SONARPY-2931 Rule S7488 Use non-blocking sleep functions in asynchronous code (#255)

GitOrigin-RevId: e10829139ff55caa50338486faef6d293942c416

Author: guillaume-dequenne

python-checks/src/main/java/org/sonar/python/checks/OpenSourceCheckList.java

@@ -355,6 +355,7 @@ public Stream<Class<?>> getChecks() {
       SuperfluousCurlyBraceCheck.class,
       TempFileCreationCheck.class,
       ImplicitlySkippedTestCheck.class,
+      TimeSleepInAsyncCheck.class,
       ToDoCommentCheck.class,
       TooManyLinesInFileCheck.class,
       TooManyLinesInFunctionCheck.class,

python-checks/src/main/java/org/sonar/python/checks/TimeSleepInAsyncCheck.java

@@ -0,0 +1,100 @@
+/*
+ * SonarQube Python Plugin
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the Sonar Source-Available License for more details.
+ *
+ * You should have received a copy of the Sonar Source-Available License
+ * along with this program; if not, see https://sonarsource.com/license/ssal/
+ */
+package org.sonar.python.checks;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.sonar.check.Rule;
+import org.sonar.plugins.python.api.PythonSubscriptionCheck;
+import org.sonar.plugins.python.api.SubscriptionContext;
+import org.sonar.plugins.python.api.quickfix.PythonQuickFix;
+import org.sonar.plugins.python.api.tree.AliasedName;
+import org.sonar.plugins.python.api.tree.CallExpression;
+import org.sonar.plugins.python.api.tree.Expression;
+import org.sonar.plugins.python.api.tree.ImportName;
+import org.sonar.plugins.python.api.tree.Name;
+import org.sonar.plugins.python.api.tree.Tree;
+import org.sonar.plugins.python.api.types.v2.TriBool;
+import org.sonar.python.quickfix.TextEditUtils;
+import org.sonar.python.tree.TreeUtils;
+import org.sonar.python.types.v2.TypeCheckBuilder;
+
+@Rule(key = "S7488")
+public class TimeSleepInAsyncCheck extends PythonSubscriptionCheck {
+
+  private static final String MESSAGE = "Replace this call to time.sleep() with an asynchronous sleep function.";
+  private static final String SECONDARY_MESSAGE = "This function is async.";
+  private static final String SLEEP_QUICK_FIX = "Replace with %s.sleep()";
+
+  private TypeCheckBuilder isTimeSleepCall;
+  private final Map<String, String> asyncLibraryAliases = new HashMap<>();
+
+  @Override
+  public void initialize(Context context) {
+    context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, this::setupCheck);
+    context.registerSyntaxNodeConsumer(Tree.Kind.IMPORT_NAME, this::checkImportName);
+    context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::checkTimeSleepInAsync);
+  }
+
+  private void setupCheck(SubscriptionContext ctx) {
+    isTimeSleepCall = ctx.typeChecker().typeCheckBuilder().isTypeWithName("time.sleep");
+    asyncLibraryAliases.clear();
+  }
+
+  private void checkImportName(SubscriptionContext ctx) {
+    ImportName importName = (ImportName) ctx.syntaxNode();
+    for (AliasedName module : importName.modules()) {
+      List<Name> names = module.dottedName().names();
+      if (names.size() > 1) {
+        continue;
+      }
+      String moduleName = names.get(0).name();
+      Name alias = module.alias();
+      String moduleAlias = alias != null ? alias.name() : moduleName;
+      if ("asyncio".equals(moduleName) || "trio".equals(moduleName) || "anyio".equals(moduleName)) {
+        asyncLibraryAliases.put(moduleName, moduleAlias);
+      }
+    }
+  }
+
+  private void checkTimeSleepInAsync(SubscriptionContext context) {
+    CallExpression callExpression = (CallExpression) context.syntaxNode();
+    Expression callee = callExpression.callee();
+    if (isTimeSleepCall.check(callee.typeV2()) != TriBool.TRUE) {
+      return;
+    }
+    TreeUtils.asyncTokenOfEnclosingFunction(callExpression)
+      .ifPresent(asyncKeyword -> {
+        var issue = context.addIssue(callee, MESSAGE).secondary(asyncKeyword, SECONDARY_MESSAGE);
+        addQuickFixes(issue, callExpression);
+      });
+  }
+
+  private void addQuickFixes(PreciseIssue issue, CallExpression callExpression) {
+    asyncLibraryAliases.forEach((library, alias) -> {
+      String message = String.format(SLEEP_QUICK_FIX, alias);
+      issue.addQuickFix(createQuickFix(callExpression, alias + ".sleep", message));
+    });
+  }
+
+  private static PythonQuickFix createQuickFix(CallExpression callExpression, String replacementFunction, String message) {
+    return PythonQuickFix.newQuickFix(message)
+      .addTextEdit(TextEditUtils.replace(callExpression.callee(), replacementFunction))
+      .build();
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S7488.html

