Investigating next steps in static API-Misuse detection

Amann Sven, Hoan Anh Nguyen, Sarah Nadi, Tien N. Nguyen, Mira Mezini

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Application Programming Interfaces (APIs) often impose constraints such as call order or preconditions. API misuses, i.e., usages violating these constraints, may cause software crashes, data-loss, and vulnerabilities. Researchers developed several approaches to detect API misuses, typically still resulting in low recall and precision. In this work, we investigate ways to improve API-misuse detection. We design MUDetect, an API-misuse detector that builds on the strengths of existing detectors and tries to mitigate their weaknesses. MUDetect uses a new graph representation of API usages that captures different types of API misuses and a systematically designed ranking strategy that effectively improves precision. Evaluation shows that MUDetect identifies real-world API misuses with twice the recall of previous detectors and 2.5x higher precision. It even achieves almost 4x higher precision and recall, when mining patterns across projects, rather than from only the target project.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE/ACM 16th International Conference on Mining Software Repositories, MSR 2019
PublisherIEEE Computer Society
Pages265-275
Number of pages11
ISBN (Electronic)9781728134123
DOIs
StatePublished - May 2019
Event16th IEEE/ACM International Conference on Mining Software Repositories, MSR 2019 - Montreal, Canada
Duration: May 26 2019May 27 2019

Publication series

NameIEEE International Working Conference on Mining Software Repositories
Volume2019-May
ISSN (Print)2160-1852
ISSN (Electronic)2160-1860

Conference

Conference16th IEEE/ACM International Conference on Mining Software Repositories, MSR 2019
Country/TerritoryCanada
CityMontreal
Period5/26/195/27/19

Keywords

  • Api misuse detection
  • Benchmark
  • Empirical study
  • Graph mining
  • Mubench

ASJC Scopus subject areas

  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Investigating next steps in static API-Misuse detection'. Together they form a unique fingerprint.

Cite this