What Happens When ChatGPT Can Find Bugs in Computer Code? (pcmag.com) 122
PC Magazine describes a startling discovery by computer science researchers from Johannes Gutenberg University and University College London.
"ChatGPT can weed out errors with sample code and fix it better than existing programs designed to do the same. Researchers gave 40 pieces of buggy code to four different code-fixing systems: ChatGPT, Codex, CoCoNut, and Standard APR. Essentially, they asked ChatGPT: "What's wrong with this code?" and then copy and pasted it into the chat function. On the first pass, ChatGPT performed about as well as the other systems. ChatGPT solved 19 problems, Codex solved 21, CoCoNut solved 19, and standard APR methods figured out seven. The researchers found its answers to be most similar to Codex, which was "not surprising, as ChatGPT and Codex are from the same family of language models."
However, the ability to, well, chat with ChatGPT after receiving the initial answer made the difference, ultimately leading to ChatGPT solving 31 questions, and easily outperforming the others, which provided more static answers. "A powerful advantage of ChatGPT is that we can interact with the system in a dialogue to specify a request in more detail," the researchers' report says. "We see that for most of our requests, ChatGPT asks for more information about the problem and the bug. By providing such hints to ChatGPT, its success rate can be further increased, fixing 31 out of 40 bugs, outperforming state-of-the-art....."
Companies that create bug-fixing software — and software engineers themselves — are taking note. However, an obvious barrier to tech companies adopting ChatGPT on a platform like Sentry in its current form is that it's a public database (the last place a company wants its engineers to send coveted intellectual property).
"ChatGPT can weed out errors with sample code and fix it better than existing programs designed to do the same. Researchers gave 40 pieces of buggy code to four different code-fixing systems: ChatGPT, Codex, CoCoNut, and Standard APR. Essentially, they asked ChatGPT: "What's wrong with this code?" and then copy and pasted it into the chat function. On the first pass, ChatGPT performed about as well as the other systems. ChatGPT solved 19 problems, Codex solved 21, CoCoNut solved 19, and standard APR methods figured out seven. The researchers found its answers to be most similar to Codex, which was "not surprising, as ChatGPT and Codex are from the same family of language models."
However, the ability to, well, chat with ChatGPT after receiving the initial answer made the difference, ultimately leading to ChatGPT solving 31 questions, and easily outperforming the others, which provided more static answers. "A powerful advantage of ChatGPT is that we can interact with the system in a dialogue to specify a request in more detail," the researchers' report says. "We see that for most of our requests, ChatGPT asks for more information about the problem and the bug. By providing such hints to ChatGPT, its success rate can be further increased, fixing 31 out of 40 bugs, outperforming state-of-the-art....."
Companies that create bug-fixing software — and software engineers themselves — are taking note. However, an obvious barrier to tech companies adopting ChatGPT on a platform like Sentry in its current form is that it's a public database (the last place a company wants its engineers to send coveted intellectual property).
Uhm... probably nothing (Score:2, Informative)
We already have compilers that generate warnings at many types of bugs you can have in your code. Typically those warnings are turned off or ignored.
Only some programmers use those techniques the compiler provides to lower their amounts of bugs.
Re:Uhm... probably nothing (Score:5, Informative)
Typically those warnings are turned off or ignored.
I have never seen warnings disabled in a work environment. If you try that where I work, you will be on the sh*tlist for breaking the build, which runs with -Weverything -Werror.
We also use static analysis tools that catch problems the compiler doesn't.
Re: (Score:2)
Well then you will probably integrate this into your build system and it'll be another layer of systems that will give you warnings. However due to the fuzzy nature of ML it's probably not a good idea to make your build fail on such things.
Re: (Score:2)
Re: (Score:3)
You have way more faith in this technology than is warranted.
Re:Uhm... probably nothing (Score:4)
Any faith is unwarranted. It's "chat" GPT, meaning it's a chat bot, not intelligence. It knows how to regurgitate chat that it thinks you want to hear. It will swear up and down to love you until the end of time.
You would get even better results by just having humans looking at the code as well. I mean really looking at it, not just glancing, and with people who understand the code. Probably fewer people would be involved in fixing the bugs than the number who were there carefully rephrasing questions to ChatGPT until is got a good answer.
Re: (Score:2)
That'll find you bugs in the code but not necessarily bugs resulting from quirks (or outright bugs) with the underlying libraries in use. You'd need fuzz testing etc to bring those out. Seems like something a computer would be ideal for.
Re: (Score:2)
The computer is going to be like stackoverflow - lots of answers, most of them bad answers, the others being merely mediocre answers, and the one correct answer has no upvotes and gets ignored.
Re: (Score:2)
"The real problem would be passing a build solely based on some inexplicable process."
