TY - GEN
T1 - Investigating next steps in static API-Misuse detection
AU - Sven, Amann
AU - Nguyen, Hoan Anh
AU - Nadi, Sarah
AU - Nguyen, Tien N.
AU - Mezini, Mira
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - Application Programming Interfaces (APIs) often impose constraints such as call order or preconditions. API misuses, i.e., usages violating these constraints, may cause software crashes, data-loss, and vulnerabilities. Researchers developed several approaches to detect API misuses, typically still resulting in low recall and precision. In this work, we investigate ways to improve API-misuse detection. We design MUDetect, an API-misuse detector that builds on the strengths of existing detectors and tries to mitigate their weaknesses. MUDetect uses a new graph representation of API usages that captures different types of API misuses and a systematically designed ranking strategy that effectively improves precision. Evaluation shows that MUDetect identifies real-world API misuses with twice the recall of previous detectors and 2.5x higher precision. It even achieves almost 4x higher precision and recall, when mining patterns across projects, rather than from only the target project.
AB - Application Programming Interfaces (APIs) often impose constraints such as call order or preconditions. API misuses, i.e., usages violating these constraints, may cause software crashes, data-loss, and vulnerabilities. Researchers developed several approaches to detect API misuses, typically still resulting in low recall and precision. In this work, we investigate ways to improve API-misuse detection. We design MUDetect, an API-misuse detector that builds on the strengths of existing detectors and tries to mitigate their weaknesses. MUDetect uses a new graph representation of API usages that captures different types of API misuses and a systematically designed ranking strategy that effectively improves precision. Evaluation shows that MUDetect identifies real-world API misuses with twice the recall of previous detectors and 2.5x higher precision. It even achieves almost 4x higher precision and recall, when mining patterns across projects, rather than from only the target project.
KW - Api misuse detection
KW - Benchmark
KW - Empirical study
KW - Graph mining
KW - Mubench
UR - http://www.scopus.com/inward/record.url?scp=85072339756&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072339756&partnerID=8YFLogxK
U2 - 10.1109/MSR.2019.00053
DO - 10.1109/MSR.2019.00053
M3 - Conference contribution
AN - SCOPUS:85072339756
T3 - IEEE International Working Conference on Mining Software Repositories
SP - 265
EP - 275
BT - Proceedings - 2019 IEEE/ACM 16th International Conference on Mining Software Repositories, MSR 2019
PB - IEEE Computer Society
T2 - 16th IEEE/ACM International Conference on Mining Software Repositories, MSR 2019
Y2 - 26 May 2019 through 27 May 2019
ER -