407 research outputs found

    Automated deprecated-API usage update for Android apps: How far are we?

    Get PDF
    National Research Foundation (NRF) Singapore; ANR ITrans projec

    Characterization and Automatic Updates of Deprecated Machine-Learning API Usages

    Get PDF
    International audienceDue to the rise of AI applications, machine learning (ML) libraries, often written in Python, have become far more accessible. ML libraries tend to be updated periodically, which may deprecate existing APIs, making it necessary for application developers to update their usages. In this paper, we build a tool to automate deprecated API usage updates. We first present an empirical study to better understand how updates of deprecated ML API usages in Python can be done. The study involves a dataset of 112 deprecated APIs from Scikit-Learn, TensorFlow, and PyTorch. Guided by the findings of our empirical study, we propose MLCatchUp, a tool to automate the updates of Python deprecated API usages, that automatically infers the API migration transformation through comparison of the deprecated and updated API signatures. These transformations are expressed in a Domain Specific Language (DSL). We evaluate MLCatchUp using a dataset containing 267 files with 551 API usages that we collected from public GitHub repositories. In our dataset, MLCatchUp can detect deprecated API usages with perfect accuracy, and update them correctly for 80.6% of the cases. We further improve the accuracy of MLCatchUp in performing updates by adding a feature that allows it to accept an additional user input that specifies the transformation constraints in the DSL for context-dependent API migration. Using this addition, MLCatchUp can make correct updates for 90.7% of the cases

    MLCatchUp: Automated Update of Deprecated Machine-Learning APIs in Python

    Get PDF
    Tool PaperInternational audienceMachine learning (ML) libraries are gaining vast popularity, especially in the Python programming language. Using the latest version of such libraries is recommended to ensure the best performance and security. When migrating to the latest version of a machine learning library, usages of deprecated APIs need to be updated, which is a time-consuming process. In this paper, we propose MLCatchUp, an automated API usage update tool for deprecated APIs of popular ML libraries written in Python. MLCatchUp automatically infers the required transformation to migrate usages of deprecated API through the differences between the deprecated and updated API signatures. MLCatchUp offers a readable transformation rule in the form of a domain specific language (DSL). We evaluate MLCatchUp using a dataset of 267 real-world Python code containing 551 usages of 68 distinct deprecated APIs, where MLCatchUp achieves 90.7% accuracy. A video demonstration of MLCatchUp is available at https://youtu.be/5NjOPNt5iaA

    Mitigating security and privacy threats from untrusted application components on Android

    Get PDF
    Aufgrund von Androids datenzentrierter und Open-Source Natur sowie von fehlerhaften/bösartigen Apps durch das lockere Marktzulassungsverfahren, ist die PrivatsphĂ€re von Benutzern besonders gefĂ€hrdet. Diese Dissertation prĂ€sentiert eine Reihe von Forschungsarbeiten, die die Bedrohung der Sicherheit/PrivatsphĂ€re durch nicht vertrauenswĂŒrdige Appkomponenten mindern. Die erste Arbeit stellt eine Compiler-basierte Kompartmentalisierungslösung vor, die Privilegientrennung nutzt, um eine starke Barriere zwischen der Host-App und Bibliothekskomponenten zu etablieren, und somit sensible Daten vor der Kompromittierung durch neugierige/bösartige Werbe-Bibliotheken schĂŒtzt. FĂŒr fehleranfĂ€llige Bibliotheken von Drittanbietern implementieren wir in der zweiten Arbeit ein auf API-KompatibilitĂ€t basierendes Bibliothek-Update-Framework, das veraltete Bibliotheken durch Drop-Ins aktualisiert, um das durch Bibliotheken verursachte Zeitfenster der Verwundbarkeit zu minimieren. Die neueste Arbeit untersucht die missbrĂ€uchliche Nutzung von privilegierten Accessibility(a11y)-Funktionen in bösartigen Apps. Wir zeigen ein datenschutzfreundliches a11y-Framework, das die a11y-Logik wie eine Pipeline behandelt, die aus mehreren Modulen besteht, die in verschiedenen Sandboxen laufen. Weiterhin erzwingen wir eine Flusskontrolle ĂŒber die Kommunikation zwischen den Modulen, wodurch die AngriffsflĂ€che fĂŒr den Missbrauch von a11y-APIs verringert wird, wĂ€hrend die Vorteile von a11y erhalten bleiben.While Android’s data-intensive and open-source nature, combined with its less-than-strict market approval process, has allowed the installation of flawed and even malicious apps, its coarse-grained security model and update bottleneck in the app ecosystem make the platform’s privacy and security situation more worrying. This dissertation introduces a line of works that mitigate privacy and security threats from untrusted app components. The first work presents a compiler-based library compartmentalization solution that utilizes privilege separation to establish a strong trustworthy boundary between the host app and untrusted lib components, thus protecting sensitive user data from being compromised by curious or malicious ad libraries. While for vulnerable third-party libraries, we then build the second work that implements an API-compatibility-based library update framework using drop-in replacements of outdated libraries to minimize the open vulnerability window caused by libraries and we perform multiple dynamic tests and case studies to investigate its feasibility. Our latest work focuses on the misusing of powerful accessibility (a11y) features in untrusted apps. We present a privacy-enhanced a11y framework that treats the a11y logic as a pipeline composed of multiple modules running in different sandboxes. We further enforce flow control over the communication between modules, thus reducing the attack surface from abusing a11y APIs while preserving the a11y benefits

