How to conduct a code review using AI

Poorly written code can lead to broken apps, hacked websites, and costly security breaches. Various tools and paradigms have been developed over the years to improve software development. 

Some of the tools and paradigms developed to improve software development efficiency include:

• Code parsers: Built right into an IDE (Integrated Development Environment), so you can spot errors in the editor much like a Word Processor underlines spelling errors

• CI (Constant Integration): A team-coding practice where changes are continuously added to a code base so that errors can be caught early

• Agile coding: A coding methodology focusing on incremental and iterative development.

• Scrum methods: A coding methodology emphasizing teamwork.

• Linting: Static code analysis.

• Unit tests: Testing components and units of code on their own. 

• Pair programming: Coding in teams of two.

Another methodology is called code reviews. The meaning of this term has changed over the years as more automated methods of reviewing code have appeared. But the basic meaning remains the same: Code is reviewed by someone (or something) other than the programmer who wrote the code. The purpose of the review is to find errors or improve style, similar to a writer's proofreader.

Unfortunately, manual code reviews are error-prone and can take up inordinate amounts of time. And automated reviews have lacked the sophistication to catch more complicated errors.

Artificial intelligence (AI) and machine learning (ML) techniques solve both problems. AI can be applied both to the actual review process and during the software development cycle, so the code is already in excellent shape by the time it needs a review.

Manual reviews then take less time because there are fewer errors. And AI-powered reviews, carried out by AI models tested on millions of lines of correct code, can sometimes catch far more nuanced mistakes because of the enormous data set they're working from.

In this article, we'll go into how code reviews with AI lead to more efficient software development and significantly reduce the lost time for teams of software developers.

What is a code review?

Code review initially referred to face-to-face meetings of two or more coders to review code and suggest improvements. Code reviews of this nature still occur. These days, it's assumed that the code has already made it through other tools by the time a manual code review occurs.

Manual code review meetings can be helpful for spotting errors in style or code efficiency that automated tools typically can't. But they have flaws:

• Code changes are often rubber-stamped without understanding. 

• The opinion of seniors is sometimes given priority when it might not be correct. 

• Junior Devs might be hesitant to speak up.

In more modern usage, code reviews still refer to peers looking over code for errors or style inconsistencies. But this review is usually done individually in open-source projects as part of a version control system. Feedback is left in the form of comments.

Approved Code Review on GitHub.

This system reduces long meeting times but is still extensive if there are many reviews to do. With AI, manual reviews are faster or skipped altogether for simple changes.

What are the benefits of using AI for code reviews?

AI code review tools typically analyze millions of lines of code to "learn" what constitutes "good" coding practices and then make recommendations to coders.

Unlike human code reviews, where personality clashes, seniority levels, and personal opinions may get in the way, AI code reviews are based entirely on data.

Depending on the AI code review tool, it could do one or more of the following:

• Spot errors in the code that would cause it not to compile correctly.

• Detect style errors or best-practice errors. The code might technically "work properly" but is coded so that it might grow challenging to maintain.

• Add comments to the code about what was changed. 

Other ways AI helps coders

AI can also assist in the coding process. This way, the individual developer has a better chance of writing error-free code. 

For example, you can use ChatGPT for minor code reviews and improvements while working on a piece of code. 

Codex is another tool created by OpenAI, the creator of ChatGPT. Codex is explicitly trained to help with computer programming tasks. The language model is typically accessed through an API. 

For example, GitHub's CoPilot AI coding tool uses the Codex API.

Code reviews with AI for improving performance

Performance issues are challenging to debug since several factors could be the cause. Also, application performance optimizations usually require extensive reviews of the code and its hardware to debug properly.

Then throw in the distributed nature of software these days. Microservice architecture and serverless functions running on diverse cloud platforms turn applications into intricate beasts that require a bird's eye view to debug. The hardware hosting these discrete bits of code also plays a role in debugging performance.

Code reviews with AI would ideally incorporate data obtained from observability processes incorporated into these systems. 

A well-known observability platform, New Relic, already uses applied intelligence—a form of machine learning—to reduce alert noise for customers. Amazon's AI code reviewer, CodeGuru, uses AI to analyze huge code bodies. Its sister product, CodeGuru Profiler, analyzes applications already in production. We couldn't find a specific mention on Amazon's help pages that CodeGuru profiler uses AI, but it did say that it makes "intelligent" decisions about an application's performance.

