Chapter 23 Quiz: Software Development and Debugging
Test your understanding of AI-assisted development workflows, trust calibration requirements, and effective prompting for coding tasks. After answering each question, reveal the explanation using the dropdown.
Question 1
Why is architecture and design described as having a "Low" trust risk level compared to implementation?
A) Architecture decisions are less important than implementation details B) AI is more accurate about architecture than implementation C) The outputs are decisions and discussion rather than code — a bad architectural discussion does not break a production system; bad implementation code can D) Architecture tasks are simpler and AI makes fewer errors on them
Answer
**C) The outputs are decisions and discussion rather than code — a bad architectural discussion does not break a production system; bad implementation code can** The chapter's trust risk table assigns "Low" to architecture/design and "High" to implementation. The reason is about what type of output is produced. In architecture discussions, you produce decisions, diagrams, and recommendations — things you evaluate and adopt or reject before any code exists. In implementation, AI produces executable code that you run against a production system. A wrong architectural suggestion costs a discussion; a wrong implementation may produce a security vulnerability or data corruption that reaches production.Question 2
What is the "explain then generate" technique, and why does it produce better code than direct code generation prompts?
A) A technique where AI explains each line of code as it generates it, making the output easier to review B) A two-step approach where AI first describes the implementation approach (which you review and correct), then generates code — ensuring AI understands the requirements correctly before producing code C) A technique where you explain your requirements to two different AI models and then compare their outputs D) A documentation-first approach where AI generates docstrings before writing the function body
Answer
**B) A two-step approach where AI first describes the implementation approach (which you review and correct), then generates code — ensuring AI understands the requirements correctly before producing code** The chapter describes explain-then-generate as "the single most productive change most developers make when adopting AI coding assistance." By reviewing the proposed approach before any code is generated, you verify that AI has understood the requirements correctly. Assumptions, misunderstandings, and wrong architectural choices surface at the explanation stage — where they are cheap to fix — rather than at the implementation stage — where they require regenerating large amounts of code.Question 3
What are the four required components of an effective debugging prompt, as described in the build_debug_prompt function?
A) Error type, file name, line number, and stack trace B) Error message, relevant code, expected behavior, and actual behavior C) Error message, code, the developer's hypothesis, and possible fixes D) Stack trace, environment information, steps to reproduce, and expected behavior
Answer
**B) Error message, relevant code, expected behavior, and actual behavior** The `build_debug_prompt` function has four required parameters: `error_message`, `code_snippet`, `expected_behavior`, and `actual_behavior`. A fifth optional parameter, `context`, improves quality when available. The chapter explains: "Using this structure consistently produces better debugging responses because AI has all the information it needs to reason about the problem. Missing any of the four components forces AI to make assumptions — and it will make them confidently."Question 4
What does the chapter identify as AI code review's most significant blind spot?
A) Security vulnerabilities — AI misses most security issues B) Syntax errors — AI focuses on logic and misses syntax problems C) Business logic correctness — AI can verify that code does what the code says, but not whether what the code says is what the business needs D) Performance issues — AI cannot identify algorithmic inefficiencies
Answer
**C) Business logic correctness — AI can verify that code does what the code says, but not whether what the code says is what the business needs** The chapter states: "Business logic correctness: AI does not know whether your business logic correctly implements the business requirement. It can verify that the code does what the code says, but not whether what the code says is what the business needs." This is a fundamental limitation that applies regardless of how good the AI model is — the business requirements exist outside the code itself, and AI has no access to the complete business context.Question 5
Why does the chapter warn against having AI generate tests for code AI just generated?
A) AI-generated tests are always lower quality than human-written tests B) Both the implementation and the tests may reflect the same incorrect assumptions, creating correlated blind spots where tests pass while missing important failure cases C) Running AI-generated tests creates security vulnerabilities D) There is no warning about this in the chapter — it recommends using AI for both code and tests
Answer
**B) Both the implementation and the tests may reflect the same incorrect assumptions, creating correlated blind spots where tests pass while missing important failure cases** The chapter's Common Pitfall states: "When AI generates both the implementation and the tests, both products reflect the same assumptions — including wrong ones. The tests may pass while completely missing important failure cases that a human would have recognized." This is the "correlated blind spots" problem: AI's errors in implementation may be systematically absent from AI's test generation, producing a test suite that looks complete but has gaps in exactly the cases where the implementation is wrong.Question 6
What is the "can I explain this?" test, and when should it be applied?
