Forgot your password?
typodupeerror

Comment Re:Old man yells at clouds (Score 1) 32

Suppose the question is 'high quality'.

It absolutely floods the field with false positives.

However, depending on the context, you can still see some issues a human is likely to miss. It's an idiot with crazy attention to detail.

So you can't count on it to catch things a human would and in many scenarios it will fire off more false positives than anything vaguely right, but it does represent a value in a more manageable haystack to catch certain issues.

But go back to a reasonable level of skepticism about suggested fixes, and ensure even if you agree with the LLM on an issue, that you understand it well enough to not get screwed over by the LLM suggestion...

Comment Re:Old man yells at clouds (Score 1) 32

It's not sufficient, and it has a lot of false positives, but it can help get a smaller haystack with some of the needles that a human review can miss.

Code review for quality and security is something the LLMs can help without much inherent downside, so long as you do not trust the review but use it instead as an additional pass and make sure you follow up and understand any 'finding'. It *is* a risk if you take it as replacing the need for carefully considered human review, but with discipline you can have the best of both worlds: actually intelligent human review and the detailed coverage an LLM tends to get.

I've found that it's usually wrong, but a fair amount of time despite being wrong, understanding the area it was wrong about yields an a real problem it didn't catch. Then of course, upon occasion it is simply correct.

I would be extra wary of suggested remediations just like other generated code, but I would look into things it flags as somehow tricky.

Comment Thought for the day (Score 1) 32

What if...

Someone (say someone who was familiar with doxygen and GCC) developed number of comment types, where some stipulated preconditions that must be true for the function to run correctly, postconditions that must be true once the function has run, kernel facilities that the function definitely needs, and kernel facilities that the function definitely doesn't need. These would all be optional for any given function.

A static checker could then validate if the code meets the behaviour expected by the programmer. This is precisely what is done in SPARK, a fork of Ada for high-reliability code. Combined with existing static checker capabilities, this would greatly increase the number of bugs that could be caught with all kinds of tools, AI included.

It could ALSO build a full fine-grained mapping for any fine-grained mandatory access controls system. You'd also want includes that you could import for precompiled libraries. This would allow someone to verify if the code was making unanticipated/undesirable calls but would also make SELinux possible to develop for at the application level.

It would not be trivial. If it was trivial, it would have been done simply because it already IS done in other languages and that makes it "obvious" to anyone who has been programming for a while. However, it should not be massively complicated, simply because you can use AI as the static checker. Once it has a definite set of bounda that must be satisfied, it should be much more capable of knowing what paths would violate those bounds. Which means that the checker stage essentially is trivial today, leaving only the markup stage.

Submission + - Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets (nerds.xyz) 1

BrianFagioli writes: Microsoft CEO Satya Nadella warns companies not to give AI firms their secrets

Microsoft CEO Satya Nadella says businesses may be paying twice for artificial intelligence: once with money, and again with the proprietary knowledge they feed into AI systems to make them useful. He calls this the Reverse Information Paradox, arguing that prompts, corrections, evaluations, workflows, and other usage data can gradually expose how a company actually operates.

Nadella says enterprises should keep control of their own models, memory, feedback, and internal learning loops while avoiding dependence on a single AI provider. The warning is notable coming from Microsoft, which sells the cloud infrastructure and AI services needed to build exactly that kind of private environment.

Slashdot Top Deals

The University of California Statistics Department; where mean is normal, and deviation standard.

Working...