Wollo University

Kombolcha Institute of Technology College of Informatics

Department of Software Engineering

5th Year Group 6

Software Evolution and Maintenance (SEng5551) Assignment 1

Group Members: ID No

1.Wegene Argow……………………………….. 2004/12

2.Ibrahim Wandaye………………………… … 1109/12

3.Aemero Bekalu……………………………….. 4110/12

4.Wendesen Befikadu………………………….. 2021/12

Submitted to: Mr.Yibeltal Assefa

Submitted date: 17-Mar-2024

 Dependency Analysis

Introduction to Dependency Analysis

Definition Dependency Analyzer

 The Dependency Analyzer app is an interactive tool for visualizing and analyzing
dependencies among files.

 Every design, whether it is a folder, a Simulink ® model, or a project, requires a set of files
and products to run successfully. Dependencies include data files, model references,
linked libraries, MATLAB® and C/C++ code, Stateflow® charts, and requirements
documents.

 Dependency analysis is a foundational concept in software engineering that pertains to

the examination and management of relationships between different components,
modules, or libraries within a software project. It plays a pivotal role in understanding the
interdependencies among various parts of a software system, which is crucial for
ensuring its reliability, maintainability, and scalability.

Background of Dependency analyzer:

 The dependency paradigm gained prominence in the late 1950s and 1960s as a critique of
modernization theory, with scholars trying to understand why development occurred so
slowly in the developing world even when following the same capitalist models of
development as developed countries. Although originating in structuralism, Marxism is
usually viewed as the dominant tradition from which dependency arose (Love, 1990).
Building on traditional Marxist ideas of class inequality being caused by capitalism,
dependency theorists took a political economy approach to explore the reasons for
inequalities between nations (Lacher & Nepal, 2010

 Software dependencies are external libraries, frameworks, and other components that a
piece of software relies on in order to function properly. These dependencies may be
included in the software directly, or they may be installed separately. Examples of
software dependencies include libraries for handling data, user interface frameworks
(such as React or Next.js), and utilities for working with databases.

Option Default Description

C/C++ Code On Analyze dependencies introduced by C/C++ code files.

Add-Ons Off Analyze dependencies inside add-ons.

Model Parameters Off Analyze dependencies introduced by MATLAB code in

 model block parameters.

Generated Code Off Analyze dependencies introduced by code generated from

Traceability a model.

Why do we use dependencies?

There are several reasons why we add internal or external dependencies to our
applications, the most compelling ones are:

1. Speed up development
2. Increase functionality
3. Fulfill organization’s requirements and specifications
Speeding up development: Reusing existing code components for common tasks, such
as interfacing with I/O devices or networking, accelerates development. Leveraging well-
tested libraries, components, or frameworks saves time and resources by avoiding the
need to reinvent functionality from scratch.

Increasing functionality: Adding specialized libraries or modules enhances the

capabilities of our applications. Instead of developing custom solutions, integrating
established, tested, and documented dependencies ensures reliability, security, and
performance while expanding functionality.

Fulfilling organizational requirements: Organizations or consumers may have specific

security, licensing, or functional criteria that need to be met. Incorporating dependencies
tailored to these requirements, such as custom HTTP headers or authentication protocols,
ensures compliance with organizational standards and specifications.

Maintaining software dependencies is also important for several reasons. First,

dependencies can introduce security vulnerabilities into software. For example, if a
dependency contains a vulnerability that is exploited, the software that relies on that
dependency may be vulnerable as well. A good example is the log4j vulnerability that
affected thousands of Java systems. By maintaining dependencies and keeping them up to
date, developers can reduce their exposure to security risks.

Second, dependencies can cause performance issues. If a dependency is poorly written or

inefficient, it can slow down the software that relies on it, and it can cause other
performance problems. By maintaining dependencies and ensuring that they are well-
written and efficient, developers can improve the performance of their software.
 Third, dependencies can cause compatibility issues. If a dependency is not compatible
with the software that relies on it, it can cause errors and other problems. By maintaining
dependencies and ensuring that they are compatible with the software, developers can
avoid these issues.

