Abstract image of a woman sitting on books and studying on a laptop

ECSA 2023 Ubuntu Case Study

C
CREST

The document analyzes the evolution of inter-package dependencies in Ubuntu, exploring software dependency types, the Depex framework for dependency extraction, and findings from a case study over 18 years. It discusses complexities related to dependencies, measurement metrics, and the challenges of system-wide dependencies observability. Future work suggests enhancements in monitoring missing libraries and updating dependency graphs in real-time.

Software
Related topics:
Insights on Software Development
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Analyzing the Evolution of Inter-package Dependencies in Operating Systems: A Case Study of Ubuntu Victor Prokhorenko, Chadni Islam, Muhammad Ali Babar
Overview  Software dependencies and complexity  Operating Systems context  DepEx framework - Dependency extraction  Ubuntu – Findings  Future work directions and enhancements
Types of software dependencies • Code libraries (source or binary) • Network sockets • UNIX domain sockets • Pipes • File-based • Run-time code provisioning • Downloading from external source • Generated by external applications • Discoverable and undiscoverable
Code libraries • Available in source form at compile time • Used through various form of Import- and Include-like statements • Can be in-lined or embedded, thus eliminating external dependency • Dynamically loadable at run time • Typically met in form of .so and .dll files • Can have recursive dependencies of their own
Binary Dynamically Loadable Libraries • Required to be present in the system for a given application to start • Required to be located in a discoverable “place” • Required to contain the necessary functionality • List of exported functions • Versioning considerations • Source code may be inaccessible • Sourced from: • Application bundle • Pre-existing Operating System
Binary Dynamically Loadable Libraries: example
Complexity aspect: dependency-based metrics • How do dependencies reflect application complexity? • How do dependencies reflect library importance? • Four metrics investigated: Presence, Coverage, Occurrence, Usage • Developer-facing complexity vs. recursion
Operating system context • Single application development phase • Testing through compilation and execution • Multiple tools: compiler, IDE, tests, debuggers • Multiple applications usage phase • Automatic dependency installation (apt install) • Library version conflicts: versioned names • Bundling: archive, container, VM • Base system inflation
System-wide dependencies observability • Emergent high-level architecture appears as a result of combining multiple independently-developed applications • Constant system modifications and updates lead to lack of stable picture • Lack of bird’s eye view: • Are there any libraries missing that are required by executables in the system? Which ones? • Which executables would not be able to run due to the lack of required libraries? • What are the most popular/critical libraries (i.e. required by most number of executables)? Least popular? • Which libraries are present in the system but not required by any executable?
DepEx: Dependency Extractor framework • Plugin-based architecture • Presence and Coverage metrics • Scans file system and stores discovered dependencies in a structured database • Current development targeted at run-time file modifications tracking
Ubuntu case study • Why Ubuntu? • High popularity • Consistent archives • Detailed release notes • Long history – chance to find evolutionary patterns • Technical challenges • Disk space requirements • Image format and compression changed over time
Ubuntu case study: statistics • 84 consecutive versions (5.04 to 23.04) • 18 years of history • 114GB of compressed images • 9.8 million total files • Over 408000 total binaries and executables • Almost 2 millions of library-level dependencies extracted
Ubuntu: libraries vs. executable vs. total files
Ubuntu: dependencies vs. files
Ubuntu: average dependencies
Ubuntu: maximum dependencies
Ubuntu: direct dependencies drift
Ubuntu: most popular libraries (direct) Rank Library Direct uses 1 libc 4397 2 libpthread 1438 3 libglib 1037 4 libgobject 945 5 libm 836 6 librt 719 7 libgthread 660 8 libgmodule 658 9 libgtk-x11 656 10 libdl 601 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 L I B C L I B P T H R E A D L I B G L I B L I B G O B J E C T L I B M L I B R T L I B G T H R E A D L I B G M O D U L E L I B G T K - X 1 1 L I B D L DIRECT USES
Ubuntu: executable/library complexity (recursive) Rank Library Direct uses 1 gnome-control-center 273 2 gnome-initial-setup 169 3 shotwell-publishing 164 4 libiradio 158 5 librilo 158 6 evolution-alarm-notify 156 7 gnome-todo 155 8 smbd.x86_64-linux-gnu 155 9 empathy-call 154 10 libclplug_gtk3lo 154 0 50 100 150 200 250 300 DEPENDENCIES
Visualization challenges
Conclusion • Executables with a high number of recursive dependencies can be removed • “Complexity” comes from large number of subsystems: image formats, setup • Highly popular libraries are here to stay • A large number of libraries (up to three quarters) are not explicitly required • Plugins – discovered and loaded through a different mechanism • Shipped “just in case” for applications that would likely be installed • While periodic cleanups occur in practice, averages still steadily grow • Developer-facing complexity tends to be controlled
Future work directions and enhancements • More plugins for more executable types • Network awareness • Run-time file activity tracking and dependency graph updating • Real-time system health monitoring • Missing libraries, broken executables, missing links • Recovery/fixing recommendations • Most required missing library? • Last file event impact?
CRICOS 00123M

