Survey on Dependency Conflict Problem of Third-party Libraries

被引：0

作者：

Li S. ^{[1
,2
]}

Liu J. ^{[1
,2
,3
]}

Wang S. ^{[1
]}

Tian H.-X. ^{[1
,2
]}

Ye D. ^{[1
,2
,3
]}

机构：

[1] Institute of Software, Chinese Academy of Sciences, Beijing

[2] University of Chinese Academy of Sciences, Beijing

[3] State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing

来源：

Ruan Jian Xue Bao/Journal of Software | 2023年 / 34卷 / 10期

关键词：

API compatibility; dependency conflicts; dependency management; software ecosystem; third-party libraries;

D O I：

10.13328/j.cnki.jos.006666

中图分类号：

学科分类号：

摘要：

During software development, developers use third-party libraries extensively to achieve code reuse. Due to the dependencies among different third-party libraries, the incompatibilities among them lead to errors during the installing, loading, or calling of those libraries and ultimately result in system anomalies. Such a problem is called a dependency conflict (DC, also referred to as conflict dependency or CD) issue of third-party libraries. The root cause of such issues is that the third-party libraries loaded fail to cover the required features (e.g., methods) cited by the software. DC issues often occur during the download and install, project compiling, and running of third-party libraries and are difficult to locate. Fixing DC issues requires developers to know the differences among the versions of the third-party libraries they use accurately, and the complex dependencies among the third-party libraries increase the difficulty in this work. To identify the DC issues in the software before its running and to deal with the system anomalies caused by those issues during running, researchers around the world have conducted various studies on such issues. This study presents a systematic review of this research topic from four aspects, including the empirical analysis of third-party library usage, the cause analysis of DC issues, and the detection methods and common fixing ways for such issues. Finally, the potential research opportunities in this field are discussed. © 2023 Chinese Academy of Sciences. All rights reserved.

引用

下载

页码：4636 / 4660

页数：24

共 110 条

[1] Artho C, Suzaki K, Di Cosmo R, Treinen R, Zacchiroli S., Why do software packages conflict?, Proc. of the 9th IEEE Working Conf. on Mining Software Repositories (MSR), pp. 141-150, (2012)
[2] Wang Y, Wen M, Liu ZW, Wu RX, Wang R, Yang B, Hai Y, Zhu ZL, Cheung SC., Do the dependency conflicts in my project matter?, Proc. of the 26th ACM Joint Meeting on European Software Engineering Conf. and Symp. on the Foundations of Software Engineering, pp. 319-330, (2018)
[3] Vasilakis N, Karel B, Roessler N, Dautenhahn N, DeHon A, Smith JM., BreakApp: Automated, flexible application compartmentalization, Proc. of the 25th Annual Network and Distributed System Security Symp, (2018)
[4] Kula RG, Ouni A, German DM, Inoue K., On the impact of micro-packages: An empirical study of the npm JavaScript ecosystem, (2017)
[5] Liang S, Bracha G., Dynamic class loading in the Java virtual machine, ACM SIGPLAN Notices, 33, 10, pp. 36-44, (1998)
[6] MavenTM, (2021)
[7] Ikkink HK., Gradle Dependency Management, (2015)
[8] Varanasi B, Belida S., Maven dependency management, Introducing Maven, pp. 15-22, (2014)
[9] Resolving package dependencies with the new version of pip, (2021)
[10] Di Cosmo R., EDOS deliverable WP2-D2.1: Report on formal management of software dependencies, (2006)

← 1 2 3 4 5 6 7 8 9 10 →