skip to main content
10.1145/3609437.3609447acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinternetwareConference Proceedingsconference-collections
research-article

Towards Better Dependency Scope Settings in Maven Projects

Published: 05 October 2023 Publication History

Abstract

The emergence of build automation tools with dependency management features has significantly impacted software development. However, in the configuration process, improper settings of some configuration items, such as the dependency scope setting, may cause severe problems in the development process. Improper setting of dependency scope may cause problems such as missing dependencies and redundant dependencies, and may even spread the problem to the downstream of the software ecosystem.
We conduct the first comprehensive empirical study of dependency scope settings in Maven projects to investigate the current state of dependency scope settings. We collect 5,433 commits from 65 popular open-source projects on GitHub, including 20,076 dependency scope settings. We also manually analyze 124 improper scope setting issues sampled from 2,609 Java projects. By analyzing these data, we reveal the typical symptoms and root causes of problems caused by improper dependency scope settings, and summarize 5 patterns of dependency scope modification. We provide suggestions for developers to better set and manage the dependency scope, and provide some ideas and experiences for the development of tools related to dependency scope setting.

References

[1]
2022. Classpath - Wikipedia. https://en.wikipedia.org/w/index.php?title=Classpath. Access on April 18, 2022.
[2]
2022. CWE-Common Weakness Enumeration. https://cwe.mitre.org/index.html. Access on April 18, 2022.
[3]
2022. Maven Mojo API Specification. https://maven.apache.org/developers/mojo-api-specification.html. Access on April 18, 2022.
[4]
2022. Maven – Introduction to the Dependency Mechanism. https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html. Access on April 18, 2022.
[5]
2022. Transitive dependency - Wikipedia. https://en.wikipedia.org/w/index.php?title=Transitive_dependency. Access on April 18, 2022.
[6]
Gabriele Bavota, Gerardo Canfora, Massimiliano Di Penta, Rocco Oliveto, and Sebastiano Panichella. 2015. How the apache community upgrades dependencies: an evolutionary study. Empirical Software Engineering 20, 5 (2015), 1275–1317. Publisher: Springer.
[7]
Lars Bendix, Tero Kojo, and Jan Magnusson. 2011. Software configuration management issues with industrial opensourcing. In 2011 IEEE Sixth International Conference on Global Software Engineering Workshop. IEEE, 85–89.
[8]
Trosky B Callo Arias, Pieter van der Spek, and Paris Avgeriou. 2011. A practice-driven systematic review of dependency analysis solutions. Empirical Software Engineering 16, 5 (2011), 544–586.
[9]
Qingrong Chen, Teng Wang, Owolabi Legunsen, Shanshan Li, and Tianyin Xu. 2020. Understanding and discovering software configuration dependencies in cloud and datacenter systems. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 362–374.
[10]
Yanxiao Cheng and Zheng Yan. 2017. PerRec: a permission configuration recommender system for mobile apps. In International Conference on Algorithms and Architectures for Parallel Processing. Springer, 476–485.
[11]
Russ Cox. 2019. Surviving software dependencies. Commun. ACM 62, 9 (2019), 36–43.
[12]
Alexandre Decan, Tom Mens, and Maëlick Claes. 2017. An empirical comparison of dependency issues in OSS packaging ecosystems. In 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER). 2–12. https://doi.org/10.1109/SANER.2017.7884604
[13]
Alexandre Decan, Tom Mens, and Philippe Grosjean. 2019. An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Software Engineering 24, 1 (2019), 381–416.
[14]
Alexandre Decan, Tom Mens, and Philippe Grosjean. 2019. An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Software Engineering 24, 1 (Feb. 2019). https://doi.org/10.1007/s10664-017-9589-y
[15]
Jacky Estublier. 2000. Software configuration management: a roadmap. In Proceedings of the Conference on the Future of Software Engineering. 279–289.
[16]
Gang Fan, Chengpeng Wang, Rongxin Wu, Xiao Xiao, Qingkai Shi, and Charles Zhang. 2020. Escaping dependency hell: finding build dependency errors with the unified dependency graph. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM, Virtual Event USA, 463–474. https://doi.org/10.1145/3395363.3397388
[17]
