\documentclass[11pt,a4paper]{scrartcl}
\usepackage{algorithm}
\usepackage{algpseudocode}
\usepackage[utf8]{inputenc}
\usepackage[margin=2.25cm]{geometry}
\usepackage{hyperref}
\usepackage{listings}
\usepackage{xcolor}
\usepackage{lmodern}
\usepackage{booktabs}
\usepackage{multirow}
\usepackage{graphicx}
\usepackage{float}
\usepackage{tikz}
\usepackage{listings}
\usepackage{pgfplots}
\pgfplotsset{compat=1.18}
\usepackage{subcaption}
\setlength{\parindent}{0cm}
\setlength{\parskip}{0.3em}
\hypersetup{pdfborder={0 0 0}}
%\usepackage[nomessages]{fp} no easter eggs this time
\usepackage{amsmath}
\DeclareMathOperator*{\argmax}{arg\,max}
\DeclareMathOperator*{\argmin}{arg\,min}
\usepackage{minted}

\definecolor{codegreen}{rgb}{0,0.6,0}
\definecolor{codegray}{rgb}{0.5,0.5,0.5}
\definecolor{codepurple}{rgb}{0.58,0,0.82}
\definecolor{backcolour}{rgb}{0.95,0.95,0.92}

\lstdefinestyle{mystyle}{
  backgroundcolor=\color{backcolour},   
  commentstyle=\color{codegreen},
  keywordstyle=\color{magenta},
  keywordstyle=[2]{\color{olive}},
  numberstyle=\tiny\color{codegray},
  stringstyle=\color{codepurple},
  basicstyle=\ttfamily\footnotesize,
  breakatwhitespace=false,         
  breaklines=true,                 
  captionpos=b,  
  keepspaces=true,                 
  numbers=left,  
  numbersep=5pt,
  showspaces=false,                
  showstringspaces=false,
  showtabs=false,
  tabsize=2,
  aboveskip=0.8em,
  belowcaptionskip=0.8em
}
\lstset{style=mystyle}

\geometry{left=2cm,right=2cm,top=2cm,bottom=3cm}
\title{
\vspace{-5ex} 
Assignment 1 -- Software Analysis \\\vspace{0.5cm}
\Large Static Analysis with Infer
\vspace{-1ex} 
}
\author{Claudio Maggioni}
\date{\vspace{-3ex}}

\begin{document}
\maketitle

\section{Project selection}
Given that this assignment draws parallels with the class of Software Design and
Modelling of last semester, specifically regarding static analyzers, I choose to
analyze the same project I analyzed in the past with PMD and SonarQube using
Infer\footnote{\url{https://fbinfer.com/}} to make
for an interesting comparison between static analysis paradigms.

The project I analyze is therefore
\href{https://github.com/apache/commons-lang}{\textbf{apache/commons-lang}}.

\subsection{The Apache Commons Lang Project}
The Apache Commons family of libraries is an Apache Software
Foundation\footnote{\url{https://apache.org/}} sponsored collection of Java
libraries designed to complement the standard libraries of Java. The Apache
Commons Lang project focuses on classes that would have fitted in the
\textit{java.lang} package if they were included with Java.

All the source and test classes are contained within in the package
\textit{org.apache.commons.lang3} or in a sub-package of that package. For the
sake of brevity, this prefix is omitted from now on when mentioning file paths
and classes in the project.

I choose to analyze version 3.12.0 of the library (i.e.\ the code under the
\textit{git} tag \textit{rel/commons-lang-3.12.0}) because it is the same
version analyzed during the SDM class.

