,” in Proceedings of the IEEEInternational Conference on Software Maintenance (ICSM 2007),Paris, October 2007, pp. 295–304.

[45] J. Jasz, A. Beszedes, T. Gyimothy, and V. Rajlich, “Static executeafter/before as a replacement of traditional software dependencies,”in Proceedings of the IEEE International Conference on SoftwareMaintenance (ICSM ’08), Beijing, October 2008, pp. 137–146.

[46] K. Chen and V. Rajlich, “RIPPLES: Tool for change in legacysoftware,” in Proceedings of the IEEE International Conference onSoftware Maintenance, Florence, Italy, November 2001, pp. 230–239.

[47] S. Gwizdala, Y. Jiang, and V. Rajlich, “Jtracker - a tool for changepropagation in java,” in Proceedings of the Seventh EuropeanConference on Software Maintenance and Reengineering, March2003, pp. 223–229.

[48] L. Bishop, “Incremental impact analysis for object-oriented soft-ware,” Master’s thesis, Iowa State University, 2004.

[49] F. Tip, “A survey of program slicing techniques,” Journal ofProgramming Languages, vol. 3, pp. 121–189, 1994.

[50] J. Korpi and J. Koskinen, “Supporting impact analysis by programdependence graph based forward slicing,” in Advances and Inno-vations in Systems, Computing Sciences and Software Engineering,K. Elleithy, Ed. Springer Netherlands, 2007, pp. 197–202.

[51] K. B. Gallagher and J. R. Lyle, “Using program slicing in softwaremaintenance,” IEEE Transactions on Software Engineering, vol. 17,no. 8, pp. 751–761, August 1991.

[52] M. Hutchins and K. Gallagher, “Improving visual impact analysis,”in Proceedings of the 14th IEEE International Conference on Soft-ware Maintenance (ICSM’98), Bethesda, Maryland, USA, March1998, pp. 294–303.

[53] P. Tonella, “Using a concept lattice of decomposition slices forprogram understanding and impact analysis,” IEEE Transactionson Software Engineering, vol. 29, no. 6, pp. 495–509, June 2003.

[54] D. Binkley and M. Harman, “Locating dependence clusters anddependence pollution,” in Proceedings of the 21st InternationalConference on Software Maintenance (ICSM’05), September 2005,pp. 177–186.

[55] L. Vidacs, A. Beszedes, and R. Ferenc, “Macro impact analysisusing macro slicing,” in Proceedings of the Second InternationalConference on Software and Data Technologies (ICSOFT ’07),2007, pp. 230–235.

[56] R. Santelices and M. J. Harrold, “Probabilistic slicing for predictiveimpact analysis,” Georgia Tech Center for Experimental Researchin Computer Systems (CERCS), Tech. Rep., 2010.

[57] J. Law and G. Rothermel, “Whole program path-based dynamicimpact analysis,” in Proceedings of the International Conferenceon Software Engineering (2003), 2003, pp. 308–318.

[58] ——, “Incremental dynamic impact analysis for evolving softwaresystems,” in Proceedings of the 14th International Symposium onSoftware Reliability Engineering (ISSRE’03), November 2003, pp.430–441.

[59] A. Orso, T. Apiwattanapong, and M. J. Harrold, “Leveraging fielddata for impact analysis and regression testing,” in Proceedings

of the 9th European software engineering conference held jointlywith 11th ACM SIGSOFT international symposium on Foundationsof software engineering (ESEC/FSE’03), Helsinki, Finland, 2003,pp. 128–137.

[60] B. Breech, A. Danalis, S. Shindo, and L. Pollock, “Online impactanalysis via dynamic compilation technology,” in Proceedings ofthe 20th IEEE International Conference of Software Maintenance,September 2004, pp. 453–457.

[61] B. Breech, M. Tegtmeyer, and L. Pollock, “Integrating influencemechanisms into impact analysis for increased precision,” in Pro-ceedings of the 22nd IEEE International Conference on SoftwareMaintenance (ICSM ’06), Philadelphia, PA, December 2006, pp.55–65.

[62] T. Apiwattanapong, A. Orso, and M. J. Harrold, “Efficient andprecise dynamic impact analysis using execute-after sequences,”in Proceedings of the International Conference on Software Engi-neering (ICSE 2005), St. Louis, MO, May 2005, pp. 432–441.

