Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

TL;DR

Sorald is an automated system that generates patch suggestions for static analysis violations in Java code, reducing developer effort by automatically fixing a significant portion of issues detected by SonarJava.

Contribution

It introduces a novel metaprogramming approach to automatically fix static analysis violations, specifically targeting 10 rules from SonarJava, and demonstrates effectiveness on real-world GitHub repositories.

Findings

Fixes 65% of violations with repair preconditions met

Automatically repairs notable static analysis violations

Effective on a diverse set of popular repositories

Abstract

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major costs later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that is actionable. To address these problems, we present Sorald: a novel system that devise metaprogramming templates to transform the abstract syntax trees of programs and suggest fixes for static analysis warnings. Thus, the burden on the developer is reduced from interpreting and fixing static issues, to inspecting and approving full fledged solutions. Sorald fixes violations of 10 rules from SonarJava, one of the most widely used static analyzers for Java. We evaluate Sorald on a dataset of 161 popular repositories on Github. Our analysis shows the effectiveness of Sorald as it fixes 65% (852/1,307) of the violations that meets the repair preconditions. Overall, our experiments show it is possible to automatically fix notable violations of the static analysis rules produced by the state-of-the-art static analyzer SonarJava.