English
Related papers

Related papers: DepOwl: Detecting Dependency Bugs to Prevent Compa…

200 papers

Developers are increasingly using services such as Dependabot to automate dependency updates. However, recent research has shown that developers perceive such services as unreliable, as they heavily rely on test coverage to detect conflicts…

Software Engineering · Computer Science 2021-09-27 Joseph Hejderup , Georgios Gousios

Third-party libraries are a central building block to develop software systems. However, outdated third-party libraries are commonly used, and developers are usually less aware of the potential risks. Therefore, a quantitative and holistic…

Software Engineering · Computer Science 2020-02-26 Ying Wang , Bihuan Chen , Kaifeng Huang , Bowen Shi , Congying Xu , Xin Peng , Yang Liu , Yijian Wu

Determining whether a configurable software system has a performance bug or it was misconfigured is often challenging. While there are numerous debugging techniques that can support developers in this task, there is limited empirical…

Software Engineering · Computer Science 2022-03-22 Miguel Velez , Pooyan Jamshidi , Norbert Siegmund , Sven Apel , Christian Kästner

Application Binary Interface (ABI) compatibility is essential for system or software updates to ensure that libraries continue to function. Tools that can assess a binary or library ABI can thus be used to make predictions about…

Software Engineering · Computer Science 2023-02-03 Vanessa Sochat , Tim Haines

Exploits are commonly used to demonstrate the presence of library vulnerabilities and validate their impact across different versions. However, their direct application to alternative versions often fails due to breaking changes introduced…

Software Engineering · Computer Science 2025-11-18 Zirui Chen , Zhipeng Xue , Jiayuan Zhou , Xing Hu , Xin Xia , Xiaohu Yang

Dependabot, a popular dependency management tool, includes a compatibility score feature that helps client packages assess the risk of accepting a dependency update by leveraging knowledge from "the crowd". For each dependency update,…

Software Engineering · Computer Science 2024-03-15 Benjamin Rombaut , Filipe R. Cogo , Ahmed E. Hassan

Third-party dependency updates can cause a build to fail if the new dependency version introduces a change that is incompatible with the usage: this is called a breaking dependency update. Research on breaking dependency updates is active,…

Software Engineering · Computer Science 2024-03-21 Frank Reyes , Yogya Gamage , Gabriel Skoglund , Benoit Baudry , Martin Monperrus

Deep Learning (DL) is finding its way into a growing number of mobile software applications. These software applications, named as DL based mobile applications (abbreviated as mobile DL apps) integrate DL models trained using large-scale…

Software Engineering · Computer Science 2021-02-11 Zhenpeng Chen , Huihan Yao , Yiling Lou , Yanbin Cao , Yuanqiang Liu , Haoyu Wang , Xuanzhe Liu

Many developers and organizations implement apps for Android, the most widely used operating system for mobile devices. Common problems developers face are the various hardware devices, customized Android variants, and frequent updates,…

Software Engineering · Computer Science 2021-03-18 Sebastian Nielebock , Paul Blockhaus , Jacob Krüger , Frank Ortmeier

Build automation tools and package managers have a profound influence on software development. They facilitate the reuse of third-party libraries, support a clear separation between the application's code and its external dependencies, and…

Software Engineering · Computer Science 2023-05-08 César Soto-Valero , Nicolas Harrand , Martin Monperrus , Benoit Baudry

Open-Source Software (OSS) vulnerabilities bring great challenges to the software security and pose potential risks to our society. Enormous efforts have been devoted into automated vulnerability detection, among which deep learning…

Cryptography and Security · Computer Science 2024-02-09 Xinchen Wang , Ruida Hu , Cuiyun Gao , Xin-Cheng Wen , Yujia Chen , Qing Liao

Fragmentation is a serious problem in the Android ecosystem. This problem is mainly caused by the fast evolution of the system itself and the various customizations independently maintained by different smartphone manufacturers. Many…

Software Engineering · Computer Science 2022-06-01 Pei Liu , Yanjie Zhao , Haipeng Cai , Mattia Fazzini , John Grundy , Li Li

Relying on dependency packages accelerates software development, but it also increases the exposure to security vulnerabilities that may be present in dependencies. While developers have full control over which dependency packages (and…

Software Engineering · Computer Science 2023-10-13 Abbas Javan Jafari , Diego Elias Costa , Ahmad Abdellatif , Emad Shihab

Supporting mainstream applications is fundamental for a new OS to have impact. It is generally achieved by developing a layer of compatibility allowing applications developed for a mainstream OS like Linux to run unmodified on the new OS.…

Background: Widespread use of third-party libraries makes ecosystems like Node Package Manager (npm) critical to modern software development. However, this interconnected chain of dependencies also creates challenges: bugs in one library…

Software Engineering · Computer Science 2025-11-10 Mohammadreza Saeidi , Ethan Thoma , Raula Gaikovina Kula , Gema Rodríguez-Pérez

While large language models (LLMs) have shown considerable promise in code generation, real-world software development demands advanced repository-level reasoning. This includes understanding dependencies, project structures, and managing…

Software Engineering · Computer Science 2025-03-11 Junjia Du , Yadi Liu , Hongcheng Guo , Jiawei Wang , Haojian Huang , Yunyi Ni , Zhoujun Li

The Android framework provides a rich set of APIs that can be exploited by developers to build their apps. However, the rapid evolution of these APIs jointly with the specific characteristics of the lifecycle of the Android components…

Software Engineering · Computer Science 2022-02-25 Oliviero Riganelli , Ionut Daniel Fagadau , Daniela Micucci , Leonardo Mariani

Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs to facilitate their app development. Unfortunately, the popularity of TPLs also brings new security issues. For…

Software Engineering · Computer Science 2021-08-05 Xian Zhan , Tianming Liu , Yepang Liu , Yang Liu , Li Li , Haoyu Wang , Xiapu Luo

Python is widely used in the open-source community, largely owing to the extensive support from diverse third-party libraries within the PyPI ecosystem. Nevertheless, the utilization of third-party libraries can potentially lead to…

Software Engineering · Computer Science 2024-01-08 Yun Peng , Ruida Hu , Ruoke Wang , Cuiyun Gao , Shuqing Li , Michael R. Lyu

A risk in adopting third-party dependencies into an application is their potential to serve as a doorway for malicious code to be injected (most often unknowingly). While many initiatives from both industry and research communities focus on…

Software Engineering · Computer Science 2023-09-11 Supatsara Wattanakriengkrai , Raula Gaikovina Kula , Christoph Treude , Kenichi Matsumoto