[63] L. Huang and Y.-T. Song, “Dynamic impact analysis using exe-cution profile tracing,” in Proceedings of the Fourth InternationalConference on Software Engineering Research, Management andApplications (SERA’06), Seattle, Washington, August 2006, pp.237–244.

[64] A. Beszedes, T. Gergely, S. Farago, T. Gyimothy, and F. Fischer,“The dynamic function coupling metric and its use in softwareevolution,” in Proceedings of the 11th European Conference onSoftware Maintenance and Reengineering (CSMR’07), Amsterdam,the Netherlands, March 2007, pp. 103–112.

[65] C. Gupta, Y. Singh, and D. S. Chauhan, “An efficient dynamic im-pact analysis using definition and usage information,” InternationalJournal of Digital Content Technology and its Applications, vol. 3,no. 4, pp. 112–115, 2009.

[66] ——, “A dynamic approach to estimate change impact using typeof change propagation,” Journal of Information Processing Systems,vol. 6, no. 4, pp. 597–608, December 2010.

[67] R. Vanciu and V. Rajlich, “Hidden dependencies in softwaresystems,” in Proceedings of the IEEE International Conference onSoftware Maintenance (ICSM ’10), Timisoara, September 2010, pp.1–10.

[68] J. Han, “Supporting impact analysis and change propagation insoftware engineering environments,” Monash University, PeninsulaSchool of Computing & Information Technology, McMahons Road,Frankston, Victoria 3199, Australia, Tech. Rep. 96-09, October1996.

[69] M. A. Chaumun, H. Kabaili, R. K. Keller, and F. Lustman,“A change impact model for changeability assessment in object-oriented software systems,” in Proceedings of the Third EuropeanConference on Software Maintenance and Reengineering, 1999, pp.130–149.

[70] E. Arisholm, L. C. Briand, and A. Foyen, “Dynamic couplingmeasurement for object-oriented software,” IEEE Transactions onSoftware Engineering, vol. 30, no. 8, pp. 491–506, 2004.

[71] X. Sun, B. Li, C. Tao, W. Wen, and S. Zhang, “Change impactanalysis based on a taxonomy of change types,” in Proceedingsof the IEEE 34th Annual Computer Software and ApplicationsConference, Seoul, Korea (South), July 2010, pp. 373–382.

[72] D. Binkley and D. Lawrie, “Information retrieval applications insoftware maintenance and evolution,” in Encyclopedia of SoftwareEngineering, P. Laplante, Ed. Taylor & Francis LLC, 2010, ch. 2.

[73] G. Antoniol, G. Canfora, G. Casazza, and A. De Lucia, “Identifyingthe starting impact set of a maintenance request: A case study,”in Proceedings of the Fourth European Conference on SoftwareMaintenance and Reengineering, Zurich, Switzerland, February2000, pp. 227–230.

[74] S. Vaucher, H. Sahraoui, and J. Vaucher, “Discovering new changepatterns in object-oriented systems,” in Proceedings of the 200815th Working Conference on Reverse Engineering (WCRE ’08),Washington, DC, USA, 2008, pp. 37–41.

[75] D. Poshyvanyk, A. Marcus, R. Ferenc, and T. Gyimothy, “Usinginformation retrieval based coupling measures for impact analysis,”Empirical Software Engineering, vol. 14, no. 1, pp. 5–32, 2009.

[76] Y. Zhou, M. Wuersch, E. Giger, H. Gall, and J. Lue, “A bayesiannetwork based approach for change coupling prediction,” in Pro-ceedings of the 15th Working Conference on Reverse Engineering2008, October 2008, pp. 27–36.

Page 37: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

[77] N. Tsantalis, A. Chatzigeorgiou, and G. Stephanides, “Predictingthe probability of change in object-oriented systems,” IEEE Trans-actions on Software Engineering, vol. 31, no. 7, pp. 601–614, July2005.

[78] M. Abdi, H. Lounis, and H. Sahraoui, “Analyzing change impact inobject-oriented systems,” in Proceedings of the 32nd EUROMICROConference on Software Engineering and Advanced Applications(EUROMICRO’06), Cavtat/Dubrovnik (Croatia), August 2006, pp.310–319.

