The development of efficient data science applications is often impeded by unbearably long execution time and rapid RAM exhaustion. Since API documentation is the primary information source for troubleshooting, we investigate how performance concerns are documented in popular data science libraries. Our quantitative results reveal the prevalence of data science APIs that are documented in performance-related context and the infrequent maintenance activities on such documentation. Our qualitative analyses further suggest that crowd documentation like Stack Overflow and GitHub are highly complementary to official documentation in terms of the API coverage, the knowledge distribution, as well as the specific information found in performance-related discussions. Data science practitioners could benefit from our findings by learning a more targeted search strategy for resolving performance issues. Researchers can be more assured of the advantages of integrating both the official and the crowd documentation to achieve a holistic view on the performance concerns in data science development.

Yida Tao

Shenzhen University

Jiefang Jiang

Shenzhen University

Yepang Liu

Southern University of Science and Technology

Zhiwu Xu

Shenzhen University

Shengchao Qin

University of Teesside

United Kingdom

Automated debugging techniques, including fault localization and program repair, have been studied for decades. The existing connection between fault localization and program repair is that fault localization computes the potential buggy elements for program repair to patch. Recently, a pioneering work, ProFL, explored the unified debugging idea to unify fault localization and program repair in the other direction for the first time to boost both areas. More specifically, ProFL utilizes the patch execution results from one state-of-the-art repair system, PraPR, to help improve state-of-the-art fault localization. In this way, ProFL not only improves fault localization for manual repair, but also extends the application scope of automated repair to all possible bugs (not only the small ratio of bugs that can be automatically fixed). In this work, we perform an extensive study of the ProFL unified-debugging approach on 16 state-of-the-art program repair systems for the first time. Our experimental results on the widely studied Defects4J benchmark suite reveal various practical guidelines for unified de-bugging, such as : (1) nearly all the studied 16 repair systems can contribute to unified debugging despite of their varying repairing capabilities, (2) repair systems targeting multi-edit patches canbring noise for unified debugging, (3) repair systems with more executed/plausible patches tend to perform better for unified debugging, (4) unified debugging effectiveness does not rely on the availability of correct patches in automated repair. Based on our study outcome, we further propose an advanced unified debugging technique, UniDebug++, which can localize over 20% more bugs within Top-1 positions than state-of-the-art ProFL.

Samuel Benton

The University of Texas at Dallas

United States

Xia Li

Kennesaw State University

Yiling Lou

Peking University, China

Lingming Zhang

University of Illinois at Urbana-Champaign, USA

United States

Experience

Third-party libraries (TPLs) have become a significant part of the Android ecosystem. Developers can employ various TPLs with different functionalities to facilitate their app development. Unfortunately, the popularity of TPLs also brings new challenges and even threats. TPLs may carry malicious or vulnerable code and can infect many popular apps to pose threats to mobile users. Besides, the code of third-party libraries could constitute noises in some detection tasks. Thus, researchers have developed various tools to identify TPLs. However, no existing work has studied these TPL detection tools in detail; different tools focus on different applications with performance differences, so little is known about them.

To better understand existing TPL detection tools and dissect TPL detection techniques, we conduct an experience paper and attempt to fill the gap by evaluating and comparing all publicly available TPL detection tools based on four criteria: effectiveness, efficiency, code obfuscation-resilience capability, and ease of use. We reveal their advantages and disadvantages based on our empirical study. The result shows that most TPL detection tools can achieve high precision but with low recall. According to our evaluation and survey results, we recommend different tools for different application scenarios. We find that LibRadar is suitable for large-scale in-app TPL detection. LibPecker is ideal for identifying obfuscated TPLs. LibScout can identify specific library versions, which can be leveraged to find vulnerable TPLs, etc. Besides, we enhance these open-sourced tools by fixing their limitations, to improve their detection ability. We also build an extensible framework that integrates all existing available TPL detection tools, providing online service for the research community. We make publicly available the evaluation dataset and enhanced tools. We believe our work provides a clear picture of existing TPL detection techniques and also give a road-map for future directions.

Zhan Xian

The Hong Kong Polytechnic University

Lingling Fan

Nanyang Technological University, Singapore

Singapore

Tianming Liu

Monash University, Australia

Australia

Sen Chen

Nanyang Technological University, Singapore

Singapore

Li Li

Monash University, Australia

Australia

Haoyu Wang

Beijing University of Posts and Telecommunications, China

China

Yifei Xu

Southern University of Science and Technology

Xiapu Luo

The Hong Kong Polytechnic University

Yang Liu

Nanyang Technological University, Singapore

Singapore