CN112965913B - Java software dependency conflict problem automatic repairing method - Google Patents

Abstract

The application discloses a method for automatically repairing Java software dependency conflict problems, which finds out the dependency conflict problems by analyzing the dependency relationship of Java software items, and obtains classes and methods realized by a program and possible call paths between the classes and the methods by static analysis. According to the application, 4 repair strategies are set, different strategies are selected according to the risk types, the risk-free version is loaded into the current project, and an appropriate dependent version is selected according to the calling path relation of the project to perform automatic version replacement, so that a developer is helped to effectively avoid the problem of dependence conflict. And the method can evaluate whether more dependence conflicts which can cause errors in running can be brought to the project while repairing, and finally, repairing patches and repairing reports can be automatically formed to developers. The probability of running errors encountered by a developer in the development process is reduced, the time for solving the running errors is shortened, and the development cost is saved.

Description

Java software dependency conflict problem automatic repairing method

Technical Field

The application relates to the technical field of software reliability, in particular to a Java software dependency conflict problem automatic repairing method.

Background

Java software forms a huge third-party open-source dependency library under the efforts of many developers. While the third party open source dependency library brings great convenience to the developer in developing Java software projects, it also brings trouble to the developer in how to manage the various third party dependency packages introduced in Java software projects. When a Java software project introduces a third party dependency package, and the development of the third party dependency package introduces other third party dependency packages, a delivery situation is formed, and the situation prevents the Java software project from managing the third party dependency package. Thus, the advent of Maven has brought a good build management solution to the Java software project. Maven is a main construction tool of Java projects and is also a main management tool of third party open source projects introduced by Java projects. By injecting the required third-party dependencies into the configuration file, maven can automatically obtain all the dependency packages required for the project. Thus, not only the management problem of the third party dependency package in the Java software project is solved, but also great convenience is provided for developing the Java software project

Maven, a good solution for Java build management, is able to effectively manage third party dependent packages, but it also presents problems. A third party dependency package often performs processes such as function update and problem repair, and multiple versions are generated after multiple update iterations. Since the dependency package required for the dependency is introduced transitively while the dependency package is introduced, there are often multiple versions of the same dependency package for one Java software project. According to the Maven dependency management mechanism, only one version is loaded into the project, and other versions are shielded, so that a dependency conflict phenomenon occurs. After a third party dependency package is iteratively updated, a situation that a certain class or method exists in one version but does not exist in another version occurs, and when an item uses the method and is actually loaded by a dependency version which does not contain the method, an error occurs in the running process. When a Java software project has a dependency conflict problem, in the case of insufficient integration test, the dependency conflict problem may generate unexpected runtime errors, such as Java. Maven itself, while able to identify dependency conflicts, lacks an effective mechanism to help developers repair dependency conflicts.

The Maven build tool does not provide an effective solution to the problem of run-time errors caused by dependencies in the Maven environment. Once a runtime error is encountered, it takes a significant amount of time to find the class and method that triggered the error, and then find the method to fix the error. Repairing dependency conflicts by analyzing the relationships of classes and methods inside the program can further help software developers avoid program runtime crashes.

Disclosure of Invention

The technical problem to be solved by the application is to provide a Java software dependency conflict problem automatic repairing method aiming at the defects of the prior art

In order to solve the technical problems, the application adopts the following technical scheme: a Java software dependence conflict problem automatic repairing method comprises the following steps:

step 1: acquiring item codes and dependency relations of the current item;

step 2: analyzing the dependency relationship of the current project to obtain risk dependency conflicts and called risk methods, and dividing the risk dependency conflicts into conflicts with direct dependencies and conflicts without direct dependencies, wherein the process is as follows:

step 2.1: traversing the complete dependency tree of the current project, analyzing to obtain dependency relationships with a plurality of versions in the complete dependency tree, and defining the dependency relationships as dependency conflicts;

step 2.2: comparing and analyzing classes and methods in the loaded version jar package with those in the unloaded version jar package, if one method in the unloaded version jar package does not have the corresponding method with the same limiting name in the loaded version jar package, obtaining a method set, judging whether the method in the set is called in the current project, and if so, obtaining the called risk method;

step 2.3: for risk dependency conflicts, checking whether the conflicting loaded version is directly declared dependent of the current item through a dependency graph, and if so, judging that the conflict is directly dependent; otherwise, there is no direct dependent conflict.

