Type checking for reliable APIs

In this paper, we propose to configure at compile time the checking associated with Application Programming Interfaces' methods that can receive possibly malformed values (e.g. erroneous user inputs and problematic retrieved records from databases) and thus cause application execution failures. To achieve this, we design a type system for implementing a pluggable checker on the Java's compiler and find at compile time insufficient checking bugs that can lead to application crashes due to malformed inputs. Our goal is to wrap methods when they receive external inputs so that the former generate checked instead of unchecked exceptions. We believe that our approach can improve Java developers' productivity, by using exception handling only when it is required, and ensure client applications' stability. We want to evaluate our checker by using it to verify the source code of Java projects from the Apache ecosystem. Also, we want to analyze stack traces to validate the identified failures by our checker.

[1]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[2]  Stefan Hanenberg,et al.  How do API documentation and static typing affect API usability? , 2014, ICSE.

[3]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[4]  Brad A. Myers,et al.  Improving API usability , 2016, Commun. ACM.

[5]  Michael D. Ernst,et al.  A type system for format strings , 2014, ISSTA 2014.

[6]  Felipe Ebert,et al.  A Reflection on “An Exploratory Study on Exception Handling Bugs in Java Programs” , 2015, 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[7]  Martin P. Robillard,et al.  A field study of API learning obstacles , 2011, Empirical Software Engineering.

[8]  Jacques Klein,et al.  Accessing Inaccessible Android APIs: An Empirical Study , 2016, 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[9]  Suman Nath,et al.  Automatic and scalable fault detection for mobile applications , 2014, MobiSys.

[10]  Gail E. Kaiser,et al.  Phosphor: illuminating dynamic data flow in commodity jvms , 2014, OOPSLA.

[11]  Gabriele Bavota,et al.  API change and fault proneness: a threat to the success of Android apps , 2013, ESEC/FSE 2013.

[12]  Michael D. Ernst,et al.  Practical pluggable types for java , 2008, ISSTA '08.

[13]  Danny Dig,et al.  API code recommendation using statistical learning from fine-grained changes , 2016, SIGSOFT FSE.

[14]  Miryung Kim,et al.  An Empirical Study of API Stability and Adoption in the Android Ecosystem , 2013, 2013 IEEE International Conference on Software Maintenance.

[15]  Dimitris Mitropoulos,et al.  A type-safe embedding of SQL into Java using the extensible compiler framework J% , 2015, Comput. Lang. Syst. Struct..

[16]  George C. Necula,et al.  Exceptional situations and program reliability , 2008, TOPL.

[17]  Brad A. Myers,et al.  Examining Programmer Practices for Locally Handling Exceptions , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[18]  Martin P. Robillard,et al.  Static analysis to support the evolution of exception structure in object-oriented systems , 2003, TSEM.

[19]  Andrew C. Myers,et al.  Accepting blame for safe tunneled exceptions , 2016, PLDI.