SlideShare une entreprise Scribd logo

Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity

Andrzej Wasowski
Andrzej Wasowski

VAMOS 2020 Keynote Presentation. Andrzej Wasowski

Logiciels
1  sur  13
Télécharger pour lire hors ligne
Anders Fischer-Nielsen Larsen, Zhoulai Fu IT University of Copenhagen Ting Su ETH Zurich Andrzej W ˛asowski IT University of Copenhagen @AndrzejWasowski Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity c Andrzej W ˛asowski, IT University of Copenhagen 1
c Andrzej W ˛asowski, IT University of Copenhagen 2
Phantom? Menace? Unbelievably complex IT systems (low-level embedded sw, control, mechatronics, complex AI, unclear behavioral logics, concurrent, distributed, split between hardware-software-cloud, idiosyncratic) Community priorities: Innovation & Demonstration vs long term use Enjoyment: Testing, quality, documentation are boring. We use ROS for fun Meritocracy: The barrier of entry should be low. Most ROS users hold no CS degree 455 repositories in the official distribution, each containing several packages. Uncountable on GitHub. Alami. Dittrich. W ˛asowski. Influencers of quality assur- ance in an open source community. CHASE 2018 c Andrzej W ˛asowski, IT University of Copenhagen 3
Cloning is recognized as a harmful practice, cred- ited for decreasing code quality and multiplying maintenance problems. A bug found in one clone can exist in other clones, thus, it needs to be fixed multiple times. Even just locating all cloned code may be nontrivial. Unintentional parallel devel- opment of the same functionality in different forks increases implementation and test costs. Finally, merging diverged code forks is very laborious. Software Reuse is our response to the attack of the clones, including Variability Management and Product Line Engineering Modularity (Component Based Development) Configurable components Stefan Stanciulescu. Sandro Schulze. Andrzej W ˛asowski. Forked and integrated variants in an open-source firmware project. ICSME 2015 c Andrzej W ˛asowski, IT University of Copenhagen 4
. . . an open-source, meta-operating system for your robot. It provides the services you would expect from an operating system, including hardware abstraction, low-level device control, implementation of commonly-used functionality, message-passing between pro- cesses, and package management. It also provides tools and libraries for obtaining, build- ing, writing, and running code across multiple computers. communication middleware with uniform API 100s integrated HW drivers & SW components separates logics and algos from HW infrastructure for test, simulation, logging more tutorials than you can read; active friendly community Linux, Python, C++, C, Java c Andrzej W ˛asowski, IT University of Copenhagen 5
package build script ... catkin_package( ... DEPENDS boost ... include_directories(SYSTEM ${Boost_INCLUDE_DIR}) ... target_link_libraries(ur10_moveit_plugin ... ${Boost_LIBRARIES} ... install(TARGETS ur5_moveit_plugin ur10_moveit_plugin ... CMakeLists.txt compile&link with boost install ur5_moveit_plugin install ur10_moveit_plugin a package manifest used for installation ... <run_depend>boost</run_depend> ... specification of exported libraries <library path="lib/libur10_moveit_plugin"> ... <library path="lib/libur5_moveit_plugin"> ... plugin.xml package.xml includes export libur10_moveit_plugin export libur10_moveit_plugin runtime dependency boost libraryTwo different bugs!Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 6
Dependency Bugs Extracted by qualitative analysis of bugs in the ROS Prestudy on 9 + 20 cases, study 455 repos → 118 have issues labeled ’bug’ Sample 50/50 with/without the term ’bug’, both positive and negative candidates A definition = a discriminating conditions. You need both positive and negative cases! Qualitatively analyze 100 cases, iteratively, with group discussions Final check on all 95 remaining positive cases in ROS Melodic Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 7
c Andrzej W ˛asowski, IT University of Copenhagen 8
Dependency bugs appear silly, easy to fix, especially to package authors They are rarely experienced by the authors of the package They are unbelievably complex for newcomers and new users Researchers do not like them (Who likes the Sith?) Its other people’s plumbing kinda problem They are the price for having a flexible, composable, modular and configurable system Perhaps an acceptable price... (?) Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 9
Named must be your fear before banish it you can Heterogeneous: dependency specs come from different tech spaces (1+ package management systems, prog. language infrastructure, OS, DB, etc.) Independent (also organizationally independent) individuals control them Temporal: All these sources modify them at a different speeds, time cycles A dep. bug linter is not difficult to build due to complex inference algorithms, but due of difficulties in gathering and abstracting all necessary info continuously An analyzer designed from PL semantics perspective has no chance to find dep bugs. The PL lacks info about the build context. c Andrzej W ˛asowski, IT University of Copenhagen 10
How pervasive are dependency bugs? Estimated accuracy of a simplistic classifier for issues 54% on positive cases, 88% on negative cases (tag "bug" + substring "depend") 53% packages affected by dependency bugs (based on the issue discussions) 30% contributors are affected by dependency problems or use time solving them Conditioned to contributors to affected packages, the above rises to 60% Dependency bugs attract a lot of discussion from multiple contributors, in fact the majority of the team. c Andrzej W ˛asowski, IT University of Copenhagen 11
How expensive are dependency bugs? Average discussion of dependency bug includes 4 ± 4.09 comments in ROS Baseline: The average discussion of any bug includes 2.92 ± 3.42 comments in ROS Dependency bugs attract more discussion than other issues Dependency issues are often solved by senior members for junior members Discussion of dependency issues are common outside GitHub (on ROS-answers and Stack Overflow) c Andrzej W ˛asowski, IT University of Copenhagen 12
Conclusion Dependency bugs are a special kind of feature interaction bugs Dependency bugs are a special kind of variability bugs Relatively simple, simplistic The ratio of annoyance to simplicity is unbelievably high They diminish the value produced by this community Eradicatable? Can we get rid of them? Are you the next Jedi to fight them? c Andrzej W ˛asowski, IT University of Copenhagen 13

