Will Dependency Conflicts Affect My Program's Semantics? - Citegraph

Paper Info

Title
Will Dependency Conflicts Affect My Program's Semantics?

Abstract
Java projects are often built on top of various third-party libraries. If multiple versions of a library exist on the classpath, JVM will only load one version and shadow the others, which we refer to as <i>dependency conflicts</i> . This would give rise to <i>semantic conflict</i> (SC) issues, if the library APIs referenced by a project have identical method signatures but inconsistent semantics across the loaded and shadowed versions of libraries. SC issues are difficult for developers to diagnose in practice, since understanding them typically requires domain knowledge. Although adapting the existing test generation technique for dependency conflict issues, <small>Riddle</small> , to detect SC issues is feasible, its effectiveness is greatly compromised. This is mainly because <small>Riddle</small> randomly generates test inputs, while the SC issues typically require specific arguments in the tests to be exposed. To address that, we conducted an empirical study of 316 real SC issues to understand the characteristics of such specific arguments in the test cases that can capture the SC issues. Inspired by our empirical findings, we propose an automated testing technique <small>Sensor</small> , which synthesizes test cases using ingredients from the project under test to trigger inconsistent behaviors of the APIs with the same signatures in conflicting library versions. Our evaluation results show that <small>Sensor</small> is effective and useful: it achieved a <inline-formula><tex-math notation="LaTeX">$Precision$</tex-math></inline-formula> of 0.898 and a <inline-formula><tex-math notation="LaTeX">$Recall$</tex-math></inline-formula> of 0.725 on open-source projects and a <inline-formula><tex-math notation="LaTeX">$Precision$</tex-math></inline-formula> of 0.821 on industrial projects; it detected 306 semantic conflict issues in 50 projects, 70.4 percent of which had been confirmed as real bugs, and 84.2 percent of the confirmed issues have been fixed quickly.

Year	DOI	Venue
2022	10.1109/TSE.2021.3057767	IEEE Transactions on Software Engineering
Keywords	DocType	Volume
Third-party libraries,test generation,empirical study	Journal	48
Issue	ISSN	Citations
7	0098-5589	0
PageRank	References	Authors
0.34	32	9

Authors (9 rows)

Cited by (0 rows)

References (32 rows)

Name	Order	Citations	PageRank
Wang Ying	1	0	0.34
Wu Rongxin	2	0	0.34
Wang Chao	3	0	0.34
Ming Wen	4	137	11.70
Yepang Liu	5	415	24.58
S. C. Cheung	6	2657	162.89
Yu Hai	7	0	0.34
Chang Xu	8	487	36.94
Zhi-Liang Zhu	9	694	64.61

1