29/01/2020 – Talk: “Dependency Bugs: The Dark Side Of Variability, Reuse And Modularity” By Andrzej Wasowski

Andrzej Wasowski will present his work on a case study of dependency bugs in the Robot Operating System (ROS). Details below.


Andrzej Wasowski, Full Professor.


Dependency Bugs: The Dark Side of Variability, Reuse and Modularity


A dependency bug is a software fault that manifests itself when accessing an unavailable asset. Dependency bugs are pervasive and we all hate them. But why do they appear?

I will present a case study of dependency bugs in the Robot Operating System (ROS). From one point of view, ROS is a highly general distributed architecture for building robotics systems, supported by a communication middleware and a large number of reusable and configurable components. I will discuss results of a qualitative (N=78) and quantitative (N=1354) analyses of bug reports in ROS. We will contrast this with 19553 reports in top 30 GitHub projects. A definition and a taxonomy of dependency bugs emerges from these data. Dependency bugs are surprisingly pervasive, and (not so surprisingly) very annoying. As many as 15% (!) of all reported bugs are dependency bugs. They generate large overhead in the development process, and slow down the onboarding of new community members. They contribute tremendously to the (possibly incorrect) perception of new developers that the system is unstable, unpredictable, or hard to use.

It seems that dependency problems are an inherent cost paid for software modularity and reuse. Yet, we rarely discuss them when we evaluate our research ideas and tools. They can be considered as a technical debt introduced by generality of software architectures. A debt that is growing, whenever we generalize and modularize the architecture further, whenever we allow that components evolve at various speeds, are controlled by separate maintainers, and are configured differently in every build setup. Perhaps we should include this cost as an explicit criterion in evaluation of reuse ideas in software? Perhaps this is a cost worth paying, given the benefits of reuse?

On the other hand, dependency bugs do not seem to be impossible to combat. We have built simple lightweight linters to find some of them. Lightweight tools can find dependency bugs efficiently, although it is challenging to decide which tools to build. General tools for this problem are an evasive idea—the differences between the different kinds of dependency bugs seem too large. Can the VAMOS community help building tools for finding and eliminating dependency problems? Can we work on identifying the general architectures, or ecosystems organizations, that minimize the number of dependency problems without loosing the agility.

Joint work with: Anders Fischer Nielsen, Zhoulai Fu (IT University of Copenhagen), Ting Su (ETH Zurich). Partially sponsored by European Commission through H2020 ROSIN project, Grant No. 732287.