research-article

Public Access

How to break an API: cost negotiation and community values in three software ecosystems

Authors:

Christopher Bogart,

Christian Kästner,

James Herbsleb,

Ferdian ThungAuthors Info & Claims

FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Pages 109 - 120

https://doi.org/10.1145/2950290.2950325

Published: 01 November 2016 Publication History

Abstract

Change introduces conflict into software ecosystems: breaking changes may ripple through the ecosystem and trigger rework for users of a package, but often developers can invest additional effort or accept opportunity costs to alleviate or delay downstream costs. We performed a multiple case study of three software ecosystems with different tooling and philosophies toward change, Eclipse, R/CRAN, and Node.js/npm, to understand how developers make decisions about change and change-related costs and what practices, tooling, and policies are used. We found that all three ecosystems differ substantially in their practices and expectations toward change and that those differences can be explained largely by different community values in each ecosystem. Our results illustrate that there is a large design space in how to build an ecosystem, its policies and its supporting infrastructure; and there is value in making community values and accepted tradeoffs explicit and transparent in order to resolve conflicts and negotiate change-related costs.

Supplementary Material

Auxiliary Archive (p109-bogart-s.zip)

Supplement A: Semi-structured interview script for the interviews described in the paper.

Download
80.50 KB

References

[1]

C. Artho, K. Suzaki, R. Di Cosmo, R. Treinen, and S. Zacchiroli. Why do software packages conflict? In Proc. Working Conf. Mining Software Repositories (MSR), pages 141–150. IEEE Computer Society, 2012.

Digital Library

[2]

S. A. Bohner and R. S. Arnold. Software Change Impact Analysis. IEEE Computer Society Press, Los Alamitos, CA, 1996.

Digital Library

[3]

K. J. Boudreau and A. Hagiu. Platform rules: multi-sided platforms as regulators. Platforms, Markets and Innovation, pages 163–191, 2009.

[4]

J. L. Cánovas Izquierdo and J. Cabot. Enabling the Definition and Enforcement of Governance Rules in Open Source Systems. Proc. Int’l Conf. Software Engineering (ICSE), pages 505–514, 2015.

Digital Library

[5]

J. Corbin and A. Strauss. Basics of Qualitative Research (3rd ed.): Techniques and Procedures for Developing Grounded Theory, chapter Criteria for Evaluation. SAGE Publications, Inc., 2014.

[6]

B. E. Cossette and R. J. Walker. Seeking the ground truth: A retroactive study on the evolution and migration of software libraries. In Proc. Int’l Symposium Foundations of Software Engineering (FSE), page 55. ACM Press, 2012.

Digital Library

[7]

L. Dabbish, C. Stuart, J. Tsay, and J. Herbsleb. Social Coding in GitHub: Transparency and Collaboration in an Open Software Repository. In Proc. Conf. Computer Supported Cooperative Work (CSCW), pages 1277–1286, 2012.

Digital Library

[8]

B. Dagenais and M. P. Robillard. Creating and Evolving Developer Documentation: Understanding the Decisions of Open Source Contributors. ACM International Symposium on Foundations of Software Engineering, pages 127–136, 2010.

Digital Library

[9]

C. R. B. de Souza and D. F. Redmiles. An empirical study of software developers’ management of dependencies and changes. Proc. Int’l. Conf. Software Engineering (ICSE), 2008.

Digital Library

[10]

C. R. B. De Souza and D. F. Redmiles. On the roles of APIs in the coordination of collaborative software development. Computer Supported Cooperative Work, 18(5-6):445–475, 2009.

Digital Library

[11]

A. Decan, T. Mens, M. Claes, and P. Grosjean. When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Problems. International Conference on Software Analysis, Evolution, and Reengineering, pages 493–504, 2016.

[12]

J. des Rivières. API first, 2005. Talk at EclipseCon’05, slides: http://www.eclipsecon.org/2005/presentations/ EclipseCon2005 12.2APIFirst.pdf.

[13]

J. des Rivières. Evolving Java-based APIs, 2007. Online documentation: https://wiki.eclipse.org/Evolving Java-based APIs.

[14]

D. Dig and R. Johnson. How do APIs evolve? A story of refactoring. Journal of Software Maintenance and Evolution: Research and Practice, 18(2):83–107, 2006.

Digital Library

[15]

S. G. Eick, T. L. Graves, A. F. Karr, J. Marron, and A. Mockus. Does code decay? Assessing the evidence from change management data. IEEE Trans. Softw. Eng. (TSE), 27(1):1–12, Jan 2001.