[79] ——, “Using coupling metrics for change impact analysis in object-oriented systems,” in Proceedings of the 10th ECOOP Workshop onQuantitative Approaches in Object-Oriented Software Engineering(QAOOSE ’06), Nantes, France, July 2006, pp. 61–70.

[80] ——, “A probabilistic approach for change impact prediction inobject-oriented systems,” in Proceedings of the 2nd Workshop onArtificial Intelligence Techniques in Software Engineering (AISEW2009), Thessaloniki, Greece, April 2009, pp. 189–200.

[81] ——, “Predicting change impact in object-oriented applicationswith bayesian networks,” in Computer Software and ApplicationsConference, 2009. COMPSAC ’09. 33rd Annual IEEE Interna-tional, Seattle, WA, July 2009, pp. 234–239.

[82] S. Mirarab, A. Hassouna, and L. Tahvildari, “Using bayesian beliefnetworks to predict change propagation in software systems,” inProceedings of the 15th IEEE International Conference on ProgramComprehension (ICPC ’07), Banff, Alberta, Canada, June 2007, pp.177–188.

[83] M. Gethers and D. Poshyvanyk, “Using relational topic modelsto capture coupling among classes in object-oriented software sys-tems,” in Proceedings of the 26th IEEE International Conference onSoftware Maintenance (ICSM’10), Timisoara, Romania, September2010, pp. 1–10.

[84] B. Fluri, H. C. Gall, and M. Pinzger, “Fine-grained analysisof change couplings,” in Proceeding of the Fifth IEEE Interna-tional Workshop on Source Code Analysis and Manipulation 2005,November 2005, pp. 66–74.

[85] B. Fluri and H. C. Gall, “Classifying change types for qualifyingchange couplings,” in Proceeding of the 14th IEEE InternationalConference on Program Comprehension (ICPC 2006), Athens,2006, pp. 35–45.

[86] H. Gall, M. Jazayeri, and J. Krajewski, “CVS release history datafor detecting logical couplings,” in Proceedings of the Sixth Inter-national Workshop on Principles of Software Evolution, September2003.

[87] T. Zimmermann, P. Weissgerber, S. Diehl, and A. Zeller, “Miningversion histories to guide software changes,” IEEE Transactions onSoftware Engineering, vol. 31, no. 6, pp. 429–445, June 2005.

[88] S. Ducasse, T. Gırba, and J.-M. Favre, “Modeling software evo-lution by treating history as a first class entity,” in Proceedingsof the Workshop on Software Evolution through Transformations:Model-based vs. Implementation-level Solutions (SETra ’04), 2004,pp. 71–82.

[89] T. Gırba and M. Lanza, “Visualizing and characterizing the evolu-tion of class hierarchies,” in Proceeding of the Fifth InternationalWorkshop on Object-Oriented Reengineering (WOOR 2004), 2004.

[90] T. Gırba, M. Lanza, and S. Ducasse, “Characterizing the evolutionof class hierarchies,” in Proceeding of the Ninth European Con-ference on Software Maintenance and Reengineering (CSMR’05),2005, pp. 2–11.

[91] T. Gırba and S. Ducasse, “Modeling history to analyze softwareevolution,” Journal of Software Maintenance and Evolution: Re-search and Practice, vol. 18, pp. 207–236, 2006.

[92] T. Gırba, S. Ducasse, and M. Lanza, “Yesterdays Weather: Guidingearly reverse engineering efforts by summarizing the evolution ofchanges,” in Proceeding of the 20th IEEE International Conferenceon Software Maintenance (ICSM 04). IEEE Computer Society,2004, pp. 40–49.

[93] T. Gırba, S. Ducasse, and A. Kuhn, “Using concept analysis to de-tect co-change patterns,” in Proceedings of the Ninth internationalworkshop on Principles of software evolution: in conjunction withthe 6th ESEC/FSE joint meeting, Dubrovnik, Croatia, 2007, pp.83–89.

[94] A. T. Ying, G. C. Murphy, R. Ng, and M. C. Chu-Carroll,“Predicting source code changes by mining change history,” IEEE

Transactions on Software Engineering, vol. 30, no. 9, pp. 574–586,September 2004.

[95] A. E. Hassan and R. C. Holt, “Predicting change propagation insoftware systems,” in Proceedings of the 20th IEEE InternationalConference on Software Maintenance (ICSM 2004), September2004, pp. 284–293.

