Exposing Library API Misuses via Mutation AnalysisTechnical Track
Misuses of library APIs are pervasive and often lead to software bugs. Various static analysis tools have been proposed to detect API misuses. They often involve mining frequent patterns from a large number of correct API usage examples, which can be hard to obtain in practice. They also suffer from low precision due to an over-simplified assumption that a deviation from frequent usage patterns indicates a misuse. We make two observations on the detection of API misuses. First, API misuses can be represented as mutants of the corresponding correct usages. Second, whether a mutant will introduce a misuse can be validated via executing it against a test suite and analyzing the execution information. Based on these observations, we propose MutApi, the first approach to discovering API misuse patterns vis mutation analysis. To effectively mimic API misuses based on correct usages, we first design eight novel mutation operators according to the common characteristics of API misuses. MutApi generates mutants by applying these operators on client projects and collects mutant-killing tests as well as the concerned stack traces. Misuse patterns are discovered from the killed mutants that are prioritized according to their likelihood of causing API misuses based on the collected information. We applied MutApi on 73 popular Java APIs and 16 client projects for mutation analysis. The results show that MutApi can discover substantial API misuse patterns with a high precision of 0.78. It also achieves a recall of 0.49 on the MuBench benchmark, which significantly outperforms the state-of-the-art techniques.
Fri 31 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | API AnalysisTechnical Track / Demonstrations / Papers at Duluth Chair(s): Sam Malek University of California, Irvine | ||
14:00 20mTalk | Exposing Library API Misuses via Mutation AnalysisTechnical Track Technical Track Ming Wen The Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Rongxin Wu Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Xuan Xie School of Data and Computer Science, Sun Yat-sen University, Guangzhou, China, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Zhendong Su ETH Zurich | ||
14:20 20mDemonstration | Vetting API Usages in C Programs with IMCheckerDemos Demonstrations Zuxing Gu School of Software, Tsinghua University, Jiecheng Wu Tsinghua University, Li Chi Tsinghua University, Min Zhou Tsinghua University, Yu Jiang , Ming Gu Tsinghua University, Jiaguang Sun Pre-print | ||
14:40 20mTalk | PIVOT: Learning API-Device Correlations to Facilitate Android Compatibility Issue DetectionTechnical Track Technical Track Lili Wei The Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Department of Computer Science and Engineering, The Hong Kong University of Science and Technology Pre-print | ||
15:00 20mTalk | SafeCheck: Safety Enhancement of Java Unsafe APITechnical Track Technical Track Shiyou Huang Texas A&M University, Jianmei Guo Alibaba Group, Sanhong Li Alibaba Inc., Xiang Li Alibaba, Yumin Qi Alibaba, Kingsum Chow , Jeff Huang Texas A&M University | ||
15:20 10mTalk | Discussion Period Papers |