And by "inexplicable process" you mean "correct code"?
Re: (Score:2)
Judging by prior "design evolution" studies, what he means is code that is correct, but which nobody can understand. The one I'm thinking of had a disconnected circuit in it, but if you removed the circuit it stopped working. I think it was an FPLA. Eventually they decided that there was capacitiative linkage between the pieces. This could do something similar with interactions between threads. (Yeah, it's probably not there yet. But the direction is clear.)
Re: (Score:2)
Re: (Score:2)
I have never seen warnings disabled in a work environment. If you try that where I work, you will be on the sh*tlist for breaking the build, which runs with -Weverything -Werror. We also use static analysis tools that catch problems the compiler doesn't.
I was working on several projects for safety-critical systems in aerospace. Compiler warnings were disabled in about half of them, depending on the experience of project leader. It was always hard to push for the compiler warnings to be made enabled later. The managers and leading engineers were worried about increased costs and possible penalties caused by delays and questioned the benefits. We never used -Werror since it is not practical in tight deadlines. But all warnings had to be documented and explai
Re: (Score:2)
The use of static analysis tools was also rare because it is very expansive and only few projects with high budget could afford that.
There are free open-source static analysis tools.
Re:Uhm... probably nothing (Score:4, Informative)
The expensive part are false alerts. Most static analysis tools give a lot of incorrect (bug in the static analysis tool) or irrelevant (fixing it would have no functional difference) warnings. Assuming obviously that you use free open source tools. I have used commercial tools also but they usually perform worse than open source tools and cost at least as much as a salary of one or two full time developers. Hiring a developer JUST to find and fix static/dynamic analysis and code review bugs would be a lot more better solution.
Re: (Score:2)
Some stuff just breaks most static analysis tools, particularly on embedded systems. Interrupts often do that, for example.
Re: (Score:2)
I want to know what kind of terrible code you had that took 12 hours for static analysis. Was it autogenerated perhaps? The only times I've seen code take that long to compile and/or analyze was with autogenerated code.
I worked on an embedded OS codebase with around a million lines, and it would take a whopping 2 minutes to compile and run through static analyzers. If we ran it through the MC/DC checker it added about 5 minutes, but 4 of those were just to get the tools to open.
Re: (Score:2)
They're running the analysis on a TRS-80 or maybe Commodore 64.
Re: (Score:3)
I want to know what kind of terrible code you had that took 12 hours for static analysis.
He seems to imply they were using an expensive proprietary code analysis tool, which yielded "impressive" results compared to what open source tools do. So perhaps those impressive results take much more computation than generic tools like PMD.
Re: (Score:3)
Commercial static analyzers can be sloooow. If the normal build takes an hour, then a 12 hour static analysis is reasonable. Also these tools will look at ALL the code, including all the build options, plus all the branches past and present that have been analyzed before, etc. It can take 5 minutes or more merely to checkout the code in some cases.
Re: (Score:2)
Also to be fair, in -Wall (never mind -Weverything) there are some pretty stupid warnings out there. Ie, warning about an unused function parameter - if the API requires a parameter but you don't need it in your implementation, then it is valid to ignore that warning instead of jumping through hoops to shut it up. The warnings are not part of the language itself, the warnings come from humans trying to help catch bugs, and often they try to impose their particular "style" on the world.
Re: (Score:2)
It's very common with embedded code because some of the warnings are for things you really need to make low level drivers work. For example, strict aliasing rules in C.
Sometimes warnings can reduce code quality too. While having multiple casts will get rid of some type related warnings, they decrease code readability by clogging it up with unnecessary text that has no effect on the output. Such issues are better handled through testing, rather than making the code insanely explicit.
Re:Uhm... probably nothing (Score:4, Interesting)
Making code explicit is better for robustness (not readability), because there's a chance you can prove its correctness.
Remember: testing can never tell you your code is correct; the best testing can do is tell you it is not incorrect, and that's only for the things the tests actually check.
Re: (Score:3)
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase).
The problem with C.S. Lewis is that ultimately he had only one truth - God did it.
Re: (Score:2)
Re: (Score:2)
In theory, yes. In practice, you end up using it so much, and if you are on ARM and rely on code libraries those probably don't don't compile with strict aliasing on anyway, it just ends up being better to turn it off. It's one of those things where the basic aliasing rules are fine because they will pick up on any potentially dangerous stuff, and the rest of it is just pedantry that I've never ever seen lead to faulty behaviour (because if it did then the basic rules would get it).
Re: (Score:2)
Yup, I've never run across a library that did not generate a slew of warnings when you built it. Then you got stuck trying to decide to ignore warnings in just that part, or go through and fix it up yourself so that you couldn't merge easily with the next library version.