[96] S. Bouktif, Y.-G. Gueheneuc, and G. Antoniol, “Extracting change-patterns from CVS repositories,” in Proceedings of the 13th Work-ing Conference on Reverse Engineering (WCRE ’06), Benevento,October 2006, pp. 221–230.

[97] T. Zimmermann and P. Weissgerber, “Preprocessing CVS datafor fine-grained analysis,” in Proceedings of the 1st InternationalWorkshop on Mining Software Repositories, 2004, pp. 2–6.

[98] R. Robbes and M. Lanza, “A change-based approach to softwareevolution,” Electronic Notes in Theoretical Computer Science, vol.166, pp. 93–109, January 2007.

[99] R. Robbes, M. Lanza, and M. Lungu, “An approach to softwareevolution based on semantic change,” in Fundamental Approachesto Software Engineering, ser. Lecture Notes in Computer Science.Springer Berlin / Heidelberg, 2007, vol. 4422, pp. 27–41.

[100] R. Robbes and M. Lanza, “SpyWare: A change-aware developmenttoolset,” in Proceedings of the 30th international conference onSoftware engineering (ICSE ’08), Leipzig, Germany, May 2008,pp. 847–850.

[101] S. Wong and Y. Cai, “Predicting change impact from logicalmodels,” in Proceedings of the IEEE International Conferenceon Software Maintenance (ICSM ’09), Edmonton, AB, Canada,September 2009, pp. 467–470.

[102] H. Kagdi and J. I. Maletic, “Software-change prediction: Esti-mated+actual,” in Proceedings of the Second International IEEEWorkshop on Software Evolvability (SE ’06), Philadelphia, PA,September 2006, pp. 38–43.

[103] H. Kagdi, “Improving change prediction with fine-grained sourcecode mining,” in Proceedings of the twenty-second IEEE/ACMinternational conference on Automated software engineering, NewYork, NY, USA, 2007, pp. 559–562.

[104] H. Kagdi and J. I. Maletic, “Combining single-version and evolu-tionary dependencies for software-change prediction,” in Proceed-ings of 4th International Workshop on Mining Software Reposito-ries (MSR’07), Minneapolis, MN, May 2007, pp. 107–110.

[105] D. M. German, A. E. Hassan, and G. Robles, “Change impactgraphs: Determining the impact of prior code changes,” Informationand Software Technology, vol. 51, pp. 1394–1408, 2009.

[106] G. Canfora and L. Cerulo, “Impact analysis by mining softwareand change request repositories,” in Proceedings of the 11th IEEEInternational Software Metrics Symposium (METRICS’05), Como,Italy, September 2005, pp. 29–38.

[107] ——, “Fine grained indexing of software repositories to supportimpact analysis,” in Proceedings of the International Workshop onMining Software Repositories (MSR’06), 2006, pp. 105–111.

[108] M. Ceccarelli, L. Cerulo, G. Canfora, and M. Di Penta, “An eclecticapproach for change impact analysis,” in Proceedings of the 32ndACM/IEEE International Conference on Software Engineering,vol. 2, 2010, pp. 163–166.

[109] G. Canfora, M. Ceccarelli, L. Cerulo, and M. Di Penta, “Usingmultivariate time series and association rules to detect logicalchange coupling: an empirical study,” in Proceedings of the 26thIEEE International Conference on Software Maintenance (ICSM2010), 2010.

[110] H. Kabaili, R. K. Keller, and F. Lustman, “A change impact modelencompassing ripple effect and regression testing,” in Proceedingsof the Fifth International Workshop on Quantitative Approaches inObject-Oriented Software Engineering, Budapest, Hungary, 2001,pp. 25–33.

[111] J.-P. Queille, J.-F. Voidrot, N. WiIde, and M. Munro, “The impactanalysis task in software maintenance: A model and a case study,”in Proceedings of the International Conference on Software Main-tenance, Victoria, BC, Canada, September 1994, pp. 234–242.

[112] S. Barros, T. Bodhuin, A. Escudie, J. Queille, and J. Voidrot,“Supporting impact analysis: a semi-automated technique and as-sociated tool,” in Proceedings of the 11th International Conferenceon Software Maintenance (ICSM’95), Opio (Nice), France, October1995, pp. 42–51.

