Abstract:Application Programming Interfaces (APIs) often have usage constraints, such as restrictions on call order or call conditions. API misuses, i.e., violations of these constraints, may lead to software crashes, bugs, and vulnerabilities. Though researchers developed many API-misuse detectors over the last two decades, recent studies show that API misuses are still prevalent. Therefore, we need to understand the capabilities and limitations of existing detectors in order to advance the state of the art. In this p… Show more
“…An interesting example is represented by testing Application Programming Interface (API) uses. APIs misuses [4] are commons as clients may invoke the APIs violating its implicit preconditions. Interesting paths then are those where the client class invokes the APIs without verifying whether the data passed to the APIs satisfy or not its implicit precondition.…”
Section: A Challenge 1: the Path And Condition Explosion Problemmentioning
Over the last decades, white-box search-based techniques have been applied to automate the design and the execution of test cases. While most of the research effort has been devoted to unit-level testing, integration-level test case generation requires to solve several open challenges, such as the combinatorial explosion of conditions or precondition failures. This paper summarizes these challenges in white-box testing and highlights possible research directions to overcome them.
“…An interesting example is represented by testing Application Programming Interface (API) uses. APIs misuses [4] are commons as clients may invoke the APIs violating its implicit preconditions. Interesting paths then are those where the client class invokes the APIs without verifying whether the data passed to the APIs satisfy or not its implicit precondition.…”
Section: A Challenge 1: the Path And Condition Explosion Problemmentioning
Over the last decades, white-box search-based techniques have been applied to automate the design and the execution of test cases. While most of the research effort has been devoted to unit-level testing, integration-level test case generation requires to solve several open challenges, such as the combinatorial explosion of conditions or precondition failures. This paper summarizes these challenges in white-box testing and highlights possible research directions to overcome them.
“…Method names are the intuitive and vital information for developers to understand the behavior of programs or APIs [8]- [11]. Therefore, inconsistent method names can make programs harder to understand and maintain [12]- [18], and may even lead to software defects [19]- [22]. Poor method names are indeed prone to be defective.…”
To ensure code readability and facilitate software maintenance, program methods must be named properly. In particular, method names must be consistent with the corresponding method implementations. Debugging method names remains an important topic in the literature, where various approaches analyze commonalities among method names in a large dataset to detect inconsistent method names and suggest better ones. We note that the state-of-the-art does not analyze the implemented code itself to assess consistency. We thus propose a novel automated approach to debugging method names based on the analysis of consistency between method names and method code. The approach leverages deep feature representation techniques adapted to the nature of each artifact. Experimental results on over 2.1 million Java methods show that we can achieve up to 15 percentage points improvement over the stateof-the-art, establishing a record performance of 67.9% F1measure in identifying inconsistent method names. We further demonstrate that our approach yields up to 25% accuracy in suggesting full names, while the state-of-the-art lags far behind at 1.1% accuracy. Finally, we report on our success in fixing 66 inconsistent method names in a live study on projects in the wild. Index Terms-Code refactoring, inconsistent method names, deep learning, code embedding. "If you have a good name for a method, you don't need to look at the body."-Fowler et al. [1] * Corresponding authors. public boolean containsField(Field f){ return fieldsList.contains(f);} private ResolvedMember findField(ResolvedType resolvedType,String fieldName){ for(ResolvedMember field : resolvedType.getDeclaredFields()){ if (field.getName().equals(fieldName)){ return field;}} return null;} public Field containsField(String name){ for(Iterator e = this.field_vec.iterator(); e.hasNext();){ Field f = (Field) e.next(); if (f.getName().equals(name)){ return f;}} return null;}
“…The fact that apis are opaque to developers is known to lead to incorrect uses (or api misuses [3,4]) since client applications can violate the (implicit) usage constraints (often referred to as contract) of those apis. For example, a violation occurs when a client application calls a method that expects a non-null formal parameter without validating (i.e., via null checks or error handling) the references used as arguments.…”
Section: Introductionmentioning
confidence: 99%
“…For example, a violation occurs when a client application calls a method that expects a non-null formal parameter without validating (i.e., via null checks or error handling) the references used as arguments. A classification of these violations has been made by Amann et al [3,4]. api misuses can cause software reliability problems, originating from issues such as poor handling of user input and resource misuse [3], or even increasing the attack surface of client applications [17,38].…”
Application Programming Interfaces (APIs) typically come with (implicit) usage constraints. The violations of these constraints (API misuses) can lead to software crashes. Even though there are several tools that can detect API misuses, most of them suffer from a very high rate of false positives. We introduce Catcher, a novel API misuse detection approach that combines static exception propagation analysis with automatic search-based test case generation to effectively and efficiently pinpoint crash-prone API misuses in client applications. We validate Catcher against 21 Java applications, targeting misuses of the Java platform's API. Our results indicate that Catcher is able to generate test cases that uncover 243 (unique) API misuses that result in crashes. Our empirical evaluation shows that Catcher can detect a large number of misuses (77 cases) that would remain undetected by the traditional coverage-based test case generator EvoSuite. Additionally, Catcher is on average eight times faster than EvoSuite in generating test cases for the identified misuses. Finally, we find that the majority of the exceptions triggered by Catcher are unexpected to developers i.e., not only unhandled in the source code but also not listed in the documentation of the client applications. CCS CONCEPTS • Software and its engineering → Software libraries and repositories; Error handling and recovery; Software testing and debugging; Search-based software engineering.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.