More Related Content

PPTX
Linux
CIIT Wahcantt, Taxila distt. Rawalpindi Pakistan
 
PPTX
Network_lecture_for_students_whom_intersted.pptx
IslamReda28
 
PDF
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
PDF
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
GlobalLogic Ukraine
 
PDF
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
GlobalLogic Ukraine
 
PDF
Hands on kubernetes_container_orchestration
Amir Hossein Sorouri
 
PPTX
Application Performance & Flexibility on Exokernel Systems paper review
Vimukthi Wickramasinghe
 
PDF
Docker Dojo
Hugo González Labrador
 
Linux
CIIT Wahcantt, Taxila distt. Rawalpindi Pakistan
 
Network_lecture_for_students_whom_intersted.pptx
IslamReda28
 
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
Embedded Webinar #13: "From Zero to Hero: contribute to Linux Kernel in 15 mi...
GlobalLogic Ukraine
 
From Zero to Hero - Contribute to Linux Kernel in 15 Minutes
GlobalLogic Ukraine
 
Hands on kubernetes_container_orchestration
Amir Hossein Sorouri
 
Application Performance & Flexibility on Exokernel Systems paper review
Vimukthi Wickramasinghe
 
Docker Dojo
Hugo González Labrador
 

Similar to ECSA 2023 Ubuntu Case Study (20)

PDF
unixoperatingsystem-130327073532-phpapp01.pdf
IxtiyorTeshaboyev
 
PPTX
Lecture01_IntroToLinuxAndEmbeddedSystems.pptx
ChetanNaikJECE
 
PPTX
Lecture01_IntroToLinuxAndEmbeddedSystems.pptx
ChetanNaikJECE
 
PPTX
Lecture01_IntroToLinuxAndEmbeddedSystems.pptx
ChetanNaikJECE
 
PDF
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
PDF
Docker and the Linux Kernel
Docker, Inc.
 
PDF
Immutable Image-Based Operating Systems - EW2024.pdf
Drew Moseley
 
PDF
Linux for embedded_systems
Vandana Salve
 
PPTX
Pune-Cocoa: Blocks and GCD
Prashant Rane
 
PDF
Course 101: Lecture 4: A Tour in RTOS Land
Ahmed El-Arabawy
 
PDF
Embedded Systems: Lecture 5: A Tour in RTOS Land
Ahmed El-Arabawy
 
PPTX
Operating system components
Syed Zaid Irshad
 
PPTX
Top 10 dev ops tools (1)
yalini97
 
PPTX
Programs for office management
suhailaadeeb
 
PPT
scaling compiled applications - highload 2013
ice799
 
PDF
Building Embedded Linux Systems Introduction
Sherif Mousa
 
PPTX
Introduction to Operating system and graduate
RamaSubramanian79
 
PDF
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
Gaetano Giunta
 
PDF
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Project
 
PPTX
Flexible compute
Peter Clapham
 
unixoperatingsystem-130327073532-phpapp01.pdf
IxtiyorTeshaboyev
 
Lecture01_IntroToLinuxAndEmbeddedSystems.pptx
ChetanNaikJECE
 
Lecture01_IntroToLinuxAndEmbeddedSystems.pptx
ChetanNaikJECE
 
Lecture01_IntroToLinuxAndEmbeddedSystems.pptx
ChetanNaikJECE
 
Building Embedded Linux Full Tutorial for ARM
Sherif Mousa
 
Docker and the Linux Kernel
Docker, Inc.
 
Immutable Image-Based Operating Systems - EW2024.pdf
Drew Moseley
 
Linux for embedded_systems
Vandana Salve
 
Pune-Cocoa: Blocks and GCD
Prashant Rane
 
Course 101: Lecture 4: A Tour in RTOS Land
Ahmed El-Arabawy
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Ahmed El-Arabawy
 
Operating system components
Syed Zaid Irshad
 
Top 10 dev ops tools (1)
yalini97
 
Programs for office management
suhailaadeeb
 
scaling compiled applications - highload 2013
ice799
 
Building Embedded Linux Systems Introduction
Sherif Mousa
 
Introduction to Operating system and graduate
RamaSubramanian79
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
Gaetano Giunta
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Project
 
