An Empirical Study on API-Misuse Bugs in Open-Source C Programs

Gu, Zuxing; Wu, Jiecheng; Liu, Jiaxiang; Zhou, Min; Gao, Ming

doi:10.1109/compsac.2019.00012

Cited by 13 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The library usage studies have explored the motivation of library migration (Kabinna et al 2016), how to choose the best library candidate (Mileva et al 2009), which version should be used (Mileva et al 2009), and how to automate the migration of the underlying API library from one to another (Wu et al 2015;Kapur et al 2010;Teyton et al 2012). The API usage studies have explored mining API usage patterns (Zhong et al 2009), detecting API misuses (Gu et al 2019;Amann et al 2018;Kechagia et al 2019;Amann et al 2016;Bae et al 2014), studying API evolution (Zhang et al 2021;Shi et al 2011;Dig and Johnson 2006;Kim et al 2011), and automatic refactoring for API changes (Perkins 2005;Thung et al 2020) via documentation (Shi et al 2011;Ko et al 2014;Zhang et al 2021;Dig and Johnson 2006), source code and its change history (Thung et al 2020;Dig and Johnson 2006), and bytecode (Perkins 2005). The majority of API-misuse detectors are via static analysis and suffer from low precision and recall in practice (Gu et al 2019;Amann et al 2018) while Catcher (Kechagia et al 2019) is a hybrid detector for crash-prone API misuses.…”

Section: Api and Library Usagementioning

confidence: 99%

“…In this work we include both static and dynamic API changes since the missing of API parameter validation, redundant API calls, and missing or incorrect exception handling are all regard as API misuses (Gu et al 2019). We do not distinguish the usage of library from that of API since they are connected closely and one can be studied for the other.…”

Section: Api and Library Usagementioning

confidence: 99%

See 1 more Smart Citation

Demystifying regular expression bugs

Wang¹,

Brown

Jennings

et al. 2021

Empir Software Eng

View full text Add to dashboard Cite

Regular expressions cause string-related bugs and open security vulnerabilities for DOS attacks. However, beyond ReDoS (Regular expression Denial of Service), little is known about the extent to which regular expression issues affect software development and how these issues are addressed in practice. We conduct an empirical study of 356 regex-related bugs from merged pull requests in Apache, Mozilla, Facebook, and Google GitHub repositories. We identify and classify the nature of the regular expression problems, the fixes, and the related changes in the test code. The most important findings in this paper are as follows: 1) incorrect regular expression semantics is the dominant root cause of regular expression bugs (165/356, 46.3%). The remaining root causes are incorrect API usage (9.3%) and other code issues that require regular expression changes in the fix (29.5%), 2) fixing regular expression bugs is nontrivial as it takes more time and more lines of code to fix them compared to the general pull requests, 3) most (51%) of the regex-related pull requests do not contain test code changes. Certain regex bug types (e.g., compile error, performance issues, regex representation) are less likely to include test code changes than others, and 4) the dominant type of test code changes in regex-related pull requests is test case addition (75%). The results of this study contribute to a broader understanding of the practical problems faced by developers when using, fixing, and testing regular expressions. Keywords Regular expression bug characteristics• Pull requests • Bug fixes • Test code

show abstract