AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis
Android app developers extensively employ code reuse, integrating many third-party libraries into their apps. While such integration is practical for developers, it can be challenging for static analyzers to achieve scalability and precision when libraries account for a large part of the code. As a direct consequence, it is common practice in the literature to consider developer code only during static analysis –with the assumption that the sought issues are in developer code rather than the libraries. However, analysts need to distinguish between library and developer code. Currently, many static analyses rely on white lists of libraries. However, these white lists are unreliable, inaccurate, and largely non-comprehensive. In this paper, we propose a new approach to address the lack of comprehensive and automated solutions for the production of accurate and “always up to date" sets of libraries. First, we demonstrate the continued need for a white list of libraries. Second, we propose an automated approach to produce an accurate and up-to-date set of third-party libraries in the form of a dataset called AndroLibZoo. Our dataset, which we make available to the community, contains to date 34 813 libraries and is meant to evolve.
Mon 15 AprDisplayed time zone: Lisbon change
11:00 - 12:30 | Ecosystems, Reuse and APIs & TutorialsData and Tool Showcase Track / Technical Papers / Tutorials at Almada Negreiros Chair(s): Mahmoud Alfadel University of Waterloo, Ayushi Rastogi University of Groningen, The Netherlands | ||
11:00 12mTalk | Thirty-Three Years of Mathematicians and Software Engineers: A Case Study of Domain Expertise and Participation in Proof Assistant Ecosystems Technical Papers Gwenyth Lincroft Northeastern University, Minsung Cho Northeastern University, Mahsa Bazzaz Northeastern University, Katherine Hough Northeastern University, Jonathan Bell Northeastern University Pre-print Media Attached | ||
11:12 12mTalk | Boosting API Misuse Detection via Integrating API Constraints from Multiple Sources Technical Papers Can Li Nanjing University of Aeronautics and Astronautics, Jingxuan Zhang Nanjing University of Aeronautics and Astronautics, Yixuan Tang Nanjing University of Aeronautics and Astronautics, Zhuhang Li Nanjing University of Aeronautics and Astronautics, Tianyue Sun Nanjing University of Aeronautics and Astronautics | ||
11:24 6mTalk | Availability and Usage of Platform-Specific APIs: A First Empirical Study Technical Papers Pre-print Media Attached File Attached | ||
11:30 4mTalk | AndroLibZoo: A Reliable Dataset of Libraries Based on Software Dependency Analysis Data and Tool Showcase Track Jordan Samhi CISPA Helmholtz Center for Information Security, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
11:34 4mTalk | Goblin: A Framework for Enriching and Querying the Maven Central Dependency Graph Data and Tool Showcase Track Damien Jaime Sorbonne Université - Lip6 - SAP, Joyce El Haddad Paris Dauphine-PSL Université, CNRS, LAMSADE, Pascal Poizat Université Paris Nanterre & LIP6 Pre-print File Attached | ||
11:38 4mTalk | Dataset: Copy-based Reuse in Open Source Software Data and Tool Showcase Track Mahmoud Jahanshahi Research Assistant, University of Tennessee Knoxville, Audris Mockus The University of Tennessee & Vilnius University Pre-print | ||
11:45 45mTalk | Mining Our Way Back to Incremental Builds for DevOps Pipelines Tutorials Shane McIntosh University of Waterloo Pre-print | ||