Evaluating Automatic Program Repair Capabilities to Repair API Misuses

IEEE Transactions on Software Engineering, Journal Year: 2021, Volume and Issue: 48(7), P. 2658 - 2679

Published: March 18, 2021

API misuses are well-known causes of software crashes and security vulnerabilities. However, their detection repair is challenging given that the correct usages (third-party) api s might be obscure to developers client programs. This paper presents first empirical study assess ability existing automated bug tools misuses, which a class bugs previously unexplored. Our examines compares 14 Java test-suite-based (11 proposed before 2018, three afterwards) on manually curated benchmark ( xmlns:xlink="http://www.w3.org/1999/xlink">APIRepBench ) consisting 101 misuses. We develop an extensible execution framework xmlns:xlink="http://www.w3.org/1999/xlink">APIARTy automatically execute multiple tools. results show able generate patches for 28 percent considered. While 11 less recent generally fast (the median time attempts 3.87 minutes mean 30.79 minutes), most efficient (i.e., 98 slower) than predecessors. The mostly belong categories missing null check, value, exception, call. Most generated by all plausible (65 percent), but only few these semantically human (25 percent). findings suggest design future should support localisation complex bugs, including different handling timeout issues, configure large projects. Both have been made publicly available other researchers evaluate capabilities detecting fixing

Language: Английский

---

DeepTC-enhancer

Published: Dec. 21, 2020

Automated test case generation tools have been successfully proposed to reduce the amount of human and infrastructure resources required write run cases. However, recent studies demonstrate that readability generated tests is very limited due (i) uninformative identifiers (ii) lack proper documentation. Prior techniques improve by either generating natural language summaries or meaningful methods names. While these approaches are shown readability, they also affected two limitations: (1) often perceived as too verbose redundant developers, (2) readable require both method names but (within-method readability).

Language: Английский

---

Client-Specific Upgrade Compatibility Checking via Knowledge-Guided Discovery

ACM Transactions on Software Engineering and Methodology, Journal Year: 2023, Volume and Issue: 32(4), P. 1 - 31

Published: Feb. 1, 2023

Modern software systems are complex, and they heavily rely on external libraries developed by different teams organizations. Such suffer from higher instability due to incompatibility issues caused library upgrades. In this article, we address the problem investigating impact of a upgrade behaviors its clients. We CompCheck , an automated compatibility checking framework that generates incompatibility-revealing tests based previous examples. first establishes offline knowledge base mining open source projects their It then discovers incompatibilities for specific client project, searching similar usages in generating reveal problems. evaluated 202 call sites 37 results show successfully revealed 76 sites, 72.7% 94.9% more than two existing techniques, confirming ’s applicability effectiveness.

Language: Английский

---

Towards Detecting Inconsistent Comments in Java Source Code Automatically

Published: Sept. 1, 2020

A number of tools are available to software developers check consistency source code during evolution. However, none these checks for the documentation accompanying code. As a result, and often diverge, hindering program comprehension. This leads errors in how use code, especially case APIs reusable libraries. We propose technique tool, upDoc, automatically detect code-comment inconsistency Our builds map between its documentation, ensuring that changes match respective parts. conduct preliminary evaluation using examples from an existing dataset Java open projects, showing upDoc can successfully them. present roadmap further development evaluation.

Language: Английский

---

Search-Based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions

ACM Transactions on Software Engineering and Methodology, Journal Year: 2023, Volume and Issue: 33(2), P. 1 - 37

Published: Sept. 20, 2023

Search-based software testing (SBST) typically relies on fitness functions to guide the search exploration toward failures. There are two main techniques define functions: (a) automated function computation from specification of system requirements, and (b) manual design. Both have advantages. The former uses information requirements portions input domain more likely contain latter engineers’ knowledge. We propose ATheNA , a novel SBST framework that combines automatically generated specifications those manually defined by engineers. design implement ATheNA-S an instance targets Simulink ® models. evaluate considering large set models different domains. Our results show generates failure-revealing test cases than existing baseline tools difference between runtime performance is not statistically significant. also assess whether could generate when applied representative case studies: one automotive medical domain. successfully revealed requirement violation in our studies.

