Paper Info
Title
Vetting API usages in C programs with IMChecker
Abstract
Libraries offer reusable functionality through application programming interfaces (APIs) with usage constraints such as call conditions and orders. Constraint violations, i.e., API misuses, commonly lead to bugs and even security issues. In this paper, we introduce IMChecker, a constraint-directed static analysis toolkit to vet API usages in C programs powered by a domain-specific language (DSL) to specify the API usages. First, we propose a DSL, which covers most API usage constraint types and enables straightforward but precise specification by studying real-world API-misuse bug patches. Then, we design and implement a static analysis engine to automatically parse specifications into checking targets, identify potential API misuses and prune the false positives with rich semantics. We have instantiated IMChecker for C programs with user-friendly graphic interfaces and evaluated the widely used benchmarks and real-world projects. The results show that IMChecker outperforms 4.78--36.25% in precision and 40.25--55.21% w.r.t. state-of-the-arts toolkits. We also found 75 previously unknown bugs in Linux kernel, OpenSSL and applications of Ubuntu, 61 of which have been confirmed by the corresponding development communities. Video: https://youtu.be/YGDxeyOEVIM Repository: https://github.com/tomgu1991/IMChecker
Year
DOI
Venue
2019
10.1109/ICSE-Companion.2019.00046
Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings
Keywords
DocType
Citations 
API misuse, bug detection, static analysis
Conference
0
PageRank 
References 
Authors
0.34
0
7
Name
Order
Citations
PageRank
Zuxing Gu102.37
Jiecheng Wu202.03
Chi Li3335.54
Min Zhou46922.62
Yu Jiang534656.49
Ming Gu655474.82
Jia-guang Sun71807134.30