DeepLib: Machine translation techniques to recommend upgrades for third-party libraries

To keep their code up-to-date with the newest functionalities as well as bug fixes offered by third-party libraries, developers often need to replace an old version of third-party libraries (TPLs) with a newer one. However, choosing a suitable version for a library to be upgraded is complex and susc...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Expert systems with applications Jg. 202; S. 117267
Hauptverfasser: Nguyen, Phuong T., Di Rocco, Juri, Rubei, Riccardo, Di Sipio, Claudio, Di Ruscio, Davide
Format: Journal Article
Sprache:Englisch
Veröffentlicht: New York Elsevier Ltd 15.09.2022
Elsevier BV
Schlagworte:
Artificial neural networks
Clients
Deep learning
Encoder–decoder neural network
Libraries
Machine translation
Mining software repositories
Third party
Third-party libraries upgrade
Deep learning
Third-party libraries upgrade
Encoder–decoder neural network
Mining software repositories
ISSN:0957-4174, 1873-6793
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:To keep their code up-to-date with the newest functionalities as well as bug fixes offered by third-party libraries, developers often need to replace an old version of third-party libraries (TPLs) with a newer one. However, choosing a suitable version for a library to be upgraded is complex and susceptible to error. So far, Dependabot is the only tool that supports library upgrades; however, it targets only security fixes and singularly analyzes libraries without considering the whole set of related libraries. In this work, we propose DeepLib as a practical approach to learn upgrades for third-party libraries that have been performed by similar clients. Such upgrades are considered safe, i.e., they do not trigger any conflict, since, in the training clients, the libraries already co-exist without causing any compatibility or dependency issues. In this way, the upgrades provided by DeepLib allow developers to maintain a harmonious relationship with other libraries. By mining the development history of projects, we build migration matrices to train deep neural networks. Once being trained, the networks are then used to forecast the subsequent versions of the related libraries, exploiting the well-founded background related to the machine translation domain. As input, DeepLib accepts a set of library versions and returns a set of future versions to which developers should upgrade the libraries. The framework has been evaluated on two real-world datasets curated from the Maven Central Repository. The results show promising outcomes: DeepLib can recommend the next version for a library as well as a set of libraries under investigation. At its best performance, DeepLib gains a perfect match for several libraries, earning an accuracy of 1.0. •Upgrading history of libraries is populated as time series data.•A system built on top of deep neural networks to predict library upgrades.•The system provides recommendations for a single library and a set of libraries.•The prediction performance is improved with deeper networks.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2022.117267