Abstract
Use of third-party libraries is extremely common in application software. The libraries evolve to accommodate new features or mitigate security vulnerabilities, thereby breaking the Application Programming Interface(API) used by the software. Such breaking changes in the libraries may discourage client code from using the new library versions thereby keeping the application vulnerable and not up-to-date. We propose a novel output-oriented program synthesis algorithm to automate API usage adaptations via program transformation. Our aim is not only to rely on the few example human adaptations of the clients from the old library version to the new library version, since this can lead to over-fitting transformation rules. Instead, we also rely on example usages of the new updated library in clients, which provide valuable context for synthesizing and applying the transformation rules. Our tool APIFix provides an automated mechanism to transform application code using the old library versions to code using the new library versions - thereby achieving automated API usage adaptation to fix the effect of breaking changes. Our evaluation shows that the transformation rules inferred by APIFix achieve 98.7% precision and 91.5% recall. By comparing our approach to state-of-the-art program synthesis approaches, we show that our approach significantly reduces over-fitting while synthesizing transformation rules for API usage adaptations.
Supplemental Material
- 2020. Refazer: Program Synthesis Tool. https://www.nuget.org/packages/Microsoft.ProgramSynthesisGoogle Scholar
- 2021. Github Dependency Graph. https://docs.github.com/en/code-security/supply-chain-security/about-the-dependency-graphGoogle Scholar
- 2021. Micrsoft MSBuild. https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-apiGoogle Scholar
- 2021. Roslyn Framework. https://docs.microsoft.com/en-us/visualstudio/code-quality/roslyn-analyzers-overviewGoogle Scholar
- Rajeev Alur, Rastislav Bodik, Garvit Juniwal, Milo MK Martin, Mukund Raghothaman, Sanjit A Seshia, Rishabh Singh, Armando Solar-Lezama, Emina Torlak, and Abhishek Udupa. 2013. Syntax-guided synthesis. IEEE.Google Scholar
- Johannes Bader, Andrew Scott, Michael Pradel, and Satish Chandra. 2019. Getafix: Learning to fix bugs automatically. Proceedings of the ACM on Programming Languages, 3, OOPSLA (2019), 1–27.Google Scholar
Digital Library
- Rohan Bavishi, Hiroaki Yoshida, and Mukul R Prasad. 2019. Phoenix: Automated data-driven synthesis of repairs for static analysis violations. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 613–624.Google Scholar
Digital Library
- Pavol Černỳ, Krishnendu Chatterjee, Thomas A Henzinger, Arjun Radhakrishna, and Rohit Singh. 2011. Quantitative synthesis for concurrent programs. In International Conference on Computer Aided Verification. 243–259.Google Scholar
Cross Ref
- Barthelemy Dagenais and Martin P Robillard. 2009. SemDiff: Analysis and recommendation support for API evolution. In 2009 IEEE 31st International Conference on Software Engineering. 599–602.Google Scholar
Digital Library
- Barthélémy Dagenais and Martin P Robillard. 2011. Recommending adaptive changes for framework evolution. ACM Transactions on Software Engineering and Methodology (TOSEM), 20, 4 (2011), 1–35.Google Scholar
Digital Library
- Jean-Rémy Falleri, Floréal Morandat, Xavier Blanc, Matias Martinez, and Martin Monperrus. 2014. Fine-grained and accurate source code differencing. In Proceedings of the 29th ACM/IEEE International Conference on Automated software engineering. 313–324.Google Scholar
Digital Library
- Mattia Fazzini, Qi Xin, and Alessandro Orso. 2019. Automated API-usage update for Android apps. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. 204–215.Google Scholar
Digital Library
- Yu Feng, Ruben Martins, Jacob Van Geffen, Isil Dillig, and Swarat Chaudhuri. 2017. Component-based synthesis of table consolidation and transformation tasks from examples. ACM SIGPLAN Notices, 52, 6 (2017), 422–436.Google Scholar
Digital Library
- Xiang Gao, Shraddha Barke, Arjun Radhakrishna, Gustavo Soares, Sumit Gulwani, Alan Leung, Nachiappan Nagappan, and Ashish Tiwari. 2020. Feedback-driven semi-supervised synthesis of program transformations. Proceedings of the ACM on Programming Languages, 4, OOPSLA (2020), 1–30.Google Scholar
Digital Library
- Sumit Gulwani. 2011. Automating string processing in spreadsheets using input-output examples. ACM Sigplan Notices, 46, 1 (2011), 317–330.Google Scholar
Digital Library
- Stefanus A Haryono, Ferdian Thung, Hong Jin Kang, Lucas Serrano, Gilles Muller, Julia Lawall, David Lo, and Lingxiao Jiang. 2020. Automatic Android deprecated-API usage update by learning from single updated example. In Proceedings of the 28th International Conference on Program Comprehension. 401–405.Google Scholar
