Work on this exercise locally
This web app is a reference guide — you can read instructions, browse starter code, and view tests here. To actually complete the exercise, you need to work in your local development environment.
git clone https://github.com/weihaoqu/program-analysis-bootcamp-studentfailwith "TODO" with your implementation.dune runtest modules/module1-foundations/exercises/analysis-comparisonAnalysis Comparison
4. Exercise 2: Analysis Comparison
Goal: Classify 15 code snippets (in Python, JavaScript, Java, and C) by what kind of issue they contain and which analysis technique would detect it.
Time: ~15 minutes
Files:
| File | Purpose |
|---|---|
exercises/analysis-comparison/starter/code-samples.md | 15 code snippets -- read this |
exercises/analysis-comparison/starter/classification-template.md | Your answers -- fill this out |
What to do
-
Open
code-samples.mdand read each snippet carefully. -
For every snippet, fill in one row of the table in
classification-template.md:Column What to write Issue Description What is wrong or risky in this code Objective Correctness, Security, or Performance Detection Method Static, Dynamic, or Both Explanation 1--2 sentences on why you chose that classification -
Answer the summary questions at the bottom of the template.
Tips
- SQL injection and command injection are Security issues.
- Unreachable code and off-by-one errors are Correctness issues.
- Unbounded caches and redundant loops are Performance issues.
- Some issues can be detected statically (by examining source code), some require dynamic execution, and some can be found either way.
Self-check
- All 15 rows should be filled in.
- The summary counts should add up to 15 total.
- Review your classifications against the lecture notes on static vs dynamic analysis to see if your reasoning holds up.
Starter Files
Work on this exercise locally
This web app is a reference guide — you can read instructions, browse starter code, and view tests here. To actually complete the exercise, you need to work in your local development environment.
git clone https://github.com/weihaoqu/program-analysis-bootcamp-studentfailwith "TODO" with your implementation.dune runtest modules/module1-foundations/exercises/analysis-comparisonAnalysis Comparison
4. Exercise 2: Analysis Comparison
Goal: Classify 15 code snippets (in Python, JavaScript, Java, and C) by what kind of issue they contain and which analysis technique would detect it.
Time: ~15 minutes
Files:
| File | Purpose |
|---|---|
exercises/analysis-comparison/starter/code-samples.md | 15 code snippets -- read this |
exercises/analysis-comparison/starter/classification-template.md | Your answers -- fill this out |
What to do
-
Open
code-samples.mdand read each snippet carefully. -
For every snippet, fill in one row of the table in
classification-template.md:Column What to write Issue Description What is wrong or risky in this code Objective Correctness, Security, or Performance Detection Method Static, Dynamic, or Both Explanation 1--2 sentences on why you chose that classification -
Answer the summary questions at the bottom of the template.
Tips
- SQL injection and command injection are Security issues.
- Unreachable code and off-by-one errors are Correctness issues.
- Unbounded caches and redundant loops are Performance issues.
- Some issues can be detected statically (by examining source code), some require dynamic execution, and some can be found either way.
Self-check
- All 15 rows should be filled in.
- The summary counts should add up to 15 total.
- Review your classifications against the lecture notes on static vs dynamic analysis to see if your reasoning holds up.