miq.bib

@inproceedings{abateDependencySolvingStill2020,
  title = {Dependency {{Solving Is Still Hard}}, but {{We Are Getting Better}} at {{It}}},
  booktitle = {{{SANER}} 2020 - {{Proceedings}} of the 2020 {{IEEE}} 27th {{International Conference}} on {{Software Analysis}}, {{Evolution}}, and {{Reengineering}}},
  author = {Abate, Pietro and Cosmo, Roberto DI and Gousios, Georgios and Zacchiroli, Stefano},
  date = {2020},
  doi = {10.1109/SANER48275.2020.9054837},
  abstract = {Dependency solving is a hard (NP-complete) problem in all non-trivial component models due to either mutually incompatible versions of the same packages or explicitly declared package conflicts. As such, software upgrade planning needs to rely on highly specialized dependency solvers, lest falling into pitfalls such as incompleteness - a combination of package versions that satisfy dependency constraints does exist, but the package manager is unable to find it. In this paper we look back at proposals from dependency solving research dating back a few years. Specifically, we review the idea of treating dependency solving as a separate concern in package manager implementations, relying on generic dependency solvers based on tried and tested techniques such as SAT solving, PBO, MILP, etc. By conducting a census of dependency solving capabilities in state-of-the-art package managers we conclude that some proposals are starting to take off (e.g., SAT-based dependency solving) while - with few exceptions - others have not (e.g., outsourcing dependency solving to reusable components). We reflect on why that has been the case and look at novel challenges for dependency solving that have emerged since.},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\35C2RQVZ\\abate2020.pdf.pdf}
}

@article{al-mutawaShapeCircularDependencies2014,
  title = {On the {{Shape}} of {{Circular Dependencies}} in {{Java Programs}}},
  author = {Al-Mutawa, Hussain A. and Dietrich, Jens and Marsland, Stephen and McCartin, Catherine},
  date = {2014-04},
  journaltitle = {2014 23rd Australian Software Engineering Conference},
  pages = {48--57},
  publisher = {{IEEE}},
  location = {{Milsons Point, NSW, Australia}},
  doi = {10.1109/ASWEC.2014.15},
  url = {http://ieeexplore.ieee.org/document/6824106/},
  urldate = {2023-05-29},
  abstract = {Circular dependencies between software artefacts are widely considered as problematic. However, empirical studies of Java programs have shown that most programs are riddled with circular dependencies. This seems to imply that not all circular dependencies are as detrimental to software quality as previously thought. Clearly, a better understanding of the types of circular dependency and their effect on software quality is required. In this paper, we provide precise definitions for different types of circular dependencies, analyse their topology and investigate the relationship between circular dependencies and the package containment tree. Our analysis is based on the popular Qualities Corpus data set. We find that in package dependency graphs, most circular dependencies are "package local": they are confined to branches of the package containment tree where they form around parent packages. Existing research indicates that these dependencies may not be critical. This may explain why circular dependencies are so common in widely-used real-world programs.},
  eventtitle = {2014 23rd {{Australian Software Engineering Conference}} ({{ASWEC}})},
  isbn = {9781479931491},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\N3MGJ3GZ\\al-mutawa2014.pdf.pdf}
}

@article{amor-iglesiasMeasuringLibreSoftware2005,
  title = {Measuring Libre Software Using Debian 3.1 (Sarge) as a Case Study: {{Preliminary}} Results},
  author = {Amor-Iglesias, Juan-José and González-Barahona, Jesús M and Robles-Martínez, Gregorio and Herráiz-Tabernero, Israel},
  date = {2005},
  journaltitle = {UPGRADE The European Journal for the Informatics Professional},
  shortjournal = {UPGRADE The European Journal for the Informatics Professional},
  volume = {6},
  number = {3},
  pages = {13--16}
}

@book{bang-jensenDigraphs2009,
  title = {Digraphs},
  author = {Bang-Jensen, Jørgen and Gutin, Gregory Z.},
  date = {2009},
  series = {Springer {{Monographs}} in {{Mathematics}}},
  publisher = {{Springer}},
  location = {{London}},
  doi = {10.1007/978-1-84800-998-1},
  url = {http://link.springer.com/10.1007/978-1-84800-998-1},
  urldate = {2023-06-19},
  keywords = {algorithm analysis and problem complexity,algorithms,combinatorics,Graph,Hamiltonian cycle,Hamiltonian path,Hypergraph,linear optimization,operations research,Sim,Vertex},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\TRAHQMKH\\Bang-Jensen and Gutin - 2009 - Digraphs.pdf}
}

@software{Bubblewrap2023,
  title = {Bubblewrap},
  date = {2023-06-21T19:40:11Z},
  origdate = {2016-02-16T20:36:10Z},
  url = {https://github.com/containers/bubblewrap},
  urldate = {2023-06-25},
  abstract = {Low-level unprivileged sandboxing tool used by Flatpak and similar projects},
  organization = {{Containers}},
  keywords = {linux-containers,user-namespaces}
}

