AFGNN: API Misuse Detection using Graph Neural Networks and Clustering

TL;DR

AFGNN is a new GNN-based framework that detects API misuses in Java by modeling API usage patterns with a novel graph representation and clustering, outperforming existing models.

Contribution

Introduces AFGNN, a GNN framework using API Flow Graphs and self-supervised pre-training for effective API misuse detection in Java code.

Findings

AFGNN significantly outperforms state-of-the-art models.

Uses a novel API Flow Graph representation.

Effective in identifying different API usage patterns.

Abstract

Application Programming Interfaces (APIs) are crucial to software development, enabling integration of existing systems with new applications by reusing tried and tested code, saving development time and increasing software safety. In particular, the Java standard library APIs, along with numerous third-party APIs, are extensively utilized in the development of enterprise application software. However, their misuse remains a significant source of bugs and vulnerabilities. Furthermore, due to the limited examples in the official API documentation, developers often rely on online portals and generative AI models to learn unfamiliar APIs, but using such examples may introduce unintentional errors in the software. In this paper, we present AFGNN, a novel Graph Neural Network (GNN)-based framework for efficiently detecting API misuses in Java code. AFGNN uses a novel API Flow Graph (AFG) representation that captures the API execution sequence, data, and control flow information present in the code to model the API usage patterns. AFGNN uses self-supervised pre-training with AFG representation to effectively compute the embeddings for unknown API usage examples and cluster them to identify different usage patterns. Experiments on popular API usage datasets show that AFGNN significantly outperforms state-of-the-art small language models and API misuse detectors.