DepOwl: Detecting Dependency Bugs to Prevent Compatibility Failures

TL;DR

DepOwl is a practical tool designed to prevent compatibility failures caused by incompatible library versions, by detecting potential issues early in the development process, thereby reducing end-user failures.

Contribution

DepOwl introduces a proactive approach to detect and prevent dependency bugs before they cause compatibility failures, improving upon reactive existing solutions.

Findings

Prevented 32 out of 38 known compatibility failures

Detected 77 previously unknown dependency bugs

Effective on real-world software repositories

Abstract

Applications depend on libraries to avoid reinventing the wheel. Libraries may have incompatible changes during evolving. As a result, applications will suffer from compatibility failures. There has been much research on addressing detecting incompatible changes in libraries, or helping applications co-evolve with the libraries. The existing solution helps the latest application version work well against the latest library version as an afterthought. However, end users have already been suffering from the failures and have to wait for new versions. In this paper, we propose DepOwl, a practical tool helping users prevent compatibility failures. The key idea is to avoid using incompatible versions from the very beginning. We evaluated DepOwl on 38 known compatibility failures from StackOverflow, and DepOwl can prevent 32 of them. We also evaluated DepOwl using the software repository shipped with Ubuntu-19.10. DepOwl detected 77 unknown dependency bugs, which may lead to compatibility failures.