Abstract

Developers often call APIs to improve development efficiency, but they misuse APIs due to lack of understanding of source code logic and other unavoidable reasons, resulting in serious consequences such as program crashes. Many studies that extract API usage constraints from API documentation or codebases expect to get out of this dilemma through API misuse detection. However, low recall remains a hurdle for researchers to overcome. In this work, we make full use of API documentation and codebases to construct constraint knowledge graph, and propose a new API misuse detector, MisuseHint. We precisely define API constraints into seven categories, utilize API caveat knowledge in documentation and API usage patterns in codebases, and fuse knowledge from both to build knowledge graph with rich constraints. To detect API misuses, we obtain API usage constraints in the knowledge graph and analyze static code to propose different strategies to determine whether API misuses exist. Through defect pattern analysis, object variable tracking, and Z3 SAT solver, our detector can identify various complex situations of code at a fine-grained level, especially solving various complex problems of Call Order and State Checking constraints. Experimental results on MUBench show that our recall reaches 39.78%, demonstrating the validity and theoretical feasibility of fusing documentation and codebases using knowledge graphs. MisuseHint achieves a recall of 76.34% when it is always given sufficient API constraints. This detector can practically help developers program effectively.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.