Step 3: analyzing risk dependency conflicts, and searching for a risk-free dependency version by judging whether methods in the loaded dependency version meet all calls in the current project or not, wherein the process is as follows:

step 3.1: for risk dependency conflict, analyzing whether the unloaded dependent version method meets all calls of the loaded dependent version method in the project, if so, the unloaded version is a risk-free version, and entering step 3.5; if not, entering the next step;

step 3.2: acquiring all release versions of risk dependence, deleting versions existing in risk conflicts, filtering versions lower than version numbers in the risk conflicts, and sequentially and intensively extracting test versions from the filtered versions;

step 3.3: acquiring a jar packet of a test version, analyzing whether a method in the test version meets all calls of the method in the loaded dependent version in a project, and if so, entering the next step; if not, testing the next version;

step 3.4: analyzing whether the method in the test version contains the called risk method in the unloaded dependent version, and if so, obtaining a risk-free version;

step 3.5: the resulting unloaded or tested version is a risk-free version.

Step 4: setting a repair strategy, and selecting different strategies according to the risk type to load the risk-free version into the current project;

the repair strategy comprises the following 4 types:

1: direct dependence of replacement current item: reading a dependence configuration file of a current item, positioning a statement position directly depended on by a target, and carrying out version replacement;

2: unifying to risk-free versions using a < dependencylmanagement > tag;

3: deleting the currently used version using the < include > tag;

4: directly declaring a risk-free version: and reading the dependency configuration file of the current project, and directly adding a statement of dependency on the risk-free version.

The process of selecting different strategies according to the risk type to load the risk-free version into the current project is as follows:

step 4.1: judging the type of risk dependence conflict after obtaining a risk-free version, and if the risk-dependent conflict exists, performing version replacement by using strategies 1 and 2 in the repair strategy to generate a temporary repair patch; if no direct dependence conflicts exist, performing version replacement by using strategies 2, 3 and 4 to generate a temporary repair patch;

step 4.2: analyzing the dependency relationship after replacement for the repair patches corresponding to different replacement strategies, acquiring the loaded version after the current conflict replacement, and if the version without risk is loaded correctly, replacing successfully; if the risk-free version is not loaded correctly, the replacement fails, and the temporary repair patch corresponding to the failed replacement strategy is deleted.

Step 5: the process of evaluating whether an item after using a repair policy generates a new dependency conflict is as follows:

step 5.1: traversing all temporary repair patches in sequence to acquire a dependency relationship generated by the temporary repair patches;

step 5.2: comparing the new dependency relationship generated by the patch with the original dependency relationship of the project to check whether dependency conflict different from the original project occurs, and if so, entering the next step; if not, go to step 5.4;

step 5.3: comparing and analyzing classes and methods in the loaded version jar package and the unloaded version jar package, if a method in one unloaded version jar package does not have a corresponding method with the same limiting name in the loaded version jar package, obtaining a method set, judging whether the method in the set is called in the current project, and if so, invalidating the repair patch; if no, entering the next step;

step 5.4: and backing up the temporary repair patch which is evaluated to be successful into a folder designated by a user.

Step 6: the repair suggestion and repair patch are pushed to the developer.

The beneficial effects of adopting above-mentioned technical scheme to produce lie in: the method provided by the application not only can identify the dependency conflicts which can possibly generate the runtime errors, but also can provide a reasonable repairing scheme for the dependency conflicts which can possibly generate the runtime errors. The method can obtain the corresponding repair suggestion and repair patch only by using the method in the target Java project, reduces the probability of running errors encountered by a developer in the development process, solves the time of the running errors, and saves the development cost.

Drawings

FIG. 1 is a flowchart of a method for automatically repairing a Java software dependent conflict problem in an embodiment of the application;

FIG. 2 is a flow chart of the method for obtaining a risk-free version according to an embodiment of the present application;

FIG. 3 is a flow chart of replacement of a risk-free version with a repair strategy in an embodiment of the present application;

FIG. 4 is a flowchart of an embodiment of evaluating whether a repair policy is valid.

Detailed Description

The following describes in further detail the embodiments of the present application with reference to the drawings and examples. The following examples are illustrative of the application and are not intended to limit the scope of the application.

