Ask HN: Would you pay for a code similarity detection tool?
I've been working on a proof-of-concept code similarity detection tool.
The tool is based on matching semantically equivalent code fragments, i.e. it detects similarities across inlined or lifted functions, reordered but equivalent expressions and so on.
Check out the attached screenshot [1].
The idea is to mine the publicly available npm repos, and provide a payed service for detecting similar code fragments already implemented in npm libraries -- basically an open REST service and one or two plugins for the most popular editors (vim, Sublime, Atom?)
If this proves successful, I would extend the service to other languages and services, where applicable.
Would you pay for such a service? What kind of features would you expect?
[1] https://dl.dropboxusercontent.com/u/30225560/ase.png
47 comments
[ 5.7 ms ] story [ 121 ms ] threadhttp://www.harukizaemon.com/simian/ http://dickgrune.com/Programs/similarity_tester/ https://github.com/silviocesare/Clonewise
Sometimes I deliberately choose not to abstract away simple logic (as in your screenshot) for performance reasons, or just to reduce a complex dependency chain (I'm all for code reuse, but I do also believe in a balance when writing portable code). And the instances where the required logic is more complex, I'd know to be looking for a module before writing my own code.
Because of these reasons, I couldn't even see myself using this tool if it was free.
However, this does sound an interesting project and I think you should still proceed with it regardless of my feedback as, even if it doesn't because a profitable exercise, I could see this becoming a future must-have feature for IDEs - eg for code refactoring. In fact maybe you could extend this tool to analyse repeated code within a project and suggest abstracting that out to a function (that's a tool I probably would use on larger code bases!)
Tools like this are common within Java as Java and similar are easier to this kind of analysis on.
IntelliJ IDEA is long reigning champ in this area. (Which is a product I would pay for.)
I'll have to check out IDEA again, thanks!
So, maybe try asking someone who is into programming training programs.
For me personally, I don't see the need to even use such a tool, let alone paying for it. Many programmers seem to focus on code, but in my experience, that's usually not the problem you have when things go bad.
Be careful with that, it restricts your customers to a certain lightmillisecond distance from your server - if the plugin is intended to be real-time.
Figuring out which people and when is, generically, a matter of doing your homework with customer development and targeted marketing, and then further improving your marketing surface as you learn more about who is a customer and how to find them.
Going from "this might be useful" to a working business model is, of course, a deeply nontrivial problem...but it's one that many people have solved before, and it's a heck of a lot easier if you don't start with "maybe $25 per year."
https://github.com/danielstjules/jsinspect
How does your techniques compare to Winnowing? http://theory.stanford.edu/~aiken/publications/papers/sigmod...
https://sourcedna.com/
There are several machine learning solutions that can look for your IP in either source code or binary form even on an abstract (algorithm) level.
Many tools exist like that, the real question is what exactly your target audience is?
If you are scanning public repo's what service does the tool actually provides, and no detecting code similarity isn't the answer here.
Selling something isn't really an issue as long as it has a clear purpose which i don't think your idea has at this moment in time.
Could you share links to the IP detection ML tools?
And to answer your question, please read my answer here [1].
[1] https://news.ycombinator.com/item?id=9954879
But still what is the use case?
I mean if i wrote code which is functioning why would i replace it with some one elses code?
Taking in raw code even (especially from) OSS repo's is a huge huge can of worms.
Say you are developing a product if you use an OSS library which is distributed as is you can bundle it with your product under most licenses unless you modify it without having worry about anything.
If you copy paste code form that library into your own code base well than what is it? a copyright violation? derivative work? I can easily bundle OpenSSL with their Apache license and just make a remark about it some where during the installation, i don't have to distribute my software or source code under that license or under any other OSS license.
But if i take the raw source code say their ASN.1 parser and implement it in my own program? what now? I'm not an IP lawyer but I'm pretty sure this either violates the license outright or my software now just became some derivative work which means the terms (or some of them) of the original license now apply.
Even if my software was meant to be OSS it's still an issue maybe i don't want to use Apache or BSD maybe it want GPLv2 or V3 or my own license or what ever.
The other issue that stands out to me is that I already wrote functioning code, it works, it's mine, i know it i understand it i can maintain it, why should i on-board someone elses code that i won't know, won't understand, wont be able to maintain as easily? Where is the benefit in that if I've already written all / most of my code for your similarity score to trigger a suggestion?
I don't know about you, but I find myself writing boilerplate code very often. Converting between timezones, reading config files, making HTTP requests (+error handling), UI idioms (click & disable), etc.
Often the code handling such things is spread over a bigger function, like open a file on line 5, loop over lines and read into array on lines 24, 25, 26, close file in finally {} clause.
What I want is a tool telling me "hey, you can replace these lines by function X in open-source package Y." Maybe I overestimate its universal usefulness though :)
I, a software developer, wouldn't buy such a thing, but there's certainly enterprise/corporate demand for it.
https://codeclimate.com/
Code Climate looks more like a linter though?
Most of the code that I write that would be duplicating the functionality in a library would be doing so because we don't need the extra functionality. For example, I need to pluralise a small set of words, so I write 3-4 clause if-statement and append some "s" characters because I don't see the need to use python-inflection. The latter is massively more complex, so unlikely to be detected as the same thing.
Sure, there might be a few matches, but I suspect they will mostly be helper functions within libraries, rather than the public API of libraries.
I would prefer not to send code to a web service for detection, although not totally against it. In many companies this would not be allowed, either through policy, firewalls, exfiltration detection systems, or lack of internet on development machines (I know people who work, or have worked myself, in all of these situations).
Something I think would be far more valuable, and possibly more realistic as well, is local detection that highlights possibly duplicated code in a codebase. I find little snippets (1-2 lines) that have been duplicated on a fairly regular basis, and if I could identify those to be extracted out into re-usable methods, that would be amazing.
Would I pay money for it? Probably not, it's not that much of a problem, and all those sorts of tools are usually open source anyway. Unfortunately that's my expectation now.
I guess the best way to address the usefulness issue is to run it against popular frameworks, like React or Angular, and see what happens.
If it proves useful (like say 10% of code could be replaced by existing functions), would you change your mind?