Präzi: From Package-based to Call-based Dependency Networks

01/23/2021
by   Joseph Hejderup, et al.
0

Software reuse has emerged as one of the most crucial elements of modern software development. The standard way to study the dependency networks caused by reuse is to infer relationships between software packages through manifests in the packages' repositories. Such networks can help answer important questions like "How many packages have dependencies to packages with known security issues?" or "What are the most used packages?". However, an important overlooked aspect of current networks is that manifest-inferred relationships do not necessarily describe how or whether these dependencies are actually used in the code. To better model dependencies between packages, we devise Präzi, an approach combining manifests and call graphs of packages. Präzi constructs a fine-grained dependency network at the more fine-grained function-level, instead of at the manifest-level. For this paper, we provide a prototypical Präzi implementation for the popular system programming language Rust. Using it, we replicate a recent evolution study characterizing Rust's package repository, Cratesio, on the function-level. Our results identify new key characteristics and developments of Cratesio: i) 49 Cratesio target a function in a dependency, suggesting prevalent reuse of dependencies, ii) packages call 40 iii) package maintainers make nearly 7 new calls to their dependencies biannually, and iv) packages have two to three times more indirect callers than direct callers of their APIs. These results show that current analyses of manifest-level dependency networks are not sufficient to understand how packages use each other.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 24

page 31

06/05/2018

On the evolution of technical lag in the npm package dependency network

Software packages developed and distributed through package managers ext...
10/22/2021

Methodology for Assessing the State of the Practice for Domain X

To improve software development methods and tools for research software,...
04/24/2018

Learning Software Constraints via Installation Attempts

Modern software systems are expected to be secure and contain all the la...
11/22/2011

Evolution of a Modular Software Network

"Evolution behaves like a tinkerer" (Francois Jacob, Science, 1977). Sof...
11/26/2018

Refactoring Software Packages via Community Detection from Stability Point of View

As the complexity and size of software projects increases in real-world ...
08/17/2021

A grounded theory of Community Package Maintenance Organizations-Registered Report

a) Context: In many programming language ecosystems, developers rely mor...
11/16/2020

Dependency Solving Is Still Hard, but We Are Getting Better at It

Dependency solving is a hard (NP-complete) problem in all non-trivial co...

Code Repositories

rust-emse-2020

Replication Package


view repo
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.