@inproceedings{chapuisEmpiricalStudyUse2020,
  title = {An {{Empirical Study}} of the {{Use}} of {{Integrity Verification Mechanisms}} for {{Web Subresources}}},
  booktitle = {Proceedings of {{The Web Conference}} 2020},
  author = {Chapuis, Bertil and Omolola, Olamide and Cherubini, Mauro and Humbert, Mathias and Huguenin, Kévin},
  date = {2020-04-20},
  series = {{{WWW}} '20},
  pages = {34--45},
  publisher = {{Association for Computing Machinery}},
  location = {{New York, NY, USA}},
  doi = {10.1145/3366423.3380092},
  url = {https://dl.acm.org/doi/10.1145/3366423.3380092},
  urldate = {2023-06-25},
  abstract = {Web developers can (and do) include subresources such as scripts, stylesheets and images in their webpages. Such subresources might be stored on content delivery networks (CDNs). This practice creates security and privacy risks, should a subresource be corrupted. The subresource integrity (SRI) recommendation, released in mid-2016 by the W3C, enables developers to include digests in their webpages in order for web browsers to verify the integrity of subresources before loading them. In this paper, we conduct the first large-scale longitudinal study of the use of SRI on the Web by analyzing massive crawls (≈ 3B URLs) of the Web over the last 3.5 years. Our results show that the adoption of SRI is modest (≈), but grows at an increasing rate and is highly influenced by the practices of popular library developers (e.g., Bootstrap) and CDN operators (e.g., jsDelivr). We complement our analysis about SRI with a survey of web developers (N=): It shows that a substantial proportion of developers know SRI and understand its basic functioning, but most of them ignore important aspects of the recommendation. The results of the survey also show that the integration of SRI by developers is mostly manual – hence not scalable and error prone. This calls for a better integration of SRI in build tools.},
  isbn = {978-1-4503-7023-3},
  keywords = {common crawl,subresource integrity,web security},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\RGSA6DL6\\Chapuis et al. - 2020 - An Empirical Study of the Use of Integrity Verific.pdf}
}

@article{courtesFunctionalPackageManagement2013,
  title = {Functional {{Package Management}} with {{Guix}}},
  author = {Courtès, Ludovic},
  date = {2013-05},
  url = {http://arxiv.org/abs/1305.4584},
  abstract = {We describe the design and implementation of GNU Guix, a purely functional package manager designed to support a complete GNU/Linux distribution. Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It builds upon the low-level build and deployment layer of the Nix package manager. Guix uses Scheme as its programming interface. In particular, we devise an embedded domain-specific language (EDSL) to describe and compose packages. We demonstrate how it allows us to benefit from the host general-purpose programming language while not compromising on expressiveness. Second, we show the use of Scheme to write build programs, leading to "two-tier" programming system.}
}

@online{DaggyRust,
  title = {Daggy - {{Rust}}},
  url = {https://docs.rs/daggy/latest/daggy/},
  urldate = {2023-06-24},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\GTBV4INE\\daggy.html}
}

@online{DenoCoreCrates2023,
  title = {Deno\_core - Crates.Io: {{Rust Package Registry}}},
  shorttitle = {Deno\_core - Crates.Io},
  date = {2023-06-16},
  url = {https://crates.io/crates/deno_core},
  urldate = {2023-06-21},
  abstract = {A modern JavaScript/TypeScript runtime built with V8, Rust, and Tokio},
  langid = {english},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\9AA42V7A\\deno_core.html}
}

@online{DependenciesGentooDevelopment,
  title = {Dependencies – {{Gentoo Development Guide}}},
  url = {https://devmanual.gentoo.org/general-concepts/dependencies/},
  urldate = {2023-06-19},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\39QDKEKG\\dependencies.html}
}

@online{DhallConfigurationLanguage,
  title = {The {{Dhall}} Configuration Language},
  url = {https://dhall-lang.org/},
  urldate = {2023-06-21},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\BIUGM94N\\dhall-lang.org.html}
}

@online{DockerAcceleratedContainerized2022,
  title = {Docker: {{Accelerated}}, {{Containerized Application Development}}},
  shorttitle = {Docker},
  date = {2022-05-10T08:10:33-07:00},
  url = {https://www.docker.com/},
  urldate = {2023-05-29},
  abstract = {Docker is a platform designed to help developers build, share, and run modern applications. We handle the tedious setup, so you can focus on the code.},
  langid = {american}
}

