Dependency Graphs: Structures and Applications

Updated 23 February 2026

Dependency graphs are formal, directed/undirected structures that capture logical, functional, syntactic, and causal dependencies among entities.
They enable practical applications in software engineering, natural language processing, microservices, and formal methods by modeling relationships such as inheritance, service calls, and grammatical roles.
DGs support empirical analysis of system modularity and evolution through generative models, quantitative metrics, and advanced extraction tools.

A dependency graph (DG) is a formal, directed (or occasionally undirected) graph structure that codifies dependencies—logical, functional, syntactic, causal—between entities in a system. DGs are fundamental in software engineering, formal methods, natural language processing, and complex systems analysis, providing a precise mathematical framework to capture “who depends on whom” or “who influences whom.” Vertices in a DG represent entities (such as program types, modules, microservices, tokens, or system resources), while edges encode dependency relationships that are quantified, typed, and sometimes weighted or labeled to capture modality or frequency.

1. Formal Definitions and Typologies

The core formalism of DGs is context-dependent. In object-oriented software, a DG is constructed by representing each top-level class or interface as a node and drawing a directed edge from node $A$ to node $B$ precisely when $A$ depends on $B$ in the codebase; this may arise due to field declaration, type annotation, inheritance, method parameters, or import statements (0802.2306, Musco et al., 2014). The resulting DG $G = (V, E)$ comprises nodes $V$ corresponding to entities and directed edges $E \subseteq V \times V$ .

DGs are typically typed:

Software DGs: Nodes may be annotated with kinds (class, function, module, etc.), and edges with dependency type (calls, imports, inherits, read/write, instantiates, dynamic-invoke, etc.) (Haratian et al., 2024).
Service/Microservice DGs: Vertices are endpoints (service-interface pairs), edges show possible invocation paths per execution trace, and edges are weighted by frequency or call type (HTTP, RPC, etc.) (Du et al., 2024).
Linguistic/Parsing DGs: Nodes correspond to tokens or token-spans; edges encode syntactic (or semantic) dependencies, possibly typed with grammatical roles or semantic relations (Ma et al., 2023, Ezquerro et al., 2024).
Probabilistic DGs: Nodes represent variables, edges carry local conditional distributions along with reliability/confidence weights (Richardson et al., 2020).

Some specialized forms include undirected, weighted, or heterogeneous DGs to represent, e.g., causal relationships in categorical event streams (Luo et al., 2017). Variants for Coq and other formal libraries further distinguish between object-level and import-level (file/module) dependency graphs (Heras et al., 2014).

2. Empirical Observations and Statistical Properties

Comprehensive empirical studies on large-scale software DGs reveal robust, context-independent statistical patterns (0802.2306, Musco et al., 2014). The in-degree distribution (how many entities use a given node) displays heavy-tailed, power-law behavior, $P_{in}(k) \sim C k^{-\alpha}$ , with exponents $\alpha$ typically in $[2.2, 2.5]$ even when built under different metrics or across disparate Java applications. The out-degree distribution (how many dependencies a node has) has an exponential tail, $P_{out}(k) \propto e^{-\lambda k}$ , with decay $\lambda$ in $[0.1, 0.5]$ . This structurally encodes modularity (bounded fan-out) and centralization (heavy-tailed reuse/hub nodes).

Statistical tests (Kolmogorov–Smirnov on degree distribution CDFs) confirm that these shapes are consistent across independent systems, indicating a universal dependency-graph “shape” for OO software (Musco et al., 2014). Non-power-law alternatives (log-normal, discrete, etc.) are also tested, but maximum-likelihood fits and model selection often favor power-law for in-degree and exponential or log-normal for out-degree.

3. Generative and Learning-Based Models

DGs arise through stochastic generative processes that reflect system evolution, programmer cognition, or underlying data. In software, the Baxter–Frean model describes DG formation as a process where programmers add out-edges consciously (enforcing a rich-get-richer process for out-degree) but are uninfluenced by target node in-degree; occasional node splits (type refactorings) further modulate degree distributions, with a single parameter $\gamma \approx \text{(\# types)/(\# edges)}$ governing both tails (0802.2306).

Syntactic, semantic, and service-oriented DGs employ vetted generative models:

GD-GNC captures software evolution as a combination of incremental extension, remixing (connecting previously disjoint groups), and refactoring (extracting reusable subcomponents), implicitly reproducing heavy-tailed degree distributions without explicit preferential attachment (Musco et al., 2014).
Service DG Generation from execution traces employs hierarchical clustering and probabilistic modeling of call-graph sibling-set and interface selection, simulating multiple realistic call graphs and merging to synthesize production-faithful DGs (Du et al., 2024).

In learning-based domains, both autoregressive and non-autoregressive approaches are prominent. Semi-autoregressive graph generative models for dependency parsing factorize graph construction hierarchically, balancing explicit head-dependent coupling with parallel generation for intra-hierarchy nodes and edges, improving enhanced UD parsing accuracy and mitigating exposure bias (Ma et al., 2023). Set-based learning and easy-first transition systems are further leveraged for flexible and robust graph parsing, especially in non-projective tree settings (Welleck et al., 2019).

