Concordia University

http://www.concordia.ca/content/shared/en/events/encs/computer-science/2019/12/02/Master-Thesis-Defense-Md-Atique-Reza-Chowdhury.html

Examinations, Thesis defences

Master Thesis Defense: Md Atique Reza Chowdhury

Date and time
Date & time

December 2, 2019
12 p.m. – 2 p.m.

Where
Where

Room 2.184
Engineering, Computer Science and Visual Arts Integrated Complex
1515 St. Catherine W.
SGW campus

Cost
Cost

This event is free

Wheelchair accessible
Wheelchair accessible

Yes

Speaker(s)
Speaker(s)

Md Atique Reza Chowdhury

Speaker: Md Atique Reza Chowdhury

Supervisor: Dr. E. Shihab

Examining Committee:
Drs. T.-H. Chen, Y.-G. Gueheneuc , W. Shang (Chair)

Title: Untriviality of Trivial Packages

Date: Monday, December 2, 2019

Time: 12:00 p.m.

Place: EV 2.184

ABSTRACT

Nowadays, software development relies heavily upon third-party packages even on packages of smaller size and complexity. Although these smaller packages, known as “trivial packages”, provide very specific functionalities, their pervasiveness and popularity make us question their triviality.

Previous studies examined these packages as standalone units, these package's contribution in building software applications is yet unexplored. In this thesis, we aim to understand the disposition of these packages by examining the use of trivial packages in software applications from two vital aspects. Initially, we examine how these packages are used and evaluate their relative importance in the scope of software applications. Finally, we inspect the impact of using trivial packages on software quality.

To better understand how trivial packages are used in software applications, we mine a large set of JavaScript projects that depend on trivial npm packages. We evaluate these packages from two complementary points of view: based on application usage and ecosystem usage. We notice that the files that depend on trivial packages are very important in their respective applications. Again, a significant percentage of API calls are made to trivial packages in the files that have trivial package dependency. These findings indicate that trivial packages may not be so trivial after all. Moreover, to analyze ecosystem usages, we study the package dependency network for both direct and transitive dependencies of the studied applications and, to our surprise, we observe that trivial packages are more important in the dependency network than non-trivial packages. Some of the trivial packages are so important in the dependency network that the removal of those packages can impact up to 30% of the network.

Previous study confirmed that more than 50% of trivial packages do not have any test case. Therefore, we examine the impact of using these packages on software quality. Our analysis shows that JavaScript files and applications that use trivial packages tend to have higher percentage of bug-fixing commits than applications and files that do not have these packages dependency. Moreover, commits that introduce trivial packages in JavaScript files are significantly riskier than other commits as they are more prone to induce future fixes.

Back to top

© Concordia University