Page 38: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

[113] L. Huang and Y.-T. Song, “Precise dynamic impact analysis withdependency analysis for object-oriented programs,” in Proceedingsof the 5th ACIS International Conference on Software Engineer-ing Research, Management & Applications (SERA 2007), Busan,August 2007, pp. 374–384.

[114] ——, “A dynamic impact analysis approach for object-orientedprograms,” in Proceedings of the Conference on Advanced Soft-ware Engineering and Its Applications (ASEA ’08), Hainan Island,December 2008, pp. 217–220.

[115] R. J. Walker, R. Holmes, I. Hedgeland, P. Kapur, and A. Smith, “Alightweight approach to technical risk estimation via probabilisticimpact analysis,” in Proceedings of the 2006 international work-shop on Mining software repositories (MSR ’06), Shanghai, China,2006, pp. 98–104.

[116] M. C. O. Maia, R. A. Bittencourt, J. C. A. de Figueiredo, andD. D. S. Guerrero, “The hybrid technique for object-orientedsoftware change impact analysis,” in Proceedings of the 14thEuropean Conference on Software Maintenance and Reengineering(CSMR ’10), Madrid, Spain, March 2010, pp. 252–255.

[117] S. Wong, Y. Cai, and M. Dalton, “Change impact analysis withstochastic dependencies,” Drexel University Philadelphia, PA, USA,Tech. Rep., 2011.

[118] H. Kagdi, M. Gethers, D. Poshyvanyk, and M. L. Collard, “Blend-ing conceptual and evolutionary couplings to support change im-pact analysis in source code,” in Proceedings of the 17th IEEEWorking Conference on Reverse Engineering (WCRE’10), Beverly,Massachusetts, USA, October 2010, pp. 119–128.

[119] X. Sun, B. Li, C. Tao, and S. Zhang, “HSM-based change impactanalysis of object-oriented Java programs,” Chinese Journal ofElectronics, vol. 20, no. 2, pp. 247–251, April 2011.

[120] R. N. Mohamad, “A change impact analysis approach using visual-ization method,” Master’s thesis, Malaysia University of Technol-ogy, Faculty of Computer Science and Information Systems, 2010.

[121] S. Ibrahim, N. B. Idris, M. Munro, and A. Deraman, “Integratingsoftware traceability for change impact analysis,” The InternationalArab Journal of Information Technology, vol. 2, no. 4, pp. 301–308,October 2005.

[122] ——, “A requirements traceability to support change impact anal-ysis,” Asean Journal of Information Technology, vol. 4, no. 4, pp.345–355, 2005.

[123] ——, “A software traceability validation for change impact analysisof object oriented software,” in Proceedings of the InternationalConference on Software Engineering Research and Practice &Conference on Programming Languages and Compilers, SERP2006, vol. 1, Las Vegas, Nevada, USA, June 2006, pp. 453–459.

[124] M. L. Lee, “Change impact analysis of object-oriented software,”Ph.D. dissertation, Graduate Faculty of George Mason University,Fairfax, Virginia, 1998.

[125] D. Popescu, J. Garcia, K. Bierhoff, and N. Medvidovic, “Helios:Impact analysis for event-based systems,” in Proceedings of the32nd International Conference on Software Engineering (ICSE),2010.

[126] D. Popescu, “Impact analysis for event-based components andsystems,” in Proceedings of the 32nd ACM/IEEE InternationalConference on Software Engineering, vol. 2, New York, USA, 2010.

[127] L. Moonen, “Lightweight impact analysis using island grammars,”in Proceedings of the 10th International Workshop on ProgramComprehension, December 2002, pp. 219–228.

[128] M. A. Hoffman, “Automated impact analysis of object-orientedsoftware systems,” in Proceedings of Conference on Object Ori-ented Programming Systems Languages and Applications (OOP-SLA ’03), Anaheim, CA, October 2003, pp. 72–73.

[129] A. Aryani, I. D. Peake, M. Hamilton, and H. Schmidt, “Changepropagation analysis using domain information,” in AustralianSoftware Engineering Conference 2009, Gold Coast, Australia,April 2009, pp. 34–43.

