Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Fri 31 May 2019 14:20 - 14:40 at Duluth - API Analysis Chair(s): Sam Malek

Libraries offer reusable functionality through application programming interfaces (APIs) with usage constraints such as call conditions and orders. Constraint violations, i.e., API misuses, commonly lead to bugs and even security issues. In this paper, we introduce IMChecker, a constraint-directed static analysis toolkit to vet API usages in C programs powered by a domain-specific language (DSL) to specify the API usages. First, we propose a DSL, which covers most API usage constraint types and enables straightforward but precise specification by studying real-world API-misuse bug patches. Then, we design and implement a static analysis engine to automatically parse specifications into checking targets, identify potential API misuses and prune the false positives with rich semantics. We have instantiated IMChecker for C programs with user-friendly graphic interfaces and evaluated the widely used benchmarks and real-world projects. The results show that IMChecker outperforms 4.78-36.25% in precision and 40.25-55.21% w.r.t. state-of-the-arts toolkits. We also found 75 previously unknown bugs in Linux kernel, OpenSSL and applications of Ubuntu, 61 of which have been confirmed by the corresponding development communities.

Fri 31 May

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
API AnalysisTechnical Track / Demonstrations / Papers at Duluth
Chair(s): Sam Malek University of California, Irvine
14:00
20m
Talk
Exposing Library API Misuses via Mutation AnalysisTechnical Track
Technical Track
Ming Wen The Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Rongxin Wu Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Xuan Xie School of Data and Computer Science, Sun Yat-sen University, Guangzhou, China, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Zhendong Su ETH Zurich
14:20
20m
Demonstration
Vetting API Usages in C Programs with IMCheckerDemos
Demonstrations
Zuxing Gu School of Software, Tsinghua University, Jiecheng Wu Tsinghua University, Li Chi Tsinghua University, Min Zhou Tsinghua University, Yu Jiang , Ming Gu Tsinghua University, Jiaguang Sun
Pre-print
14:40
20m
Talk
PIVOT: Learning API-Device Correlations to Facilitate Android Compatibility Issue DetectionACM SIGSOFT Distinguished Artifact AwardArtifacts AvailableArtifacts Evaluated ReusableTechnical Track
Technical Track
Lili Wei The Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology
Pre-print
15:00
20m
Talk
SafeCheck: Safety Enhancement of Java Unsafe APITechnical Track
Technical Track
Shiyou Huang Texas A&M University, Jianmei Guo Alibaba Group, Sanhong Li Alibaba Inc., Xiang Li Alibaba, Yumin Qi Alibaba, Kingsum Chow , Jeff Huang Texas A&M University
15:20
10m
Talk
Discussion Period
Papers