Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3236024.3236056acmconferencesArticle/Chapter ViewAbstractPublication PagesfseConference Proceedingsconference-collections
research-article

Do the dependency conflicts in my project matter?

Published: 26 October 2018 Publication History

Abstract

Intensive dependencies of a Java project on third-party libraries can easily lead to the presence of multiple library or class versions on its classpath. When this happens, JVM will load one version and shadows the others. Dependency conflict (DC) issues occur when the loaded version fails to cover a required feature (e.g., method) referenced by the project, thus causing runtime exceptions. However, the warnings of duplicate classes or libraries detected by existing build tools such as Maven can be benign since not all instances of duplication will induce runtime exceptions, and hence are often ignored by developers. In this paper, we conducted an empirical study on real-world DC issues collected from large open source projects. We studied the manifestation and fixing patterns of DC issues. Based on our findings, we designed Decca, an automated detection tool that assesses DC issues' severity and filters out the benign ones. Our evaluation results on 30 projects show that Decca achieves a precision of 0.923 and recall of 0.766 in detecting high-severity DC issues. Decca also detected new DC issues in these projects. Subsequently, 20 DC bug reports were filed, and 11 of them were confirmed by developers. Issues in 6 reports were fixed with our suggested patches.

References

[1]
2018. Accumulo. https://accumulo.apache.org/. Accessed: 2018-02-28. 2018. ACCUMULO 4812.
[2]
https://issues.apache.org/jira/browse/ACCUMULO- 4812. Accessed: 2018-02-28. 2018. Apache. http://www.apache.org/. Accessed: 2018-02-28. 2018.
[3]
Apache contributors. https://github.com/apache/beam/graphs/ contributors. Accessed: 2018-02-28. 2018.
[4]
Apache project category. https://projects.apache.org/ projects.html?category. Accessed: 2018-02-28. 2018. Apex. http://apex.apache.org/. Accessed: 2018-01-12. 2018. APEXCORE 805. https://issues.apache.org/jira/browse/APEXCORE-805. Accessed: 2018-02-28. 2018. Artemis. https://activemq.apache.org/artemis/. Accessed: 2018-01-12. 2018. ARTEMIS 1674.
[5]
https://issues.apache.org/jira/browse/ARTEMIS-1674. Accessed: 2018-02-28. 2018. Atlas. https://atlas.apache.org/. Accessed: 2018-01-12. 2018. Bahir. http://bahir.apache.org/. Accessed: 2018-02-28. 2018. BAHIR 159. https://issues.apache.org/jira/browse/BAHIR-159. Accessed: 2018-02-28. 2018. Beam. https://beam.apache.org/. Accessed: 2018-02-28. 2018. BEAM 3690.
[6]
https://issues.apache.org/jira/browse/BEAM-3690. Accessed: 2018-02-28. 2018. Brooklyn. https://brooklyn.apache.org/. Accessed: 2018-01-12. 2018. Bugzilla. https://www.bugzilla.org/. Accessed: 2018-02-28. 2018. Carbondata. https://carbondata.apache.org/. Accessed: 2018-01-12. 2018. Cm. https://github.com/Jibesh97/cm. Accessed: 2018-01-12. 2018. CURATOR-200. https://issues.apache.org/jira/browse/CURATOR-200. Accessed: 2018-02-28. 2018. CXF 5132.
[7]
https://issues.apache.org/jira/browse/CXF-5132. Accessed: 2018-02-28. 2018. DERBY-5429.
[8]
https://issues.apache.org/jira/browse/DERBY-5429. Accessed: 2018-02-28. 2018. Eclipse jetty. https://www.eclipse.org/jetty/. Accessed: 2018-01-12. 2018. Git. http://gitscm.com/. Accessed: 2018-02-28. 2018. Github. https://github.com/. Accessed: 2018-02-28. 2018.
[9]
Google closure compiler. https://developers.google.com/closure/ compiler/. Accessed: 2018-02-28. 2018. Gradle. https://gradle.org/. Accessed: 2018-02-28. 2018. Hadoop. http://hadoop.apache.org/. Accessed: 2018-02-28. 2018. HADOOP-11656.
