TU Darmstadt / ULB / TUbiblio

Statically checking API protocol conformance with mined multi-object specifications

Pradel, Michael ; Jaspan, Ciera ; Aldrich, Jonathan ; Gross, Thomas R. (2012)
Statically checking API protocol conformance with mined multi-object specifications.
Zurich, Switzerland
doi: 10.1109/ICSE.2012.6227127
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Programmers using an API often must follow protocols that specify when it is legal to call particular methods. Several techniques have been proposed to find violations of such protocols based on mined specifications. However, existing techniques either focus on single-object protocols or on particular kinds of bugs, such as missing method calls. There is no practical technique to find multi-object protocol bugs without a priori known specifications. In this paper, we combine a dynamic analysis that infers multi-object protocols and a static checker of API usage constraints into a fully automatic protocol conformance checker. The combined system statically detects illegal uses of an API without human-written specifications. Our approach finds 41 bugs and code smells in mature, real-world Java programs with a true positive rate of 51%. Furthermore, we show that the analysis reveals bugs not found by state of the art approaches.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2012
Autor(en): Pradel, Michael ; Jaspan, Ciera ; Aldrich, Jonathan ; Gross, Thomas R.
Art des Eintrags: Bibliographie
Titel: Statically checking API protocol conformance with mined multi-object specifications
Sprache: Deutsch
Publikationsjahr: Juni 2012
Verlag: IEEE Press
Buchtitel: Proceedings of the 34th International Conference on Software Engineering
Reihe: ICSE '12
Veranstaltungsort: Zurich, Switzerland
DOI: 10.1109/ICSE.2012.6227127
Kurzbeschreibung (Abstract):

Programmers using an API often must follow protocols that specify when it is legal to call particular methods. Several techniques have been proposed to find violations of such protocols based on mined specifications. However, existing techniques either focus on single-object protocols or on particular kinds of bugs, such as missing method calls. There is no practical technique to find multi-object protocol bugs without a priori known specifications. In this paper, we combine a dynamic analysis that infers multi-object protocols and a static checker of API usage constraints into a fully automatic protocol conformance checker. The combined system statically detects illegal uses of an API without human-written specifications. Our approach finds 41 bugs and code smells in mature, real-world Java programs with a true positive rate of 51%. Furthermore, we show that the analysis reveals bugs not found by state of the art approaches.
Freie Schlagworte: Protocols, Computer bugs, Law, Error analysis, Training, Java
ID-Nummer: TUD-CS-2012-0382
Fachbereich(e)/-gebiet(e): Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 28 Aug 2017 13:48
Letzte Änderung: 12 Jan 2019 21:20
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen
OAI 2.0-Basis-URL: https://tubiblio.ulb.tu-darmstadt.de/cgi/oai2 TUbiblio verwendet EPrints 3.
Drucken | Impressum | Datenschutzerklärung