Computer Science > Software Engineering
[Submitted on 25 Mar 2022 (v1), revised 12 Jul 2022 (this version, v2), latest version 24 Aug 2023 (v4)]
Title:Dependency Solvers à la Carte
View PDFAbstract:Package managers, such as NPM, are critical components of modern software development, allowing programmers to access large ecosystems full of useful packages. Given only a few lines of configuration, a package manager automates the downloading and installation of perhaps hundreds of (transitive) dependencies. To achieve this, package managers perform dependency solving to choose which concrete versions of dependencies to install. However, different solvers select dependency versions in very different ways, which affects correctness, code size, and other factors of the final bundled software in ways that are opaque and confusing to programmers. Moreover, the exact behaviors of dependency solvers are defined by their implementations, rather than by specifications, which inhibits systematic comparisons of dependency solvers, whether looking at formal properties or empirical evaluations.
We present PacSolve, a unifying formal semantics of dependency solving. PacSolve is parameterized along several key axes, allowing it to compactly represent the key features and differences between NPM, PIP and Cargo, and to express a wide variety of alternative semantics for dependency solving. We then build an executable implementation of PacSolve using Rosette, and use it to implement a drop-in replacement for NPM called MinNPM. MinNPM allows the user to customize both the consistency criteria and optimization objectives. We show empirically that MinNPM shrinks the footprint of 21% of the top 1,000 most downloaded NPM packages with at least one dependency, and that it produces a newer set of dependencies for 14%. We also use MinNPM to answer key empirical questions about dependency solver design. Notably, we show that NPM's tree-solving semantics is only necessary for 1.9% of its packages, and that MinNPM gives higher quality solutions while taking only 2.6 seconds longer than NPM on average.
Submission history
From: Donald Pinckney [view email][v1] Fri, 25 Mar 2022 16:11:51 UTC (190 KB)
[v2] Tue, 12 Jul 2022 17:10:10 UTC (183 KB)
[v3] Thu, 15 Dec 2022 00:09:36 UTC (969 KB)
[v4] Thu, 24 Aug 2023 04:20:31 UTC (968 KB)
References & Citations
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.