Wuxia Jin,Yuanfang Cai,Rick Kazman,Gang Zhang,Qinghua Zheng,Ting Liu

DOI: https://doi.org/10.1145/3324884.3416619

2020-01-01

Abstract:Dependencies among software entities are the basis for many software analytic research and architecture analysis tools. Dynamically typed languages, such as Python, JavaScript and Ruby, tolerate the lack of explicit type references, making certain syntactic dependencies indiscernible in source code. We call these possible dependencies, in contrast with the explicit dependencies that are directly referenced in source code. Type inference techniques have been widely studied and applied, but existing architecture analytic research and tools have not taken possible dependencies into consideration. The fundamental question is, to what extent will these missing possible dependencies impact the architecture analysis? To answer this question, we conducted an empirical study with 105 Python projects, using type inference techniques to manifest possible dependencies. Our study revealed that the architectural impact of possible dependencies is substantial-higher than that of explicit dependencies: (1) file-level possible dependencies account for at least 27.93% of all file-level dependencies, and create different dependency structures than that of explicit dependencies only, with an average difference of 30.71%; (2) adding possible dependencies significantly improves the precision (0.52%~14.18%), recall(31.73%~39.12%), and F1 scores (22.13%~32.09%) of capturing co-change relations; (3) on average, a file involved in possible dependencies influences 28% more files and 42% more dependencies within architectural sub-spaces than a file involved in just explicit dependencies; (4) on average, a file involved in possible dependencies consumes 32% more maintenance effort. Consequently, maintainability scores reported by existing tools make a system written in these dynamic languages appear to be better modularized than it actually is. This evidence stronglysuggests that possible dependencies have a more significant impact than explicit dependencies on architecture quality, that architecture analysis and tools should assess and even emphasize the architectural impact of possible dependencies due to dynamic typing.

Di Cui,Ting Liu,Yuanfang Cai,Qinghua Zheng,Qiong Feng,Wuxia Jin,Jiaqi Guo,Yu Qu

DOI: https://doi.org/10.1109/ICSE.2019.00069

2019-01-01

Abstract:Over the past decades, numerous approaches were proposed to help practitioner to predict or locate defective files. These techniques often use syntactic dependency, history co-change relation, or semantic similarity. The problem is that, it remains unclear whether these different dependency relations will present similar accuracy in terms of defect prediction and localization. In this paper, we present our systematic investigation of this question from the perspective of software architecture. Considering files involved in each dependency type as an individual design space, we model such a design space using one DRSpace. We derived 3 DRSpaces for each of the 117 Apache open source projects, with 643,079 revision commits and 101,364 bug reports in total, and calculated their interactions with defective files. The experiment results are surprising: the three dependency types present significantly different architectural views, and their interactions with defective files are also drastically different. Intuitively, they play completely different roles when used for defect prediction/localization. The good news is that the combination of these structures has the potential to improve the accuracy of defect prediction/localization. In summary, our work provides a new perspective regarding to which type(s) of relations should be used for the task of defect prediction/localization. These quantitative and qualitative results also advance our knowledge of the relationship between software quality and architectural views formed using different dependency types.

Jianjun Zhao

DOI: https://doi.org/10.48550/arXiv.cs/0105009

2001-05-05

Software Engineering

Abstract:Software architecture is receiving increasingly attention as a critical design level for software systems. As software architecture design resources (in the form of architectural descriptions) are going to be accumulated, the development of techniques and tools to support architectural understanding, testing, reengineering, maintaining, and reusing will become an important issue. In this paper we introduce a new dependence analysis technique, named architectural dependence analysis to support software architecture development. In contrast to traditional dependence analysis, architectural dependence analysis is designed to operate on an architectural description of a software system, rather than the source code of a conventional program. Architectural dependence analysis provides knowledge of dependences for the high-level architecture of a software system, rather than the low-level implementation details of a conventional program.

