A template-based approach to automatic program repair of Sonarqube static warnings

Abstract: As the prevalence of software continues to increase, so does the number of bugs. Static analysis can uncover a multitude of bugs in a reasonable time frame compared to its dynamic equivalent but is plagued by other issues such as high false-positive alert rates and unclear calls to action, making it underutilized considering the benefits it can bring with its bug-finding abilities. This thesis aims to reduce the shortcomings of static analysis by implementing and evaluating a template-based approach of automatically repairing bugs found by static analysis. The approach is evaluated by automatically creating and submitting patches containing bug fixes to open-source projects already utilizing static analysis. The results show that the approach and developed tool are valuable and decrease the number of bugs of the kind which static analysis finds. Two possible ways of integrating the created tool into existing developer workflows are prototyped and a comparison with a similar tool is performed to showcase the different approaches’ differences, strengths and weaknesses