Digital Library

[16]

E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Boston, MA, 1995.

Digital Library

[17]

Gemnasium. http://gemnasium.com.

[18]

Greenkeeper. http://greenkeeper.io.

[19]

C. Gutwin, R. Penner, and K. Schneider. Group awareness in distributed software development. Proc. Conf. Computer Supported Cooperative Work (CSCW), pages 72–81, 2004.

Digital Library

[20]

J. Henkel and A. Diwan. CatchUp!: Capturing and replaying refactorings to support API evolution. In Proc. Int’l Conf. Software Engineering (ICSE), pages 274–283. ACM Press, 2005.

Digital Library

[21]

R. Holmes and R. J. Walker. Customized awareness: Recommending relevant external change events. In Proc. Int’l Conf. Software Engineering (ICSE), pages 465–474. ACM Press, 2010.

Digital Library

[22]

D. Hou and X. Yao. Exploring the intent behind API evolution: A case study. In Proc. Working Conf. Reverse Engineering (WCRE), pages 131–140. IEEE Computer Society, 2011.

Digital Library

[23]

S. J. Jackson, D. Ribes, A. G. Buyuktur, and G. C. Bowker. Collaborative rhythm: Temporal dissonance and alignment in collaborative scientific work. Proc. Conf. Computer Supported Cooperative Work (CSCW), pages 245–254, 2011.

Digital Library

[24]

P. Kapur, B. Cossette, and R. J. Walker. Refactoring references for library migration. In Proc. Int’l Conf. Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), pages 726–738. ACM Press, 2010.

Digital Library

[25]

D. Le Berre and P. Rapicault. Dependency management for the Eclipse ecosystem: Eclipse P2, metadata and resolution. In Proc. Int’l Workshop on Open Component Ecosystems (IWOCE), pages 21–30. ACM Press, 2009.

Digital Library

[26]

M. Lehman. Programs, life cycles, and laws of software evolution. Proceedings of the IEEE, 68(9):1060–1076, Sept 1980.

[27]

M. Linares-Vásquez, G. Bavota, C. Bernal-Cárdenas, M. Di Penta, R. Oliveto, and D. Poshyvanyk. API change and fault proneness: A threat to the success of Android apps. In Proc. Europ. Software Engineering Conf./Foundations of Software Engineering (ESEC/FSE), pages 477–487. ACM Press, 2013.

Digital Library

[28]

N. H. Madhavji. Environment evolution: The Prism model of changes. IEEE Trans. Softw. Eng. (TSE), 18(5):380–392, May 1992.

Digital Library

[29]

F. Mancinelli, J. Boender, R. Di Cosmo, J. Vouillon, B. Durak, X. Leroy, and R. Treinen. Managing the complexity of large free and open source package-based software distributions. In Proc. Int’l Conf. Automated Software Engineering (ASE), pages 199–208. IEEE Computer Society, 2006.

Digital Library

[30]

M. Mattsson and J. Bosch. Stability assessment of evolving industrial object-oriented frameworks. Journal of Software Maintenance: Research and Practice, 12(2):79–102, 2000.

Digital Library

[31]

T. McDonnell, B. Ray, and M. Kim. An empirical study of API stability and adoption in the Android ecosystem. In Proc. Int’l Conf. Software Maintenance (ICSM). IEEE Computer Society, 2013.

Digital Library

[32]

E. Murphy-Hill, T. Zimmerman, and N. Nagappan. Cowboys, ankle sprains, and keepers of quality: how is video game development different from software development? Proc. Int’l. Conf. Software Engineering (ICSE), pages 1–11, 2014.

Digital Library

[33]

S. O’Mahony and F. Ferraro. The emergence of governance in an open source community. Academy of Management Journal, 50(5):1079–1106, 2007.

[34]

J. Ooms. Possible Directions for Improving Dependency Versioning in R. The R Journal, 5(1):1–9, 2013.

[35]

K. Ostermann, P. G. Giarrusso, C. Kästner, and T. Rendel. Revisiting information hiding: Reflections on classical and nonclassical modularity. In Proc. Europ. Conf. Object-Oriented Programming (ECOOP), volume 6813 of Lecture Notes in Computer Science, pages 155–178. Springer-Verlag, 2011.

Digital Library

[36]

R. Padhye, S. Mani, and V. S. Sinha. NeedFeed: Taming Change Notifications by Modeling Code Relevance. Proc. Int’l Conf. Automated Software Engineering (ASE), pages 665–675, 2014.

