Presenter: Maria Kechagia, UCL
Date: 22 February 2024

API misuses are well-known causes of software crashes and security vulnerabilities. However, their detection and repair is challenging given that the correct usages of (third-party) APIs might be obscure to the developers of client programs. This paper presents the first empirical study to assess the ability of existing automated bug repair tools to repair API misuses, which is a class of bugs previously unexplored. Our study examines and compares 14 Java test-suite-based repair tools (11 proposed before 2018, and three afterwards) on a manually curated benchmark (APIREPBENCH) consisting of 101 API misuses. We develop an extensible execution framework (APIARTY) to automatically execute multiple repair tools. Our results show that the repair tools are able to generate patches for 28% of the API misuses considered. While the 11 less recent tools are generally fast (the median execution time of the repair attempts is 3.87 minutes and the mean execution time is 30.79 minutes), the three most recent are less efficient (i.e., 98% slower) than their predecessors. The tools generate patches for API misuses that mostly belong to the categories of missing null check, missing value, missing exception, and missing call. Most of the patches generated by all tools are plausible (65%), but only few of these patches are semantically correct to human patches (25%). Our findings suggest that the design of future repair tools should support the localisation of complex bugs, including different categories of API misuses, handling of timeout issues, and ability to configure large software projects. Both APIREPBENCH and APIARTY have been made publicly available for other researchers to evaluate the capabilities of repair tools on detecting and fixing API misuses.

Preprint:

https://discovery.ucl.ac.uk/id/eprint/10124292/1/api_repair_tools_study_camera_ready_submitted.pdf

Short bio:

Dr Maria Kechagia is a Research Fellow at University College London. Previously, she was a postdoctoral researcher at the Delft University of Technology. She obtained a PhD degree from the Athens University of Economics and Business and an MSc degree from Imperial College London. Her research interests include static and dynamic analysis, automated program repair, software analytics, and software optimisation (e.g., energy efficiency). She has been a programme committee member of the research track of top software engineering venues including ICSE, ASE, ISSTA, MSR, ICSME, and SANER, and a reviewer for top software engineering journals including TSE, TOSEM, EMSE, and JSS.