Transcript
This transcript was autogenerated. To make changes, submit a PR.
Everyone.
Welcome to Cog42, my name is Puneet.
I'm Shubham and I'll be presenting my talk on Knowledge of Syntax, how AI
is changing the code reviewer team.
you know that moment when you submit your PM, and you just go cross your fingers and
pray that code reviewer is in a very good mood, and then checks your Go then, but
I've been both side of this core review as a contributor, you and I was debating
copy back from the maintenance and core reviews, which is very exhausting for the
maintenance and also as a collaborator, it's very exhaustive to read so many
requests and so many changes in the code.
It was it is that the project is included.
So how can change this?
That's exactly what I'm going to explore today.
And this isn't just in checking syntax, but actually proving how we write and
review the code in any kind of project.
But first of all, let's talk about why AI code review really matters.
Number one, the problem conditional code reviews is.
It's like playing Game of Detective.
You scan hundreds of lines, where you look for hidden bugs,
bad logic, security issues.
It's very slow.
Human reviewers get tired, and sometimes it leads to inconsistent feedback.
With AI, it increases the speed of development.
The review is done instantly without waiting for any reviewer to look into
your code and provide their comment.
And then you work on that again to increase the development process
and developers can actually work on what really matters for them
rather than just wasting time on reviewing thousands of lines of code.
How AI changes this game?
So AI, our code review tools are very powerful in seeing the code quality.
It just does not check the syntax, but also provides a feedback on how
a piece of code can run smoothly.
How it can be able to work efficiently with the context of the legacy
code that it has been written in.
Second, it is continuously improving with the beautiful learn from large and
vast amounts of open source software.
Learning from language models, GitHub, and Stack Overflow.
The elements are always improving themselves.
So it can easily find new ways.
Potential box.
You can suggest any kind of improvements in the test code
that is present in the repository.
Second and most important point is collaborative culture.
AI code reviews and AI process of culture of collaboration
and continuous improvement.
It provides you insights, it provides you proper comments on your code so that
other developers who are reading your code after your code is merged, they also
get to understand if your code is really good, how the code actually works, they
don't have to waste time on looking for bad code or code that is full of bugs.
before diving deep into this, let's talk about how AI Code Review actually works.
There are four major components of AI Code Review.
Number one, static code analysis.
We can, in simpler words, we can call it checking the code
without actually running it.
Second, dynamic code analysis.
This is testing the code in an environment where it actually runs.
it's like building something for the real world.
and only getting bugs and errors when the code is unmanageable.
Third is a rule based system.
These are using predefined rules and best practices that are
imposed in an organization or anything from the guidelines.
So to ensure the code is detailed and understood by other developers as well.
And natural language processing and algorithms.
These algorithms help you to understand code like a human would.
The AI system understands the code, as a human reviewer would actually look at
the code and find any kind of security issues or any bugs present in the code.
Number one, static code analysis.
it's like the foundation of the used AI code review tools.
It's a single static code analysis around a pranker who is sitting behind a van.
He finds the problems in your code before they actually become very big disasters.
It scans the code for any kind of style errors, any kind of security
flaws, any performance issues.
And all of this happens without actually running the code.
So no running of the code happens in this stage.
Another stage is dynamic coding, which is testing level, which I
told you about real world testing.
Our next type of analysis, dynamic analysis, is about
seeing the code in action.
Seeing things like memory leaks.
And performance bottlenecks, any kind of security exploits
while the program is running.
It's similar to debugging, but it's not very high level steroids.
You can say that is a bottleneck.
Then comes rule based systems.
This is enforcing best practices, but also following one rule at a time.
Rule based systems follow predefined coding guidelines.
These are provided by the company, by the senior developers, or
maintainers of the repository, anyone.
The interest in style seekers enforce this kind of consistency.
So this makes sure that anyone who is contributing on the team, who is writing
the code, writes clean and readable code.
And it's similar to having a strict image teacher, but for your pull request and for
your code that you're actually submitting.
And last is LLM and NLP.
This is the AI that reads code like a human.
So this is where things actually get very exciting.
This is a stage where AI isn't checking your code for sentences.
It's actually understanding your code.
LLM models like GPT 4, DeepCore, and many more.
They can recognize patterns, such as improvements, And sometimes
you can rewrite your code for better efficiency and performance.
