One way to manage the complexity of software systems is to compose them from reusable

components, instead of starting from scratch. Components may be implemented in

dierent programming languages and are tied together using conguration les, or

glue code, that entail their instantiation, initialization and interconnections. Although

correctly engineering the composition and conguration of components is crucial for the

overall behavior, there is little support for incorporating this information in the static

verication and validation of such systems. Analyzing the properties of programs within

closed code boundaries has been studied for some decades and is a well-established

research area, where as analyzing heterogeneous component-based systems is not as

mature. The heterogeneous nature of source code and conguration artifacts often

hinders system-wide analysis of component-based systems.

This thesis contributes a method to support analysis across the components of

component-based systems by, rstly, building upon the Knowledge Discovery Metamodel

to reverse engineer homogeneous models of the system. This homogeneous model is then

used as the building block to support various activities crucial for ecient maintenance

and evolution of heterogeneous systems, namely: information 

ow analysis to support

quality assurance, visualizations needed for comprehension, and change impact analysis.

For end-to-end information 

ow analysis of component-based systems, we apply

program slicing through and across the components. Dependencies between pairs of

inputs and outputs are revealed at both component-level, as well as system-level. This

method is implemented in a prototype tool, that has been successfully used to track

information 

ow across the components of a large-scale industrial system.

The homogeneous model repository is extended to allow for visualization of information

ows in component-based systems at various levels of abstraction, and from two

complementary perspectives. We propose a hierarchy of ve interconnected views to

support the comprehension needs of both safety domain experts and developers from

our industrial partner. The abstractions are selected to minimize visual distraction and

reduce the cognitive load while satisfying information needs of the users. The views

are interconnected in a way that supports both systematic, as well as opportunistic

navigation scenarios. We discuss the implementation of our approach in a prototype

tool, called FlowTracker, and present the results of two qualitative evaluation studies

on the eectiveness and usability of the proposed views for software development and

software certication. Based on the received feedback we can report positive results,

and a number of in-depth insights for future improvements.

As a third step, we devise a method to support the evolution of component-based

iii

systems as members of product portfolios, where evolution can happen both as a result

of collective domain engineering activities, as well as product-specic developments.

Developing software product-lines based on a set of shared components is a proven

tactic to enhance reuse, quality, and time to market. Adaptations of product-lines

software engineering is heavily used by our industry partner, Kongsberg Maritime. To

help developers make informed decisions about prospective modications, we contribute

a method to estimate what other sections of the system, as well as what other products

in the same product portfolio, will be aected and need \maintenance attention."

We use static program slicing as the underlying analysis technique, and adapt the

aforementioned framework of homogeneous model repositories to accommodate largescale

product portfolios. Our method trades o precision and scalability in a way to

maintain maximum precision at intra-component analyses, while being highly scalable

upon the propagation of ripple eects. Our approach also ranks the results based on an

approximation of the scale of impact. We have implemented our approach in a prototype

tool, called Richter, which was evaluated on a real-world product family.

As the nal section of this thesis, we conduct a study to asses the state of the art

in cross-lingual program analysis. We contribute a systematic literature review on the

available literature, and discus several implications for future research and practice as a

basis for the improvement of software evolution in multi-language systems. We search

through seven digital libraries to nd the relevant primary studies on cross-language

program analysis, and identify additional studies with manual snowballing, which results

in 75 studies. We classify the studies based on several criteria, including their purpose

(why), the adopted or suggested approach (how), the information leveraged in each

programming language or artifact (what), and the conducted evaluation (quality). The

results include objective ndings on the diversity of the applied techniques, application

domains, programming languages, and reliability of the approaches. Based on the

ndings of this literature review, several implications for research and practice are

discussed, including potential breakthroughs, and negative eects of the shortage of

community-driven research.