He Zhang,Juan Li,Liming Zhu,Ross Jeffery,Yan Liu,Qing Wang,Mingshu Li

DOI: https://doi.org/10.1016/j.infsof.2013.07.001

IF: 3.9

2014-01-01

Information and Software Technology

Abstract:ContextThe dependencies between individual requirements have an important influence on software engineering activities e.g., project planning, architecture design, and change impact analysis. Although dozens of requirement dependency types were suggested in the literature from different points of interest, there still lacks an evaluation of the applicability of these dependency types in requirements engineering.ObjectiveUnderstanding the effect of these requirement dependencies to software engineering activities is useful but not trivial. In this study, we aimed to first investigate whether the existing dependency types are useful in practise, in particular for change propagation analysis, and then suggest improvements for dependency classification and definition.MethodWe conducted a case study that evaluated the usefulness and applicability of two well-known generic dependency models covering 25 dependency types. The case study was conducted in a real-world industry project with three participants who offered different perspectives.ResultsOur initial evaluation found that there exist a number of overlapping and/or ambiguous dependency types among the current models; five dependency types are particularly useful in change propagation analysis; and practitioners with different backgrounds possess various viewpoints on change propagation. To improve the state-of-the-art, a new dependency model is proposed to tackle the problems identified from the case study and the related literature. The new model classifies dependencies into intrinsic and additional dependencies on the top level, and suggests nine dependency types with precise definitions as its initial set.ConclusionsOur case study provides insights into requirement dependencies and their effects on change propagation analysis for both research and practise. The resulting new dependency model needs further evaluation and improvement.

Xinmeng Xia,Yanyan Yan,Xincheng He,Di Wu,Lei Xu,Baowen Xu

DOI: https://doi.org/10.1142/s0218194022500243

IF: 1.007

2022-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Python is a popular typical dynamic programming language. In Python, dynamic typing is one of the most critical dynamic features. The lack of type information is likely to hinder the maintenance of Python projects. However, existing work has seldom focused on studying the impact of Python dynamic typing on project maintenance. This paper focuses on the two most common practices of Python dynamic typing, i.e. inconsistent-type assignments (ITA) and inconsistent variable types (IVT). Two approaches are proposed to identify ITA and IVT, i.e. identifying ITA by analyzing Abstract Syntax Trees and comparing identifiers types and identifying IVT by constructing a type dependency graph. In empirical experiments, we first locate the usage of ITA and IVT in 10 open-source Python projects. Then, we investigate the relations between the occurrence of ITA and IVT and the results of maintenance tasks. The study results show that projects are more prone to change as the number of dynamic typing identifiers increases. There is a weak connection between change-proneness and variable dynamic typing. There is a high probability that maintenance time and the acceptance of commits decrease as dynamic typing identifiers increase in projects. These results implicate that dynamic and static variables should be divided while developing new programming languages. Dynamic typing identifiers may not be the direct root causes for most software bugs. The categories of these bugs are worth exploring.

Lu Xiao,Yuanfang Cai,Rick Kazman,Ran Mo,Qiong Feng

DOI: https://doi.org/10.1145/2884781.2884822

2016-01-01

Abstract:Our prior work showed that the majority of error-prone source files in a software system are architecturally connected. Flawed architectural relations propagate defectsamong these files and accumulate high maintenance costs over time, just like debts accumulate interest. We model groups of architecturally connected files that accumulate high maintenance costs as architectural debts. To quantify such debts, we formally define architectural debt, and show how to automatically identify debts, quantify their maintenance costs, and model these costs over time. We describe a novel history coupling probability matrix for this purpose, and identify architecture debts using 4 patterns of architectural flaws shown to correlate with reduced software quality. We evaluate our approach on 7 large-scale open source projects, and show that a significant portion of total project maintenance effort is consumed by paying interest on architectural debts. The top 5 architectural debts, covering a small portion (8% to 25%) of each project's error-prone files, capture a significant portion (20% to 61%) of each project's maintenance effort. Finally, we show that our approach reveals how architectural issues evolve into debts over time.

Di Cui

DOI: https://doi.org/10.1109/access.2021.3054472

IF: 3.9

2021-01-01

IEEE Access

Abstract:During software evolution, complex structural dependencies between source files pose a great challenge on maintenance activities. Some of these dependencies propagate defects among files, incurring frequent bugs or changes, and consuming significant maintenance costs. They can be referred to as flawed structural dependencies. In this paper, we proposed a method to identify these potential problematic dependencies at an early stage during software evolution, by combing structural and semantic dependencies, so that developers can save maintenance costs by fixing these issues in time. Our method works as follows: First, we extract structural dependencies from the source code syntax and semantic dependencies from the source code lexicon. Second, we collect suspect file pairs by calculating the difference between structural and semantic dependencies. Next, we exhaustively examine each source file in the system and locate the interaction of its impacted subordinated files and suspect file pairs (SFP) as suspect dependencies. Finally, we gather all the suspect dependencies as flawed structural dependencies candidates. We evaluate our method using 838 releases of 15 open source projects, including 33353 bug reports and 86690 revision commits. The detection result shows that our identified dependencies use 14% of all the files to capture almost 70% of top 10% bug-prone files or change-prone files with enough high precision: 92%. Moreover, our identified dependencies also incur 957% of bug frequencies and 1050% of change frequencies than average in future versions. In summary, our method can effectively and efficiently detect flawed structural dependencies in time during software evolution.