[10]
https://issues.apache.org/jira/browse/HADOOP-11656. Accessed: 2018-02-28. 2018. HADOOP 15261.
[11]
https://issues.apache.org/jira/browse/HADOOP-15261. Accessed: 2018-02-28. 2018. HADOOP 8104.
[12]
https://issues.apache.org/jira/browse/HADOOP-8104. Accessed: 2018-02-28. 2018. HADOOP7606.
[13]
https://issues.apache.org/jira/browse/HADOOP-7606. Accessed: 2018-02-28. 2018. HDFS 10570.
[14]
https://issues.apache.org/jira/browse/HDFS-10570. Accessed: 2018-02-28. 2018. Ignite. https://ignite.apache.org/. Accessed: 2018-01-12. 2018. Issues #1. https://github.com/Jibesh97/cm/issues/1. Accessed: 2018-02-28. 2018. Issues #2815.
[15]
https://github.com/google/closure-compiler/issues/2815. Accessed: 2018-02-28. 2018.
[16]
Issues 621. https://github.com/wicketstuff/core/issues/621. Accessed: 2018-02-28. 2018. Issues #8111.
[17]
https://github.com/orientechnologies/orientdb/issues/8111. Accessed: 2018-02-28. 2018. Javasoze clue. https://github.com/javasoze/clue/. Accessed: 2018-01-12. 2018. Jira. https://www.atlassian.com/software/jira/. Accessed: 2018-02-28. 2018.
[18]
Maven classpath. https://maven.apache.org/shared/maven-archiver/ examples/classpath.html. Accessed: 2018-02-28. 2018.
[19]
Maven Dependency Plugin. http://maven.apache.org/components/ plugins/mavendependencyplugin/. Accessed: 2018-02-28. 2018.
[20]
Maven enforcer plugin. http://maven.apache.org/enforcer/mavenenforcerplugin/. Accessed: 2018-02-28. 2018. Maven repository. https://maven.apache.org/. Accessed: 2018-02-28. 2018.
[21]
Maven shade plugin. http://maven.apache.org/plugins/maven-shadeplugin/. Accessed: 2018-02-28. 2018. Oozie. http://oozie.apache.org/. Accessed: 2018-02-28. 2018. OOZIE 3185.
[22]
https://issues.apache.org/jira/browse/OOZIE-3185. Accessed: 2018-02-28. 2018. Orientdb. https://orientdb.com/why-orientdb/. Accessed: 2018-01-12. 2018. OSGI. https://www.osgi.org/. Accessed: 2018-02-28. 2018.
[23]
OSGI classloaders. http://moi.vonos.net/java/osgi-classloaders/. Accessed: 2018-02-28. 2018. Parquet. https://parquet.apache.org/. Accessed: 2018-01-12. 2018. PARQUET1236.
[24]
https://issues.apache.org/jira/browse/PARQUET-1236. Accessed: 2018-02-28. 2018. POM reference. https://maven.apache.org/pom.html/. Accessed: 2018- 02-28. 2018. Prestodb. https://prestodb.io/. Accessed: 2018-01-12. 2018. Spark. http://spark.apache.org/. Accessed: 2018-02-28. 2018. SPARK 23509.
[25]
https://issues.apache.org/jira/browse/SPARK-23509. Accessed: 2018-02-28. 2018. SPARK 2848.
[26]
https://issues.apache.org/jira/browse/SPARK-2848. Accessed: 2018-02-28. 2018. Spring data solr. http://projects.spring.io/spring-data-solr/. Accessed: 2018-01-12. 2018. STORM2382.
[27]
https://issues.apache.org/jira/browse/STORM-2382. Accessed: 2018-02-28. 2018. SUREFIRE 851. https://issues.apache.org/jira/browse/SUREFIRE-851. Accessed: 2018-02-28. 2018. Tomcat exporter. https://github.com/nlighten/tomcat exporter. Accessed: 2018-01-12. 2018. Uber JAR. https://imagej.net/Uber-JAR. Accessed: 2018-02-28. 2018. wicket. https://wicket.apache.org/. Accessed: 2018-01-12. 2018. Wicketstuff. http://wicketstuff.org/. Accessed: 2018-02-28. 2018. Wildfly. http://wildfly.org/. Accessed: 2018-02-28. 2018. YARN 5271.
[28]
https://issues.apache.org/jira/browse/YARN-5271. Accessed: 2018-02-28. 2018. YARN 6414.
[29]
https://issues .apache.org/jira/browse/YARN-6414/. Accessed: 2018-02-28.
[30]
Maria Carmela Annosi, Massimiliano Di Penta, and Genny Tortora. 2012. Managing and assessing the risk of component upgrades. In Product Line Approaches in Software Engineering (PLEASE), 2012 3rd International Workshop on. IEEE, 9–12.
[31]