It's in simpler words, you can imagine a senior engineer who is
available 24 7 and never gets tired.
This is the actual potential for AI code review.
Let's discuss some of the advantages of AI code review.
This is how you will feel after reviewing your code using any
kind of AI code review tools.
So the first one is efficiency and speed.
Absolutely.
Any kind of developer Don't want to spend a lot of time with how much debugger
code is 3am, 4am, in the midnight.
So AI coder, we actually scan every line of code.
Helps you find any bugs, any performance issues, everything
that is wrong with your code.
and writes or rewrites it according to your provided needs.
Second, consistency and accuracy.
There is no human bias, no fatigue.
So AI ensures that the code that is written and code, depending on the
code complexity, the inconsistencies and errors are minimized.
To a certain level that humans often miss detection of hard to find bugs
using stereo like dynamic, testing and NLMs, which excels identifying hidden
bugs sometimes that humans often miss.
Reduced learning effort, obviously AI tools has been reducing the manual
effort of AI code reviewers, of human code reviewers and Increases
the team productivity and helps in fast and continuous development.
everything is just pros and cons.
AI code is good at that too.
There are certain limitations and concerns that you have to keep
in mind when it comes to AI code.
Number one is lack of human judgment.
AI doesn't put it as creativity or any kind of design.
For example, Once I experienced this when I wrote a SQL query, and my AI
code reviewer flagged it as a dead mark.
Even though the SQL query was written only for testing purposes,
the AI couldn't understand it.
It saw it as a security flaw.
This happens sometimes with AI code reviewers.
So it's better to provide context, provide for prompts, or files that can
help the AI to understand the gist.
It's not just for the purpose of production, but also
for the testing purpose.
Second, false positives and negatives.
Sometimes the AI code reviewers will always flag a necessary vulnerability.
Just like I explained with the example of the
HPF reviewer.
This happens.
And, This is where human code reviewers are important, they
come in and look at this, but most of the time it is not necessary.
Number 3 is context.
Providing a context is very important.
AI doesn't understand business logic, so you have to provide a proper
context to help AI code review tools.
To properly review your code, identify your bugs, and especially
prevent any kind of false positives.
Now here comes AI and human collaboration.
How we can use AI review tools and also work with AI review tools and not
just be completely dependent on it.
I believe AI's role should be the co pilot and human's role should be the pilot.
AI's role is the co pilot and co pilot will Do the scalable code review,
provide any fact on the common bug, suggest any kind of refactoring,
and obviously, never gets tired.
So a human soul, the pilot, a human is able to understand the business logic,
everything human is able to know.
That is why this particular form was written and why this has
been here for a very long time.
There might be certain issues, other policy on any kind of context
that is important for the, for these company, the ai, that context
only human to human reviewers.
Can I create it Code.
AI is trained on code that is already written by us, and it is sometimes
monotonous and does not provide creative solutions to problems, whereas humans can
think creatively and provide solutions that are maintainable, more readable,
more efficient, and more creative.
AI can validate the AI solution, humans can validate the AI solution.
This is because when we use the AI review support, we can always review
it again to see any kind of issue that might be missed or any kind of complex
system that was flagged unnecessarily.
So any AI reviewer, any human reviewer, Can work with an AI
to improve tools and help them.
The future of
AI is definitely, AI to improve.
And it will become more context of AI.
So what we can do?
We can employ a theory to learn from it.
We can ride with it and move along with it.
So we can explore various AI code review tools.
Some of my favorites are GitHub Copilot,
Open AI even.
Code Rabbit is a GitHub plugin that can help you review your before
it is merging into repository.
We can also integrate AI tools into a current development systems.
Let's cur AI or . We can generate and we do some monotonous work that is doing
and focus more on what needs to be done.
And you can always continuously learn and adapt.
Whatever is needed.
Whatever AI tools are being done or created in the market.
that's the end.
I hope you like this session and if you have any questions, if you want to discuss
more about AI code review tools, if you want to try out my own code review tools,
connect with me on LinkedIn or on Twitter.
And we can always talk about it.
And always remember, AI is always making the coding smarter.
But great for the person like you and us, everyone.
They will make it powerful.
So just keep learning, keep building.
Have a great day.
Thank you so much.