TU Darmstadt / ULB / TUbiblio

Statically checking API protocol conformance with mined multi-object specifications

Pradel, Michael and Jaspan, Ciera and Aldrich, Jonathan and Gross, Thomas R. (2012):
Statically checking API protocol conformance with mined multi-object specifications.
In: Proceedings of the 34th International Conference on Software Engineering, IEEE Press, Zurich, Switzerland, In: ICSE '12, ISBN 978-1-4673-1067-3,
DOI: 10.1109/ICSE.2012.6227127,
[Conference or Workshop Item]

Abstract

Programmers using an API often must follow protocols that specify when it is legal to call particular methods. Several techniques have been proposed to find violations of such protocols based on mined specifications. However, existing techniques either focus on single-object protocols or on particular kinds of bugs, such as missing method calls. There is no practical technique to find multi-object protocol bugs without a priori known specifications. In this paper, we combine a dynamic analysis that infers multi-object protocols and a static checker of API usage constraints into a fully automatic protocol conformance checker. The combined system statically detects illegal uses of an API without human-written specifications. Our approach finds 41 bugs and code smells in mature, real-world Java programs with a true positive rate of 51%. Furthermore, we show that the analysis reveals bugs not found by state of the art approaches.

Item Type: Conference or Workshop Item
Erschienen: 2012
Creators: Pradel, Michael and Jaspan, Ciera and Aldrich, Jonathan and Gross, Thomas R.
Title: Statically checking API protocol conformance with mined multi-object specifications
Language: German
Abstract:

Programmers using an API often must follow protocols that specify when it is legal to call particular methods. Several techniques have been proposed to find violations of such protocols based on mined specifications. However, existing techniques either focus on single-object protocols or on particular kinds of bugs, such as missing method calls. There is no practical technique to find multi-object protocol bugs without a priori known specifications. In this paper, we combine a dynamic analysis that infers multi-object protocols and a static checker of API usage constraints into a fully automatic protocol conformance checker. The combined system statically detects illegal uses of an API without human-written specifications. Our approach finds 41 bugs and code smells in mature, real-world Java programs with a true positive rate of 51%. Furthermore, we show that the analysis reveals bugs not found by state of the art approaches.

Title of Book: Proceedings of the 34th International Conference on Software Engineering
Series Name: ICSE '12
Publisher: IEEE Press
ISBN: 978-1-4673-1067-3
Uncontrolled Keywords: Protocols, Computer bugs, Law, Error analysis, Training, Java
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Event Location: Zurich, Switzerland
Date Deposited: 28 Aug 2017 13:48
DOI: 10.1109/ICSE.2012.6227127
Identification Number: TUD-CS-2012-0382
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item