Gabriele Bavota, Gerardo Canfora, Massimiliano Di Penta, Rocco Oliveto, and Sebastiano Panichella. 2013. The evolution of project inter-dependencies in a software ecosystem: The case of apache. In Software Maintenance (ICSM), 2013 29th IEEE International Conference on. IEEE, 280–289.
[32]
Gabriele Bavota, Gerardo Canfora, Massimiliano Di Penta, Rocco Oliveto, and Sebastiano Panichella. 2015.
[33]
How the Apache community upgrades dependencies: an evolutionary study. Empirical Software Engineering 20, 5 (2015), 1275–1317.
[34]
John Businge, Alexander Serebrenik, and Mark van den Brand. 2012. Survival of Eclipse third-party plug-ins. In Software Maintenance (ICSM), 2012 28th IEEE International Conference on. IEEE, 368–377.
[35]
Nicolas Geoffray, Ga¨ el Thomas, Charles Cl ément, and Bertil Folliot. 2008. A lazy developer approach: Building a JVM with third party software. In Proceedings of the 6th international symposium on Principles and practice of programming in Java. ACM, 73–82.
[36]
James Gosling. 2000.
[37]
The Java language specification. Addison-Wesley Professional.
[38]
David Grove, Greg DeFouw, Jeffrey Dean, and Craig Chambers. 1997. Call graph construction in object-oriented languages. ACM SIGPLAN Notices 32, 10 (1997), 108–124.
[39]
Richard S Hall and Humberto Cervantes. 2004. An OSGi implementation and experience report. In Consumer Communications and Networking Conference, 2004. CCNC 2004. First IEEE. IEEE, 394–399.
[40]
Hubert Klein Ikkink. 2015.
[41]
Gradle Dependency Management. Packt Publishing Ltd.
[42]
Sascha Just, Rahul Premraj, and Thomas Zimmermann. 2008. Towards the next generation of bug tracking systems. In Visual languages and Human-Centric computing, 2008. VL/HCC 2008. IEEE symposium on. IEEE, 82–85.
[43]
Riivo Kikas, Georgios Gousios, Marlon Dumas, and Dietmar Pfahl. 2017. Structure and evolution of package dependency networks. In Mining Software Repositories (MSR), 2017 IEEE/ACM 14th International Conference on. IEEE, 102–112.
[44]
Sunghun Kim and E James Whitehead Jr. 2006. How long did it take to fix bugs?. In Proceedings of the 2006 international workshop on Mining software repositories. ACM, 173–174.
[45]
Andrew J Ko, Brad A Myers, and Duen Horng Chau. 2006. A linguistic analysis of how people describe software problems. In Visual Languages and Human-Centric Computing, 2006. VL/HCC 2006. IEEE Symposium on. IEEE, 127–134.
[46]
Raula Gaikovina Kula, Coen De Roover, Daniel German, Takashi Ishio, and Katsuro Inoue. 2014.
[47]
Visualizing the evolution of systems and their library dependencies. In Software Visualization (VISSOFT), 2014 Second IEEE Working Conference on. IEEE, 127–136.
[48]
Ralf Lämmel, Ekaterina Pek, and J ürgen Starek. 2011. Large-scale, AST-based API-usage analysis of open-source Java projects. In Proceedings of the 2011 ACM Symposium on Applied Computing. ACM, 1317–1324.
[49]
Sheng Liang and Gilad Bracha. 1998. Dynamic class loading in the Java virtual machine. Acm sigplan notices 33, 10 (1998), 36–44.
[50]
Yepang Liu, Chang Xu, and Shing-Chi Cheung. 2014. Characterizing and detecting performance bugs for smartphone applications. In 36th International Conference on Software Engineering, ICSE ’14, Hyderabad, India - May 31 - June 07, 2014. 1013–1024.
[51]
ESEC/FSE ’18, November 4–9, 2018, Lake Buena Vista, FL, USA Wang, Wen, Liu, Wu, Wang, Yang, Yu, Zhu, Cheung
[52]
Tyler McDonnell, Baishakhi Ray, and Miryung Kim. 2013. An empirical study of api stability and adoption in the android ecosystem. In Software Maintenance (ICSM), 2013 29th IEEE International Conference on. IEEE, 70–79.
[53]
Wen Ming, Chen Junjie, Wu Rongxin, Hao Dan, and Cheung Shing-Chi. 2018.
[54]
