|
About The Talk
In modern software systems, developers rely heavily on third-party libraries. Developers interact with libraries through the library’s Application Programming Interface (API). APIs provide an abstraction of the internals of the library, which is opaque to clients of the APIs. Since API usage is a key part of software development, it is important to have accurate models of their behavior and usage constraints. Many existing tools have been proposed for detecting incorrect usage of an API, which can lead to bugs. However, these tools are inaccurate and produce many false alarms. In another field of research, tools that execute the program to find bugs, e.g. fuzzers for libraries or network protocols, do not currently use information about existing APIs, which may help in exploring deeper program paths to uncover more bugs.
In this dissertation, we investigate how bug finding can be enhanced by developing API-aware techniques. We propose to address the problems of API misuse, mining automaton models, and fuzzing libraries. We explore different representations of APIs, each capturing a different set of properties, and different ways to search for API usage examples to infer constraints and properties of APIs. Firstly, we propose a new API misuse technique that directs human attention to informative examples on GitHub. Secondly, we use search-based test generation to build automaton models of API. We try to find counterexamples of temporal properties previously expected to hold. By doing so, we obtain diverse and informative execution traces that lead to more accurate automaton models, which can then be used in a fuzzer.
|
