Will Dependency Conflicts Affect My Program's Semantics?

Java projects are often built on top of various third-party libraries. If multiple versions of a library exist on the classpath, JVM will only load one version and shadow the others, which we refer to as dependency conflicts . This would give rise to semantic conflict (SC) issues, if the library API...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on software engineering 2022-07, Vol.48 (7), p.2295-2316
Main Authors: Wang, Ying, Wu, Rongxin, Wang, Chao, Wen, Ming, Liu, Yepang, Cheung, Shing-Chi, Yu, Hai, Xu, Chang, Zhu, Zhiliang
Format: Article
Language:English
Subjects:
Compilers
Computer science
empirical study
Java
Libraries
Open source software
Runtime
Semantics
Signatures
test generation
Testing
Third-party libraries
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Java projects are often built on top of various third-party libraries. If multiple versions of a library exist on the classpath, JVM will only load one version and shadow the others, which we refer to as dependency conflicts . This would give rise to semantic conflict (SC) issues, if the library APIs referenced by a project have identical method signatures but inconsistent semantics across the loaded and shadowed versions of libraries. SC issues are difficult for developers to diagnose in practice, since understanding them typically requires domain knowledge. Although adapting the existing test generation technique for dependency conflict issues, Riddle , to detect SC issues is feasible, its effectiveness is greatly compromised. This is mainly because Riddle randomly generates test inputs, while the SC issues typically require specific arguments in the tests to be exposed. To address that, we conducted an empirical study of 316 real SC issues to understand the characteristics of such specific arguments in the test cases that can capture the SC issues. Inspired by our empirical findings, we propose an automated testing technique Sensor , which synthesizes test cases using ingredients from the project under test to trigger inconsistent behaviors of the APIs with the same signatures in conflicting library versions. Our evaluation results show that Sensor is effective and useful: it achieved a Precision Precision of 0.898 and a Recall Recall of 0.725 on open-source projects and a Precision Precision of 0.821 on industrial projects; it detected 306 semantic conflict issues in 50
ISSN:0098-5589
1939-3520
DOI:10.1109/TSE.2021.3057767