| 第三方库依赖冲突问题研究综述 |
| |
| 引用本文: | 李硕,刘杰,王帅,田浩翔,叶丹.第三方库依赖冲突问题研究综述[J].软件学报,2023,34(10):4636-4660. |
| |
| 作者姓名: | 李硕 刘杰 王帅 田浩翔 叶丹 |
| |
| 作者单位: | 中国科学院 软件研究所, 北京 100190;中国科学院大学, 北京 100049;中国科学院 软件研究所, 北京 100190;中国科学院大学, 北京 100049;计算机科学国家重点实验室 (中国科学院 软件研究所), 北京 100190 |
| |
| 基金项目: | 国家重点研发计划(2017YFA0700603);国家自然科学基金(61972386) |
| |
| 摘 要: | 软件开发过程中, 开发人员通过大量使用第三方库来实现代码复用. 不同第三方库之间存在依赖关系, 第三方库间的不兼容会导致第三方库的安装、加载、调用时出现错误, 进而导致系统异常, 这类问题称之为第三方库依赖冲突问题. 依赖冲突的根本原因是加载的第三方库无法覆盖软件引用的必需特性(例如: 方法). 依赖冲突问题会在第三方库的下载安装, 项目编译和运行时中出现, 且定位困难. 依赖冲突问题的修复要求开发人员对使用的第三方库版本间差别具有准确的理解, 并且第三方库之间复杂的依赖关系增加了修复难度. 为了能够在软件运行前, 发现软件中存在的依赖冲突, 并且能够响应和处理运行过程中由依赖冲突引发的系统异常, 国内外学者展开了各种针对依赖冲突问题的研究. 从依赖冲突问题的4个方面, 对当前已有研究工作进行了梳理, 包括: 第三方库的使用实证分析、依赖冲突原因分析、依赖冲突检测方法以及依赖冲突常用修复方式. 最后对该领域未来值得关注的研究问题进行了展望.
|
| 关 键 词: | 依赖冲突 第三方库 软件生态系统 依赖管理 函数接口兼容性 |
| 收稿时间: | 2021/10/9 0:00:00 |
| 修稿时间: | 2021/12/28 0:00:00 |
Survey on Dependency Conflict Problem of Third-party Libraries |
| |
| LI Shuo,LIU Jie,WANG Shuai,TIAN Hao-Xiang,YE Dan.Survey on Dependency Conflict Problem of Third-party Libraries[J].Journal of Software,2023,34(10):4636-4660. |
| |
| Authors: | LI Shuo LIU Jie WANG Shuai TIAN Hao-Xiang YE Dan |
| |
| Affiliation: | Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China;Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China;State Key Laboratory of Computer Science (Institute of Software, Chinese Academy of Sciences), Beijing 100190, China |
| |
| Abstract: | During software development, developers use third-party libraries extensively to achieve code reuse. Due to the dependencies among different third-party libraries, the incompatibilities among them lead to errors during the installing, loading, or calling of those libraries and ultimately result in system anomalies. Such a problem is called a dependency conflict (DC, also referred to as conflict dependency or CD) issue of third-party libraries. The root cause of such issues is that the third-party libraries loaded fail to cover the required features (e.g., methods) cited by the software. DC issues often occur during the download and install, project compiling, and running of third-party libraries and are difficult to locate. Fixing DC issues requires developers to know the differences among the versions of the third-party libraries they use accurately, and the complex dependencies among the third-party libraries increase the difficulty in this work. To identify the DC issues in the software before its running and to deal with the system anomalies caused by those issues during running, researchers around the world have conducted various studies on such issues. This study presents a systematic review of this research topic from four aspects, including the empirical analysis of third-party library usage, the cause analysis of DC issues, and the detection methods and common fixing ways for such issues. Finally, the potential research opportunities in this field are discussed. |
| |
| Keywords: | dependency conflicts third-party libraries software ecosystem dependency management API compatibility |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
