Toward Better Dependency Management in Python Projects - MSc Thesis Defense by: Sadman Jashim Sakib

Friday, May 9, 2025 - 11:30

The School of Computer Science is pleased to present…

Toward Better Dependency Management in Python Projects
MSc Thesis Defense by: Sadman Jashim Sakib

 

Date: Friday, May 9th, 2025

Time:  11:30 AM

Location: Biology Building, Room 113

 

Abstract:

Modern software development heavily relies on third-party packages to accelerate progress, yet two critical challenges persist: managing dependency conflicts during installation and addressing the frequent absence or incompleteness of configuration files in Python projects. These issues disrupt workflow efficiency, degrade system stability, and hinder reproducibility. To tackle these distinct problems, we introduce two separate tools. At first, SMTpip leverages Satisfiability Modulo Theories (SMT) solvers to resolve third-party package dependency conflicts and Python version incompatibilities during installation, ensuring a reproducible and conflict-free environment for Python projects. SMTpip constructs a comprehensive dependency knowledge graph by analyzing metadata from the Python Package Index (PyPI) and translates client project requirements, such as Python version constraints and library dependency constraints, into SMT expressions to find an optimal, conflict-free installation process. Evaluated on four datasets from open-source repositories, SMTpip accurately distinguishes between consistent and inconsistent dependency conflicts and achieves significant speedups: 39× faster than pip, 37× faster than Conda, 3.2× faster than smartPip, and 4× faster than PyEGo. Additionally, we introduce a generator tool, an automated approach to generating requirements.txt files for Python projects lacking dependency specifications. This tool addresses the challenges of identifying libraries and their compatible versions through code parsing. When tested on 3,081 notebooks, the generator tool successfully generated requirements.txt files and enabled the execution of 1,230 notebooks, achieving a 39.92% success rate—nearly twice that of pipreqs (20.84%, or 642 notebooks). Failures were primarily due to non-dependency issues, highlighting challenges beyond dependency resolution. These tools reduce developer effort and enhance project reproducibility by ensuring consistent software environments and automating dependency specification. Both SMTpip and the generator tool are publicly available to facilitate reproducibility and broader adoption

 

Keywords: Python, SMT Solver, Dependency Management, Dependency Conflict, Conflict Resolution
 
Thesis Committee:

Internal Reader: Dr. Jessica Chen

External Reader: Dr. Mohammad Hassanzadeh

Advisor(s): Dr. Curtis Bright & Dr. Muhammad Asaduzzaman

Chair:    Dr. Usama Mir

Register Link ( only MAC students need to pre-register)