UPDATE: Zenodo migration postponed to Oct 13 from 06:00-08:00 UTC. Read the announcement.

Thesis Open Access

Measuring the degree of library dependency

Nuria Bruch Tarrega


Dublin Core Export

<?xml version='1.0' encoding='utf-8'?>
<oai_dc:dc xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:oai_dc="http://www.openarchives.org/OAI/2.0/oai_dc/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/ http://www.openarchives.org/OAI/2.0/oai_dc.xsd">
  <dc:creator>Nuria Bruch Tarrega</dc:creator>
  <dc:date>2020-11-06</dc:date>
  <dc:description>The usage of libraries, both commercial and open-source, provides the implementation of certain functionalities and is a widespread practice among developers. The usage of these libraries allows developers to avoid duplicating code by reusing it instead. However, when a developer uses a library in a software product, this creates a dependency. This dependency may result in transitive dependencies when the library depends on other libraries. The dependencies created when reusing a library can also carry problems — if a library has a security issue, it can be propagated to the software product, which depends on it, directly or indirectly. To deal with dependencies, developers can use package managers, which allow them to install and update the libraries they use. However, these package managers generally do a simple evaluation of the dependencies: either there is a dependency or not. Hence, a detailed evaluation of the dependencies is missing, which could help developers deal with vulnerabilities, breaking changes, and deprecated dependencies. In this thesis, we propose a model for software dependencies, which can help to provide a fine-grained evaluation of them. The model includes three types of metrics: coupling, coverage, and usage per class. For each metric in the model, we provide a formal definition and a theoretical validation by proving the metrics’ properties. We additionally implemented a proof-of-concept tool that, given a library from the Maven Central Repository, calculates the metrics of the model for each of the dependencies using bytecode analysis. Moreover, the proof-of-concept includes a visualization of the dependency tree, including the calculated metrics. Finally, we conducted experiments to validate the model, the implementation of the proof-of-concept, and the visualization. The experiments include interviews with 15 professional developers who evaluated the clarity and actionability of the model’s metrics and the proposed visualizations.</dc:description>
  <dc:identifier>https://zenodo.org/record/4280883</dc:identifier>
  <dc:identifier>10.5281/zenodo.4280883</dc:identifier>
  <dc:identifier>oai:zenodo.org:4280883</dc:identifier>
  <dc:relation>doi:10.5281/zenodo.4280882</dc:relation>
  <dc:rights>info:eu-repo/semantics/openAccess</dc:rights>
  <dc:rights>https://creativecommons.org/licenses/by/4.0/legalcode</dc:rights>
  <dc:subject>model dependency degree, transitive dependency, maven</dc:subject>
  <dc:title>Measuring the degree of library dependency</dc:title>
  <dc:type>info:eu-repo/semantics/doctoralThesis</dc:type>
  <dc:type>publication-thesis</dc:type>
</oai_dc:dc>
177
132
views
downloads
All versions This version
Views 177177
Downloads 132132
Data volume 287.1 MB287.1 MB
Unique views 175175
Unique downloads 124124

Share

Cite as