Watchman: Monitoring Dependency Conflicts for Python Library Ecosystem

The PyPI ecosystem has indexed millions of Python libraries to allow developers to automatically download and install dependencies of their projects based on the specified version constraints. Despite the convenience brought by automation, version constraints in Python projects can easily conflict,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE) S. 125 - 135
Hauptverfasser: Wang, Ying, Wen, Ming, Liu, Yepang, Wang, Yibo, Li, Zhenming, Wang, Chao, Yu, Hai, Cheung, Shing-Chi, Xu, Chang, Zhu, Zhiliang
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: ACM 01.10.2020
Schlagworte:
dependency conflicts
Python
software ecosystem
ISSN:1558-1225
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The PyPI ecosystem has indexed millions of Python libraries to allow developers to automatically download and install dependencies of their projects based on the specified version constraints. Despite the convenience brought by automation, version constraints in Python projects can easily conflict, resulting in build failures. We refer to such conflicts as Dependency Conflict (DC) issues. Although DC issues are common in Python projects, developers lack tool support to gain a comprehensive knowledge for diagnosing the root causes of these issues. In this paper, we conducted an empirical study on 235 real-world DC issues. We studied the manifestation patterns and fixing strategies of these issues and found several key factors that can lead to DC issues and their regressions. Based on our findings, we designed and implemented Watchman, a technique to continuously monitor dependency conflicts for the PyPI ecosystem. In our evaluation, Watchman analyzed PyPI snapshots between 11 Jul 2019 and 16 Aug 2019, and found 117 potential DC issues. We reported these issues to the developers of the corresponding projects. So far, 63 issues have been confirmed, 38 of which have been quickly fixed by applying our suggested patches.
ISSN:1558-1225
DOI:10.1145/3377811.3380426