C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests

Carvalho, Antonio; Luz, Welder Pinheiro; Marcílio, Diego; Bonifácio, Rodrigo; Pinto, Gustavo; Canedo, Edna Dias

doi:10.1109/saner48275.2020.9054842

Cited by 22 publications

(12 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SORALDBOT is a program repair bot [11] that automatically scans changes in a set of target repositories, identifies changes that introduce new violations, fixes the new violations, and proposes the fixed version to the developers as a patch. As SORALDBOT is designed to operate on GITHUB, it proposes the patch in the form of a pull request (PR) 12 , which represents a request by a contributor to merge a patch into a repository on the GITHUB platform. A maintainer of a repository can easily review the patch right on the GITHUB platform, potentially request further changes, and then merge the patch into the repository with the click of a button.…”

Section: Integration Into Development Workflowsmentioning

confidence: 99%

“…The repair bot that is the most similar to SORALDBOT is C-3PR [12]. C-3PR monitors pushes on Git repositories and looks for changed files with static warnings.…”

Section: Program Repair Botsmentioning

confidence: 99%

“…Recently, a number of tools have been proposed to automatically fix issues detected by static analyzers [12], [13], [14], [15]. Compared to this recent related work, we focus on repairing violations of importance bug for the state-ofthe-art static analyzer SONARQUBE, which is one the top static analyzers for Java used in industry [1], with a bot that is integrated in the development workflow.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

Etemadi,

Harrand,

Larsen

et al. 2021

Preprint

View full text Add to dashboard Cite

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major cost later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that makes it apparent how to fix them. To address these problems, we present SORALD: a novel system that adopts a set of predefined metaprogramming templates to transform the abstract syntax trees of programs to suggest fixes for static issues. Thus, the burden on the developer is reduced from both interpreting and fixing static issues, to inspecting and approving solutions for them. SORALD fixes violations of 10 rules from SONARQUBE, one of the most widely used static analyzers for Java. We also implement an effective mechanism to integrate SORALD into development workflows based on pull requests. We evaluate SORALD on a dataset of 161 popular repositories on GITHUB. Our analysis shows the effectiveness of SORALD as it fixes 94% (1,153/1,223) of the violations that it attempts to fix. Overall, our experiments show it is possible to automatically fix violations of static analysis rules produced by the state-of-the-art static analyzer SONARQUBE.

show abstract

Section: Integration Into Development Workflowsmentioning

confidence: 99%

“…The repair bot that is the most similar to SORALDBOT is C-3PR [12]. C-3PR monitors pushes on Git repositories and looks for changed files with static warnings.…”

Section: Program Repair Botsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

Etemadi,

Harrand,

Larsen

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Perhaps, refactoring engines that introduce lambda expressions could benefit from ad vanced code format tools (e.g., the approach by Parr and Vinju (2016)). Other possible improvements are trickier, which might indicate the need to follow a careful code re view process after applying code transformations (Carvalho et al, 2020). For instance, one of the participants argued that: "[…] streams should produce collections as results, not populate them as sideeffects.…”

Section: Synthesis Of the Responses To The Openended Questionmentioning

confidence: 99%

Understanding the Impact of Introducing Lambda Expressions in Java Programs

Mendonça

Fortes

Lopes

et al. 2020

JSERD

View full text Add to dashboard Cite

Background: The Java programming language version eight introduced several features that encourage the functional style of programming, including the support for lambda expressions and the Stream API. Currently, there is common wisdom that refactoring legacy code to introduce lambda expressions, besides other potential benefits, simplifies the code and improves program comprehension. Aims: The purpose of this work is to investigate this belief, conducting an in-depth study to evaluate the effect of introducing lambda expressions on program comprehension. Method: We conduct this research using a mixed-method study. For the quantitative method, we quantitatively analyze 166 pairs of code snippets extracted directly either from GitHub or from recommendations from three tools (RJTL, NetBeans, and IntelliJ). We also surveyed practitioners to collect their perceptions about the benefits on program comprehension when introducing lambda expressions. We asked practitioners to evaluate and rate sets of pairs of code snippets. Results: We found contradictory results in our research. Based on the quantitative assessment, we could not find evidence that the introduction of lambda expressions improves software readability—one of the components of program comprehension. Our results suggest that the transformations recommended by the aforementioned tools decrease program comprehension when assessed by two state-of-the-art models to estimate readability. Differently, our findings of the qualitative assessment suggest that the introduction of lambda expression improves program comprehension in three scenarios: when we convert anonymous inner classes to a lambda expression, structural loops with inner conditional to a anyMatch operator, and structural loops to filter operator combined with a collect method. Implications: We argue in this paper that one can improve program comprehension when she applies particular transformations to introduce lambda expressions (e.g., replacing anonymous inner classes with lambda expressions). Also, the opinion of the participants shines the opportunities in which a transformation for introducing lambda might be advantageous. This might support the implementation of effective tools for automatic program transformations.

show abstract

“…On GitHub, bots are integrated into the pull request workflow to perform a variety of tasks, including repairing bugs [14], refactoring the source code [25], recommending tools to help developers [4], detecting duplicated development [17], updating outdated dependencies [13], and fixing static analysis violations [5]. Similarly to human users, GitHub bots have their user profile and can open, close, or leave comments on pull requests and issues.…”

Section: Related Workmentioning

confidence: 99%

Enhancing developers’ support on pull requests activities with software bots

Wessel

2020

Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

View full text Add to dashboard Cite

C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests

Cited by 22 publications

References 23 publications

Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

Understanding the Impact of Introducing Lambda Expressions in Java Programs

Enhancing developers’ support on pull requests activities with software bots

Contact Info

Product

Resources

About