Language aware diffs remove noise from diffs by hiding irrelevant changes, but where do you draw the line between relevant and irrelevant changes?
In this blog post I take a look at how well GitHub, GitLab and Bitbucket support reviewers in finding malicious code changes in pull requests.
Checking the return value is just a very basic example of a consistency check and is already supported by some tools. But I think we are heading towards more advanced and project specific checks, such as identifying missing authentication checks. This won't work based on hard coded rules or hints (like [[nodiscard]]
) but will be detected because this API endpoint looks different from the others. However, even the return value example is still relevant. Something like [[nodiscard]]
isn't supported by all programming languages nor is it used in all third party libraries or system header files.
Regarding semantic merges: You're right that automated tools will not be able to determine whether the merged code makes sense from a logical point of view. But that is not the point of this section. The main idea is that by parsing the code and merging the ASTs merge tools will be able to resolve conflicts even if there are changes on the same line. And they can determine whether the generated syntax would be valid. It is still up to the developer to verify that the merged code makes logical sense.
What will be the next big step for code reviews? Will AI-based reviews replace human reviews? Join me as I share my thoughts on the future of code reviews.
SemanticDiff for the web: Our pull request viewer lets you review GitHub pull requests with a programming language aware diff right in your browser.