Print Email Facebook Twitter Removing dependencies from large software projects Title Removing dependencies from large software projects: Are you really sure? Author Chuang, Ching-Chi (Student TU Delft) Cruz, Luis (TU Delft Software Engineering) van Dalen, Robbert (ING) Mikovski, Vladimir (ING) van Deursen, A. (TU Delft Software Technology) Contributor Ceballos, C. (editor) Department Software Technology Date 2022 Abstract When developing and maintaining large software systems, a great deal of effort goes into dependency management. During the whole lifecycle of a software project, the set of dependencies keeps changing to accommodate the addition of new features or changes in the running environment. Package management tools are quite popular to automate this process, making it fairly easy to automate the addition of new dependencies and respective versions. However, over the years, a software project might evolve in a way that no longer needs a particular technology or dependency. But the choice of removing that dependency is far from trivial: one cannot be entirely sure that the dependency is not used in any part of the project. Hence, developers have a hard time confidently removing dependencies and trusting that it will not break the system in production. In this paper, we propose a decision framework to improve the detection of unused dependencies. Our approach builds on top of the existing dependency analysis tool DepClean. We start by improving the support of Java dynamic features in DepClean. We do so by augmenting the analysis with the state-of-the-art call graph generation tool OPAL. Then, we analyze the potentially unused dependencies detected by classifying their logical relationship with the other components to decide on follow-up steps, which we provide in the form of a decision diagram. Results show that developers can focus their efforts on maintaining bloated dependencies by following the recommendations of our decision framework. When applying our approach to a large industrial software project, we can reduce one-third of false positives when compared to the state-of-the-art. We also validate our approach by analyzing dependencies that were removed in the history of open-source projects. Results show consistency between our approach and the decisions taken by open-source developers. Subject unused dependenciescall graph generationstatic analysis To reference this document use: http://resolver.tudelft.nl/uuid:60718ddc-2ced-482f-a6cd-f162408906e1 DOI https://doi.org/10.1109/SCAM55253.2022.00017 Publisher IEEE, Piscataway Embargo date 2023-07-12 ISBN 978-1-6654-9610-0 Source Proceedings of the 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM) Event 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM), 2022-10-03, Limassol, Cyprus Bibliographical note Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. Part of collection Institutional Repository Document type conference paper Rights © 2022 Ching-Chi Chuang, Luis Cruz, Robbert van Dalen, Vladimir Mikovski, A. van Deursen Files PDF Removing_dependencies_fro ... y_sure.pdf 1.3 MB Close viewer /islandora/object/uuid:60718ddc-2ced-482f-a6cd-f162408906e1/datastream/OBJ/view