3.4: AI Tool Selection
Choosing the Right AI Tool
AI Tool Categories
1. Code Assistants (IDE-integrated)
- GitHub Copilot, Tabnine, Amazon CodeWhisperer
- Best for: Real-time code completion while typing
2. Chat-Based AI (Conversational)
- ChatGPT, Claude, Gemini
- Best for: Requirements analysis, architecture design, code review
3. Specialized AI (Domain-specific)
- Sourcegraph Cody (codebase search), Codium AI (test generation)
- Best for: Specific tasks (tests, documentation, refactoring)
Tool Comparison for ASPICE
GitHub Copilot
Strengths:
- [PASS] Fast (inline suggestions as you type)
- [PASS] Context-aware (uses nearby code context, ~2-4KB window)
- [PASS] IDE-integrated (VS Code, IntelliJ, Vim)
- [PASS] Good at boilerplate, common patterns
Weaknesses:
- [FAIL] Limited context (2-4KB window)
- [FAIL] No conversational mode (can't ask "why?")
- [FAIL] Weak at safety-critical logic
- [FAIL] May suggest insecure code (CWE vulnerabilities)
Best Use Cases:
- CAN message parsing
- Doxygen header generation
- Test scaffolding
- Simple getters/setters
Pricing: €10/month (individual), €19/month (business) (Pricing as of December 2025; check vendor website for current rates)
ChatGPT-4
Strengths:
- [PASS] Conversational (iterative refinement)
- [PASS] Good at requirements extraction
- [PASS] Can explain code
- [PASS] Multi-language support
Weaknesses:
- [FAIL] No IDE integration (copy-paste workflow)
- [FAIL] Context limit (128K tokens, ~50K LOC)
- [FAIL] May hallucinate (invents nonexistent APIs)
- [FAIL] Data privacy concerns (cloud-based)
Best Use Cases:
- Extract requirements from Word documents
- Generate ADR templates
- Explain legacy code
- Generate test cases from requirements
Pricing: €20/month (Plus), API pricing available (pay-per-token) (Pricing as of December 2025; check vendor website for current rates)
Claude Sonnet
Strengths:
- [PASS] Large context (200K tokens, ~80K LOC)
- [PASS] Accurate (fewer hallucinations)
- [PASS] Good at code review (can review entire file)
- [PASS] Strong reasoning (architecture decisions)
Weaknesses:
- [FAIL] No IDE integration
- [FAIL] Slower than Copilot (batch workflow)
- [FAIL] More expensive (API pricing)
Best Use Cases:
- Code review (large files)
- Refactoring (understands full context)
- Architecture decision analysis
- Requirements traceability (cross-file)
Pricing: €20/month (Pro), API pricing available (pay-per-token) (Pricing as of December 2025; check vendor website for current rates)
Tabnine
Strengths:
- [PASS] Privacy-focused (on-premise option)
- [PASS] Trained on C/embedded code
- [PASS] IDE-integrated
Weaknesses:
- [FAIL] Less accurate than Copilot
- [FAIL] Smaller model (fewer capabilities)
Best Use Cases:
- Teams with strict data privacy (defense, medical)
- Embedded C projects
- Air-gapped environments
Pricing: Free (basic), €12–39/month (pro/enterprise) (Pricing as of December 2025; check vendor website for current rates)
Selection Decision Matrix
By ASPICE Process
| Process | Recommended Tool | Alternative | Rationale |
|---|---|---|---|
| SWE.1 (Requirements) | ChatGPT-4 / Claude | Manual | Extract from docs, detect ambiguities |
| SWE.2 (Architecture) | Claude Sonnet | Manual | Large context, reasoning |
| SWE.3 (Implementation) | GitHub Copilot | Tabnine | Fast, IDE-integrated |
| SWE.4 (Unit Testing) | GitHub Copilot | Codium AI | Generate tests from code |
| SUP.2 (Review) | Claude Sonnet | ChatGPT-4 | Large context, MISRA checks |
| SUP.8 (Config Mgmt) | None | Manual | Git, traceability scripts |
By Task Type
| Task | Tool | Reason |
|---|---|---|
| Code completion (while typing) | GitHub Copilot | Fastest, inline suggestions |
| Requirements extraction (Word → Markdown) | ChatGPT-4 | Good at document processing |
| Code review (entire file) | Claude Sonnet | Large context (200K tokens) |
| Architecture decision (trade-offs) | Claude Sonnet | Strong reasoning |
| Test generation (from requirements) | GitHub Copilot + manual | Generate scaffolding, add edge cases |
| Refactoring (extract function) | Claude Sonnet | Understands full context |
| Documentation (Doxygen) | GitHub Copilot | Fast, pattern-based |
| Bug finding (MISRA, security) | Claude Sonnet + cppcheck | AI + static analysis |
Tool Combination Strategy
The Hybrid Approach
Use Multiple Tools for Different Tasks
Example Workflow: The following diagram shows how different AI tools are selected for different tasks in a typical development workflow, matching each tool's strengths to the task at hand.