Eric Horton and Chris Parnin. 2019. DockerizeMe: Automatic Inference of Environment Dependencies for Python Code Snippets. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). 328–338. https://doi.org/10.1109/ICSE.2019.00047 ISSN: 1558-1225.
[18]
Sheng Huang, Yi Qi Lu, Yanghua Xiao, and Wei Wang. 2012. Mining application repository to recommend xml configuration snippets. In 2012 34th International Conference on Software Engineering (ICSE). IEEE, 1451–1452.
[19]
Kamil Jezek and Jens Dietrich. 2014. On the Use of Static Analysis to Safeguard Recursive Dependency Resolution. In 2014 40th EUROMICRO Conference on Software Engineering and Advanced Applications. 166–173. https://doi.org/10.1109/SEAA.2014.35
[20]
Charles W Krueger. 1992. Software reuse. ACM Computing Surveys (CSUR) 24, 2 (1992), 131–183.
[21]
Yiqi Lu, Jiaqing Liang, Yanghua Xiao, Sheng Huang, Deqing Yang, Wei Wang, and Haibo Lin. 2017. Xmlvalue: Xml configuration attribute value recommendation. In 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. IEEE, 202–207.
[22]
Wenhao Lyu, Youyou Lu, Jiwu Shu, and Wei Zhao. 2020. Sapphire: Automatic Configuration Recommendation for Distributed Storage Systems. arXiv preprint arXiv:2007.03220 (2020).
[23]
Peter Naur and Brian Randell. 1969. Software engineering: Report of a conference sponsored by the nato science committee, garmisch, germany, 7th-11th october 1968. (1969).
[24]
Safdar Aqeel Safdar, Tao Yue, and Shaukat Ali. 2021. Recommending Faulty Configurations for Interacting Systems Under Test Using Multi-objective Search. ACM Transactions on Software Engineering and Methodology (TOSEM) 30, 4 (2021), 1–36.
[25]
César Soto-Valero, Amine Benelallam, Nicolas Harrand, Olivier Barais, and Benoit Baudry. 2019. The emergence of software diversity in maven central. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE, 333–343.
[26]
César Soto-Valero, Nicolas Harrand, Martin Monperrus, and Benoit Baudry. 2021. A comprehensive study of bloated dependencies in the Maven ecosystem. Empirical Software Engineering 26, 3 (May 2021), 45. https://doi.org/10.1007/s10664-020-09914-8
[27]
Balaji Varanasi. 2019. Introducing Maven: A Build Tool for Today’s Java Developers. Apress.
[28]
Balaji Varanasi and Sudha Belida. 2014. Maven Dependency Management. In Introducing Maven. Springer, 15–22.
[29]
Ying Wang, Liang Qiao, Chang Xu, Yepang Liu, Shing-Chi Cheung, Na Meng, Hai Yu, and Zhiliang Zhu. 2021. HERO: On the Chaos When PATH Meets Modules. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 99–111.
[30]
Ying Wang, Ming Wen, Yepang Liu, Yibo Wang, Zhenming Li, Chao Wang, Hai Yu, Shing-Chi Cheung, Chang Xu, and Zhiliang Zhu. 2020. Watchman: monitoring dependency conflicts for Python library ecosystem. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. ACM, Seoul South Korea, 125–135. https://dl.acm.org/doi/10.1145/3377811.3380426
[31]
Ying Wang, Ming Wen, Zhenwei Liu, Rongxin Wu, Rui Wang, Bo Yang, Hai Yu, Zhiliang Zhu, and Shing-Chi Cheung. 2018. Do the dependency conflicts in my project matter?. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM, Lake Buena Vista FL USA, 319–330. https://doi.org/10.1145/3236024.3236056
[32]
Ying Wang, Ming Wen, Rongxin Wu, Zhenwei Liu, Shin Hwei Tan, Zhiliang Zhu, Hai Yu, and Shing-Chi Cheung. 2019. Could I Have a Stack Trace to Examine the Dependency Conflict Issue?. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). 572–583. https://doi.org/10.1109/ICSE.2019.00068 ISSN: 1558-1225.
[33]
Ying Wang, Rongxin Wu, Chao Wang, Ming Wen, Yepang Liu, Shing-Chi Cheung, Hai Yu, Chang Xu, and Zhi-liang Zhu. 2021. Will Dependency Conflicts Affect My Program’s Semantics. IEEE Transactions on Software Engineering (2021).

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
Internetware '23: Proceedings of the 14th Asia-Pacific Symposium on Internetware
August 2023
332 pages
ISBN:9798400708947
DOI:10.1145/3609437
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 October 2023

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Dependency Management
  2. Dependency Scope
  3. Empirical Study
  4. Maven

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • National Natural Science Foundation of China

Conference

Internetware 2023

Acceptance Rates

Overall Acceptance Rate 55 of 111 submissions, 50%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 95
    Total Downloads
  • Downloads (Last 12 months)52
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media