ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
Wed 30 Oct 2024 13:30 - 13:45 at Magnoila - Library and dependancy Chair(s): Curtis Atkisson

Many programming languages and operating system communities maintain software repositories to build their own ecosystems. The repositories often provide management tools to help users using the packages. The tools are often, if not all the times, well-designed to handle intra-repository dependencies without considering inter-repository dependencies. The users, however, often need packages from different repositories, and thus may suffer from compatibility issues. We refer to these issues as \textit{\textbf{\underline{C}}ross-repository \textbf{\underline{C}}ompatibility (CC) issues}. Existing works typically focus on a single software repository and are insufficient to detect CC issues.

To fill this gap, we use both Python and Ubuntu repositories as representatives to study the root cause of CC issues, then summarize their triggering patterns and failure symptoms. Guided by the above analysis, we design Hera, an automatic tool to solve CC issues. Hera first builds a cross-repository compatibility database offline, and then online predicts, detects and fixes CC issues in the user’s system environment. In our evaluation, we construct a dataset of 1,692 real-world CC issues, and Hera can detect 3,689 issues with the precision of 90.5% and the recall of 93.7%. We also collected 27 real-world CC issues from GitHub and Stack Overflow, and reproduced 26 of them. Hera can detect all the 26 cases, and provide accurate reasons as well as fixing advice.

Wed 30 Oct

Displayed time zone: Pacific Time (US & Canada) change

13:30 - 15:00
13:30
15m
Talk
How to Pet a Two-Headed Snake? Solving Cross-Repository Compatibility Issues with Hera
Research Papers
Yifan Xie , Zhouyang Jia National University of Defense Technology, Shanshan Li National University of Defense Technology, Ying Wang Northeastern University, Jun Ma National University of Defense Technology, Xiaoling Li National University of Defense Technology, Haoran Liu National University of Defense Technology, Ying Fu National University of Defense Technology, Liao Xiangke National University of Defense Technology
13:45
15m
Talk
Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments
Industry Showcase
Xinyi Zheng Huazhong University of Science and Technology, Chen Wei MYbank, Ant Group, Shenao Wang Huazhong University of Science and Technology, Yanjie Zhao Huazhong University of Science and Technology, Peiming Gao MYbank, Ant Group, Yuanchao Zhang Mybank, Ant Group, Kailong Wang Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology
14:00
15m
Talk
Detect Hidden Dependency to Untangle Commits
Research Papers
Mengdan Fan , Wei Zhang Peking University, Haiyan Zhao Peking University, Guangtai Liang Huawei Cloud Computing Technologies, Zhi Jin Peking University
14:15
15m
Talk
LeanBin: Harnessing Lifting and Recompilation to Debloat Binaries
Research Papers
Igor Wodiany University of Manchester, Antoniu Pop University of Manchester, Mikel Luján University of Manchester
DOI Pre-print
14:30
15m
Talk
Balancing the Quality and Cost of Updating Dependencies
Research Papers
Damien Jaime Université Paris Nanterre & LIP6, Pascal Poizat Université Paris Nanterre & LIP6, Joyce El Haddad Université Paris Dauphine - PSL , Thomas Degueule CNRS
14:45
10m
Talk
Depends-Kotlin: A Cross-Language Kotlin Dependency Extractor
Tool Demonstrations
Qiong Feng Nanjing University of Science and Technology, Xiaotian Ma Nanjing University of Science and Technology, Huan Ji Huawei Nanjing Research Center, Wei Song Nanjing University of Science and Technology, Peng Liang Wuhan University, China
DOI Pre-print Media Attached