Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Fri 31 May 2019 14:20 - 14:40 at Duluth - API Analysis Chair(s): Sam Malek

Libraries offer reusable functionality through application programming interfaces (APIs) with usage constraints such as call conditions and orders. Constraint violations, i.e., API misuses, commonly lead to bugs and even security issues. In this paper, we introduce IMChecker, a constraint-directed static analysis toolkit to vet API usages in C programs powered by a domain-specific language (DSL) to specify the API usages. First, we propose a DSL, which covers most API usage constraint types and enables straightforward but precise specification by studying real-world API-misuse bug patches. Then, we design and implement a static analysis engine to automatically parse specifications into checking targets, identify potential API misuses and prune the false positives with rich semantics. We have instantiated IMChecker for C programs with user-friendly graphic interfaces and evaluated the widely used benchmarks and real-world projects. The results show that IMChecker outperforms 4.78-36.25% in precision and 40.25-55.21% w.r.t. state-of-the-arts toolkits. We also found 75 previously unknown bugs in Linux kernel, OpenSSL and applications of Ubuntu, 61 of which have been confirmed by the corresponding development communities.

Fri 31 May
Times are displayed in time zone: Eastern Time (US & Canada) change

14:00 - 15:30: API AnalysisPapers / Technical Track / Demonstrations at Duluth
Chair(s): Sam MalekUniversity of California, Irvine
14:00 - 14:20
Talk
Exposing Library API Misuses via Mutation AnalysisTechnical Track
Technical Track
Ming WenThe Hong Kong University of Science and Technology, Yepang LiuSouthern University of Science and Technology, Rongxin WuDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology, Xuan XieSchool of Data and Computer Science, Sun Yat-sen University, Guangzhou, China, Shing-Chi CheungDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology, Zhendong SuETH Zurich
14:20 - 14:40
Demonstration
Vetting API Usages in C Programs with IMCheckerDemos
Demonstrations
Zuxing GuSchool of Software, Tsinghua University, Jiecheng WuTsinghua University, Li ChiTsinghua University, Min ZhouTsinghua University, Yu Jiang, Ming GuTsinghua University, Jiaguang Sun
Pre-print
14:40 - 15:00
Talk
PIVOT: Learning API-Device Correlations to Facilitate Android Compatibility Issue DetectionACM SIGSOFT Distinguished Artifact AwardArtifacts AvailableArtifacts Evaluated ReusableTechnical Track
Technical Track
Lili WeiThe Hong Kong University of Science and Technology, Yepang LiuSouthern University of Science and Technology, Shing-Chi CheungDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology
Pre-print
15:00 - 15:20
Talk
SafeCheck: Safety Enhancement of Java Unsafe APITechnical Track
Technical Track
Shiyou HuangTexas A&M University, Jianmei GuoAlibaba Group, Sanhong LiAlibaba Inc., Xiang LiAlibaba, Yumin QiAlibaba, Kingsum Chow, Jeff HuangTexas A&M University
15:20 - 15:30
Talk
Discussion Period
Papers