To enhance the compatibility in the version control of Java Third-party Libraries (TPLs), Maven adopts Semantic Versioning (SemVer) to standardize the underlying meaning of versions, but users could still confront abnormal execution and crash after upgrades even if compilation and linkage succeed. It is caused by semantic breaking (SemB) issues, such that APIs directly used by users have identical signatures but inconsistent semantics across upgrades. To strengthen compliance with SemVer rules, developers and users should be alerted of such issues. Unfortunately, it is challenging to detect them statically, because semantic changes in the internal methods of APIs are difficult to capture. Dynamic testing can confirmingly uncover some, but it is limited by inadequate coverage. To detect SemB issues over compatible upgrades (Patch and Minor) by SemVer rules, we conduct an empirical study on 180 SemB issues to understand the root causes, inspired by which, we propose Sembid (Semantic Breaking Issue Detector) to statically detect such issues of TPLs for developers and users. Since APIs are directly used by users, Sembid detects and reports SemB issues based on APIs. For a pair of APIs, Sembid walks through the call chains originating from the API to locate breaking changes by measuring semantic diff. Then, Sembid checks if the breaking changes can affect API's output along call chains. The evaluation showed Sembid achieved 90.26% recall and 81.29% precision and outperformed other API checkers on SemB API detection. We also revealed Sembid detected over 3 times more SemB APIs with better coverage than unit tests, the commonly used solution. Furthermore, we carried out an empirical study on 1,629,589 APIs from 546 version pairs of top Java libraries and found there were 2-4 times more SemB APIs than those with signature-based issues.
翻译:为加强爪哇第三方图书馆(TPLs)版本控制的兼容性, Maven 采用Sematic 版本(SemVer) 将版本的基本含义标准化,但用户即使在编译和链接成功的情况下,仍会遇到异常执行和升级后崩溃。它是由语义断裂(SemB)问题造成的,用户直接使用的API在升级过程中的签名和语义不一致。为了加强对SemVer规则的遵守,应该提醒开发者和用户注意这类问题。不幸的是,要静态地发现它们具有挑战性,因为API内部方法的语义改变很难捕捉到。动态测试可以肯定发现一些,但范围有限。为了检测SemVer规则的兼容性升级(SemB)问题,我们对180 SemB问题进行了实证研究,以便理解其根源,因此,我们建议SemVervier(Semici Referal Retail) 与Semocial Servoration(Semocial Reportervors)相比, 也可以在SemPI 上对开发者和用户进行静态研究。