Write a Blog >>

Third-party libraries (TPLs) are frequently reused in software to reduce development cost and the time-to-market. However, exter- nal library dependencies may introduce vulnerabilities into host applications. The issue of library dependency has received consid- erable critical attention. Many package managers like Maven, Pip, NPM are proposed to manage TPLs, and there has been a lot of effort put into studying dependencies in language ecosystem like Java, Python, JavaScript except C/C++. Due to the lack of a unified package manager for C/C++, existing research has only a few un- derstanding of TPL dependency in C/C++ ecosystem, especially at large-scale.

Towards Understanding TPL dependencies in C/C++ ecosystem, we collect existing TPL databases, package management tools and dependency detection tools, summarize the dependency patterns of C/C++ projects, and construct a comprehensive and precise C/C++ dependency detector. Using our detector, we extract dependencies from a large-scale database containing 24K C/C++ repositories from GitHub. Based on the extracted dependencies, we provide the results and findings of an empirical study aimed at understanding the characteristics of the TPL dependencies. We further discuss the challenges to manage dependency for C/C++ and the future directions for software engineering researchers and developers in fields of software composition analysis, C/C++ package manager and library development. Our dataset of extracted dependencies used in this work are anonymously available at url:

Thu 13 Oct

Displayed time zone: Eastern Time (US & Canada) change

16:00 - 18:00
Technical Session 30 - Builds and DependenciesJournal-first Papers / Research Papers / Tool Demonstrations at Room 128
Chair(s): Christian Kästner Carnegie Mellon University
Research paper
Towards Understanding Third-party Library Dependency in C/C++ Ecosystem
Research Papers
Wei Tang Tsinghua University, Zhengzi Xu Nanyang Technological University, Chengwei Liu Nanyang Technological University, Singapore, Wu Jiahui Nanyang Technological University, shouguo yang Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, Yi Li Nanyang Technological University, Singapore, Ping Luo Tsinghua University, Yang Liu Nanyang Technological University
Snapshot Metrics Are Not Enough: Analyzing Software Repositories with Longitudinal Metrics
Tool Demonstrations
Nicholas Synovic Loyola University Chicago, Matt Hyatt Loyola University Chicago, Rohan Sethi Loyola University Chicago, Sohini Thota Loyola University Chicago, Shilpika University of California at Davis, Allan J. Miller Loyola University Chicago, Wenxin Jiang Purdue University, Emmanuel S. Amobi Loyola University Chicago, Austin Pinderski Duke University, Loyola University Chicago, Konstantin Läufer Loyola University Chicago, Nicholas J. Hayward Loyola University Chicago, Neil Klingensmith Loyola University Chicago, James C. Davis Purdue University, USA, George K. Thiruvathukal Loyola University Chicago and Argonne National Laboratory
Research paper
Not All Dependencies are Equal: An Empirical Study on Production Dependencies in NPM
Research Papers
Jasmine Latendresse Concordia University, Suhaib Mujahid Mozilla, Diego Costa Concordia University, Canada, Emad Shihab Concordia University
Research paper
Understanding and Predicting Docker Build Duration: An Empirical Study of Containerized Workflow of OSS ProjectsVirtual
Research Papers
Yiwen Wu National University of Defense Technology, Yang Zhang National University of Defense Technology, China, Kele Xu National University of Defense Technology, Tao Wang National University of Defense Technology, Huaimin Wang National University of Defense Technology
CIT-daily: A Combinatorial Interaction Testing-Based Daily Build ProcessVirtual
Journal-first Papers
Hanefi Mercan Sabanci University, Atakan Aytar Sabanci University, Giray Coskun Sabanci University, Dilara Müstecep Sabanci University, Gülsüm Uzer Sabanci University, Cemal Yilmaz Sabancı University
Link to publication DOI
Research paper
Using Consensual Biterms from Text Structures of Requirements and Code to Improve IR-Based Traceability RecoveryVirtual
Research Papers
Hui Gao Nanjing University, Hongyu Kuang Nanjing University, Kexin Sun Nanjing University, Xiaoxing Ma Nanjing University, Alexander Egyed Johannes Kepler University Linz, Patrick Mäder Technische Universität Ilmenau, Guoping Rong Nanjing University, Dong Shao Nanjing University, He Zhang Nanjing University
Pre-print Media Attached