DeepAI AI Chat
Log In Sign Up

Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

by   Khashayar Etemadi, et al.

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major cost later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that makes it apparent how to fix them. To address these problems, we present Sorald: a novel system that adopts a set of predefined metaprogramming templates to transform the abstract syntax trees of programs to suggest fixes for static issues. Thus, the burden on the developer is reduced from both interpreting and fixing static issues, to inspecting and approving solutions for them. Sorald fixes violations of 10 rules from SonarQube, one of the most widely used static analyzers for Java. We also implement an effective mechanism to integrate Sorald into development workflows based on pull requests. We evaluate Sorald on a dataset of 161 popular repositories on Github. Our analysis shows the effectiveness of Sorald as it fixes 94% (1,153/1,223) of the violations that it attempts to fix. Overall, our experiments show it is possible to automatically fix violations of static analysis rules produced by the state-of-the-art static analyzer SonarQube.


page 1

page 2

page 3

page 4


Naturalistic Static Program Analysis

Static program analysis development is a non-trivial and time-consuming ...

Shipwright: A Human-in-the-Loop System for Dockerfile Repair

Docker is a tool for lightweight OS-level virtualization. Docker images ...

Deep Static Modeling of invokedynamic

Java 7 introduced programmable dynamic linking in the form of the invoke...

Example-based Synthesis of Static Analysis Rules

Static Analysis tools have rules for several code quality issues and the...

Debugging Static Analysis

To detect and fix bugs and security vulnerabilities, software companies ...

How to Find Actionable Static Analysis Warnings

Automatically generated static code warnings suffer from a large number ...

ExceLint: Automatically Finding Spreadsheet Formula Errors

Spreadsheets are one of the most widely used programming environments, a...