Visible to the public IMSpec: An Extensible Approach to Exploring the Incorrect Usage of APIs

TitleIMSpec: An Extensible Approach to Exploring the Incorrect Usage of APIs
Publication TypeConference Paper
Year of Publication2019
AuthorsGu, Zuxing, Zhou, Min, Wu, Jiecheng, Jiang, Yu, Liu, Jiaxiang, Gu, Ming
Conference Name2019 International Symposium on Theoretical Aspects of Software Engineering (TASE)
Date Publishedjul
KeywordsAPI misuses, API usage constraints, API usage validation, API-misuse bugs, API-misuse detection capability, APIs, application program interfaces, application programming interface, application programming interfaces, bug detection, compositionality, Computer bugs, domain-specific language, Engines, IMSpec rules, large-scale C programs, lightweight domain-specific language, program debugging, program diagnostics, pubcrawl, public domain software, resilience, Resiliency, Semantics, Software, specification languages, static analysis, Syntactics, Tools
AbstractApplication Programming Interfaces (APIs) usually have usage constraints, such as call conditions or call orders. Incorrect usage of these constraints, called API misuse, will result in system crashes, bugs, and even security problems. It is crucial to detect such misuses early in the development process. Though many approaches have been proposed over the last years, recent studies show that API misuses are still prevalent, especially the ones specific to individual projects. In this paper, we strive to improve current API-misuse detection capability for large-scale C programs. First, We propose IMSpec, a lightweight domain-specific language enabling developers to specify API usage constraints in three different aspects (i.e., parameter validation, error handling, and causal calling), which are the majority of API-misuse bugs. Then, we have tailored a constraint guided static analysis engine to automatically parse IMSpec rules and detect API-misuse bugs with rich semantics. We evaluate our approach on widely used benchmarks and real-world projects. The results show that our easily extensible approach performs better than state-of-the-art tools. We also discover 19 previously unknown bugs in real-world open-source projects, all of which have been confirmed by the corresponding developers.
Citation Keygu_imspec_2019