Static Detection of API Error-Handling Bugs via Mining Source Code

Incorrect handling of errors incurred after API invocations (in short, API errors) can lead to security and robustness problems, two primary threats to software reliability. Correct handling of API errors can be specified as formal specifications, verifiable by static checkers, to ensure dependable computing. But API error specifications are often unavailable or imprecise, and cannot be inferred easily by source code inspection. In this paper, we develop a novel framework for statically mining API error specifications automatically from software package repositories, without requiring any user input. Our framework adapts a compile-time push-down model-checker to generate interprocedural static traces, which approximate run-time API error behaviors. Data-mining techniques are used on these static traces to mine specifications that define the correct handling of errors for relevant APIs used in the software packages.The mined specifications are then used to uncover API error-handling bugs. We have implemented the framework, and validated the effectiveness of the framework on 82 widely used open-source software packages with approximately 300KLOC in total 1.