Guided pattern mining for API misuse detection by change-based code analysis

Abstract: Lack of experience, inadequate documentation, and sub-optimal API design frequently cause developers to make mistakes when re-using third-party implementations. Such API misuses can result in unintended behavior, performance losses, or software crashes. Therefore, current research aims to automatically detect such misuses by comparing the way a developer used an API to previously inferred patterns of the correct API usage. While research has made significant progress, these techniques have not yet been adopted… Show more

“…However, we derived our validation data from that analysis. In this context, we denote an API misuse as a deviant use of an API from the one that was intended by the developers, and that eventually leads to negative behavior of the software (e.g., a software crash or a performance issue) [2], [13], [14].…”

“…Particularly, we ignored repositories that excessively used these keywords in their messages (i.e., >6 % of all messages for repositories with >1,000 commits, or >10 % otherwise). Then, we extracted for each commit all lines with third-party API changes using our previous extraction mechanism [13]. Also, we considered only small commits that changed at most ten methods and that changed imports prefixed with android.…”

“…In general, Android incompatibilities can be considered as a form of an API misuse. We may be able to use and cluster identified patterns (i.e., similar compatibility checks) to automatically identify design flaws in the code (e.g., security issues due to unguarded API calls) [13], [24]. Moreover, we can use the historical information to identify past fixes of incompatibilities and reuse them to automatically repair the same incompatibilities in other code locations, similar to research on automated bug repair [8], [9], [12], [19].…”

Replication Package for Datashow Case Paper "AndroidCompass: A Dataset of Android Compatibility Checks in Code Repositories"

“…However, we derived our validation data from that analysis. In this context, we denote an API misuse as a deviant use of an API from the one that was intended by the developers, and that eventually leads to negative behavior of the software (e.g., a software crash or a performance issue) [2], [13], [14].…”

“…Particularly, we ignored repositories that excessively used these keywords in their messages (i.e., >6 % of all messages for repositories with >1,000 commits, or >10 % otherwise). Then, we extracted for each commit all lines with third-party API changes using our previous extraction mechanism [13]. Also, we considered only small commits that changed at most ten methods and that changed imports prefixed with android.…”

“…In general, Android incompatibilities can be considered as a form of an API misuse. We may be able to use and cluster identified patterns (i.e., similar compatibility checks) to automatically identify design flaws in the code (e.g., security issues due to unguarded API calls) [13], [24]. Moreover, we can use the historical information to identify past fixes of incompatibilities and reuse them to automatically repair the same incompatibilities in other code locations, similar to research on automated bug repair [8], [9], [12], [19].…”

Replication Package for Datashow Case Paper "AndroidCompass: A Dataset of Android Compatibility Checks in Code Repositories"

Demystifying API misuses in deep learning applications

API usage templates via structural generalization