Recommandé

Dnasec
DnasecDnasec
DnasecZied Houaneb
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Idsamiable_indian
 
Addressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETAddressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETLicensingLive! - SafeNet
 
110015978_WirelessChannelsInInceOS
110015978_WirelessChannelsInInceOS110015978_WirelessChannelsInInceOS
110015978_WirelessChannelsInInceOSTejas Unnikrishnan
 
Dismantling intrusion prevention_systems
Dismantling intrusion prevention_systemsDismantling intrusion prevention_systems
Dismantling intrusion prevention_systemsOlli-Pekka Niemi
 
What is Software Engineering Research Good For?
What is Software Engineering Research Good For?What is Software Engineering Research Good For?
What is Software Engineering Research Good For?Andrzej Wasowski
 
Reproducible Science and Deep Software Variability
Reproducible Science and Deep Software VariabilityReproducible Science and Deep Software Variability
Reproducible Science and Deep Software VariabilityUniversity of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
Finding Resource Manipulation Bugs in Linux Code
Finding Resource Manipulation Bugs in Linux CodeFinding Resource Manipulation Bugs in Linux Code
Finding Resource Manipulation Bugs in Linux CodeAndrzej Wasowski
 

Recommandé

Dnasec
DnasecDnasec
DnasecZied Houaneb
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Idsamiable_indian
 
Addressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETAddressing New Challenges in Software Protection for .NET
Addressing New Challenges in Software Protection for .NETLicensingLive! - SafeNet
 
110015978_WirelessChannelsInInceOS
110015978_WirelessChannelsInInceOS110015978_WirelessChannelsInInceOS
110015978_WirelessChannelsInInceOSTejas Unnikrishnan
 
Dismantling intrusion prevention_systems
Dismantling intrusion prevention_systemsDismantling intrusion prevention_systems
Dismantling intrusion prevention_systemsOlli-Pekka Niemi
 
