kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Longitudinal Analysis of Bloated Java Dependencies
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.ORCID iD: 0000-0003-0541-6411
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.ORCID iD: 0000-0002-1996-6134
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.ORCID iD: 0000-0002-4015-4640
2021 (English)In: Proceedings Of The 29Th Acm Joint Meeting On European Software Engineering Conference And Symposium On The Foundations Of Software Engineering (Esec/Fse '21) / [ed] Spinellis, D Gousios, G Chechik, M DiPenta, M, Association for Computing Machinery (ACM) , 2021, p. 1021-1031Conference paper, Published paper (Refereed)
Abstract [en]

We study the evolution and impact of bloated dependencies in a single software ecosystem: Java/Maven. Bloated dependencies are third-party libraries that are packaged in the application binary but are not needed to run the application. We analyze the history of 435 Java projects. This historical data includes 48,469 distinct dependencies, which we study across a total of 31,515 versions of Maven dependency trees. Bloated dependencies steadily increase over time, and 89.2 % of the direct dependencies that are bloated remain bloated in all subsequent versions of the studied projects. This empirical evidence suggests that developers can safely remove a bloated dependency. We further report novel insights regarding the unnecessary maintenance efforts induced by bloat. We find that 22 % of dependency updates performed by developers are made on bloated dependencies, and that Dependabot suggests a similar ratio of updates on bloated dependencies.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) , 2021. p. 1021-1031
Keywords [en]
software bloat, dependencies, java
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:kth:diva-309540DOI: 10.1145/3468264.3468589ISI: 000744425500088Scopus ID: 2-s2.0-85116273059OAI: oai:DiVA.org:kth-309540DiVA, id: diva2:1645176
Conference
29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), AUG 23-28, 2021, ELECTR NETWORK
Note

Part of proceedings ISBN: 978-1-4503-8562-6

QC 20220316

Available from: 2022-03-16 Created: 2022-03-16 Last updated: 2023-05-10Bibliographically approved
In thesis
1. Debloating Java Dependencies
Open this publication in new window or tab >>Debloating Java Dependencies
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Software systems have a natural tendency to grow in size and complexity. A part of this growth comes with the addition of new features or bug fixes, while another part is due to useless code that accumulates over time. This phenomenon, known as "software bloat," increases with the practice of reusing software dependencies, which has exceeded the capacity of human developers to efficiently manage them. Software bloat in third-party dependencies presents a multifaceted challenge for application development, encompassing issues of security, performance, and maintenance. To address these issues, researchers have developed software debloating techniques that automatically remove unnecessary code. Despite significant progress has been made in the realm of software debloating, the pervasive issue of dependency bloat warrants special attention. In this thesis, we contribute to the field of software debloating by proposing novel techniques specifically targeting dependencies in the Java ecosystem.

First, we investigate the growth of completely unused software dependencies, which we call "bloated dependencies." We propose a technique to automatically detect and remove bloated dependencies in Java projects built with Maven. We empirically study the usage status of dependencies in the Maven Central repository and remove bloated dependencies in mature Java projects. We demonstrate that once a bloated dependency is detected, it can be safely removed as its future usage is unlikely.

Second, we focus on dependencies that are only partially used. We introduce a technique to specialize these dependencies in Java projects based on their actual usage. Our approach systematically identifies the subset of functionalities within each dependency that is sufficient to build the project and removes the rest. We demonstrate that our dependency specialization approach can halve the project classes to dependency classes ratio.

Last, we assess the impact of debloating projects with respect to client applications that reuse them. We present a novel coverage-based debloating technique that determines which class members in Java libraries and their dependencies are necessary for their clients. Our debloating technique effectively decreases the size of debloated libraries while preserving the essential functionalities required to successfully build their clients. 
Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2023. p. x, 103
Series
TRITA-EECS-AVL ; 2023:36
Keywords
Software debloating, software dependencies, Java bytecode, package manager, static program analysis, dynamic program analysis
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-326755 (URN)978-91-8040-557-7 (ISBN)
Public defence
2023-06-01, D2, Lindstedtsvägen 9, KTH, Stockholm, 13:15 (English)
Opponent
Supervisors
Funder
Knut and Alice Wallenberg Foundation
Note

QC 20230510

Available from: 2023-05-10 Created: 2023-05-10 Last updated: 2023-05-25Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Soto Valero, CésarDurieux, ThomasBaudry, Benoit

Search in DiVA

By author/editor
Soto Valero, CésarDurieux, ThomasBaudry, Benoit
By organisation
Software and Computer systems, SCS
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 321 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub