Identifying Modifications and Generating Dependency Graphs for Impact Analysis in a Legacy Environment

Abstract

<p>Large enterprise level systems often have their own application software layer wrapped over large software tools or products from commercial vendors. From time to time, vendors release patches which update or enhance the products to meet various requirements. However, applying the patches often introduces risk that the wrapper software layer might behave incorrectly, especially if the customer has little knowledge of the linkage between the application layer and the vendor provided system (for example, because the application itself is a legacy system). So there is always the need for analyzing the impact of patches and reducing the risk in applying them. Impact analysis depends on two sources of knowledge - the physical modifications made by a patch and a dependency graph of the entities in the system. This thesis provides an empirical approach to finding modifications and generating dependency graphs that can be used for impact analysis.</p> <p>The work presented here is actually part of a large reverse engineering project, which deals with a huge system consisting of a legacy customer application layer, Oracle E-Business Suite and Oracle database. To reduce the risk introduced by Oracle patches, the customer currently executes all tests of their current test suite, which is extremely expensive in terms of money and time, with the added drawback that the testing that is performed is not targeted in any way at the entities that have been changed or that depend on entities that have been changed. The ultimate goal of the project is to provide the customer with a reduced and focused test suite after analyzing the impact of patches. Although a lot of work has been carried out to date regarding impact analysis, program dependency graph generation and regression test selection, none of them deals with such a huge domain as involved in the E-Business Suite. Moreover, none of them was applied to a system where one component is a legacy layer.</p> <p>We restrict ourselves only to Java class (bytecode) files for the sake of this thesis. We use static analysis on XML representation of class files produced by off-the-shelf bytecode analysis tools. For finding modification between two successive versions of a class file, we compare the two XML representations and generate the output in XML format. For generating a dependency graph among the entities in the Java environment, we analyze all the XML files, extract dependency information using an empirical technique which we call access dependency analysis, and finally store all this information in a database for use in the impact analysis process. Both of these processes are fully automated without any human intervention.</p>