Resource leaks, where resources like files, database connections, or streams aren’t properly released after use, are a persistent issue in Java applications. These leaks can lead to performance degradation,  and system failures. While tools like SonarSource SonarQube^™ effectively identify such leaks, the fixing process remains manual, time-consuming, and prone to errors. To address this, we developed FixrLeak, a generative AI-based framework that automates the detection and repair of resource leaks. FixrLeak combines Abstract Syntax Tree (AST) analysis with generative AI (GenAI) to produce accurate, idiomatic fixes while following Java best practices like try-with-resources. Deployed within Uber’s extensive Java codebase, FixrLeak significantly reduces manual effort, improves developer productivity, and improves code quality, showcasing the transformative potential of AI-driven solutions in large-scale software engineering.

Resource leaks occur when a program fails to properly release resources such as files, database connections, or streams after use. These leaks can lead to serious issues, including performance degradation, application failures, and an inability to handle additional operations due to resource exhaustion. For example, if a file descriptor isn’t released quickly, it could prevent an application from opening new files, ultimately causing system instability.

Consider the example below, where a BufferedReader object is used to read from a file. In the original code (Figure 1), the reader isn’t closed properly, resulting in a resource leak. Historically, developers relied on try/catch/finally blocks to handle such cases, but missing or incorrect finally blocks often led to leaks. Modern Java best practices recommend the try-with-resources statement, which significantly reduces boilerplate code and ensures resources are released safely, even if exceptions occur during execution.

In the revised version (Figure 2) the BufferedReader is declared within the try block using the try-with-resources statement, ensuring that it’s automatically closed when no longer needed. This practice simplifies the code and eliminates the risk of resource leaks, making it an essential technique for modern Java programming.

Before FixrLeak, resource leak fixes were either manual or handled by early automated tools. RLFixer, a non-GenAI tool, relied on pre-designed templates and analysis frameworks like WALA. While effective for some leaks, these tools struggled to scale in massive codebases like Uber’s and required extensive manual setup for each new programming idiom.

GenAI-based solutions, like InferFix, moved the needle by using large language models to automate fixes. However, InferFix had its limitations, including only 70% fix accuracy and challenges with complex leaks requiring advanced code analysis. Additionally, it relied on proprietary models that couldn’t easily adapt to evolving technologies.

FixrLeak builds on these lessons, using generative AI in a scalable, template-free approach that works seamlessly across Uber’s codebase. It focuses on easily fixable leaks to achieve higher accuracy, making it a game-changer for industrial-scale resource leak management.

The general flow of FixrLeak is shown in Figure 3. We currently focus on fixing leaks where the lifetime of the resource doesn’t exceed the function that allocated the resource.

FixrLeak starts by scanning resource leaks reported by SonarQube, gathering key details like file names and line numbers. To account for changes in the codebase, it uses a deterministic hash based on the file and function name, ensuring accurate tracking of leaks and their fixes. Once identified, FixrLeak uses the Tree-sitter library to parse the code and extract the relevant function for analysis.

Fixing resource leaks isn’t always straightforward—blindly applying fixes can lead to new issues, like use-after-close errors. For example, if a resource like a BufferedReader is returned from a method, closing it prematurely could break the code at its caller site. To avoid such pitfalls, FixrLeak uses Tree-sitter to perform AST (Abstract Syntax Tree) analysis.

This analysis ensures that FixrLeak skips functions where resources are passed as parameters, returned, or stored in fields, as these resources often outlive the function’s scope. By focusing only on safe-to-fix scenarios, FixrLeak delivers precise, reliable fixes while leaving more complex cases for advanced analysis at the caller level.

Once a resource leak passes initial checks, FixrLeak crafts a tailored prompt and sends it to a generative AI model like OpenAI^® ChatGPT-4O. The AI responds with a suggested fix, which FixrLeak applies by replacing the original leaky function with the new, leak-free version. Finally, FixrLeak generates a pull request, streamlining the process for developers to review and approve the fix.

Before submitting a pull request, FixrLeak runs multiple validation checks to ensure the fix is rock-solid. It verifies that the target binary builds successfully, runs all existing tests to confirm nothing is broken, and can also recheck the code with SonarQube to confirm the resource leak has been resolved. This thorough testing ensures high-quality fixes that developers can confidently review and merge.

The final step is ‌code review from the developers to accept the pull request. Usually, all they need to do is one-click accept.

To test FixrLeak, we applied it to 124 resource leaks identified by SonarQube in Uber’s Java codebase. After excluding 12 cases in deprecated code, FixrLeak’s AST-level analysis processed the remaining 112 leaks, ensuring that fixes were applied only where resources were confined to the scope of the function. This focus on intra-function leaks played to the strengths of generative AI, resulting in high success rates.

Out of the 102 eligible cases, FixrLeak successfully automated fixes for 93 leaks. 

By focusing on well-scoped issues and using advanced analysis, FixrLeak has proven to be a highly effective tool for improving code quality and reducing manual intervention. This approach accelerates development and ensures Uber’s systems remain robust and efficient at scale. Fixrleak continues to run periodically on the Java codebase and will quickly generate fixes for resource leaks introduced in the future.

Looking ahead, we aim to expand FixrLeak’s capabilities in several key areas:

These advancements will further increase FixrLeak’s effectiveness, enabling it to tackle more complex scenarios and deliver even greater value to large-scale codebases.

Resource leaks remain a persistent challenge in large-scale software systems, but generative AI presents a powerful new approach to tackling this issue. FixrLeak combines GenAI and AST-level analysis to bridge the gap between detection and resolution, delivering accurate and efficient fixes while improving developer productivity. By addressing practical challenges like complex build systems, FixrLeak enhances code quality and reliability within Uber’s Java codebase, setting a precedent for AI-driven automation in software engineering.

For organizations dealing with similar challenges, FixrLeak offers key takeaways:

While FixrLeak is currently deployed at Uber, the principles behind it—combining static analysis with GenAI—can be adapted to other large-scale systems. Companies seeking to automate code quality improvements can explore similar techniques using AI-assisted code repair, AST analysis, and structured prompt engineering.

This blog kicks off a series from the Programming Systems group on leveraging GenAI for software engineering challenges. Stay tuned for the next post, where we explore how GenAI can automatically fix data races in Golang.

We’d like to thank Jens Palsberg for several technical discussions around resource leaks.