Context-Aware Patch Generation for Better Automated Program Repair. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2016).
[55]
Audris Mockus, Roy T Fielding, and James D Herbsleb. 2002. Two case studies of open source software development: Apache and Mozilla. ACM Transactions on Software Engineering and Methodology (TOSEM) 11, 3 (2002), 309–346.
[56]
Vincenzo Musco, Martin Monperrus, and Philippe Preux. 2014. A Generative Model of Software Dependency Graphs to Better Understand Software Evolution. arXiv preprint arXiv:1410.7921 (2014).
[57]
Ali Ouni, Raula Gaikovina Kula, Marouane Kessentini, Takashi Ishio, Daniel M German, and Katsuro Inoue. 2017. Search-based software library recommendation using multi-objective optimization. Information and Software Technology 83 (2017), 55–75.
[58]
James W Paulson, Giancarlo Succi, and Armin Eberlein. 2004.
[59]
An empirical study of open-source and closed-source software products. IEEE Transactions on Software Engineering 30, 4 (2004), 246–256.
[60]
Renaud Pawlak, Martin Monperrus, Nicolas Petitprez, Carlos Noguera, and Lionel Seinturier. 2016. Spoon: A library for implementing analyses and transformations of java source code. Software: Practice and Experience 46, 9 (2016), 1155–1179.
[61]
Steven Raemaekers, Arie van Deursen, and Joost Visser. 2012.
[62]
Measuring software library stability through historical version analysis. In Software Maintenance (ICSM), 2012 28th IEEE International Conference on. IEEE, 378–387.
[63]
Steven Raemaekers, Arie Van Deursen, and Joost Visser. 2014. Semantic versioning versus breaking changes: A study of the maven repository. In Source Code Analysis and Manipulation (SCAM), 2014 IEEE 14th International Working Conference on. IEEE, 215–224.
[64]
Romain Robbes, Mircea Lungu, and David R öthlisberger. 2012. How do developers react to api deprecation?: the case of a smalltalk ecosystem. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering. ACM, 56.
[65]
Anand Ashok Sawant, Romain Robbes, and Alberto Bacchelli. 2017. On the reaction to deprecation of clients of 4+ 1 popular Java APIs and the JDK. Empirical Software Engineering (2017), 1–40.
[66]
Alexander Stuckenholz. 2005. Component evolution and versioning state of the art. ACM SIGSOFT Software Engineering Notes 30, 1 (2005), 7.
[67]
Ferdian Thung, David Lo, and Julia Lawall. 2013. Automated library recommendation. In Reverse Engineering (WCRE), 2013 20th Working Conference on. IEEE, 182–191.
[68]
Balaji Varanasi and Sudha Belida. 2014. Maven Dependency Management. In Introducing Maven. Springer, 15–22.
[69]
Lili Wei, Yepang Liu, and Shing-Chi Cheung. 2016. Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. ACM, 226–237.
[70]
Ming Wen, Rongxin Wu, and Shing-Chi Cheung. 2016. Locus: Locating bugs from software changes. In Automated Software Engineering (ASE), 2016 31st IEEE/ACM International Conference on. IEEE, 262–273.
[71]
Rongxin Wu, Hongyu Zhang, Sunghun Kim, and Shing-Chi Cheung. 2011.
[72]
Relink: recovering links between bugs and changes. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. ACM, 15–25.
[73]
Yuki Yano, Raula Gaikovina Kula, Takashi Ishio, and Katsuro Inoue. 2015. VerXCombo: An interactive data visualization of popular library version combinations. In Proceedings of the 2015 IEEE 23rd International Conference on Program Comprehension. IEEE Press, 291–294.
[74]
Huan Yu, Xin Xia, Xiaoqiong Zhao, and Weiwei Qiu. 2017. Combining Collaborative Filtering and Topic Modeling for More Accurate Android Mobile App Library Recommendation. In Proceedings of the 9th Asia-Pacific Symposium on Internetware. ACM, 17.
[75]
Thomas Zimmermann, Rahul Premraj, Nicolas Bettenburg, Sascha Just, Adrian Schroter, and Cathrin Weiss. 2010.