@inproceedings{dolstraNixOS2008,
  title = {{{NixOS}}},
  booktitle = {Proceedings of the 13th {{ACM SIGPLAN}} International Conference on {{Functional}} Programming},
  author = {Dolstra, Eelco and Löh, Andres},
  date = {2008-09},
  pages = {367--378},
  publisher = {{ACM}},
  doi = {10.1145/1411204.1411255},
  isbn = {978-1-59593-919-7}
}

@book{dolstraPurelyFunctionalSoftware2006,
  title = {The Purely Functional Software Deployment Model},
  author = {Dolstra, Eelco},
  date = {2006},
  publisher = {{Utrecht University}},
  isbn = {90-393-4130-3}
}

@article{elizaldezapataSmootherLibraryMigrations2018,
  title = {Towards {{Smoother Library Migrations}}: {{A Look}} at {{Vulnerable Dependency Migrations}} at {{Function Level}} for Npm {{JavaScript Packages}}},
  shorttitle = {Towards {{Smoother Library Migrations}}},
  author = {Elizalde Zapata, Rodrigo and Kula, Raula Gaikovina and Chinthanet, Bodin and Ishio, Takashi and Matsumoto, Kenichi and Ihara, Akinori},
  date = {2018-09},
  journaltitle = {2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)},
  pages = {559--563},
  publisher = {{IEEE}},
  location = {{Madrid}},
  doi = {10.1109/ICSME.2018.00067},
  url = {https://ieeexplore.ieee.org/document/8530065/},
  urldate = {2023-05-29},
  abstract = {It has become common practice for software projects to adopt third-party libraries, allowing developers full access to functions that otherwise will take time and effort to create them-selves. Regardless of migration effort involved, developers are encouraged to maintain their library dependencies by updating any outdated dependency, so as to remain safe from potential threats such as vulnerabilities. Through a manual inspection of a total of 60 client projects from three cases of high severity vulnerabilities, we investigate whether or not clients are really safe from these threats. Surprisingly, our early results show evidence that up to 73.3\% of outdated clients were actually safe from the threat. This is the first work to confirm that analysis at the library level is indeed an overestimation. This result to pave the path for future studies to empirically investigate and validate this phenomena, and is towards aiding a smoother library migration for client developers.},
  eventtitle = {2018 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
  isbn = {9781538678701},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\JPJI8BHQ\\71973028064296a95e0cb96726c268a1.pdf.pdf}
}

@article{erParallelComputationApproach1983,
  title = {A {{Parallel Computation Approach}} to {{Topological Sorting}}},
  author = {Er, M. C.},
  date = {1983-11-01},
  journaltitle = {The Computer Journal},
  shortjournal = {The Computer Journal},
  volume = {26},
  number = {4},
  pages = {293--295},
  issn = {0010-4620},
  doi = {10.1093/comjnl/26.4.293},
  url = {https://doi.org/10.1093/comjnl/26.4.293},
  urldate = {2023-06-25},
  abstract = {A new topological sorting algorithm is formulated using the parallel computation approach. The time complexity of this algorithm is of the order of the longest distance between a source node and a sink node in an acyclic digraph representing the partial orderings between elements. An implementation of this algorithm with an SIMD machine is discussed. To avoid contention for logical resources, a synchronization of all processors is proposed and its performance is also discussed.},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\ZBXBCSSE\\Er - 1983 - A Parallel Computation Approach to Topological Sor.pdf;C\:\\Users\\ayats\\Zotero\\storage\\ELY5IQPM\\377400.html}
}

@inproceedings{espePerformanceEvaluationContainer2020,
  title = {Performance {{Evaluation}} of {{Container Runtimes}}.},
  author = {Espe, Lennart and Jindal, Anshul and Podolskiy, Vladimir and Gerndt, Michael},
  date = {2020},
  pages = {273--281},
  eventtitle = {{{CLOSER}}}
}

@online{EverythingYouNeed,
  title = {Everything {{You Need}} to {{Know}} about {{Linux Containers}}},
  url = {https://www.linuxjournal.com/content/everything-you-need-know-about-linux-containers-part-ii-working-linux-containers-lxc},
  urldate = {2023-05-29},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\MPSJU67K\\everything-you-need-know-about-linux-containers-part-ii-working-linux-containers-lxc.html}
}

@online{FHSLinuxFoundation,
  title = {{{FHS}}, {{Linux Foundation Wiki}}},
  url = {https://wiki.linuxfoundation.org/lsb/fhs},
  urldate = {2023-05-29},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\833M3UX3\\fhs.html}
}

@online{FnvRust,
  title = {Fnv - {{Rust}}},
  url = {https://doc.servo.org/fnv/},
  urldate = {2023-06-18},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\PVYAW4NE\\fnv.html}
}

