Intel Open-sources AI-powered Tool To Spot Bugs in Code (venturebeat.com) 26
Intel has open-sourced ControlFlag , a tool that uses machine learning to detect problems in computer code -- ideally to reduce the time required to debug apps and software. From a report: In tests, the company's machine programming research team says that ControlFlag has found hundreds of defects in proprietary, "production-quality" software, demonstrating its usefulness. "Last year, ControlFlag identified a code anomaly in Client URL (cURL), a computer software project transferring data using various network protocols over one billion times a day," Intel principal AI scientist Justin Gottschlich wrote in a blog post on LinkedIn.
"Most recently, ControlFlag achieved state-of-the-art results by identifying hundreds of latent defects related to memory and potential system crash bugs in proprietary production-level software. In addition, ControlFlag found dozens of novel anomalies on several high-quality open-source software repositories." The demand for quality code draws an ever-growing number of aspiring programmers to the profession. After years of study, they learn to translate abstracts into concrete, executable programs -- but most spend the majority of their working hours not programming. A recent study found that the IT industry spent an estimated $2 trillion in 2020 in software development costs associated with debugging code, with an estimated 50% of IT budgets spent on debugging.
"Most recently, ControlFlag achieved state-of-the-art results by identifying hundreds of latent defects related to memory and potential system crash bugs in proprietary production-level software. In addition, ControlFlag found dozens of novel anomalies on several high-quality open-source software repositories." The demand for quality code draws an ever-growing number of aspiring programmers to the profession. After years of study, they learn to translate abstracts into concrete, executable programs -- but most spend the majority of their working hours not programming. A recent study found that the IT industry spent an estimated $2 trillion in 2020 in software development costs associated with debugging code, with an estimated 50% of IT budgets spent on debugging.
Re: (Score:1)
yet this trend implies that electric scooters for every special employee does not get the job done? I say if you are going to close the loop, really close the loop. time to redefine what "code" and "coder" mean anyway.
Re: (Score:3)
Given that nowhere in TFA or any linked article is there any information whatsoever on where to get this magical tool or how to use it, I'd say at the moment it doesn't even do a no-ass job.
Managed to find it on Github [github.com]. It looks like it uses a pile of Github repos to train a model that compares their code to yours, and reports differences.
I shall report back...
Re: (Score:2)
So far so good, it installs and runs without having to rebuild the entire planet in the one specific custom configuration that the tool was originally run on (this is the standard for academic-grade code analysis tools).
Further updates once it starts producing output.
Re: (Score:2)
I simply can't by laugh... (Score:3)
Quote: "The demand for quality code draws an ever-growing number of aspiring programmers to the profession."
Seriously? I would have NEVER EVER thought of that requirement... I mean, who would expect that any company would demand a work PROPERLY done?
For example, what company would require an electrician to make a PROPER electrical installation? Or... a medical doctor to perform a PROPER operation?
Re: (Score:2)
That is a funny statement - how *aspiring* programmers would produce "quality code"?
Re:I simply can't by laugh... (Score:4, Insightful)
The problem is, management doesn't want quality code. They want fast code, so they sell you a new version ASAP. They want it done now, done fast, get it working. They don't want it done properly, architected properly, written properly, etc, if it means it'll take longer. Incurring technical debt is something no one in management really cares about.
Likewise, there are electricians who will wire something "mostly OK" in that it will pass inspection, but not necessarily code (basically they hide the bad parts and the inspector doesn't inspect everything). After all, if you have 10 houses to build, you want each trade in and out ASAP. If you find an electrician able to do it in a couple of days, then you can move on, versus one who will do it properly but take a week. 2 days is cheaper than a week.
You can hire programmers that do things properly, or do things fast, or do things cheaply. Pick two. You can hire electricians who do work that exceeds code as well. But they will generally cost more because well, higher quality work.
So if you're tasked with maintaining a project that's barely working, a tool like this with other methods can help scope out the work.
And it's also often why "Rewrite" gets tossed about - it's so full of fragile code no one can touch it. Technical debt accumulates interest at usurious rates.
