Graphite Reviewer is now Diamond

Using ChatGPT for code review

Greg Foster
Greg Foster
Graphite software engineer
Try Graphite

Code review is an important software development practice that helps maintain code quality, identify bugs, and share knowledge among team members. As development teams scale and codebases grow more complex, traditional manual reviews can become time-consuming and sometimes inconsistent. This has led to growing interest in AI-assisted code reviews, with ChatGPT emerging as a popular tool in this space. This technical guide explores how to effectively use ChatGPT for reviewing code, outlining practical techniques, benefits, and important limitations to consider when incorporating this AI assistant into your development workflow.

Using ChatGPT for code reviews can offer several advantages to development teams:

  1. Reduced review fatigue: Helps catch basic issues before human reviewers, allowing them to focus on higher-level concerns
  2. Consistency: Applies the same level of scrutiny to all code, regardless of time constraints
  3. Knowledge augmentation: May identify issues that human reviewers might miss due to familiarity blindness
  4. 24/7 availability: Provides immediate feedback without waiting for team members

ChatGPT can enhance code reviews by providing quick, AI-driven feedback on code snippets or entire functions. Here's how you could effectively use ChatGPT for this purpose:

Step 1: Clearly define your review objective

Specify what aspects you want ChatGPT to assess, such as readability, efficiency, security, or adherence to best practices.

Example prompt:

Terminal
Review this Python code for efficiency and potential improvements:
def find_max(numbers):
max_num = numbers[0]
for num in numbers:
if num > max_num:
max_num = num
return max_num

Step 2: Analyze ChatGPT's feedback

ChatGPT might respond with suggestions like:

  • "Consider using Python's built-in max() function, which simplifies the implementation and improves readability and efficiency."

Step 3: Iterate and refine

If needed, request more detailed feedback, such as:

Terminal
Could you identify any potential edge cases or errors in this implementation?

Despite its capabilities, AI-assisted code reviews with ChatGPT have several important limitations:

ChatGPT can only review the code provided in the current conversation, without visibility into:

  • The complete codebase architecture
  • External dependencies or private APIs
  • Project-specific design patterns or requirements

Example pitfall: ChatGPT might suggest using a singleton pattern without knowing it violates your team's architectural decisions.

ChatGPT's training data has a cutoff date, meaning it may:

  • Be unaware of recent language features or security vulnerabilities
  • Recommend deprecated libraries or approaches
  • Miss domain-specific best practices that emerged after its training

Example pitfall: ChatGPT might not recognize or recommend the newest language-specific security features released after its training cutoff.

ChatGPT can both:

  • Flag issues that aren't actually problems (false positives)
  • Miss critical issues that require deeper contextual understanding (false negatives)

Example pitfall: ChatGPT might incorrectly flag a custom implementation of a cryptographic algorithm as insecure when it's actually a domain-specific requirement, or miss subtle race conditions in concurrent code.

Unlike dedicated static analysis tools, ChatGPT:

  • Cannot perform dataflow analysis
  • Cannot track variables across multiple files
  • Cannot detect complex memory leaks or performance bottlenecks

When using ChatGPT for reviewing code:

  • Proprietary or sensitive code shared with the model may have privacy implications
  • Organizations should have clear policies about what code can be submitted
  • Consider using dedicated enterprise solutions with appropriate security guarantees
ProsCons
Instant feedback and quick analysisLacks deep project-specific context
Supports multiple programming languagesMay provide generic or imprecise suggestions
Scalable for reviewing large code volumesLimited accuracy with highly complex logic
Educational, reinforcing best practicesCan overlook subtle bugs and edge cases
Available 24/7, no dependency on human reviewersShould not replace human reviewers entirely

For effective AI-assisted code reviews:

Use ChatGPT as a preliminary step before human review:

  • Have developers address AI-identified issues before submitting for team review
  • Focus human reviewers on higher-level concerns and business logic

Develop standard templates for different review types:

  • Security-focused reviews
  • Performance optimization reviews
  • Style and maintainability reviews

Always validate ChatGPT's suggestions:

  • Check if recommendations align with your project's architecture
  • Verify performance claims with benchmarks
  • Test security recommendations against actual attack vectors

Use ChatGPT alongside dedicated code analysis tools:

  • Traditional linters and static analyzers
  • Language-specific security scanners
  • Performance profiling tools

Additionally, incorporating advanced AI-powered tools like Diamond can further enhance your code review process. Diamond leverages full contextual awareness of your repository, providing precise, actionable suggestions tailored specifically to your project's architecture and coding patterns. By complementing ChatGPT's versatility with Diamond's context-aware analysis, you reduce the reviewer burden, streamline feedback, and ensure thorough, high-quality code evaluations.

ChatGPT offers valuable capabilities for code review that can complement traditional human review processes. While it can help identify common issues, suggest improvements, and provide educational value, it's still important to understand its limitations. The most effective approach to AI-assisted code reviews combines ChatGPT's capabilities with human expertise and specialized tools. By understanding both the strengths and weaknesses of using ChatGPT for reviewing code, development teams can create a balanced workflow that leverages AI assistance while maintaining high code quality standards.

Built for the world's fastest engineering teams, now available for everyone