A Systematic Evaluation of API-Misuse Detectors
نویسندگان
چکیده
Application Programming Interfaces (APIs) often have usage constraints, such as call order or call conditions. API misuses, i.e., violations of these constraints, may lead to software crashes, bugs, and vulnerabilities. Though researchers developed many API-misuse detectors over the last two decades, recent studies show that API misuses are still prevalent. Therefore, we need to understand the capabilities and limitations of existing detectors in order to advance the state of the art. In this paper, we present the first-ever qualitative and quantitative evaluation that compares API-misuse detectors along the same dimensions, and with author validation. To accomplish this, we develop MUC, a classification of API misuses, and MUBENCHPIPE, an automated benchmark for detector comparison, on top of our misuse dataset, MUBENCH. Our results show that the capabilities of existing detectors vary greatly and that existing detectors, though capable of detecting misuses, suffer from extremely low precision and recall. A systematic root-cause analysis reveals that, most importantly, detectors need to go beyond the naive assumption that a deviation from the most-frequent usage corresponds to a misuse and need to obtain additional usage examples to train their models. Our work provides these and several other novel insights that enable more powerful API-misuse detectors.
منابع مشابه
Dynamic Authorization and Intrusion Response in Distributed Systems
This paper presents an authorization framework for supporting fine-grained access control policies enhanced with light-weight intrusion/misuse detectors and response capabilities. The framework intercepts and analyzes access requests and dynamically adjusts security policies to prevent attackers from exploiting application level vulnerabilities. We present a practical, flexible implementation o...
متن کاملAre Code Examples on an Online Q&A Forum Reliable?
Programmers often consult an online Q&A forum such as Stack Overflow to learn new APIs. This paper presents an empirical study on the prevalence and severity of API misuse on Stack Overflow. To reduce manual assessment effort, we design Maple, an API usage mining approach that extracts patterns from over 380K Java repositories on GitHub and subsequently reports potential API usage violations in...
متن کاملPerformance Evaluation of Local Detectors in the Presence of Noise for Multi-Sensor Remote Sensing Image Matching
Automatic, efficient, accurate, and stable image matching is one of the most critical issues in remote sensing, photogrammetry, and machine vision. In recent decades, various algorithms have been proposed based on the feature-based framework, which concentrates on detecting and describing local features. Understanding the characteristics of different matching algorithms in various applications ...
متن کاملLonger-term primary prevention for alcohol misuse in young people: a systematic review.
OBJECTIVE To identify and summarize rigorous evaluations of psychosocial and educational interventions aimed at the primary prevention of alcohol misuse by young people aged up to 25 years, especially over the longer term (>3 years). METHODS Cochrane Collaboration Systematic Review. DATA SOURCES A comprehensive search of 22 databases and recursive checking of bibliographies for randomized a...
متن کاملEffect of Weld Heat Input on Microstructure and Mechanical Properties of Dissimilar Joints of API-B and API-X42 Pipeline Steels
In this study, the effect of welding heat input on microstructure and mechanical properties of dissimilar joints of API-X42 and API-B pipeline steels was investigated. Evaluation of the microstructures showed that increasing the welding heat input decreased acicular ferrite in weld metal microstructure, while amount of Widmanstatten ferrite, polygonal ferrite and grain boundary ferrite increase...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1712.00242 شماره
صفحات -
تاریخ انتشار 2017