Write a Blog >>
ICSE 2023
Sun 14 - Sat 20 May 2023 Melbourne, Australia
Wed 17 May 2023 12:22 - 12:30 at Meeting Room 105 - APIs and libraries Chair(s): Sarah Nadi

Just like any software, libraries evolve to incorporate new features, bug fixes, security patches, and refactorings. However, when a library evolves, it may break the contract previously established with its clients by introducing Breaking Changes (BCs) in its API. These changes might trigger compile-time, link-time, or run-time errors in client code. As a result, clients may hesitate to upgrade their dependencies, raising security concerns and making future upgrades even more difficult. Understanding how libraries evolve helps client developers to know which changes to expect and where to expect them, and library developers to understand how they might impact their clients. In the most extensive study to date, Raemaekers et al. investigate to what extent developers of Java libraries hosted on the Maven Central Repository (MCR) follow semantic versioning conventions to signal the introduction of BCs and how these changes impact client projects. Their results suggest that BCs are widespread without regard for semantic versioning, with a significant impact on clients. In this paper, we conduct an external and differentiated replication study of their work. We identify and address some limitations of the original protocol and expand the analysis to a new corpus spanning seven more years of the MCR. We also present a novel static analysis tool for Java bytecode, Maracas, which provides us with: (i) the set of all BCs between two versions of a library, and; (ii) the set of locations in client code impacted by individual BCs. Our key findings, derived from the analysis of 119,879 library upgrades and 293,817 clients, contrast with the original study and show that 83.4% of these upgrades do comply with semantic versioning. Furthermore, we observe that the tendency to comply with semantic versioning has significantly increased over time. Finally, we find that most BCs affect code that is not used by any client, and that only 7.9% of all clients are affected by BCs. These findings should help (i) library developers to understand and anticipate the impact of their changes; (ii) library users to estimate library upgrading effort and to pick libraries that are less likely to break, and; (iii) researchers to better understand the dynamics of library-client co-evolution in Java.

Wed 17 May

Displayed time zone: Hobart change

11:00 - 12:30
11:00
15m
Talk
UpCy: Safely Updating Outdated Dependencies
Technical Track
Andreas Dann Paderborn University, Ben Hermann TU Dortmund, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print
11:15
15m
Talk
APICAD: Augmenting API Misuse Detection Through Specifications From Code And Documents
Technical Track
Xiaoke Wang Wuhan University, Lei Zhao Wuhan University
DOI Pre-print
11:30
15m
Talk
Compatibility Issue Detection for Android Apps Based on Path-Sensitive Semantic Analysis
Technical Track
Sen Yang Army Engineering University of PLA, Sen Chen Tianjin University, Lingling Fan Nankai University, Sihan Xu Nankai University, China, Zhanwei Hui Academy of Military Science, Song Huang Army Engineering University of PLA
11:45
15m
Talk
OSSFP: Precise and Scalable C/C++ Third-Party Library Detection using Fingerprinting Functions
Technical Track
Wu Jiahui Nanyang Technological University, Zhengzi Xu Nanyang Technological University, Wei Tang Tsinghua University, Lyuye Zhang Nanyang Technological University, Yueming Wu Nanyang Technological University, Chengyue Liu Scantist, Kairan Sun Singapore University of Technology and Design, Lida Zhao Nanyang Technological University, Yang Liu Nanyang Technological University
12:00
15m
Talk
Scaling Web API Integrations
SEIP - Software Engineering in Practice
Pre-print
12:15
7m
Talk
Giving Back: Contributions Congruent to Library Dependency Changes in a Software Ecosystem
Journal-First Papers
Supatsara Wattanakriengkrai Nara Institute of Science and Technology, Dong Wang Kyushu University, Japan, Raula Gaikovina Kula Nara Institute of Science and Technology, Christoph Treude University of Melbourne, Patanamon Thongtanunam University of Melbourne, Takashi Ishio Future University Hakodate, Kenichi Matsumoto Nara Institute of Science and Technology
Link to publication
12:22
7m
Talk
Breaking Bad? Semantic Versioning and Impact of Breaking Changes in Maven Central
Journal-First Papers
Lina Ochoa Eindhoven University of Technology, Thomas Degueule CNRS, LaBRI, Jean-Rémy Falleri Bordeaux INP, Jurgen Vinju CWI; Eindhoven University of Technology