Skip to main content
SpringerLink
Log in

Detecting API-Misuse Based on Pattern Mining via API Usage Graph with Parameters

  • Conference paper
  • First Online:
Theoretical Aspects of Software Engineering (TASE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13931))

Included in the following conference series:

  • 370 Accesses

Abstract

API misuse is a common issue that can trigger software crashes, bugs, and vulnerabilities. To address this problem, researchers have proposed pattern-based violation detectors that automatically extract patterns from code. However, these detectors have demonstrated low precision in detecting API misuses. In this paper, we propose a novel API misuse detector. Our proposed detector initially extracts API usages from the code and represents them as API Usage Graphs with Parameters (AUGPs). Utilizing the association rule algorithm, it then mines the binary rules, which are subsequently employed to detect the possible violations. The experimental results show that, comparing against five state-of-the-art detectors on the public dataset MuBench, our detector achieves the highest precision (1x more precise than the second-best one) and the highest F1-score (\(50\%\) higher than the second-best one).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In WALA, there would be a temporary variable for this expression.

  2. 2.

    https://wala.sourceforge.net/wiki/index.php/UserGuide:Technical_Overview.

References

  1. Amann, S., Nadi, S., Nguyen, H.A., Nguyen, T.N., Mezini, M.: Mubench: a benchmark for api-misuse detectors. In: MSR, pp. 464–467. ACM (2016)

    Google Scholar 

  2. Amann, S., Nguyen, H.A., Nadi, S., Nguyen, T.N., Mezini, M.: Investigating next steps in static api-misuse detection. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26–27 May 2019, Montreal, Canada, pp. 265–275. IEEE / ACM (2019)

    Google Scholar 

  3. Amann, S., Nguyen, H.A., Nadi, S., Nguyen, T.N., Mezini, M.: A systematic evaluation of static api-misuse detectors. IEEE Trans. Software Eng. 45(12), 1170–1188 (2019)

    Article  Google Scholar 

  4. Ammons, G., Bodík, R., Larus, J.R.: Mining specifications. In: POPL, pp. 4–16. ACM (2002)

    Google Scholar 

  5. Fowkes, J.M., Sutton, C.: Parameter-free probabilistic API mining across github. In: SIGSOFT FSE, pp. 254–265. ACM (2016)

    Google Scholar 

  6. Gabel, M., Su, Z.: Online inference and enforcement of temporal properties. In: ICSE (1), pp. 15–24. ACM (2010)

    Google Scholar 

  7. Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann (2000)

    Google Scholar 

  8. Han, J., Pei, J., Yin, Y.: Mining frequent patterns without candidate generation. In: SIGMOD Conference, pp. 1–12. ACM (2000)

    Google Scholar 

  9. Kang, H.J., Lo, D.: Active learning of discriminative subgraph patterns for api misuse detection. IEEE Trans. Software Eng. 48(8), 2761–2783 (2022)

    Article  Google Scholar 

  10. Krüger, S., Späth, J., Ali, K., Bodden, E., Mezini, M.: Crysl: an extensible approach to validating the correct usage of cryptographic apis. IEEE Trans. Software Eng. 47(11), 2382–2400 (2021)

    Article  Google Scholar 

  11. Legunsen, O., Hassan, W.U., Xu, X., Rosu, G., Marinov, D.: How good are the specs? a study of the bug-finding effectiveness of existing java API specifications. In: ASE, pp. 602–613. ACM (2016)

    Google Scholar 

  12. Li, Z., Zhou, Y.: Pr-miner: automatically extracting implicit programming rules and detecting violations in large software code. In: ESEC/SIGSOFT FSE, pp. 306–315. ACM (2005)

    Google Scholar 

  13. Liang, B., Bian, P., Zhang, Y., Shi, W., You, W., Cai, Y.: Antminer: mining more bugs by reducing noise interference. In: ICSE, pp. 333–344. ACM (2016)

    Google Scholar 

  14. Lindig, C.: Mining patterns and violations using concept analysis. In: The Art and Science of Analyzing Software Data, pp. 17–38. Morgan Kaufmann / Elsevier (2015)

