Code Documentation and Analysis to Secure Software Development

TL;DR

This paper introduces CoDAT, a tool that maintains consistent, up-to-date code documentation by linking comments to code, using language models to detect semantic inconsistencies, thereby supporting step-wise code refinement.

Contribution

The paper presents CoDAT, a novel tool integrating language models and decentralized architecture to improve code documentation consistency and semantic accuracy.

Findings

Effective detection of out-of-date comments

Semantic inconsistency flagged by language models

Supports iterative code refinement process

Abstract

We present the Code Documentation and Analysis Tool (CoDAT). CoDAT is a tool designed to maintain consistency between the various levels of code documentation, e.g. if a line in a code sketch is changed, the comment that documents the corresponding code is also changed. That is, comments are linked and updated so as to remain internally consistent and also consistent with the code. By flagging "out of date" comments, CoDAT alerts the developer to maintain up-to-date documentation. We use a large language model to check the semantic consistency between a fragment of code and the comments that describe it. Thus we also flag semantic inconsistency as well as out of date comments. This helps programers write code that correctly implements a code sketch, and so provides machine support for a step-wise refinement approach, starting with a code sketch and proceeding down to code through one or more refinement iterations. CoDAT is implemented in the Intellij IDEA IDE where we use the Code Insight daemon package alongside a custom regular expression algorithm to mark tagged comments whose corresponding code blocks have changed. CoDAT's backend is structurally decentralized to allow a distributed ledger framework for code consistency and architectural compilation tracking.