APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns

Jiasheng Jiang; Jingzheng Wu; Xiang Ling; Tianyue Luo; Sheng Qu; Yanjun Wu

APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns

Jiasheng Jiang, Jingzheng Wu, Xiang Ling, Tianyue Luo, Sheng Qu, Yanjun Wu

Published: 01 Jan 2024, Last Modified: 22 Jul 2025SP 2024EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Extracting API patterns from the source code has been extensively employed to detect API misuses. However, recent studies manually provide pattern templates as prerequisites, requiring prior software knowledge and limiting their extraction scope. This paper presents APP-Miner (API path pattern miner), a novel static analysis framework for extracting API path patterns via a frequent subgraph mining technique without pattern templates. The critical insight is that API patterns usually consist of APIs’ data-related operations and are commonplace. Therefore, we define API paths as the control flow graphs composed of APIs’ data-related operations, and thereby the maximum frequent subgraphs of the API paths are the probable API path patterns. We implemented APP-Miner and extensively evaluated it on four widely used open-source software: Linux kernel, OpenSSL, FFmpeg, and Apache httpd. We found 116, 35, 3, and 3 new API misuses from the above systems, respectively. Moreover, we gained 19 CVEs.

Loading