The Emergence of Software Diversity in Maven Central

Soto-Valero, César; Benelallam, Amine; Harrand, Nicolas; Barais, Olivier; Baudry, Benoît

doi:10.1109/msr.2019.00059

Cited by 31 publications

(17 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another pattern that we found states that dependency changes often co-occur with corresponding changes to the dependency management part. While there is an increasing interest in research about dependencies and their management (Benelallam et al 2019;Kula et al 2018;Soto-Valero et al 2019;Soto-Valero et al 2020), to the best of our knowledge, there is no dedicated tooling that helps in organizing dependencies. Our results contribute towards a preliminary tooling that can check and validate best practices for using Maven.…”

Section: Discussionmentioning

confidence: 99%

The nature of build changes

et al. 2021

View full text Add to dashboard Cite

Build systems are an essential part of modern software projects. As software projects change continuously, it is crucial to understand how the build system changes because neglecting its maintenance can, at best, lead to expensive build breakage, or at worst, introduce user-reported defects due to incorrectly compiled, linked, packaged, or deployed official releases. Recent studies have investigated the (co-)evolution of build configurations and reasons for build breakage; however, the prior analysis focused on a coarse-grained outcome (i.e., either build changing or not). In this paper, we present BuildDiff, an approach to extract detailed build changes from Maven build files and classify them into 143 change types. In a manual evaluation of 400 build-changing commits, we show that BuildDiff can extract and classify build changes with average precision, recall, and f1-scores of 0.97, 0.98, and 0.97, respectively. We then present two studies using the build changes extracted from 144 open source Java projects to study the frequency and time of build changes. The results show that the top-10 most frequent change types account for 51% of the build changes. Among them, changes to version numbers and changes to dependencies of the projects occur most frequently. We also observe frequently co-occurring changes, such as changes to the source code management definitions, and corresponding changes to the dependency management system and the dependency declaration. Furthermore, our results show that build changes frequently occur around release days. In particular, critical changes, such as updates to plugin configuration parts and dependency insertions, are performed before a release day. The contributions of this paper lay in the foundation for future research, such as for analyzing the (co-)evolution of build files with other artifacts, improving effort estimation approaches by incorporating necessary modifications to the build system specification, or automatic repair approaches for configuration code. Furthermore, our detailed change information enables improvements of refactoring approaches for build configurations and improvements of prediction models to identify error-prone build files.

show abstract

Section: Discussionmentioning

confidence: 99%

The nature of build changes

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Literatures on evolving software ecosystems cover Maven [97]- [99], Apache [79], [100], E c lip s e [101], Ruby [102]- [104], PyPI [22], GNOME [105], and Npm [104], [ 106]- [112]. Many concerned techniques focus on three aspects: ecosystem modeling and analysis [98], [100], [104], [107], [108], [111]- [113], socio-technical theories within ecosystems [106], [113], and diagnosis and monitoring for ecosystem's evolution [22], [97], [114]. For example, Blincoe et al [113] proposed coupling references to model technical dependencies between projects, and explored characteristics of open-source or commercial software ecosystems.…”

Section: Re L a T E D Wo R Kmentioning

confidence: 99%

Hero: On the Chaos When PATH Meets Modules

Wang

Qiao

et al. 2021

2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)

View full text Add to dashboard Cite

Ever since its first release in 2009, the Go programming language (Golang) has been well received by software communities. A major reason for its success is the powerful support of library-based development, where a Golang project can be conveniently built on top of other projects by referencing them as libraries. As Golang evolves, it recommends the use of a new library-referencing mode to overcome the limitations of the original one. While these two library modes are incompatible, both are supported by the Golang ecosystem. The heterogeneous use of library-referencing modes across Golang projects has caused numerous dependency management (DM) issues, incurring reference inconsistencies and even build failures. Motivated by the problem, we conducted an empirical study to characterize the DM issues, understand their root causes, and examine their fixing solutions. Based on our findings, we developed HE R O , an automated technique to detect DM issues and suggest proper fixing solutions. We applied He r o to 19,000 popular Golang projects. The results showed that HE R O achieved a high detection rate of 98.5% on a DM issue benchmark and found 2,422 new DM issues in 2,356 popular Golang projects. We reported 280 issues, among which 181 (64.6%) issues have been confirmed, and 160 of them (88.4%) have been fixed or are under fixing. Almost all the fixes have adopted our fixing suggestions. Index Terms-Golang Ecosystem, Dependency Management'The Vendor attribute allows a Golang project to reference a library's different versions and keep them in different folders under a vendor directory.

show abstract

“…Eclipse [101], Ruby [102]- [104], PyPI [22], GNOME [105], and Npm [104], [106]- [112]. Many concerned techniques focus on three aspects: ecosystem modeling and analysis [98], [100], [104], [107], [108], [111]- [113], socio-technical theories within ecosystems [106], [113], and diagnosis and monitoring for ecosystem's evolution [22], [97], [114]. For example, Blincoe et al [113] proposed coupling references to model technical dependencies between projects, and explored characteristics of open-source or commercial software ecosystems.…”

Section: Related Workmentioning

confidence: 99%

Hero: On the Chaos When PATH Meets Modules

Wang

Qiao

et al. 2021

Preprint

View full text Add to dashboard Cite

Ever since its first release in 2009, the Go programming language (Golang) has been well received by software communities. A major reason for its success is the powerful support of library-based development, where a Golang project can be conveniently built on top of other projects by referencing them as libraries. As Golang evolves, it recommends the use of a new library-referencing mode to overcome the limitations of the original one. While these two library modes are incompatible, both are supported by the Golang ecosystem. The heterogeneous use of library-referencing modes across Golang projects has caused numerous dependency management (DM) issues, incurring reference inconsistencies and even build failures. Motivated by the problem, we conducted an empirical study to characterize the DM issues, understand their root causes, and examine their fixing solutions. Based on our findings, we developed HERO, an automated technique to detect DM issues and suggest proper fixing solutions. We applied HERO to 19,000 popular Golang projects. The results showed that HERO achieved a high detection rate of 98.5% on a DM issue benchmark and found 2,422 new DM issues in 2,356 popular Golang projects. We reported 280 issues, among which 181 (64.6%) issues have been confirmed, and 160 of them (88.4%) have been fixed or are under fixing. Almost all the fixes have adopted our fixing suggestions.

show abstract

The Emergence of Software Diversity in Maven Central

Cited by 31 publications

References 37 publications

The nature of build changes

The nature of build changes

Hero: On the Chaos When PATH Meets Modules

Hero: On the Chaos When PATH Meets Modules

Contact Info

Product

Resources

About