用于管理静态分析规则的API分析

Proceedings of the 11th ACM SIGPLAN International Workshop on Tools for Automatic Program Analysis Pub Date : 2020-11-15 DOI:10.1145/3427764.3428318

Vineeth Kashyap, Roger Scott, Joseph Ranieri, David Melski, Lucja Kot

{"title":"用于管理静态分析规则的API分析","authors":"Vineeth Kashyap, Roger Scott, Joseph Ranieri, David Melski, Lucja Kot","doi":"10.1145/3427764.3428318","DOIUrl":null,"url":null,"abstract":"Use of third-party library APIs is pervasive, but can be error-prone. API-usage errors can be detected via static analysis if specifications of correct usage are available, but manually creating such specifications is a bottleneck. We showcase a semi-automated \"big code\" solution, where we use large code corpora to mine patterns in API usage, and ask human experts to perform analytics on those patterns to create static analysis rules.","PeriodicalId":175862,"journal":{"name":"Proceedings of the 11th ACM SIGPLAN International Workshop on Tools for Automatic Program Analysis","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"API analytics for curating static analysis rules\",\"authors\":\"Vineeth Kashyap, Roger Scott, Joseph Ranieri, David Melski, Lucja Kot\",\"doi\":\"10.1145/3427764.3428318\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Use of third-party library APIs is pervasive, but can be error-prone. API-usage errors can be detected via static analysis if specifications of correct usage are available, but manually creating such specifications is a bottleneck. We showcase a semi-automated \\\"big code\\\" solution, where we use large code corpora to mine patterns in API usage, and ask human experts to perform analytics on those patterns to create static analysis rules.\",\"PeriodicalId\":175862,\"journal\":{\"name\":\"Proceedings of the 11th ACM SIGPLAN International Workshop on Tools for Automatic Program Analysis\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 11th ACM SIGPLAN International Workshop on Tools for Automatic Program Analysis\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3427764.3428318\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th ACM SIGPLAN International Workshop on Tools for Automatic Program Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3427764.3428318","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

第三方库api的使用很普遍，但也容易出错。如果有正确使用的规范，可以通过静态分析检测api使用错误，但是手动创建这样的规范是一个瓶颈。我们展示了一个半自动化的“大代码”解决方案，其中我们使用大代码语料库来挖掘API使用中的模式，并请人类专家对这些模式执行分析以创建静态分析规则。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

API analytics for curating static analysis rules

Use of third-party library APIs is pervasive, but can be error-prone. API-usage errors can be detected via static analysis if specifications of correct usage are available, but manually creating such specifications is a bottleneck. We showcase a semi-automated "big code" solution, where we use large code corpora to mine patterns in API usage, and ask human experts to perform analytics on those patterns to create static analysis rules.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 11th ACM SIGPLAN International Workshop on Tools for Automatic Program Analysis

自引率

0.00%

发文量