2 research outputs found
Interactive, Effort-Aware Library Version Harmonization
As a mixed result of intensive dependency on third-party libraries, flexible
mechanism to declare dependencies, and increased number of modules in a
project, multiple versions of the same third-party library are directly
depended in different modules of a project. Such library version
inconsistencies can increase dependency maintenance cost, or even lead to
dependency conflicts when modules are inter-dependent. Although automated build
tools (e.g., Maven's enforcer plugin) provide partial support to detect library
version inconsistencies, they do not provide any support to harmonize
inconsistent library versions. We first conduct a survey with 131 Java
developers from GitHub to retrieve first-hand information about the root
causes, detection methods, reasons for fixing or not fixing, fixing strategies,
fixing efforts, and tool expectations on library version inconsistencies. Then,
based on the insights from our survey, we propose LibHarmo, an interactive,
effort-aware library version harmonization technique, to detect library version
inconsistencies, interactively suggest a harmonized version with the least
harmonization efforts based on library API usage analysis, and refactor build
configuration files. LibHarmo is currently developed for Java Maven projects.
Our experimental study on 443 highly-starred Java Maven projects from GitHub
indicates that i) LibHarmo identifies 621 library version inconsistencies
covering 152 (34.3%) of projects, and ii) the average harmonization efforts are
that 1 and 12 library API calls are affected, respectively due to the deleted
and changed library APIs in the harmonized version. 5 library version
inconsistencies have been confirmed, and 1 of them has been already harmonized
by developers
An Empirical Study of Usages, Updates and Risks of Third-Party Libraries in Java Projects
Third-party libraries are a central building block to develop software
systems. However, outdated third-party libraries are commonly used, and
developers are usually less aware of the potential risks. Therefore, a
quantitative and holistic study on usages, updates and risks of third-party
libraries can provide practical insights to improve the ecosystem sustainably.
In this paper, we conduct such a study in the Java ecosystem. Specifically, we
conduct a library usage analysis (e.g., usage intensity and outdatedness) and a
library update analysis (e.g., update intensity and delay) using 806
open-source projects. The two analyses aim to quantify usage and update
practices holistically from the perspective of both open-source projects and
third-party libraries. Then, we conduct a library risk analysis (e.g.,
potential risk and developer response) in terms of bugs with 15 popularly-used
third-party libraries. This analysis aims to quantify the potential risk of
using outdated libraries and the developer response to the risk. Our findings
from the three analyses provide practical insights to developers and
researchers on problems and potential solutions in maintaining third-party
libraries (e.g., smart alerting and automated updating of outdated libraries).
To demonstrate the usefulness of our findings, we propose a bug-driven alerting
system for assisting developers to make confident decisions in updating
third-party library versions. We have released our dataset to foster valuable
applications and improve the ecosystem