Guided Pattern Mining for API Misuse Detection by Change-Based Code Analysis
Lack of experience, inadequate documentation, and sub-optimal API design frequently cause developers to make mistakes when re-using third-party implementations. Such API misuses can result in unintended behavior, performance losses, or software crashes. Therefore, current research aims to automatically detect such misuses by comparing the way a developer used an API to previously inferred patterns of the correct API usage. While research has made significant progress, these techniques have not yet been adopted in practice. In part, this is due to the still high numbers of false-positive patterns, but also due to the lack of a process capable of seamlessly integrating with software development processes. In this paper, we target both problems: (a) by providing a method which increases the likelihood of finding relevant and true-positive patterns concerning a given set of code changes and (b) by introducing a just-in-time API misuse detection process which analyzes changes at the time of commit. Particularly, we introduce different, lightweight code search and filtering strategies and evaluated them on 37 real-world API misuses to determine their usefulness in finding relevant API usage patterns. Our main results are (1) commit-based search with subsequent filtering effectively decreases the amount of code to be analyzed, (2) in particular method-level filtering is superior to file-level filtering, (3) project-internal and project-external code search find solutions for different types of misuses and thus are complementary, (4) incorporating prior knowledge of the misused API into the search has a negligible effect.
READ FULL TEXT