Static detection of API error-handling bugs via mining source code

Incorrect handling of errors incurred after API invocations (in short, API errors) can lead to security and robustness problems, two primary threats to software reliability . Correct handling of API errors can be specified as formal specifications, verifiable by static checkers, to ensure dependable computing. But API error specifications are often unavailable or imprecise, and cannot be inferred easily by source code inspection. In this paper, we develop a novel framework for statically mining API error specifications automatically from software package repositories , without requiring any user input. Our framework adapts a compile-time push-down model-checker to generate interprocedural static traces, which approximate run-time API error behaviors. Data-mining techniques are used on these static traces to mine specifications that define the correct handling of errors for relevant APIs used in the software packages.The mined specifications are then used to uncover API error-handling bugs. We have implemented the framework, and validated the effectiveness of the framework on 82 widely used open-source software packages with approximately 300KLOC in total 1. Submission Category: Testing, Verification, and Validation.

[1]  Suresh Jagannathan,et al.  Path-Sensitive Inference of Function Precedence Protocols , 2007, 29th International Conference on Software Engineering (ICSE'07).

[2]  Thomas A. Henzinger,et al.  Permissive interfaces , 2005, ESEC/FSE-13.

[3]  Tao Xie,et al.  Mining Interface Specifications for Generating Checkable Robustness Properties , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[4]  Monica S. Lam,et al.  Automatic extraction of object-oriented component interfaces , 2002, ISSTA '02.

[5]  Suresh Jagannathan,et al.  Static specification inference using predicate mining , 2007, PLDI '07.

[6]  Jiong Yang,et al.  Finding what's not there: a new approach to revealing neglected conditions in software , 2007, ISSTA '07.

[7]  Jian Pei,et al.  Mining API patterns as partial orders from source code: from usage scenarios to specifications , 2007, ESEC-FSE '07.

[8]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[9]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[10]  Manuvir Das,et al.  Perracotta: mining temporal API rules from imperfect traces , 2006, ICSE.

[11]  George C. Necula,et al.  Mining Temporal Specifications for Error Detection , 2005, TACAS.

[12]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[13]  Benjamin Livshits,et al.  DynaMine: finding common error patterns by mining software revision histories , 2005, ESEC/FSE-13.

[14]  Jiawei Han,et al.  BIDE: efficient mining of frequent closed sequences , 2004, Proceedings. 20th International Conference on Data Engineering.

[15]  Philip Koopman,et al.  The Exception Handling Effectiveness of POSIX Operating Systems , 2000, IEEE Trans. Software Eng..

[16]  David Wagner,et al.  Lightweight model checking for improving software security , 2004 .

[17]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[18]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[19]  Barton P. Miller,et al.  An empirical study of the robustness of Windows NT applications using random testing , 2000 .

[20]  Suresh Thummalapenta,et al.  NEGWeb: Static defect detection via searching billions of lines of open source code , 2007 .

[21]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[22]  M. W. Shields An Introduction to Automata Theory , 1988 .

[23]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[24]  Philip S. Yu,et al.  Discovering Frequent Closed Partial Orders from Strings , 2006, IEEE Transactions on Knowledge and Data Engineering.