[130] A. Aryani, I. D. Peake, and M. Hamilton, “Domain-based changepropagation analysis: An enterprise system case study,” in Pro-ceedings of the IEEE International Conference on Software Main-tenance (ICSM ’10), Timisoara, September 2010, pp. 1–9.

[131] L. Briand, Y. Labiche, and L. O’Sullivan, “Impact analysis andchange management of UML models,” in Proceedings of the 19thInternational Conference on Software Maintenance, 2003, pp. 256–265.

[132] L. Briand, Y. Labiche, L. O’Sullivan, and M. Sowka, “Automatedimpact analysis of UML models,” Journal of Systems and Software,vol. 79, pp. 339–352, 2006.

[133] C. Dantas, L. Murta, and C. Werner, “Mining change traces fromversioned UML repositories,” in Proceedings of the BrazilianSymposium on Software Engineering (SBES’07), 2007, pp. 236–252.

[134] Z. Xing and E. Stroulia, “Data-mining in support of detecting classco-evolution,” in Proceedings of the 16th International Conferenceon Software Engineering & Knowledge Engineering (SEKE’04),June 2004, pp. 123–128.

[135] ——, “Understanding class evolution in object-oriented software,”in Proceedings of the 12th IEEE International Workshop on Pro-gram Comprehension (IWPC’04), June 2004, pp. 34–43.

[136] ——, “UMLDiff: An algorithm for object-oriented design dif-ferencing,” in Proceedings of the 20th IEEE/ACM internationalConference on Automated software engineering (ASE ’05), LongBeach, California, USA, November 2005, pp. 54–65.

[137] A. McNair, D. M. German, and J. Weber-Jahnke, “Visualizingsoftware architecture evolution using change-sets,” in Proceedingsof the 14th Working Conference on Reverse Engineering (WCRE’07), Vancouver, BC, October 2007, pp. 130–139.

[138] N. Yoo and H.-A. Choi, “An XML-based approach for interfaceimpact analysis in sustained system,” in Proceedings of the Inter-national Conference on Information and Knowledge Engineering(IKE’04), Las Vegas, Nevada, USA, June 2004, pp. 161–167.

[139] F. de Boer, M. Bonsangue, L. Groenewegen, A. Stam, S. Stevens,and L. van der Torre, “Change impact analysis of enterprisearchitectures,” in Proceedings of the IEEE International Conferenceon Information Reuse and Integration (IRI), August 2005, pp. 177–181.

[140] U. Vora, “Change impact analysis and software evolution specifica-tion for continually evolving systems,” in Proceedings of the FifthInternational Conference on Software Engineering Advances, Nice,France, August 2010, pp. 238–243.

[141] T. Feng and J. I. Maletic, “Applying dynamic change impactanalysis in component-based architecture design,” in Proceedingof the Seventh International Conference on Software Engineering,Artificial Intelligence, Networking and Parallel/Distributed Com-puting (SNPD 2006), Las Vegas, Nevada, USA, June 2006, pp.43–48.

[142] A. Tang, A. Nicholson, Y. Jin, and J. Han, “Using bayesian beliefnetworks for change impact analysis in architecture design,” TheJournal of Systems and Software, vol. 80, pp. 127–148, 2007.

[143] J. Zhao, H. Yang, L. Xiang, and B. Xu, “Change impact analysis tosupport architectural evolution,” Journal of Software Maintenance,vol. 14, no. 5, pp. 317–333, 2002.

[144] K. van den Berg, “Change impact analysis of crosscutting insoftware architectural design,” in Proceedings of the Workshop onArchitecture-Centric Evolution (ACE 2006), Nantes, July 2006, pp.1–15.

[145] J. Hewitt and J. Rilling, “A light-weight proactive software changeimpact analysis using use case maps,” in Proceedings of theIEEE International Workshop on Software Evolvability (Software-Evolvability’05), Budapest, Hungary, September 2005, pp. 41–48.

[146] N. Nurmuliani, D. Zowghi, and S. P. Williams, “Requirementsvolatility and its impact on change effort: Evidence-based researchin software development projects,” in Proceedings of the 11thAustralian Workshop on Requirements Engineering, Adelaide, Aus-tralia, 2006.

[147] N. Mellegard and M. Staron, “Improving efficiency of changeimpact assessment using graphical requirement specifications: Anexperiment,” in Product-Focused Software Process Improvement.Springer Berlin / Heidelberg, 2010, vol. 6156, pp. 336–350.

