% vim: set ts=2 sw=2 et tw=80:

\documentclass[12pt,a4paper]{article}
\usepackage[utf8]{inputenc}
\usepackage[margin=2cm]{geometry}
\usepackage{hyperref}

\title{Assginment 1 -- Software Design and Modelling}

\author{Volodymyr Karpenko \and Claudio Maggioni}

\begin{document}
\maketitle

\section{Project selection process}

We need to find a project that is a single unit in terms of compilation
modules\footnote{A problem for Pattern4J as compiled \texttt{.class} files are
distributed across several directories and would have to be merged manually for
analyzing them}
self contained and with as little external dependencies as possible to ease the
analysis project. Additionally, it would be nice if we choose a project that we
already know as library clients.

\subsection {Projects Considered}

\begin{description}
  \item[vavr-io/vavr] a Java library for functional programming, discarded as
    the project is less than 20K LOC and doesn't meet the selection criteria;
  \item[bitcoin4j/bitcoin4j] a Java implementation of the bitcoin protocol,
    discarded as the project is distributed in several subprojects;
  \item[FasterXML/jackson-core] a popular Java JSON serialization and
    deserialization library. This repository contains the \textit{core}
    component of the library, i.e. the library abstractions and interface to
    support additional modules and the main JSON serialization and
    deserialization capabilities. We chose this library because it meets the
    selection criteria, it doesn't rely on external components for its
    execution, and its project structure uses a single Maven module for its
    sources and thus easy to analyze.
\end{description}

Therefore we chose \textbf{FasterXML/jackson-core}, specifically the sources
under the git tag \texttt{jackson-core-2.13.4}, the latest stable version of the
library at this time.

\section{Analysis}

We use
\href{https://users.encs.concordia.ca/~nikolaos/pattern\_detection.html}{\textit{Pattern4}}
as a pattern detection tool. This tool needs compiled \texttt{.class} files in
order to perform analysis. Therefore, as \texttt{jackson-core} is a standard
Maven project, we compile the sources using the command \texttt{mvn clean
compile}. The \texttt{pom.xml} of the library specifies Java 1.6 as a
compilation target, which is not supported by JDK 17 or above. We used JDK 11
instead, as it is the previous LTS version.

An XML dump of the \textit{Pattern4j} analysis results are included in the
submission as the file \texttt{analysis.xml}.

\subsection{Comments}
\begin{itemize}
  \item Lots of false positives for the Singleton pattern. Example,
    com.fasterxml.jackson.core.sym.Name1 has a package private constructor and a
    public static final instance of it, but reading the documentation the class
    represents (short) JSON string literals and therefore is clearly
    initialized by client code.
  \item TBD
\end{itemize}
\end{document}