Chapter 23 Further Reading: Software Development and Debugging

Empirical Research on AI-Assisted Development

"The Impact of AI on Developer Productivity and Code Quality" (GitHub Research, 2022) The GitHub Copilot controlled study referenced throughout this chapter. Published by GitHub and available via their research blog. Includes full methodology, sample details, and task design. The 55% speed improvement and 88% subjective productivity finding are from this study.

"Do Users Write More Insecure Code with AI Assistants?" (Stanford, 2023) Pearce, H., et al. (2023). The Stanford study finding that AI-assisted developers introduced more security vulnerabilities than unassisted developers. Published at IEEE Symposium on Security and Privacy. Available via IEEE Xplore and arxiv.org. Essential reading for understanding the security implications of AI code assistance.

"Productivity Assessment of Neural Code Completion" (Google Research, 2022) Svyatkovskiy, A., et al. Examines the productivity effects of GitHub Copilot integration at scale, with specific breakdowns by task type and developer experience level. Available via Google Research publications.

AI-Assisted Development: Independent Replications (2023-2024) Multiple independent replications of the GitHub Copilot study have been published. Search Google Scholar for "AI code completion productivity empirical" for current literature. The 30-55% productivity gain range reflects the distribution of findings across replications.

Software Development Craft

"A Philosophy of Software Design" by John Ousterhout Independently published, 2018. One of the best modern treatments of software design principles. Ousterhout's concepts — deep modules, tactical vs. strategic programming, the importance of reducing complexity — provide the craft framework for evaluating whether AI-generated code is actually good or merely functional.

"Refactoring: Improving the Design of Existing Code" by Martin Fowler Addison-Wesley, 2nd edition, 2018. The definitive catalog of refactoring patterns. Each pattern in the catalog is a named, well-understood transformation — the same patterns that AI refactoring assistance uses. Knowing the catalog allows you to evaluate whether AI's proposed refactoring is appropriate for the situation.

"Working Effectively with Legacy Code" by Michael Feathers Prentice Hall, 2004. Particularly relevant for developers who are using AI to navigate and improve existing codebases. Feathers' techniques for adding tests to legacy code, finding seams, and understanding behavior without documentation are directly applicable when AI assistance is constrained by a complex existing codebase.

"The Pragmatic Programmer" by David Thomas and Andrew Hunt Addison-Wesley, 20th Anniversary Edition, 2019. The foundational professional development guide. The chapters on debugging — "Don't Assume It, Prove It" and systematic investigation — are directly relevant to the debugging workflow in this chapter.

Security and Code Quality

OWASP Top 10 — owasp.org/Top10 The Open Web Application Security Project's list of the ten most critical web application security risks. This is the security checklist that should inform every AI code security review. Familiarity with the Top 10 makes AI security review prompts more targeted and the resulting reviews more useful.

"The Art of Software Security Assessment" by Mark Dowd, John McDonald, and Justin Schuh Addison-Wesley, 2006. Comprehensive guide to security code review methodology. Provides the technical depth to evaluate AI security findings — distinguishing false positives from genuine vulnerabilities and understanding severity in context.

Python Security Advisories — advisories.python.org / PyPI Security Advisories The official source for Python package security advisories. Referenced in the dependency verification section. Check this resource for any AI-introduced Python dependency.

CWE (Common Weakness Enumeration) — cwe.mitre.org The authoritative catalog of software weakness types. When AI identifies a security issue, it will often use CWE classification (CWE-89 for SQL injection, CWE-79 for XSS). Knowing how to look up CWE entries gives you the full vulnerability description, examples, and mitigation guidance.

Debugging and Performance

"The Art of Debugging with GDB, DDD, and Eclipse" by Norman Matloff and Peter Jay Salzman No Starch Press, 2008. While the specific tools are dated, the systematic debugging methodology in Part 1 is timeless. Provides the conceptual framework for the structured debugging approach in this chapter.

"Systems Performance: Enterprise and the Cloud" by Brendan Gregg Addison-Wesley, 2nd edition, 2020. The definitive guide to systems performance analysis. Relevant to the Raj scenarios, where performance issues in production systems require systematic investigation. Gregg's USE Method (Utilization, Saturation, Errors) and RED Method (Rate, Errors, Duration) are excellent frameworks for structuring AI-assisted performance investigation.

"Python Memory Management and Garbage Collection" (Python documentation) Available at docs.python.org/3/c-api/memory.html and docs.python.org/3/library/gc.html. Essential reading for understanding the memory leak scenario in Case Study 2. Understanding how Python's garbage collector handles reference cycles, how CPython reference counting works, and how SQLAlchemy manages session state is background knowledge for the debugging approach described.

Testing

"Python Testing with pytest" by Brian Okken Pragmatic Bookshelf, 2nd edition, 2022. The comprehensive guide to pytest — the testing framework used in all chapter examples. Understanding pytest fixtures, parametrize, and conftest patterns allows you to evaluate and extend AI-generated test code effectively.

"Growing Object-Oriented Software, Guided by Tests" by Steve Freeman and Nat Pryce Addison-Wesley, 2009. The foundational work on test-driven development. The distinction between unit tests, integration tests, and end-to-end tests — and when each is appropriate — is directly relevant to evaluating AI-generated test code.

Tools Referenced in This Chapter

GitHub Copilot — github.com/features/copilot Integrated code completion for VS Code, JetBrains, and other editors. The primary IDE-integrated AI development tool. The GitHub Copilot study is the source of the 55% productivity finding.

Cursor — cursor.sh An AI-native code editor built on VS Code. Includes chat-based code editing, codebase-aware prompting (referencing specific files and functions in context), and multi-file editing. Well-suited for the architecture discussion and iterative implementation workflow.

Claude — claude.ai and claude.anthropic.com/api Used throughout this chapter for architecture discussion, code review, debugging hypothesis generation, and documentation. The extended context window is useful for reviewing large code sections. The API (Anthropic SDK) is used in Chapter 22's data analysis examples.

SQLAlchemy 2.0 — sqlalchemy.org The Python ORM used in the case studies. Understanding SQLAlchemy's session management, eager vs. lazy loading, and expire_on_access behavior is relevant to the memory leak case study.

FastAPI — fastapi.tiangolo.com The Python web framework used in the case studies. FastAPI's dependency injection system, automatic documentation generation, and Pydantic integration are relevant context for the implementation examples.

Mermaid — mermaid.js.org A text-based diagramming language supported by GitHub, Notion, GitLab, and other platforms. Referenced in the architecture section for AI-generated diagram creation.