MisuseHint: A Service for API Misuse Detection Based on Building Knowledge Graph from Documentation and Codebase

Abstract

Developers often call APIs to improve development efficiency, but they misuse APIs due to lack of understanding of source code logic and other unavoidable reasons, resulting in serious consequences such as program crashes. Many studies that extract API usage constraints from API documentation or codebases expect to get out of this dilemma through API misuse detection. However, low recall remains a hurdle for researchers to overcome. In this work, we make full use of API documentation and codebases to construct constraint knowledge graph, and propose a new API misuse detector, MisuseHint. We precisely define API constraints into seven categories, utilize API caveat knowledge in documentation and API usage patterns in codebases, and fuse knowledge from both to build knowledge graph with rich constraints. To detect API misuses, we obtain API usage constraints in the knowledge graph and analyze static code to propose different strategies to determine whether API misuses exist. Through defect pattern analysis, object variable tracking, and Z3 SAT solver, our detector can identify various complex situations of code at a fine-grained level, especially solving various complex problems of Call Order and State Checking constraints. Experimental results on MUBench show that our recall reaches 39.78%, demonstrating the validity and theoretical feasibility of fusing documentation and codebases using knowledge graphs. MisuseHint achieves a recall of 76.34% when it is always given sufficient API constraints. This detector can practically help developers program effectively.