Candidate: Yuefei Liu
Title: Towards Understanding the Symptoms and Repair Efforts of Bugs Introduced by Third-party Library Upgrades
Supervisor: Lin Tan
Abstract: During the process of software development, developers rely heavily on third-party libraries to enable functionalities and features in their projects. By utilizing third-party libraries, developers can alleviate the efforts to avoid re-building wheels. However, developers are faced with challenges of managing dependency messes when a project evolves. One of the most challenging problems is to handle issues caused by dependency upgrades.
To better understand the issues caused by Third-party Libraries Upgrade (TLU), in this thesis, we conduct a comprehensive study on the bugs caused by dependency upgrades. The study is conducted on a collection of 8,952 open-source Java projects from GitHub and 304 Java projects on Apache Software Foundation (ASF) JIRA systems. We collect 83 bugs caused by inappropriate TLUs in total.
Our inspection shows that TLUs are conducted out of different reasons. The most popular reason is that the project is preparing for releasing and wants to keep its dependencies up-to-date (62.31%). Another popular reason is that the older version of a dependency is not compatible with other dependencies (15.33%). Our inspection also indicates that the problems introduced by inappropriate dependency upgrades can be categorized into different types, i.e., compilation failures, production time errors, and test failures caused by obsolete tests. Then, we investigate developers’ efforts on repairing bugs caused by inappropriate TLUs. We notice that 32.53% of these bugs can be fixed by only modifying the build scripts fields (which is called TLU-build bugs), 20.48% of them can be fixed by merely modifying the source code field (which is called TLU-code bugs), and 16.87% of them even require modifications in multiple fields. TLU-build bugs and TLU-code bugs as the two most popular types, are dug deeper by us.
For TLU-code bugs, we summarize the common ways used to fix them. Furthermore, we study whether current repair techniques can fix TLU-code bugs efficiently. For the 6 investigated bugs, the study shows that each of them can only fix a limited amount of these bugs, but the union of them can cover 5 out of 6 bugs.
For TLU-build bugs, by leveraging the knowledge from our study, we summarize common patterns to fix build scripts, and propose a technique to automatically fix them. Our evaluation shows the proposed technique can successfully fix 9 out of 14 TLU-build bugs.