Characterising harmful API uses and repair techniques: Insights from a systematic review

IF 13.3 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Science Review Pub Date : 2025-03-10 DOI:10.1016/j.cosrev.2025.100732

Lina Ochoa , Muhammad Hammad , Görkem Giray , Önder Babur , Kwabena Bennin

{"title":"Characterising harmful API uses and repair techniques: Insights from a systematic review","authors":"Lina Ochoa , Muhammad Hammad , Görkem Giray , Önder Babur , Kwabena Bennin","doi":"10.1016/j.cosrev.2025.100732","DOIUrl":null,"url":null,"abstract":"<div><div>API use has become prevalent in current times and its purposeful management is of foremost importance to avoid undesired effects on client code. A plethora of studies focusing on the isolated investigation of different types of harmful API uses (e.g., API misuse and security vulnerabilities) have been conducted before. However, a comprehensive overview of possible harmful API uses is required to help both library and client developers on the management of implemented and used APIs. Moreover, repairing such harmful uses remains a significant challenge in software development, yet recent studies indicate its widespread prevalence despite efforts to develop automatic repair techniques. This paper presents the first systematic review of 35 peer-reviewed studies on harmful API uses and their corresponding (semi-)automatic repair techniques. We categorise common types of harmful API uses in terms of the origin and root cause of events triggering the undesired use and the type of harm incurred on the client. We further analyse their repair approaches, assessing their strengths and weaknesses. Additionally, we investigate the evaluation processes and metrics employed in the outlined repair techniques. Our study contributes to advancing the state-of-the-art in harmful API repair research, by addressing open research problems and paving the way to improve and develop new repair techniques and tool capabilities.</div></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"57 ","pages":"Article 100732"},"PeriodicalIF":13.3000,"publicationDate":"2025-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science Review","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574013725000097","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

API use has become prevalent in current times and its purposeful management is of foremost importance to avoid undesired effects on client code. A plethora of studies focusing on the isolated investigation of different types of harmful API uses (e.g., API misuse and security vulnerabilities) have been conducted before. However, a comprehensive overview of possible harmful API uses is required to help both library and client developers on the management of implemented and used APIs. Moreover, repairing such harmful uses remains a significant challenge in software development, yet recent studies indicate its widespread prevalence despite efforts to develop automatic repair techniques. This paper presents the first systematic review of 35 peer-reviewed studies on harmful API uses and their corresponding (semi-)automatic repair techniques. We categorise common types of harmful API uses in terms of the origin and root cause of events triggering the undesired use and the type of harm incurred on the client. We further analyse their repair approaches, assessing their strengths and weaknesses. Additionally, we investigate the evaluation processes and metrics employed in the outlined repair techniques. Our study contributes to advancing the state-of-the-art in harmful API repair research, by addressing open research problems and paving the way to improve and develop new repair techniques and tool capabilities.

查看原文本刊更多论文

表征有害API使用和修复技术：来自系统回顾的见解

API的使用在当前已经变得非常普遍，有目的的管理对于避免对客户端代码的不良影响至关重要。之前已经进行了大量的研究，重点是对不同类型的有害API使用（例如，API误用和安全漏洞）进行孤立调查。但是，需要对可能有害的API使用进行全面的概述，以帮助库和客户机开发人员管理已实现和已使用的API。此外，修复这些有害的使用仍然是软件开发中的重大挑战，然而最近的研究表明，尽管努力开发自动修复技术，但它仍然广泛流行。本文首次系统回顾了35项同行评议的关于有害API使用及其相应的（半）自动修复技术的研究。我们根据引发不良使用的事件的起源和根本原因以及对客户造成的伤害类型，对常见的有害API使用类型进行分类。我们进一步分析了它们的修复方法，评估了它们的优缺点。此外，我们调查评估过程和指标所采用的概述维修技术。我们的研究通过解决开放的研究问题，为改进和开发新的修复技术和工具能力铺平道路，有助于推进有害API修复研究的最新进展。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Science Review Computer Science-General Computer Science

CiteScore

32.70

自引率

0.00%

发文量

审稿时长

51 days

期刊介绍： Computer Science Review, a publication dedicated to research surveys and expository overviews of open problems in computer science, targets a broad audience within the field seeking comprehensive insights into the latest developments. The journal welcomes articles from various fields as long as their content impacts the advancement of computer science. In particular, articles that review the application of well-known Computer Science methods to other areas are in scope only if these articles advance the fundamental understanding of those methods.