@inproceedings{gamblinSpackPackageManager2015,
  title = {The {{Spack}} Package Manager: {{Bringing}} Order to {{HPC}} Software Chaos},
  booktitle = {International {{Conference}} for {{High Performance Computing}}, {{Networking}}, {{Storage}} and {{Analysis}}, {{SC}}},
  author = {Gamblin, Todd and Legendre, Matthew and Collette, Michael R. and Lee, Gregory L. and Moody, Adam and Supinski, Bronis R. De and Futral, Scott},
  date = {2015},
  volume = {15-20-November-2015},
  issn = {21674337},
  doi = {10.1145/2807591.2807623},
  abstract = {Large HPC centers spend considerable time supporting software for thousands of users, but the complexity of HPC software is quickly outpacing the capabilities of existing software management tools. Scientific applications require specific versions of compilers, MPI, and other dependency libraries, so using a single, standard software stack is infeasible. However, managing many configurations is difficult because the configuration space is combinatorial in size. We introduce Spack, a tool used at Lawrence Livermore National Laboratory to manage this complexity. Spack provides a novel, recursive specification syntax to invoke parametric builds of packages and dependencies. It allows any number of builds to coexist on the same system, and it ensures that installed packages can find their dependencies, regardless of the environment. We show through real-world use cases that Spack supports diverse and demanding applications, bringing order to HPC software chaos.},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\DVPBYBM7\\gamblin2015.pdf.pdf}
}

@online{GNUCompilerCollection,
  title = {{{GNU Compiler Collection}} ({{GCC}}) Documentation},
  url = {https://gcc.gnu.org/onlinedocs/gcc/},
  urldate = {2023-06-26},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\TU3SYDM7\\gcc.html}
}

@inproceedings{goswamiInvestigatingReproducibilityNPM2020,
  title = {Investigating {{The Reproducibility}} of {{NPM Packages}}},
  booktitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
  author = {Goswami, Pronnoy and Gupta, Saksham and Li, Zhiyuan and Meng, Na and Yao, Daphne},
  date = {2020-09},
  pages = {677--681},
  issn = {2576-3148},
  doi = {10.1109/ICSME46990.2020.00071},
  abstract = {Node.js has been popularly used for web application development, partially because of its large software ecosystem known as NPM (Node Package Manager) packages. When using open-source NPM packages, most developers download prebuilt packages on npmjs.com instead of building those packages from available source, and implicitly trust the downloaded packages. However, it is unknown whether the blindly trusted prebuilt NPM packages are reproducible (i.e., whether there is always a verifiable path from source code to any published NPM package). Therefore, for this paper, we conducted an empirical study to examine the reproducibility of NPM packages, and to understand why some packages are not reproducible.Specifically, we downloaded versions/releases of 226 most popularly used NPM packages and then built each version with the available source on GitHub. Next, we applied a differencing tool to compare the versions we built against versions downloaded from NPM, and further inspected any reported difference. Among the 3,390 versions of the 226 packages, only 2,087 versions are reproducible. Based on our manual analysis, multiple factors contribute to the non-reproducibility issues, such as flexible versioning information in package.json file and the divergent behaviors between distinct versions of tools used in the build process. Our investigation reveals challenges of verifying NPM reproducibility with existing tools, and provides insights for future verifiable build procedures.},
  eventtitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
  keywords = {JavaScript,Manuals,NPM packages,Open source software,Packaging,reproducibility,Software development management,Software maintenance,Standards,Tools},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\DXVSEYRD\\Goswami et al. - 2020 - Investigating The Reproducibility of NPM Packages.pdf;C\:\\Users\\ayats\\Zotero\\storage\\V8KCXAQY\\9240695.html}
}

@online{HashStdHash,
  title = {Hash in Std::Hash - {{Rust}}},
  url = {https://doc.rust-lang.org/stable/std/hash/trait.Hash.html},
  urldate = {2023-06-18},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\7UZB7X7Z\\trait.Hash.html}
}

@online{HW3238POperating,
  title = {{{HW3}} - {{238P Operating Systems}}},
  url = {https://www.ics.uci.edu/~aburtsev/238P/hw/hw3-elf/hw3-elf.html},
  urldate = {2023-06-20},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\GIKXALWV\\hw3-elf.html}
}

@inproceedings{kellMissingLinkExplaining2016,
  title = {The Missing Link: Explaining {{ELF}} Static Linking, Semantically},
  booktitle = {Proceedings of the 2016 {{ACM SIGPLAN International Conference}} on {{Object-Oriented Programming}}, {{Systems}}, {{Languages}}, and {{Applications}}},
  author = {Kell, Stephen and Mulligan, Dominic P. and Sewell, Peter},
  date = {2016-10},
  pages = {607--623},
  publisher = {{ACM}},
  doi = {10.1145/2983990.2983996},
  url = {https://dl.acm.org/doi/10.1145/2983990.2983996},
  isbn = {978-1-4503-4444-9}
}

