Google's Linux kernel engineer introduces Sashiko, an AI-powered tool written in Rust. Sashiko identifies bugs and screens code using LLMs to aid open-source maintainers. It has found a significant percentage of bugs that human reviewers missed, and is designed to alleviate the burden of code review.
Roman Gushchin, a Linux kernel engineer at Google, has unveiled Sashiko, a new tool written in Rust designed to identify bugs and screen code. This innovative tool leverages the power of Large Language Models (LLMs) to automate and enhance code review processes, addressing the growing challenge of managing code quality in large-scale open-source projects.
Sashiko's core functionality revolves around processing patches from a mailing list, analyzing the changes, and providing feedback to maintainers and developers. The tool's primary strength lies in its ability to automatically sift through a large volume of code changes, potentially flagging issues that might be overlooked by human reviewers due to time constraints or the sheer complexity of the code. Sashiko's effectiveness has been demonstrated through its ability to identify a significant percentage of bugs based on an unfiltered set of upstream issues. \One of the most compelling aspects of Sashiko is its potential to alleviate the burden on open-source project maintainers. In many projects, especially those with a large user base and a constant flow of contributions, maintainers face a constant influx of code submissions, making it challenging to thoroughly review every change. The AI-powered tool like Sashiko can act as a first line of defense, automating the detection of potential issues. Sashiko has shown a promising performance in identifying bugs. Initial results, based on testing with a dataset of recent upstream issues, indicate that Sashiko can find a substantial number of bugs compared to human reviewers. While the 53 percent bug detection rate might not seem extraordinary on the surface, it's notable that these issues were entirely missed by human reviewers. Sashiko's implementation relies on a combination of techniques, including patch analysis, LLM-based feedback generation, and integration with existing code review workflows. The tool is configured to send data and code to the configured LLM provider. While it has been primarily tested with Gemini Pro 3.1, it's designed to be compatible with other LLMs such as Claude. The authors acknowledge the privacy and code-sharing implications, as the tool sends data and code to the configured LLM provider. The use of LLMs introduces costs associated with processing and analysis. Google is currently covering these costs for the Linux Kernel Mailing List. This raises questions about the long-term sustainability and scalability of the project, especially as the volume of code submissions continues to grow. Roman Gushchin has mentioned that Sashiko has been used internally at Google for some time and has been instrumental in the discovery of numerous actual issues. This internal usage underscores the tool's practical value and its potential to improve code quality and development efficiency within the organization. \ Sashiko is a project of the Linux Foundation. Sashiko's introduction is especially timely given the evolving challenges faced by open-source projects, including the influx of code submissions and the need for more efficient code review processes. The authors' transparency about the privacy and code-sharing aspects is crucial. They acknowledge that Sashiko sends data and code to the configured LLM provider. The rate of false positives is estimated to be within a 20 percent range. The majority of false positives fall within a grey zone, making them less critical. This type of AI-powered tool is a promising application of agentic AI. It provides a means to automate and enhance code review processes while potentially reducing the workload on human reviewers. The implications extend beyond just technical improvements; Sashiko has the potential to streamline workflows, improve code quality, and ultimately foster a more collaborative and efficient development environment for open-source projects. This is a crucial step towards the practical application of AI in software development, enabling developers to write more secure and reliable code more efficiently. The project is a valuable addition to the open-source community, particularly for projects that receive a large volume of contributions
AI Code Review Open Source Bug Detection Linux Kernel
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
£2.5m payment is reversed using Monzo’s tool for ‘oh no moments’The ‘undo payments’ tool gives customers a short window to change their minds and stop a transfer before the money leaves their account.
Read more »
Monzo alert as £200 leaves accounts and customers use toolPeople who bank with the online service have reversed more than 1.6 million transfers after spotting errors such as sending money to the wrong person
Read more »
New tool helps thousands achieve better blood pressure controlA blood pressure program adopted across the University of California's six academic medical centers has effectively lowered hypertension and prevented serious disease or death for thousands of patients, according to a new study led by UC San Francisco.
Read more »
Google Embraces 'Vibe Coding' with Redesigned Stitch Design ToolGoogle's Stitch design tool receives a complete redesign, embracing the concept of 'vibe coding' to allow developers to create user interfaces based on intent and feel. The updated tool uses an AI-native canvas and design agent, allowing developers to quickly explore ideas by describing business objectives and desired user experiences.
Read more »
OpenAI Acquires Python Tool Maker Astral to Bolster CodexOpenAI acquires Astral, the maker of Python tools like uv, Ruff, and ty, to strengthen its AI coding agent Codex. The deal aims to integrate Astral's tools into Codex to improve its capabilities within the software development workflow. The Astral team will join OpenAI to enhance Codex, further fueled by competitive pressures with Anthropic.
Read more »
New tool helps identify fake medicines through pill dissolution patternsFake news can be tricky to spot, but spotting fake drugs just got a little easier. Researchers have devised a low-cost way to help distinguish legitimate medications from counterfeit ones.
Read more »