Mining preconditions of APIs in large-scale code corpus

Nguyen, Hoan Anh; Dyer, Robert; Nguyen, Tien N.; Rajan, Hridesh

doi:10.1145/2635868.2635924

Cited by 70 publications

(61 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The API mining problem we consider (Section 3) is specifically to return sequences of API methods that are used together. Other important but distinct data mining problems that are related to API usage include mining preconditions of API methods [27], and mining code changes [23,26]. An important recent piece of infrastructure for large-scale mining work on code is Boa [13].…”

Section: Related Workmentioning

confidence: 99%

Parameter-free probabilistic API mining across GitHub

Fowkes

Sutton

2016

Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

Existing API mining algorithms can be difficult to use as they require expensive parameter tuning and the returned set of API calls can be large, highly redundant and difficult to understand. To address this, we present PAM (Probabilistic API Miner), a near parameter-free probabilistic algorithm for mining the most interesting API call patterns. We show that PAM significantly outperforms both MAPO and UPMiner, achieving 69% test-set precision, at retrieving relevant API call sequences from GitHub. Moreover, we focus on libraries for which the developers have explicitly provided code examples, yielding over 300,000 LOC of hand-written API example code from the 967 client projects in the data set. This evaluation suggests that the hand-written examples actually have limited coverage of real API usages.

show abstract

Section: Related Workmentioning

confidence: 99%

Parameter-free probabilistic API mining across GitHub

Fowkes

Sutton

2016

Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

show abstract

“…As a remedy, several methods have been proposed that make use of statistical methods, machine learning, and data mining techniques for accelerating this process. To this end, several methods automatically infer programming patterns [e.g., 19,32,58] and security specifications [e.g., 28,34,54], from code, revision histories [33], and preconditions of APIs [e.g., 7,41,55]. A related strain of research has followed a more principled approach by modeling and inferring security policies [e.g., 6,36,52,57] for discovering informationflow vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

Automatic Inference of Search Patterns for Taint-Style Vulnerabilities

Yamaguchi

Maier

Gascón

et al. 2015

2015 IEEE Symposium on Security and Privacy

153

View full text Add to dashboard Cite

Taint-style vulnerabilities are a persistent problem in software development, as the recently discovered "Heartbleed" vulnerability strikingly illustrates. In this class of vulnerabilities, attacker-controlled data is passed unsanitized from an input source to a sensitive sink. While simple instances of this vulnerability class can be detected automatically, more subtle defects involving data flow across several functions or projectspecific APIs are mainly discovered by manual auditing. Different techniques have been proposed to accelerate this process by searching for typical patterns of vulnerable code. However, all of these approaches require a security expert to manually model and specify appropriate patterns in practice.In this paper, we propose a method for automatically inferring search patterns for taint-style vulnerabilities in C code. Given a security-sensitive sink, such as a memory function, our method automatically identifies corresponding source-sink systems and constructs patterns that model the data flow and sanitization in these systems. The inferred patterns are expressed as traversals in a code property graph and enable efficiently searching for unsanitized data flows-across several functions as well as with project-specific APIs. We demonstrate the efficacy of this approach in different experiments with 5 open-source projects. The inferred search patterns reduce the amount of code to inspect for finding known vulnerabilities by 94.9% and also enable us to uncover 8 previously unknown vulnerabilities.

show abstract

“…In addition to the recent studies in API documentation and discovery, APIs are hard to be used [18,19,20]. An API method is usually used along with the other methods to implement specific functionality.…”

Section: A Api Usage Patterns Miningmentioning

confidence: 99%

A More Accurate Model for Finding Tutorial Segments Explaining APIs

Jiang

Zhang

et al. 2016

2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

View full text Add to dashboard Cite

Abstract-Developers prefer to utilize third-party libraries when they implement some functionalities and Application Programming Interfaces (APIs) are frequently used by them. Facing an unfamiliar API, developers tend to consult tutorials as learning resources. Unfortunately, the segments explaining a specific API scatter across tutorials. Hence, it remains a challenging issue to find the relevant segments. In this study, we propose a more accurate model to find the exact tutorial fragments explaining APIs. This new model consists of a text classifier with domain specific features. More specifically, we discover two important indicators to complement traditional text based features, namely co-occurrence APIs and knowledge based API extensions. In addition, we incorporate Word2Vec, a semantic similarity metric to enhance the new model. Extensive experiments over two publicly available tutorial datasets show that our new model could find up to 90% fragments explaining APIs and improve the state-of-the-art model by up to 30% in terms of F-measure.

show abstract

Mining preconditions of APIs in large-scale code corpus

Cited by 70 publications

References 55 publications

Parameter-free probabilistic API mining across GitHub

Parameter-free probabilistic API mining across GitHub

Automatic Inference of Search Patterns for Taint-Style Vulnerabilities

A More Accurate Model for Finding Tutorial Segments Explaining APIs

Contact Info

Product

Resources

About