Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations
Previous work has shown that early resolution of issues detected by static code analyzers can prevent major cost later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that makes it apparent how to fix them. To address these problems, we present Sorald: a novel system that adopts a set of predefined metaprogramming templates to transform the abstract syntax trees of programs to suggest fixes for static issues. Thus, the burden on the developer is reduced from both interpreting and fixing static issues, to inspecting and approving solutions for them. Sorald fixes violations of 10 rules from SonarQube, one of the most widely used static analyzers for Java. We also implement an effective mechanism to integrate Sorald into development workflows based on pull requests. We evaluate Sorald on a dataset of 161 popular repositories on Github. Our analysis shows the effectiveness of Sorald as it fixes 94% (1,153/1,223) of the violations that it attempts to fix. Overall, our experiments show it is possible to automatically fix violations of static analysis rules produced by the state-of-the-art static analyzer SonarQube.
READ FULL TEXT