Flexible compute
Peter Clapham
 
Ad

More from CREST (20)

PDF
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
CREST
 
PPTX
Making Software and Software Engineering visible
CREST
 
PPTX
Understanding and Addressing Architectural Challenges of Cloud- Based Systems
CREST
 
PPTX
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
CREST
 
PPTX
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
CREST
 
PPTX
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
CREST
 
PPTX
A Decentralised Platform for Provenance Management of Machine Learning Softwa...
CREST
 
PPTX
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
CREST
 
PPTX
Falling for Phishing: An Empirical Investigation into People's Email Response...
CREST
 
PPTX
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
CREST
 
PPTX
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
CREST
 
PPTX
Detecting Misuses of Security APIs: A Systematic Review
CREST
 
PPTX
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
CREST
 
PPTX
Data Quality for Software Vulnerability Dataset
CREST
 
PPTX
Mod2Dash Presentation
CREST
 
PDF
Run-time Patching and updating Impact Estimation
CREST
 
PDF
Energy Efficiency Evaluation of Local and Offloaded Data Processing
CREST
 
PPTX
Designing Quality-Driven Blockchain Networks
CREST
 
PPTX
Privacy Engineering in the Wild
CREST
 
PPTX
Security Data Quality Challenges
CREST
 
Mobile Devices: Systemisation of Knowledge about Privacy Invasion Tactics and...
CREST
 
Making Software and Software Engineering visible
CREST
 
Understanding and Addressing Architectural Challenges of Cloud- Based Systems
CREST
 
DevSecOps: Continuous Engineering with Security by Design: Challenges and Sol...
CREST
 
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
CREST
 
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
CREST
 
A Decentralised Platform for Provenance Management of Machine Learning Softwa...
CREST
 
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
CREST
 
Falling for Phishing: An Empirical Investigation into People's Email Response...
CREST
 
An Experience Report on the Design and Implementation of an Ad-hoc Blockchain...
CREST
 
Gazealytics: A Unified and Flexible Visual Toolkit for Exploratory and Compar...
CREST
 
Detecting Misuses of Security APIs: A Systematic Review
CREST
 
Chen_Reading Strategies for Graph Visualizations that Wrap Around in Torus To...
CREST
 
Data Quality for Software Vulnerability Dataset
CREST
 
Mod2Dash Presentation
CREST
 
Run-time Patching and updating Impact Estimation
CREST
 
Energy Efficiency Evaluation of Local and Offloaded Data Processing
CREST
 
Designing Quality-Driven Blockchain Networks
CREST
 
Privacy Engineering in the Wild
CREST
 
Security Data Quality Challenges
CREST
 
Ad

Recently uploaded (20)

PPTX
Tech Workshop Escape Room Tech Workshop
muthuiyad
 
PDF
Wondershare Recoverit Full Crack New Version (Latest 2025)
hashmi66g66
 
PDF
Topaz Photo AI Crack New Download (Latest 2025)
hashmi66g66
 
PDF
Microsoft Office 365 Crack Download Free
wasibhadar
 
PDF
AI Guide for Business Growth - Arna Softech
Arna Softech
 
PDF
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
DOCX
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
PPTX
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
PDF
Visual explanation of Dijkstra's Algorithm using Python
Universidad Nacional de Ingenieria
 
PDF
Time Tracking Features That Teams and Organizations Actually Need
Orangescrum
 
PPTX
GSA Content Generator Crack (2025 Latest)
halimaanam8
 
PPTX
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PPTX
CNN LeNet5 Architecture: Neural Networks
DrRPonnusamyCIT
 
PDF
DuckDuckGo Private Browser Premium APK for Android Crack Latest 2025
hashmi66g66
 
PDF
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
PPTX
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
PDF
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
PPTX
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
Tech Workshop Escape Room Tech Workshop
muthuiyad
 
Wondershare Recoverit Full Crack New Version (Latest 2025)
hashmi66g66
 
Topaz Photo AI Crack New Download (Latest 2025)
hashmi66g66
 
Microsoft Office 365 Crack Download Free
wasibhadar
 
AI Guide for Business Growth - Arna Softech
Arna Softech
 
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
Visual explanation of Dijkstra's Algorithm using Python
Universidad Nacional de Ingenieria
 
Time Tracking Features That Teams and Organizations Actually Need
Orangescrum
 
GSA Content Generator Crack (2025 Latest)
halimaanam8
 
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
CNN LeNet5 Architecture: Neural Networks
DrRPonnusamyCIT
 
