Litcius/Paper detail

ARBITRAR: User-Guided API Misuse Detection

Ziyang Li, Aravind Machiry, Binghong Chen, Mayur Naik, Ke Wang, Le Song

202121 citationsDOI

Abstract

Software APIs exhibit rich diversity and complexity which not only renders them a common source of programming errors but also hinders program analysis tools for checking them. Such tools either expect a precise API specification, which requires program analysis expertise, or presume that correct API usages follow simple idioms that can be automatically mined from code, which suffers from poor accuracy. We propose a new approach that allows regular programmers to find API misuses. Our approach interacts with the user to classify valid and invalid usages of each target API method. It minimizes user burden by employing an active learning algorithm that ranks API usages by their likelihood of being invalid. We implemented our approach in a tool called ARBITRAR for C/C++ programs, and applied it to check the uses of 18 API methods in 21 large real-world programs, including OpenSSL and Linux Kernel. Within just 3 rounds of user interaction on average per API method, ARBITRAR found 40 new bugs, with patches accepted for 18 of them. Moreover, ARBITRAR finds all known bugs reported by a state-of-the-art tool APISAN in a benchmark suite comprising 92 bugs with a false positive rate of only 51.5% compared to APISAN’s 87.9%.

Topics & Concepts

Computer scienceSuiteBenchmark (surveying)Software bugProgramming languageApplication programming interfaceLinux kernelKernel (algebra)Code (set theory)Source codeSoftwareOperating systemCombinatoricsGeodesyArchaeologyGeographyMathematicsSet (abstract data type)HistorySoftware Engineering ResearchSoftware Testing and Debugging TechniquesAdvanced Malware Detection Techniques
ARBITRAR: User-Guided API Misuse Detection | Litcius