{"id":"https://openalex.org/W4415821354","doi":"https://doi.org/10.1109/tse.2025.3627891","title":"Causes and Canonicalization of Unreproducible Builds in Java","display_name":"Causes and Canonicalization of Unreproducible Builds in Java","publication_year":2025,"publication_date":"2025-11-03","ids":{"openalex":"https://openalex.org/W4415821354","doi":"https://doi.org/10.1109/tse.2025.3627891"},"language":null,"primary_location":{"id":"doi:10.1109/tse.2025.3627891","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tse.2025.3627891","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1109/tse.2025.3627891","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100459476","display_name":"Aman Sharma","orcid":"https://orcid.org/0000-0003-2263-7902"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Aman Sharma","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0003-2263-7902","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086536054","display_name":"Beno\u00eet Baudry","orcid":"https://orcid.org/0000-0002-4015-4640"},"institutions":[{"id":"https://openalex.org/I4210126406","display_name":"Xuzhou Construction Machinery Group (China)","ror":"https://ror.org/02y5rmj89","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210126406"]},{"id":"https://openalex.org/I70931966","display_name":"Universit\u00e9 de Montr\u00e9al","ror":"https://ror.org/0161xgx34","country_code":"CA","type":"education","lineage":["https://openalex.org/I70931966"]}],"countries":["CA","CN"],"is_corresponding":false,"raw_author_name":"Benoit Baudry","raw_affiliation_strings":["Universit&#x00E9; de Montr&#x00E9;al, Montr&#x00E9;al, Canada","Universit&#x00E9; de Montr&#x00E9;al Montr&#x00E9;al, Canada"],"raw_orcid":"https://orcid.org/0000-0002-4015-4640","affiliations":[{"raw_affiliation_string":"Universit&#x00E9; de Montr&#x00E9;al, Montr&#x00E9;al, Canada","institution_ids":["https://openalex.org/I4210126406","https://openalex.org/I70931966"]},{"raw_affiliation_string":"Universit&#x00E9; de Montr&#x00E9;al Montr&#x00E9;al, Canada","institution_ids":["https://openalex.org/I4210126406","https://openalex.org/I70931966"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5027206285","display_name":"Martin Monperrus","orcid":"https://orcid.org/0000-0003-3505-3383"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Martin Monperrus","raw_affiliation_strings":["KTH Royal Institute of Technology, Stockholm, Sweden"],"raw_orcid":"https://orcid.org/0000-0003-3505-3383","affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100459476"],"corresponding_institution_ids":["https://openalex.org/I86987016"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.44659762,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"52","issue":"1","first_page":"54","last_page":"69"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.7698000073432922,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.7698000073432922,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.08100000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.04699999839067459,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/artifact","display_name":"Artifact (error)","score":0.6711999773979187},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.6521000266075134},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.515500009059906},{"id":"https://openalex.org/keywords/taxonomy","display_name":"Taxonomy (biology)","score":0.5146999955177307},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.38109999895095825},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.3718000054359436},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.3571999967098236},{"id":"https://openalex.org/keywords/legacy-system","display_name":"Legacy system","score":0.3424000144004822}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.86080002784729},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.6711999773979187},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.6521000266075134},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.6075000166893005},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.515500009059906},{"id":"https://openalex.org/C58642233","wikidata":"https://www.wikidata.org/wiki/Q8269924","display_name":"Taxonomy (biology)","level":2,"score":0.5146999955177307},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.38109999895095825},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.3718000054359436},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.36480000615119934},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.3571999967098236},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.3424000144004822},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.33480000495910645},{"id":"https://openalex.org/C15524039","wikidata":"https://www.wikidata.org/wiki/Q865817","display_name":"Java applet","level":3,"score":0.32109999656677246},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3052999973297119},{"id":"https://openalex.org/C18640598","wikidata":"https://www.wikidata.org/wiki/Q259322","display_name":"JavaBeans","level":3,"score":0.29670000076293945},{"id":"https://openalex.org/C2779818221","wikidata":"https://www.wikidata.org/wiki/Q837330","display_name":"Bytecode","level":3,"score":0.28290000557899475},{"id":"https://openalex.org/C199519371","wikidata":"https://www.wikidata.org/wiki/Q942695","display_name":"Source lines of code","level":3,"score":0.26570001244544983},{"id":"https://openalex.org/C198140048","wikidata":"https://www.wikidata.org/wiki/Q10859422","display_name":"Software versioning","level":3,"score":0.26089999079704285},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.2574000060558319}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tse.2025.3627891","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tse.2025.3627891","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:zenodo.org:17544773","is_oa":true,"landing_page_url":"https://doi.org/10.1109/TSE.2025.3627891","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/other"}],"best_oa_location":{"id":"doi:10.1109/tse.2025.3627891","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tse.2025.3627891","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"increasing":[1],"complexity":[2],"of":[3,10,70,90,115,119,167,177],"software":[4,18,31],"supply":[5,11],"chains":[6],"and":[7,21,73,109,126,131,180],"the":[8,76,163],"rise":[9],"chain":[12],"attacks":[13],"have":[14],"elevated":[15],"concerns":[16],"around":[17],"integrity.":[19],"Users":[20],"stakeholders":[22],"face":[23],"significant":[24],"challenges":[25],"in":[26,64,75,86,171,191],"validating":[27],"that":[28,45,145],"a":[29,68,95,103,112,143,173,184],"given":[30],"artifact":[32,125],"corresponds":[33],"to":[34,67,141,151],"its":[35],"declared":[36],"source.":[37],"Reproducible":[38,107],"Builds":[39],"address":[40],"this":[41,80],"challenge":[42],"by":[43],"ensuring":[44],"independently":[46],"performed":[47],"builds":[48,190],"from":[49,106,149],"identical":[50,54],"source":[51],"code":[52],"produce":[53],"binaries.":[55],"However,":[56],"achieving":[57],"reproducibility":[58,85,147],"at":[59],"scale":[60],"remains":[61],"difficult,":[62],"especially":[63],"Java,":[65,172],"due":[66],"range":[69],"non-deterministic":[71],"factors":[72],"caveats":[74],"build":[77,168],"process.":[78],"In":[79],"work,":[81],"we":[82,101,110,135],"focus":[83],"on":[84,153],"Java-based":[87],"software,":[88],"archetypal":[89],"enterprise":[91],"applications.":[92],"We":[93,121],"introduce":[94],"conceptual":[96],"framework":[97],"for":[98,187],"reproducible":[99],"builds,":[100,179],"analyze":[102],"large":[104],"dataset":[105,176],"Central,":[108],"develop":[111],"novel":[113],"taxonomy":[114,166],"six":[116],"root":[117],"causes":[118,170],"unreproducibility.":[120],"study":[122],"actionable":[123],"mitigations:":[124],"bytecode":[127],"canonicalization":[128,185],"using":[129],"OSS-Rebuild":[130],"jNorm":[132],"respectively.":[133],"Finally,":[134],"present":[136],"<sc":[137,181],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[138,182],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Chains-Rebuild</small>":[139],"(improvements":[140],"OSS-Rebuild),":[142],"tool":[144,186],"raises":[146],"success":[148],"9.48%":[150],"26.60%":[152],"12,803":[154],"unreproducible":[155,178,189],"artifacts.":[156],"To":[157],"sum":[158],"up,":[159],"our":[160],"contributions":[161],"are":[162],"first":[164],"large-scale":[165],"unreproducibility":[169],"publicly":[174],"available":[175],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Chains-Rebuild</small>,":[183],"mitigating":[188],"Java.":[192]},"counts_by_year":[],"updated_date":"2026-01-14T23:40:02.550235","created_date":"2025-11-03T00:00:00"}