Change impact analysis (IA) or impact analysis[1] is the analysis of changes within a deployed product or application and their potential consequences.[2] [3]
Change impact analysis is defined by Bohnner and Arnold[4] as "identifying the potential consequences of a change, or estimating what needs to be modified to accomplish a change", and they focus on IA in terms of scoping changes within the details of a design. In contrast, Pfleeger and Atlee[5] focus on the risks associated with changes and state that IA is: "the evaluation of the many risks associated with the change, including estimates of the effects on resources, effort, and schedule". Both the design details and risks associated with modifications are critical to performing IA within the change management processes. A technical colloquial term is also mentioned sometimes in this context, dependency hell.
IA techniques can be classified into three types:[6]
Bohner and Arnold[7] identify two classes of IA, traceability and dependency IA. In traceability IA, links between requirements, specifications, design elements, and tests are captured, and these relationships can be analysed to determine the scope of an initiating change.[8] In dependency IA, linkages between parts, variables, logic, modules etc. are assessed to determine the consequences of an initiating change. Dependency IA occurs at a more detailed level than traceability IA. Within software design, static and dynamic algorithms can be run on code to perform dependency IA.[9] [10] Static methods focus on the program structure, while dynamic algorithms gather information about program behaviour at run-time.
Literature and engineering practice also suggest a third type of IA, experiential IA, in that the impact of changes is often determined using expert design knowledge. Review meeting protocols,[11] informal team discussions, and individual engineering judgement[12] can all be used to determine the consequences of a modification.
Software is often delivered in packages, which contain dependencies to other software packages necessary that the one deployed runs. Following these dependencies in reverse order is a convenient way to identify the impact of changing the contents of a software package. Examples for software helpful to do this:
Dependencies are also declared in source code. Metadata can be used to understand the dependencies via static analysis. Amongst the tools supporting to show such dependencies are:
There are as well tools applying full-text search over source code stored in various repositories. If the source code is web-browsable, then classical search engines can be used. If the source is only available in the runtime environment, it gets more complicated and specialized tools may be of help.[14]
Recent tools use often stable links to trace dependencies. This can be done on all levels, amongst them specification, blueprint, bugs, commits. Despite this, the use of backlink checkers known from search engine optimization is not common. Research in this area is done as well, just to name use case maps.[15]
Commercial tools in this area include Rational DOORS.