English
Related papers

Related papers: Interactive, Effort-Aware Library Version Harmoniz…

200 papers

This paper applies machine learning to the difficult and important task of version control merging. (1) We constructed a dataset, Merge-Bench, of 7938 real-world merge conflict hunks from 1439 GitHub repositories. The ground truth is the…

Machine Learning · Computer Science 2026-05-26 Benedikt Schesch , Michael D. Ernst

In software development, developers extensively utilize third-party libraries to avoid implementing existing functionalities. When a new third-party library vulnerability is disclosed, project maintainers need to determine whether their…

Software Engineering · Computer Science 2023-12-18 Zirui Chen , Xing Hu , Xin Xia , Yi Gao , Tongtong Xu , David Lo , Xiaohu Yang

This paper is the result of a two month research internship on the topic of library version identification. In this paper, ideas and techniques from literature in the area of binary comparison and fingerprinting are outlined and applied to…

Cryptography and Security · Computer Science 2017-03-02 Thomas Rinsma

The rapid evolution of software libraries presents a significant challenge for code generation models, which must adapt to frequent version updates while maintaining compatibility with previous versions. Existing code completion benchmarks…

Software Engineering · Computer Science 2024-11-12 Nizar Islah , Justine Gehring , Diganta Misra , Eilif Muller , Irina Rish , Terry Yue Zhuo , Massimo Caccia

Third-party libraries (TPLs) are reused frequently in software applications for reducing development cost. However, they could introduce security risks as well. Many TPL detection methods have been proposed to detect TPL reuse in Android…

Cryptography and Security · Computer Science 2022-04-22 Wei Tang , Yanlin Wang , Hongyu Zhang , Shi Han , Ping Luo , Dongmei Zhang

Reusing software libraries is a pillar of modern software engineering. In 2022, the average Java application depends on 40 third-party libraries. Relying on such libraries exposes a project to potential vulnerabilities and may put an…

Software Engineering · Computer Science 2023-01-20 Amir M. Mir , Mehdi Keshani , Sebastian Proksch

Third-party dependency updates can cause a build to fail if the new dependency version introduces a change that is incompatible with the usage: this is called a breaking dependency update. Research on breaking dependency updates is active,…

Software Engineering · Computer Science 2024-03-21 Frank Reyes , Yogya Gamage , Gabriel Skoglund , Benoit Baudry , Martin Monperrus

Industrial applications heavily integrate open-source software libraries nowadays. Beyond the benefits that libraries bring, they can also impose a real threat in case a library is affected by a vulnerability but its community is not active…

Software Engineering · Computer Science 2025-04-24 Alexandros Tsakpinis

Modern software development reuses code by importing libraries as dependencies. Software projects typically include an average of 36 dependencies, with 80% being transitive, meaning they are dependencies of dependencies. Recent research…

Software Engineering · Computer Science 2025-10-24 Jonas Klauke , Tom Ohlmer , Stefan Schott , Serena Elisa Ponta , Wolfram Fischer , Eric Bodden

JSON is an essential file and data format in do-mains that span scientific computing, web APIs or configuration management. Its popularity has motivated significant software development effort to build multiple libraries to process JSON…

Software Engineering · Computer Science 2021-08-30 Nicolas Harrand , Thomas Durieux , David Broman , Benoit Baudry

Software applications integrate more and more open-source software (OSS) to benefit from code reuse. As a drawback, each vulnerability discovered in bundled OSS potentially affects the application. Upon the disclosure of every new…

Cryptography and Security · Computer Science 2025-03-18 Henrik Plate , Serena Elisa Ponta , Antonino Sabetta

Modern software heavily relies on the use of components. Those components are usually published in central repositories, and managed by build systems via dependencies. Due to issues around vulnerabilities, licenses and the propagation of…

Software Engineering · Computer Science 2023-10-11 Jens Dietrich , Shawn Rasheed , Alexander Jordan , Tim White

Although using third-party libraries is common practice when writing software, vulnerabilities may be found even in well-known libraries. Detected vulnerabilities are often fixed quickly in the library code. The easiest way to include these…

Software Engineering · Computer Science 2023-05-23 Kristiina Rahkema , Dietmar Pfahl

Modern software systems are expected to be secure and contain all the latest features, even when new versions of software are released multiple times an hour. Each system may include many interacting packages. The problem of installing…

Software Engineering · Computer Science 2018-11-15 Ran Ben Basat , Maayan Goldstein , Itai Segall

In finance, leverage is the ratio between assets borrowed from others and one's own assets. A matching situation is present in software: by using free open-source software (FOSS) libraries a developer leverages on other people's code to…

Software Engineering · Computer Science 2021-03-08 Fabio Massacci , Ivan Pashchenko

Third-party libraries (TPLs) are frequently reused in software to reduce development cost and the time to market. However, external library dependencies may introduce vulnerabilities into host applications. The issue of library dependency…

Software Engineering · Computer Science 2022-09-21 Wei Tang , Zhengzi Xu , Chengwei Liu , Jiahui Wu , Shouguo Yang , Yi Li , Ping Luo , Yang Liu

GitHub Actions (GHA) CI workflows are critical infrastructure, but current tooling offers only syntactic or heuristic checks and does not enforce documented best practices for security, maintainability, or performance. Consequently, issues…

Software Engineering · Computer Science 2026-05-05 Edward Abrokwah , Taher A. Ghaleb

Modern programming languages (e.g., Java and C#) provide features to separate error-handling code from regular code, seeking to enhance software comprehensibility and maintainability. Nevertheless, the way exception handling (EH) code is…

Software Engineering · Computer Science 2021-05-04 Luan P. Lima , Lincoln S. Rocha , Carla I. M. Bezerra , Matheus Paixao

Developers are increasingly using services such as Dependabot to automate dependency updates. However, recent research has shown that developers perceive such services as unreliable, as they heavily rely on test coverage to detect conflicts…

Software Engineering · Computer Science 2021-09-27 Joseph Hejderup , Georgios Gousios

Software libraries implement APIs that deliver reusable functionalities. To correctly use these functionalities, software applications must satisfy certain correctness policies, for instance policies about the order some API methods can be…

Software Engineering · Computer Science 2020-10-14 Oliviero Riganelli , Daniela Micucci , Leonardo Mariani