To verify that the project satisfies the 5000 lines of code requirement, I run
the \textit{cloc} tool. Results are shown in table \ref{tab:cloc}. Given the
project has more than 86,000 lines of Java code, this requirement is satisfied.

\begin{table}[H]
  \centering
  \begin{tabular}{lrrrr}
    \toprule
    Language & Files & Blank & Comment & Code \\
    \midrule
    Java & 409 & 15,790 & 60,363 & 86,056 \\ 
    HTML & 22 & 1,015 & 100 & 13,028 \\ 
    Text & 30 & 1,858 & 0 & 12,415 \\ 
    XML & 38 & 434 & 539 & 4,819 \\ 
    Maven & 1 & 31 & 37 & 940 \\ 
    JavaScript & 5 & 21 & 78 & 698 \\ 
    Markdown & 3 & 38 & 0 & 202 \\ 
    CSS & 4 & 36 & 66 & 140 \\ 
    Velocity Template Language & 1 & 23 & 31 & 90 \\ 
    Groovy & 1 & 12 & 22 & 81 \\ 
    YAML & 3 & 12 & 42 & 55 \\ 
    Bourne Shell & 1 & 0 & 2 & 2 \\
    \midrule
    Total & 518 & 19,270 & 61,280 & 118,526 \\
    \bottomrule
  \end{tabular}
  \caption{Output of the \textit{cloc} tool for the Apache Commons Lang project
    at tag \textit{rel/commons-lang-3.12.0} (before fixes are applied).}
  \label{tab:cloc}
\end{table}

\section{Running the Infer tool}

The relevant source code to analyze has been copied to the directory
\textit{before} in the assignment repository

\begin{center}
\href{https://gitlab.com/usi-si-teaching/msde/2022-2023/software-analysis/maggioni/assignment-2}{\textit{usi-si-teaching/msde/2022-2023/software-analysis/maggioni/assignment-2}}
\end{center}

on \textit{gitlab.com}. The script \textit{docker-infer.sh} can be executed to
automatically run the Infer tool using default options through the course
tools docker image \textit{bugcounting/satools:y23}.

The script selects Java 17 to compile the project as this is required to not
make the Animal Sniffer Maven build plugin fail with the message ``This feature
requires ASM7''. 

The script executes Infer in Maven capture mode executing the \textit{compile}
and \textit{test} targets while disabling the Apache RAT software license
checker (which fails for this release). Since unit tests are executed, running
the script before and after the warning guided refactoring ensures the fixes I
introduce do not introduce regressions.

The analysis outputs
are located in \textit{before/infer-out/report.txt}.

\section{Results}

Table \ref{tab:infer} shows the results of the analysis performed by Infer
providing comments on true and false positives and the actions taken for each
result.

\begin{table}[H]
   \small
    \begin{tabular}{@{}llp{1.2cm}p{0.65cm}p{6cm}@{}}
\toprule
\textbf{File} & \textbf{Line} & \textbf{Kind} & \textbf{True Pos.} &
\textbf{Reason why flagged expression is a false positive} \\ \midrule
AnnotationUtils.java & 72 & Null & Yes & \multirow{4}{6cm}{--} \\
reflect/MethodUtils.java & 486 & Null & Yes & \\
reflect/FieldUtils.java & 126 & Null & Yes & \\
concurrent/MultiBackgroundInitializer.java & 160 & Thread Safety & Yes & \\
\midrule
builder/ToStringBuilder.java & 223 & Null & No & \multirow{2}{6cm}{Infer flags
        the value \texttt{null} when used as a nullable method argument} \\
builder/ReflectionToStringBuilder.java & 131 & Null & No & \\
\midrule
time/DurationUtils.java & 142 & Null & No & The method which may return a null
value returns a non-null value if its parameter is non-null, and a
non-null parameter is given \\
\midrule 
CharSetUtils.java & 181 & Null & No & According to \textit{java.lang}
documentation, the method always returns a non-null value \\
\midrule
reflect/FieldUtils.java & 341 & Null & No &
\multirow{4}{6cm}{A utility method is used to guard the dereference reported
with an exception throw} \\
reflect/FieldUtils.java & 385 & Null & No & \\
reflect/FieldUtils.java & 599 & Null & No & \\
reflect/FieldUtils.java & 644 & Null & No & \\
\midrule
reflect/MethodUtils.java & 987 & Null & No & The method which may return a null
value returns a non-null value if its parameter is non-null, and a
non-null parameter is always given according to the \textit{java.lang}
documentation for the inner nested method \\ \bottomrule
\end{tabular}
    \caption{Results of the Infer static analysis tool execution with default
    options. \textit{True Pos.} denotes whether a result is a true positive,
    while \textit{Kind} denotes with \textit{Null} and \textit{Thread Safety}
    respectively null dereference warnings and thread safety violations.}
    \label{tab:infer}
\end{table}

