Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

by   Khashayar Etemadi, et al.

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major cost later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that makes it apparent how to fix them. To address these problems, we present Sorald: a novel system that adopts a set of predefined metaprogramming templates to transform the abstract syntax trees of programs to suggest fixes for static issues. Thus, the burden on the developer is reduced from both interpreting and fixing static issues, to inspecting and approving solutions for them. Sorald fixes violations of 10 rules from SonarQube, one of the most widely used static analyzers for Java. We also implement an effective mechanism to integrate Sorald into development workflows based on pull requests. We evaluate Sorald on a dataset of 161 popular repositories on Github. Our analysis shows the effectiveness of Sorald as it fixes 94% (1,153/1,223) of the violations that it attempts to fix. Overall, our experiments show it is possible to automatically fix violations of static analysis rules produced by the state-of-the-art static analyzer SonarQube.


page 1

page 2

page 3

page 4


Naturalistic Static Program Analysis

Static program analysis development is a non-trivial and time-consuming ...

Shipwright: A Human-in-the-Loop System for Dockerfile Repair

Docker is a tool for lightweight OS-level virtualization. Docker images ...

How do Developers Improve Code Readability? An Empirical Study of Pull Requests

Readability models and tools have been proposed to measure the effort to...

Refining ChatGPT-Generated Code: Characterizing and Mitigating Code Quality Issues

In this paper, we systematically study the quality of 4,066 ChatGPT-gene...

Example-based Synthesis of Static Analysis Rules

Static Analysis tools have rules for several code quality issues and the...

Debugging Static Analysis

To detect and fix bugs and security vulnerabilities, software companies ...

How to Find Actionable Static Analysis Warnings

Automatically generated static code warnings suffer from a large number ...

Please sign up or login with your details

Forgot password? Click here to reset