What is Software Engineering Research Good For?
What is Software Engineering Research Good For?What is Software Engineering Research Good For?
What is Software Engineering Research Good For?Andrzej Wasowski
 
Reproducible Science and Deep Software Variability
Reproducible Science and Deep Software VariabilityReproducible Science and Deep Software Variability
Reproducible Science and Deep Software VariabilityUniversity of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
Finding Resource Manipulation Bugs in Linux Code
Finding Resource Manipulation Bugs in Linux CodeFinding Resource Manipulation Bugs in Linux Code
Finding Resource Manipulation Bugs in Linux CodeAndrzej Wasowski
 
Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep DiveUlisses Albuquerque
 
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)Steve Poole
 
Tools and Methods for Continuously Expanding Software Applications
Tools and Methods for Continuously Expanding Software ApplicationsTools and Methods for Continuously Expanding Software Applications
Tools and Methods for Continuously Expanding Software ApplicationsInfinIT - Innovationsnetværket for it
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...Michel Wermelinger
 
01.intro
01.intro01.intro
01.introPhilip Johnson
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source WayBlack Duck by Synopsys
 
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...OpenNebula Project
 
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...Maurice Dawson
 
Variability, Bugs, and Cognition
Variability, Bugs, and CognitionVariability, Bugs, and Cognition
Variability, Bugs, and CognitionAndrzej Wasowski
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
My life as a cyborg
My life as a cyborg My life as a cyborg
My life as a cyborg Alexander Serebrenik
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045ER Publication.org
 
Bringin the web to researchers
Bringin the web to researchersBringin the web to researchers
Bringin the web to researchersPeter Sefton
 
Beyond the journal: How Open Infrastructure can Accelerate Open Science
Beyond the journal: How Open Infrastructure can Accelerate Open ScienceBeyond the journal: How Open Infrastructure can Accelerate Open Science
Beyond the journal: How Open Infrastructure can Accelerate Open ScienceCollaborative Knowledge Foundation
 
Node.js security tour
Node.js security tourNode.js security tour
Node.js security tourGiacomo De Liberali
 
Analyzing Big Data's Weakest Link (hint: it might be you)
Analyzing Big Data's Weakest Link (hint: it might be you)Analyzing Big Data's Weakest Link (hint: it might be you)
Analyzing Big Data's Weakest Link (hint: it might be you)HPCC Systems
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Dependency check
Dependency checkDependency check
Dependency checkDavid Karlsen
 
Mit3041– open source system
Mit3041– open source systemMit3041– open source system
Mit3041– open source systemsmumbahelp
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Contenu connexe

Similaire à Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity

Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep DiveUlisses Albuquerque
 
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)Steve Poole
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...Michel Wermelinger
 
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...OpenNebula Project
 
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...Maurice Dawson
 
Variability, Bugs, and Cognition
Variability, Bugs, and CognitionVariability, Bugs, and Cognition
Variability, Bugs, and CognitionAndrzej Wasowski
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Bringin the web to researchers
Bringin the web to researchersBringin the web to researchers
Bringin the web to researchersPeter Sefton
 
Beyond the journal: How Open Infrastructure can Accelerate Open Science
Beyond the journal: How Open Infrastructure can Accelerate Open ScienceBeyond the journal: How Open Infrastructure can Accelerate Open Science
Beyond the journal: How Open Infrastructure can Accelerate Open ScienceCollaborative Knowledge Foundation
 
Analyzing Big Data's Weakest Link (hint: it might be you)
Analyzing Big Data's Weakest Link (hint: it might be you)Analyzing Big Data's Weakest Link (hint: it might be you)
Analyzing Big Data's Weakest Link (hint: it might be you)HPCC Systems
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Mit3041– open source system
Mit3041– open source systemMit3041– open source system
Mit3041– open source systemsmumbahelp
 

Similaire à Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity (20)

Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep Dive
 
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
The Anatomy of Java Vulnerabilities (Devoxx UK 2017)
 
Tools and Methods for Continuously Expanding Software Applications
Tools and Methods for Continuously Expanding Software ApplicationsTools and Methods for Continuously Expanding Software Applications
Tools and Methods for Continuously Expanding Software Applications
 
Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
 
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
Using Formal Concept Analysis to Construct and Visualise Hierarchies of Socio...
 