Benefit: Use each tool's strengths (speed vs accuracy vs context)
Cost-Benefit Analysis
ROI Calculation
Scenario: Team of 10 engineers, 2-year project
Costs:
- GitHub Copilot: €10/month × 10 engineers × 24 months = €2,400
- ChatGPT-4 Plus: €20/month × 10 engineers × 24 months = €4,800
- Total: €7,200
Benefits (35% productivity gain, conservative estimate):
- Base calculation: 10 engineers × 1,600 hours/year × 2 years = 32,000 hours
- Time saved: 35% × 32,000 hours = 11,200 hours
- Hourly rate assumption: €100/hour (fully burdened rate including salary, benefits, and overhead)
- Cost savings: 11,200 hours × €100/hour = €1,120,000
- Net benefit: €1,120,000 − €7,200 = €1,112,800
ROI: 155x return on investment
Assumptions and Caveats:
- Productivity gain: 35% (conservative from 35–55% range based on GitHub Copilot study; actual results vary by team and complexity)
- Hourly rate: €100/hour fully burdened (salary + benefits + overhead)
- Measurement: Time savings measured via developer self-reporting and task completion metrics
- Does not include human review overhead (estimated 20% of saved time)
- Safety-critical code requires additional review (reduces net gain to 25–30%)
- Individual results vary based on code complexity and engineer experience
Data Privacy and Security
Considerations for Safety-Critical Projects
Cloud-Based Tools (GitHub Copilot, ChatGPT, Claude):
- [WARN] Code sent to cloud servers
- [WARN] Data privacy concerns (GDPR, customer contracts)
- [WARN] IP leakage risk (proprietary algorithms)
On-Premise Tools (Tabnine Enterprise):
- [PASS] Code stays on-premise
- [PASS] No cloud transmission
- [PASS] GDPR-compliant
Best Practices:
- Review contracts: Check if customer allows cloud-based AI tools
- Data sanitization: Remove customer-specific data before using AI
- Air-gapped fallback: For defense/classified projects, use on-premise only
- Non-disclosure: Ensure AI tool provider has NDA
Evaluation Process
How to Choose for Your Project
Step 1: Define Requirements
Requirements for AI Tool:
- IDE integration? (Yes/No)
- On-premise required? (Yes/No)
- Budget: €X/month per engineer
- Privacy: GDPR-compliant?
- Language: C, Python, etc.
- Context needed: Small (code completion) vs Large (code review)
Step 2: Trial Period
- Test 2-3 tools for 1 month
- Measure: Time saved, defects caught, engineer satisfaction
- Compare cost vs benefit
Step 3: Team Feedback
- Survey engineers: "Which tool helps most?"
- Collect data: Code review time, defect density, test coverage
Step 4: Decision
- Choose tool(s) based on ROI, engineer preference, compliance
- Document decision (ADR if significant cost)
Summary
Tool Categories: Code assistants (Copilot), chat-based (ChatGPT, Claude), specialized (Codium, Sourcegraph)
Top Recommendations:
- Code completion: GitHub Copilot (fast, IDE-integrated)
- Requirements/Review: ChatGPT-4 or Claude Sonnet (large context)
- Privacy-sensitive: Tabnine (on-premise option)
Hybrid Strategy: Use multiple tools for different tasks (code, requirements, review)
ROI: 155x return (€7,200 cost → €1,112,800 benefit for 10-engineer team, based on conservative 35% productivity gain)
Privacy: Check customer contracts, sanitize data, consider on-premise for classified projects
Evaluation: Define requirements, trial period, team feedback, measure ROI
Chapter 35 Complete: Working with AI Assistants covers effective prompting, reviewing AI output, HITL decision-making, and tool selection.
Next: Chapter 36 — Putting It All Together (end-to-end example, common pitfalls, continuous learning)