[148] S. Lock and G. Kotonya, “An integrated, probabilistic frameworkfor requirement change impact analysis,” Australasian Journal ofInformation Systems, vol. 6, no. 2, pp. 38–63, September 1999.

[149] D. ten Hove, A. Goknil, I. Kurtev, K. Berg van den, andK. Goede de, “Change impact analysis for sysml requirementsmodels based on semantics of trace relations,” in Proceedings ofthe ECMDA Traceability Workshop (ECMDA-TW), Enschede, theNetherlands, June 2009, pp. 17–28.

[150] J. Hassine, J. Rilling, J. Hewitt, and R. Dssouli, “Change im-pact analysis for requirement evolution using use case maps,” in

Page 39: A review of software change impact analysis · 2018-10-17 · different software artifacts and to analyze impact relations between them. The interconnection of different types of

Proceedings of the 8th International Workshop on Principles ofSoftware Evolution, 2005, pp. 81–90.

[151] A. Goknil, I. Kurtev, and K. van den Berg, “Change impact analysisbased on formalization of trace relations for requirements,” inProceedings of the EC-MDA Traceability Workshop (ECMDA-TW),2008, pp. 59–75.

[152] W.-T. Lee, W.-Y. Deng, J. Lee, and S.-J. Lee, “Change impact anal-ysis with a goal-driven traceability-based approach,” InternationalJournal of Intelligent Systems, vol. 25, pp. 878–908, August 2010.

[153] W. Spijkerman, “Tool support for change impact analysis in re-quirement models - exploiting semantics of requirement relationsas traceability relations,” Master’s thesis, Faculty of ElectricalEngineering, Mathematics and Computer Science, University ofTwente, October 2010.

[154] P. Jonsson, “Impact analysis organisational views and supporttechniques,” Ph.D. dissertation, Department of Systems and Soft-ware Engineering School of Engineering Blekinge Institute ofTechnology Sweden, 2005.

[155] J. S. O’Neal and D. L. Carver, “Analyzing the impact of changingrequirements,” in Proceedings of the IEEE International Conferenceon Software Maintenance, Florence, Italy, November 2001, pp.190–195.

[156] J. S. O’Neal, “Analyzing the impact of changing software re-quirements: A traceability-based methodology,” Ph.D. dissertation,Louisiana State University, 2003.

[157] G. Antoniol, V. F. Rollo, and G. Venturi, “Detecting groups ofco-changing files in CVS repositories,” in Proceedings of theEighth International Workshop on Principles of Software Evolution(IWPSE’05), Lisbon, Portugal, September 2005, pp. 23–32.

[158] D. Beyer and A. Noack, “Clustering software artifacts based on fre-quent common changes,” in Proceedings of the 13th InternationalWorkshop on Program Comprehension (IWPC’05), 2005, pp. 259–268.

[159] M. Askari and R. Holt, “Information theoretic evaluation of changeprediction models for large-scale software,” in Proceedings ofthe 3rd International Workshop on Mining Software Repositories(MSR06), New York, 2006, pp. 126–132.

[160] M. Sherriff and L. Williams, “Empirical software change impactanalysis using singular value decomposition,” IBM, North CarolinaState University, Tech. Rep., 2007.

[161] M.-A. Jashki, R. Zafarani, and E. Bagheri, “Towards a more effi-cient static software change impact analysis method,” in Proceed-ings of the 8th ACM SIGPLAN-SIGSOFT workshop on Programanalysis for software tools and engineering (PASTE ’08), 2008.

[162] S. Nadi, R. Holt, and S. Mankovskii, “Does the past say it all?using history to predict change sets in a CMDB,” in Proceedingsof the 14th European Conference on Software Maintenance andReengineering, Madrid, Spain, March 2010, pp. 97–106.

[163] T.-h. Kim, K. Kim, and W. Kim, “An interactive change impactanalysis based on an architectural reflexion model approach,” inProceedings of the IEEE 34th Annual Computer Software andApplications Conference (COMPSAC ’10), Seoul, July 2010, pp.297–302.

[164] G. C. Murphy, D. Notkin, and K. Sullivan, “Software reflexionmodels: Bridging the gap betwen source and high-level models,” inProceedings of the 3rd ACM SIGSOFT symposium on Foundationsof software engineering (SIGSOFT ’95), Washington, D.C., USA,October 1995, pp. 18–28.