01.intro
01.intro01.intro
01.intro
 
DevSecOps: The Open Source Way
DevSecOps: The Open Source WayDevSecOps: The Open Source Way
DevSecOps: The Open Source Way
 
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
OpenNebulaConf2015 1.14 Are Today’s FOSS Security Practices Robust Enough in ...
 
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
TECHNOLOGY ENHANCED LEARNING WITH OPEN SOURCE SOFTWARE FOR SCIENTISTS AND ENG...
 
Variability, Bugs, and Cognition
Variability, Bugs, and CognitionVariability, Bugs, and Cognition
Variability, Bugs, and Cognition
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
My life as a cyborg
My life as a cyborg My life as a cyborg
My life as a cyborg
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045
 
Bringin the web to researchers
Bringin the web to researchersBringin the web to researchers
Bringin the web to researchers
 
Beyond the journal: How Open Infrastructure can Accelerate Open Science
Beyond the journal: How Open Infrastructure can Accelerate Open ScienceBeyond the journal: How Open Infrastructure can Accelerate Open Science
Beyond the journal: How Open Infrastructure can Accelerate Open Science
 
Node.js security tour
Node.js security tourNode.js security tour
Node.js security tour
 
Analyzing Big Data's Weakest Link (hint: it might be you)
Analyzing Big Data's Weakest Link (hint: it might be you)Analyzing Big Data's Weakest Link (hint: it might be you)
Analyzing Big Data's Weakest Link (hint: it might be you)
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Dependency check
Dependency checkDependency check
Dependency check
 
Mit3041– open source system
Mit3041– open source systemMit3041– open source system
Mit3041– open source system
 

Dernier

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 

Dernier (20)