    Characterizing Deprecated Deep Learning Python APIs: An Empirical Study on TensorFlow

    Get PDF
    TensorFlow is a widely used machine learning platform, with millions of people using it to create and train models. It is available in a variety of programming languages, including Python, Java, C++, and JavaScript, among which Python is the most commonly used. Along with Tensor- Flow’s evolution, new Python APIs are introduced, while others may be deprecated. Although the characteristics of deprecated APIs in traditional software frameworks such as Android have been extensively researched in recent years, little attention has been paid to how deprecated APIs in TensorFlow evolve and what impact this has on deep learning. In this thesis, we conducted an em- pirical study on deprecated Python APIs in TensorFlow. Our study analyzed 20 TensorFlow releases spanning versions 1.0 to 2.3 to investigate API deprecation and its causes. In addition, we studied projects containing 12 popular deep learning models to identify deprecated API usage. Finally, in order to investigate the potential impact of deprecated APIs on deep learning models, we manually updated the deprecated APIs in these projects to compare model accuracy before and after updating. Our research seeks to provide developers with insight into how TensorFlow deprecated APIs evolve, as well as help them understand why APIs became deprecated and the implications of not updating their models by removing deprecated APIs

    ASSESSING THE QUALITY OF SOFTWARE DEVELOPMENT TUTORIALS AVAILABLE ON THE WEB

    Get PDF
    Both expert and novice software developers frequently access software development resources available on the Web in order to lookup or learn new APIs, tools and techniques. Software quality is affected negatively when developers fail to find high-quality information relevant to their problem. While there is a substantial amount of freely available resources that can be accessed online, some of the available resources contain information that suffers from error proneness, copyright infringement, security concerns, and incompatible versions. Use of such toxic information can have a strong negative effect on developer’s efficacy. This dissertation focuses specifically on software tutorials, aiming to automatically evaluate the quality of such documents available on the Web. In order to achieve this goal, we present two contributions: 1) scalable detection of duplicated code snippets; 2) automatic identification of valid version ranges. Software tutorials consist of a combination of source code snippets and natural language text. The code snippets in a tutorial can originate from different sources, perhaps carrying stringent licensing requirements or known security vulnerabilities. Developers, typically unaware of this, can reuse these code snippets in their project. First, in this thesis, we present our work on a Web-scale code clone search technique that is able to detect duplicate code snippets between large scale document and source code corpora in order to trace toxic code snippets. As software libraries and APIs evolve over time, existing software development tutorials can become outdated. It is difficult for software developers and especially novices to determine the expected version of the software implicit in a specific tutorial in order to decide whether the tutorial is applicable to their software development environment. To overcome this challenge, in this thesis we present a novel technique for automatic identification of the valid version range of software development tutorials on the Web

    On the Impact of Android API Evolution on Education Materials

    Get PDF
    The recent growing popularity of mobile devices has led to the establishment of several popular mobile platforms such as the Android operating system. To foster growth in this evolving market, Application Programming Interfaces (APIs) were created to enable developers to create mobile device applications that utilize mobile device features and functionality for personal or widespread commercial use. However, as a result of excessive device and API evolution, mobile development faces increasingly complex issues, including an alarmingly rapid decay of development resources. This thesis conducts a case study around one such resource: a series of Android app development lab exercises used in an Android app development course taught at California Polytechnic State University, San Luis Obispo. First, these labs and their respective written guides were modernized and fitted for backwards-compatibility to better reflect newer Android devices and development tools at the time. The updated labs were subsequently used in the next course offering, with student lab feedback recorded for evaluation. Several years later, the apps from these new labs were further tested for abnormal behavior on a variety of Android devices. Results from analyzing all feedback and observations show that despite all measures taken to future-proof these labs, Android device and API evolution continues to vastly outpace third-party Android resources without frequent modernization and upgrades

    A Script-based Approach for Teaching and Assessing Android Application Development

    Get PDF
    • 

    corecore