@@ -0,0 +1,83 @@
+<p>This rule raises an issue when a synchronous <code>time.sleep()</code> call is used within an asynchronous function.</p>
+<h2>Why is this an issue?</h2>
+<p>Synchronous functions like <code>time.sleep()</code> halt the execution of the current thread. In an asynchronous context, which relies on a
+single-threaded event loop to manage multiple tasks concurrently, calling <code>time.sleep()</code> blocks this entire event loop. When the event loop
+is blocked, it cannot switch between tasks, process I/O events, or respond to other operations. Consequently, all other concurrent asynchronous tasks
+are paused until the <code>time.sleep()</code> call completes. This effectively negates the benefits of using <code>async/await</code> by turning a
+non-blocking operation (waiting) into a blocking one that freezes the application’s concurrency model.</p>
+<p>For instance, if an asynchronous web server uses <code>time.sleep()</code> in a request handler, it won’t be able to process any other incoming
+requests until the sleep call completes, leading to poor performance and responsiveness.</p>
+<p>The correct approach in asynchronous programming is to use non-blocking sleep functions provided by the specific asynchronous framework being used
+(e.g., <code>asyncio</code>, <code>Trio</code>, <code>AnyIO</code>). These functions give control back to the event loop, allowing it to run other
+tasks while the current task is "sleeping".</p>
+<h2>How to fix it in Asyncio</h2>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="1" data-diff-type="noncompliant">
+import time
+import asyncio
+
+async def sleeping_function():
+    time.sleep(1) # Noncompliant
+
+asyncio.run(sleeping_function())
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="1" data-diff-type="compliant">
+import asyncio
+
+async def sleeping_function():
+    await asyncio.sleep(1)
+
+asyncio.run(sleeping_function())
+</pre>
+<h2>How to fix it in Trio</h2>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="2" data-diff-type="noncompliant">
+import time
+import trio
+
+async def sleeping_function():
+    time.sleep(1) # Noncompliant
+
+trio.run(sleeping_function)
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="2" data-diff-type="compliant">
+import trio
+
+async def sleeping_function():
+    await trio.sleep(1)
+
+trio.run(sleeping_function)
+</pre>
+<h2>How to fix it in AnyIO</h2>
+<h3>Code examples</h3>
+<h4>Noncompliant code example</h4>
+<pre data-diff-id="3" data-diff-type="noncompliant">
+import time
+import anyio
+
+async def sleeping_function():
+    time.sleep(1) # Noncompliant
+
+anyio.run(sleeping_function)
+</pre>
+<h4>Compliant solution</h4>
+<pre data-diff-id="3" data-diff-type="compliant">
+import anyio
+
+async def sleeping_function():
+    await anyio.sleep(1)
+
+anyio.run(sleeping_function)
+</pre>
+<h2>Resources</h2>
+<h3>Documentation</h3>
+<ul>
+  <li> Asyncio documentation - <a href="https://docs.python.org/3/library/asyncio-task.html#asyncio.sleep">Sleeping</a> </li>
+  <li> Trio documentation - <a href="https://trio.readthedocs.io/en/stable/reference-core.html#trio.sleep">Time and clocks</a> </li>
+  <li> AnyIO documentation - <a href="https://anyio.readthedocs.io/en/stable/api.html#anyio.sleep">Event loop</a> </li>
+</ul>
+

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S7488.json

@@ -0,0 +1,26 @@
+{
+  "title": "Use non-blocking sleep functions in asynchronous code",
+  "type": "BUG",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "async",
+    "asyncio",
+    "trio",
+    "anyio"
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-7488",
+  "sqKey": "S7488",
+  "scope": "All",
+  "quickfix": "infeasible",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "HIGH"
+    },
+    "attribute": "COMPLETE"
+  }
+}

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/Sonar_way_profile.json

@@ -253,6 +253,7 @@
     "S6982",
     "S6983",
     "S6984",
-    "S6985"
+    "S6985",
+    "S7488"
   ]
 }