skip to main content
research-article
Open Access

APIfix: output-oriented program synthesis for combating breaking changes in libraries

Published:15 October 2021Publication History
Skip Abstract Section

Abstract

Use of third-party libraries is extremely common in application software. The libraries evolve to accommodate new features or mitigate security vulnerabilities, thereby breaking the Application Programming Interface(API) used by the software. Such breaking changes in the libraries may discourage client code from using the new library versions thereby keeping the application vulnerable and not up-to-date. We propose a novel output-oriented program synthesis algorithm to automate API usage adaptations via program transformation. Our aim is not only to rely on the few example human adaptations of the clients from the old library version to the new library version, since this can lead to over-fitting transformation rules. Instead, we also rely on example usages of the new updated library in clients, which provide valuable context for synthesizing and applying the transformation rules. Our tool APIFix provides an automated mechanism to transform application code using the old library versions to code using the new library versions - thereby achieving automated API usage adaptation to fix the effect of breaking changes. Our evaluation shows that the transformation rules inferred by APIFix achieve 98.7% precision and 91.5% recall. By comparing our approach to state-of-the-art program synthesis approaches, we show that our approach significantly reduces over-fitting while synthesizing transformation rules for API usage adaptations.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

Presentation Video

References

  1. 2020. Refazer: Program Synthesis Tool. https://www.nuget.org/packages/Microsoft.ProgramSynthesisGoogle ScholarGoogle Scholar
  2. 2021. Github Dependency Graph. https://docs.github.com/en/code-security/supply-chain-security/about-the-dependency-graphGoogle ScholarGoogle Scholar
  3. 2021. Micrsoft MSBuild. https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-apiGoogle ScholarGoogle Scholar
  4. 2021. Roslyn Framework. https://docs.microsoft.com/en-us/visualstudio/code-quality/roslyn-analyzers-overviewGoogle ScholarGoogle Scholar
  5. Rajeev Alur, Rastislav Bodik, Garvit Juniwal, Milo MK Martin, Mukund Raghothaman, Sanjit A Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2013. Syntax-guided synthesis. IEEE.Google ScholarGoogle Scholar
  6. Johannes Bader, Andrew Scott, Michael Pradel, and Satish Chandra. 2019. Getafix: Learning to fix bugs automatically. Proceedings of the ACM on Programming Languages, 3, OOPSLA (2019), 1–27.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Rohan Bavishi, Hiroaki Yoshida, and Mukul R Prasad. 2019. Phoenix: Automated data-driven synthesis of repairs for static analysis violations. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 613–624.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Pavol Černỳ, Krishnendu Chatterjee, Thomas A Henzinger, Arjun Radhakrishna, and Rohit Singh. 2011. Quantitative synthesis for concurrent programs. In International Conference on Computer Aided Verification. 243–259.Google ScholarGoogle ScholarCross RefCross Ref
  9. Barthelemy Dagenais and Martin P Robillard. 2009. SemDiff: Analysis and recommendation support for API evolution. In 2009 IEEE 31st International Conference on Software Engineering. 599–602.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Barthélémy Dagenais and Martin P Robillard. 2011. Recommending adaptive changes for framework evolution. ACM Transactions on Software Engineering and Methodology (TOSEM), 20, 4 (2011), 1–35.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Jean-Rémy Falleri, Floréal Morandat, Xavier Blanc, Matias Martinez, and Martin Monperrus. 2014. Fine-grained and accurate source code differencing. In Proceedings of the 29th ACM/IEEE International Conference on Automated software engineering. 313–324.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Mattia Fazzini, Qi Xin, and Alessandro Orso. 2019. Automated API-usage update for Android apps. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. 204–215.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Yu Feng, Ruben Martins, Jacob Van Geffen, Isil Dillig, and Swarat Chaudhuri. 2017. Component-based synthesis of table consolidation and transformation tasks from examples. ACM SIGPLAN Notices, 52, 6 (2017), 422–436.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Xiang Gao, Shraddha Barke, Arjun Radhakrishna, Gustavo Soares, Sumit Gulwani, Alan Leung, Nachiappan Nagappan, and Ashish Tiwari. 