Pull Request Review with OpenAI GPT Continued ...

August 01, 2023

repos
pull_requests

Last week, we automated PR review in Azure DevOps with a GPT plugin

In continuation of last week's article, we will test the plugin to check its reliability.

Add sample code:

To test the plugin - we will take the following code and intentionally make some bad practices

Note the comments starting with BAD, we have added about 8 bad practice

Let's see how many will be detected by the plugin

romantointeger.java


//BAD: unoptimized import
import java.util.*;

//BAD: class naming convention
public class romantointeger {

	public static int romanToint(String input) {

		int result = 0;
		
		//BAD: code to implementation instead of interface
		//BAD: unused variable
		ArrayList<String> names = new ArrayList<String>();

		//BAD: naming convention
		List<RomanNumeral> RomanList = RomanNumeral.getromanList();

		int i = 0;

		//BAD: missing null check
		while (i < RomanList.size()) {

			RomanNumeral roman = RomanList.get(i);

			//BAD: usage of == instead of equals
			if (roman.toString() == "V") {

			}

			if (input.startsWith(roman.name())) {
				result += roman.getValue();
				input = input.substring(roman.name().length());
			} else {
				i++;
			}

		}
		return result;
	}

}

RomanNumeral.java

import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;

public enum RomanNumeral {

	I(1), IV(4), V(5), IX(9), X(10), XL(40), L(50), XC(90), C(100);

	RomanNumeral(int value) {
		this.value = value;
	}

	private int value;

	public int getValue() {
		return value;
	}

	public static List<RomanNumeral> getromanList() {
		return Arrays.stream(values()).sorted(Comparator.comparing((RomanNumeral x) -> x.value).reversed())
				.collect(Collectors.toList());
	}

}

Test the plugin:

We will create a PR so that the plugin will get triggered

remember that we had configured the plugin on PR towards the dev branch

create a pr from the feature branch to the dev branch

Let's wait for the PR build to complete and then examine the PR comments

pr comments

Nice! The plugin has detected almost all of the issues we have injected intentionally

Some more tests:

We will add even more bad practices to the existing code to see if the plugin flags that

Let's add two more bad methods

The romantointeger class will look like the below now

romantointeger.java

//BAD: unoptimized import
import java.util.*;

// BAD: class naming convention
public class romantointeger {

	public static int romanToint(String input) {

		int result = 0;

		// BAD: code to implementation instead of interface
		// BAD: unused variable
		ArrayList<String> names = new ArrayList<String>();

		// BAD: naming convention
		List<RomanNumeral> RomanList = RomanNumeral.getromanList();

		int i = 0;

		//BAD: missing null check
		while (i < RomanList.size()) {

			RomanNumeral roman = RomanList.get(i);

			//BAD: usage of == instead of equals
			if (roman.toString() == "V") {

			}

			if (input.startsWith(roman.name())) {
				result += roman.getValue();
				input = input.substring(roman.name().length());
			} else {
				i++;
			}

		}
		return result;
	}

	public void badPractice() {
		try {

		} catch (Exception e) {
			//BAD: we will not do anything here to see if GPT finds this issue
		}
		//BAD: Instead of reporting error , simply exiting 
		finally {
			//BAD: we will not do anything here as well to see if GPT finds this issue
		}
		System.exit(0);
	}
	
	//BAD: complex way of a simple XOR
	boolean negateValue( boolean shouldNegate, boolean value ) {
		  return (shouldNegate?(!value):value);
		}
}

The PR got updated so the plugin will be trigerred again

wow! again the plugin detected all the issues we injected intentionally

more pr comments

Accuracy and reliability:

The plugin has provided reliable results so far. All the review comments provided are legit and worth considering. The comments had a clear explanation of where is the issue and why its an issue.

Security:

As the AI models are still evolving, as of now only low-risk projects are best suited for this use case

if you aren't comfortable using OpenAI directly - Azure OpenAI can be used, this provided the capabilities of OpenAI topped up with the security capabilities of Azure

At this time, the Azure OpenAI model is open only for specific cases - please see the below snippet from the Microsoft site

"For now, we're working with customers with an existing partnership with Microsoft, lower-risk use cases, and those committed to incorporating mitigations."

Summary:

As a preliminary reviewer, the plugin did really well.

The plugin not just flagged the issue but also provides suggestions to rectify the issues.

Thanks for reading, Goodbye until next week!

Profile picture

Written by Thillai Madhavan who lives and works in India. Stay updated by following him on LinkedIn.

All the information on this website - OrganicDevops.com - is published in good faith and for general information purposes only. OrganicDevops.com does not make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this website (OrganicDevops.com), is strictly at your own risk. OrganicDevops.com will not be liable for any losses and/or damages in connection with the use of our website. From our website, you can visit other websites by following hyperlinks to such external sites. While we strive to provide only quality links to useful and ethical websites, we have no control over the content and nature of these sites. These links to other websites do not imply a recommendation for all the content found on these sites. Site owners and content may change without notice and may occur before we have the opportunity to remove a link that may have gone 'bad'. Please be also aware that when you leave our website, other sites may have different privacy policies and terms which are beyond our control. Please be sure to check the Privacy Policies of these sites as well as their "Terms of Service" before engaging in any business or uploading any information. By using our website, you hereby consent to our disclaimer and agree to its terms. Should we update, amend or make any changes to this document, those changes will be prominently posted here
© 2024, OrganicDevOps