Language: Английский

---

Practical fault detection in puppet programs

Published: June 27, 2020

Puppet is a popular computer system configuration management tool. By providing abstractions that model resources it allows administrators to set up systems in reliable, predictable, and documented fashion. Its use suffers from two potential pitfalls. First, if ordering constraints are not correctly specified whenever resource depends on another, the non-deterministic application of can lead race conditions consequent failures. Second, service tied its (through notification construct), may operate stale state gets modified. Such faults degrade computing infrastructure's availability functionality.

Language: Английский

---

Repairing order-dependent flaky tests via test generation

Proceedings of the 44th International Conference on Software Engineering, Journal Year: 2022, Volume and Issue: unknown, P. 1881 - 1892

Published: May 21, 2022

Flaky tests are that pass or fail nondeterministically on the same version of code. These can mislead developers concerning quality their code changes during regression testing. A common kind flaky order-dependent tests, whose pass/fail outcomes depend test order in which they run. Such have different because other running before them pollute shared state. Prior work has proposed repairing by searching for existing known as "cleaners", reset state, allowing to when run after a polluted The within cleaner represents patch repair test. However, this technique requires cleaners already exist suite.

Language: Английский

---

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Journal Year: 2020, Volume and Issue: 30, P. 1837 - 1852

Published: Oct. 30, 2020

To use library APIs, a developer is supposed to follow guidance and respect some constraints, which we call integration assumptions (IAs). Violations of these can have serious consequences, introducing security-critical flaws such as use-after-free, NULL-dereference, authentication errors. Analyzing program for compliance with IAs involves significant effort needs be automated. A promising direction automatically recover from document using Natural Language Processing (NLP) then verify their consistency the ways APIs are used in through code analysis. However, practical solution along this line overcome several key challenges, particularly discovery loosely formatted documents interpretation informal descriptions identify complicated constraints (e.g., data-/control-flow relations between different APIs).

Language: Английский

---

Active Learning of Discriminative Subgraph Patterns for API Misuse Detection

IEEE Transactions on Software Engineering, Journal Year: 2021, Volume and Issue: 48(8), P. 2761 - 2783

Published: March 31, 2021

A common cause of bugs and vulnerabilities are the violations usage constraints associated with Application Programming Interfaces (APIs). API misuses in software projects, while there have been techniques proposed to detect such misuses, studies shown that they fail reliably reporting many false positives. One limitation prior work is inability identify correct patterns usage. Many approaches confuse a pattern's frequency for correctness. Due variety alternative may be uncommon but correct, anomaly detection-based limited success identifying misuses. We address these challenges propose ALP (Actively Learned Patterns), reformulating misuse detection as classification problem. After representing programs graphs, mines discriminative subgraphs. While still incorporating information, through human supervision, we reduce reliance on assumption relating The principles active learning incorporated shift attention away from most frequent patterns. Instead, samples informative representative examples minimizing labeling effort. In our empirical evaluation, substantially outperforms both MUBench, an Misuse benchmark, new dataset constructed real-world projects.

Language: Английский

---

APICAD: Augmenting API Misuse Detection through Specifications from Code and Documents

Published: May 1, 2023

Using API should follow its specifications. Otherwise, it can bring security impacts while the functionality is damaged. To detect misuse, we need to know what specifications are. In addition being provided manually, current tools usually mine majority usage in existing codebase as specifications, or capture from relevant texts human language. However, former depends on quality of itself, latter limited irregularity text. this work, observe that information carried by code and documents complement each other. mitigate demand for a high-quality reduce pressure valid texts, present APICAD misuse bugs C/C++ combining mined documents. On one hand, effectively build contexts invocations them through frequency-based method. other acquire using lightweight keyword-based NLP-assisted techniques. Finally, combined are generated bug detection. Experiments show handle diverse semantics deal with different types bugs. With help APICAD, report 153 new Curl, Httpd, OpenSSL Linux kernel, 145 which have been confirmed 126 applied our patches.

Language: Английский

---