As shown in fig. 1, the method for automatically repairing the Java software dependent conflict problem in this embodiment is as follows:

step 1: acquiring item codes and dependency relations of the current item;

in this embodiment, the Maven parses the item pon file to obtain a complete dependency tree of the item, and because the Maven loading mechanism ensures that only one version of each dependency is loaded and used, one complete dependency tree includes the dependency loaded by the item and the dependency not loaded, the complete dependency tree is traversed, each dependency on the dependency tree is regarded as a node and stored in a container of the program, and each node stores information including groupId, artifavtId, version, isUsed, manage, parent and the like.

Step 2: analyzing the dependency relationship of the current project to obtain risk dependency conflicts and called risk methods, and dividing the risk dependency conflicts into conflicts with direct dependencies and conflicts without direct dependencies, wherein the process is as follows:

step 2.1: traversing the complete dependency tree of the current project, analyzing to obtain dependency relationships with a plurality of versions in the complete dependency tree, and defining the dependency relationships as dependency conflicts;

in this embodiment, because each dependency has a unique groupId and ArtifactId, if dependencies with the same groupId and the same ArtifactId occur in the complete dependency tree, and the dependencies are not identical in version, then a conflict of dependencies is generated. Because the item only uses one version, looking at the dependent used value, if true, defining as the loaded version dependent usedDepJar; if false, then the unloaded version depends on unused DepJar. All dependency conflicts identified are placed in the dependency conflict container.

Step 2.2: comparing and analyzing classes and methods in the loaded version jar package with those in the unloaded version jar package, if one method in the unloaded version jar package does not have the corresponding method with the same limiting name in the loaded version jar package, obtaining a method set, judging whether the method in the set is called in the current project, and if so, obtaining the called risk method;

in this embodiment, the dependency conflict container is traversed, for each dependency conflict, classes and methods in jar packages of the loaded version and the unloaded version are resolved, and for the resolved methods, if the method is not implemented in the loaded version but is implemented in the unloaded version, the methods are stored in the testMethods set. The call graph of the project is generated by using the root, and the method in the project is taken as a starting point, and if the method in the testMethods set can be addressed, the method is a risk dependent conflict. The method was added to the riskMethods set.

Step 2.3: for risk dependency conflicts, checking whether the conflicting loaded version is directly declared dependent of the current item through a dependency graph, and if so, judging that the conflict is directly dependent; otherwise, there is no direct dependent conflict.

In this embodiment, for each risk dependency conflict, a parent value of a loaded version usedDepJar is obtained, and if the node parent value is not null, the node parent value is a conflict Type a without direct dependency; and otherwise, a conflict Type B with direct dependence exists.

Step 3: analyzing risk dependency conflicts, and searching for a risk-free dependency version by judging whether a method in the loaded dependency version meets all calls in a current project, wherein the process is as shown in the figure 2, and the process is as follows:

step 3.1: for risk dependency conflict, analyzing whether the unloaded dependent version method meets all calls of the loaded dependent version method in the project, if so, the unloaded version is a risk-free version, and entering step 3.5; if not, entering the next step;

in this embodiment, for each dependency conflict with risk, all methods in the loaded version jar packet are resolved, and a call graph call path diagram of the item is generated through a boot. Starting with the method in the item, if a method in the loaded version can be addressed, the method is added to the usedMethods set. Analyzing whether the method of the unloaded version contains all methods in the usedMethods set, if so, the unloaded version is a safe version without risk, and entering step 3.5, otherwise, entering the next step.

Step 3.2: acquiring all release versions of risk dependence, deleting versions existing in risk conflicts, filtering versions lower than version numbers in the risk conflicts, and sequentially and intensively extracting test versions from the filtered versions;

in this embodiment, all release versions of the conflict dependency are obtained from the Maven repository, the versions are traversed, the conflict dependent loaded and unloaded versions are deleted, and the remaining versions are sorted from high to low into version set versions. And sequentially extracting the versions from the versions, and acquiring the dependent jar package of the version.

Step 3.3: acquiring a jar packet of a test version, analyzing whether a method in the test version meets all calls of the method in the loaded dependent version in a project, and if so, entering the next step; if not, testing the next version;

in this embodiment, the method in the test version jar packet is parsed, the usedfmethod set in step 3.1 is obtained, and if the method in the test version jar packet can include all the methods in the usedfmethod set, the next step is entered; whereas other versions are tried.

