Modern programming languages such as Java, JavaScript, and Rust encourage software reuse by hosting diverse and fast-growing repositories of highly interdependent packages (i.e., reusable libraries) for their users. The standard way to study the interdependence between software packages is to infer a package dependency network by parsing manifest data. Such networks help answer questions such as "How many packages have dependencies to packages with known security issues?" or "What are the most used packages?". However, an overlooked aspect in existing studies is that manifest-inferred relationships do not necessarily examine the actual usage of these dependencies in source code. To better model dependencies between packages, we developed Pr\"azi, an approach combining manifests and call graphs of packages. Pr\"azi constructs a dependency network at the more fine-grained function-level, instead of at the manifest level. This paper discusses a prototypical Pr\"azi implementation for the popular system programming language Rust. We use Pr\"azi to characterize Rust's package repository, Cratesio, at the function level and perform a comparative study with metadata-based networks. Our results show that metadata-based networks generalize how packages use their dependencies. Using Pr\"azi, we find packages call only 40% of their resolved dependencies, and that manual analysis of 34 cases reveals that not all packages use a dependency the same way. We argue that researchers and practitioners interested in understanding how developers or programs use dependencies should account for its context -- not the sum of all resolved dependencies.

翻译：诸如 Java、 JavaScript 和 Rust 等现代编程语言, 如 Java、 JavaScript 和 Rust 等现代编程语言, 通过托管高度相互依存的软件包库( 即可再利用的图书馆) 来鼓励软件再利用。 研究软件包之间相互依存性的标准方法是通过分析显示数据来推断软件包依赖网络。 这些网络帮助解答诸如“ 有多少软件包依赖已知安全问题的软件包?” 或“ 哪些软件包最容易使用? ” 等问题。 然而, 现有研究中一个被忽视的方面是, 显而易见的可靠性关系不一定审查这些源码依赖性软件库的实际使用情况。 为了更好地模拟软件包之间的依赖性, 我们开发了Pr\\ “ azi ” 方法, 将软件包的列表和调用软件包的图表组合结合起来。 Pr\ “ zizi” 构建了一个更精细的依附网络, 本文讨论大众系统编程语言“ Rust ” 的“ 。 我们使用“ 可靠” 定义 来描述所有Rust 软件库的软件库库库,, 而不是功能环境, 我们使用一个比较化的模型分析。 我们使用基于元数据基的模型的模型的模型, 我们使用这些结果, 使用一个基于的模型的模型的模型的计算。