Papers
Topics
Authors
Recent
Search
2000 character limit reached

Toward Semantically-Seeded, Graph-Propagated Impact Analysis Across Software Artifacts: A Vision

Published 17 Jun 2026 in cs.SE | (2606.18855v1)

Abstract: When a single software artifact changes - a requirement, a configuration value, or a function - engineers must determine what else is impacted. Existing change-impact-analysis (CIA) tooling tends to rely on one of two signals in isolation: semantic similarity recovered from text (information-retrieval traceability, code search, embeddings), or structural dependency following (call graphs, IDE "find usages", test-impact selection). Each has a characteristic blind spot. A semantically driven tool misses an impacted artifact whose text shares no vocabulary with the change; a structurally driven tool misses artifacts related in meaning but not joined by an edge, and most operate only over code rather than the Requirement-Config-Service-Test chain. We argue for a training-free and interpretable analyzer that fuses both signals over the same embeddings. We model the system as a heterogeneous artifact graph with typed edges recovered by static analysis, compute a semantic prior by cosine similarity to the changed artifact, propagate impact multi-hop with decay over a row-normalized propagation matrix, and blend the two with a single tunable weight lambda. A small but complete proof-of-concept on a payment subsystem (5 labelled change scenarios) shows the mechanism we care about: artifacts with zero textual overlap with the change are still recovered through propagation, and helper functions that propagation alone cannot reach are recovered through the semantic layer. The fusion is the only configuration that covers both blind spots, and lambda acts as an explicit precision/recall control. Drawing on four publicly documented production failures, we argue that the same formulation extends to operational artifacts (images, metrics, dashboards, data schemas) that code-only analysis cannot reach.

Authors (1)

Summary

  • The paper’s main contribution is a training-free fusion methodology that combines semantic similarity and structural propagation to achieve perfect recall in toy scenarios.
  • The methodology builds a heterogeneous artifact graph to integrate diverse software artifacts and recover blind spots using a weighted fusion of semantic and structural cues.
  • The approach ensures interpretability with deterministic impact paths, which is crucial for auditability, safety-critical applications, and regulatory compliance.

Semantically-Seeded, Graph-Propagated Impact Analysis Across Heterogeneous Software Artifacts

Motivation and Problem Formulation

Impact analysis, the task of determining what software artifacts are affected when a single artifact changes, is fundamental to software evolution and maintenance. Historically, impact analysis approaches are divided into semantic (textual similarity) and structural (dependency edge traversal) categories. Semantic-based methods using IR or embeddings (e.g., CodeBERT, SBERT) capture cross-artifact relationships but miss cases with no lexical overlap. Structural dependency analysis (e.g., program slicing, call graphs) is precise where explicit links exist, yet fails to capture semantically related, but structurally disconnected, artifacts or non-code dependencies. Critically, these blind spots lead to real failures in production systems, where operational artifacts like container images, metrics, alerts, and shared data schemas are left unexamined by code-centric tools.

The paper advocates for an interpretable, training-free fusion of semantic and structural signals over heterogeneous artifact graphs, extending coverage to artifacts and edges invisible to prior approaches. The goal is to strike an optimal balance: maximal recall, explicit propagation traces, and applicability across requirements, configs, services, tests, and operational artifacts.

Approach: Artifact Graph Fusion

The methodology centers on constructing a typed heterogeneous artifact graph, with artifacts such as requirements, configurations, services/functions, tests, container images, metrics, dashboards/alerts, and data schemas as nodes. Edges are extracted via static analysis, container manifests, telemetry, and version histories, encompassing relationships such as R→C, C→S, S↔S, T→S, I→S, S→M, M→A, S→D, and D↔D.

