A Replication of "Generating REST API Specifications through Static Analysis"
This artifact facilitates the replication of the ICSE 2024 paper titled \textit{Generating REST API Specifications through Static Analysis}, and aims to help researchers to build on our work. It consists of a full functional and reusable implementation of the approach, the dataset used for the evaluation, results presented in the paper, and scripts to replicate the evaluation. We apply for Artifact Available and Artifact Reusable badges as we released our artifact as open-source software along with detailed documentation. We prepared a VirtualBox virtual machine image containing a working environment, for which the user needs to install VirtualBox. Alternatively, the user can run the artifact locally on Linux with Java 8, Java 11, Maven, and Gradle.
The released repository contains instructions for downloading and executing the artifact.
Description for \textit{Generating REST API Specifications through Static Analysis}:
Web Application Programming Interfaces (APIs) allow services to be accessed over the network. RESTful (or REST) APIs, which use the REpresentation State Transfer (REST) protocol, are a popular type of web API. To use or test REST APIs, developers use specifications written in standards such as OpenAPI. However, creating and maintaining these specifications is time-consuming and error-prone, especially as software evolves, leading to incomplete or inconsistent specifications that negatively affect the use and testing of the APIs. To address this problem, we present Respector (REST API specification generator), the first technique to employ static and symbolic program analysis to generate specifications for REST APIs from their source code. We evaluated Respector on 15~real-world APIs with promising results in terms of precision and recall in inferring endpoint methods, endpoint parameters, method responses, and parameter attributes, including constraints leading to successful HTTP responses or errors. Furthermore, these results could be further improved with additional engineering. Comparing the Respector-generated specifications with the developer-provided ones shows that Respector was able to identify many missing endpoint methods, parameters, constraints, and responses, along with some inconsistencies between developer-provided specifications and API implementations. Finally, Respector outperformed several techniques that infer specifications from annotations within API implementations or by invoking the APIs.