What will be the next big step for code reviews? Will AI-based reviews replace human reviews? Join me as I share my thoughts on the future of code reviews.
It could happen, but we can do this right now with compiler warnings and linters. For example Calling “FooBar” without checking return value can be done with -Wall or [[nodiscard]]. Same for the grouping of merges. As for the merge conflicts, I don’t believe anyone will ever be able to do this easily for the next 100 years unless you know what should be done in the merge, which cannot be deduced by a computer, but by talking to the involved developers.
Checking the return value is just a very basic example of a consistency check and is already supported by some tools. But I think we are heading towards more advanced and project specific checks, such as identifying missing authentication checks. This won’t work based on hard coded rules or hints (like [[nodiscard]]) but will be detected because this API endpoint looks different from the others. However, even the return value example is still relevant. Something like [[nodiscard]] isn’t supported by all programming languages nor is it used in all third party libraries or system header files.
Regarding semantic merges: You’re right that automated tools will not be able to determine whether the merged code makes sense from a logical point of view. But that is not the point of this section. The main idea is that by parsing the code and merging the ASTs merge tools will be able to resolve conflicts even if there are changes on the same line. And they can determine whether the generated syntax would be valid. It is still up to the developer to verify that the merged code makes logical sense.
It could happen, but we can do this right now with compiler warnings and linters. For example Calling “FooBar” without checking return value can be done with
-Wallor[[nodiscard]]. Same for the grouping of merges. As for the merge conflicts, I don’t believe anyone will ever be able to do this easily for the next 100 years unless you know what should be done in the merge, which cannot be deduced by a computer, but by talking to the involved developers.Checking the return value is just a very basic example of a consistency check and is already supported by some tools. But I think we are heading towards more advanced and project specific checks, such as identifying missing authentication checks. This won’t work based on hard coded rules or hints (like
[[nodiscard]]) but will be detected because this API endpoint looks different from the others. However, even the return value example is still relevant. Something like[[nodiscard]]isn’t supported by all programming languages nor is it used in all third party libraries or system header files.Regarding semantic merges: You’re right that automated tools will not be able to determine whether the merged code makes sense from a logical point of view. But that is not the point of this section. The main idea is that by parsing the code and merging the ASTs merge tools will be able to resolve conflicts even if there are changes on the same line. And they can determine whether the generated syntax would be valid. It is still up to the developer to verify that the merged code makes logical sense.