[165] ——, “Software reflexion models: Bridging the gap between designand implementation,” IEEE Transactions on Software Engineering,vol. 27, no. 4, pp. 364–380, April 2001.

[166] M. Hammad, M. L. Collard, and J. I. Maletic, “Automaticallyidentifying changes that impact code-to-design traceability,” inProceedings of the IEEE 17th International Conference on ProgramComprehension (ICPC ’09), Vancouver, BC, May 2009, pp. 20–29.

[167] A. R. Sharafat and L. Tahvildari, “A probabilistic approach to pre-dict changes in object-oriented software systems,” in Proceedingsof the 11th European Conference on Software Maintenance andReengineering (CSMR ’07), Amsterdam, Netherlands, March 2007,pp. 27–38.

[168] ——, “Change prediction in object-oriented software systems: Aprobabilistic approach,” Journal of Software, vol. 3, no. 5, pp. 26–39, May 2008.

[169] J. Hutchinson, G. Kotonya, B. Bloin, and P. Sawyer, “Understand-ing the impact of change in COTS-based systems,” in Proceedingsof the International Conference on Software Engineering Researchand Practice (SERP ’03), Las Vegas, USA, June 2003.

[170] G. Kotonya and J. Hutchinson, “Analysing the impact of changein COTS-based systems,” Lecture Notes in Computer Science, vol.3412, pp. 212–222, 2005.

[171] H. Xiao, J. Guo, and Y. Zou, “Supporting change impact analysisfor service oriented business applications,” in Proceedings of theInternational Workshop on Systems Development in SOA Environ-ments (SDSOA ’07), 2007, pp. 6–11.

[172] S. A. Bohner, “Software change impacts-an evolving perspective,”in Proceedings of the International Conference on Software Main-tenance, 2002, pp. 263–272.

[173] S. A. Bohner and D. Gracanin, “Software impact analysis in avirtual environment,” in Proceedings of the 28th Annual NASAGoddard Software Engineering Workshop, December 2003, pp.143–151.

[174] S. S. Khan and S. Lock, “Concern tracing and change impactanalysis: An exploratory study,” in Proceedings of the 2009 ICSEWorkshop on Aspect-Oriented Requirements Engineering and Ar-chitecture Design, Vancouver, BC, Canada, May 2009, pp. 44–48.

[175] B. Yu, A. Mili, W. Abdelmoez, R. Gunnalan, M. Shereshevsky,and H. H. Ammar, “Requirements change impact in softwarearchitecture.”

[176] L. Briand, Y. Labiche, K. Buist, and G. Soccar, “Automating impactanalysis and regression test selection based on UML designs,” inProceedings of the 18th IEEE International Conference on SoftwareMaintenance (ICSM’02), Montreal, Quebec, Canada, October 2002,pp. 252–261.

[177] A. von Knethen and M. Grund, “QuaTrace: a tool environment for(semi-) automatic impact analysis based on traces,” in Proceedingsof the International Conference on Software Maintenance (ICSM2003), September 2003, pp. 246–255.

[178] M. Lindvall and K. Sandahl, “Traceability aspects of impact anal-ysis in object-oriented systems,” Journal of Software Maintenance:Research and Practice, vol. 10, pp. 37–57, January 1998.

[179] S. Looman, “Impact analysis of changes in functional requirementsin the behavioral view of software architectures,” Master’s thesis,University of Twente, Faculty of Electrical Engineering, Mathemat-ics and Computer Science, 2009.

[180] M. O. Hassan, L. Deruelle, and H. Basson, “A knowledge-basedsystem for change impact analysis on software architecture,” inProceedings of the Fourth International Conference on ResearchChallenges in Information Science (RCIS), Nice, France, May 2010,pp. 545–556.

[181] C. Y. Baldwin and K. B. Clark, Design Rules: The Power ofModularity. Cambridge, MA, USA: MIT Press, 2000.

[182] J. Buckner, J. Buchta, M. Petrenko, and V. Rajlich, “JRipples:A tool for program comprehension during incremental change,”in Proceedings of the 13th International Workshop on ProgramComprehension (IWPC 05), May 2005, pp. 149–151.