Contributions to the usability of Sorald for repairing static analysis violations

Abstract: Automated static analysis tools are important in modern software quality assurance. These tools scan the input source or binary code for a set of rules to detect functional or maintainability problems and then warn developers about the found rule violations. Then, developers analyze and possibly repair the rule violations in a manual procedure, which can be time-consuming. Since human effort is costly, automated solutions for repairing rule violations would play an important role in software development. In a previous work, a tool named Sorald was developed to automatically repair rule violations generated by the static analyzer SonarJava. However, there is a lack of reliability of Sorald in generating patches and also a lack of automation for the usage of Sorald by developers. Therefore, in this work, solutions are proposed to improve the usability of Sorald. First, a new strategy of source code analysis and repair was introduced in Sorald, which allows Sorald to deliver a fix even when an internal failure occurs in Sorald. Second, Sorald was integrated into a repair bot, named Repairnator, which was then integrated into the Jenkins continuous integration service. This allows Sorald to be automatically executed in continuous integration builds and its generated patches to be automatically proposed to developers on GitHub. As an evaluation of the proposed solutions, Sorald was executed and monitored on 28 open-source projects hosted on GitHub. The results show that the new repair strategy improves the performance of Sorald in terms of the number of fixes, while the repair time remains mostly unchanged when compared with the default repair strategy. Moreover, the total repair time of Sorald for the 15 supported SonarJava rules is within the continuous integration time of the analyzed projects, which means that it is feasible to repair projects with Sorald in such an environment. Finally, most Sorald patches are compilable and usually accepted without negative comments by developers, once there exists a reaction on the proposed GitHub pull requests. In conclusion, the contributions of this work improve the overall usability of Sorald as an automated software repair tool.