DuckDuckGo Private Browser Premium APK for Android Crack Latest 2025
hashmi66g66
 
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 

ECSA 2023 Ubuntu Case Study

  • 1. Analyzing the Evolution of Inter-package Dependencies in Operating Systems: A Case Study of Ubuntu Victor Prokhorenko, Chadni Islam, Muhammad Ali Babar
  • 2. Overview  Software dependencies and complexity  Operating Systems context  DepEx framework - Dependency extraction  Ubuntu – Findings  Future work directions and enhancements
  • 3. Types of software dependencies • Code libraries (source or binary) • Network sockets • UNIX domain sockets • Pipes • File-based • Run-time code provisioning • Downloading from external source • Generated by external applications • Discoverable and undiscoverable
  • 4. Code libraries • Available in source form at compile time • Used through various form of Import- and Include-like statements • Can be in-lined or embedded, thus eliminating external dependency • Dynamically loadable at run time • Typically met in form of .so and .dll files • Can have recursive dependencies of their own
  • 5. Binary Dynamically Loadable Libraries • Required to be present in the system for a given application to start • Required to be located in a discoverable “place” • Required to contain the necessary functionality • List of exported functions • Versioning considerations • Source code may be inaccessible • Sourced from: • Application bundle • Pre-existing Operating System
  • 6. Binary Dynamically Loadable Libraries: example
  • 7. Complexity aspect: dependency-based metrics • How do dependencies reflect application complexity? • How do dependencies reflect library importance? • Four metrics investigated: Presence, Coverage, Occurrence, Usage • Developer-facing complexity vs. recursion
  • 8. Operating system context • Single application development phase • Testing through compilation and execution • Multiple tools: compiler, IDE, tests, debuggers • Multiple applications usage phase • Automatic dependency installation (apt install) • Library version conflicts: versioned names • Bundling: archive, container, VM • Base system inflation
  • 9. System-wide dependencies observability • Emergent high-level architecture appears as a result of combining multiple independently-developed applications • Constant system modifications and updates lead to lack of stable picture • Lack of bird’s eye view: • Are there any libraries missing that are required by executables in the system? Which ones? • Which executables would not be able to run due to the lack of required libraries? • What are the most popular/critical libraries (i.e. required by most number of executables)? Least popular? • Which libraries are present in the system but not required by any executable?
  • 10. DepEx: Dependency Extractor framework • Plugin-based architecture • Presence and Coverage metrics • Scans file system and stores discovered dependencies in a structured database • Current development targeted at run-time file modifications tracking
  • 11. Ubuntu case study • Why Ubuntu? • High popularity • Consistent archives • Detailed release notes • Long history – chance to find evolutionary patterns • Technical challenges • Disk space requirements • Image format and compression changed over time
  • 12. Ubuntu case study: statistics • 84 consecutive versions (5.04 to 23.04) • 18 years of history • 114GB of compressed images • 9.8 million total files • Over 408000 total binaries and executables • Almost 2 millions of library-level dependencies extracted
  • 13. Ubuntu: libraries vs. executable vs. total files
  • 18. Ubuntu: most popular libraries (direct) Rank Library Direct uses 1 libc 4397 2 libpthread 1438 3 libglib 1037 4 libgobject 945 5 libm 836 6 librt 719 7 libgthread 660 8 libgmodule 658 9 libgtk-x11 656 10 libdl 601 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 L I B C L I B P T H R E A D L I B G L I B L I B G O B J E C T L I B M L I B R T L I B G T H R E A D L I B G M O D U L E L I B G T K - X 1 1 L I B D L DIRECT USES
  • 19. Ubuntu: executable/library complexity (recursive) Rank Library Direct uses 1 gnome-control-center 273 2 gnome-initial-setup 169 3 shotwell-publishing 164 4 libiradio 158 5 librilo 158 6 evolution-alarm-notify 156 7 gnome-todo 155 8 smbd.x86_64-linux-gnu 155 9 empathy-call 154 10 libclplug_gtk3lo 154 0 50 100 150 200 250 300 DEPENDENCIES
  • 21. Conclusion • Executables with a high number of recursive dependencies can be removed • “Complexity” comes from large number of subsystems: image formats, setup • Highly popular libraries are here to stay • A large number of libraries (up to three quarters) are not explicitly required • Plugins – discovered and loaded through a different mechanism • Shipped “just in case” for applications that would likely be installed • While periodic cleanups occur in practice, averages still steadily grow • Developer-facing complexity tends to be controlled
  • 22. Future work directions and enhancements • More plugins for more executable types • Network awareness • Run-time file activity tracking and dependency graph updating • Real-time system health monitoring • Missing libraries, broken executables, missing links • Recovery/fixing recommendations • Most required missing library? • Last file event impact?