skip to main content

Detecting locations in JavaScript programs affected by breaking library changes

Published:13 November 2020Publication History
Skip Abstract Section

Abstract

JavaScript libraries are widely used and evolve rapidly. When adapting client code to non-backwards compatible changes in libraries, a major challenge is how to locate affected API uses in client code, which is currently a difficult manual task. In this paper we address this challenge by introducing a simple pattern language for expressing API access points and a pattern-matching tool based on lightweight static analysis.

Experimental evaluation on 15 popular npm packages shows that typical breaking changes are easy to express as patterns. Running the static analysis on 265 clients of these packages shows that it is accurate and efficient: it reveals usages of breaking APIs with only 14% false positives and no false negatives, and takes less than a second per client on average. In addition, the analysis is able to report its confidence, which makes it easier to identify the false positives. These results suggest that the approach, despite its simplicity, can reduce the manual effort of the client developers.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

OOPSLA 2020 presentation of the paper Detecting Locations in JavaScript Programs Affected by Breaking Library Changes, by Anders Møller, Benjamin Barslev Nielsen, and Martin Toldam Torp.

References

  1. Aline Brito, Laerte Xavier, André C. Hora, and Marco Tulio Valente. 2018. Why and how Java developers break APIs. In 25th International Conference on Software Analysis, Evolution and Reengineering, SANER 2018, Campobasso, Italy, March 20-23, 2018. IEEE Computer Society, 255-265.Google ScholarGoogle ScholarCross RefCross Ref
  2. Kingsum Chow and David Notkin. 1996. Semi-automatic update of applications in response to library changes. In 1996 International Conference on Software Maintenance (ICSM '96), 4-8 November 1996, Monterey, CA, USA, Proceedings. IEEE Computer Society, 359.Google ScholarGoogle ScholarCross RefCross Ref
  3. Barthélémy Dagenais and Martin P. Robillard. 2011. Recommending Adaptive Changes for Framework Evolution. ACM Trans. Softw. Eng. Methodol. 20, 4 ( 2011 ), 19 : 1-19 : 35.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Erik Derr, Sven Bugiel, Sascha Fahl, Yasemin Acar, and Michael Backes. 2017. Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30-November 03, 2017. ACM, 2187-2200.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Danny Dig and Ralph E. Johnson. 2006. How do APIs evolve? A story of refactoring. Journal of Software Maintenance 18, 2 ( 2006 ), 83-107.Google ScholarGoogle Scholar
  6. Mattia Fazzini, Qi Xin, and Alessandro Orso. 2019. Automated API-usage update for Android apps. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, Beijing, China, July 15-19, 2019. ACM, 204-215.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Asger Feldthaus and Anders Møller. 2013. Semi-automatic rename refactoring for JavaScript. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA 2013, part of SPLASH 2013, Indianapolis, IN, USA, October 26-31, 2013. ACM, 323-338.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Asger Feldthaus, Max Schäfer, Manu Sridharan, Julian Dolby, and Frank Tip. 2013. Eficient construction of approximate call graphs for JavaScript IDE services. In 35th International Conference on Software Engineering, ICSE ' 13, San Francisco, CA, USA, May 18-26, 2013. IEEE Computer Society, 752-761.Google ScholarGoogle Scholar
  9. Hong Jin Kang, Ferdian Thung, Julia Lawall, Gilles Muller, Lingxiao Jiang, and David Lo. 2019. Semantic Patches for Java Program Transformation (Experience Report). In 33rd European Conference on Object-Oriented Programming, ECOOP 2019, July 15-19, 2019, London, United Kingdom. (LIPIcs), Vol. 134. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 22 : 1-22 : 27.Google ScholarGoogle Scholar
  10. Rediana Koçi, Xavier Franch, Petar Jovanovic, and Alberto Abelló. 2019. Classification of Changes in API Evolution. In 23rd IEEE International Enterprise Distributed Object Computing Conference, EDOC 2019, Paris, France, October 28-31, 2019. IEEE, 243-249.Google ScholarGoogle Scholar
  11. Erik Krogh Kristensen and Anders Møller. 2019. Reasonably-most-general clients for JavaScript library analysis. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019. IEEE / ACM, 83-93.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Li Li, Tegawendé F. Bissyandé, Haoyu Wang, and Jacques Klein. 2018. CiD: automating the detection of API-related compatibility issues in Android apps. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018. ACM, 153-163.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Gianluca Mezzetti, Anders Møller, and Martin Toldam Torp. 2018. Type Regression Testing to Detect Breaking Changes in Node.js Libraries. In 32nd European Conference on Object-Oriented Programming, ECOOP 2018, July 16-21, 2018, Amsterdam, The Netherlands (LIPIcs), Vol. 109. Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 7 : 1-7 : 24.Google ScholarGoogle Scholar
  14. Dimitris Mitropoulos, Panos Louridas, Vitalis Salis, and Diomidis Spinellis. 2019. Time present and time past: analyzing the evolution of JavaScript code in the wild. In Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26-27 May 2019, Montreal, Canada. IEEE / ACM, 126-137.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Anders Møller and Martin Toldam Torp. 2019. Model-based testing of breaking changes in Node.js libraries. In Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2019, Tallinn, Estonia, August 26-30, 2019. ACM, 409-419.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Hoan Anh Nguyen, Tung Thanh Nguyen, Gary Wilson Jr., Anh Tuan Nguyen, Miryung Kim, and Tien N. Nguyen. 2010. A graph-based approach to API usage adaptation. In Proceedings of the 25th Annual ACM SIGPLAN Conference on ObjectOriented Programming, Systems, Languages, and Applications, OOPSLA 2010, October 17-21, 2010, Reno/Tahoe, Nevada, USA. ACM, 302-321.Google ScholarGoogle Scholar
  17. Yoann Padioleau, René Rydhof Hansen, Julia L. Lawall, and Gilles Muller. 2006. Semantic patches for documenting and automating collateral evolutions in Linux device drivers. In Proceedings of the 3rd Workshop on Programming Languages and Operating Systems: Linguistic Support for Modern Operating Systems, PLOS 2006, San Jose, California, USA, October 22, 2006. ACM, 10.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Yoann Padioleau, Julia L. Lawall, René Rydhof Hansen, and Gilles Muller. 2008. Documenting and automating collateral evolutions in linux device drivers. In Proceedings of the 2008 EuroSys Conference, Glasgow, Scotland, UK, April 1-4, 2008. ACM, 247-260.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Benno Stein, Benjamin Barslev Nielsen, Bor-Yuh Evan Chang, and Anders Møller. 2019. Static analysis with demand-driven value refinement. PACMPL 3, OOPSLA ( 2019 ), 140 : 1-140 : 29.Google ScholarGoogle Scholar
  20. Ahmed Zerouali, Tom Mens, Jesús M. González-Barahona, Alexandre Decan, Eleni Constantinou, and Gregorio Robles. 2019. A formal framework for measuring technical lag in component repositories-and its application to npm. Journal of Software: Evolution and Process 31, 8 ( 2019 ).Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Zhaoxu Zhang, Hengcheng Zhu, Ming Wen, Yida Tao, Yepang Liu, and Yingfei Xiong. 2020. How Do Python Framework APIs Evolve? An Exploratory Study. In 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER London, Ontario, February 18-21, 2020. IEEE, 81-92.Google ScholarGoogle Scholar
  22. Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small World with High Risks: A Study of Security Threats in the npm Ecosystem. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019. USENIX Association, 995-1010.Google ScholarGoogle Scholar

Index Terms

  1. Detecting locations in JavaScript programs affected by breaking library changes

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!