Importance of understanding software dependencies

 Risk Identification: External components introduce potential risks like security

vulnerabilities, compatibility issues, and licensing conflicts.

 Security Assurance: Understanding dependencies enables staying informed about patches

and updates, reducing the risk of exploitation.

 Stability Maintenance: Dependency awareness helps anticipate and mitigate issues from
changes in external components, ensuring software stability.

 Version Management: Dependency understanding aids in managing version requirements

and ensuring compatibility with different component versions.

 Collaboration Facilitation: Dependency comprehension fosters effective communication

and coordination among team members in collaborative development environments.

 Compliance and Licensing: Awareness of dependencies ensures compliance with

licensing obligations and legal requirements. And Performance Optimization

How to maintain software dependencies effectively?

There are several steps that developers can take to maintain software dependencies
effectively. Some of these steps include:

Identify dependencies: The first step in maintaining dependencies is to identify all of the
dependencies that are used by the software. This can be done by examining the code and
the build system, and by using tools such as dependency management libraries and
package managers. By identifying dependencies, developers can ensure that they are
aware of all of the dependencies that are used by the software. Codiga helps you by
scanning and identifying all dependencies of your project.

Keep dependencies up to date: One of the most important ways to maintain

dependencies is to keep them up to date. This involves regularly checking for updates to
dependencies and installing them when they are available. By keeping dependencies up
to date, developers can take advantage of new features, bug fixes, and security patches,
and they can reduce their exposure to security vulnerabilities.

Use a dependency management library: Dependency management libraries are tools

that are used to manage dependencies in software. These libraries can automatically
 manage dependencies, including installing, updating, and removing them. By using a
dependency management library, developers can simplify the process of maintaining
dependencies and avoid common mistakes.

Use a package manager: Package managers are tools that are used to manage the
installation and removal of software packages. Most package managers include features
for managing dependencies, including installing and updating them. By using a package
manager, developers can ensure that dependencies are installed and managed
consistently, and they can avoid conflicts and other problems. For example, when using
npm, you can automatically update your dependencies.

Open the Dependency Analyzer App

 MATLAB toolstrip: On the Apps tab, under MATLAB, click the Dependency
Analyzer icon .For instructions on how to run a dependency analysis on a folder or a file.

 Project toolstrip: On the Project tab, click the down arrow to expand the Tools gallery.
Under Apps, click Dependency Analyzer. Perform a project dependency analysis to
explore the dependency graph using source control and project-specific views. For more
details for projects that contain models, Dependency Analyzer provides model-specific
views Simulink Editor: On the Modeling tab, on the far right of the Design section, click
the arrow. Under Dependencies, click Dependency Analyzer. Perform a dependency
analysis to examine models, subsystems, and libraries referenced directly or indirectly by
the model using model-specific views.

 MATLAB Command Window: Enter dependency Analyzer.

Types of Software Dependencies

There’s no limit in the size of the dependencies. A dependency can be thousands of lines
of code, like a full-fledged framework, or it can be a one liner. There is a whole range of
different types of software dependencies.
  Resources – Collections of files, for example templates, media (audio, video or images),
plain text files or blobs that need to be included by applications to execute correctly.

 Modules – Set of methods and functions that provide a self-contained functionality. A

module usually has an interface that specifies both the functionality it provides as well as
the functionality it depends on.

 Package – A collection of modules that hold in general the same functional purpose.
Usually a directory that contains a file that describes metadata about the package.

 Library – A collection of related functionality defined in several packages, is essentially

a set of functions that you can call, each call does some work and returns control to the
client or application that executed the function.

 Frameworks – A framework embodies some abstract design, with more behavior built
in. In order to use it you need to insert your behavior into various places in the
framework. The framework’s code then calls your code at these points.