@online{LdLinuxManual,
  title = {Ld.so(8) - {{Linux}} Manual Page},
  url = {https://man7.org/linux/man-pages/man8/ld.so.8.html},
  urldate = {2023-06-20},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\NH8WX7GA\\ld.so.8.html}
}

@inproceedings{legayPackageFreshnessLinux2020,
  title = {On {{Package Freshness}} in {{Linux Distributions}}},
  booktitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
  author = {Legay, Damien and Decan, Alexandre and Mens, Tom},
  date = {2020-09},
  pages = {682--686},
  issn = {2576-3148},
  doi = {10.1109/ICSME46990.2020.00072},
  abstract = {The open-source Linux operating system is available through a wide variety of distributions, each containing a collection of installable software packages. It can be important to keep these packages as fresh as possible to benefit from new features, bug fixes and security patches. However, not all distributions place the same emphasis on package freshness. We conducted a survey in the first half of 2020 with 170 Linux users to gauge their perception of package freshness in the distributions they employ, the value they place on package freshness and the reasons why they do so, and the methods they use to update packages. The results of this survey reveal that, for the aforementioned reasons, keeping packages up to date is an important concern to Linux users and that they install and update packages through their distribution’s official repositories whenever possible, but often resort to third-party repositories and package managers for proprietary software and programming language libraries. Some distributions are perceived to be much quicker in deploying package updates than others. These results are useful to assess the expectations and requirements of Linux users in terms of package freshness and guide them in choosing a fitting distribution.},
  eventtitle = {2020 {{IEEE International Conference}} on {{Software Maintenance}} and {{Evolution}} ({{ICSME}})},
  keywords = {Computer bugs,Computer languages,Libraries,Linux,Security,Stability analysis,Tools},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\XC3GI7YI\\Legay et al. - 2020 - On Package Freshness in Linux Distributions.pdf;C\:\\Users\\ayats\\Zotero\\storage\\R4D4YXP5\\9240686.html}
}

@online{LinuxFoundationReferenced,
  title = {Linux {{Foundation Referenced Specifications}}},
  url = {https://refspecs.linuxfoundation.org/},
  urldate = {2023-06-20},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\P2UPMHSM\\refspecs.linuxfoundation.org.html}
}

@online{LinuxStandardBase,
  title = {Linux {{Standard Base Core Specification}}, {{Generic Part}}},
  url = {https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/book1.html},
  urldate = {2023-06-21},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\NWWJDKRW\\book1.html}
}

@article{merkelDockerLightweightLinux2014,
  title = {Docker: Lightweight {{Linux}} Containers for Consistent Development and Deployment},
  shorttitle = {Docker},
  author = {Merkel, Dirk},
  date = {2014-03-01},
  journaltitle = {Linux Journal},
  url = {https://www.semanticscholar.org/paper/Docker%3A-lightweight-Linux-containers-for-consistent-Merkel/875d90d4f66b07f90687b27ab304e04a3f666fc2},
  urldate = {2023-05-29},
  abstract = {Docker promises the ability to package applications and their dependencies into lightweight containers that move easily between different distros, start up quickly and are isolated from each other.},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\BMA7GVST\\Merkel - 2014 - Docker lightweight Linux containers for consisten.pdf}
}

@online{MluaRust,
  title = {Mlua - {{Rust}}},
  url = {https://docs.rs/mlua/latest/mlua/},
  urldate = {2023-06-25},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\E25Q8XT6\\mlua.html}
}

@article{mukherjeeFixingDependencyErrors2021,
  title = {Fixing Dependency Errors for {{Python}} Build Reproducibility},
  author = {Mukherjee, Suchita and Almanza, Abigail and Rubio-González, Cindy},
  date = {2021-07-11},
  journaltitle = {Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages = {439--451},
  publisher = {{ACM}},
  location = {{Virtual Denmark}},
  doi = {10.1145/3460319.3464797},
  url = {https://dl.acm.org/doi/10.1145/3460319.3464797},
  urldate = {2023-05-29},
  abstract = {Software reproducibility is important for re-usability and the cumulative progress of research. An important manifestation of unreproducible software is the changed outcome of software builds over time. While enhancing code reuse, the use of open-source dependency packages hosted on centralized repositories such as PyPI can have adverse effects on build reproducibility. Frequent updates to these packages often cause their latest versions to have breaking changes for applications using them. Large Python applications risk their historical builds becoming unreproducible due to the widespread usage of Python dependencies, and the lack of uniform practices for dependency version specification. Manually fixing dependency errors requires expensive developer time and effort, while automated approaches face challenges of parsing unstructured build logs, finding transitive dependencies, and exploring an exponential search space of dependency versions. In this paper, we investigate how open-source Python projects specify dependency versions, and how their reproducibility is impacted by dependency packages. We propose a tool PyDFix to detect and fix unreproducibility in Python builds caused by dependency errors. PyDFix is evaluated on two bug datasets BugSwarm and BugsInPy, both of which are built from real-world open-source projects. PyDFix analyzes a total of 2,702 builds, identifying 1,921 (71.1\%) of them to be unreproducible due to dependency errors. From these, PyDFix provides a complete fix for 859 (44.7\%) builds, and partial fixes for an additional 632 (32.9\%) builds.},
  eventtitle = {{{ISSTA}} '21: 30th {{ACM SIGSOFT International Symposium}} on {{Software Testing}} and {{Analysis}}},
  isbn = {9781450384599},
  langid = {english},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\8KBQ4H39\\mukherjee2021.pdf.pdf;C\:\\Users\\ayats\\Zotero\\storage\\C85MNZ47\\Mukherjee et al. - 2021 - Fixing dependency errors for Python build reproduc.pdf}
}

