Automated Analysis Of Software Traceability Based On Code Dependencies

Software traceability refers to the ability of creating and maintaining relations between software artifacts based on the functionalities of software systems (a.k.a trace links or traces). The goal of software traceability is to help developers understand the effect of changed functionalities in modified software artifacts when the systems evolves. Cur-rently, the practice of software traceability is still a manual task including capturing, maintaining, and validating the requirements-to-code trace matrices. Unfortunately, this manual task is labor-intensive and error-prone. Meanwhile, the trends in soft-ware development such as the more iterative process, the emerging maintenance and evolution oriented approaches, and the increasing complexity of software have further increased the need of automated software traceability. Therefore, the automated anal-ysis of requirements-to-code traceability becomes one of the most representative and challenging work in software engineering research.In general, there are two perspectives that the automated analyses can take ad-vantages from, which are the textual information in a software system (such as the requirements specification and the text of source code) and the dependencies among code elements (such as call and data dependencies in the code). To demonstrate their effectiveness, these analyses also need to be applied to typical traceability scenarios including trace recovery (capture), trace maintenance, and trace validation. Therefore, this kind of analysis has two main concerns:(1) how to elicit and utilize relevant infor-mation from requirements and code, while these two artifacts are in different formats and different levels of abstraction; (2) how to apply the automated analysis into differ-ent traceability scenarios. However, current automated analyses of traceability focus on trace recovery only. Furthermore, these approaches mainly rely on the lexical analysis based on textual information, while ignoring the perspective from code dependencies. This makes the existing approaches highly dependent to the quality of textual infor-mation in software systems. Even a few approaches that considers code dependencies have not yet fully explored the potential of analyzing code dependencies because:(1) they only consider one kind of code dependencies (mainly calling relationships); (2) their proposed code dependency analyses are relatively intuitive. Therefore, the current automated analysis of software traceability has the following problems such as the low accuracy of these approaches, the low confidence of users, and the lack of support for different traceability scenarios.Based on these investigations, we first carried out case studies and found out that code dependencies, such as call dependencies and data dependencies, are helpful for understanding software traceability. Incorporating this finding, we developed several code dependency analyses (such as the closeness analysis) and applied them to the real-world scenarios in automated analysis of software traceability such as trace recovery, trace maintenance, and trace validation. Our experiments have demonstrated that our code dependency analyses successfully improved the automated analysis in those three traceability scenarios. This shows that code dependencies are vital to the automated analysis of software traceability. The main contribution of our work is as follows:? We proposed and demonstrated that call and data dependencies in the code are relevant for understanding requirements-to-code traceability. We first built a tool to capture call and data dependencies during runtime in Java. Based on the captured call and data dependencies, we evaluated the correlation between requirements-to-code traceability and call and data dependencies based on check-ing whether the traces of a given method is consistent with the traces of its neigh-bor method (connected by call and data dependencies). Our case studies show that both call and data dependencies are relevant to requirements-to-code trace-ability. But, most interestingly, our analyses also show that data dependencies complement call dependencies strongly.? We proposed a semi-automated approach to validate traces with unknown quality based on call and data dependencies. We proposed a validation algorithm called Inverse Data Type Frequency (idtf) that still uses the target method's neighbor methods and their traces to validate the correctness of the target method's traces but increased the accuracy of validation by filtering data dependencies based on commonly shared data types. This work also shows that our previous finding is robust against trace granularity, trace incorrectness, and trace incompleteness. This lays the foundation of our following research.? We developed the closeness analysis on call and data dependencies with IR techniques to semi-automatically recover requirements-to-code traceability. We name this approach as TRICE (Traceability Recovery based on Information re-trieval and ClosEness analysis). The approach contains two novel features:(1) we develop the closeness measure to quantify the degree of interaction based on call and data dependencies between two classes; (2) we improve the accuracy of IR-based traceability recovery through closeness analysis in re-ranking lists of candidate links generated by IR.? We used the proposed closeness analysis to semi-automatically identify outdated requirements based on source code changes. We name this approach as SPRUCE (SuPport Requirement Update based on ClosEness analysis). The approach con-tains two novel features:(1) we propose the closeness measure to quantify the degree of interaction based on call dependencies between two methods; (2) we increase the accuracy of outdated requirement identification by using closeness analysis in keyword extraction. The overhead of our closeness analysis is neg-ligible because the capture of call dependencies and the follow-on analyses are fully automatic.