| Title | Inferring API Correct Usage Rules: A Tree-based Approach |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Zolfaghari, Majid, Salimi, Solmaz, Kharrazi, Mehdi |
| Conference Name | 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) |
| Keywords | API Correct Usage Rule, API documentation, API misuse, API tree structure, APIs, application program interfaces, application programming interface, compositionality, inference mechanisms, Linux, lower-level API, majority API usages, parent API, program debugging, pubcrawl, resilience, Resiliency, security of data, Software Vulnerability, statistically extracted API correct usage rules, tree data structures |
| Abstract | The lack of knowledge about API correct usage rules is one of the main reasons that APIs are employed incorrectly by programmers, which in some cases lead to serious security vulnerabilities. However, finding a correct usage rule for an API is a time-consuming and error-prone task, particularly in the absence of an API documentation. Existing approaches to extract correct usage rules are mostly based on majority API usages, assuming the correct usage is prevalent. Although statistically extracting API correct usage rules achieves reasonable accuracy, it cannot work correctly in the absence of a fair amount of sample usages. We propose inferring API correct usage rules independent of the number of sample usages by leveraging an API tree structure. In an API tree, each node is an API, and each node's children are APIs called by the parent API. Starting from lower-level APIs, it is possible to infer the correct usage rules for them by utilizing the available correct usage rules of their children. We developed a tool based on our idea for inferring API correct usages rules hierarchically, and have applied it to the source code of Linux kernel v4.3 drivers and found 24 previously reported bugs. |
| DOI | 10.1109/ISCISC48546.2019.8985157 |
| Citation Key | zolfaghari_inferring_2019 |
Inferring API Correct Usage Rules: A Tree-based Approach