+1(978)310-4246 credencewriters@gmail.com
  

paper instructions

The static analyzer Infer can be run on any of the assignments given in the instructions pdf which has been attached. After running the analyser, we need to identify the true positive and false positive from the error list, modify the true positive, that means refactoring the code without changing its official functionality. I only need the modified source code and outputs, the report will be made by me.

Assignment 2:
Static Analysis with Infer
Software Analysis
Due date: 2022-04-13 at 23:00
1 The assignment
Your assignment in a nutshell:
1. Pick a software project consisting of at least 5’000 lines of code. The project can be:
• an open-source project available on GitHub or other public repositories,
• a project you developed in the past (for example an assignment or course project),
or
• any other project whose source code is available and that you can share.
2. Run the Infer static analyzer on the project.
3. For each warning reported by Infer try to figure out if it is a false positive or true positive. In case of true positive warnings, try to modify the code without changing its
overall functionality (for example by refactoring the code), in a way that the warnings
disappear.
4. Write a short report discussing your work.
Maximum length of the report: 8 pages (A4 with readable formatting).
The assignment must be done individually.
This assignment contributes to 25% of your overall grade in the course.
2 Tools and documentation
Infer is available in a Docker container using the image bugcounting/satools:y22. Otherwise, instructions to install Infer are available on the project’s website:
1
https://fbinfer.com/
In particular, see the installation guide under Getting Started.
The same page includes documentation about how to use the tool. You may find useful:
• the description of the basic usage workflow
• how to analyze projects built using build systems such as Gradle and Maven
• the list of all kinds of warnings that Infer reports
2.1 Plagiarism policy
See Assignment 1: the same policy applies.
3 Tips and suggestions
3.1 Choosing the project
Besides its size, the main requirement of the project is that it should trigger some Infer warnings. You should find a balance between finding code that can be meaningfully analyzed
and code that is too polished to have any interesting flaws. Very mature code, which has
been improved and polished over years – such as a standard library component of Java – may
not trigger any warnings. In contrast, application code, code that is recent and developed
by non-expert developers, may trigger a lot. Anything in between these two extremes is a
good candidate for this assignment. As usual, in case of doubts you can ask the instructors in
advance.
Here are a few examples of suitable projects (used by students of previous years). You
can pick one of these projects (of course, doing your own analysis independent of the other
students’) or look for projects of similar size and complexity.
• https://github.com/xtaci/algorithms
• https://github.com/Rogiel/torrent4j
• https://github.com/trekawek/coffee-gb
• https://github.com/Progether/JAdventure
• https://github.com/Kaysoro/KaellyBot
2
3.2 Programming language
Infer supports various programming languages, including Java, C++, and JavaScript. In principle, you are allowed to work with any programming language that is supported by Infer.
However, support for some programming languages may be more limited than others – for
example because it is focused on just a few kinds of bugs. As for the criteria to choose the
project, choose a programming language that has an adequate support in Infer, and that makes
the results of the analysis interesting.
3.3 Checkers
Running Infer with infer run without other options runs a number of default checkers, which
look for various bug types such as memory leaks and null dereferences. Infer also offers a
number of specialized checkers, such as Impurity and Eradicate, which are not activated by
default. To run these, invoke Infer with a suitable option, such as infer run –eradicate.
To see which checker-specific options are available, see the documentation of the individual
checkers or the options to command analyze (which can also be passed to run).
In this assignment, you should primarily run the default checkers on your project, and deal
with the warnings they reports. If you find a specialized checker that is particularly interesting
given the features of the project you are analyzing, you can run that checker (in addition to the
default checkers) and report its results as part of the assignment, but be aware that non-default
checkers may still be released as “experimental” features. Anyway, running a specialized
checker is not required for this assignment (whereas running the default checkers is).
3.4 Warnings
Sometimes Infer may generate a large number of warnings for a project. In this case, you do
not have to fix all of them but only up to 30 warnings in the whole project. If you only address
a subset of all warnings reported by Infer, discuss in the report how you selected the warnings
to address.
On the other hand, Infer normally reports only one warning per kind per method. Since
different issues in the same method may be connected, fixing a certain warning in a certain
method may trigger a new warning when you run Infer again. In these cases, the best approach
is to track down the root cause of each warning, so that fixing it removes all related warnings.
This is not always possible, but Infer’s output can help you do it in many practical cases. Also,
if you run into any of these connected warnings, don’t forget to discuss them in the report.
3.5 What to write in the report
Topics that should be discussed in the report include:
• The choice of project – in particular, why it is a good candidate to analyze with Infer
• How many warnings Infer reported, in which classes and methods, and for which kinds
of bugs.
3
• Which warnings were false positives and which true positives.
• Which warnings you addressed (possibly showing examples of how you modified the
code to remove the source of warning).
• Did you find new warnings that appeared after you tried to fix one previously reported
warning?
• Did using Infer give you an idea of what kinds of mistakes and design flaws are more
common in the project you analyzed?
• If you have experience using other static analyzers (for example SonarQube, FindBugs,
or PMD), how do the kinds of warning reported by Infer compare to those reported by
the other tools? (Comparing with other static analyzers is not required but can give extra
points.)
Try to summarize the main quantitative results (number of warnings, kinds of errors reported, false positives, . . . ) in a table or tables, so that it’s easy to get an overview of the
analysis.
4 How and what to turn in
Turn in:
1. The following artifacts in a project named Assignment2 in your assigned GitLab group
for Software Analysis.1
a) Under subdirectory before, the source code of the project you analyzed before
introducing any modifications, as well as the complete output (as a text file) of
Infer when run on it.
Also include a shell script or build configuration file (such as a Maven .pom file,
or just a simple Makefile) that compiles the project and runs Infer on it.
b) Under subdirectory after, the same project’s source code with the modifications
you introduced to remove Infer’s warnings, as well as the complete output (as a
text file) of Infer when run on it.
Also include a shell script or build configuration file (such as a Maven .pom file,
or just a simple Makefile) that compiles the modified project and runs Infer on it.
The scripts can assume that Infer, a Java 11 and/or Java 17 JDK compiler, and Maven
and/or Gradle are available as in the environment provided by the usual Docker image
bugcounting/satools:y22; any other dependency must be included or pulled by the
build script. Make sure the build process works without problems: if it does not run
effortlessly, your submission may not be accepted or lose points.
2. The report in PDF format as a single file using iCorsi under Assignment 2.
1
The same group you used for the previous assignments; see details in Assignment 1’s description.
4

Purchase answer to see full
attachment

  
error: Content is protected !!