Score
Authoring CMake scripts requires writing CMakeLists.txt to define targets, manage dependencies with find_package and target_link_libraries, set compile options and platform-specific flags, and generate builds for backends like Ninja, Makefiles or Visual Studio across platforms.
Prior research on library migration has largely overlooked C/C++, leaving a critical gap in understanding its ecosystem’s evolution. Method: We construct the first large-scale, multi-source C/C++ library migration dataset, encompassing 19,943 projects across seven package managers, and conduct an empirical analysis integrating dependency graphs, commit histories, and issue trackers to systematically characterize migration behaviors, domains, and motivations—comparing findings against Python, JavaScript, and Java. Contribution/Results: We find C/C++ migrations concentrate in GUI, build-system, and OS development; 83.46% of source libraries map deterministically to a single target library; and unique drivers include reducing compilation time and unifying dependency management. Crucially, C/C++ migration patterns diverge significantly from dynamic languages (e.g., JS/Python) and Java—especially in domain distribution—demonstrating the dataset’s utility for developing specialized migration recommendation tools.
Code smells in build scripts undermine build reliability and accumulate technical debt. Method: We conduct the first systematic identification and definition of 13 build-script-specific code smells, based on a large-scale empirical study of 5,882 Maven, Gradle, CMake, and Make scripts from 4,877 GitHub open-source projects. We quantitatively detect 10,895 smell instances using our custom static analysis tool Sniffer and qualitatively analyze 2,000 related GitHub issues. Contribution/Results: We uncover co-occurrence patterns among smells (e.g., hard-coded paths strongly correlate with duplicated code), and reveal domain-specific prevalence: Makefiles exhibit the highest smell density; insecure URLs are most frequent in Maven; wildcard usage dominates in Make. Our findings provide empirically grounded, actionable insights for improving build script quality and maintainability.
Automated build automation for C/C++ open-source projects faces core challenges including intricate dependency graphs, heterogeneous build systems (e.g., Make, CMake, Autotools, Bazel), diverse toolchains, and poor error resilience—areas where existing approaches offer limited support. To address these, we propose the first large language model (LLM)-based dynamic interactive build agent framework. It enables end-to-end adaptive build repair via implicit knowledge reasoning and closed-loop environmental feedback. We design a unified abstraction layer to support multiple build systems and integrate context-aware error diagnosis, intelligent retry mechanisms, and recovery strategies grounded in real-time build-state awareness. Evaluated on standard open-source benchmarks, our framework achieves a 78% build success rate; on the Top100 dataset, it outperforms manual builds on three projects and significantly improves overall build coverage. This work establishes a scalable, LLM-driven paradigm for C/C++ ecosystem build automation.
This study presents the first systematic empirical investigation of Software Bill of Materials (SBOM) publishing practices among developers on Maven Central. Addressing the lack of large-scale, repository-level SBOM analysis, we propose a warehouse-oriented SBOM discovery and dependency graph augmentation method: leveraging the Goblin framework to construct Maven dependency graphs, and integrating the Weaver module for automated SBOM (SPDX/CycloneDX) parsing, graph traversal-based sampling, and multi-source data fusion. From a 10% stratified sample of repository nodes, we collected 14,071 SBOMs covering 7,290 package versions, establishing the first publicly available Maven SBOM dataset. Results reveal critically low SBOM adoption rates and severe format fragmentation. Key contributions include: (1) the first empirically grounded, multi-source SBOM dataset; (2) a scalable, package-level SBOM discovery and graph-augmentation framework; and (3) evidence-based insights for enhancing transparency in open-source software supply chains.
Existing Python library migration tools are largely restricted to API-level mapping or specific library pairs, suffering from narrow coverage and low automation. This paper introduces the first end-to-end, general-purpose Python library migration framework, leveraging large language models (LLMs) as its core engine and integrating static analysis (to extract contextual dependencies) with dynamic analysis (to verify behavioral consistency), enabling fully automated code migration between functionally similar libraries. We propose a novel program-analysis-driven LLM post-processing optimization mechanism, significantly enhancing migration accuracy and robustness. Our command-line implementation is evaluated on 717 real-world projects: 32% achieve fully correct migrations, and in over 50% of projects, developers need to address fewer than 14% of residual changes—substantially reducing manual effort and error rates.
This work addresses the challenge of automating library API migration in the absence of real-world migration examples. To overcome this limitation, the authors propose a novel unsupervised approach that leverages large language models (LLMs) to generate initial migration examples without requiring labeled data. These examples are then generalized by an intelligent agent into structured, testable code transformation rules, which are integrated into the PolyglotPiranha framework for execution. This study represents the first integration of LLMs’ zero-shot generation capabilities with programmatic code transformation tools. The method successfully synthesizes reusable and generalizable migration scripts across multiple Python library migration tasks, significantly enhancing the feasibility and practicality of API migration in fully unsupervised settings.
HPC software ecosystems exhibit high heterogeneity and complex dependency graphs; while package managers like Spack automate dependency resolution, their recipes (package.py files) require labor-intensive manual authoring and maintenance—costs that scale prohibitively with ecosystem size. This work introduces SpackIt, the first LLM-driven framework for automated Spack recipe generation in HPC. It integrates static codebase analysis to extract build metadata, retrieves semantically similar existing recipes via RAG-enhanced retrieval, and employs a diagnostic feedback loop for iterative recipe refinement—enabling end-to-end generation of deployable Spack recipes from source code. Evaluated on 308 real-world HPC packages, SpackIt increases zero-shot installation success rate from 20% to over 80%. The approach substantially lowers the barrier to recipe development and significantly improves software reproducibility and portability across diverse HPC environments.
This work addresses the time-consuming and error-prone nature of manually migrating third-party libraries in Python projects, particularly when the original libraries become outdated or deprecated. To tackle this challenge, we propose MigMate—the first end-to-end, large language model (LLM)-based library migration plugin for Visual Studio Code—that seamlessly integrates automated migration capabilities into developers’ workflows. Built upon MigrateLib, MigMate leverages LLMs to generate migration code and provides an interactive preview and confirmation interface. Preliminary user studies demonstrate that MigMate significantly reduces the time required for migration tasks and achieves high scores on the System Usability Scale (SUS), confirming its effectiveness and practical utility.
This work addresses the challenge of automated configuration migration across CI platforms—particularly from Travis CI to GitHub Actions—where manual translation is error-prone and labor-intensive. We propose an LLM-based translation framework grounded in empirical analysis of 811 real-world migration cases, enabling the first quantitative characterization of configuration conversion effort. We introduce a four-category taxonomy of translation problems and identify recurring developer pain points. Methodologically, we design a composite prompting strategy integrating documentation-guided instruction, iterative refinement, and in-context learning to enhance LLM robustness and fidelity. Evaluation on GPT-4o shows our approach achieves 75.5% end-to-end build success rate—nearly tripling the performance of baseline prompting—while substantially reducing manual intervention. The framework provides a reproducible, quantitatively evaluable pathway for intelligent CI/CD configuration migration.
This study addresses the limited understanding of how migration guides are actually provided and utilized by developers, a gap that undermines their effectiveness in managing breaking changes in software libraries. Focusing on real-world usage practices, the work presents an empirical investigation centered on libraries with incompatible updates—such as Log4j—by analyzing pull request data and patterns of documentation referencing. The findings reveal that 82.81% of references point to entire migration guides rather than specific sections, and that these guides serve not only during major version upgrades but also play a sustained role in long-term maintenance. These insights offer empirically grounded recommendations for improving the design and utility of API migration documentation.