@online{MuslLibc,
  title = {Musl Libc},
  url = {https://musl.libc.org/},
  urldate = {2023-06-21},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\TZGEKGYB\\musl.libc.org.html}
}

@online{NamespacesLinuxManualb,
  title = {Namespaces(7) - {{Linux}} Manual Page},
  url = {https://man7.org/linux/man-pages/man7/namespaces.7.html},
  urldate = {2023-06-19},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\MA76PIPG\\namespaces.7.html}
}

@inproceedings{neelakantamHardwareAtomicityReliable2007,
  title = {Hardware Atomicity for Reliable Software Speculation},
  booktitle = {Proceedings of the 34th Annual International Symposium on {{Computer}} Architecture},
  author = {Neelakantam, Naveen and Rajwar, Ravi and Srinivas, Suresh and Srinivasan, Uma and Zilles, Craig},
  date = {2007-06-09},
  pages = {174--185},
  publisher = {{ACM}},
  location = {{San Diego California USA}},
  doi = {10.1145/1250662.1250684},
  url = {https://dl.acm.org/doi/10.1145/1250662.1250684},
  urldate = {2023-06-20},
  abstract = {Speculative compiler optimizations are effective in improving both single-thread performance and reducing power consumption, but their implementation introduces significant complexity, which can limit their adoption, limit their optimization scope, and negatively impact the reliability of the compilers that implement them. To eliminate much of this complexity, as well as increase the effectiveness of these optimizations, we propose that microprocessors provide architecturally-visible hardware primitives for atomic execution. These primitives provide to the compiler the ability to optimize the program's hot path in isolation, allowing the use of non-speculative formulations of optimization passes to perform speculative optimizations. Atomic execution guarantees that if a speculation invariant does not hold, the speculative updates are discarded, the register state is restored, and control is transferred to a non-speculative version of the code, thereby relieving the compiler from the responsibility of generating compensation code.  We demonstrate the benefit of hardware atomicity in the context of a Java virtual machine. We find incorporating the notion of atomic regions into an existing compiler intermediate representation to be natural, requiring roughly 3,000 lines of code (\textasciitilde 3\% of a JVM's optimizing compiler), most of which were for region formation. Its incorporation creates new opportunities for existing optimization passes, as well as greatly simplifying the implementation of additional optimizations (e.g., partial inlining, partial loop unrolling, and speculative lock elision). These optimizations reduce dynamic instruction count by 11\% on average and result in a 10-15\% average speedup, relative to a baseline compiler with a similar degree of inlining.},
  eventtitle = {{{SPAA07}}: 19th {{ACM Symposium}} on {{Parallelism}} in {{Algorithms}} and {{Architectures}}},
  isbn = {978-1-59593-706-3},
  langid = {english}
}

@article{nemotoLin4NeuroCustomizedLinux2011,
  title = {{{Lin4Neuro}}: A Customized {{Linux}} Distribution Ready for Neuroimaging Analysis},
  shorttitle = {{{Lin4Neuro}}},
  author = {Nemoto, Kiyotaka and Dan, Ippeita and Rorden, Christopher and Ohnishi, Takashi and Tsuzuki, Daisuke and Okamoto, Masako and Yamashita, Fumio and Asada, Takashi},
  date = {2011-01-25},
  journaltitle = {BMC Medical Imaging},
  shortjournal = {BMC Med Imaging},
  volume = {11},
  number = {1},
  pages = {3},
  issn = {1471-2342},
  doi = {10.1186/1471-2342-11-3},
  url = {https://doi.org/10.1186/1471-2342-11-3},
  urldate = {2023-06-28},
  abstract = {A variety of neuroimaging software packages have been released from various laboratories worldwide, and many researchers use these packages in combination. Though most of these software packages are freely available, some people find them difficult to install and configure because they are mostly based on UNIX-like operating systems. We developed a live USB-bootable Linux package named "Lin4Neuro." This system includes popular neuroimaging analysis tools. The user interface is customized so that even Windows users can use it intuitively.},
  langid = {english},
  keywords = {Hard Disk,Hard Disk Drive,Inhomogeneity Correction,Neuroimaging Analysis,Window User},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\6ZCIF6AS\\Nemoto et al. - 2011 - Lin4Neuro a customized Linux distribution ready f.pdf}
}

