...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>The Journal of Systems and Software >A framework for the static verification of API calls
【24h】

A framework for the static verification of API calls

机译:用于API调用的静态验证的框架

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

A number of tools can statically check program code to identify commonly encountered bug patterns. At the same time, programs are increasingly relying on external APIS for performing the bulk of their work: the bug-prone program logic is being fleshed-out, and many errors involve tricky subroutine calls to the constantly growing set of external libraries. Extending the static analysis tools to cover the available APIS is an approach that replicates scarce human effort across different tools and does not scale. Instead, we propose moving the static api call verification code into the API implementation, and distributing the verification code together with the library proper. We have designed a framework for providing static verification code together with Java classes, and have extended the FindBugs static analysis tool to check the corresponding method invocations. To validate our approach we wrote verification tests for 100 different methods, and ran FindBugs on 6.9 million method invocations on what amounts to about 13 million lines of production-quality code. In the set of 55 thousand method invocations that could potentially be statically verified our approach identified 800 probable errors.
机译:许多工具可以静态检查程序代码以识别常见的错误模式。同时,程序越来越依赖外部API来执行其大部分工作:容易出错的程序逻辑正在充实,许多错误涉及到对不断增长的外部库集的棘手子例程调用。扩展静态分析工具以覆盖可用的APIS,是一种在不同工具之间复制稀缺的人工工作且无法扩展的方法。相反,我们建议将静态api调用验证代码移至API实现中,并将验证代码与适当的库一起分发。我们设计了一个框架,用于与Java类一起提供静态验证代码,并扩展了FindBugs静态分析工具以检查相应的方法调用。为了验证我们的方法,我们编写了针对100种不同方法的验证测试,并对690万种方法调用运行了FindBugs,这些调用相当于大约1300万行生产质量代码。在可能被静态验证的55,000个方法调用集中,我们的方法确定了800个可能的错误。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号