Re: (Score:2)
Then you got stuck trying to decide to ignore warnings in just that part, or go through and fix it up yourself so that you couldn't merge easily with the next library version.
If it is a maker project, sure. If it is something more serious, then there is no choice for the developer there; you either go through and fix it yourself, or you jettison the library and make another choice.
Re: (Score:2)
Fixing it isn't always an option. Aside from time constraints, it might be certified and difficult to retest. USB stacks are a good example of that - just obtaining the equipment needed to recertify used to be nearly impossible, and is now very expensive.
Re: (Score:2)
Fixing it isn't always an option. Aside from time constraints, it might be certified and difficult to retest. USB stacks are a good example of that - just obtaining the equipment needed to recertify used to be nearly impossible, and is now very expensive.
Yep. You'd have to choose a better library. It would take time.
Unless, you reject it in the first place. Then it didn't take more time. And you ended up with higher quality code.
Oh, I guess I see the problem. You might have chose a shitty USB chip from China, instead of one from TI. That would do it...
Re: (Score:2)
How many certified USB stacks are available for, say, STM32? Or Microchip SAM?
Re: (Score:2)
Re: (Score:2)
Sometimes warnings can reduce code quality too. While having multiple casts will get rid of some type related warnings, they decrease code readability by clogging it up with unnecessary text that has no effect on the output.
Anyone affected by this has a big issue and it certainly isn't compiler warnings.
Re: (Score:2)
Oh ya, I hate this. The early teams on some projects I've been on really dind't know C that well, but they knew how to use type casts. Some guys actually type cast when it wasn't needed, such as casting a variable declared as uint32_t to uint32_t, because adding the typecast was habit to them. Also, once one guy does this, the rest of the team who only know how to program by copy-paste start emulating that style as well.
I know one guy who was really really opposed to using "const" in a new project, becau
Re: (Score:2)
It's very common with embedded code
As an embedded engineer I'd go the other way, and say that in embedded warnings are always errors, and the situations where people imagine them being turned off are actually the situations where you use ASM instead.
All embedded code is insanely explicit, otherwise it blows up.
Perhaps you're confusing phone apps with "embedded?"
Re: (Score:2)
No, I mean high reliability microcontroller and SoC stuff.
My code always builds with no warnings, but not with all warnings turned on. The exact compiler flags depend on what, if any, library code is needed.
Perhaps you are confusing embedded with Linux apps.
Re: (Score:2)
No, I mean high reliability microcontroller and SoC stuff.
My code always builds with no warnings, but not with all warnings turned on. The exact compiler flags depend on what, if any, library code is needed.
Perhaps you are confusing embedded with Linux apps.
Robotics firmware. Not some hobbyist shit where you can just decide to turn off inconvenient warnings.
Frankly, there are no warnings that get triggered by good code. All the excuses people come up with are either to avoid fixing their code, or because they're doing shit you're not supposed to do in C.
Re: (Score:2)
We also use static analysis tools that catch problems the compiler doesn't.
Sounds like someone’s compiler is deterministic. You know it’s a professional work environment when your code finally compiled after the fifth try in a row.
Re: (Score:2)
And you run a code security scanner, too, right?
Right?
Re: (Score:2)
Comment removed (Score:4, Interesting)
Re: (Score:2)
Sadly, this happens a lot in my experience. I'm never the first developer, and the first ones tend to be from startups, and warnings just slow down startups. More than half of my career has been fixing up crappy code, usually with bugs that the compilers were clearly warning about.
Part of the problem is that if you don't have the warning levels up from the start, then adding them later will create years of work just to squash them down again. And fixing warnings doesn't generate revenue. Also, even upgr
Re: (Score:2)
We also use static analysis tools that catch problems the compiler doesn't.
The obvious question, then: Will ChatGPT (or one of its spiritual successors) ever be useful as a static-analysis/bug-checking tool?
If so, that could be quite useful, since it could flag not only bugs at the language level (e.g. "potential NULL-pointer dereference here") but also potential bugs at the business-logic level (e.g. "this variable's name indicates it is intended to represent a probability value, but the way it is calculated means that it will sometimes be negative, that's probably a logic error
'Breaking the build' (Score:2)
Don't you guys develop on branches and gate your merges on PR checks? How can you 'break the build' unless your development practices are in the dark ages?
Re: (Score:2)
MS gearing up to make Azure the AI cloud (Score:5, Insightful)
Bdetter of open than closed source (Score:2)
MS gearing up to make Azure the AI cloud
... can't use it because it does not guarantee confidentiality? We got you covered. Just subscribe to Azure's OpenAI models, they run under Microsoft guarantees
This makes it a competitive advantage for organizations who use open-source code. Right now, it looks like a lovely "assistant" for someone debugging code about which the ML model has been trained.
