Will Dependency Conflicts Affect My Program's Semantics?

by   Ying Wang, et al.
Northeastern University
NetEase, Inc

Java projects are often built on top of various third-party libraries. If multiple versions of a library exist on the classpath, JVM will only load one version and shadow the others, which we refer to as dependency conflicts. This would give rise to semantic conflict (SC) issues, if the library APIs referenced by a project have identical method signatures but inconsistent semantics across the loaded and shadowed versions of libraries. SC issues are difficult for developers to diagnose in practice, since understanding them typically requires domain knowledge. Although adapting the existing test generation technique for dependency conflict issues, Riddle, to detect SC issues is feasible, its effectiveness is greatly compromised. This is mainly because Riddle randomly generates test inputs, while the SC issues typically require specific arguments in the tests to be exposed. To address that, we conducted an empirical study of 75 real SC issues to understand the characteristics of such specific arguments in the test cases that can capture the SC issues. Inspired by our empirical findings, we propose an automated testing technique Sensor, which synthesizes test cases using ingredients from the project under test to trigger inconsistent behaviors of the APIs with the same signatures in conflicting library versions. Our evaluation results show that Sensor is effective and useful: it achieved a Precision of 0.803 and a Recall of 0.760 on open-source projects and a Precision of 0.821 on industrial projects; it detected 150 semantic conflict issues in 29 projects, 81.8% of which had been confirmed as real bugs.


page 2

page 7

page 8

page 9

page 10

page 11

page 12

page 13


Interactive, Effort-Aware Library Version Harmonization

As a mixed result of intensive dependency on third-party libraries, flex...

Hero: On the Chaos When PATH Meets Modules

Ever since its first release in 2009, the Go programming language (Golan...

An Empirical Study of Usages, Updates and Risks of Third-Party Libraries in Java Projects

Third-party libraries are a central building block to develop software s...

Using mutation testing to measure behavioural test diversity

Diversity has been proposed as a key criterion to improve testing effect...

Visual GUI testing in practice: An extended industrial case study

Context: Visual GUI testing (VGT) is referred to as the latest generatio...

So Much in So Little: Creating Lightweight Embeddings of Python Libraries

In software engineering, different approaches and machine learning model...

Knowledge-Based Version Incompatibility Detection for Deep Learning

Version incompatibility issues are rampant when reusing or reproducing d...

Please sign up or login with your details

Forgot password? Click here to reset