POLLUX: safely upgrading dependent application libraries

Kalra, Sukrit; Goel, Ayush; Khanna, Dhriti; Dhawan, Mohan; Sharma, Subodh; Purandare, Rahul

doi:10.1145/2950290.2950345

Cited by 8 publications

(2 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Xing and Stroulia [63] proposed an approach that recognizes the changes of APIs by comparing the differences between two UMLs of libraries. Kalra et al [28] match traces of client code in two versions for their mappings. Balaban et al [8] proposed an approach to migrate client code when mapping relations of libraries are already available.…”

Section: Discussionmentioning

confidence: 99%

Migrating Client Code without Change Examples

Zhong,

Meng

2021

Preprint

View full text Add to dashboard Cite

API developers evolve software libraries to fix bugs, add new features, or refactor code. To benefit from such library evolution, the programmers of client projects have to repetitively upgrade their library usages and adapt their codebases to any library API breaking changes (e.g., API renaming). Such adaptive changes can be tedious and error-prone. Existing tools provide limited support to help programmers migrate client projects from old library versions to new ones. For instance, some tools extract API mappings between library versions and only suggest simple adaptive changes (i.e., statement updates); other tools suggest or automate more complicated edits (e.g., statement insertions) based on user-provided exemplar code migrations. However, when new library versions are available, it is usually cumbersome and time-consuming for users to provide sufficient human-crafted samples in order to guide automatic migration.In this paper, we propose a novel approach-AUTOUPDATEto further improve the state of the art. Instead of learning from change examples, we designed AUTOUPDATE to automate migration in a compiler-directed way. Namely, given a compilation error triggered by upgrading libraries, AUTOUPDATE exploits 13 migration operators to generate candidate edits, and tentatively applies each edit until the error is resolved or all edits are explored. We conducted two evaluations. The first evaluation involves migrating 371 tutorial examples between versions of 5 popular libraries. AUTOUPDATE reduced migrationrelated compilation errors for 92.7% of tasks. It eliminated such errors for 32.4% of tasks, and 33.9% of the tasks have identical edits to manual migrations. In the second evaluation, we applied AUTOUPDATE to migrate two real client projects of lucene. AUTOUPDATE successfully migrated both projects, and the migrated code passed all tests.

show abstract

Section: Discussionmentioning

confidence: 99%

Migrating Client Code without Change Examples

Zhong,

Meng

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Instead, our alerting system considers non-security bugs and conduct finegrained change analysis on library APIs by considering their call graphs. Kalra et al [37] and Foo et al [29] respectively used dynamic and static analysis to find API-breaking changes in libraries, which are useful techniques to improve alerting by locating incompatible API changes.…”

Section: Risk Analysismentioning

confidence: 99%

An Empirical Study of Usages, Updates and Risks of Third-Party Libraries in Java Projects

Wang¹,

Chen²,

Huang³

et al. 2020

Preprint

View full text Add to dashboard Cite

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic study on usages, updates and risks of third-party libraries can provide practical insights to improve the ecosystem sustainably. In this paper, we conduct such a study in the Java ecosystem. Specifically, we conduct a library usage analysis (e.g., usage intensity and outdatedness) and a library update analysis (e.g., update intensity and delay) using 806 open-source projects. The two analyses aim to quantify usage and update practices holistically from the perspective of both opensource projects and third-party libraries. Then, we conduct a library risk analysis (e.g., potential risk and developer response) in terms of bugs with 15 popularly-used third-party libraries. This analysis aims to quantify the potential risk of using outdated libraries and the developer response to the risk. Our findings from the three analyses provide practical insights to developers and researchers on problems and potential solutions in maintaining third-party libraries (e.g., smart alerting and automated updating of outdated libraries). To demonstrate the usefulness of our findings, we propose a bug-driven alerting system for assisting developers to make confident decisions in updating third-party library versions. We have released our dataset to foster valuable applications and improve the ecosystem.

show abstract