Automatic patch generation and proposal for static analysis warnings

Henry Luong

Abstract

Code review is a quality assurance practice to ensure that the released software lives up to certain standards. This practice can also be performed automatically using static analysis tools that scan the input source code for finding bad code pattern instances and warning the developers about them. However, the number of generated warnings could be numerous, making it hard and time-consuming for developers to analyze and fix their root causes. Since human effort is costly, automating the process of eliminating the root causes of warnings would play an important role in software development. In a previous work, a tool named Sorald was developed to handle these warnings automatically. In this work, we build up on Sorald, focusing on its usability. First, we introduced in Sorald a new strategy of analysis and repair of source code, which allows Sorald to deliver a fix even when internal failure occurs in Sorald. Second, we integrated Sorald into a repair bot, named Repairnator, so that Sorald can be used in the highly usable continuous integration service Jenkins and propose fixes for developers automatically. As evaluation of the new repair strategy and the integration of Sorald into Repairnator, Sorald was executed and monitored on 28 Eclipse GitHub projects. The results show that the new repair strategy improves the performance of Sorald in terms of number of fixes produced, while the total repair time remains mostly unchanged when compared with the default repair strategy. Moreover, only 2/14 automated patches generated by Sorald and proposed to developers were denied by them. In conclusion, the contributions of this work improve the overall usability of Sorald as an automated software repair tool.