English
Related papers

Related papers: Has My Release Disobeyed Semantic Versioning? Stat…

200 papers

Third-party libraries (TPLs) have become an essential component of software, accelerating development and reducing maintenance costs. However, breaking changes often occur during the upgrades of TPLs and prevent client programs from moving…

Software Engineering · Computer Science 2023-09-19 Wenke Li , Feng Wu , Cai Fu , Fan Zhou

Just like any software, libraries evolve to incorporate new features, bug fixes, security patches, and refactorings. However, when a library evolves, it may break the contract previously established with its clients by introducing Breaking…

Software Engineering · Computer Science 2021-10-18 Lina Ochoa , Thomas Degueule , Jean-Rémy Falleri , Jurgen Vinju

Java projects are often built on top of various third-party libraries. If multiple versions of a library exist on the classpath, JVM will only load one version and shadow the others, which we refer to as dependency conflicts. This would…

Software Engineering · Computer Science 2020-06-16 Ying Wang , Rongxin Wu , Chao Wang , Ming Wen , Yepang Liu , Shing-Chi Cheung , Hai Yu , Chang Xu , Zhiliang Zhu

The NPM package repository contains over two million packages and serves tens of billions of downloads per-week. Nearly every single JavaScript application uses the NPM package manager to install packages from the NPM repository. NPM relies…

Software Engineering · Computer Science 2023-04-04 Donald Pinckney , Federico Cassano , Arjun Guha , Jonathan Bell

Token-inconsistency bugs (TIBs) involve the misuse of syntactically valid yet incorrect code tokens, such as misused variables and erroneous function invocations, which can often lead to software bugs. Unlike simple syntactic bugs, TIBs…

Cryptography and Security · Computer Science 2025-10-14 Hongbo Chen , Yifan Zhang , Xing Han , Tianhao Mao , Huanyao Rong , Yuheng Zhang , XiaoFeng Wang , Luyi Xing , Xun Chen , Hang Zhang

The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis (SCA) tools struggle to…

Software Engineering · Computer Science 2025-07-25 Wang Lingxiang , Quanzhi Fu , Wenjia Song , Gelei Deng , Yi Liu , Dan Williams , Ying Zhang

Semantic versioning policy is widely used to indicate the level of changes in a package release. Unfortunately, there are many cases where developers do not respect the semantic versioning policy, leading to the breakage of dependent…

Software Engineering · Computer Science 2022-04-13 Rabe Abdalkareem , Md Atique Reza Chowdhury , Emad Shihab

Large Language Models (LLMs) can translate natural language requirements into code, yet empirical analyses of representative models reveal that semantic errors-programs that compile but behave incorrectly-constitute the majority of observed…

Software Engineering · Computer Science 2025-09-30 Qinglin Wang , Zhihong Sun , Ruyun Wang , Tao Huang , Zhi Jin , Ge Li , Chen Lyu

Version control system tools empower developers to independently work on their development tasks. These tools also facilitate the integration of changes through merging operations, and report textual conflicts. However, when developers…

Software Engineering · Computer Science 2023-10-16 Galileu Santos de Jesus , Paulo Borba , Rodrigo Bonifácio , Matheus Barbosa de Oliveira

Semantic conflicts arise when a developer introduces changes to a codebase that unintentionally affect the behavior of changes integrated in parallel by other developers. Traditional merge tools are unable to detect such conflicts, so…

Software Engineering · Computer Science 2025-08-15 Nathalia Barbosa , Paulo Borba , Léuson Da Silva

Application Programming Interface (API) incompatibility is a long-standing issue in Android application development. The rapid evolution of Android APIs results in a significant number of API additions, removals, and changes between…

Software Engineering · Computer Science 2024-06-27 Shidong Pan , Tianchen Guo , Lihong Zhang , Pei Liu , Zhenchang Xing , Xiaoyu Sun

Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations…

Software Engineering · Computer Science 2025-10-14 Jugal Gajjar , Kaustik Ranaware , Kamalasankari Subramaniakuppusamy

Branching and merging are common practices in collaborative software development, increasing developer's productivity. Despite such benefits, developers need to merge software and resolve merge conflicts. While modern merge techniques can…

Software Engineering · Computer Science 2025-07-10 Léuson Da Silva , Paulo Borba , Toni Maciel , Wardah Mahmood , Thorsten Berger , João Moisakis , Aldiberg Gomes , Vinícius Leite

Code commits in a version control system (e.g., Git) should be atomic, i.e., focused on a single goal, such as adding a feature or fixing a bug. In practice, however, developers often bundle multiple concerns into tangled commits, obscuring…

Software Engineering · Computer Science 2026-01-30 Beomsu Koh , Neil Walkinshaw , Donghwan Shin

Static Application Security Testing (SAST) tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis…

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major costs later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to…

The growth of open-source software has increased the risk of hidden vulnerabilities that can affect downstream software applications. This concern is further exacerbated by software vendors' practice of silently releasing security patches…

Software Engineering · Computer Science 2023-08-30 Xunzhu Tang , zhenghan Chen , Saad Ezzini , Haoye Tian , Yewei Song , Jacques Klein , Tegawende F. Bissyande

In many programming languages there exist countless nuances, making developers accidentally release new versions of their packages that are not backwards-compatible. Such releases can directly impact projects which are using their packages,…

Programming Languages · Computer Science 2023-08-29 Tomasz Nowak , Michał Staniewski , Mieszko Grodzicki , Bartosz Smolarczyk

Large Language Models (LLMs) have shown impressive capabilities in downstream software engineering tasks such as Automated Program Repair (APR). In particular, there has been a lot of research on repository-level issue-resolution benchmarks…

Software Engineering · Computer Science 2025-06-23 Anvith Pabba , Alex Mathai , Anindya Chakraborty , Baishakhi Ray

Third-party dependency updates can cause a build to fail if the new dependency version introduces a change that is incompatible with the usage: this is called a breaking dependency update. Research on breaking dependency updates is active,…

Software Engineering · Computer Science 2024-03-21 Frank Reyes , Yogya Gamage , Gabriel Skoglund , Benoit Baudry , Martin Monperrus
‹ Prev 1 2 3 10 Next ›