Abstract
API misuse is a common issue that can trigger software crashes, bugs, and vulnerabilities. To address this problem, researchers have proposed pattern-based violation detectors that automatically extract patterns from code. However, these detectors have demonstrated low precision in detecting API misuses. In this paper, we propose a novel API misuse detector. Our proposed detector initially extracts API usages from the code and represents them as API Usage Graphs with Parameters (AUGPs). Utilizing the association rule algorithm, it then mines the binary rules, which are subsequently employed to detect the possible violations. The experimental results show that, comparing against five state-of-the-art detectors on the public dataset MuBench, our detector achieves the highest precision (1x more precise than the second-best one) and the highest F1-score (\(50\%\) higher than the second-best one).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In WALA, there would be a temporary variable for this expression.
- 2.
References
Amann, S., Nadi, S., Nguyen, H.A., Nguyen, T.N., Mezini, M.: Mubench: a benchmark for api-misuse detectors. In: MSR, pp. 464–467. ACM (2016)
Amann, S., Nguyen, H.A., Nadi, S., Nguyen, T.N., Mezini, M.: Investigating next steps in static api-misuse detection. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26–27 May 2019, Montreal, Canada, pp. 265–275. IEEE / ACM (2019)
Amann, S., Nguyen, H.A., Nadi, S., Nguyen, T.N., Mezini, M.: A systematic evaluation of static api-misuse detectors. IEEE Trans. Software Eng. 45(12), 1170–1188 (2019)
Ammons, G., Bodík, R., Larus, J.R.: Mining specifications. In: POPL, pp. 4–16. ACM (2002)
Fowkes, J.M., Sutton, C.: Parameter-free probabilistic API mining across github. In: SIGSOFT FSE, pp. 254–265. ACM (2016)
Gabel, M., Su, Z.: Online inference and enforcement of temporal properties. In: ICSE (1), pp. 15–24. ACM (2010)
Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann (2000)
Han, J., Pei, J., Yin, Y.: Mining frequent patterns without candidate generation. In: SIGMOD Conference, pp. 1–12. ACM (2000)
Kang, H.J., Lo, D.: Active learning of discriminative subgraph patterns for api misuse detection. IEEE Trans. Software Eng. 48(8), 2761–2783 (2022)
Krüger, S., Späth, J., Ali, K., Bodden, E., Mezini, M.: Crysl: an extensible approach to validating the correct usage of cryptographic apis. IEEE Trans. Software Eng. 47(11), 2382–2400 (2021)
Legunsen, O., Hassan, W.U., Xu, X., Rosu, G., Marinov, D.: How good are the specs? a study of the bug-finding effectiveness of existing java API specifications. In: ASE, pp. 602–613. ACM (2016)
Li, Z., Zhou, Y.: Pr-miner: automatically extracting implicit programming rules and detecting violations in large software code. In: ESEC/SIGSOFT FSE, pp. 306–315. ACM (2005)
Liang, B., Bian, P., Zhang, Y., Shi, W., You, W., Cai, Y.: Antminer: mining more bugs by reducing noise interference. In: ICSE, pp. 333–344. ACM (2016)
Lindig, C.: Mining patterns and violations using concept analysis. In: The Art and Science of Analyzing Software Data, pp. 17–38. Morgan Kaufmann / Elsevier (2015)
Monperrus, M., Bruch, M., Mezini, M.: Detecting missing method calls in object-oriented software. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 2–25. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14107-2_2
Mover, S., Sankaranarayanan, S., Olsen, R.B.P., Chang, B.E.: Mining framework usage graphs from app corpora. In: SANER, pp. 277–289. IEEE Computer Society (2018)
Nguyen, T.T., Pham, H.V., Vu, P.M., Nguyen, T.T.: Recommending API usages for mobile apps with hidden markov model. In: ASE, pp. 795–800. IEEE Computer Society (2015)
Nguyen, T.T., Pham, H.V., Vu, P.M., Nguyen, T.T.: Learning API usages from bytecode: a statistical approach. In: ICSE, pp. 416–427. ACM (2016)
Nguyen, T.T., Nguyen, H.A., Pham, N.H., Al-Kofahi, J.M., Nguyen, T.N.: Graph-based mining of multiple object usage patterns. In: ESEC/SIGSOFT FSE, pp. 383–392. ACM (2009)
Ramanathan, M.K., Grama, A., Jagannathan, S.: Path-sensitive inference of function precedence protocols. In: 29th International Conference on Software Engineering (ICSE’07), pp. 240–250 (2007). https://doi.org/10.1109/ICSE.2007.63
Wang, J., Dang, Y., Zhang, H., Chen, K., Xie, T., Zhang, D.: Mining succinct and high-coverage API usage patterns from source code. In: MSR, pp. 319–328. IEEE Computer Society (2013)
Wasylkowski, A., Zeller, A.: Mining temporal specifications from object usage. Autom. Softw. Eng. 18(3–4), 263–292 (2011)
Wasylkowski, A., Zeller, A., Lindig, C.: Detecting object usage anomalies. In: ESEC/SIGSOFT FSE, pp. 35–44. ACM (2007)
Zeng, H., Chen, J., Shen, B., Zhong, H.: Mining api constraints from library and client to detect api misuses. In: 2021 28th Asia-Pacific Software Engineering Conference (APSEC), pp. 161–170 (2021)
Zhang, T., Upadhyaya, G., Reinhardt, A., Rajan, H., Kim, M.: Are code examples on an online q &a forum reliable?: a study of API misuse on stack overflow. In: ICSE, pp. 886–896. ACM (2018)
Zhong, H., Mei, H.: An empirical study on API usages. IEEE Trans. Software Eng. 45(4), 319–334 (2019)
Zhong, H., Xie, T., Zhang, L., Pei, J., Mei, H.: MAPO: mining and recommending API usage patterns. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 318–343. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03013-0_15
Acknowledgements
This work was supported in part by the National Natural Science Foundation of China (Nos. 61836005 and 61972260).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wu, Y., Xu, Z., Qin, S. (2023). Detecting API-Misuse Based on Pattern Mining via API Usage Graph with Parameters. In: David, C., Sun, M. (eds) Theoretical Aspects of Software Engineering. TASE 2023. Lecture Notes in Computer Science, vol 13931. Springer, Cham. https://doi.org/10.1007/978-3-031-35257-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-35257-7_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35256-0
Online ISBN: 978-3-031-35257-7
eBook Packages: Computer ScienceComputer Science (R0)