Abstract
When developing and maintaining large software systems, a great deal of effort goes into dependency management. During the whole lifecycle of a software project, the set of dependencies keeps changing to accommodate the addition of new features or changes in the running environment. Package management tools are quite popular to automate this process, making it fairly easy to automate the addition of new dependencies and respective versions. However, over the years, a software project might evolve in a way that no longer needs a particular technology or dependency. But the choice of removing that dependency is far from trivial: one cannot be entirely sure that the dependency is not used in any part of the project. Hence, developers have a hard time confidently removing dependencies and trusting that it will not break the system in production. In this paper, we propose a decision framework to improve the detection of unused dependencies. Our approach builds on top of the existing dependency analysis tool DepClean. We start by improving the support of Java dynamic features in DepClean. We do so by augmenting the analysis with the state-of-the-art call graph generation tool OPAL. Then, we analyze the potentially unused dependencies detected by classifying their logical relationship with the other components to decide on follow-up steps, which we provide in the form of a decision diagram. Results show that developers can focus their efforts on maintaining bloated dependencies by following the recommendations of our decision framework. When applying our approach to a large industrial software project, we can reduce one-third of false positives when compared to the state-of-the-art. We also validate our approach by analyzing dependencies that were removed in the history of open-source projects. Results show consistency between our approach and the decisions taken by open-source developers.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM) |
Editors | C. Ceballos |
Place of Publication | Piscataway |
Publisher | IEEE |
Pages | 105-115 |
Number of pages | 11 |
ISBN (Electronic) | 978-1-6654-9609-4 |
ISBN (Print) | 978-1-6654-9610-0 |
DOIs | |
Publication status | Published - 2022 |
Event | 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM) - Limassol, Cyprus Duration: 3 Oct 2022 → 3 Oct 2022 Conference number: 22nd |
Conference
Conference | 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM) |
---|---|
Country/Territory | Cyprus |
City | Limassol |
Period | 3/10/22 → 3/10/22 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Keywords
- unused dependencies
- call graph generation
- static analysis