A Large-Scale Empirical Study on Semantic Versioning in Golang Ecosystem
Third-party libraries (TPLs) have become an essential component of software, accelerating development and reducing maintenance costs. However, breaking changes often occur during the upgrades of TPLs and prevent client programs from moving forward. Semantic versioning (SemVer) has been applied to standardize the versions of releases according to compatibility, but not all releases follow SemVer compliance. Lots of work focuses on SemVer compliance in ecosystems such as Java and JavaScript beyond Golang (Go for short). Due to the lack of tools to detect breaking changes and dataset for Go, developers of TPLs do not know if breaking changes occur and affect client programs, and developers of client programs may hesitate to upgrade dependencies in terms of breaking changes. To bridge this gap, we conduct the first large-scale empirical study in the Go ecosystem to study SemVer compliance in terms of breaking changes and their impact. In detail, we purpose GoSVI (Go Semantic Versioning Insight) to detect breaking changes and analyze their impact by resolving identifiers in client programs and comparing their types with breaking changes. Moreover, we collect the first large-scale Go dataset with a dependency graph from GitHub, including 124K TPLs and 532K client programs. Based on the dataset, our results show that 86.3% of library upgrades follow SemVer compliance and 28.6% of no-major upgrades introduce breaking changes. Furthermore, the tendency to comply with SemVer has improved over time from 63.7% in 2018/09 to 92.2% in 2023/03. Finally, we find 33.3% of downstream client programs may be affected by breaking changes. These findings provide developers and users of TPLs with valuable insights to help make decisions related to SemVer.
Thu 14 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | Configuration and Version ManagementResearch Papers at Room D Chair(s): Shahar Maoz Tel Aviv University | ||
15:30 12mTalk | A Large-Scale Empirical Study on Semantic Versioning in Golang Ecosystem Research Papers Wenke Li Huazhong University of Science and Technology, Feng Wu Tencent Technology (Shenzhen) Co. Ltd, Cai Fu Huazhong University of Science and Technology, Fan Zhou Tencent Technology (Shenzhen) Co. Ltd Link to publication DOI Pre-print | ||
15:42 12mTalk | Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem Research Papers Suhaib Mujahid Mozilla, Diego Costa Concordia University, Canada, Rabe Abdalkareem Omar Al-Mukhtar University, Emad Shihab Concordia Univeristy Pre-print | ||
15:55 12mTalk | ESRO: Experience Assisted Service Reliability against Outages Research Papers Sarthak Chakraborty Adobe Research, Shubham Agarwal Adobe Research, Shaddy Garg Adobe, Abhimanyu Sethia Indian Institute of Technology Kanpur, Udit Narayan Pandey Indian Institute of Technology Kanpur, Videh Aggarwal Indian Institute of Technology Kanpur, Shiv Saini Adobe Research File Attached | ||
16:08 12mTalk | Fixing Privilege Escalations in Cloud Access Control with MaxSAT and Graph Neural Networks Research Papers Yang Hu University of Texas at Austin, Wenxi Wang University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Kenneth L. McMillan University of Texas at Austin, Mohit Tiwari University of Texas at Austin File Attached | ||
16:21 12mTalk | Merge Conflict Resolution: Classification or Generation? Research Papers Jinhao Dong Peking University, Qihao Zhu Peking University, Zeyu Sun Zhongguancun Laboratory, Yiling Lou Fudan University, Dan Hao Peking University Pre-print File Attached | ||
16:34 12mTalk | Repeated Builds During Code Review: An Empirical Study of the OpenStack Community Research Papers Rungroj Maipradit University of Waterloo, Dong Wang Kyushu University, Japan, Patanamon Thongtanunam University of Melbourne, Raula Gaikovina Kula Nara Institute of Science and Technology, Yasutaka Kamei Kyushu University, Shane McIntosh University of Waterloo Pre-print File Attached | ||
16:47 12mTalk | Automated Software Entity Matching Between Successive VersionsRecorded talk Research Papers Bo Liu Beijing Institute of Technology, Hui Liu Beijing Institute of Technology, Nan Niu University of Cincinnati, Yuxia Zhang Beijing Institute of Technology, Guangjie Li National Innovation Institute of Defense Technology, Yanjie Jiang Beijing Institute of Technology DOI Media Attached |