    Google Scholar 

  15. Monperrus, M., Bruch, M., Mezini, M.: Detecting missing method calls in object-oriented software. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 2–25. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14107-2_2

    Chapter  Google Scholar 

  16. Mover, S., Sankaranarayanan, S., Olsen, R.B.P., Chang, B.E.: Mining framework usage graphs from app corpora. In: SANER, pp. 277–289. IEEE Computer Society (2018)

    Google Scholar 

  17. Nguyen, T.T., Pham, H.V., Vu, P.M., Nguyen, T.T.: Recommending API usages for mobile apps with hidden markov model. In: ASE, pp. 795–800. IEEE Computer Society (2015)

    Google Scholar 

  18. Nguyen, T.T., Pham, H.V., Vu, P.M., Nguyen, T.T.: Learning API usages from bytecode: a statistical approach. In: ICSE, pp. 416–427. ACM (2016)

    Google Scholar 

  19. Nguyen, T.T., Nguyen, H.A., Pham, N.H., Al-Kofahi, J.M., Nguyen, T.N.: Graph-based mining of multiple object usage patterns. In: ESEC/SIGSOFT FSE, pp. 383–392. ACM (2009)

    Google Scholar 

  20. Ramanathan, M.K., Grama, A., Jagannathan, S.: Path-sensitive inference of function precedence protocols. In: 29th International Conference on Software Engineering (ICSE’07), pp. 240–250 (2007). https://doi.org/10.1109/ICSE.2007.63

  21. Wang, J., Dang, Y., Zhang, H., Chen, K., Xie, T., Zhang, D.: Mining succinct and high-coverage API usage patterns from source code. In: MSR, pp. 319–328. IEEE Computer Society (2013)

    Google Scholar 

  22. Wasylkowski, A., Zeller, A.: Mining temporal specifications from object usage. Autom. Softw. Eng. 18(3–4), 263–292 (2011)

    Article  Google Scholar 

  23. Wasylkowski, A., Zeller, A., Lindig, C.: Detecting object usage anomalies. In: ESEC/SIGSOFT FSE, pp. 35–44. ACM (2007)

    Google Scholar 

  24. Zeng, H., Chen, J., Shen, B., Zhong, H.: Mining api constraints from library and client to detect api misuses. In: 2021 28th Asia-Pacific Software Engineering Conference (APSEC), pp. 161–170 (2021)

    Google Scholar 

  25. Zhang, T., Upadhyaya, G., Reinhardt, A., Rajan, H., Kim, M.: Are code examples on an online q &a forum reliable?: a study of API misuse on stack overflow. In: ICSE, pp. 886–896. ACM (2018)

    Google Scholar 

  26. Zhong, H., Mei, H.: An empirical study on API usages. IEEE Trans. Software Eng. 45(4), 319–334 (2019)

    Article  Google Scholar 

  27. Zhong, H., Xie, T., Zhang, L., Pei, J., Mei, H.: MAPO: mining and recommending API usage patterns. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 318–343. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03013-0_15

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China (Nos. 61836005 and 61972260).

Author information

Authors and Affiliations

  1. College of Computer Science and Software Engineering, Shenzhen University, Shenzhen, China

    Yulin Wu & Zhiwu Xu

  2. School of Computer Science and Technology, Xidian University, Xian, China

    Shengchao Qin

Authors
  1. Yulin Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiwu Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shengchao Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhiwu Xu .

Editor information

Editors and Affiliations

  1. University of Bristol, Bristol, UK

    Cristina David

  2. Peking University, Beijing, China

    Meng Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wu, Y., Xu, Z., Qin, S. (2023). Detecting API-Misuse Based on Pattern Mining via API Usage Graph with Parameters. In: David, C., Sun, M. (eds) Theoretical Aspects of Software Engineering. TASE 2023. Lecture Notes in Computer Science, vol 13931. Springer, Cham. https://doi.org/10.1007/978-3-031-35257-7_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35257-7_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35256-0

  • Online ISBN: 978-3-031-35257-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation