This could be interesting, but all the example code is so poor, and the extent of the fix so limited that it feels like this is 'AI' for the sake of it.
Stringly-typed, catch-log-ignore, generates warnings in IDE anyway...
Fixed 90 of 125 errors that were found by a different technology... probably.could have been fixed by one developer in 1-2 days anyway - how long did this take?
> all the example code is so poor, and the extent of the fix so limited
I agree about the limitations, but look from another perspective, is it good use of time asking experienced engineers who get paid 300-500k/year to go and fix these issues? Probably no.
Would it bring them a joy finding simple leaks and fixing them? Probably no again.
Then this tool is a nice addition to the engineers
I'm not sure I fully understand the purpose of this tool. Modern IDEs are quite good at detecting these types of issues. And if they don't catch something, I often just copy and paste the method with some context-into an LLM and ask it to find the problem. It usually handles all the necessary changes for me.
That BufferedReader constructors is not supposed to throw, unless the reader is null or you're out of memory. If your out of memory you should probably abort the program execution because the difficulty of correctly recovering from an OOM exception is between hard and impossible.
Edit:
Disregard the above, it was too naive.
It cannot leak because of a stronger warranty. In the JLS, it is specified that the try-with-resources track successfull initialisation of AutoClosable resources, not successful assignation. So one try with resources can desugar into the logical equivalent of multiple nested try-catch-finally !
> difficulty of correctly recovering from an OOM exception is between hard and impossible.
In Java out of memory is signaled with an OutOfMemoryError which is a throwable (and can be caught) but is not technically an exception. Errors should generally never be caught and cannot be recovered from, which is how they differ from exceptions.
It's not great, but you can always catch and retry if your belief is that the GC will free enough memory to allow the attempt to continue after the memory pressure subsides.
Let's say you get 1/100 requests that are randomly sent to your process. That 1 takes 100x the average memory usage of the others. You could spin it out to different services to better handle the weird one-off, but that doesn't always make sense. Sometimes you just need to be ok with working the 100x job and let the other 99 get progressive falloff retry. Different solutions are always possible.
It's possible to recover enough to cleanly save the user work and shutdown. You have to mesure of much memory you need for a clean shutdown and allocate a byte[sizeForShutdown] at the start of the application in the top level exception handler (the only one that should catch that error) and free that byte array before doing anything else.
Now you can argue that this is not truly recovering from exception but it is a lot better than what you can do with most of the other Error subclasses. I said most because there are easy to recover from Error like the StackOverflowError where you just have to fail the operation or request that caused the error.
Does the JLS actually guarantee that if you free that byte array then the extra memory will be immediately available? I thought there could potentially be some lag. The safer approach would be to create all of the objects you need for a clean shutdown during program launch and keep them around. Then you won't need to allocate any memory in the exception handler.
There were static code analyzers like findbugs able to do stuff like this 20 years ago. These days, your IDE should tell you off as well. And hopefully teams configure their builds to catch stuff like this using any of the available plugins for this.
LLMs seems overkill for this. But of course letting it do general code reviews is not a bad idea. And static code analyzers aren't perfect. Doing this at scale might be a bit tricky though; you'd have to go file by file. I assume Uber might have many millions of lines of code to screen. And maybe their developers aren't that concerned with addressing warnings.
But going file by file might be simple enough. And you can probably screen for important stuff with some decent system prompt and instruct it to check for potential resource leaks and similar issues and produce detailed bug reports with some priority if it finds them and a diff that addresses the issue. Could be a nice use case for agentic AIs to screen code like this.
These existing tools (spotbugs, findings, sonarqube, null away, checker framework, pmd, etc) provide detection but not resolution. Resolution thru LLM is what Uber proposes.
Resolution of the kind of resource leaks that SonarQube finds is usually the work of a few seconds. And it should be integrated into the developer workflow in such a way that those bugs are found and fixed before the code even gets checked in. In other words, if that code is even making it into a repo where GenAI can find and fix it then you have deeper engineering process problems. Fix the root cause rather than patching around them with more tools.
And once SonarQube flags a resource leak to a developer, a competent developer would learn from that and never make the same mistake again.
This architecture is promising. Large legacy code bases can have static analysis violations in the 1000s which devs never have the time to address. I've seen sonar tube reports that require man years to resolve everything.
Stringly-typed, catch-log-ignore, generates warnings in IDE anyway...
Fixed 90 of 125 errors that were found by a different technology... probably.could have been fixed by one developer in 1-2 days anyway - how long did this take?
reply