Impact estimation proceeds in three stages:

  • Semantic Prior: Artifacts and changes are embedded (TF-IDF or SBERT); similarity scores provide initial candidates.
  • Structural Propagation: Typed edges are used to construct a row-normalized propagation matrix MM, impact spreads multi-hop with geometric decay (γ\gamma), akin to Katz centrality and personalized PageRank computations.
  • Fusion: The impact vector is obtained via a weighted sum λ s+(1−λ) p\lambda\,\mathbf{s} + (1-\lambda)\,\mathbf{p}, where λ\lambda tunes semantic vs structural influence. Each flagged artifact is accompanied by its scores and explicit propagation path.

Notably, the configuration recovers both types of blind spots: structural propagation traces semantic gaps, while the semantic prior reaches artifacts not structurally connected to the change. The architecture offers deterministic output and interpretability, crucial in safety-critical, audit, and traceability contexts.

Operational Scenarios and Extraction

The framework is evaluated in real-world inspired scenarios—including Kubernetes outages (base-image update), database engine migrations, metric renames breaking alerts, and legacy data coupling—all cases where purely structural, code-scoped CIA fails. Extraction is defined for operational edges: images to services, services to metrics, metrics to dashboards/alerts, and data shared among services. Where static parsing is infeasible (e.g., runtime metric names, absent foreign keys), semantic similarity and version-history coupling are used.

Incremental extraction (re-parsing only changed artifacts) and sparse graph representations make the method scalable to large systems. Approximate nearest-neighbor search (e.g., FAISS, pgvector) and efficient propagation algorithms (iterative sparse matrix–vector multiplication) further extend practical deployment.

Proof-of-Concept Evaluation and Findings

A small-scale prototype spanning requirements, configs, services, and tests validates the mechanism. Semantic-only baselines provide high recall but low precision; structural-only analysis yields high precision but capped recall. The fusion (λ=0.5\lambda=0.5) achieves perfect recall (1.000), recovering all impacted artifacts in every scenario, including those with zero lexical overlap or unreachable by structure alone. Importantly, the fusion is the only configuration achieving full blind spot coverage. Helper functions with no structural path but contextually related to the change are recovered via semantic similarity, confirming the necessity of the fused approach.

The numerical results are illustrative, not generalizable: they demonstrate coverage of mechanism-level blind spots, not predictive accuracy for large-scale systems, due to synthetic evaluation limits.

Positioning and Implications

Relative to contemporary fusion architectures, the proposed analyzer occupies the interpretable, training-free niche. Unlike GNNs or LLM-driven GRAFs, it ensures explicit impact paths, determinism, and zero dependence on training data. These properties are indispensable for real-world auditability, regulatory compliance, and safety analysis, and suggest the method's utility in heterogeneous infrastructure beyond source artifacts.

The explicit λ\lambda and τ\tau parameters allow precise tuning of precision/recall; adaptive learning of these values per artifact/change type is a proposed extension.

Research Agenda and Future Directions

Future work prioritizes:

  • Learned propagation via co-change histories or GNNs with interpretability constraints
  • LLM-based verification seeded by explicit propagation traces
  • Integration of dynamic runtime traces and historic signals
  • Polyglot extraction across languages, manifests, message buses, and telemetry pipelines
  • Adaptive fusion parameter selection
  • Large-scale benchmarking with developer-validated labels, precision/recall curve reporting

The vision targets reconstructing artifact chains from documented failure incidents, testing whether the fusion methodology would retrospectively surface the missed impacts.

Threats to Validity

Current evaluation is limited by synthetic benchmarks, small artifact sets, and modelling choices (impact directionality). Ground truth is author-labeled, possibly embedding selection bias. Semantic prior backend selection may influence results. Generalization to real systems remains an explicit agenda point.

Conclusion

The proposed method fuses semantic similarity and typed dependency propagation over a heterogeneous artifact graph, yielding interpretable, training-free impact analysis applicable across operational and code artifacts. The mechanism achieves perfect recall in all toy scenarios and surfaces artifacts unreachable by semantic or structural signals alone. The distribution of the prototype and replication package enables further validation. The principal contribution is the identification and substantiation of an under-explored, practical, and rigorous design point for cross-artifact impact analysis, with an agenda for scalable, real-world deployment and extension (2606.18855).

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 2 likes about this paper.