In this paper, we first conducted an empirical study on real-world DC issues collected from large open source projects. We identified three manifestation patterns of the DC issues and four fixing patterns. Then, we designed an automated detection tool for DC issues called Decca based on these findings. Decca also assesses these issues’ severity and filter out the benign ones. Our evaluation results show that Decca achieves a high precision of 0.923 and recall of 0.766 in detecting high-severity DC issues. More importantly, Decca can also detect unknown DC issues of different severity levels. Specifically, we identified 466 DC issues from 24 projects. After filtering out 438 benign ones, we reported 20 DC bugs containing 28 harmful issues. Among them, 11 bugs have been confirmed by developers, and 6 were fixed with our suggested patches. These results demonstrate the usefulness of our empirical study and the proposed tool Decca.

Raw data

We release the following datasets and tool under the MIT License:

How to use Decca

Decca can take a Maven based project (it should contain the complete Maven built project directory and file pom.xml) as input for analysis. The expected running environment is 64-bit Window operating system with JDK 1.7 or 1.8. As Maven built projects need to download dependencies from Maven Central Repository, Decca cannot work offline.

You can run Decca on our experimental subjects based on the following steps:

Step 1: Unzip the to local directory. Recommended directory structure is:


          ├─decca-1.0.jar :





*Note: To facilitate testing, please keep the unzip directory to be consistent with the above example. It should be noted that the location of data (e.g, D:\plugin-decca) is not hardcoded, it can be replaced with user's actual unzip directory in the install commands.

Step 2: Install Decca.

(a)  Execute the following Windows CMD command to install soot:

D:\plugin-decca\apache-maven-3.2.5\bin\mvn.bat install:install-file -Dfile=D:\plugin-decca\soot-1.0.jar -DgroupId=neu.lab -DartifactId=soot -Dversion=1.0 -Dpackaging=jar

(b)  Execute the following Windows CMD command to install Decca:

D:\plugin-decca\apache-maven-3.2.5\bin\mvn.bat install:install-file -Dfile=D:\plugin-decca\decca-1.0.jar -DgroupId=neu.lab -DartifactId=decca -Dversion=1.0 -Dpackaging=maven-plugin -DpomFile=D:\plugin-decca\decca-1.0.pom

Step 3: Detect and assess the dependency conflict issues.

Execute the following Windows CMD command to analyze the project:

D:\plugin-decca\apache-maven-3.2.5\bin\mvn.bat -f=D:\RawData\Issue report dataset\Projects\hadoop-rel-release-3.0.0\hadoop-common-project\hadoop-minikdc\pom.xml  -Dmaven.test.skip=true neu.lab:decca:1.0:detect -DresultFilePath=D:\Report\resultFile.xml -DdetectClass=true -e –Dappend=false –e

Then you can get the dependency issue report in your specified directory (e.g., D:\Report\resultFile.xml).