@online{NixNixOSReproducible,
  title = {Nix \& {{NixOS}} | {{Reproducible}} Builds and Deployments},
  url = {https://nixos.org/},
  urldate = {2023-06-22}
}

@online{NixNixOSReproduciblea,
  title = {Nix \& {{NixOS}} | {{Reproducible}} Builds and Deployments},
  url = {https://nixos.org/},
  urldate = {2023-06-22},
  abstract = {Nix is a tool that takes a unique approach to package management and system configuration. Learn how to make reproducible, declarative and reliable systems.},
  langid = {english},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\JN8JIPX4\\nixos.org.html}
}

@online{OverviewGNUSystem,
  title = {Overview of the {{GNU System}} - {{GNU Project}} - {{Free Software Foundation}}},
  url = {https://www.gnu.org/gnu/gnu-history.html},
  urldate = {2023-06-21},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\6EEEZN52\\gnu-history.html}
}

@online{PetgraphRust,
  title = {Petgraph - {{Rust}}},
  url = {https://docs.rs/petgraph/latest/petgraph/},
  urldate = {2023-06-24},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\SCW2EXXK\\petgraph.html}
}

@article{raknesNsrootMinimalistProcess2016,
  title = {Nsroot: {{Minimalist Process Isolation Tool Implemented With Linux Namespaces}}},
  author = {Raknes, Inge Alexander and Fjukstad, Bjørn and Bongo, Lars Ailo},
  date = {2016-09},
  abstract = {Data analyses in the life sciences are moving from tools run on a personal computer to services run on large computing platforms. This creates a need to package tools and dependencies for easy installation, configuration and deployment on distributed platforms. In addition, for secure execution there is a need for process isolation on a shared platform. Existing virtual machine and container technologies are often more complex than traditional Unix utilities, like chroot, and often require root privileges in order to set up or use. This is especially challenging on HPC systems where users typically do not have root access. We therefore present nsroot, a lightweight Linux namespaces based process isolation tool. It allows restricting the runtime environment of data analysis tools that may not have been designed with security as a top priority, in order to reduce the risk and consequences of security breaches, without requiring any special privileges. The codebase of nsroot is small, and it provides a command line interface similar to chroot. It can be used on all Linux kernels that implement user namespaces. In addition, we propose combining nsroot with the AppImage format for secure execution of packaged applications. nsroot is open sourced and available at: https://github.com/uit-no/nsroot}
}

@online{RhaiEmbeddedScripting,
  title = {Rhai – {{Embedded Scripting}} for {{Rust}}},
  url = {https://rhai.rs/},
  urldate = {2023-06-21},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\XYBNWB9M\\rhai.rs.html}
}

@inproceedings{ritchieProgrammingLanguage1983,
  title = {The {{C Programming Language}}},
  booktitle = {Programming {{Languages}}},
  author = {Ritchie, D. M. and Johnson, S. C. and Lesk, M. E. and Kernighan, B. W.},
  editor = {Horowitz, Ellis},
  date = {1983},
  pages = {364--385},
  publisher = {{Springer Berlin Heidelberg}},
  location = {{Berlin, Heidelberg}},
  doi = {10.1007/978-3-662-09507-2_22},
  url = {http://link.springer.com/10.1007/978-3-662-09507-2_22},
  urldate = {2023-06-21},
  abstract = {This ebook is the first authorized digital version of Kernighan and Ritchie's 1988 classic, The C Programming Language (2nd Ed.). One of the best-selling programming books published in the last fifty years, "K\&R" has been called everything from the "bible" to "a landmark in computer science" and it has influenced generations of programmers. Available now for all leading ebook platforms, this concise and beautifully written text is a "must-have" reference for every serious programmers digital library.    As modestly described by the authors in the Preface to the First Edition, this "is not an introductory programming manual; it assumes some familiarity with basic programming concepts like variables, assignment statements, loops, and functions. Nonetheless, a novice programmer should be able to read along and pick up the language, although access to a more knowledgeable colleague will help."},
  langid = {english}
}

@article{ritchieUNIXSystemEvolution1984,
  title = {The {{UNIX System}}: {{The Evolution}} of the {{UNIX Time}}‐sharing {{System}}},
  author = {Ritchie, D. M.},
  date = {1984},
  journaltitle = {AT\&T Bell Laboratories Technical Journal},
  volume = {63},
  number = {8},
  issn = {15387305},
  doi = {10.1002/j.1538-7305.1984.tb00054.x},
  abstract = {This paper presents a brief history of the early development of the UNIX™ operating system. It concentrates on the evolution of the file system, the process‐control mechanism, and the idea of pipelined commands. Some attention is paid to social conditions during the development of the system. This paper is reprinted from Lecture Notes on Computer Science, No. 79, Language Design and Programming Methodology, Springer‐Verlag, 1980. © 1984 AT\&T Bell Laboratories Technical Journal},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\5A8LM6Z6\\ritchie1984.pdf.pdf}
}

