SlideShare a Scribd company logo

ECSA 2023 Ubuntu Case Study

C
CREST

This study reviews software dependencies and complexity, describes the dependency extraction (DepEx) framework, and conducts a case study of Ubuntu to assess its operational performance.

Software
1 of 23
Download to read offline
Analyzing the Evolution of Inter-package Dependencies in Operating Systems: A Case Study of Ubuntu Victor Prokhorenko, Chadni Islam, Muhammad Ali Babar
Overview  Software dependencies and complexity  Operating Systems context  DepEx framework - Dependency extraction  Ubuntu – Findings  Future work directions and enhancements
Types of software dependencies • Code libraries (source or binary) • Network sockets • UNIX domain sockets • Pipes • File-based • Run-time code provisioning • Downloading from external source • Generated by external applications • Discoverable and undiscoverable
Code libraries • Available in source form at compile time • Used through various form of Import- and Include-like statements • Can be in-lined or embedded, thus eliminating external dependency • Dynamically loadable at run time • Typically met in form of .so and .dll files • Can have recursive dependencies of their own
Binary Dynamically Loadable Libraries • Required to be present in the system for a given application to start • Required to be located in a discoverable “place” • Required to contain the necessary functionality • List of exported functions • Versioning considerations • Source code may be inaccessible • Sourced from: • Application bundle • Pre-existing Operating System
Binary Dynamically Loadable Libraries: example
Complexity aspect: dependency-based metrics • How do dependencies reflect application complexity? • How do dependencies reflect library importance? • Four metrics investigated: Presence, Coverage, Occurrence, Usage • Developer-facing complexity vs. recursion
Operating system context • Single application development phase • Testing through compilation and execution • Multiple tools: compiler, IDE, tests, debuggers • Multiple applications usage phase • Automatic dependency installation (apt install) • Library version conflicts: versioned names • Bundling: archive, container, VM • Base system inflation
System-wide dependencies observability • Emergent high-level architecture appears as a result of combining multiple independently-developed applications • Constant system modifications and updates lead to lack of stable picture • Lack of bird’s eye view: • Are there any libraries missing that are required by executables in the system? Which ones? • Which executables would not be able to run due to the lack of required libraries? • What are the most popular/critical libraries (i.e. required by most number of executables)? Least popular? • Which libraries are present in the system but not required by any executable?
DepEx: Dependency Extractor framework • Plugin-based architecture • Presence and Coverage metrics • Scans file system and stores discovered dependencies in a structured database • Current development targeted at run-time file modifications tracking
Ubuntu case study • Why Ubuntu? • High popularity • Consistent archives • Detailed release notes • Long history – chance to find evolutionary patterns • Technical challenges • Disk space requirements • Image format and compression changed over time
Ubuntu case study: statistics • 84 consecutive versions (5.04 to 23.04) • 18 years of history • 114GB of compressed images • 9.8 million total files • Over 408000 total binaries and executables • Almost 2 millions of library-level dependencies extracted
Ubuntu: libraries vs. executable vs. total files
Ubuntu: dependencies vs. files
Ubuntu: average dependencies
Ubuntu: maximum dependencies
Ubuntu: direct dependencies drift
Ubuntu: most popular libraries (direct) Rank Library Direct uses 1 libc 4397 2 libpthread 1438 3 libglib 1037 4 libgobject 945 5 libm 836 6 librt 719 7 libgthread 660 8 libgmodule 658 9 libgtk-x11 656 10 libdl 601 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 L I B C L I B P T H R E A D L I B G L I B L I B G O B J E C T L I B M L I B R T L I B G T H R E A D L I B G M O D U L E L I B G T K - X 1 1 L I B D L DIRECT USES
Ubuntu: executable/library complexity (recursive) Rank Library Direct uses 1 gnome-control-center 273 2 gnome-initial-setup 169 3 shotwell-publishing 164 4 libiradio 158 5 librilo 158 6 evolution-alarm-notify 156 7 gnome-todo 155 8 smbd.x86_64-linux-gnu 155 9 empathy-call 154 10 libclplug_gtk3lo 154 0 50 100 150 200 250 300 DEPENDENCIES
Visualization challenges
Conclusion • Executables with a high number of recursive dependencies can be removed • “Complexity” comes from large number of subsystems: image formats, setup • Highly popular libraries are here to stay • A large number of libraries (up to three quarters) are not explicitly required • Plugins – discovered and loaded through a different mechanism • Shipped “just in case” for applications that would likely be installed • While periodic cleanups occur in practice, averages still steadily grow • Developer-facing complexity tends to be controlled
Future work directions and enhancements • More plugins for more executable types • Network awareness • Run-time file activity tracking and dependency graph updating • Real-time system health monitoring • Missing libraries, broken executables, missing links • Recovery/fixing recommendations • Most required missing library? • Last file event impact?
CRICOS 00123M