Yulu Cao,Lin Chen,Wanwangying Ma,Yanhui Li,Yuming Zhou,Linzhang Wang

DOI: https://doi.org/10.1109/tse.2022.3191353

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Managing cross-project dependencies is tricky in modern software development. A primary way to manage dependencies is using dependency configuration files, which brings convenience to the entire software ecosystem, including developers, maintainers, and users. However, developers may introduce dependency smells if dependency configuration files are not well written and maintained. Dependency smells are recurring violations of dependency management in dependency configuration files and can potentially lead to severe consequences. This paper provides an in-depth look at three dependency smells, namely, Missing Dependency, Bloated Dependency, and Version Constraint Inconsistency in Python projects. First, we implement a tool called Python Cross-project Dependency- PyCD to accurately extract dependency information from configuration files. The evaluation result on 212 Python projects shows that PyCD outperforms state-of-the-art tools. Then, we make an empirical study for three dependency smells in 132 Python projects to investigate the pervasiveness, causes, and evolution. The results show that: 1) dependency smells are prevalent in Python projects and exist inconsistently in different projects; 2) dependency smells are introduced into Python projects for different reasons, mainly due to the problems of synchronous update and collaborative development; and 3) dependency smells can be removed with different patterns according to different dependency smells. Furthermore, we report and get responses for 40 harmful dependency smell instances, 34 of which have been responded that these dependency smells do exist in the projects, and 10 instances are fixed or under process. The feedback from developers indicates that dependency smells can have a negative impact on project maintenance. Our study highlights that these dependency smells deserve the attention of developers.

Ran Mo,Yuanfang Cai,Rick Kazman,Qiong Feng

DOI: https://doi.org/10.1145/3196321.3196346

2018-01-01

Abstract:Enabling rapid feature delivery is essential for product success and is therefore a goal of software architecture design. But how can we determine if and to what extent an architecture is "good enough" to support feature addition and evolution, or determine if a refactoring effort is successful in that features can be added more easily? In this paper, we contribute a concept called the Feature Space, and a formal definition of Feature Dependency, derived from a software project’s revision history. We capture the dependency relations among the features of a system in a feature dependency structure matrix (FDSM), using features as first-class design elements. We also propose a Feature Decoupling Level (FDL) metric that can be used to measure the level of independence among features. Our investigation of 17 open source projects shows that files within each feature space are much more likely to be changed together, hence each feature space forms a meaningful maintainable unit that should be treated separately. The data also show that the history-based FDL is highly correlated a structure-based maintainability metric: Decoupling Level (DL). When we examine a project’s evolution history, we see that if a system is well-modularized, it is more likely that features can be added independently. For shorter periods of time, however, FDL and DL may not be consistent, e.g., when the addition of new features deviates from the designed architecture or does not involve parts of the system that have architecture flaws. In such cases, FDL and FDSM can be used to monitor potential architecture degradation caused by improper feature addition.

Tong Wang,Bixin Li

DOI: https://doi.org/10.1109/QRS.2019.00037

2019-01-01

Abstract:When the erosion of software architecture occurs, there is an increase in software maintenance costs, a decrease in software quality, and degradation of software performance, etc. Therefore, it is particularly crucial to find a feasible way to evaluate software architecture to detect and avoid the erosion of software architecture in a timely manner. Through empirical study, we find that software architecture (SA) evolvability is one of the critical causes that leads to the erosion of software architecture. In this paper, we propose an approach to analyze SA evolvability based on multiple architectural attribute measurements and further solve the above problems in software architecture evolution. Our approach consists of the following steps: first, according to the evolutionary process, we propose four corresponding architectural attributes; second, these attributes are measured based on basic information and dependency information; third, SA evolvability is measured based on multiple architectural attribute measurements. Our experiments are conducted on thirteen Java open-source projects to verify the effectiveness of our approach. The experimental results show that our approach can effectively reflect the SA evolvability from the following two aspects: a single attribute can reflect a specific aspect of the SA evolvability; the composition of attributes can reflect the composite SA evolvability. Furthermore, we can locate the causes of the erosion of SA by combining the measurements and the evolutionary activities, and we further propose evolutionary proposals to improve the SA evolvability.

