第三方API库是软件项目的重要组成部分，可以提高开发效率、缩短开发和交付时间、提高软件质量。然而，为了增加新特性或修复缺陷，第三方库在不断演化，不定期地发布新版本。这就给使用第三方库的软件项目的维护带来了严峻的挑战：开发人员难以及时更新第三方库、难以理解第三方库更新内容、难以进行第三方库更新集成和测试、甚至不知道特定第三方库的存在。针对这些问题，本项目以GitHub上海量JAVA开源项目及Maven上第三方库为基础，研究第三方库在JAVA开源项目中使用和更新的实践现状，定量评估第三方库对JAVA开源项目带来的风险；研究第三方库版本更新的语义理解，分析第三方库版本之间的API语义差异及其分类；研究第三方库在JAVA开源项目中的自动化推荐，降低第三方库对开源项目带来的风险及维护代价。在以上技术研究的基础上，本项目将研制面向第三方库的知识库系统和分析平台，支持开源项目和和第三方库的在线分析。

Third-party libraries have been a key component of software systems. They can improve the development efficiency, reduce the development and delivery time, and improve the overall software quality. However, third-party libraries are continuously evolving by releasing new versions to add new functionalities or fix bugs. Therefore, several challenges arise for the maintenance of software systems: developers cannot timely update the new versions of third-party libraries, cannot precisely understand the semantic differences of the new versions, cannot effectively integrate the new versions, or even do not know the existence of certain third-party libraries. To address these challenges, the proposed project will use the JAVA projects hosted on GitHub as well as the third-party libraries on Maven as the knowledge base to conduct researches on third-party libraries. Firstly, this project will conduct an empirical study to understand the usage and update of third-party libraries in JAVA projects and to assess the risk of third-party libraries on JAVA projects. Secondly, this project will analyze the semantic differences between the versions of third-party libraries and their classification. Thirdly, this project will propose novel approaches to automatically recommend and update third-party libraries, which can effectively mitigate the risk of third-party libraries on JAVA projects. Finally, based on the results of the above three research directions, this project will build a knowledge system and analysis platform for third-party libraries, which can support the online analysis of third-party libraries and JAVA projects.