In total Infer reports 13 warnings, 12 of which are null dereference warnings
and 1 is a thread safety violation. Of all warnings, 4 are true positives and 9
are false positives, resulting in a false positive ratio of over 69\%. These
values are summarized in table \ref{tab:num}.

\begin{table}[H]
    \centering
\begin{tabular}{@{}ll@{}}
\toprule
Total number of warnings:  & 13 \\ \midrule
Null dereference warnings: & 12 \\
Thread safety violations:  & 1  \\ \midrule
True positives:            & 4  \\
False positives:           & 9  \\ \bottomrule
\end{tabular}
    \caption{Quantitative results of the static analysis performed by Infer.}
    \label{tab:num}
\end{table}

\subsection{False Positives}

As can be deduced from table \ref{tab:infer}, Infer especially struggles at
determining Vthe null safety of nested method calls or non-trivial data flow
paths. This is sometimes caused by insufficient knowledge of the nullability
contracts of the Java standard library (e.g. \textit{java.lang} package).

In other cases, the flagged expression is guarded by an utility method throwing
an exception if its value is indeed \texttt{null}. One of such guards is the
\mintinline{java}{static Validate.notNull(Object, String, Object...)} method,
which checks if its first argument is null and throws a
\texttt{NullPointerException} if so.

Additionally, Infer seems to struggle with boxed primitives and not
understanding that their value is always non-null by construction. As an example
I provide the warning reported in the file \textit{time/DurationUtils.java}:

\begin{listing}[H]
\begin{minted}[linenos,firstnumber=139]{java}
public static int toMillisInt(final Duration duration) {
    Objects.requireNonNull(duration, "duration");
    // intValue() does not do a narrowing conversion here
    return LONG_TO_INT_RANGE.fit(Long.valueOf(duration.toMillis())).intValue();
}
\end{minted}
    \caption{Method \textit{toMillisInt(Duration)} of class
    \textit{time.DurationUtils} in Apache Commons Lang 3.12.0.}
\end{listing}

Here Infer reports that the first argument of
\mintinline{java}{LONG_TO_INT_RANGE.fit(Long)} may be null. However, the return
value of \mintinline{java}{Long.valueOf(long)} is always non-null since the
method simply boxes its \mintinline{java}{long} argument.

Finally, some warnings are caused by Infer flagging the use of the \texttt{null}
keyword as a method argument for methods that would accept a nullable argument
in that position without causing null dereferences. This warning could point to 
a potential ambiguity is selecting the right method to call at
compile time given the argument types (i.e. static dispatching), as
\texttt{null} is a valid expression of all object types. For example, in the
given class:

\begin{minted}{java}
class C {
  m(String s) {}
  m(Object o) {}
}
\end{minted} 

A call to \mintinline{java}{C.m(null)} would be ambiguous as \texttt{null} is
both a \texttt{String} and an \texttt{Object}, thus a cast to either type woule
be required to make the code compile. However, the warnings reported by Infer do
not present such ambiguity as in those cases overloaded methods have different
numbers of parameters. Additionally, even introducing explicit casts for all
\texttt{null} arguments does not extinguish the warning. Therefore, I can not
find a conclusive explaination on the nature of the false positive, however I
can attest to these instances being indeed false positives by having manually
verified that the methods in question indeed can accept a null value without
causing null dereferences.

\subsection{True Positives}

In this section I now cover the warnings that are true positives and thus are
causes for refactoring.

\end{document}