6 min Applications

Sonar developer lead: Programming past the pitfalls with AI-generated code

Sonar developer lead: Programming past the pitfalls with AI-generated code

The spectre of AI-generated software code has thrown up questions surrounding the mechanics and methods that we now use to build the next generation of software applications and data services. While many technology industry commentators agree that using AI to generate code is speedy, it is also often wasteful in that it can be inefficient and fraught with frailties stemming from lack of documentation to human intuitiveness. But, there are places where some code automation advantages can be achieved. With the consensus of opinion leaning towards using AI code-bots to perform testing, debugging and other system-level chores, we can find zones to use AI-assisted development effectively if we know where to apply these new accelerators. 

Developers are constantly being asked to produce more and do better as the IT team is expected to quickly create top-quality features of the highest standard, with limited time and resources. This directly conflicts with what developers really want in their hearts i.e. the ability to apply attention to detail, the ability to ask questions and the opportunity to set their own pace to perfect their work.

“While emerging tools, like generative AI and copilots, hope to provide relief by allegedly freeing up as much as 20-30% of developers’ time (according to McKinsey), we’re just not at a place yet where we can fully rely on what it produces at face value,” said Peter McKee, VP of developer relations at Sonar, a company known for its static code analytics technologies. 

The fact is that when it comes to AI-driven code, it’s up to the developer to properly understand the output and how it was generated… and this reality is compounded by the fact that we’re still widely agreed to be in the prototyping experimental zone (some would call it the hype-cycle even) of AI in terms of real world implementation. 

Pitfalls of AI code 

According to its own research, Sonar suggests that developers typically spend almost half of their time rewriting bad code, which continues to be a main challenge to productivity. 

“This is poised to potentially get worse with the uptick in usage of AI tools. We know that AI can unlock developer bandwidth to tackle more complex tasks and shift focus to projects they’re excited about, but it only works as intended when properly checked,” said McKee.

He points to researchers at Stanford who found that using GitHub’s Copilot made developers more likely to write insecure code while conversely feeling confident in its security. As an update to its Copilot information hub, GitHub openly stated that it can generate “undesirable patterns” and added that developers are responsible for ensuring the security and quality of their code and recommend taking the same precautions as if they didn’t write the code themselves.

Robotic reasoning, really?

“Gen-AI coding assistants are good at suggesting code, but not at stepping back and reflecting on the code and reasoning over its effectiveness,” advised McKee. “When you layer in AI tools to the coding process, more code can be produced — and faster. But if it’s not of good quality, it can become time-consuming causing increasing developer frustration. The editing process to fix issues in generative AI code is likely not worth the time it would have taken for a developer to simply produce the code themselves in the first place.”

Of course, we know that AI is not unlike all other technology that moves the user up the abstraction stack and therefore makes the task that the user is trying to perform less painful. McKee and the Sonar team have reasoned that it is essentially a ‘better hammer’ [but perhaps not quite a perfect artisan craftsperson’s tool] than what we’ve been previously working with… and it shows promise. It seems clear that there is still ample room for AI technology to advance, but for the foreseeable future, developers will need to ensure that critical steps are not missed when it comes to ensuring their AI-generated code is clean.

Using AI the right way

“Right now, generative AI can be more of a stumbling block. It’s just not at a place where developers can trust the quality of its output without cross-checking it,” suggests McKee. “It’s up to developers themselves to address the underlying issues that result in bad code being put into production in the first place. That way, the code produced by AI generators won’t always result in more code to fix.”

For AI to effectively integrate into workflows and not create disruption, the Sonar developer lead says that it’s imperative for developer teams to adopt a Clean as You Code approach – full disclosure, this is indeed the branded tool that the company offers. McKee suggests that with this methodology on board, software developers can be more confident that their code is consistent, intentional, adaptable and responsible. This in turn leads to secure, maintainable, reliable and accessible software.

“With [this] methodology, developers can improve the overall quality of the entire codebase with minimal cost and effort. Emphasis on quality and security doesn’t mean that speed has to be sacrificed. Instead, developers can clean as they go – thanks to automation – supporting productivity and turning foundational code into a business asset. Developers should be able to rely on AI for volume but have the right checks in place to enable the code to be accurate and secure,” said McKee.

The bottom line appears to come down to a balanced argument. That balance stems from the understanding that AI can boost production, but it can be detrimental to code quality if it goes unchecked. 

Feel the burn on code churn

“We can underline this train of thought if we make reference to GitClear’s recent study, which shows that code churn, or the percentage of lines thrown out less than two weeks after being authored, is on the rise and expected to double in 2024. AI needs guardrails in place when it comes to software development, which is why developers should ‘trust but verify’ when they use it,” concluded McKee.

As GitClear notes, GitHub has published several pieces of research on the growth and impact of AI on software development. Although there is speed and acceleration to be grasped here, the wider profusion of generative AI-fuelled and Large Language Model (LLM)-based means there are maintainability, comprehensibility and functionality drawbacks to juggle with for every advantage being gained. GitHub asks, is the AI code in front of us more similar to the careful, refined contributions of a senior developer, or more akin to the disjointed work of a short-term contractor? That’s a question that could serve as a good splicing point for all AI tools that we now embrace, or not perhaps.