Trust of a Library: A Study of the Latency to Adopt the Latest Maven Release
This document summarizes a study on the latency of developers to adopt the latest releases of Maven libraries in their projects. The study analyzed over 188,000 dependency relationships between 6,374 software systems and 5,146 libraries from Maven data between 2005-2013. It found that initially, around 40% of dependencies adopted older library releases rather than the latest (latent adoption). However, over time more projects adopted the trusted latest releases, with around 80% doing so for newly introduced dependencies. The research aims to understand how much latent adoption exists, and the current trends in how much developers trust library updates. It categorizes dependencies as either trusted or latent adoptions to analyze adoption trends over time.
Trust of a Library: A Study of the Latency to Adopt the Latest Maven Release
- 1. Trust of a Library: A Study of the Latency to Adopt the Latest Maven Release Raula Gaikovina Kula,DanielGerman,TakashiIshio, KatsuroInoue Osaka University, Japan SANER2015-ERA Track 8/31/2021 1
- 2. Software LibraryReuse NextSystem Release Developer from PreviousSystemVersion Whyadoptlibraries? o extended features o inherited quality o time/effort cost efficient o avoidreinventwheel Adopt 3rd party libraries 8/31/2021 2
- 3. Software Systems library System Asthe systemevolves,morelibraries areadded. Asthe systemevolves, dependenciescan become complex
- 4. Dependency ManagementTools tothe rescue 8/31/2021 4 Buildtools suchas Mavenand Gradleallowformanagement of librarydependencies
- 5. If, Whenand What toupdate?? Asthe systemevolves, dependenciescanbecome complex At the sametime Aslibrariesevolve,Library Updatesto fixbugs andnew features 8/31/2021 5
- 6. SystemMaintainers arewarybeings 8/31/2021 6 SystemMaintainer needsto decide`if,`whenand`what to update? But any changesmaydisrupt dependencies:aka breakingchanges Our previouswork+relatedworkssuggestsbreaking changesand systemsstillusing olderversions
- 7. NotionofTrust asametric Trusted Adoption: When the latest adoption isadopted Latent Adoption: When previous releases are adopted 8/31/2021 7 Assistwith the `if,`whenand `what toupdate questions
- 8. Fourtypesoftrust 1. Do exactly what it says Functional and non-functionalspecification Major: Minor: Patch (SemVer) API Documentation 2. Play with others Volatile to currentsystemenvironment Incompatibilitieswith otherlibrary transitiveand non-transitivedependencies (Example: asm backward compatibility) 8/31/2021 8
- 9. Fourtypesoftrust 3. Prior Engagements Loyalty to a releaseversionbasedon previousexperiences. Wary of othernew librariesand rather stick to familiar libraries 4. Tried and tested Common beliefthat thelatestreleasemay contain untestedbugs. Prefertoadopt releaseversions1 or 2 releasesbehindthelatest. 8/31/2021 9
- 10. GuidingResearch Questions forthis study 8/31/2021 10 1. How much latent adoption exists? 2. What isthe current trend of maintainers trust?
- 13. EmpiricalStudy 8/31/2021 13 pom.xml Maven Dataset Time Period 2005-11-03 ~ 2013-11-24 # of Dependency Relations 188,951 # of Systems 6,374 # of libraries 5,146
- 14. Results # of libraries # of dependencies (%) iniTA 4,192 20, 372 (56.63%) iniLA 848 13, 791 (40.37%) introTA 3,064 29,303 (81.16%) introLA 823 6,543 (18.24%) 8/31/2021 14 Trusted Dependency Classifications
- 16. BacktoRQs 8/31/2021 16 1. How much latent adoption exists? It is common, almost40%at initialconceptionascomparedto introduced. 2. What isthe current trend of maintainers trust? Over time, maintainersaremore inclinedto adoptthe latestrelease(trusteddependency adoptions).