Step 3.4: analyzing whether the method in the test version contains the called risk method in the unloaded dependent version, and if so, obtaining a risk-free version;

in this embodiment, the riskMethods set in step 2.2 is obtained, and if the methods in the test version jar packet include all the methods in the riskMethods set, the test version is a risk-free security version; and otherwise try the next version.

Step 3.5: the resulting unloaded or tested version is a risk-free version.

Step 4: setting a repair strategy, and selecting different strategies according to the risk type to load the risk-free version into the current project;

the repair strategy comprises the following 4 types:

1: direct dependence of replacement current item: reading a dependence configuration file of a current item, positioning a statement position directly depended on by a target, and carrying out version replacement;

2: unifying to risk-free versions using a < dependencylmanagement > tag;

3: deleting the currently used version using the < include > tag;

4: directly declaring a risk-free version: and reading the dependency configuration file of the current project, and directly adding a statement of dependency on the risk-free version.

The process of selecting different strategies according to the risk type to load the risk-free version into the current project is shown in fig. 3, and includes the following steps:

step 4.1: judging the type of risk dependence conflict after obtaining a risk-free version, and if the risk-dependent conflict exists, performing version replacement by using strategies 1 and 2 in the repair strategy to generate a temporary repair patch; if no direct dependence conflicts exist, performing version replacement by using strategies 2, 3 and 4 to generate a temporary repair patch;

in this embodiment, the item pon.xml file is read, the code segment with risk conflict is located, the code segment with repair policy is used for replacement, and the sequence number of the repair policy used by combining the replaced file is named pon-repair.

Step 4.2: analyzing the dependency relationship after replacement for the repair patches corresponding to different replacement strategies, acquiring the loaded version after the current conflict replacement, and if the version without risk is loaded correctly, replacing successfully; if the risk-free version is not loaded correctly, the replacement fails, and the temporary repair patch corresponding to the failed replacement strategy is deleted.

In this embodiment, the following is the case: obtaining the dependency relationship of each pon-reply, checking whether the loading version with risk dependency conflict is a replacement version, if so, copying the pon-copy.xml file into a temporary repair patch temp folder; if the riskless version is not loaded correctly, the replacement fails.

Step 5: the project after the repair strategy is evaluated whether a new dependency conflict is generated, and the process is as follows, wherein the process is shown in fig. 4:

step 5.1: traversing all the temporary repair patches pore-copy.xml in sequence to acquire the dependency relationship generated by the temporary repair patches;

step 5.2: comparing the new dependency relationship generated by the patch with the original dependency relationship of the project to check whether dependency conflict different from the original project occurs, and if so, entering the next step; if not, go to step 5.4;

in this embodiment, the dependency relationship of the temporary repair patch is analyzed to obtain a new dependency conflict set newConflicts, and whether the dependency conflict in the original dependency conflict set does not exist in the newConflicts set is checked by limiting the groupId and artifactId values, if so, the new dependency conflict is defined, and the next step is entered; if no woolen cloth appears, the process proceeds to step 5.4.

Step 5.3: comparing and analyzing classes and methods in the loaded version jar package and the unloaded version jar package, if a method in one unloaded version jar package does not have a corresponding method with the same limiting name in the loaded version jar package, obtaining a method set, judging whether the method in the set is called in the current project, and if so, invalidating the repair patch; if no, entering the next step;

in this embodiment, for a new dependency conflict, classes and methods in jar packages of a loaded version and an unloaded version are resolved, and for the resolved method, if the method is not implemented in the loaded version but implemented in the unloaded version, the method is stored in the testMethod set. And generating a call graph of the project by utilizing the root, taking a method in the project as a starting point, and if the method in the testMethod set can be addressed, invalidating the repair patch.

Step 5.4: and backing up the temporary repair patch which is evaluated to be successful into a folder designated by a user.

Step 6: the repair suggestion and repair patch are pushed to the developer.

In this embodiment, a repair suggestion report in the form of a text file is generated, where the report includes detailed information (loaded version number and unloaded version number, structure in dependency tree, call path of risk method, etc.) of risk dependency conflict, available repair policy proposed for risk dependency conflict, and file path of repair patch.

