API Misuse Detection An Immune System inspired Approach

APIs are essential ingredients for developing complex software systems. However, they are difficult to learn and to use. Thus, developers may misuse them, which results in various types of issues. In this paper, we explore the use of a bio-inspired approach (artificial immune system) to detect API misuses in client code. We built APIMMUNE, a novel API misuse detector. We collect normal usages of a given APIs from the set of client programs using the APIs, especially after some API usages were fixed in those programs. The normal API usages are considered as normal body cells. We transform them into normal-usage signatures. Then, artificial detectors are randomly generated by generating artificial deviations from these usages with the objective of being different from the normal usage signatures. The generated detectors have the ability to detect risky uses of APIs exactly as the immune system detects foreign cells of the organism. Moreover, for the detection purpose, only the artificial detectors are necessary, without the need to disclose the code used to generate them. Our approach was evaluated on the misuses dataset of three APIs as well as on known misuses from a state of the art APIs misuses benchmarking dataset. APIMMUNE was also compared to four state-of-the-art API misuse detection tools. The results show that APIMMUNE has good detection accuracy and performance, and it can complement pattern-based tools for uncommon misuses detection.

[1]  Houari A. Sahraoui,et al.  Identifying Components from Object-Oriented APIs Based on Dynamic Analysis , 2018, ArXiv.

[2]  Tao Xie,et al.  Mining API Error-Handling Specifications from Source Code , 2009, FASE.

[3]  Mohamed Aymen Saied,et al.  Towards assisting developers in API usage by automated recovery of complex temporal patterns , 2020, Inf. Softw. Technol..

[4]  Mira Mezini,et al.  Detecting Missing Method Calls in Object-Oriented Software , 2010, ECOOP.

[5]  Pierre Poulin,et al.  Detection of Software Evolution Phases Based on Development Activities , 2015, 2015 IEEE 23rd International Conference on Program Comprehension.

[6]  Michael Backes,et al.  You Get Where You're Looking for: The Impact of Information Sources on Code Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[7]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[8]  Andreas Zeller,et al.  Detecting object usage anomalies , 2007, ESEC-FSE '07.

[9]  Jian Pei,et al.  MAPO: Mining and Recommending API Usage Patterns , 2009, ECOOP.

[10]  Houari A. Sahraoui,et al.  Towards the automated recovery of complex temporal API-usage patterns , 2018, GECCO.

[11]  Leila Abdollahi Vayghan,et al.  Kubernetes as an Availability Manager for Microservice Applications , 2019, ArXiv.

[12]  Katsuro Inoue,et al.  Improving reusability of software libraries through usage pattern mining , 2018, J. Syst. Softw..

[13]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[14]  Houari A. Sahraoui,et al.  Could We Infer Unordered API Usage Patterns Only Using the Library Source Code? , 2015, 2015 IEEE 23rd International Conference on Program Comprehension.

[15]  Houari A. Sahraoui,et al.  Mining Complex Temporal API Usage Patterns: An Evolutionary Approach , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[16]  Houari A. Sahraoui,et al.  A cooperative approach for combining client-based and library-based API usage pattern mining , 2016, 2016 IEEE 24th International Conference on Program Comprehension (ICPC).

[17]  Mira Mezini,et al.  Investigating Next Steps in Static API-Misuse Detection , 2019, 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR).

[18]  Mira Mezini,et al.  MUBench: A Benchmark for API-Misuse Detectors , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[19]  Houari A. Sahraoui,et al.  Mining Multi-level API Usage Patterns , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[20]  Houari A. Sahraoui,et al.  Visualization based API usage patterns refining , 2015, 2015 IEEE 3rd Working Conference on Software Visualization (VISSOFT).

[21]  Andreas Zeller,et al.  Mining temporal specifications from object usage , 2011, Automated Software Engineering.

[22]  Martin P. Robillard,et al.  Temporal analysis of API usage concepts , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[23]  Tung Thanh Nguyen,et al.  Recommending API Usages for Mobile Apps with Hidden Markov Model , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[24]  Hoan Anh Nguyen,et al.  Graph-based mining of multiple object usage patterns , 2009, ESEC/FSE '09.

[25]  Mohamed Aymen Saied,et al.  Could We Infer API Usage Patterns only using the Library Source Code ? , 2015 .

[26]  Mira Mezini,et al.  A Systematic Evaluation of Static API-Misuse Detectors , 2017, IEEE Transactions on Software Engineering.

[27]  Leila Abdollahi Vayghan,et al.  Microservice Based Architecture: Towards High-Availability for Stateful Applications with Kubernetes , 2019, 2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS).

[28]  Katsuro Inoue,et al.  Automated Inference of Software Library Usage Patterns , 2016, ArXiv.

[29]  Hoan Anh Nguyen,et al.  Clone Management for Evolving Software , 2012, IEEE Transactions on Software Engineering.

[30]  Mira Mezini,et al.  Detecting missing method calls as violations of the majority rule , 2013, TSEM.

[31]  Martin P. Robillard,et al.  Creating and evolving developer documentation: understanding the decisions of open source contributors , 2010, FSE '10.

[32]  Houari A. Sahraoui,et al.  An observational study on API usage constraints and their documentation , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[33]  Martin P. Robillard,et al.  Recovering traceability links between an API and its learning resources , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[34]  Jiamou Sun,et al.  Demystify Official API Usage Directives with Crowdsourced API Misuse Scenarios, Erroneous Code Examples and Patches , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[35]  Mohamed Wiem Mkaouer,et al.  Web service API recommendation for automated mashup creation using multi-objective evolutionary search , 2019, Appl. Soft Comput..

[36]  Leila Abdollahi Vayghan,et al.  Deploying Microservice Based Applications with Kubernetes: Experiments and Lessons Learned , 2018, 2018 IEEE 11th International Conference on Cloud Computing (CLOUD).

[37]  Houari A. Sahraoui,et al.  Identifying Software Components from Object-Oriented APIs Based on Dynamic Analysis , 2018, 2018 IEEE/ACM 26th International Conference on Program Comprehension (ICPC).

[38]  Suresh Jagannathan,et al.  Path-Sensitive Inference of Function Precedence Protocols , 2007, 29th International Conference on Software Engineering (ICSE'07).

[39]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[40]  Tao Xie,et al.  Mining exception-handling rules as sequence association rules , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[41]  Mohamed Wiem Mkaouer,et al.  Towards Automated Microservices Extraction Using Muti-objective Evolutionary Search , 2019, ICSOC.

[42]  Grigore Rosu,et al.  How good are the specs? A study of the bug-finding effectiveness of existing Java API specifications , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[43]  Tao Xie,et al.  Alattin: Mining Alternative Patterns for Detecting Neglected Conditions , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[44]  Martin P. Robillard,et al.  Asking and answering questions about unfamiliar APIs: An exploratory study , 2012, 2012 34th International Conference on Software Engineering (ICSE).