A lot of commenters point out that there already are many established static checkers that do this. That is not what Uber attempts here.
Uber is not proposing a static checker. They even use sonar qube in their architecture. They propose using an LLM to resolve the leak detected by sonar qube.
stevoski
> “Resource leaks, where resources like files, database connections, or streams aren’t properly released after use, are a persistent issue in Java applications”
This was true maybe back in 2005. Java has had try-with-resources for a loooong time. As I see it this has been the dominant idiom for ages, for handling resources that might leak.
show comments
sigotirandolas
> This analysis ensures that FixrLeak skips functions where resources are passed as parameters, returned, or stored in fields, as these resources often outlive the function’s scope.
> FixrLeak delivers precise, reliable fixes while leaving more complex cases for advanced analysis at the caller level.
In other words, this will only fix trivial leaks, which are best seen as a language design issue and can be fixed by RAII, reference counting, etc.
It won't fix the more insidious leaks like `UNBOUNDED_QUEUE.add(item)` that are more likely to pass through code review in the first place.
bob778
How much effort was spent automating this to fix 112 instances across Uber’s code base? I assume code reviews would catch any new issues so this seems like overkill for a small one-off task?
hawk_
Spotbugs or checkstyle etc... would catch these. What does AI add here?
show comments
Traubenfuchs
So you tell me those 200-600k software engineers that can easily solve leetcode hard are so incompetent they missed using try-with-resources at such scale, they needed to introduce new AI tooling to fix it?
Hey Uber, I am from the EU, I usually can‘t even solve leetcode medium but I will write you scalable, spotless Java for a third of the salary.
Our industry and its economics are a joke.
xyst
Using AI when a static scanner like SonarQube easily picks up these types of resource leaks, especially in Java.
Peak waste.
What’s next?
"Get rid of your GitHub dependabot alerts and replace it with my shitty ChatGPT wrapper”
show comments
rvz
Why exactly do you need LLMs for this when efficient alternatives like SonarQube or checkstyle already do this without the expensive waste LLMs create?
This adds little to no technical advantage over existing solutions what so ever for this particular use case.
A lot of commenters point out that there already are many established static checkers that do this. That is not what Uber attempts here.
Uber is not proposing a static checker. They even use sonar qube in their architecture. They propose using an LLM to resolve the leak detected by sonar qube.
> “Resource leaks, where resources like files, database connections, or streams aren’t properly released after use, are a persistent issue in Java applications”
This was true maybe back in 2005. Java has had try-with-resources for a loooong time. As I see it this has been the dominant idiom for ages, for handling resources that might leak.
> This analysis ensures that FixrLeak skips functions where resources are passed as parameters, returned, or stored in fields, as these resources often outlive the function’s scope.
> FixrLeak delivers precise, reliable fixes while leaving more complex cases for advanced analysis at the caller level.
In other words, this will only fix trivial leaks, which are best seen as a language design issue and can be fixed by RAII, reference counting, etc.
It won't fix the more insidious leaks like `UNBOUNDED_QUEUE.add(item)` that are more likely to pass through code review in the first place.
How much effort was spent automating this to fix 112 instances across Uber’s code base? I assume code reviews would catch any new issues so this seems like overkill for a small one-off task?
Spotbugs or checkstyle etc... would catch these. What does AI add here?
So you tell me those 200-600k software engineers that can easily solve leetcode hard are so incompetent they missed using try-with-resources at such scale, they needed to introduce new AI tooling to fix it?
Hey Uber, I am from the EU, I usually can‘t even solve leetcode medium but I will write you scalable, spotless Java for a third of the salary.
Our industry and its economics are a joke.
Using AI when a static scanner like SonarQube easily picks up these types of resource leaks, especially in Java.
Peak waste.
What’s next?
"Get rid of your GitHub dependabot alerts and replace it with my shitty ChatGPT wrapper”
Why exactly do you need LLMs for this when efficient alternatives like SonarQube or checkstyle already do this without the expensive waste LLMs create?
This adds little to no technical advantage over existing solutions what so ever for this particular use case.
stupid af