Cited By

View all
  • (2024)Understanding the Implications of Changes to Build SystemsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695514(1421-1433)Online publication date: 27-Oct-2024
  • (2024)How to Pet a Two-Headed Snake? Solving Cross-Repository Compatibility Issues with HeraProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695064(694-705)Online publication date: 27-Oct-2024
  • (2024)On the Security Blind Spots of Software Composition AnalysisProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696165(77-87)Online publication date: 19-Nov-2024
  • Show More Cited By

Index Terms

  1. Do the dependency conflicts in my project matter?

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
    October 2018
    987 pages
    ISBN:9781450355735
    DOI:10.1145/3236024
    © 2018 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 26 October 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Badges

    Author Tags

    1. Empirical study
    2. static analysis
    3. third party library

    Qualifiers

    • Research-article

    Funding Sources

    • the National Natural Science Foundation
    • the Hong Kong RGC/GRF grant
    • MSRA grant

    Conference

    ESEC/FSE '18
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 112 of 543 submissions, 21%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)91
    • Downloads (Last 6 weeks)17
    Reflects downloads up to 24 Nov 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Understanding the Implications of Changes to Build SystemsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695514(1421-1433)Online publication date: 27-Oct-2024
    • (2024)How to Pet a Two-Headed Snake? Solving Cross-Repository Compatibility Issues with HeraProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695064(694-705)Online publication date: 27-Oct-2024
    • (2024)On the Security Blind Spots of Software Composition AnalysisProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696165(77-87)Online publication date: 19-Nov-2024
    • (2024)DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic OptimizationProceedings of the ACM on Software Engineering10.1145/36608161:FSE(2469-2492)Online publication date: 12-Jul-2024
    • (2024)Your “Notice” Is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during ForkingProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680339(1022-1034)Online publication date: 11-Sep-2024
    • (2024)Boosting API Misuse Detection via Integrating API Constraints from Multiple SourcesProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644904(14-26)Online publication date: 15-Apr-2024
    • (2024)SourcererJBF: A Java Build Framework For Large-Scale CompilationACM Transactions on Software Engineering and Methodology10.1145/363571033:3(1-35)Online publication date: 15-Mar-2024
    • (2024)CNEPS: A Precise Approach for Examining Dependencies among Third-Party C/C++ Open-Source ComponentsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639209(1-12)Online publication date: 20-May-2024
    • (2024)Efficiently Trimming the Fat: Streamlining Software Dependencies with Java Reflection and Dependency AnalysisProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639123(1-12)Online publication date: 20-May-2024
    • (2024)Less is More? An Empirical Study on Configuration Issues in Python PyPI EcosystemProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639077(1-12)Online publication date: 20-May-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media