2020. Feedback-driven semi-supervised synthesis of program transformations. Proceedings of the ACM on Programming Languages, 4, OOPSLA (2020), 1–30.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Sumit Gulwani. 2011. Automating string processing in spreadsheets using input-output examples. ACM Sigplan Notices, 46, 1 (2011), 317–330.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Stefanus A Haryono, Ferdian Thung, Hong Jin Kang, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, and Lingxiao Jiang. 2020. Automatic Android deprecated-API usage update by learning from single updated example. In Proceedings of the 28th International Conference on Program Comprehension. 401–405.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Johannes Henkel and Amer Diwan. 2005. CatchUp! Capturing and replaying refactorings to support API evolution. In Proceedings of the 27th International Conference on Software Engineering (ICSE). 274–283.Google ScholarGoogle ScholarCross RefCross Ref
  18. Raula Gaikovina Kula, Daniel M German, Ali Ouni, Takashi Ishio, and Katsuro Inoue. 2018. Do developers update their library dependencies? Empirical Software Engineering, 23, 1 (2018), 384–417.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Fan Long, Peter Amidon, and Martin Rinard. 2017. Automatic inference of code transforms for patch generation. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. 727–739.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Na Meng, Miryung Kim, and Kathryn S. McKinley. 2011. Systematic Editing: Generating Program Transformations from an Example. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). ACM, New York, NY, USA. 329–342. isbn:978-1-4503-0663-8Google ScholarGoogle Scholar
  21. Na Meng, Miryung Kim, and Kathryn S. McKinley. 2013. LASE: Locating and Applying Systematic Edits by Learning from Examples. In Proceedings of the 2013 International Conference on Software Engineering. IEEE Press, 502–511.Google ScholarGoogle Scholar
  22. Anders Miltner, Sumit Gulwani, Vu Le, Alan Leung, Arjun Radhakrishna, Gustavo Soares, Ashish Tiwari, and Abhishek Udupa. 2019. On the fly synthesis of edit suggestions. PACMPL, 3, OOPSLA (2019), 1–29.Google ScholarGoogle Scholar
  23. Hoan Anh Nguyen, Tung Thanh Nguyen, Gary Wilson Jr, Anh Tuan Nguyen, Miryung Kim, and Tien N Nguyen. 2010. A graph-based approach to API usage adaptation. ACM Sigplan Notices, 45, 10 (2010), 302–321.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Gordon D Plotkin. 1970. A note on inductive generalization. Machine intelligence, 5, 1 (1970), 153–163.Google ScholarGoogle Scholar
  25. Reudismam Rolim, Gustavo Soares, Loris D’Antoni, Oleksandr Polozov, Sumit Gulwani, Rohit Gheyi, Ryo Suzuki, and Björn Hartmann. 2017. Learning Syntactic Program Transformations from Examples. In Proceedings of the 39th International Conference on Software Engineering (ICSE). IEEE Press, 404–415.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Rishabh Singh. 2016. Blinkfill: Semi-supervised programming by example for syntactic string transformations. Proceedings of the VLDB Endowment, 9, 10 (2016), 816–827.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Rishabh Singh and Armando Solar-Lezama. 2011. Synthesizing data structure manipulations from storyboards. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. 289–299.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Armando Solar-Lezama, Christopher Grant Jones, and Rastislav Bodik. 2008. Sketching concurrent data structures. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation. 136–148.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Armando Solar-Lezama, Rodric Rabbah, Rastislav Bodík, and Kemal Ebcioğlu. 2005. Programming by sketching for bit-streaming programs. In ACM SIGPLAN conference on Programming language design and implementation. 281–294.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Laerte Xavier, Aline Brito, Andre Hora, and Marco Tulio Valente. 2017. Historical and impact analysis of API breaking changes: A large-scale study. In Intl. Conf. on Software Analysis, Evolution and Reengineering (SANER). 138–147.Google ScholarGoogle ScholarCross RefCross Ref
  31. Shengzhe Xu, Ziqi Dong, and Na Meng. 2019. Meditor: inference and application of API migration edits. In 2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC). 335–346.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. APIfix: output-oriented program synthesis for combating breaking changes in libraries

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!