Detecting Latent Cross-Platform API Violations
by Jeff Rasley, Eleni Gessiou, Tony Ohmann, Yuriy Brun, Shriram Krishnamurthi, Justin Cappos
Abstract:

Many APIs enable cross-platform system development by abstracting over the details of a platform, allowing application developers to write one implementation that will run on a wide variety of platforms. Unfortunately, subtle differences between the behavior of the underlying platforms makes cross-platform behavior difficult to achieve. As a result, applications using these APIs can be plagued by bugs that are difficult to find until deployment. These portability bugs can be particularly difficult to diagnose and fix because they arise from the API implementation, the operating system, or hardware, rather than from application code.

This paper describes CheckAPI, a technique for detecting violations of cross-platform portability. CheckAPI compares an application's interactions with the actual API implementation to that of a partial specification-based implementation of the API, and does so efficiently enough to be used in real production systems and at runtime. CheckAPI finds latent errors that escape pre-release testing. The paper discusses the subtleties of different kinds of API calls and strategies for effectively producing the partial implementations. Validating CheckAPI on JavaScript, the Seattle project's Repy VM, and POSIX detects dozens of violations that are confirmed bugs in widely-used software.

Citation:
Jeff Rasley, Eleni Gessiou, Tony Ohmann, Yuriy Brun, Shriram Krishnamurthi, and Justin Cappos, Detecting Latent Cross-Platform API Violations, in Proceedings of the 26th IEEE International Symposium on Software Reliability Engineering (ISSRE), 2015, pp. 484–495.
Bibtex:
@inproceedings{Rasley15issre,
  author = {Jeff Rasley and Eleni Gessiou and Tony Ohmann and Yuriy Brun and
  Shriram Krishnamurthi and Justin Cappos},
  title = {\href{http://people.cs.umass.edu/brun/pubs/pubs/Rasley15issre.pdf}{Detecting 
	Latent Cross-Platform API Violations}},
  booktitle = {Proceedings of the 26th IEEE International Symposium on
  Software Reliability Engineering (ISSRE)},
	venue = {ISSRE},

  address = {Gaithersburg, MD, USA},
  month = {November},
  date = {2--5},
  year = {2015},
  pages = {484--495},
  doi = {10.1109/ISSRE.2015.7381841},  
  note = {\href{http://dx.doi.org/10.1109/ISSRE.2015.7381841}{DOI: 10.1109/ISSRE.2015.7381841}},
  accept = {$\frac{33}{151} \approx 22\%$},

  abstract = {<p>Many APIs enable cross-platform system development by
  abstracting over the details of a platform, allowing application developers
  to write one implementation that will run on a wide variety of platforms.
  Unfortunately, subtle differences between the behavior of the underlying
  platforms makes cross-platform behavior difficult to achieve. As a result,
  applications using these APIs can be plagued by bugs that are difficult to
  find until deployment. These portability bugs can be particularly difficult
  to diagnose and fix because they arise from the API implementation, the
  operating system, or hardware, rather than from application code.</p>

  <p>This paper describes CheckAPI, a technique for detecting violations of
  cross-platform portability. CheckAPI compares an application's interactions
  with the actual API implementation to that of a partial specification-based
  implementation of the API, and does so efficiently enough to be used in
  real production systems and at runtime. CheckAPI finds latent errors that
  escape pre-release testing. The paper discusses the subtleties of different
  kinds of API calls and strategies for effectively producing the partial
  implementations. Validating CheckAPI on JavaScript, the Seattle project's
  Repy VM, and POSIX detects dozens of violations that are confirmed bugs in
  widely-used software.</p>},

  fundedBy = {NSF CNS-1205415, NSF CNS-1405904, NSF CCF-1453474, NSF CNS-1513055, 
  NSF CNS-1513457, NSF DGE-1058262.},
}