Digital Library

[37]

D. L. Parnas. On the criteria to be used in decomposing systems into modules. Commun. ACM, 15(12):1053–1058, 1972.

Digital Library

[38]

T. Preston-Werner. Semantic versioning 2.0.0, 2013. Online: http://semver.org.

[39]

S. Raemaekers, A. van Deursen, and J. Visser. Measuring software library stability through historical version analysis. In Proc. Int’l Conf. Software Maintenance (ICSM), pages 378–387. IEEE Computer Society, 2012.

Digital Library

[40]

S. Raemaekers, A. Van Deursen, and J. Visser. Semantic versioning versus breaking changes: A study of the Maven repository. In Proc. Int’l Working Conf. Source Code Analysis and Manipulation (SCAM), pages 215–224. IEEE Computer Society, 2014.

Digital Library

[41]

R. Robbes, M. Lungu, and D. Röthlisberger. How do developers react to API deprecation? The case of a Smalltalk ecosystem. In Proc. Int’l Symposium Foundations of Software Engineering (FSE), pages 56:1–56:11. ACM Press, 2012.

Digital Library

[42]

RStudio Team. RStudio: Integrated Development for R. Technical report, RStudio, Inc., Boston MA, 2015.

[43]

L. Singer, F. Figueira Filho, and M.-A. Storey. Software engineering at the speed of light: how developers stay current using twitter. Proc. Int’l. Conf. Software Engineering (ICSE), pages 211–221, 2014.

Digital Library

[44]

I. Sommerville. Software Engineering. Pearson Addison Wesley, 9th edition, 2010.

Digital Library

[45]

A. Stakoviak, A. Thorp, and I. Schleuter. The Changelog, 2013. Podcast: https://changelog.com/101/.

[46]

P. Tarr, H. Ossher, W. Harrison, and S. M. Sutton, Jr. N degrees of separation: Multi-dimensional separation of concerns. In Proc. Int’l Conf. Software Engineering (ICSE), pages 107–119. IEEE Computer Society, 1999.

Digital Library

[47]

A. Tiwana, B. Konsynski, and A. a. Bush. Platform evolution: Coevolution of platform architecture, governance, and environmental dynamics. Information Systems Research, 21(4):675–687, 2010.

Digital Library

[48]

I. van den Berk, S. Jansen, and L. Luinenburg. Software ecosystems. Proc. European Conference on Software Architecture Companion Volume (ECSA), pages 127–134, 2010.

Digital Library

[49]

M. Weiser. Program slicing. IEEE Trans. Softw. Eng. (TSE), 10(4):352–357, 1984.

Digital Library

[50]

D. M. Weiss and V. R. Basili. Evaluating software development by analysis of changes: Some data from the software engineering laboratory. IEEE Trans. Softw. Eng. (TSE), 11(2):157–168, Feb. 1985.

Digital Library

[51]

H. Wickham. Releasing a package. O’Reilly Media, Sebastopol, CA, 2015. Online: http://r-pkgs.had.co.nz/release.html.

[52]

W. Wu, F. Khomh, B. Adams, Y. G. Guéhéneuc, and G. Antoniol. An exploratory study of API changes and usages based on Apache and Eclipse ecosystems. Empirical Software Engineering, pages 1–47, 2015.

[53]

Y. Xie. R package versioning, 2013. Blog post: http://yihui.name/en/2013/06/r-package-versioning/.

[54]

S. S. Yau and J. S. Collofello. Some stability measures for software maintenance. IEEE Trans. Softw. Eng. (TSE), 6(6):545–552, Nov. 1980.

Digital Library

[55]

R. A. Yin. Case Study Research: Design and Methods. SAGE Publications, 5th edition, 2013.

Cited By

Chen ZHu XXia XGao YXu TLo DYang XRoychoudhury APaiva AAbreu RStorey M(2024)Exploiting Library Vulnerability via Migration Based Automating Test GenerationProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639583(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639583
Anastasia TStamatia B(2024)Managing Security Vulnerabilities Introduced by Dependencies in React.JS JavaScript Framework2024 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)10.1109/SANER-C62648.2024.00022(126-133)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER-C62648.2024.00022
Qi QCao J(2024)An Empirical Study on Downstream Dependency Package Groups in Software Packaging EcosystemsIET Software10.1049/2024/44884122024(1-23)Online publication date: 30-Apr-2024
https://doi.org/10.1049/2024/4488412
Show More Cited By