4. Extraction, Construction, and Analysis Tools

DG extraction is operationalized through static and dynamic program analysis, byte-code parsing, AST traversal, and dynamic traces. State-of-the-art tools such as RefExpo leverage deep IDE integration to construct DGs across languages (Java, Python, JavaScript), capturing static dependencies (call graphs, import graphs, inheritance, dynamic dispatch, reflection, dynamic-invoke) and enabling incremental, fine-grained extraction on file changes (Haratian et al., 2024). The system maintains high recall and precision, supports visualization, and enables empirical research into modularity, centrality, and coupling metrics.

For formal systems, tools such as ML4PG for Coq extract both object-level and import-level dependency graphs, augmenting them with feature extraction, clustering, and lemma/proof strategy recommendation (Heras et al., 2014).

DGs in microservices and distributed systems are built by unioning per-execution call graphs, aggregating interface, call-type, and repeated call weights, then clustering for topological and resource-related characteristics (Du et al., 2024). Benchmark evaluation is based on depth, width, label/mode composition, and topological similarity metrics.

5. Theoretical Foundations and Graph Parsing

Dependency graph representations underpin distinctive computational paradigms:

Graph-based and Transition-based Dependency Parsing: Parsing sentences into DGs can be approached by scoring all head–dependent pairs in parallel (graph-based, e.g., biaffine parsing), or incrementally constructing the graph by sequentially adding edges or groups (transition-based or semi-autoregressive) (Ma et al., 2023, Welleck et al., 2019).
Sequence-Labeling Reductions: Recent advances linearize arbitrary DG parsing (including cases with reentrancy and cycles) into per-token labeling tasks using specialized encodings (positional, bracketing, bit-vector), supporting efficient linear-time architectures and achieving performance competitive with classical O( $n^2$ ) or O( $n^3$ ) graph parsing (Ezquerro et al., 2024).
Graph Neural Networks: Graph convolutional networks over full dependency parse graphs significantly enrich token representations, improving event extraction and relation detection, especially where crucial syntactic information would otherwise be missed by shortest-path or sequential-only models (Noravesh et al., 2 Jan 2025).
Probabilistic DGs: Probabilistic dependency graphs (PDGs) formalize joint distributions on complex systems by assigning conditional distributions to each edge and quantifying both local inconsistency (KL divergence) and information deficiency. PDGs strictly generalize Bayesian networks and factor graphs, supporting modularity and inconsistency quantification (Richardson et al., 2020).

6. Practical Implications and Applications

DGs have direct operational significance across domains:

Software Engineering: Exponential out-degree distributions enforce modularity and predict bounded cognitive load for engineers, while heavy-tailed in-degree exposes sensitive “hub” types requiring architectural caution; parameters such as $\gamma$ and observed degree decay rates $\lambda$ serve as lightweight indicators of system complexity and architectural health (0802.2306, Musco et al., 2014).
Change Impact and Refactoring: DGs guide change impact analysis and facilitate targeted refactoring by focusing attention on high in-degree nodes and identifying architectural bottlenecks (0802.2306, Haratian et al., 2024).
Benchmark Generation for Systems: Trace-driven DG generators create small-scale, production-faithful microservice benchmarks supporting realistic performance testing and fine-grained autoscaling, yielding measurable resource efficiency gains (Du et al., 2024).
Formal Methods and Automated Proof: DGs in proof assistants enable feature extraction, clustering, and machine-learned proof guidance, directly impacting the productivity of formal verification workflows (Heras et al., 2014).
Security and Monitoring: In heterogeneous system monitoring, knowledge transfer via DG embedding and learning expedites the maturation of dependency knowledge in new domains, improving intrusion detection and system root-cause analysis while accommodating domain variety (Luo et al., 2017).

7. Limitations and Future Directions

Despite their expressivity, practical limitations persist. Existing DG extraction often fails to capture all dynamic (runtime) dependencies (e.g., dynamic code loading, reflection, cross-language interactions) (Haratian et al., 2024). Probabilistic DGs may admit inconsistent local tables, necessitating score-based reasoning rather than set-of-distributions semantics (Richardson et al., 2020). Sequence-labeling reduction methods for DG parsing face sparsity and coverage challenges for dense, highly reentrant graphs (Ezquerro et al., 2024).

Emerging directions include extending DG extractors to broader language ecosystems (Kotlin, Go, Ruby), augmenting with dynamic run-time event edges, and developing incremental, differencing engines for architectural drift detection. For parsing, future work focuses on expanding linearization techniques to more general graph families, optimizing ablation-informed neural architectures, and tightly integrating dependency-aware representations with large foundation models. In probabilistic modeling, further exploration of modular, inconsistent, and reliability-weighted dependency representations is anticipated.

References:

(0802.2306, Musco et al., 2014, Haratian et al., 2024, Du et al., 2024, Ma et al., 2023, Ezquerro et al., 2024, Welleck et al., 2019, Noravesh et al., 2 Jan 2025, Heras et al., 2014, Richardson et al., 2020, Luo et al., 2017)