SPLASH 2022
Mon 5 - Sat 10 December 2022 Auckland, New Zealand

APIs provide access to valuable features, but studies have shown that they are hard to use correctly. Misuses of these APIs can be quite costly. Even though documentations and usage manuals exist, developers find it hard to integrate these in practice. Several static and dynamic analysis tools exist to detect and mitigate API misuses. But it is natural to wonder if APIs can be made more difficult to misuse by capturing the knowledge of domain experts (\ie, API designers). Approaches like CogniCrypt have made inroads into this direction by offering API specification languages like CrySL which are then consumed by static analysis tools. But studies have shown that developers do not enjoy installing new tools into their pipeline. In this paper, we present jGuard, an extension to Java that allows API designers to directly encode their specifications while implementing their APIs. Code written in jGuard is then compiled to regular Java with the checks encoded as exceptions, thereby making sure the API user does not need to install any new tooling. Our evaluation shows that jGuard can be used to express the most commonly occuring misuses in practice, matches the accuracy of state of the art in API misuse detection tools, and introduces negligible performance overhead.

Wed 7 Dec

Displayed time zone: Auckland, Wellington change

15:30 - 16:57
Session 8. Verification, Validation and TestingSLE at Seminar Room G007
Chair(s): David H. Lorenz Open University of Israel
15:30
24m
Talk
Lang-n-Prove: A DSL for Language ProofsVirtualResearch Paper
SLE
Matteo Cimini University of Massachusetts Lowell
DOI
15:54
24m
Talk
Property-Based Testing: Climbing the Stairway to VerificationResearch PaperIn Person
SLE
Zilin Chen UNSW, Christine Rizkallah University of Melbourne, Liam O'Connor University of Edinburgh, Partha Susarla Independent, Gerwin Klein Proofcraft; UNSW, Gernot Heiser UNSW, Gabriele Keller Utrecht University
DOI
16:18
24m
Talk
jGuard: Programming Misuse-Resilient APIsResearch PaperIn Person
SLE
Simon Binder TU Darmstadt, Krishna Narasimhan TU Darmstadt, Svenja Kernig TU Darmstadt, Mira Mezini TU Darmstadt
DOI
16:42
15m
Talk
signatr: A Data-Driven Fuzzing Tool for RTool PaperIn Person
SLE
Alexi Turcotte Northeastern University, Pierre Donat-Bouillud Czech Technical University in Prague, Filip Křikava Czech Technical University in Prague, Jan Vitek Northeastern University
DOI