Thu 12 May 2022 20:05 - 20:10 at ICSE room 4-even hours - Software Ecosystems 2 Chair(s): John-Paul Ore
Deep learning becomes the driving force behind many contemporary technologies and has been successfully applied in many fields. Through software dependencies, a multi-layer supply chain (SC) with a deep learning framework as the core and substantial downstream projects as the periphery has gradually formed and is constantly developing. However, basic knowledge about the structure and characteristics of the SC is lacking, which hinders effective support for its sustainable development. Previous studies on software SC usually focus on the packages in different registries without paying attention to the SCs derived from a single project. We present an empirical study on two deep learning SCs: TensorFlow and PyTorch SCs. By constructing and analyzing their SCs, we aim to understand their structure, application domains, and evolutionary factors. We find that both SCs exhibit a short and sparse hierarchy structure. Overall, the relative growth of new projects increases month by month. Projects have a tendency to attract downstream projects shortly after the release of their packages, later the growth becomes faster and tends to stabilize. We propose three criteria to identify vulnerabilities and identify 51 types of packages and 26 types of projects involved in the two SCs. A comparison reveals their similarities and differences, e.g., TensorFlow SC provides a wealth of packages in experiment result analysis, while PyTorch SC contains more specific framework packages. By fitting the GAM model, we find that the number of dependent packages is significantly negatively associated with the number of downstream projects, but the relationship with the number of authors is nonlinear. Our findings can help further open the ``black box'' of deep learning SCs and provide insights for their healthy and sustainable development.
Wed 11 MayDisplayed time zone: Eastern Time (US & Canada) change
03:00 - 04:00 | Software Ecosystems 1Technical Track / Journal-First Papers at ICSE room 2-odd hours Chair(s): Massimiliano Di Penta University of Sannio, Italy | ||
03:00 5mTalk | API-related Developer Information Needs in Stack Overflow Journal-First Papers Mingwei Liu Fudan University, Xin Peng Fudan University, Andrian Marcus University of Texas at Dallas, Shuangshuang Xing Fudan University, Christoph Treude University of Melbourne, Chengyuan Zhao Fudan University Link to publication DOI Pre-print Media Attached | ||
03:05 5mTalk | GitHub Discussions: An exploratory study of early adoption Journal-First Papers Hideaki Hata Shinshu University, Nicole Novielli University of Bari, Sebastian Baltes SAP SE & University of Adelaide, Raula Gaikovina Kula Nara Institute of Science and Technology, Christoph Treude University of Melbourne Link to publication DOI Pre-print Media Attached | ||
03:10 5mTalk | An Exploratory Study of Deep Learning Supply Chain Technical Track Xin Tan Beihang University, China, Kai Gao Peking University, China, Minghui Zhou Peking University, China, Li Zhang Beihang University Pre-print Media Attached | ||
03:15 5mTalk | Demystifying the Vulnerability Propagation and Its Evolution via Dependency Trees in the NPM Ecosystem Technical Track Chengwei Liu Tianjin University and Nanyang Technological University, Sen Chen Tianjin University, Lingling Fan Nankai University, Bihuan Chen Fudan University, China, Yang Liu Nanyang Technological University, Xin Peng Fudan University Pre-print Media Attached | ||