Claims (5)

1. The Java software dependency conflict problem automatic repairing method is characterized by comprising the following steps:

step 1: acquiring item codes and dependency relations of the current item;

step 2: analyzing the dependency relationship of the current project to obtain risk dependency conflicts and called risk methods, and dividing the risk dependency conflicts into conflicts with direct dependencies and conflicts without direct dependencies;

step 3: analyzing risk dependency conflicts, and searching for a risk-free dependent version by judging whether methods in the loaded dependent version meet all calls in the current project;

step 3.1: for risk dependency conflict, analyzing whether the unloaded dependent version method meets all calls of the loaded dependent version method in the project, if so, the unloaded version is a risk-free version, and entering step 3.5; if not, entering the next step;

step 3.2: acquiring all release versions of risk dependence, deleting versions existing in risk conflicts, filtering versions lower than version numbers in the risk conflicts, and sequentially and intensively extracting test versions from the filtered versions;

step 3.3: acquiring a jar packet of a test version, analyzing whether a method in the test version meets all calls of the method in the loaded dependent version in a project, and if so, entering the next step; if not, testing the next version;

step 3.4: analyzing whether the method in the test version contains the called risk method in the unloaded dependent version, and if so, obtaining a risk-free version;

step 3.5: the obtained unloaded version or test version is a risk-free version;

step 4: setting a repair strategy, and selecting different strategies according to the risk type to load the risk-free version into the current project;

step 5: evaluating whether the items after the repair strategy are used generate new dependency conflicts;

step 6: the repair suggestion and repair patch are pushed to the developer.

2. The method for automatically repairing a Java software dependent conflict problem according to claim 1, wherein the procedure of step 2 is as follows:

step 2.1: traversing the complete dependency tree of the current project, analyzing to obtain dependency relationships with a plurality of versions in the complete dependency tree, and defining the dependency relationships as dependency conflicts;

step 2.2: comparing and analyzing classes and methods in the loaded version jar package with those in the unloaded version jar package, if one method in the unloaded version jar package does not have the corresponding method with the same limiting name in the loaded version jar package, obtaining a method set, judging whether the method in the set is called in the current project, and if so, obtaining the called risk method;

step 2.3: for risk dependency conflicts, checking whether the conflicting loaded version is directly declared dependent of the current item through a dependency graph, and if so, judging that the conflict is directly dependent; otherwise, there is no direct dependent conflict.

3. The method for automatically repairing a Java software dependent conflict problem according to claim 1, wherein the repairing policy comprises 4 kinds of following:

1: direct dependence of replacement current item;

2: unifying to risk-free versions using a < dependencylmanagement > tag;

3: deleting the currently used version using the < include > tag;

4: the risk-free version is declared directly.

4. A method for automated repair of Java software dependent conflict problems according to claim 3, wherein the process of selecting different policies according to risk type to load risk-free versions into the current project is as follows:

step 4.1: judging the type of risk dependence conflict after obtaining a risk-free version, and if the risk-dependent conflict exists, performing version replacement by using strategies 1 and 2 in the repair strategy to generate a temporary repair patch; if no direct dependence conflicts exist, performing version replacement by using strategies 2, 3 and 4 to generate a temporary repair patch;

step 4.2: analyzing the dependency relationship after replacement for the repair patches corresponding to different replacement strategies, acquiring the loaded version after the current conflict replacement, and if the version without risk is loaded correctly, replacing successfully; if the risk-free version is not loaded correctly, the replacement fails, and the temporary repair patch corresponding to the failed replacement strategy is deleted.

5. The method for automatically repairing a Java software dependent conflict problem according to claim 1, wherein the procedure of step 5 is as follows:

step 5.1: traversing all temporary repair patches in sequence to acquire a dependency relationship generated by the temporary repair patches;

step 5.2: comparing the new dependency relationship generated by the patch with the original dependency relationship of the project to check whether dependency conflict different from the original project occurs, and if so, entering the next step; if not, go to step 5.4;

step 5.3: comparing and analyzing classes and methods in the loaded version jar package and the unloaded version jar package, if a method in one unloaded version jar package does not have a corresponding method with the same limiting name in the loaded version jar package, obtaining a method set, judging whether the method in the set is called in the current project, and if so, invalidating the repair patch; if no, entering the next step;

step 5.4: and backing up the temporary repair patch which is evaluated to be successful into a folder designated by a user.