1 - The bug that does not yell

You are not chasing alarms. You are chasing a slow leak.

Java resource leaks do not explode. They drain. They hide in file handles. They wait. And then suddenly the app cannot open files or spin threads.

Uber saw the pattern. Quiet leaks at massive scale. So they built FixrLeak to stop them before the system started coughing.

2 - The real problem

Closing a resource sounds easy. Until you are staring at 900 services and legacy code with no tests.

Try-catch-finally is fragile. Try-with-resources is cleaner but retrofitting it is a nightmare. SonarQube catches the issue but never fixes it.

The real issue is this—how do you clean up safely without spending 6 weeks doing manual code surgery

3 - The fix that actually works

Uber did not say “let AI do it.” They said “build a guardrail first, then let AI step in.”

Here is the flow:

1. SonarQube finds the leak

2. Tree-sitter builds the abstract syntax tree

3. FixrLeak checks if the leak is safely local

4. If yes, it creates a prompt and asks GPT-4 to patch it

5. It runs tests, checks builds and opens a pull request

No wild rewrites. No breaking changes. Just high-trust fixes, on autopilot

4 - Results that are not just pretty numbers

They flagged 124 leaks.

• 102 passed FixrLeak’s checks

• 93 were fixed automatically

• All builds passed

• Reviewers just clicked approve

This is not a fancy proof of concept. It runs every week. It saves time without asking for attention.

5 - Why GenAI alone does not cut it

You throw a broken function into GPT and what comes back looks great—until your test suite falls apart.

Without static checks, AI can:

• Close the resource too early

• Break existing logic

• Write code that compiles but behaves wrong

FixrLeak keeps AI in a box. That is what makes it work. Safe inputs, scoped logic, guardrails built by humans

6 - What senior engineers should actually take away

This is not about fixing bugs. This is about building fixers.

• Use static analysis to pre-check before AI touches anything

• Automate only when scope is fully owned

• Use humans for edge cases, let AI eat the boring ones

• Build end-to-end systems, not throwaway tools

FixrLeak’s real power is not perfection. It is consistency. Quiet, repeatable wins every single week.

7 - What comes next

Uber is scaling FixrLeak across new boundaries:

• Handling leaks that cross methods

• Using GenAI to detect leaks too

• Expanding beyond Java into languages like Go

• Building smarter context models before even suggesting a fix

This is not just “AI for code.” This is disciplined automation that plays well with your system, your people and your deadlines

Final take

FixrLeak proves what happens when you mix engineering restraint with real automation. It is not loud. It is not flashy. It just works.

And here is the kicker—you probably have 5 FixrLeaks hiding in your own codebase.

The question is—are you going to wait for them to blow up, or build your fix while things are calm

TLDR - What to do now

“Use static analysis to scope what AI is allowed to fix”
“Automate boring, repeatable bugs and skip the heroics”
“Build full pipelines that clean up code without a meeting”
“Do not ask AI to lead. Let it follow your rules”

https://www.uber.com/blog/fixrleak-fixing-java-resource-leaks-with-genai/?uclick_id=4c449421-1227-4621-8590-90af6ec80529&utm_source=chatgpt.com&utm_medium=email