API Misuse Detection An Immune System inspired Approach

Abstract: APIs are essential ingredients for developing complex software systems. However, they are difficult to learn and to use. Thus, developers may misuse them, which results in various types of issues. In this paper, we explore the use of a bio-inspired approach (artificial immune system) to detect API misuses in client code. We built APIMMUNE, a novel API misuse detector. We collect normal usages of a given APIs from the set of client programs using the APIs, especially after some API usages were fixed in those programs. The normal API usages are considered as normal body cells. We transform them into normal-usage signatures. Then, artificial detectors are randomly generated by generating artificial deviations from these usages with the objective of being different from the normal usage signatures. The generated detectors have the ability to detect risky uses of APIs exactly as the immune system detects foreign cells of the organism. Moreover, for the detection purpose, only the artificial detectors are necessary, without the need to disclose the code used to generate them. Our approach was evaluated on the misuses dataset of three APIs as well as on known misuses from a state of the art APIs misuses benchmarking dataset. APIMMUNE was also compared to four state-of-the-art API misuse detection tools. The results show that APIMMUNE has good detection accuracy and performance, and it can complement pattern-based tools for uncommon misuses detection.