Type Checking for Reliable APIs

In this paper, we propose to configure at compiletime the checking associated with Application ProgrammingInterfaces' methods that can receive possibly malformed values (e.g. erroneous user inputs and problematic retrieved recordsfrom databases) and thus cause application execution failures. To achieve this, we design a type system for implementing apluggable checker on the Java's compiler and find at compile timeinsufficient checking bugs that can lead to application crashesdue to malformed inputs. Our goal is to wrap methods whenthey receive external inputs so that the former generate checkedinstead of unchecked exceptions. We believe that our approachcan improve Java developers' productivity, by using exceptionhandling only when it is required, and ensure client applications'stability. We want to evaluate our checker by using it to verifythe source code of Java projects from the Apache ecosystem. Also, we want to analyze stack traces to validate the identifiedfailures by our checker.

[1]  Michael D. Ernst,et al.  Practical pluggable types for java , 2008, ISSTA '08.

[2]  Danny Dig,et al.  API code recommendation using statistical learning from fine-grained changes , 2016, SIGSOFT FSE.

[3]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[4]  Dimitris Mitropoulos,et al.  A type-safe embedding of SQL into Java using the extensible compiler framework J% , 2015, Comput. Lang. Syst. Struct..

[5]  Andrew C. Myers,et al.  Accepting blame for safe tunneled exceptions , 2016, PLDI.

[6]  Martin P. Robillard,et al.  Static analysis to support the evolution of exception structure in object-oriented systems , 2003, TSEM.

[7]  Stefan Hanenberg,et al.  How do API documentation and static typing affect API usability? , 2014, ICSE.

[8]  Gabriele Bavota,et al.  API change and fault proneness: a threat to the success of Android apps , 2013, ESEC/FSE 2013.

[9]  Martin P. Robillard,et al.  A field study of API learning obstacles , 2011, Empirical Software Engineering.

[10]  Jacques Klein,et al.  Accessing Inaccessible Android APIs: An Empirical Study , 2016, 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[11]  George C. Necula,et al.  Exceptional situations and program reliability , 2008, TOPL.

[12]  Brad A. Myers,et al.  Improving API usability , 2016, Commun. ACM.

[13]  Felipe Ebert,et al.  A Reflection on “An Exploratory Study on Exception Handling Bugs in Java Programs” , 2015, 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[14]  Suman Nath,et al.  Automatic and scalable fault detection for mobile applications , 2014, MobiSys.

[15]  Gail E. Kaiser,et al.  Phosphor: illuminating dynamic data flow in commodity jvms , 2014, OOPSLA.

[16]  Miryung Kim,et al.  An Empirical Study of API Stability and Adoption in the Android Ecosystem , 2013, 2013 IEEE International Conference on Software Maintenance.

[17]  Michael D. Ernst,et al.  A type system for format strings , 2014, ISSTA 2014.

[18]  Brad A. Myers,et al.  Examining Programmer Practices for Locally Handling Exceptions , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[19]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.