A) A test applied to documentation to verify that the explanation of a function matches its actual behavior B) A standard that should be applied before committing any AI-generated code — the developer should be able to explain every non-trivial function, security-relevant decision, and subtle implementation choice to a colleague without referring back to the AI conversation C) A prompt submitted to AI to verify that AI can explain its own generated code D) A code review standard used only for junior developers who are new to AI tools
Answer
**B) A standard that should be applied before committing any AI-generated code — the developer should be able to explain every non-trivial function, security-relevant decision, and subtle implementation choice to a colleague without referring back to the AI conversation** The chapter's Best Practice states: "Before submitting any AI-generated code for review, run through the 'can I explain this?' test: for every non-trivial function, every security-relevant decision, and every place where the code does something subtle — can you explain it to a colleague without referring to the AI conversation? If not, you do not understand the code well enough to commit it." The standard for committing AI-generated code is identical to the standard for committing human-generated code: the committer understands and is responsible for it.Question 7
What security finding about AI-assisted development comes from the 2023 Stanford study?
A) AI-generated code contains fewer security vulnerabilities than human-generated code B) AI-assisted developers are more likely to introduce security vulnerabilities, attributed to over-trust — accepting AI-generated security-relevant code without adequate scrutiny because it looks correct C) AI code review catches security vulnerabilities more reliably than human review D) Security vulnerabilities in AI-generated code are always in the same categories (SQL injection, XSS)
Answer
**B) AI-assisted developers are more likely to introduce security vulnerabilities, attributed to over-trust — accepting AI-generated security-relevant code without adequate scrutiny because it looks correct** The chapter cites a 2023 Stanford study finding that developers with AI assistance were more likely to introduce security vulnerabilities than those working without it. The researchers attributed this to over-trust — developers accepted AI-generated security-relevant code without adequate scrutiny because the code looked correct. This is why the chapter states "security review of AI-generated code should always include a human who understands the security requirements and the system context" regardless of whether AI was asked to review the code during generation.Question 8
In Raj's day-in-the-life scenario, what does he do at the architecture stage that specifically improves the implementation quality?
A) He asks AI to generate a complete implementation immediately so he has something concrete to evaluate B) He discusses the approach for thirty minutes without writing any code, and identifies that the Redis-only approach is inappropriate based on operational knowledge AI could not have (known Redis reliability issues during traffic spikes) C) He uses a different AI model for architecture than for implementation to get a broader range of suggestions D) He reads the complete API documentation for all libraries he plans to use before starting the conversation
Answer
**B) He discusses the approach for thirty minutes without writing any code, and identifies that the Redis-only approach is inappropriate based on operational knowledge AI could not have (known Redis reliability issues during traffic spikes)** The scenario explicitly notes that "Raj knows their Redis instance has had reliability issues during traffic spikes — something AI cannot know." This domain-specific operational knowledge eliminates one of AI's three proposed approaches before any code is written. This is a clear example of the complementary relationship between AI's broad knowledge (architectural patterns) and human's specific knowledge (their system's operational history). No code exists after thirty minutes — the time is entirely invested in making a correct architectural decision.Question 9
What is the "rubber duck debugging" technique in the context of AI assistance?
A) A technique where AI generates test data that "bounces" (returns different results) to identify non-deterministic bugs B) Using AI as a rubber duck that talks back — explaining your bug to AI through a conversation where AI asks clarifying questions, with the insight often coming from the act of articulation itself rather than from AI's suggestions C) A visualization technique where AI generates a diagram of the bug's execution flow D) A technique specific to memory management debugging where AI identifies "rubber band" memory allocation patterns
Answer
**B) Using AI as a rubber duck that talks back — explaining your bug to AI through a conversation where AI asks clarifying questions, with the insight often coming from the act of articulation itself rather than from AI's suggestions** The chapter explicitly connects rubber duck debugging to AI: "The rubber duck prompting approach for complex bugs" asks AI to "ask clarifying questions until you fully understand the system well enough to suggest what might be wrong." The key mechanism is the same as classic rubber duck debugging: "The conversation structure — answering AI's clarifying questions — often produces the insight without AI ever needing to identify the bug." The articulation process surfaces the bug, not the rubber duck's (or AI's) response.Question 10
What does the chapter recommend for documentation generation quality control?