How to use AI for code reviews

Code reviews can be done on small code sections by copying and pasting some code into ChatGPT. Or on entire code bases by connecting Amazon's CodeGuru to your repo.

Each type of tool fits in at various points of the software development cycle.

Let's look at what AI tools would be used, and when, in a typical software development cycle:

Pair Programming/AI-assisted coding

Pair programming is the act of coding with an AI tool that suggests code or corrections while you're coding. Such tools typically integrate with your IDE (Integrated Development Environment).

When you hire a programmer, AI-assisted coding tools can significantly assist that developer in working faster and more efficiently. 

IntelliCode

Microsoft launched IntelliCode to help you develop code using AI.

AI-powered development using Visual Studio IntelliCode.

IntelliCode is a somewhat limited tool that searches GitHub for real-world examples of times a particular function was used in other code projects. It might be useful for new coders looking for best practices for a particular function. 

It doesn't search your custom functions, only built-in functions. It currently supports Python, JavaScript/TypeScript, and Java. 

IntelliCode in action. 

GitHub CoPilot

GitHub's CoPilot is another tool that helps you code directly from within the IDE. CoPilot was developed in conjunction with OpenAI, the creators of ChatGPT and Codex.

GitHub CoPilot in Visual Studio Code

CoPilot generates code from comments.

CoPilot correctly debugged some code. 

After you type in the prompt, hit Ctrl + Enter on a PC, and CoPilot goes to work, powered by Codex. 

ChatGPT

ChatGPT doesn't integrate directly into the IDE, but it's an excellent assistive tool you can ask to:

• write code for you

• debug code

• review code

Here are some examples of what ChatGPT can do during this development phase.

Writing code from scratch:

ChatGPT coded a simple game in Python.

The game worked perfectly:

Debugging code

ChatGPT can also be used to find bugs. We modified the code above to add a pretty hard-to-find error: The programmer typed in the incorrect message to the user, telling the user to guess higher instead of lower. These types of bugs are usually nightmares to find. Let's see how ChatGPT manages:

Manually inserted bug.

Mindblowing debugging capabilities by ChatGPT.

Documenting code

Programmers are terrible at commenting on their code, never mind documenting it. We asked ChatGPT to document the code above. 

Code documentation with ChatGPT.

In PHP, you can generate documentation with PHPDoc. We asked ChatGPT to convert the code to PHP, and include PHPDoc-style comments that can be converted to documentation later. 

ChatGPT converts Python code into PHP and includes PHPDoc-style comments.

These features help make code easier to read and faster to review. They also reduce errors during development, so programmers have more time to improve efficiency instead of looking for hard-to-find bugs. 

One common mistake regarding AI across all sectors — writing, image generation, coding — is to believe that AI can handle everything. It can't. But it can certainly speed up the process. 

Once the AI has done its job, you must get an expert to review the work.

2. Code analysis/"linting"

"Linting" is the process of analyzing static source code files and looking for errors. Linting existed long before AI was integrated, but adding AI brings this code review tool to a new level.

Before AI, Linting was limited to finding syntax errors, detecting missing code references and imports, and other language-specific errors. With AI, linting can now compare code to millions of source code lines in its data banks.

With an "ideal code" library in its memory banks, the AI can suggest changes based on best practices.

Linting/static analysis tools include:

• Snyk (previously DeepCode)

• Amazon CodeGuru

• ChatGPT and Codex

Snyk (DeepCode) harvests over 200,000 open-source code repositories to learn from. It uses both symbolic AI—AI that focuses on drawing correlations between mathematical symbols—and machine learning (ML) to perform its task.

Snyk (DeepCode) syncing with GitHub.

Snyk detected no vulnerabilities in the code we sent it, so we added some really bad PHP programming. Snyk flagged the file immediately after adding it to the repo. 

Snyk found a highly dangerous bit of code in our PHP file!

Amazon CodeGuru

Amazon's CodeGuru is a powerful tool that offers individuals and small businesses the same power it offers enterprise clients. After signing up, you connect your code repository with CodeGuru, and it starts analyzing every aspect of it.

Amazon CodeGuru analyzing a repository.

CodeGuru analyzes your entire code base and makes recommendations.

We ran an analysis on our test project repo, and CodeGuru furnished recommendations for improvement. You can also run a code review on a specific fork (an independent copy of the project).

CodeGuru code analysis.

CodeGuru is undoubtedly one of the most powerful AI Code Review tools out there.

