Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
ICSE 2019 (series) / Demonstrations /

Vetting API Usages in C Programs with IMChecker

Demos
Zuxing Gu, Jiecheng Wu, Li Chi, Min Zhou, Yu Jiang, Ming Gu, Jiaguang Sun
ICSE 2019 Demonstrations
Fri 31 May 2019 14:20 - 14:40 at Duluth - API Analysis Chair(s): Sam Malek

Libraries offer reusable functionality through application programming interfaces (APIs) with usage constraints such as call conditions and orders. Constraint violations, i.e., API misuses, commonly lead to bugs and even security issues. In this paper, we introduce IMChecker, a constraint-directed static analysis toolkit to vet API usages in C programs powered by a domain-specific language (DSL) to specify the API usages. First, we propose a DSL, which covers most API usage constraint types and enables straightforward but precise specification by studying real-world API-misuse bug patches. Then, we design and implement a static analysis engine to automatically parse specifications into checking targets, identify potential API misuses and prune the false positives with rich semantics. We have instantiated IMChecker for C programs with user-friendly graphic interfaces and evaluated the widely used benchmarks and real-world projects. The results show that IMChecker outperforms 4.78-36.25% in precision and 40.25-55.21% w.r.t. state-of-the-arts toolkits. We also found 75 previously unknown bugs in Linux kernel, OpenSSL and applications of Ubuntu, 61 of which have been confirmed by the corresponding development communities.

http://tomgu1991.github.io/blog/Research/ICSE-Demo-592.pdf
Zuxing Gu
Zuxing Gu
School of Software, Tsinghua University
China
small-avatar
Jiecheng Wu
Tsinghua University
small-avatar
Li Chi
Tsinghua University
small-avatar
Min Zhou
Tsinghua University
small-avatar
Yu Jiang
small-avatar
Ming Gu
Tsinghua University
small-avatar
Jiaguang Sun

Fri 31 May
Times are displayed in time zone: Eastern Time (US & Canada) change

14:00 - 15:30: API AnalysisPapers / Technical Track / Demonstrations at Duluth
Chair(s): Sam MalekUniversity of California, Irvine
14:00 - 14:20
Talk		Exposing Library API Misuses via Mutation AnalysisTechnical Track
Technical Track
Ming WenThe Hong Kong University of Science and Technology, Yepang LiuSouthern University of Science and Technology, Rongxin WuDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology, Xuan XieSchool of Data and Computer Science, Sun Yat-sen University, Guangzhou, China, Shing-Chi CheungDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology, Zhendong SuETH Zurich
14:20 - 14:40
Demonstration		Vetting API Usages in C Programs with IMCheckerDemos
Demonstrations
Zuxing GuSchool of Software, Tsinghua University, Jiecheng WuTsinghua University, Li ChiTsinghua University, Min ZhouTsinghua University, Yu Jiang, Ming GuTsinghua University, Jiaguang Sun
Pre-print
14:40 - 15:00
Talk		PIVOT: Learning API-Device Correlations to Facilitate Android Compatibility Issue DetectionACM SIGSOFT Distinguished Artifact AwardArtifacts AvailableArtifacts Evaluated ReusableTechnical Track
Technical Track
Lili WeiThe Hong Kong University of Science and Technology, Yepang LiuSouthern University of Science and Technology, Shing-Chi CheungDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology
Pre-print
15:00 - 15:20
Talk		SafeCheck: Safety Enhancement of Java Unsafe APITechnical Track
Technical Track
Shiyou HuangTexas A&M University, Jianmei GuoAlibaba Group, Sanhong LiAlibaba Inc., Xiang LiAlibaba, Yumin QiAlibaba, Kingsum Chow, Jeff HuangTexas A&M University
15:20 - 15:30
Talk		Discussion Period
Papers