A Systematic Evaluation of Static API-Misuse Detectors

Amann, Sven; Nguyen, Hoan Anh; Nadi, Sarah; Nguyen, Tien N.; Mezini, Mira

doi:10.1109/tse.2018.2827384

Cited by 97 publications

(89 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An interesting example is represented by testing Application Programming Interface (API) uses. APIs misuses [4] are commons as clients may invoke the APIs violating its implicit preconditions. Interesting paths then are those where the client class invokes the APIs without verifying whether the data passed to the APIs satisfy or not its implicit precondition.…”

Section: A Challenge 1: the Path And Condition Explosion Problemmentioning

confidence: 99%

Beyond Unit-Testing in Search-Based Test Case Generation: Challenges and Opportunities

Panichella

2019

2019 IEEE/ACM 12th International Workshop on Search-Based Software Testing (SBST)

View full text Add to dashboard Cite

Over the last decades, white-box search-based techniques have been applied to automate the design and the execution of test cases. While most of the research effort has been devoted to unit-level testing, integration-level test case generation requires to solve several open challenges, such as the combinatorial explosion of conditions or precondition failures. This paper summarizes these challenges in white-box testing and highlights possible research directions to overcome them.

show abstract

Section: A Challenge 1: the Path And Condition Explosion Problemmentioning

confidence: 99%

Beyond Unit-Testing in Search-Based Test Case Generation: Challenges and Opportunities

Panichella

2019

2019 IEEE/ACM 12th International Workshop on Search-Based Software Testing (SBST)

View full text Add to dashboard Cite

show abstract

“…Method names are the intuitive and vital information for developers to understand the behavior of programs or APIs [8]- [11]. Therefore, inconsistent method names can make programs harder to understand and maintain [12]- [18], and may even lead to software defects [19]- [22]. Poor method names are indeed prone to be defective.…”

Section: Introductionmentioning

confidence: 99%

Learning to Spot and Refactor Inconsistent Method Names

Liu

Kim

Bissyandé

et al. 2019

2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)

105

View full text Add to dashboard Cite

To ensure code readability and facilitate software maintenance, program methods must be named properly. In particular, method names must be consistent with the corresponding method implementations. Debugging method names remains an important topic in the literature, where various approaches analyze commonalities among method names in a large dataset to detect inconsistent method names and suggest better ones. We note that the state-of-the-art does not analyze the implemented code itself to assess consistency. We thus propose a novel automated approach to debugging method names based on the analysis of consistency between method names and method code. The approach leverages deep feature representation techniques adapted to the nature of each artifact. Experimental results on over 2.1 million Java methods show that we can achieve up to 15 percentage points improvement over the stateof-the-art, establishing a record performance of 67.9% F1measure in identifying inconsistent method names. We further demonstrate that our approach yields up to 25% accuracy in suggesting full names, while the state-of-the-art lags far behind at 1.1% accuracy. Finally, we report on our success in fixing 66 inconsistent method names in a live study on projects in the wild. Index Terms-Code refactoring, inconsistent method names, deep learning, code embedding. "If you have a good name for a method, you don't need to look at the body."-Fowler et al. [1] * Corresponding authors. public boolean containsField(Field f){ return fieldsList.contains(f);} private ResolvedMember findField(ResolvedType resolvedType,String fieldName){ for(ResolvedMember field : resolvedType.getDeclaredFields()){ if (field.getName().equals(fieldName)){ return field;}} return null;} public Field containsField(String name){ for(Iterator e = this.field_vec.iterator(); e.hasNext();){ Field f = (Field) e.next(); if (f.getName().equals(name)){ return f;}} return null;}

show abstract

“…The fact that apis are opaque to developers is known to lead to incorrect uses (or api misuses [3,4]) since client applications can violate the (implicit) usage constraints (often referred to as contract) of those apis. For example, a violation occurs when a client application calls a method that expects a non-null formal parameter without validating (i.e., via null checks or error handling) the references used as arguments.…”

Section: Introductionmentioning

confidence: 99%

“…For example, a violation occurs when a client application calls a method that expects a non-null formal parameter without validating (i.e., via null checks or error handling) the references used as arguments. A classification of these violations has been made by Amann et al [3,4]. api misuses can cause software reliability problems, originating from issues such as poor handling of user input and resource misuse [3], or even increasing the attack surface of client applications [17,38].…”

Section: Introductionmentioning

confidence: 99%

Effective and efficient API misuse detection via exception propagation and search-based testing

Kechagia

Devroey

Panichella

et al. 2019

Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

Application Programming Interfaces (APIs) typically come with (implicit) usage constraints. The violations of these constraints (API misuses) can lead to software crashes. Even though there are several tools that can detect API misuses, most of them suffer from a very high rate of false positives. We introduce Catcher, a novel API misuse detection approach that combines static exception propagation analysis with automatic search-based test case generation to effectively and efficiently pinpoint crash-prone API misuses in client applications. We validate Catcher against 21 Java applications, targeting misuses of the Java platform's API. Our results indicate that Catcher is able to generate test cases that uncover 243 (unique) API misuses that result in crashes. Our empirical evaluation shows that Catcher can detect a large number of misuses (77 cases) that would remain undetected by the traditional coverage-based test case generator EvoSuite. Additionally, Catcher is on average eight times faster than EvoSuite in generating test cases for the identified misuses. Finally, we find that the majority of the exceptions triggered by Catcher are unexpected to developers i.e., not only unhandled in the source code but also not listed in the documentation of the client applications. CCS CONCEPTS • Software and its engineering → Software libraries and repositories; Error handling and recovery; Software testing and debugging; Search-based software engineering.

show abstract

A Systematic Evaluation of Static API-Misuse Detectors

Cited by 97 publications

References 45 publications

Beyond Unit-Testing in Search-Based Test Case Generation: Challenges and Opportunities

Beyond Unit-Testing in Search-Based Test Case Generation: Challenges and Opportunities

Learning to Spot and Refactor Inconsistent Method Names

Effective and efficient API misuse detection via exception propagation and search-based testing

Contact Info

Product

Resources

About