Recommended

Linux
LinuxLinux
Linux
CIIT Wahcantt, Taxila distt. Rawalpindi Pakistan
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
GlobalLogic Ukraine
 
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
From Zero to Hero - Contribute to Linux Kernel in 15 MinutesFrom Zero to Hero - Contribute to Linux Kernel in 15 Minutes
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
GlobalLogic Ukraine
 
Hands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestrationHands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestration
Amir Hossein Sorouri
 
Application Performance & Flexibility on Exokernel Systems paper review
Application Performance & Flexibility on Exokernel Systems paper reviewApplication Performance & Flexibility on Exokernel Systems paper review
Application Performance & Flexibility on Exokernel Systems paper review
Vimukthi Wickramasinghe
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
Hugo González Labrador
 
unixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdfunixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdf
IxtiyorTeshaboyev
 

Recommended

Linux
LinuxLinux
Linux
CIIT Wahcantt, Taxila distt. Rawalpindi Pakistan
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
GlobalLogic Ukraine
 
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
From Zero to Hero - Contribute to Linux Kernel in 15 MinutesFrom Zero to Hero - Contribute to Linux Kernel in 15 Minutes
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
GlobalLogic Ukraine
 
Hands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestrationHands on kubernetes_container_orchestration
Hands on kubernetes_container_orchestration
Amir Hossein Sorouri
 
Application Performance & Flexibility on Exokernel Systems paper review
Application Performance & Flexibility on Exokernel Systems paper reviewApplication Performance & Flexibility on Exokernel Systems paper review
Application Performance & Flexibility on Exokernel Systems paper review
Vimukthi Wickramasinghe
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
Hugo González Labrador
 
unixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdfunixoperatingsystem-130327073532-phpapp01.pdf
unixoperatingsystem-130327073532-phpapp01.pdf
IxtiyorTeshaboyev
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
Drew Moseley
 
Linux for embedded_systems
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systems
Vandana Salve
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCD
Prashant Rane
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
Ahmed El-Arabawy
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
Ahmed El-Arabawy
 
Operating system components
Operating system componentsOperating system components
Operating system components
Syed Zaid Irshad
 
Top 10 dev ops tools (1)
Top 10 dev ops tools (1)Top 10 dev ops tools (1)
Top 10 dev ops tools (1)
yalini97
 
Programs for office management
Programs for office managementPrograms for office management
Programs for office management
suhailaadeeb
 
scaling compiled applications - highload 2013
scaling compiled applications - highload 2013scaling compiled applications - highload 2013
scaling compiled applications - highload 2013
ice799
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
Sherif Mousa
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
Gaetano Giunta
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Project
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
Peter Clapham
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
Peter Clapham
 
Central Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdownCentral Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdown
Andrew Denner
 
Unix/Linux
Unix/Linux Unix/Linux
Unix/Linux
Saurabh Upadhyay
 
Unix operating system
Unix operating systemUnix operating system
Unix operating system
ABhay Panchal
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
Ontico
 
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
CREST
 
Making Software and Software Engineering visible
Making Software and Software Engineering visibleMaking Software and Software Engineering visible
Making Software and Software Engineering visible
CREST
 

More Related Content

Similar to ECSA 2023 Ubuntu Case Study

Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
Drew Moseley
 
Linux for embedded_systems
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systems
Vandana Salve
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCD
Prashant Rane
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
Ahmed El-Arabawy
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
Ahmed El-Arabawy
 
Operating system components
Operating system componentsOperating system components
Operating system components
Syed Zaid Irshad
 
Top 10 dev ops tools (1)
Top 10 dev ops tools (1)Top 10 dev ops tools (1)
Top 10 dev ops tools (1)
yalini97
 
Programs for office management
Programs for office managementPrograms for office management
Programs for office management
suhailaadeeb
 
scaling compiled applications - highload 2013
scaling compiled applications - highload 2013scaling compiled applications - highload 2013
scaling compiled applications - highload 2013
ice799
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
Sherif Mousa
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
Gaetano Giunta
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Project
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
Peter Clapham
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
Peter Clapham
 
Central Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdownCentral Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdown
Andrew Denner
 
Unix/Linux
Unix/Linux Unix/Linux
Unix/Linux
Saurabh Upadhyay
 
Unix operating system
Unix operating systemUnix operating system
Unix operating system
ABhay Panchal
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
Ontico
 

Similar to ECSA 2023 Ubuntu Case Study (20)

Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
 
Docker and the Linux Kernel
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
 
Linux for embedded_systems
Linux for embedded_systemsLinux for embedded_systems
Linux for embedded_systems
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCD
 
Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land Course 101: Lecture 4: A Tour in RTOS Land
Course 101: Lecture 4: A Tour in RTOS Land
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
 
Operating system components
Operating system componentsOperating system components
Operating system components
 
Top 10 dev ops tools (1)
Top 10 dev ops tools (1)Top 10 dev ops tools (1)
Top 10 dev ops tools (1)
 
Programs for office management
Programs for office managementPrograms for office management
Programs for office management
 
scaling compiled applications - highload 2013
scaling compiled applications - highload 2013scaling compiled applications - highload 2013
scaling compiled applications - highload 2013
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy Management
 
Flexible compute
Flexible computeFlexible compute
Flexible compute
 
Sanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticiansSanger, upcoming Openstack for Bio-informaticians
Sanger, upcoming Openstack for Bio-informaticians
 
Central Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdownCentral Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdown
 
Unix/Linux
Unix/Linux Unix/Linux
Unix/Linux
 
Unix operating system
Unix operating systemUnix operating system
Unix operating system
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
 

More from CREST

Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
CREST
 
Making Software and Software Engineering visible
Making Software and Software Engineering visibleMaking Software and Software Engineering visible
Making Software and Software Engineering visible
CREST
 
Understanding and Addressing Architectural Challenges of Cloud- Based Systems
Understanding and Addressing Architectural Challenges of Cloud- Based SystemsUnderstanding and Addressing Architectural Challenges of Cloud- Based Systems
Understanding and Addressing Architectural Challenges of Cloud- Based Systems
CREST
 
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
CREST
 
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
A Deep Dive into the Socio-Technical Aspects of Delays in Security PatchingA Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
CREST
 
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
Mining Software Repositories for Security: Data Quality Issues Lessons from T...Mining Software Repositories for Security: Data Quality Issues Lessons from T...
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
CREST
 
A Decentralised Platform for Provenance Management of Machine Learning Softwa...
A Decentralised Platform for Provenance Management of Machine Learning Softwa...A Decentralised Platform for Provenance Management of Machine Learning Softwa...
A Decentralised Platform for Provenance Management of Machine Learning Softwa...
CREST
 
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
CREST
 
Falling for Phishing: An Empirical Investigation into People's Email Response...
Falling for Phishing: An Empirical Investigation into People's Email Response...Falling for Phishing: An Empirical Investigation into People's Email Response...
Falling for Phishing: An Empirical Investigation into People's Email Response...
CREST
 
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
CREST
 
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
CREST
 
Detecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic ReviewDetecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic Review
CREST
 
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
CREST
 
Data Quality for Software Vulnerability Dataset
Data Quality for Software Vulnerability DatasetData Quality for Software Vulnerability Dataset
Data Quality for Software Vulnerability Dataset
CREST
 
Mod2Dash Presentation
Mod2Dash PresentationMod2Dash Presentation
Mod2Dash Presentation
CREST
 
Run-time Patching and updating Impact Estimation
Run-time Patching and updating Impact EstimationRun-time Patching and updating Impact Estimation
Run-time Patching and updating Impact Estimation
CREST
 
Energy Efficiency Evaluation of Local and Offloaded Data Processing
Energy Efficiency Evaluation of Local and Offloaded Data ProcessingEnergy Efficiency Evaluation of Local and Offloaded Data Processing
Energy Efficiency Evaluation of Local and Offloaded Data Processing
CREST
 
Designing Quality-Driven Blockchain Networks
Designing Quality-Driven Blockchain NetworksDesigning Quality-Driven Blockchain Networks
Designing Quality-Driven Blockchain Networks
CREST
 
Privacy Engineering in the Wild
Privacy Engineering in the WildPrivacy Engineering in the Wild
Privacy Engineering in the Wild
CREST
 
Security Data Quality Challenges
Security Data Quality ChallengesSecurity Data Quality Challenges
Security Data Quality Challenges
CREST
 

More from CREST (20)

Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
 
Making Software and Software Engineering visible
Making Software and Software Engineering visibleMaking Software and Software Engineering visible
Making Software and Software Engineering visible
 
Understanding and Addressing Architectural Challenges of Cloud- Based Systems
Understanding and Addressing Architectural Challenges of Cloud- Based SystemsUnderstanding and Addressing Architectural Challenges of Cloud- Based Systems
Understanding and Addressing Architectural Challenges of Cloud- Based Systems
 
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
 
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
A Deep Dive into the Socio-Technical Aspects of Delays in Security PatchingA Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
 
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
Mining Software Repositories for Security: Data Quality Issues Lessons from T...Mining Software Repositories for Security: Data Quality Issues Lessons from T...
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
 
A Decentralised Platform for Provenance Management of Machine Learning Softwa...
A Decentralised Platform for Provenance Management of Machine Learning Softwa...A Decentralised Platform for Provenance Management of Machine Learning Softwa...
A Decentralised Platform for Provenance Management of Machine Learning Softwa...
 
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
 
Falling for Phishing: An Empirical Investigation into People's Email Response...
Falling for Phishing: An Empirical Investigation into People's Email Response...Falling for Phishing: An Empirical Investigation into People's Email Response...
Falling for Phishing: An Empirical Investigation into People's Email Response...
 
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
 
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
 
Detecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic ReviewDetecting Misuses of Security APIs: A Systematic Review
Detecting Misuses of Security APIs: A Systematic Review
 
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
 
Data Quality for Software Vulnerability Dataset
Data Quality for Software Vulnerability DatasetData Quality for Software Vulnerability Dataset
Data Quality for Software Vulnerability Dataset
 
Mod2Dash Presentation
Mod2Dash PresentationMod2Dash Presentation
Mod2Dash Presentation
 
Run-time Patching and updating Impact Estimation
Run-time Patching and updating Impact EstimationRun-time Patching and updating Impact Estimation
Run-time Patching and updating Impact Estimation
 
Energy Efficiency Evaluation of Local and Offloaded Data Processing
Energy Efficiency Evaluation of Local and Offloaded Data ProcessingEnergy Efficiency Evaluation of Local and Offloaded Data Processing
Energy Efficiency Evaluation of Local and Offloaded Data Processing
 
Designing Quality-Driven Blockchain Networks
Designing Quality-Driven Blockchain NetworksDesigning Quality-Driven Blockchain Networks
Designing Quality-Driven Blockchain Networks
 
Privacy Engineering in the Wild
Privacy Engineering in the WildPrivacy Engineering in the Wild
Privacy Engineering in the Wild
 
Security Data Quality Challenges
Security Data Quality ChallengesSecurity Data Quality Challenges
Security Data Quality Challenges
 

Recently uploaded

What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 

Recently uploaded (20)

What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 

ECSA 2023 Ubuntu Case Study

  • 1. Analyzing the Evolution of Inter-package Dependencies in Operating Systems: A Case Study of Ubuntu Victor Prokhorenko, Chadni Islam, Muhammad Ali Babar
  • 2. Overview  Software dependencies and complexity  Operating Systems context  DepEx framework - Dependency extraction  Ubuntu – Findings  Future work directions and enhancements
  • 3. Types of software dependencies • Code libraries (source or binary) • Network sockets • UNIX domain sockets • Pipes • File-based • Run-time code provisioning • Downloading from external source • Generated by external applications • Discoverable and undiscoverable
  • 4. Code libraries • Available in source form at compile time • Used through various form of Import- and Include-like statements • Can be in-lined or embedded, thus eliminating external dependency • Dynamically loadable at run time • Typically met in form of .so and .dll files • Can have recursive dependencies of their own
  • 5. Binary Dynamically Loadable Libraries • Required to be present in the system for a given application to start • Required to be located in a discoverable “place” • Required to contain the necessary functionality • List of exported functions • Versioning considerations • Source code may be inaccessible • Sourced from: • Application bundle • Pre-existing Operating System
  • 6. Binary Dynamically Loadable Libraries: example
  • 7. Complexity aspect: dependency-based metrics • How do dependencies reflect application complexity? • How do dependencies reflect library importance? • Four metrics investigated: Presence, Coverage, Occurrence, Usage • Developer-facing complexity vs. recursion
  • 8. Operating system context • Single application development phase • Testing through compilation and execution • Multiple tools: compiler, IDE, tests, debuggers • Multiple applications usage phase • Automatic dependency installation (apt install) • Library version conflicts: versioned names • Bundling: archive, container, VM • Base system inflation
  • 9. System-wide dependencies observability • Emergent high-level architecture appears as a result of combining multiple independently-developed applications • Constant system modifications and updates lead to lack of stable picture • Lack of bird’s eye view: • Are there any libraries missing that are required by executables in the system? Which ones? • Which executables would not be able to run due to the lack of required libraries? • What are the most popular/critical libraries (i.e. required by most number of executables)? Least popular? • Which libraries are present in the system but not required by any executable?
  • 10. DepEx: Dependency Extractor framework • Plugin-based architecture • Presence and Coverage metrics • Scans file system and stores discovered dependencies in a structured database • Current development targeted at run-time file modifications tracking
  • 11. Ubuntu case study • Why Ubuntu? • High popularity • Consistent archives • Detailed release notes • Long history – chance to find evolutionary patterns • Technical challenges • Disk space requirements • Image format and compression changed over time
  • 12. Ubuntu case study: statistics • 84 consecutive versions (5.04 to 23.04) • 18 years of history • 114GB of compressed images • 9.8 million total files • Over 408000 total binaries and executables • Almost 2 millions of library-level dependencies extracted
  • 13. Ubuntu: libraries vs. executable vs. total files
  • 18. Ubuntu: most popular libraries (direct) Rank Library Direct uses 1 libc 4397 2 libpthread 1438 3 libglib 1037 4 libgobject 945 5 libm 836 6 librt 719 7 libgthread 660 8 libgmodule 658 9 libgtk-x11 656 10 libdl 601 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 L I B C L I B P T H R E A D L I B G L I B L I B G O B J E C T L I B M L I B R T L I B G T H R E A D L I B G M O D U L E L I B G T K - X 1 1 L I B D L DIRECT USES
  • 19. Ubuntu: executable/library complexity (recursive) Rank Library Direct uses 1 gnome-control-center 273 2 gnome-initial-setup 169 3 shotwell-publishing 164 4 libiradio 158 5 librilo 158 6 evolution-alarm-notify 156 7 gnome-todo 155 8 smbd.x86_64-linux-gnu 155 9 empathy-call 154 10 libclplug_gtk3lo 154 0 50 100 150 200 250 300 DEPENDENCIES
  • 21. Conclusion • Executables with a high number of recursive dependencies can be removed • “Complexity” comes from large number of subsystems: image formats, setup • Highly popular libraries are here to stay • A large number of libraries (up to three quarters) are not explicitly required • Plugins – discovered and loaded through a different mechanism • Shipped “just in case” for applications that would likely be installed • While periodic cleanups occur in practice, averages still steadily grow • Developer-facing complexity tends to be controlled
  • 22. Future work directions and enhancements • More plugins for more executable types • Network awareness • Run-time file activity tracking and dependency graph updating • Real-time system health monitoring • Missing libraries, broken executables, missing links • Recovery/fixing recommendations • Most required missing library? • Last file event impact?