{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,13]],"date-time":"2025-06-13T06:07:57Z","timestamp":1749794877025,"version":"3.37.3"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,7,2]],"date-time":"2022-07-02T00:00:00Z","timestamp":1656720000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,7,2]],"date-time":"2022-07-02T00:00:00Z","timestamp":1656720000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"published-print":{"date-parts":[[2022,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The C standard libraries are basic function libraries standardized by the C language. Programmers usually refer to their API documentation provided by third-party websites. Unfortunately, these documents are not necessarily complete or accurate, especially for constraint sentences of API usage, which are called Security Specifications (SSs). SS issues can prevent programmers from following obligatory constraints, which results in API misuse vulnerabilities. Previous work studying SS issues could only find certain types of inaccurate SSs through checking the compliance between API usage and existing SSs. Therefore, we propose a novel approach SSeeker for quickly discovering missing and inaccurate SSs through the inconsistency of semantically similar SSs. More specifically, SSeeker first completes broken sentences and discovers SSs from them by judging their constraint sentiment. Then SSeeker puts semantically similar SSs from different sources into a group, which can be used to discover missing or inaccurate SSs. With the help of SSeeker, we investigated 4 popular online third-party C standard library documents, studied their conformity with the C99 standard, analyzed their APIs and SSs, and discovered 92 prototype issues, 15 web page issues, and 96 SS issues.<\/jats:p>","DOI":"10.1186\/s42400-022-00118-9","type":"journal-article","created":{"date-parts":[[2022,7,2]],"date-time":"2022-07-02T02:02:24Z","timestamp":1656727344000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["The inconsistency of documentation: a study of online C standard library documents"],"prefix":"10.1186","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2513-1704","authenticated-orcid":false,"given":"Ruishi","family":"Li","sequence":"first","affiliation":[]},{"given":"Yunfei","family":"Yang","sequence":"additional","affiliation":[]},{"given":"Jinghua","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Peiwei","family":"Hu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6388-2571","authenticated-orcid":false,"given":"Guozhu","family":"Meng","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,7,2]]},"reference":[{"key":"118_CR1","unstructured":"Beautiful Soup Documentation (2021) https:\/\/www.crummy.com\/software\/BeautifulSoup\/bs4\/doc\/"},{"key":"118_CR2","doi-asserted-by":"crossref","unstructured":"Blasi A, Goffi A, Kuznetsov K, Gorla A, Ernst MD, Pezz\u00e8 M, Castellanos SD (2018) Translating code comments to procedure specifications. In: Proceedings of the 27th ACM SIGSOFT international symposium on software testing and analysis","DOI":"10.1145\/3213846.3213872"},{"key":"118_CR3","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1162\/tacl_a_00051","volume":"5","author":"P Bojanowski","year":"2017","unstructured":"Bojanowski P, Grave E, Joulin A, Mikolov T (2017) Enriching word vectors with subword information. Trans Assoc Comput Linguist 5:135\u2013146","journal-title":"Trans Assoc Comput Linguist"},{"key":"118_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3440755","volume":"54","author":"D Chandrasekaran","year":"2021","unstructured":"Chandrasekaran D, Mago V (2021) Evolution of semantic similarity-a survey. ACM Comput Surv (CSUR) 54:1\u201337","journal-title":"ACM Comput Surv (CSUR)"},{"key":"118_CR5","unstructured":"Chen Y, Xing L, Qin Y, Liao X, Wang X, Chen K, Zou W (2019) Devils in the guidance: predicting logic vulnerabilities in payment syndication services through automated documentation analysis. In: USENIX security symposium"},{"key":"118_CR6","unstructured":"Chung J, Gulcehre C, Cho K, Bengio Y (2014) Empirical evaluation of gated recurrent neural networks on sequence modeling"},{"key":"118_CR7","unstructured":"cplusplus: cplusplus (2021) http:\/\/www.cplusplus.com\/"},{"key":"118_CR8","unstructured":"cplusplus: nanl (2021). https:\/\/www.cplusplus.com\/reference\/cmath\/nanl\/?kw=nanl"},{"key":"118_CR9","unstructured":"cppreference: cppreference (2021) https:\/\/en.cppreference.com\/"},{"key":"118_CR10","unstructured":"Devlin J, Chang M-W, Lee K, Toutanova K (2019) Bert: pre-training of deep bidirectional transformers for language understanding. In: NAACL"},{"key":"118_CR11","doi-asserted-by":"crossref","unstructured":"Gardner M, Grus J, Neumann M, Tafjord O, Dasigi P, Liu NF, Peters M, Schmitz M, Zettlemoyer LS (2017) Allennlp: a deep semantic natural language processing platform. arXiv:1803.07640","DOI":"10.18653\/v1\/W18-2501"},{"key":"118_CR12","doi-asserted-by":"crossref","unstructured":"Goffi A, Gorla A, Ernst MD, Pezz\u00e8 M (2016) Automatic generation of oracles for exceptional behaviors. In: Proceedings of the 25th international symposium on software testing and analysis","DOI":"10.1145\/2931037.2931061"},{"key":"118_CR13","unstructured":"Google: GoogleNews-vectors-negative300.bin.gz (2021) https:\/\/drive.google.com\/file\/d\/0B7XkCwpI5KDYNlNUTTlSS21pQmM\/edit?usp=sharing"},{"key":"118_CR14","unstructured":"Group, T.S.N.L.P. (2021) Stanford Log-linear Part-Of-Speech Tagger. https:\/\/nlp.stanford.edu\/software\/tagger.shtml"},{"key":"118_CR15","unstructured":"Group, T.S.N.L.P. (2021) Stanford deterministic coreference resolution system. https:\/\/nlp.stanford.edu\/software\/dcoref.shtml"},{"key":"118_CR16","unstructured":"ISO: ISO\/IEC 9899:2018 (C17 and C18) (2021) https:\/\/www.iso.org\/standard\/74528.html"},{"key":"118_CR17","unstructured":"ISO: N1256 (C99) (2021) http:\/\/www.open-std.org\/jtc1\/sc22\/WG14\/www\/docs\/n1256.pdf"},{"key":"118_CR18","doi-asserted-by":"crossref","unstructured":"Kim Y (2014) Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882","DOI":"10.3115\/v1\/D14-1181"},{"key":"118_CR19","doi-asserted-by":"crossref","unstructured":"Lai S, Xu L, Liu K, Zhao J (2015) Recurrent convolutional neural networks for text classification. In: 29th AAAI conference on artificial intelligence","DOI":"10.1609\/aaai.v29i1.9513"},{"key":"118_CR20","unstructured":"Linux man page (2021) https:\/\/man7.org\/linux\/posix-man-pages\/"},{"key":"118_CR59","doi-asserted-by":"crossref","unstructured":"Liu B, Meng G, Zou W, Li F, Gong Q, Lin M, Sun D, Huo D, Zhang C (2020) A large-scale empirical study on vulnerability distribution within projects and the lessons learned. In: 2020 IEEE\/ACM 42th international conference on software engineering (ICSE), pp 1547\u20131559","DOI":"10.1145\/3377811.3380923"},{"key":"118_CR21","doi-asserted-by":"crossref","unstructured":"Lv T, Li R, Yang Y, Chen K, Liao X, Wang X, Hu P, Xing L (2020) Rtfm! automatic assumption discovery and verification derivation from library document for api misuse detection. In: Proceedings of the 2020 ACM SIGSAC conference on computer and communications security","DOI":"10.1145\/3372297.3423360"},{"key":"118_CR22","unstructured":"Lynten: stanfordcorenlp (2018) https:\/\/github.com\/Lynten\/stanford-corenlp"},{"key":"118_CR23","unstructured":"lxml (2021) https:\/\/lxml.de\/"},{"key":"118_CR24","unstructured":"man3 (2021) https:\/\/linux.die.net\/man\/3\/"},{"key":"118_CR25","unstructured":"man7: man page (2021) https:\/\/man7.org\/linux\/man-pages"},{"key":"118_CR26","unstructured":"man7: strcat (2021) https:\/\/man7.org\/linux\/man-pages\/man3\/strcat.3.html"},{"key":"118_CR27","unstructured":"Microsoft: Microsoft documentation Github repository (2021) https:\/\/github.com\/MicrosoftDocs\/cpp-docs\/blob\/master\/docs\/c-runtime-library\/reference"},{"key":"118_CR28","unstructured":"Microsoft: Microsoft documentation (2021) https:\/\/docs.microsoft.com\/en-us"},{"key":"118_CR29","unstructured":"Mikolov T, Chen K, Corrado GS, Dean J (2013) Efficient estimation of word representations in vector space. In: ICLR"},{"key":"118_CR30","unstructured":"NLP S (2021) Evaluation of clustering. https:\/\/nlp.stanford.edu\/IR-book\/html\/htmledition\/evaluation-of-clustering-1.html"},{"key":"118_CR31","unstructured":"(NVD), N.V.D.: CVE-2005-3346 (2021) https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2005-3346"},{"key":"118_CR32","doi-asserted-by":"crossref","unstructured":"Pandita R, Xiao X, Zhong H, Xie T, Oney S, Paradkar A (2012) Inferring method specifications from natural language api descriptions. In: 2012 34th international conference on software engineering (ICSE), pp 815\u2013825","DOI":"10.1109\/ICSE.2012.6227137"},{"key":"118_CR33","doi-asserted-by":"crossref","unstructured":"Pennington J, Socher R, Manning CD (2014) Glove: global vectors for word representation. In: EMNLP","DOI":"10.3115\/v1\/D14-1162"},{"key":"118_CR34","unstructured":"\u0158eh$$\\mathring{{\\rm u}}$$\u0159ek R (2021) gensim . https:\/\/radimrehurek.com\/gensim\/"},{"key":"118_CR35","doi-asserted-by":"crossref","unstructured":"Reimers N, Gurevych I (2019) Sentence-bert: sentence embeddings using siamese bert-networks. ArXiv:abs\/1908.10084","DOI":"10.18653\/v1\/D19-1410"},{"key":"118_CR36","unstructured":"SBERT: all-MiniLM-L6-v2 model (2021) https:\/\/huggingface.co\/sentence-transformers\/all-MiniLM-L6-v2"},{"key":"118_CR37","doi-asserted-by":"crossref","unstructured":"Sha F, Pereira F (2003) Shallow parsing with conditional random fields. In: Proceedings of the 2003 human language technology conference of the North American chapter of the association for computational linguistics, pp 213\u2013220. https:\/\/www.aclweb.org\/anthology\/N03-1028","DOI":"10.3115\/1073445.1073473"},{"key":"118_CR38","unstructured":"StanfordParser (2016) https:\/\/nlp.stanford.edu\/software\/dependencies_manual.pdf"},{"key":"118_CR39","doi-asserted-by":"crossref","unstructured":"Tan L, Yuan D, Krishna G, Zhou Y (2007) \/*icomment: bugs or bad comments?*\/. In: SOSP","DOI":"10.1145\/1294261.1294276"},{"key":"118_CR40","doi-asserted-by":"crossref","unstructured":"Tan SH, Marinov D, Tan L, Leavens G (2012) @tcomment: testing Javadoc comments to detect comment-code inconsistencies. In: 2012 IEEE 5th international conference on software testing, verification and validation, pp 260\u2013269","DOI":"10.1109\/ICST.2012.106"},{"key":"118_CR41","unstructured":"The pre-trained S-HAN (2021) https:\/\/github.com\/lvtao-sec\/Advance\/tree\/master\/S-HAN\/saved-models"},{"key":"118_CR42","unstructured":"University P (2021) WordNet. https:\/\/wordnet.princeton.edu\/"},{"key":"118_CR43","unstructured":"Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser \u0141, Polosukhin I (2017) Attention is all you need. In: Advances in neural information processing systems, pp 5998\u20136008"},{"key":"118_CR44","unstructured":"Wikipedia: C standard library (2021) https:\/\/en.wikipedia.org\/wiki\/C_standard_library"},{"key":"118_CR45","unstructured":"Wikipedia: The ISO\/IEC 9899 Standard (2021) https:\/\/www.iso-9899.info\/wiki\/The_Standard"},{"key":"118_CR46","unstructured":"Wikipedia: ANSI X3.159-1989 (C89) (2021) https:\/\/en.wikipedia.org\/wiki\/ANSI_C#C89"},{"key":"118_CR47","unstructured":"Wikipedia: ISO\/IEC 9899:1990 (C90) (2021) https:\/\/en.wikipedia.org\/wiki\/ANSI_C#C90"},{"key":"118_CR48","unstructured":"Wikipedia: ISO\/IEC 9899:1990\/AMD1:1995 (C95) (2021) https:\/\/en.wikipedia.org\/wiki\/ANSI_C#C95"},{"key":"118_CR49","unstructured":"Wikipedia: ISO\/IEC 9899:1999 (C99) (2021) https:\/\/en.wikipedia.org\/wiki\/ANSI_C#C99"},{"key":"118_CR50","unstructured":"Wikipedia: ISO\/IEC 9899:2011 (C11) (2021) https:\/\/en.wikipedia.org\/wiki\/ANSI_C#C11"},{"key":"118_CR51","unstructured":"Wikipedia: Cluster analysis (2021) https:\/\/en.wikipedia.org\/wiki\/Cluster_analysis#External_evaluation"},{"key":"118_CR52","unstructured":"Wikipedia: tf-idf (2021) https:\/\/en.wikipedia.org\/wiki\/Tf-idf"},{"key":"118_CR53","doi-asserted-by":"crossref","unstructured":"Yang Z, Yang D, Dyer C, He X, Smola A, Hovy E (2016) Hierarchical attention networks for document classification. In: Proceedings of the 2016 conference of the North American chapter of the association for computational linguistics: human language technologies, pp 1480\u20131489","DOI":"10.18653\/v1\/N16-1174"},{"key":"118_CR60","doi-asserted-by":"crossref","unstructured":"Yu D, Yang G, Meng G, Gong X, Zhang X, Xiang X, Wang X, Jiang Y, Chen K, Zou W, Lee W, Shi W (2021) SEPAL: Towards a large-scale analysis of SEAndroid policy customization. In: Proceedings of the 30th The Web Conference (WWW)","DOI":"10.1145\/3442381.3450007"},{"key":"118_CR54","unstructured":"Zero0one1: Microsoft SS Issue (2021) https:\/\/github.com\/MicrosoftDocs\/cpp-docs\/issues\/3366"},{"key":"118_CR55","first-page":"307","volume":"2009","author":"H Zhong","year":"2009","unstructured":"Zhong H, Zhang L, Xie T, Mei H (2009) Inferring resource specifications from natural language API documentation. IEEE\/ACM Int Conf Autom Softw Eng 2009:307\u2013318","journal-title":"IEEE\/ACM Int Conf Autom Softw Eng"},{"key":"118_CR56","doi-asserted-by":"crossref","unstructured":"Zhong H, Su Z (2013) Detecting api documentation errors. In: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications","DOI":"10.1145\/2509136.2509523"},{"key":"118_CR57","doi-asserted-by":"publisher","first-page":"1004","DOI":"10.1109\/TSE.2018.2872971","volume":"46","author":"Y Zhou","year":"2020","unstructured":"Zhou Y, Wang C, Yan X, Chen T, Panichella S, Gall HC (2020) Automatic detection and repair recommendation of directive defects in java API documentation. IEEE Trans Softw Eng 46:1004\u20131023","journal-title":"IEEE Trans Softw Eng"},{"key":"118_CR58","doi-asserted-by":"crossref","unstructured":"Zhou Y, Gu R, Chen T, Huang Z, Panichella S, Gall HC (2017) Analyzing apis documentation and code to detect directive defects. In: 2017 IEEE\/ACM 39th international conference on software engineering (ICSE), pp 27\u201337","DOI":"10.1109\/ICSE.2017.11"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-022-00118-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-022-00118-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-022-00118-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,2]],"date-time":"2022-07-02T02:02:56Z","timestamp":1656727376000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-022-00118-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,2]]},"references-count":60,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["118"],"URL":"https:\/\/doi.org\/10.1186\/s42400-022-00118-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"type":"electronic","value":"2523-3246"}],"subject":[],"published":{"date-parts":[[2022,7,2]]},"assertion":[{"value":"4 January 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 February 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 July 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"14"}}