Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity

133 views

Published on

VAMOS 2020 Keynote Presentation.
Andrzej Wasowski

Published in: Software
  • Be the first to comment

  • Be the first to like this

Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity

  1. 1. Anders Fischer-Nielsen Larsen, Zhoulai Fu IT University of Copenhagen Ting Su ETH Zurich Andrzej W ˛asowski IT University of Copenhagen @AndrzejWasowski Dependency Bugs The Dark Side Of Variability, Reuse, and Modularity c Andrzej W ˛asowski, IT University of Copenhagen 1
  2. 2. c Andrzej W ˛asowski, IT University of Copenhagen 2
  3. 3. Phantom? Menace? Unbelievably complex IT systems (low-level embedded sw, control, mechatronics, complex AI, unclear behavioral logics, concurrent, distributed, split between hardware-software-cloud, idiosyncratic) Community priorities: Innovation & Demonstration vs long term use Enjoyment: Testing, quality, documentation are boring. We use ROS for fun Meritocracy: The barrier of entry should be low. Most ROS users hold no CS degree 455 repositories in the official distribution, each containing several packages. Uncountable on GitHub. Alami. Dittrich. W ˛asowski. Influencers of quality assur- ance in an open source community. CHASE 2018 c Andrzej W ˛asowski, IT University of Copenhagen 3
  4. 4. Cloning is recognized as a harmful practice, cred- ited for decreasing code quality and multiplying maintenance problems. A bug found in one clone can exist in other clones, thus, it needs to be fixed multiple times. Even just locating all cloned code may be nontrivial. Unintentional parallel devel- opment of the same functionality in different forks increases implementation and test costs. Finally, merging diverged code forks is very laborious. Software Reuse is our response to the attack of the clones, including Variability Management and Product Line Engineering Modularity (Component Based Development) Configurable components Stefan Stanciulescu. Sandro Schulze. Andrzej W ˛asowski. Forked and integrated variants in an open-source firmware project. ICSME 2015 c Andrzej W ˛asowski, IT University of Copenhagen 4
  5. 5. . . . an open-source, meta-operating system for your robot. It provides the services you would expect from an operating system, including hardware abstraction, low-level device control, implementation of commonly-used functionality, message-passing between pro- cesses, and package management. It also provides tools and libraries for obtaining, build- ing, writing, and running code across multiple computers. communication middleware with uniform API 100s integrated HW drivers & SW components separates logics and algos from HW infrastructure for test, simulation, logging more tutorials than you can read; active friendly community Linux, Python, C++, C, Java c Andrzej W ˛asowski, IT University of Copenhagen 5
  6. 6. package build script ... catkin_package( ... DEPENDS boost ... include_directories(SYSTEM ${Boost_INCLUDE_DIR}) ... target_link_libraries(ur10_moveit_plugin ... ${Boost_LIBRARIES} ... install(TARGETS ur5_moveit_plugin ur10_moveit_plugin ... CMakeLists.txt compile&link with boost install ur5_moveit_plugin install ur10_moveit_plugin a package manifest used for installation ... <run_depend>boost</run_depend> ... specification of exported libraries <library path="lib/libur10_moveit_plugin"> ... <library path="lib/libur5_moveit_plugin"> ... plugin.xml package.xml includes export libur10_moveit_plugin export libur10_moveit_plugin runtime dependency boost libraryTwo different bugs!Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 6
  7. 7. Dependency Bugs Extracted by qualitative analysis of bugs in the ROS Prestudy on 9 + 20 cases, study 455 repos → 118 have issues labeled ’bug’ Sample 50/50 with/without the term ’bug’, both positive and negative candidates A definition = a discriminating conditions. You need both positive and negative cases! Qualitatively analyze 100 cases, iteratively, with group discussions Final check on all 95 remaining positive cases in ROS Melodic Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 7
  8. 8. c Andrzej W ˛asowski, IT University of Copenhagen 8
  9. 9. Dependency bugs appear silly, easy to fix, especially to package authors They are rarely experienced by the authors of the package They are unbelievably complex for newcomers and new users Researchers do not like them (Who likes the Sith?) Its other people’s plumbing kinda problem They are the price for having a flexible, composable, modular and configurable system Perhaps an acceptable price... (?) Anders Fischer-Nielsen. Zhoulai Fu. Ting Su. Andrzej W ˛asowski. The Forgotten Case of the Dependency Bugs. ICSE SEIP’20 c Andrzej W ˛asowski, IT University of Copenhagen 9
  10. 10. Named must be your fear before banish it you can Heterogeneous: dependency specs come from different tech spaces (1+ package management systems, prog. language infrastructure, OS, DB, etc.) Independent (also organizationally independent) individuals control them Temporal: All these sources modify them at a different speeds, time cycles A dep. bug linter is not difficult to build due to complex inference algorithms, but due of difficulties in gathering and abstracting all necessary info continuously An analyzer designed from PL semantics perspective has no chance to find dep bugs. The PL lacks info about the build context. c Andrzej W ˛asowski, IT University of Copenhagen 10
  11. 11. How pervasive are dependency bugs? Estimated accuracy of a simplistic classifier for issues 54% on positive cases, 88% on negative cases (tag "bug" + substring "depend") 53% packages affected by dependency bugs (based on the issue discussions) 30% contributors are affected by dependency problems or use time solving them Conditioned to contributors to affected packages, the above rises to 60% Dependency bugs attract a lot of discussion from multiple contributors, in fact the majority of the team. c Andrzej W ˛asowski, IT University of Copenhagen 11
  12. 12. How expensive are dependency bugs? Average discussion of dependency bug includes 4 ± 4.09 comments in ROS Baseline: The average discussion of any bug includes 2.92 ± 3.42 comments in ROS Dependency bugs attract more discussion than other issues Dependency issues are often solved by senior members for junior members Discussion of dependency issues are common outside GitHub (on ROS-answers and Stack Overflow) c Andrzej W ˛asowski, IT University of Copenhagen 12
  13. 13. Conclusion Dependency bugs are a special kind of feature interaction bugs Dependency bugs are a special kind of variability bugs Relatively simple, simplistic The ratio of annoyance to simplicity is unbelievably high They diminish the value produced by this community Eradicatable? Can we get rid of them? Are you the next Jedi to fight them? c Andrzej W ˛asowski, IT University of Copenhagen 13

×