Di Cui,Jiaqi Guo,Ting Liu,Qinghua Zheng

DOI: https://doi.org/10.1145/3457913.3457924

2021-01-01

Abstract:The maintenance of software architecture is challenged by fast-delivery code changes since developers are rarely aware of the architectural impacts of their code changes. To ease the burdens of architects, in this work, we proposed a light-weight framework to identify changes in architectures from code commits automatically. The framework identifies architectural changes without heavy architecture recovery techniques. Instead, it only takes a code commit as input. The framework, on the one hand, can be integrated into prevalent continuous integration systems to monitor architectural changes. On the other hand, it can be plugged into code review systems to help developers realize the architectural changes they introduce. Based on the framework, we further conducted a large-scale empirical study on 368,847 commits of 16 Apache open projects to study architectural changes. Our study reveals several new findings regarding the frequency of architectural change commits, the common and risky intents under which developers introduce architectural changes, and the correlations of architectural changes with lines of code and number of modified source files in commits. Our findings provide practical implications for software contributors and shed light on potential research directions on architecture maintenance.

Di Cui,Xingyu Li,Feiyang Liu,Siqi Wang,Jie Dai,Lu Wang,Qingshan Li

DOI: https://doi.org/10.1145/3544902.3546246

2022-01-01

Abstract:Background: Many safety-critical industrial applications have turned to deep learning systems as a fundamental component. Most of these systems rely on deep learning libraries, and bugs of such libraries can have irreparable consequences. Aims: Over the years, dependency structure has shown to be a practical indicator of software quality, widely used in numerous bug prediction techniques. The problem is that when analyzing bugs in deep learning libraries, researchers are unclear whether dependency structures still have a high correlation and which forms of dependency structures perform the best. Method: In this paper, we present a systematic investigation of the above question and implement a dependency structure-centric bug analysis tool: Depend4BL, capturing the interaction between dependency structures and bug locations in deep learning libraries. Results: We employ Depend4BL to analyze the top 5 open-source deep learning libraries on Github in terms of stars and forks, with 279,788 revision commits and 8,715 bug fixes. The results demonstrate the significant differences among syntactic, history, and semantic structures, and their vastly different impacts on bug locations. Their combinations have the potential to further improve bug prediction for deep learning libraries. Conclusions: In summary, our work provides a new perspective regarding to the correlation between dependency structures and bug locations in deep learning libraries. We release a large set of benchmarks and a prototype toolkit to automatically detect various forms of dependency structures for deep learning libraries. Our study also unveils useful findings based on quantitative and qualitative analysis that benefit bug prediction techniques for deep learning libraries.

Chengcheng Wan,Zece Zhu,Yuchen Zhang,Yuting Chen

DOI: https://doi.org/10.1145/2993717.2993729

2016-01-01

Abstract:Change impact analysis plays an important role in software maintenance and evolution. However existing researches mostly focus on one single artifact. Software development is usually accompanied by various types of software artifacts, such as requirement documents, software architectures, test cases, source code, etc., requiring a much more comprehensive change impact analysis. This paper presents a novel approach to multi-perspective change impact analysis that is able to address heterogeneous software artifacts. The essential idea of the novel approach is (1) to adopt semantic web to construct automatically ontology based software engineering linked data, which links requirements, classes, code, bug reports, commits, developers, test cases and others, (2) to build a weighted change impact matrix/graph using the dependency features extracted from linked data, and (3) to follow a change impact propagation algorithm to analyze the overall change impacts. We have conducted experiments on two open source projects (HtmlUnit and OpenRocket) to evaluate our approach. The experimental results show that our approach achieves better F-measure and stability than existing multi-perspective change impact analysis approaches.