A) Always have a technical writer review AI-generated documentation B) Only use AI for README files, not for docstrings or API documentation C) Review generated docstrings for accuracy, particularly checking that edge behavior descriptions are accurate, since AI may generate plausible-sounding descriptions that do not accurately reflect actual behavior D) Have AI generate documentation only after the code has been reviewed and approved
Answer
**C) Review generated docstrings for accuracy, particularly checking that edge behavior descriptions are accurate, since AI may generate plausible-sounding descriptions that do not accurately reflect actual behavior** The chapter states: "Review generated docstrings for accuracy — AI may generate plausible-sounding descriptions that do not accurately reflect edge behavior." This is a specific instance of the general principle: AI generates confident-sounding content that may be inaccurate. In documentation, this typically manifests as the raises section (AI documents exceptions the function does not actually raise, or misses ones it does) and edge case descriptions (AI describes behavior for edge cases based on what seems reasonable, which may not match the actual implementation).Question 11
What does the chapter identify as the primary risk when committing code after refactoring with AI assistance?
A) Refactored code may have syntax errors that the original code did not B) Tests may pass while behavior changes in ways that tests do not cover — the function signature and test coverage look the same, but the code does something different in cases the tests do not exercise C) Refactoring with AI typically slows the code down by replacing optimized patterns with readable but inefficient alternatives D) AI refactoring always changes the public API, requiring updates to calling code
Answer
**B) Tests may pass while behavior changes in ways that tests do not cover — the function signature and test coverage look the same, but the code does something different in cases the tests do not exercise** The chapter states: "The most common refactoring risk: tests pass but behavior changes in ways the tests do not cover. Always review refactored code for behavior changes, not just test results." Refactoring is specifically about changing structure without changing behavior — so passing tests is necessary but not sufficient evidence that behavior is unchanged. AI may refactor correctly in tested cases while changing behavior in untested cases. Human review of the refactored logic, not just test results, is required.Question 12
The GitHub Copilot study found what productivity gain for developers completing a specific coding task with AI assistance?
A) 10-15% improvement B) 25% improvement C) 55% faster completion, with 88% of developers reporting feeling more productive D) 2-3x faster completion for all categories of coding tasks
Answer
**C) 55% faster completion, with 88% of developers reporting feeling more productive** The chapter cites the 2022 GitHub Copilot study: "developers using Copilot completed a specific coding task 55% faster than the control group and were 88% more likely to describe themselves as more productive with the tool." The chapter also notes that this used "a controlled experimental design — the strongest evidence type available." The 55% figure is for a specific controlled task; independent replications and similar studies find 30-55% gains, with gains being most consistent for boilerplate and scaffolding code.Question 13
What should you verify when AI generates code that introduces new package dependencies?
A) Only verify packages that are not from well-known organizations B) Package name correctness, known security vulnerabilities, license compatibility, and whether the package is actively maintained C) Only the version number — ensure it matches the version in your requirements.txt D) Package dependencies do not require special verification since AI models only suggest well-known, safe packages
Answer
**B) Package name correctness, known security vulnerabilities, license compatibility, and whether the package is actively maintained** The chapter lists four dependency verification requirements: "The package name is correct and is the intended package (package squatting is a real attack vector); the version specified is current and has no known security vulnerabilities; the license is compatible with your project's requirements; the package is actively maintained." Package squatting — registering a package with a name similar to a popular package — is specifically called out as a real attack vector, meaning that even plausible-looking package names require verification against authoritative registries.Question 14
What does "provide adequate context" mean for implementation prompts, and why does context improve code quality?
A) Provide context by explaining the purpose of the code at a high level; detailed context is unnecessary and makes prompts harder for AI to process B) Provide examples of existing code conventions, framework and library versions, and non-obvious constraints — AI will follow your conventions when shown examples and will avoid outdated API patterns when given version information C) Context means the number of tests you want — more tests means AI generates more comprehensive code D) Adequate context means providing the complete codebase as context — nothing less produces good results
Answer
**B) Provide examples of existing code conventions, framework and library versions, and non-obvious constraints — AI will follow your conventions when shown examples and will avoid outdated API patterns when given version information** The chapter states: "AI code generation quality is directly proportional to the context provided." Specifically: (1) paste examples of how similar things are done in your codebase — "AI will follow your conventions if you show it examples"; (2) specify framework and library versions — "AI has knowledge of multiple versions of popular frameworks, and may use outdated APIs if you do not specify"; (3) describe non-obvious constraints — "performance requirements, security constraints, infrastructure limitations that are not obvious from the feature description alone."Question 15
What does the research say about the difference in how AI development assistance benefits expert versus novice developers?
A) AI benefits experts and novices equally across all task types B) Experts benefit more than novices because they know how to write better prompts C) Novices see larger productivity gains on routine tasks; experts benefit more when using AI as a review and discussion tool rather than a code generation tool D) AI development assistance does not benefit novice developers because they cannot evaluate the code AI generates