@online{RustProgrammingLanguage,
  title = {Rust {{Programming Language}}},
  url = {https://www.rust-lang.org/},
  urldate = {2023-06-22},
  abstract = {A language empowering everyone to build reliable and efficient software.},
  langid = {american},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\H59IG37X\\www.rust-lang.org.html}
}

@online{Serde,
  title = {Serde},
  url = {https://serde.rs/},
  urldate = {2023-06-22},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\39UGJXV9\\serde.rs.html}
}

@inproceedings{sunSecurityNamespaceMaking2018,
  title = {Security {{Namespace}}: {{Making Linux Security Frameworks Available}} to {{Containers}}},
  booktitle = {Proceedings of the 27th {{USENIX Conference}} on {{Security Symposium}}},
  author = {Sun, Yuqiong and Safford, David and Zohar, Mimi and Pendarakis, Dimitrios and Gu, Zhongshu and Jaeger, Trent},
  date = {2018},
  pages = {1423--1439},
  publisher = {{USENIX Association}},
  doi = {10.5555/3277203.3277310},
  abstract = {Lightweight virtualization (i.e., containers) offers a virtual host environment for applications without the need for a separate kernel, enabling better resource utilization and improved efficiency. However, the shared kernel also prevents containers from taking advantage of security features that are available to traditional VMs and hosts. Containers cannot apply local policies to govern integrity measurement, code execution, mandatory access control, etc. to prevent application-specific security problems. Changes have been proposed to make kernel security mechanisms available to containers, but such changes are often adhoc and expose the challenges of trusting containers to make security decisions without compromising host system or other containers. In this paper, we propose security namespaces, a kernel abstraction that enables containers to have an autonomous control over their security. The security namespace relaxes the global and mandatory assumption of kernel security frameworks, thus enabling containers to independently define security policies and apply them to a limited scope of processes. To preserve security, we propose a routing mechanism that can dynamically dispatch an operation to a set of containers whose security might be affected by the operation, therefore ensuring the security decision made by one container cannot compromise the host or other containers. We demonstrate security namespace by developing namespaces for integrity measurement and mandatory access control in the Linux kernel for use by Docker containers. Results show that security namespaces can effectively mitigate security problems within containers (e.g., malicious code execution) with less than 0.7\% additional latency to system call and almost identical application throughput. As a result, security namespaces enable containers to obtain autonomous control over their security without compromising the security of other containers or the host system.}
}

@online{TokioRust,
  title = {Tokio - {{Rust}}},
  url = {https://docs.rs/tokio/latest/tokio/},
  urldate = {2023-06-26},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\SVU3QBGS\\tokio.html}
}

@inproceedings{waltersFutureContinuousIntegration2013,
  title = {The Future of Continuous Integration in {{GNOME}}},
  booktitle = {2013 1st {{International Workshop}} on {{Release Engineering}} ({{RELENG}})},
  author = {Walters, Colin and Poo-Caamaño, Germán and German, Daniel M.},
  date = {2013-05},
  pages = {33--36},
  doi = {10.1109/RELENG.2013.6607695},
  abstract = {In Free and Open Source Software (FOSS) projects based on Linux systems, the users usually install the software from distributions. The distributions act as intermediaries between software developers and users. Distributors collect the source code of the different projects and package them, ready to be installed by the users. Packages seems to work well for managing and distributing stable major and minor releases. It presents, however, various release management challenges for developers of projects with multiples dependencies not always available in the stable version of their systems. In projects like GNOME, composed of dozens of individual components, developers must build newer versions of the libraries and applications that their applications depend upon before working in their own projects. This process can be cumbersome for developers who are not programmers, such as user interaction designers or technical writers. In this paper we describe some of the problems that the current distribution model presents to do continuous integration, testing and deployment for developers in GNOME, and present ongoing work intended to address these problems that uses a git-like approach to the building and deployment of applications.},
  eventtitle = {2013 1st {{International Workshop}} on {{Release Engineering}} ({{RELENG}})},
  keywords = {Buildings,Continuous Integration,Free/Open Source Software,GNOME,Libraries,Linux,Operating systems,Release Engineering,Switches,Testing},
  file = {C\:\\Users\\ayats\\Zotero\\storage\\MZSEL553\\Walters et al. - 2013 - The future of continuous integration in GNOME.pdf;C\:\\Users\\ayats\\Zotero\\storage\\TGPDRMIK\\6607695.html}
}