A dependency bug is a software fault that manifests itself when accessing an unavailable asset. Dependency bugs are pervasive and we all hate them. But why do they appear?
I will present a case study of dependency bugs in the Robot Operating System (ROS). From one point of view, ROS is a highly general distributed architecture for building robotics systems, supported by a communication middleware, and a large number of reusable and configurable components. We will discuss results of a qualitative (N=78) and quantitative (N=1354) analyses of bug reports in ROS. We will contrast this with 19553 reports in top 30 GitHub projects. A definition and a taxonomy of dependency bugs emerges from these data. We find that these bugs are surprisingly pervasive, and very annoying. As many as 15% (!) of all reported bugs are dependency bugs. They also contribute tremendously to the (possibly incorrect) perception of new developers that the system is unstable, unpredictable, or hard to use.
It seems that dependency problems are an inherent cost paid for software modularity and reuse. Yet, we rarely discuss them when we evaluate our research ideas and tools. They can be considered as a technical debt introduced by generality of software architectures. A debt that is growing, more decoupled the software becomes — when components evolve at various speeds and are controlled by separate maintainers. Perhaps we should include this cost as an explicit criterion in evaluation of reuse ideas in software. Perhaps this is a cost worth paying for the benefits.
On the other hand, dependency bugs do not seem to be impossible to combat. We have built simple lightweight linters to find some of them. Lightweight tools can find dependency bugs efficiently, although it is challenging to decide which tools to build and difficult, hopefully not impossible, to build general tools. Perhaps the VAMOS community can help both building tools that are finding and eliminating dependency problems, and by identifying the general architectures, or ecosystems organizations, that minimize the number of dependency problems without loosing the agility.
Joint work with: Anders Fischer Nielsen, Zhoulai Fu (IT University of Copenhagen), Ting Su (ETH Zurich). Partially sponsored by European Commission through H2020 ROSIN Grant No. 732287.
Andrzej Wąsowski works with design and use of technologies that improve quality of software, including issues such as correctness and maintainability. He has worked extensively with software product line methods-ways to develop software for similar products at lower cost but with higher quality. He has collaborated with open source projects (Linux kernel and ROS among others) and with industry. Currently, he is investigating quality assurance methods for robotics platforms, the privacy and information flow in machine learning programs, and generating patches for locking bugs in the Linux kernel.
Andrzej Wąsowski is a professor of Software Engineering at IT University in Copenhagen (ITU). He holds an MSc degree from Warsaw University of Technology and a PhD degree from ITU. He has previously held visiting positions at Aalborg University (Denmark), INRIA Rennes (France) and University of Waterloo (Canada).
E037 - Faculty of Computer Science, Otto-von-Guericke Unversity Magdebrug
09:00-17:30: MODEVAR Pre-Conference Event (free of charge, please indicate during the registration whether you wan to attend)