Dependency Analysis Process

Identification:- Identify direct and indirect dependencies using tools like static code
analysis or manual inspection.

Analysis: - Assess dependencies for version compatibility, security, licensing, and

performance implications.

Visualization: - Use graphs or charts to represent dependency relationships for clarity

and understanding.

Management: - Implement strategies like version pinning and regular updates using
dependency management tools.
 Documentation: - Document dependencies to maintain transparency and inform
stakeholders of project dependencies.

jdeps: - jdeps is a tool provided by Oracle as part of the Java Development Kit (JDK). It's
used for analyzing the dependencies of Java byte code. jdeps helps developers understand
the dependencies of their Java applications and libraries, aiding in managing
dependencies and ensuring compatibility when updating Java versions.

Apache Maven:- Widely used for Java projects. Manages dependencies using XML-
based configuration (pom.xml). Automatically resolves transitive dependencies from
remote repositories.

Gradle:- Supports multiple languages like Java, Kotlin, and Groovy. Uses DSL
(Domain-Specific Language) or Kotlin for build scripts. Offers flexibility and
extensibility in dependency management and automation.

npm:- Default package manager for Node.js and JavaScript. Manages dependencies
declared in package.json. Widely used for frontend and backend JavaScript development.

pip:- Package installer for Python. Installs and manages Python packages from PyPI.

Simplifies management of Python libraries and modules.

Docker:- Containerization platform for packaging and running applications. Facilitates

dependency isolation by bundling dependencies into container images.

Ensures consistent application runtime across different environments.

Dependency Analysis Techniques

Static Analysis: Examining code or configuration files without executing them to

identify dependencies and potential issues based on structure and syntax.

Dynamic Analysis: Observing software behavior while it runs to understand actual

dependencies, interactions, and performance metrics.

Hybrid Analysis: Combining static and dynamic analysis to leverage their strengths:
using static for early detection and dynamic for validating and refining results.

Advantages of Dependency Analyzer:

 Improved Software Quality: Ensures compatibility and reduces errors, enhancing

overall reliability.

 Enhanced Security: Promptly addresses vulnerabilities, improving the software's

security posture.
  Better Maintainability and Scalability: Simplifies updates, maintenance, and scalability
without conflicts.

 Enhanced Modularity: Identifies cohesive components, promoting a modular

architecture.

 Reduced Complexity: Visualizes dependencies, simplifying codebase comprehension

and improvements.

 Risk Mitigation: Minimizes system failures, data breaches, and legal liabilities.

 Vendor Relationship Management: Assesses reliability and supportability of vendor

dependencies.

 Change Management Efficiency: Streamlines change impact assessment and

management processes and Enhanced Collaboration

 Dependency Graphs: Graphical representations showing relationships between software

components and their dependencies.

 Dependency Trees: Hierarchical structures illustrating dependencies between modules,

libraries, and packages.

 Heatmaps: Visualizations indicating the frequency or intensity of dependencies between

components.

 Interactive Charts: Dynamic visualizations allowing users to explore and analyze

dependencies interactively.

 Dependency Matrices: Tabular displays summarizing dependencies between components

often color-coded for clarity.

 Network Diagrams: Graphical representations of interconnected components, nodes, and

edges depicting dependencies.

 Time Series Analysis: Visualizations tracking changes in dependencies over time, aiding
in trend analysis and forecasting and Code Maps.

Challenges in Dependency Analysis

Complexity of Modern Software Systems: Modern software systems are often

composed of numerous interconnected components and dependencies, making it
challenging to identify and manage all dependencies accurately.
 Handling of Third-Party Dependencies: Incorporating third-party dependencies
introduces additional complexities, including version compatibility issues, security
concerns, and licensing restrictions, which must be carefully managed.

Continuous Integration and Deployment Challenges: In dynamic development

environments with continuous integration and deployment pipelines, ensuring consistent
and up-to-date dependency management across multiple stages can be challenging,
leading to potential inconsistencies and deployment issues.

Disadvantage of dependency analyzer

 Overhead and Complexity: Adds complexity to development, requiring integration and

learning effort.

 False Positives: May flag non-issues, leading to unnecessary investigations and changes.

 False Negatives: Can miss genuine issues, leaving software vulnerable to hidden risks.

 Performance Impact: Introducing overhead, especially in large projects, potentially

slowing down development.

 Tool Limitations: May be limited in language or ecosystem support, impacting

applicability.

 Dependency Management Challenges: Identifying dependencies is only part of the

challenge; managing them effectively requires additional effort.

 Maintenance and Updates: Requires ongoing maintenance to remain effective and

relevant

Limitation of dependency analyzer

 Limited Language Support: Some analyzers may support only specific languages,
hindering multi-language projects.

 Difficulty with Dynamic Dependencies: Static analysis focus may struggle with
dynamically generated dependencies.

 Complexity with Large Codebases: Challenges arise with analyzing large or complex
codebases, leading to performance issues.

 False Positives/Negatives: Risk of false alarms or missed issues can result in wasted
time or overlooked problems.
  Limited Scope: Some analyzers may overlook transitive dependencies or third-party
library dependencies.

 Incompatibility with Certain Patterns/Frameworks: Some patterns or frameworks

may not be well-supported.

 Difficulty with Legacy Systems: Accuracy may suffer with outdated or poorly
documented dependencies , Tool Complexity Limited Integration and Challenges in
integrating with existing workflows or toolchains may arise.

Applications area of Dependency analyzers

 Dependency Management: Ensures presence, versioning, and compatibility of

dependencies within projects.

 Software Architecture Design: Provides insights into component relationships, aiding in

architectural design and constraint enforcement.

 Code Refactoring and Maintenance: Assists in understanding code impact and

maintaining system integrity during changes.

 Performance Optimization: Identifies bottlenecks and dependencies contributing to

poor performance, aiding in optimization efforts.

 Security Analysis: Identifies security vulnerabilities introduced by dependencies,

enabling proactive mitigation.

 License Compliance: Ensures compliance with software licenses by identifying

dependencies with specific requirements.

 Quality Assurance: Detects issues like circular dependencies or outdated dependencies,

improving overall quality and maintainability

Real-world Examples of Crucial Dependency Analysis

 Software Security:- Identifying and managing dependencies is critical for ensuring

software security. Vulnerabilities in third-party libraries or components can expose
systems to cyber threats. Dependency analysis helps detect and mitigate security risks,
such as outdated libraries or known vulnerabilities.

 Version Management:- Effective version management relies on understanding

dependencies and their compatibility with different software versions. Dependency
analysis aids in tracking dependencies across various versions, ensuring smooth upgrades
and preventing compatibility issues.
  License Compliance:-Enterprises must comply with licensing obligations when using
third-party software components. Dependency analysis helps identify dependencies with
specific licenses and ensures compliance with legal requirements. It facilitates tracking of
license types, restrictions, and obligations associated with each dependency used in the
software project.

Jdeps dependency analyzer for java project named Water and Electric reception and
related calculator

jdeps –verbose <the jar

 jdeps –summary<the jar file>

jdeps –summary<the jar file> output of the file summary (summary dot source file)
jdeps –summary<the jar file> output of the file summary ( <jar file> dot source file)
jdeps –vrbose:package <jar file> or jdeps –<jar file>
.class

-recursive or -R

-dotoutput

-profile
Reference:

 https://www.mathworks.com/help/simulink/ug/scope-and-limitations.html

 https://www.researchgate.net/publication/232028782The_Origins_of_Dependency_Analysis

 https://www.codiga.io/blog/maintain-software-dependencies/

 https://jfrog.com/blog/a-journey-of-a-thousand-binaries/