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 

Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity

  • 1. Anders Fischer-Nielsen Larsen, Zhoulai Fu IT University of Copenhagen Ting Su ETH Zurich Andrzej W ˛asowski IT University of Copenhagen @AndrzejWasowski Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity c Andrzej W ˛asowski, IT University of Copenhagen 1
  • 2. c Andrzej W ˛asowski, IT University of Copenhagen 2
  • 3. Phantom? Menace? Unbelievably complex IT systems (low-level embedded sw, control, mechatronics, complex AI, unclear behavioral logics, concurrent, distributed, split between hardware-software-cloud, idiosyncratic) Community priorities: Innovation & Demonstration vs long term use Enjoyment: Testing, quality, documentation are boring. We use ROS for fun Meritocracy: The barrier of entry should be low. Most ROS users hold no CS degree 455 repositories in the official distribution, each containing several packages. Uncountable on GitHub. Alami. Dittrich. W ˛asowski. Influencers of quality assur- ance in an open source community. CHASE 2018 c Andrzej W ˛asowski, IT University of Copenhagen 3
  • 4. Cloning is recognized as a harmful practice, cred- ited for decreasing code quality and multiplying maintenance problems. A bug found in one clone can exist in other clones, thus, it needs to be fixed multiple times. Even just locating all cloned code may be nontrivial. Unintentional parallel devel- opment of the same functionality in different forks increases implementation and test costs. Finally, merging diverged code forks is very laborious. Software Reuse is our response to the attack of the clones, including Variability Management and Product Line Engineering Modularity (Component Based Development) Configurable components Stefan Stanciulescu. Sandro Schulze. Andrzej W ˛asowski. Forked and integrated variants in an open-source firmware project. ICSME 2015 c Andrzej W ˛asowski, IT University of Copenhagen 4
  • 5. . . . an open-source, meta-operating system for your robot. It provides the services you would expect from an operating system, including hardware abstraction, low-level device control, implementation of commonly-used functionality, message-passing between pro- cesses, and package management. It also provides tools and libraries for obtaining, build- ing, writing, and running code across multiple computers. communication middleware with uniform API 100s integrated HW drivers & SW components separates logics and algos from HW infrastructure for test, simulation, logging more tutorials than you can read; active friendly community Linux, Python, C++, C, Java c Andrzej W ˛asowski, IT University of Copenhagen 5
  • 6. package build script ... catkin_package( ... DEPENDS boost ... include_directories(SYSTEM ${Boost_INCLUDE_DIR}) ... target_link_libraries(ur10_moveit_plugin ... ${Boost_LIBRARIES} ... install(TARGETS ur5_moveit_plugin ur10_moveit_plugin ... CMakeLists.txt compile&link with boost install ur5_moveit_plugin install ur10_moveit_plugin a package manifest used for installation ... <run_depend>boost</run_depend> ... specification of exported libraries <library path="lib/libur10_moveit_plugin"> ... <library path="lib/libur5_moveit_plugin"> ... plugin.xml package.xml includes export libur10_moveit_plugin export libur10_moveit_plugin runtime dependency boost libraryTwo different bugs!Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 6
  • 7. Dependency Bugs Extracted by qualitative analysis of bugs in the ROS Prestudy on 9 + 20 cases, study 455 repos → 118 have issues labeled ’bug’ Sample 50/50 with/without the term ’bug’, both positive and negative candidates A definition = a discriminating conditions. You need both positive and negative cases! Qualitatively analyze 100 cases, iteratively, with group discussions Final check on all 95 remaining positive cases in ROS Melodic Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 7
  • 8. c Andrzej W ˛asowski, IT University of Copenhagen 8
  • 9. Dependency bugs appear silly, easy to fix, especially to package authors They are rarely experienced by the authors of the package They are unbelievably complex for newcomers and new users Researchers do not like them (Who likes the Sith?) Its other people’s plumbing kinda problem They are the price for having a flexible, composable, modular and configurable system Perhaps an acceptable price... (?) Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 9
  • 10. Named must be your fear before banish it you can Heterogeneous: dependency specs come from different tech spaces (1+ package management systems, prog. language infrastructure, OS, DB, etc.) Independent (also organizationally independent) individuals control them Temporal: All these sources modify them at a different speeds, time cycles A dep. bug linter is not difficult to build due to complex inference algorithms, but due of difficulties in gathering and abstracting all necessary info continuously An analyzer designed from PL semantics perspective has no chance to find dep bugs. The PL lacks info about the build context. c Andrzej W ˛asowski, IT University of Copenhagen 10
  • 11. How pervasive are dependency bugs? Estimated accuracy of a simplistic classifier for issues 54% on positive cases, 88% on negative cases (tag "bug" + substring "depend") 53% packages affected by dependency bugs (based on the issue discussions) 30% contributors are affected by dependency problems or use time solving them Conditioned to contributors to affected packages, the above rises to 60% Dependency bugs attract a lot of discussion from multiple contributors, in fact the majority of the team. c Andrzej W ˛asowski, IT University of Copenhagen 11
  • 12. How expensive are dependency bugs? Average discussion of dependency bug includes 4 ± 4.09 comments in ROS Baseline: The average discussion of any bug includes 2.92 ± 3.42 comments in ROS Dependency bugs attract more discussion than other issues Dependency issues are often solved by senior members for junior members Discussion of dependency issues are common outside GitHub (on ROS-answers and Stack Overflow) c Andrzej W ˛asowski, IT University of Copenhagen 12
  • 13. Conclusion Dependency bugs are a special kind of feature interaction bugs Dependency bugs are a special kind of variability bugs Relatively simple, simplistic The ratio of annoyance to simplicity is unbelievably high They diminish the value produced by this community Eradicatable? Can we get rid of them? Are you the next Jedi to fight them? c Andrzej W ˛asowski, IT University of Copenhagen 13