TY - GEN
T1 - Estimating the accuracy of dynamic change-impact analysis using sensitivity analysis
AU - Cai, Haipeng
AU - Santelices, Raul
AU - Xu, Tianyu
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014
Y1 - 2014
N2 - The reliability and security of software are affected by its constant changes. For that reason, developers use change-impact analysis early to identify the potential consequences of changing a program location. Dynamic impact analysis, in particular, identifies potential impacts on concrete, typical executions. However, the accuracy (precision and recall) of dynamic impact analyses for predicting the actual impacts of changes has not been studied. In this paper, we present a novel approach based on sensitivity analysis and execution differencing to estimate, for the first time, the accuracy of dynamic impact analyses. Unlike approaches that only use software repositories, which might not be available or might contain insufficient changes, our approach makes changes to every part of the software to identify actually impacted code and compare it with the predictions of dynamic impact analysis. Using this approach in addition to changes made by other researchers on multiple Java subjects, we estimated the accuracy of the best method-level dynamic impact analysis in the literature. Our results suggest that dynamic impact analysis can be surprisingly inaccurate with an average precision of 47-52% and recall of 56-87%. This study offers insights to developers into the effectiveness of existing dynamic impact analyses and motivates the future development of more accurate analyses.
AB - The reliability and security of software are affected by its constant changes. For that reason, developers use change-impact analysis early to identify the potential consequences of changing a program location. Dynamic impact analysis, in particular, identifies potential impacts on concrete, typical executions. However, the accuracy (precision and recall) of dynamic impact analyses for predicting the actual impacts of changes has not been studied. In this paper, we present a novel approach based on sensitivity analysis and execution differencing to estimate, for the first time, the accuracy of dynamic impact analyses. Unlike approaches that only use software repositories, which might not be available or might contain insufficient changes, our approach makes changes to every part of the software to identify actually impacted code and compare it with the predictions of dynamic impact analysis. Using this approach in addition to changes made by other researchers on multiple Java subjects, we estimated the accuracy of the best method-level dynamic impact analysis in the literature. Our results suggest that dynamic impact analysis can be surprisingly inaccurate with an average precision of 47-52% and recall of 56-87%. This study offers insights to developers into the effectiveness of existing dynamic impact analyses and motivates the future development of more accurate analyses.
KW - Change-impact analysis
KW - Dynamic analysis
KW - Empirical studies
KW - Execution differencing
KW - Sensitivity analysis
KW - Software evolution
UR - https://www.scopus.com/pages/publications/84908616596
U2 - 10.1109/SERE.2014.18
DO - 10.1109/SERE.2014.18
M3 - Conference contribution
AN - SCOPUS:84908616596
T3 - Proceedings - 8th International Conference on Software Security and Reliability, SERE 2014
SP - 48
EP - 57
BT - Proceedings - 8th International Conference on Software Security and Reliability, SERE 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th International Conference on Software Security and Reliability, SERE 2014
Y2 - 30 June 2014 through 2 July 2014
ER -