Before final approval, ideally, a human would do a review as well. This final review would be much faster because AI handles all the heavy legwork. Fiverr has many expert code reviewers you can use to give your code a final check. 

3. Reviewing pull requests

In the truest sense of the word, this is where a "code review" would fit in. Version control systems have implemented this human review process directly into the software development lifecycle to reduce the chances of error-ridden code being committed to the main branch. 

Tools exist that automatically review code at this stage, freeing valuable time by doing the initial heavy lifting in a code review.

Some tools for this phase of a code review include:

• Codeball: It integrates directly into GitHub to automatically review pull requests. It also auto-generates code in response to comments by other reviewers.

• WhatTheDiff: Provides AI-generated summaries of Pull Request changes so you don't have to do them yourself. It also refactors code according to your human-language description of what needs to be done. 

• ChatGPT and Codex: Manual code reviews (although Codex would probably be used through an API, and the possibilities are endless here).

• Amazon CodeGuru: For comprehensive checks, not necessarily per pull request.

WhatTheDiff automatically detects changes and then comments about them in a GitHub pull request.

We asked ChatGPT to compare two code files, and the answer was, unfortunately, a little too wordy. That's because ChatGPT isn't specifically trained for coding tasks but rather for human language generation. 

Wordy answer from ChatGPT when asked to compare two code files.

4. Code testing

No matter how excellent your code looks, all code must be tested. Automated test platforms that use AI in one form or another to test applications include:

• Perfecto

• Aplitools

• Functionize

Because these aren't code review tools per se, we won't be looking at them in depth. But they're worth mentioning for speeding up and improving the overall software development cycle. 

After the automated tests are finished, you must test the software manually and get user feedback. Consider hiring user testing experts on Fiverr to take care of this manual testing procedure. 

5. Code analysis/performance monitoring/observability

Finally, there is observability: The act of understanding the internals of a system by studying its outputs. 

Amazon CodeGuru Profiling fits this rubric. However, we're not entirely sure what degree of AI it currently uses.

But observability is all about data. An in-house data analysis tool could analyze these outputs against predetermined yardsticks to determine anomalies and areas of improvement. In-house AI tools could monitor these outputs. 

Mistakes to avoid when using AI for code reviews

It's a mistake to believe AI will take care of everything.

"I think of AI as being similar to Jarvis in Iron Man," says Erol Toker of truly.co, a company working with AI-enabled robots that automate revenue. "It's intelligent for finding the What but not the Why. So I use it for both writing code and code reviews to understand things like 'What is the code doing?,' 'What best practices have not been followed?.' Once I know that, I can focus more on abstract logic. 'What are the edge cases? Is the approach or code structure right?'"

The most significant problem every industry faces in AI is putting too much trust in it. This technology is very much in its infancy. ChatGPT sparked many imaginations, but we're far from the capabilities we expect AI to possess.

The recent gaffes of Bing's ChatGPT-powered chatbot, "Sydney," reveal how nascent this technology is. Experts have repeatedly warned about language models' proclivity for "hallucination"—when these AI systems start generating responses that are not based on any data they've been fed.

Coding AI tools are built on similar language models to these "hallucinatory" ones. That doesn't mean AI coding tools shouldn't be used: Most of the time, they get things right.

But their code should always be checked by a human.

In the case of Codeball, its AI stops trying to solve a problem as soon as it looks difficult, and leaves it up to the humans. This still catches 66% of the code flaws humans would catch—a massive time saver. 

Best practices for conducting an AI-powered code review

When conducting an AI code review, keep the following best practices in mind:

• AI is a tool. so use it as such. It's there to augment human capability, not replace it.

• Understand every change and suggestion AI makes. This will also make you a better coder.

• If your tool has a "pessimistic" mode, use this rather than being too optimistic about automated AI code review changes.

• Commenting code is a weak area for many coders. Use AI code review tools to help with commenting.

• Using AI doesn't mean you won't need to run manual and automated tests on the code. The saved time AI code brings could be used for more in-depth testing. 

Hire an AI or software development freelancer on Fiverr

Building an app or software this year? Then reduce your workflow by working with an experienced AI and ML expert on Fiverr. This will save you time to focus on more important matters, like designing your precious new platform. 

Fiverr is a professional marketplace of experts, such as software development freelancers and web development freelancers. Our AI specialists are exceptionally skilled at understanding AI models and how best to leverage them for AI Code Reviews and AI-assisted development.

To find your next software development or AI specialist, sign up to Fiverr today!