Abbas Javan Jafari,Diego Elias Costa,Rabe Abdalkareem,Emad Shihab,Nikolaos Tsantalis

DOI: https://doi.org/10.1109/TSE.2021.3106247

2021-08-19

Abstract:Dependency management in modern software development poses many challenges for developers who wish to stay up to date with the latest features and fixes whilst ensuring backwards compatibility. Project maintainers have opted for varied, and sometimes conflicting, approaches for maintaining their dependencies. Opting for unsuitable approaches can introduce bugs and vulnerabilities into the project, introduce breaking changes, cause extraneous installations, and reduce dependency understandability, making it harder for others to contribute effectively. In this paper, we empirically examine evidence of recurring dependency management issues (dependency smells). We look at the commit data for a dataset of 1,146 active JavaScript repositories to catalog, quantify and understand dependency smells. Through a series of surveys with practitioners, we identify and quantify seven dependency smells with varying degrees of popularity and investigate why they are introduced throughout project history. Our findings indicate that dependency smells are prevalent in JavaScript projects with two or more distinct smells appearing in 80% of the projects, but they generally infect a minority of a project's dependencies. Our observations show that the number of dependency smells tend to increase over time. Practitioners agree that dependency smells bring about many problems including security threats, bugs, dependency breakage, runtime errors, and other maintenance issues. These smells are generally introduced as developers react to dependency misbehaviour and the shortcomings of the npm ecosystem.

Software Engineering

Qiuying Li,Fuping Zeng

DOI: https://doi.org/10.3390/sym16070894

2024-07-13

Symmetry

Abstract:The field of self-adaptive software is becoming increasingly crucial because software has to adapt its behavior at runtime to keep up with dynamic and constantly evolving environments. The ability of software to modify and adjust itself is known as adaptability, which has been acknowledged as an important quality attribute. As software architecture development represents the initial stage of the design process, architectural design has emerged as a critical development activity. The degree to which the architecture can adapt to changes will be the key factor in determining the adaptability of the software ultimately released to users. Existing metrics for software architectural adaptability typically view adaptability as a positive attribute, meaning that any possibility of change in architectural elements is perceived as an improvement in adaptability. However, the application of adaptability that leads to increased costs or complexity can only be seen as a negative attribute. In other words, the side effects brought about solely for the purpose of achieving adaptability are greatly overlooked; that is, the impacts caused by adaptability exhibit both symmetry and asymmetry for software architectural adaptability. On the other hand, the existing measures of adaptability only define it from the perspective of whether a module will change, without considering changes beyond the topological structure under multiple strategies. In this paper, we propose a comprehensive assessment approach to measure software architecture adaptability. Multiple factors are considered, including the number and types of strategies employed, the cost of completing the adaptation, the extent of changes made to the architectural elements, and the overall impact of the adaptation on the architecture. An extended UML (e-UML) component diagram is presented to model software architectural changes under various types of strategies. Finally, an experiment on the znn.com software is conducted to validate the practical feasibility of our proposed method. Our approach can assist software architects in making informed decisions regarding software architecture design options to improve the adaptability and longevity of their software systems.

multidisciplinary sciences

Hongyu Kuang,Patrick Maeder,Hao Hu,Achraf Ghabi,LiGuo Huang,Jian Lue,Alexander Egyed

DOI: https://doi.org/10.1002/smr.1736

2015-01-01

Journal of Software

Abstract:Requirements traceability benefits many software engineering activities, such as change impact analysis and risk assessment. However, these activities require complete and correct traceability links which is not trivial, making traceability assessment an important field of study. In recent years, requirements traceability research has focused on using call dependencies within source code to understand how code properties contribute to the implementation of a requirement and to assess whether traceability links are correct and complete. These approaches largely ignore the role of existing data dependencies within the source code. That is, methods may never call each other, but may still depend upon another by sharing data. We identified five research questions and validated them on five software systems, covering 4 to 72 KLOC. We found that data dependencies are as relevant as call dependencies for assessing requirements traceability. Even more interesting, our analyses show that data dependencies complement call dependencies in the assessment. These findings have strong implications on code understanding, including trace capture, maintenance, and validation techniques. Copyright (c) 2015 John Wiley & Sons, Ltd.

Juan Li,Liming Zhu,D. Ross Jeffery,Yan Liu,He Zhang,Qing Wang,Mingshu Li

DOI: https://doi.org/10.1049/ic.2012.0009

2012-01-01

Abstract:Background: Change propagation analysis helps predict the parts of the software that may be affected if a change is made. Existing research on change propagation focuses on design and code level changes. However, as a software evolves, the requirements that drive these changes also have intricate dependencies. Understanding the effect of these requirement dependencies on change prorogation is useful but not trivial. More than twenty requirements dependency types have been identified in the literature, however there still lacks an evaluation of the applicability of these dependency types in requirements and change propagation analysis. Aim: We aim to investigate whether these dependency types are useful for change propagation analysis. Method: We conducted a case study in a real-world industry project. This case study evaluates two representative dependency models covering twenty five types of dependencies. Results: Our initial evaluation has found that five dependency types are particularly useful in change propagation analysis and practitioners with different backgrounds have various viewpoints on change propagation. Thus change impact analysis should involve a wide range of stakeholders including project managers, requirements engineers, designers and developers. Conclusions: Our case study provides insights into requirements dependencies and their effects on change propagation analysis for both research and practice.

