Cooperative API Misuse Detection Using Correction Rules

Sebastian Nielebock; Robert Heumüller; Jacob Krüger; Frank Ortmeier

doi:10.1145/3377816.3381735

Cooperative API Misuse Detection Using Correction Rules

Sebastian Nielebock, Robert Heumüller, Jacob Krüger, Frank Ortmeier

Engineering of Software-Intensive Systems

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

Samenvatting

Application Programming Interfaces (APIs) grant developers access to the functionalities of code libraries. Due to missing knowledge of how an API is correctly used, developers can unintentionally misuse APIs, and thus introduce bugs. To tackle this issue, recent techniques aim to automatically infer specifications for correct API usage and detect misuses. Unfortunately, these techniques suffer from high false-positive rates, leading to many false alarms. While we believe that existing techniques will improve in the future, in this paper, we propose to investigate a different route: We assume that a developer manually detected and fixed an API misuse relating to a third-party library. Based on the change, we can infer a correction rule for the API misuse. Then, we can use this correction rule to detect the same and similar API misuses in the same or other projects. This represents a cooperative technique to transfer the knowledge of API-misuse fixes to other developers. We report promising insights on an implementation and empirical evidence on the applicability of our technique based on 43 real-world API misuses.

Originele taal-2	Engels
Titel	International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER)
Uitgeverij	Association for Computing Machinery, Inc
Pagina's	73-76
Aantal pagina's	4
DOI's	https://doi.org/10.1145/3377816.3381735
Status	Gepubliceerd - 2020

Bibliografische nota

DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

Toegang tot document

10.1145/3377816.3381735

Citeer dit

@inproceedings{247baa20276341669fec41b7ae87bbf7,

title = "Cooperative API Misuse Detection Using Correction Rules",

abstract = "Application Programming Interfaces (APIs) grant developers access to the functionalities of code libraries. Due to missing knowledge of how an API is correctly used, developers can unintentionally misuse APIs, and thus introduce bugs. To tackle this issue, recent techniques aim to automatically infer specifications for correct API usage and detect misuses. Unfortunately, these techniques suffer from high false-positive rates, leading to many false alarms. While we believe that existing techniques will improve in the future, in this paper, we propose to investigate a different route: We assume that a developer manually detected and fixed an API misuse relating to a third-party library. Based on the change, we can infer a correction rule for the API misuse. Then, we can use this correction rule to detect the same and similar API misuses in the same or other projects. This represents a cooperative technique to transfer the knowledge of API-misuse fixes to other developers. We report promising insights on an implementation and empirical evidence on the applicability of our technique based on 43 real-world API misuses.",

keywords = "API Misuse, Misuse Detection, Bug Fix, Testing",

author = "Sebastian Nielebock and Robert Heum{\"u}ller and Jacob Kr{\"u}ger and Frank Ortmeier",

note = "DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",

year = "2020",

doi = "10.1145/3377816.3381735",

language = "English",

pages = "73--76",

booktitle = "International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER)",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

}

Cooperative API Misuse Detection Using Correction Rules. / Nielebock, Sebastian; Heumüller, Robert; Krüger, Jacob et al.
International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER). Association for Computing Machinery, Inc, 2020. blz. 73-76.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Cooperative API Misuse Detection Using Correction Rules

AU - Nielebock, Sebastian

AU - Heumüller, Robert

AU - Krüger, Jacob

AU - Ortmeier, Frank

N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2020

Y1 - 2020

N2 - Application Programming Interfaces (APIs) grant developers access to the functionalities of code libraries. Due to missing knowledge of how an API is correctly used, developers can unintentionally misuse APIs, and thus introduce bugs. To tackle this issue, recent techniques aim to automatically infer specifications for correct API usage and detect misuses. Unfortunately, these techniques suffer from high false-positive rates, leading to many false alarms. While we believe that existing techniques will improve in the future, in this paper, we propose to investigate a different route: We assume that a developer manually detected and fixed an API misuse relating to a third-party library. Based on the change, we can infer a correction rule for the API misuse. Then, we can use this correction rule to detect the same and similar API misuses in the same or other projects. This represents a cooperative technique to transfer the knowledge of API-misuse fixes to other developers. We report promising insights on an implementation and empirical evidence on the applicability of our technique based on 43 real-world API misuses.

AB - Application Programming Interfaces (APIs) grant developers access to the functionalities of code libraries. Due to missing knowledge of how an API is correctly used, developers can unintentionally misuse APIs, and thus introduce bugs. To tackle this issue, recent techniques aim to automatically infer specifications for correct API usage and detect misuses. Unfortunately, these techniques suffer from high false-positive rates, leading to many false alarms. While we believe that existing techniques will improve in the future, in this paper, we propose to investigate a different route: We assume that a developer manually detected and fixed an API misuse relating to a third-party library. Based on the change, we can infer a correction rule for the API misuse. Then, we can use this correction rule to detect the same and similar API misuses in the same or other projects. This represents a cooperative technique to transfer the knowledge of API-misuse fixes to other developers. We report promising insights on an implementation and empirical evidence on the applicability of our technique based on 43 real-world API misuses.

KW - API Misuse

KW - Misuse Detection

KW - Bug Fix

KW - Testing

U2 - 10.1145/3377816.3381735

DO - 10.1145/3377816.3381735

M3 - Conference contribution

SP - 73

EP - 76

BT - International Conference on Software Engineering - New Ideas and Emerging Results (ICSE-NIER)

PB - Association for Computing Machinery, Inc

ER -

Cooperative API Misuse Detection Using Correction Rules

Samenvatting

Bibliografische nota

Toegang tot document

Vingerafdruk

Citeer dit