Fixrleak: Fixing Java Resource Leaks with GenAI

https://www.uber.com/blog/fixrleak-fixing-java-resource-leaks-with-genai/

17•carimura•6mo ago

Comments

stevoski•6mo ago

> “Resource leaks, where resources like files, database connections, or streams aren’t properly released after use, are a persistent issue in Java applications”

This was true maybe back in 2005. Java has had try-with-resources for a loooong time. As I see it this has been the dominant idiom for ages, for handling resources that might leak.

okr•6mo ago

People tend to forget. Stream-API is a good candidate, that people like to not consider for leakage. If you don't own your stream, if you do not definitly know, that your stream comes from a collection, then ya better close it with a try-block.

bob778•6mo ago

How much effort was spent automating this to fix 112 instances across Uber’s code base? I assume code reviews would catch any new issues so this seems like overkill for a small one-off task?

hawk_•6mo ago

Spotbugs or checkstyle etc... would catch these. What does AI add here?

xyst•6mo ago

It gives marketing team at Uber to say "wE uSe AI hErE!!1". C-levels approve since anything AI gets a nice pump.

Engineering wise. This adds nothing. It’s an absolute waste of compute and energy to run this through LLMs

sigotirandolas•6mo ago

> This analysis ensures that FixrLeak skips functions where resources are passed as parameters, returned, or stored in fields, as these resources often outlive the function’s scope.

> FixrLeak delivers precise, reliable fixes while leaving more complex cases for advanced analysis at the caller level.

In other words, this will only fix trivial leaks, which are best seen as a language design issue and can be fixed by RAII, reference counting, etc.

It won't fix the more insidious leaks like `UNBOUNDED_QUEUE.add(item)` that are more likely to pass through code review in the first place.

xyst•6mo ago

Using AI when a static scanner like SonarQube easily picks up these types of resource leaks, especially in Java.

Peak waste.

What’s next?

"Get rid of your GitHub dependabot alerts and replace it with my shitty ChatGPT wrapper”

rvz•6mo ago

> Using AI when a static scanner like SonarQube easily picks up these types of resource leaks, especially in Java.

Exactly.

It's very disappointing to see that Uber engineers would rather trust an LLM to that claims to spot these issues when a battle-tested scanner such as SonarQube would have caught this in the first place.

The LLM hype-train is almost just as bad as the JavaScript hype train in the 2010s where some of the worst technologies are used on everything.

rvz•6mo ago

Why exactly do you need LLMs for this when efficient alternatives like SonarQube or checkstyle already do this without the expensive waste LLMs create?

This adds little to no technical advantage over existing solutions what so ever for this particular use case.

yahoozoo•6mo ago

stupid af

Traubenfuchs•6mo ago

So you tell me those 200-600k software engineers that can easily solve leetcode hard are so incompetent they missed using try-with-resources at such scale, they needed to introduce new AI tooling to fix it?

Hey Uber, I am from the EU, I usually can‘t even solve leetcode medium but I will write you scalable, spotless Java for a third of the salary.

Our industry and its economics are a joke.

hello_moto•6mo ago

So you write bug-free scalable code 100% in any jobs you ever worked for?

I guess we don’t need QA and Dev/Staging environment

rad_gruchalski•6mo ago

Can the QA team? How does the dev/staging environment help writing less buggy code?

rad_gruchalski•6mo ago

But can you leetcode heh.

TYMorningCoffee•6mo ago

A lot of commenters point out that there already are many established static checkers that do this. That is not what Uber attempts here.

Uber is not proposing a static checker. They even use sonar qube in their architecture. They propose using an LLM to resolve the leak detected by sonar qube.

Show HN: Gemini Pro 3 hallucinates the HN front page 10 years from now

PeerTube is recognized as a digital public good by Digital Public Goods Alliance

Mistral Releases Devstral 2 (72.2% SWE-Bench Verified) and Vibe CLI

If you're going to vibe code, why not do it in C?

Handsdown one of the coolest 3D websites

Pebble Index 01 – External memory for your brain

Kaiju – General purpose 3D/2D game engine in Go and Vulkan with built in editor

LLM from scratch, part 28 – training a base model from scratch on an RTX 3090

Launch HN: Mentat (YC F24) – Controlling LLMs with Runtime Intervention

Clearspace (YC W23) Is Hiring a Founding Designer

My favourite small hash table

AWS Trainium3 Deep Dive – A Potential Challenger Approaching

Show HN: AlgoDrill – Interactive drills to stop forgetting LeetCode patterns

The Joy of Playing Grandia, on Sega Saturn

Transformers know more than they can tell: Learning the Collatz sequence

Constructing the Word's First JPEG XL MD5 Hash Quine

30 Year Anniversary of WarCraft II: Tides of Darkness

Ask HN: Should "I asked $AI, and it said" replies be forbidden in HN guidelines?

Show HN: Detail, a Bug Finder

Donating the Model Context Protocol and Establishing the Agentic AI Foundation

"The Matilda Effect": Pioneering Women Scientists Written Out of Science History

AI needs more power than the grid can deliver – supersonic tech can fix that

How private equity is changing housing

Apple's slow AI pace becomes a strength as market grows weary of spending

Oliver Sacks Put Himself into His Case Studies. What Was the Cost?

Epsilon: A WASM virtual machine written in Go

ZX Spectrum Next on the Internet: Xberry Pi ESP01 and Pi Zero Upgrades

Brent's Encapsulated C Programming Rules (2020)

A deep dive into QEMU: The Tiny Code Generator (TCG), part 1 (2021)

After the Bubble