It's 2020 and there are plenty of tools to help you develop better code. The emergence of DevOps tools and the rise of Artificial Intelligence open up opportunities to automate many aspects of the code review process. In this article, we explain why you should automate your code reviews (even if you develop solo), what are the limitations of these tools and what comes ahead!
No matter how experienced you are, there are huge benefits to get your code reviewed. Even the best engineers make stupid mistakes, which is why you want to have any new code reviewed, no matter how experienced the author is. Having your code reviewed brings (at least) two main benefits.
The first and obvious benefit is to keep code consistent. By reviewing the code (either by an automated system or a human), you apply a control that guarantees that the code complies with certain standards. It can be about style (number of spaces used before a parenthesis) but also about semantic restrictions (for example, enforcing profiles such as MISRA-C).
In addition, each programmer works under their own assumptions. They might have read the specifications incorrectly or have missed a particular constraint (for example, ensure that all functions use the same types in case you do not use a strong typing system). Having a code review helps to catch such mistakes: the reviewer questions the structure of the code against the requirements, which can lead to the discovery of some bugs.
There are many other benefits to code reviews and the objective of this article is to focus on automating them. But you should not underestimate the value of code reviews: they are extremely useful to learn a system by reading code from other developers, detect code that could just reuse existing functions (and maximize reusability) or just find big issues (such as buffer overflows).
Unfortunately, code reviews come at a cost. It takes time to complete a code review. Tech companies estimate that engineers dedicate 10% to 20% of their time to code reviews.
With a median pay of $105,590 per year, companies pay developers between $10k and $20k just to review code.
However, not reviewing code is not an option. Not reviewing code means that more errors are introduced. When tech companies such as Stripe estimate that developers spend 30% of their time fixing bad code and technical debt, you quickly realize that it is better to spend 10% today to fix code than 30% later (without accounting for all the side effects on bad code on maintenance, velocity or reliability).
In order to mitigate the cost of code reviews, a good strategy is to automate them. It can offset the cost of code reviews and still provide the same benefits to programmers.
Our platform, Codiga, automatically analyzes your pull requests and reports all potential issues by annotating or commenting on your pull request. This automation helps the review process and alleviates the cost of code reviews while ensuring code quality. Finally, since integration is at the heart of what we do, our platform is fully integrated with GitHub and Bitbucket!
Example of a comment produced by the Code Inspector engine.
Automated code reviews remove the manual aspect of traditional, manual code reviews. Often, automated code reviews are even better since they consistently check code compliance against a given standard but also, successfully find critical issues (such as buffer overflow, a bug that is often synonym of security hole).
Automated processes do not fail by definition, where humans do. In addition, code reviews are done instantaneously: you are not blocked by availability of your colleagues: no need to wait for someone to review! For these particular reasons, automated tools such as Code Inspector are superior to manual reviews.
On the other hand, where automated review comes short is to check the behavior correctness of a given piece of code. There is no official way to express the requirements and expected behavior of your system. Ideally, the behavior correctness should be covered in unit and integration tests. As tools improve, they will be able to increase their scope and cover more aspects of the software.
Therefore, automated code review should be seen as tools that automates the majority of the review process. For trivial review, automated code reviews are enough and will save engineering time. For complex and critical code review, automated tools ensure code consistency and find potential bugs while engineers come as the last validation to check behavior correctness. Even for complex reviews, automated tools increase the quality of the code, detect issues before the manual review occurs, which ultimately reduces manual code review time and its associated costs.
The good news is that automated code reviews will only get better. As tools improve, they will catch more issues and understand better the context of a code review. There is no doubt that in the near future, tools will be smarter, understand the contact of a code review and check the correct behavior of your code.
As the developer community will continue to grow (the department of labor planned a 20% increase between 2018 and 2028), the incentive of automating code reviews will only increase, either from a cost efficiency standpoint or a code quality standpoint.
(Disclaimer: The Author is The Founder of Codiga)