Skip to main content

New tool reduces static Java code violations

Photo: Markus Spiske, Unsplash
Published Mar 15, 2023

SORALD fixes rule violations raised by SonarQube, one of the most popular static code analysers used by developers.

A new repair tool called SORALD can directly suggest solutions to violations of the ten most important rules in SonarQube, thus reducing the burden on developers from interpreting and fixing detected rule violations to simply approving the recommended solutions.

This is the main finding in a paper  recently published in IEEE Transactions on Dependable and Secure Computing by a team of researchers at KTH and the Indian Institute of Technology Bombay.

The study, led by Khashayar Etemadi, a doctoral student at KTH, shows how the resolution of issues detected by static code analysers can be made more efficient, reducing both workload and unexpected cost risks at the same time.

Overwhelming and time consuming

The tool can be a potential game changer because it solves a fundamental problem for developers.

“Developers tend to feel overwhelmed by the number of violations presented by current static analysers,” Etemadi explains.

“Many of them are also insignificant, but even if they are important, they come without any suggested solutions.”

SORALD focuses on the most severe rule violations but can make simple and useful solutions. Consequently, Etemadi explains, developers can focus on reviewing and merging patches rather than the cumbersome process of manually fixing violations.

Repair bots

To make the repair tool even more convenient for developers, Etemadi and his colleagues also developed a repair bot which can be integrated into their development workflow. This differentiates it from similar repair tools such as SpongeBugs: SORALDBOT constantly monitors changes on GitHub repositories.

Tests on 161 of the most popular repositories on GitHub, revealed more than 1300 violations of the ten Java rules SORALD considers. The repair tool subsequently presented solutions to 65 per cent of the rule violations.

“Because developers can bypass the whole process of fixing violations themselves, SORALD transforms a rule violation programme to a violation-free one,” Etemadi concludes.

SORALD is not limited to SonarQube only. It can also be used with analysers such as Spotbugs and PMD, provided there is an accurate source code position for the violation.

Study SORALD’s source code and all its relevant experimental data