Ying Wang,Ming Wen,Zhenwei Liu,Rongxin Wu,Rui Wang,Bo Yang,Hai Yu,Zhiliang Zhu,Shing-Chi Cheung

DOI: https://doi.org/10.1145/3236024.3236056

2018-01-01

Abstract:Intensive dependencies of a Java project on third-party libraries can easily lead to the presence of multiple library or class versions on its classpath. When this happens, JVM will load one version and shadows the others. Dependency conflict (DC) issues occur when the loaded version fails to cover a required feature (e.g., method) referenced by the project, thus causing runtime exceptions. However, the warnings of duplicate classes or libraries detected by existing build tools such as Maven can be benign since not all instances of duplication will induce runtime exceptions, and hence are often ignored by developers. In this paper, we conducted an empirical study on real-world DC issues collected from large open source projects. We studied the manifestation and fixing patterns of DC issues. Based on our findings, we designed Decca, an automated detection tool that assesses DC issues' severity and filters out the benign ones. Our evaluation results on 30 projects show that Decca achieves a precision of 0.923 and recall of 0.766 in detecting high-severity DC issues. Decca also detected new DC issues in these projects. Subsequently, 20 DC bug reports were filed, and 11 of them were confirmed by developers. Issues in 6 reports were fixed with our suggested patches.

Kuo-Hsun Hsu,Hua-Chieh Szu-Tu,Chia-Hsing Tsai

DOI: https://doi.org/10.3390/electronics13081444

IF: 2.9

2024-04-12

Electronics

Abstract:Design patterns provide solutions to recurring problems in software design and development, promoting scalability, readability, and maintainability. While past research focused on the utilization of the design patterns and performance, there is limited insight into their impact on program evolution. Dependency signifies relationships between program elements, reflecting a program's structure and interaction. High dependencies indicate complexity and potential flaws, hampering system quality and maintenance. This paper presents how design patterns influence software evolution by analyzing dependencies using the Syntax Tree (AST) to examine dependency patterns during evolution. We employed three widely adopted design patterns from the Gang of Four (GoF) as experimental examples. The results show that design patterns effectively reduce dependencies, lowering system complexity and enhancing quality.

engineering, electrical & electronic,computer science, information systems,physics, applied

Di Cui,Lingling Fan,Sen Chen,Yuanfang Cai,Qinghua Zheng,Yang Liu,Ting Liu

DOI: https://doi.org/10.1007/s11432-020-3317-2

2022-01-01

Science China Information Sciences

Abstract:The complexity and diversity of bug fixes require developers to understand bug fixes from multiple perspectives in addition to fine-grained code changes. The dependencies among files in a software system are an important dimension to inform software quality. Recent studies have revealed that most bug-prone files are always architecturally connected with dependencies, and as one of the best practices in the industry, changes in dependencies should be avoided or carefully made during bug fixing. Hence, in this paper, we take the first attempt to understand bug fixes from the dependencies perspective, which can complement existing code change perspectives. Based on this new perspective, we conducted a systematic and comprehensive study on bug fixes collected from 157 Apache open source projects, involving 140456 bug reports and 182621 bug fixes in total. Our study results show that a relatively high proportion of bug fixes (30%) introduce dependency-level changes when fixing the corresponding 33% bugs. The bugs, whose fixes introduce dependency-level changes, have a strong correlation with high priority, large fixing churn, long fixing time, frequent bug reopening, and bug inducing. More importantly, patched files with dependency-level changes in their fixes, consume much more maintenance costs compared with those without these changes. We further summarized three representative patch patterns to explain the reasons for the increasing costs. Our study unveils useful findings based on qualitative and quantitative analysis and also provides new insights that might benefit existing bug prediction techniques. We release a large set of benchmarks and also implement a prototype tool to automatically detect dependency-level changes from bug fixes, which can warn developers and remind them to design a better fix.