DeepLib: Machine translation techniques to recommend upgrades for third-party libraries

To keep their code up-to-date with the newest functionalities as well as bug fixes offered by third-party libraries, developers often need to replace an old version of third-party libraries (TPLs) with a newer one. However, choosing a suitable version for a library to be upgraded is complex and susc...

Full description

Saved in:
Bibliographic Details
Published in:Expert systems with applications Vol. 202; p. 117267
Main Authors: Nguyen, Phuong T., Di Rocco, Juri, Rubei, Riccardo, Di Sipio, Claudio, Di Ruscio, Davide
Format: Journal Article
Language:English
Published: New York Elsevier Ltd 15.09.2022
Elsevier BV
Subjects:
Artificial neural networks
Clients
Deep learning
Encoder–decoder neural network
Libraries
Machine translation
Mining software repositories
Third party
Third-party libraries upgrade
Deep learning
Third-party libraries upgrade
Encoder–decoder neural network
Mining software repositories
ISSN:0957-4174, 1873-6793
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To keep their code up-to-date with the newest functionalities as well as bug fixes offered by third-party libraries, developers often need to replace an old version of third-party libraries (TPLs) with a newer one. However, choosing a suitable version for a library to be upgraded is complex and susceptible to error. So far, Dependabot is the only tool that supports library upgrades; however, it targets only security fixes and singularly analyzes libraries without considering the whole set of related libraries. In this work, we propose DeepLib as a practical approach to learn upgrades for third-party libraries that have been performed by similar clients. Such upgrades are considered safe, i.e., they do not trigger any conflict, since, in the training clients, the libraries already co-exist without causing any compatibility or dependency issues. In this way, the upgrades provided by DeepLib allow developers to maintain a harmonious relationship with other libraries. By mining the development history of projects, we build migration matrices to train deep neural networks. Once being trained, the networks are then used to forecast the subsequent versions of the related libraries, exploiting the well-founded background related to the machine translation domain. As input, DeepLib accepts a set of library versions and returns a set of future versions to which developers should upgrade the libraries. The framework has been evaluated on two real-world datasets curated from the Maven Central Repository. The results show promising outcomes: DeepLib can recommend the next version for a library as well as a set of libraries under investigation. At its best performance, DeepLib gains a perfect match for several libraries, earning an accuracy of 1.0. •Upgrading history of libraries is populated as time series data.•A system built on top of deep neural networks to predict library upgrades.•The system provides recommendations for a single library and a set of libraries.•The prediction performance is improved with deeper networks.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2022.117267