Digital Library
- Johannes Henkel and Amer Diwan. 2005. CatchUp! Capturing and replaying refactorings to support API evolution. In Proceedings of the 27th International Conference on Software Engineering (ICSE). 274–283.Google Scholar
Cross Ref
- Raula Gaikovina Kula, Daniel M German, Ali Ouni, Takashi Ishio, and Katsuro Inoue. 2018. Do developers update their library dependencies? Empirical Software Engineering, 23, 1 (2018), 384–417.Google Scholar
Digital Library
- Fan Long, Peter Amidon, and Martin Rinard. 2017. Automatic inference of code transforms for patch generation. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. 727–739.Google Scholar
Digital Library
- Na Meng, Miryung Kim, and Kathryn S. McKinley. 2011. Systematic Editing: Generating Program Transformations from an Example. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). ACM, New York, NY, USA. 329–342. isbn:978-1-4503-0663-8Google Scholar
- Na Meng, Miryung Kim, and Kathryn S. McKinley. 2013. LASE: Locating and Applying Systematic Edits by Learning from Examples. In Proceedings of the 2013 International Conference on Software Engineering. IEEE Press, 502–511.Google Scholar
- Anders Miltner, Sumit Gulwani, Vu Le, Alan Leung, Arjun Radhakrishna, Gustavo Soares, Ashish Tiwari, and Abhishek Udupa. 2019. On the fly synthesis of edit suggestions. PACMPL, 3, OOPSLA (2019), 1–29.Google Scholar
- Hoan Anh Nguyen, Tung Thanh Nguyen, Gary Wilson Jr, Anh Tuan Nguyen, Miryung Kim, and Tien N Nguyen. 2010. A graph-based approach to API usage adaptation. ACM Sigplan Notices, 45, 10 (2010), 302–321.Google Scholar
Digital Library
- Gordon D Plotkin. 1970. A note on inductive generalization. Machine intelligence, 5, 1 (1970), 153–163.Google Scholar
- Reudismam Rolim, Gustavo Soares, Loris D’Antoni, Oleksandr Polozov, Sumit Gulwani, Rohit Gheyi, Ryo Suzuki, and Björn Hartmann. 2017. Learning Syntactic Program Transformations from Examples. In Proceedings of the 39th International Conference on Software Engineering (ICSE). IEEE Press, 404–415.Google Scholar
Digital Library
- Rishabh Singh. 2016. Blinkfill: Semi-supervised programming by example for syntactic string transformations. Proceedings of the VLDB Endowment, 9, 10 (2016), 816–827.Google Scholar
Digital Library
- Rishabh Singh and Armando Solar-Lezama. 2011. Synthesizing data structure manipulations from storyboards. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. 289–299.Google Scholar
Digital Library
- Armando Solar-Lezama, Christopher Grant Jones, and Rastislav Bodik. 2008. Sketching concurrent data structures. In Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation. 136–148.Google Scholar
Digital Library
- Armando Solar-Lezama, Rodric Rabbah, Rastislav Bodík, and Kemal Ebcioğlu. 2005. Programming by sketching for bit-streaming programs. In ACM SIGPLAN conference on Programming language design and implementation. 281–294.Google Scholar
Digital Library
- Laerte Xavier, Aline Brito, Andre Hora, and Marco Tulio Valente. 2017. Historical and impact analysis of API breaking changes: A large-scale study. In Intl. Conf. on Software Analysis, Evolution and Reengineering (SANER). 138–147.Google Scholar
Cross Ref
- Shengzhe Xu, Ziqi Dong, and Na Meng. 2019. Meditor: inference and application of API migration edits. In 2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC). 335–346.Google Scholar
Digital Library
Index Terms
APIfix: output-oriented program synthesis for combating breaking changes in libraries
Recommendations
Interpretable Program Synthesis
CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing SystemsProgram synthesis, which generates programs based on user-provided specifications, can be obscure and brittle: users have few ways to understand and recover from synthesis failures. We propose interpretable program synthesis, a novel approach that ...
A graph-based approach to API usage adaptation
OOPSLA '10Reusing existing library components is essential for reducing the cost of software development and maintenance. When library components evolve to accommodate new feature requests, to fix bugs, or to meet new standards, the clients of software libraries ...
A graph-based approach to API usage adaptation
OOPSLA '10: Proceedings of the ACM international conference on Object oriented programming systems languages and applicationsReusing existing library components is essential for reducing the cost of software development and maintenance. When library components evolve to accommodate new feature requests, to fix bugs, or to meet new standards, the clients of software libraries ...






Comments