Re: (Score:2)
The problem is, management doesn't want quality code. They want fast code, so they sell you a new version ASAP. They want it done now, done fast, get it working. They don't want it done properly, architected properly, written properly, etc, if it means it'll take longer.
Sorry that is a stupid myth.
There are 3 kinds of software (I simplify).
a) in house, your own company is using it
b) embedded - basically the same, your own company is using it to run devices
c) software a mere person can buy from the shelf or
Re: (Score:2)
Indeed. What is actually happening is than an ever greater number of inexperienced, non-talented crappy aspirant programmers produce more and more crappy code. The only way to produce code is with experienced, talented, well-educated (and hence expensive) people and that is it and it will never change.
Sure, a tool like this can make good code a bit better and a bit cheaper to produce, but it will never lift crappy code on the level of "good". It is really beyond me that after more than half a century of thi
Re: (Score:2)
I admit, I did not read the linked article yet.
But a tool that would check commits and flag them as "dubious" would not be so bad.
However you are completely right: it would not lift a poor programmer on the level of a good one. For that you need:
a) education - I do not mind self taught
b) experience - that includes the second part of a)
"Experienced people" do not grow on trees. Regardless of trade. They have to work in their field of expertise.
Re: (Score:2)
Indeed.
bugs (Score:2)
WTF??? (Score:5, Informative)
A recent study found that the IT industry spent an estimated $2 trillion in 2020 in software development costs associated with debugging code
Okay, when you have a statement THAT ABSURD you'd better back it up. So RTFA, then that article the text "$2 trillion in 2020" in turn links to this [gartner.com].
I'd like someone to explain to me where in that source article it says $2 trillion was spent on "software development costs associated with debugging code".
Considering that the table shows $503 billion for ALL Enterprise Software, I don't see how 4 times more than that could be spent debugging than spent on software itself.
Nowhere in that article are the words "development" or "debug".
The other article claiming 50% of IT is spent debugging is to a broken url:
http://citeseerx.ist.psu.edu/v... [psu.edu]
Anyway this is BS that doesn't even have BS articles to back it up.
Re: (Score:2)
That was sarcasm on my part, but it is inspired by something I heard about the recession of 2008. The money involved in credit default swaps (which are basically bets on the insurance for real things) was something like 10x the value of the original insurance for real things. It's vaporware. That 10x value does not really exist anywhere, and could not legitimately be paid
Re: WTF??? (Score:2)
Re: (Score:3)
The other article claiming 50% of IT is spent debugging is to a broken url
Perhaps that is because the author did not grasp that competent programmers write the code inside of the debugger.
You know, you can run over 10 lines, and step back each line, add a line and hot load the modified code etc.
Well, I'm not doing that always, but sometimes it is the easiest way to get something running, or fix odd code.
Better than compiler warnings? (Score:5, Insightful)
When I take over a legacy codebase, I upgrade to current compilers and switch on compiler warnings. In the process I was often able to find and fix latent bugs.
What also helps is:
* Have multiple compilers compile the same code base
* Code reviews
* Tests
A tool like this should be measured against -Wall -Werr.
Re: (Score:1)
Re: (Score:3)
What's worse is when you find out someone is developing a modern codebase and they are ignoring every damn warning! Seriously, thousands of warnings and they are suddenly surprised when a bizarre bug pops up.
Always specify which version of C or C++ you are targeting!
Writing quality, bug-free code is HARD (Score:1)
Now it finally works (in simple testcases) but it is very difficult to find bugs in a large software projects that has more than 100.000 lines of code. I have coded in C++ since 1995 (25 years of experience) but there are still easily subtle bugs especially when you code optimized multithread
I think the actual tool is here (Score:3)
Re: (Score:3)
Upstream IntelLabs link: https://github.com/IntelLabs/c... [github.com]
Lint (Score:2)
Ever since Lint became a thing, it and other code quality tools have tried to suggest fixes for coding mistakes. They all spat out a bunch of warnings, most of which everyone always ignored, because they just weren't that important or valuable.
The question about this tool will be, is it smart enough to report only the issues that are important?
Again... (Score:2)
https://github.com/IntelLabs/control-flag [github.com]
They provide training data for C, but seems like you can train it for any language.