Index Terms

How to break an API: cost negotiation and community values in three software ecosystems
1. Software and its engineering
  1. Software creation and management
    1. Collaboration in software development

Recommendations

When and How to Make Breaking Changes: Policies and Practices in 18 Open Source Software Ecosystems
Continuous Special Section: AI and SE

Open source software projects often rely on package management systems that help projects discover, incorporate, and maintain dependencies on other packages, maintained by other people. Such systems save a great deal of effort over ad hoc ways of ...
Software ecosystems: a software ecosystem strategy assessment model
ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

Software companies and organizations increasingly open up their business to other software companies and as a consequence they find themselves in an ecosystem of software companies, developers and partners. These actors, and especially the software ...
Software Ecosystems: Trends and Impacts on Software Engineering
SBES '12: Proceedings of the 2012 26th Brazilian Symposium on Software Engineering

Economic and social issues are pointed out as Software Engineering (SE) challenges for the next years, since the field needs to treat issues beyond the technical side. These challenges require analyzing the field of SE from another perspective. In this ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

November 2016

1156 pages

ISBN:9781450342186

DOI:10.1145/2950290

General Chair:
Thomas Zimmermann
Microsoft Research, USA
,
Program Chairs:
Jane Cleland-Huang
University of Notre Dame, USA
,
Zhendong Su
University of California at Davis, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Systems Engineering Research Center
Alfred P. Sloan Foundation
Science of Security Lablet
National Science Foundation

Conference

FSE'16

Sponsor:

SIGSOFT

FSE'16: 24nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering

November 13 - 18, 2016

WA, Seattle, USA

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

146
Total Citations
View Citations
2,103
Total Downloads

Downloads (Last 12 months)212
Downloads (Last 6 weeks)28

Reflects downloads up to 04 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen ZHu XXia XGao YXu TLo DYang XRoychoudhury APaiva AAbreu RStorey M(2024)Exploiting Library Vulnerability via Migration Based Automating Test GenerationProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639583(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639583
Anastasia TStamatia B(2024)Managing Security Vulnerabilities Introduced by Dependencies in React.JS JavaScript Framework2024 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C)10.1109/SANER-C62648.2024.00022(126-133)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER-C62648.2024.00022
Qi QCao J(2024)An Empirical Study on Downstream Dependency Package Groups in Software Packaging EcosystemsIET Software10.1049/2024/44884122024(1-23)Online publication date: 30-Apr-2024
https://doi.org/10.1049/2024/4488412
Cao YChen ZZhang XLi YChen LWang L(2024)Diagnosis of package installation incompatibility via knowledge baseScience of Computer Programming10.1016/j.scico.2024.103098(103098)Online publication date: Mar-2024
https://doi.org/10.1016/j.scico.2024.103098
Li FLou YTan XChen ZDong JLi YWang XHao DZhang L(2024)What can we learn from quality assurance badges in open-source software?Science China Information Sciences10.1007/s11432-022-3611-367:4Online publication date: 26-Mar-2024
https://doi.org/10.1007/s11432-022-3611-3
ISLAM SGAIKOVINA KULA RTREUDE CCHINTHANET BISHIO TMATSUMOTO K(2023)An Empirical Study of Package Management Issues via Stack OverflowIEICE Transactions on Information and Systems10.1587/transinf.2022MPP0001E106.D:2(138-147)Online publication date: 1-Feb-2023
https://doi.org/10.1587/transinf.2022MPP0001
Miller CKästner CVasilescu BChandra SBlincoe KTonella P(2023)“We Feel Like We’re Winging It:” A Study on Navigating Open-Source Dependency AbandonmentProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616293(1281-1293)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616293
Fang HHerbsleb JVasilescu BChandra SBlincoe KTonella P(2023)Matching Skills, Past Collaboration, and Limited Competition: Modeling When Open-Source Projects Attract ContributorsProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616282(42-54)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616282
Javan Jafari ACosta DShihab EAbdalkareem R(2023)Dependency Update Strategies and Package CharacteristicsACM Transactions on Software Engineering and Methodology10.1145/360311032:6(1-29)Online publication date: 29-Sep-2023
https://dl.acm.org/doi/10.1145/3603110
Venturini DCogo FPolato IGerosa MWiese I(2023)I Depended on You and You Broke Me: An Empirical Study of Manifesting Breaking Changes in Client PackagesACM Transactions on Software Engineering and Methodology10.1145/357603732:4(1-26)Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1145/3576037
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents