Empowering Developers to Select and Correctly Use Software Libraries
Speaker: Sarah Nadi, University of Alberta
Date: December 9, 2021, 11 a.m.
Host: Jinyang Li
Attend via Zoom: https://nyu.zoom.us/j/93466338567
Sarah Nadi is an Assistant Professor in the Department of Computing Science at the University of Alberta, and a Tier II Canada Research Chair in Software Reuse. She obtained her Master's (2010) and PhD (2014) degrees from the University of Waterloo in Canada. Before joining the University of Alberta in 2016, she spent approximately two years as a post-doctoral researcher at the Technische Universität Darmstadt in Germany. Sarah's research focuses on providing intelligent support for software maintenance and reuse across three main themes: developing variability analysis strategies to help developers deal with the complexity of highly configurable software systems designed to enable large-scale code reuse, providing software integration support for consolidating changes from multiple versions of the same system as they evolve over time, and creating recommender systems to guide developers through correctly and securely reusing individual functionality from external libraries. Sarah leads the Software Maintenance and Reuse (SMR) lab at the University of Alberta. For more information on SMR's research projects, please visit https://sarahnadi.org/smr/.
Modern software systems heavily rely on third-party components to accomplish various tasks. For example, to connect to a database or to encrypt a file, developers will not re-invent the wheel and write code from scratch; instead, they will simply find a library they can use to fulfill this functionality. While software libraries promote code reuse and come with many benefits, they also come with their own difficulties. For example, with so many competing libraries to choose from and different factors to consider, picking the appropriate library is not always a straightforward decision. Incorrectly choosing a buggy, slow, or insecure library to use can lead to high maintenance costs down the line when developers are forced to replace this library or deal with the rippling effects of its problems. Worse, even after deciding on a library, developers need to figure out how to correctly use the library's Application Programming Interface (API). Many APIs have implicit undocumented constraints on how they should be used, leading developers to unknowingly misuse them and introduce hidden bugs in their code. In this talk, I will discuss some of the work my research group has done to help developers deal with the above problems. Specifically, I will talk about our metric-based comparison of software libraries, where we automatically mine various data sources to empower developers with information that can help them make better decisions when selecting libraries. I will also talk about how we systematically evaluated current API-misuse detection tools to understand their weaknesses and strengths before building a new detector, MuDetect. MuDetect is a pattern-based misuse detection tool that can warn developers about the mistakes they make while using a library's API.