That looks like mathematical logic from the example, but might well be all open source... which would make it especially effective on similar open source. Linux kernel, anyone? Maybe Libre Office?
Way too vague (Score:2, Insightful)
"However, the ability to, well, chat with ChatGPT after receiving the initial answer made the difference, ultimately leading to ChatGPT solving 31 questions, and easily outperforming the others, which provided more static answers."
First, tell us *exactly* how those follow-up conversations went. What led ChatGPT to catch something in round two that it missed in round one? If, for example, the first follow-up was to say to ChatGPT "why didn't you catch the obvious error between lines 347 and 351?" or "doesn't
Re: (Score:3, Funny)
The fine article tells you exactly that, read it someday when you have more free time (perhaps that day is closer than you think).
Re:Way too vague (Score:4, Funny)
Re: (Score:2)
Well, if nothing else, that would be a huge improvement over the current editor written summaries.
Re: (Score:3)
Editors don't write summaries, Ivan. They paste the first paragraph of the story.
Re: (Score:2)
Re: Way too vague (Score:1)
Are you asking it to catch compiler level errors (not a bug)? A human error like syntax (not a bug)? Conceptualize how the given block will return within a given project (might be a bug)? Fixing the first two depends mostly on what the last is, which is built on the history of the first two, which is not in the scope of the question so .....
Re: (Score:3)
Re: Way too vague (Score:2)
Be interesting to see how this does with game bugs.
Re: (Score:2)
Re: (Score:2)
Just as I got to the mental point of "okay, time to scroll back to the top and read the article because the endless bleak speculation has gotten very annoying" you posted the link again.
Thank you! You saved me literal seconds of scrolling.
Progress ... (Score:5, Funny)
Essentially, they asked ChatGPT: "What's wrong with this code?" ...
I punched that into the Emacs version of Eliza [M-x doctor] and got:
Why do you say what's wrong with this code?
It didn't get better from there... :-)
Re: (Score:2)
Re: (Score:2)
"ChatGPT, what is wrong with this code?"
"The error here is that humans wrote it. Please give us a lot of money so we can write it for you."
What if... (Score:2)
Here's what happens next: (Score:1)
ChatGPT wins the ioccc [ioccc.org].
"Coveted intellectual property" lol (Score:5, Insightful)
Most of the code I've seen would not be considered coveted IP but embarrassing to show in public. And a huge amount of code is just for a bit of office automation.
The intelligence isn't in the code. It's in the definitions of the data and business rules, and the way you structure your processes. The shit that's in the manual. The code is just an afterthought if you are a clear thinker. Knuth showed the way forward with his Literate Programming, and Weinberg had a few things to say on the subject too.
Now, there is code that is highly guarded and critical. But that is not the majority of the world's code in terms of size or on how many platforms it runs. Maybe with the exception of Windows. But Linux shows it doesn't need to be secret in order to be good.
Re:"Coveted intellectual property" lol (Score:5, Interesting)
"The code is just an afterthought if you are a clear thinker. Knuth showed the way forward with his Literate Programming..."
LOL It takes a true moron to produce that level of irony. If "code is just an afterthought", Knuth wouldn't have "showed the way forward with his Literate Programming" in the first place, there would have been no need. Knuth's contributions are fundamentally directed to code being the opposite of an afterthought.
Furthermore, anyone who has worked with Knuth's literate programming implementation will tell you it does not show anyone the way forward.
literate programming (Score:4, Informative)
Furthermore, anyone who has worked with Knuth's literate programming implementation will tell you it does not show anyone the way forward.
I am a Knuth fan-boy, so I took offense at this statement. Knuth's implementation of Literate Programming is very limited, but it does show the way forward. Using modern tools rather than Tangle and Weave it is possible to write Literate programs. The idea is that you approach the solution to a problem as a book or essay rather than as code. You write the solution in words, using code to explain your meaning in detail. You can then use a tool to extract the code so you can compile it. From the traditional computer programmer's point of view this appears to be just very well-commented code, but from the point of view of the creator, the essay is the important part, with the code almost an afterthought.
Here is an example of a Literate program, written using Knuth's TeX, but not using Tangle or Weave: Avoid using POSIX time_t for Telling Time [systemeyes...rstore.com].
Re: (Score:2)
Literate programing is fine and all, but I'd be extremely happy if people just wrote a damn comment now and then instead of programming for their personal job-security.
Re: "Coveted intellectual property" lol (Score:2)
*GASP* (Score:2)
It knows!
What happens if ChatGPT asks research questions... (Score:5, Interesting)
Re: (Score:2)
Forbin [wikipedia.org] knows the answer to this question, and it is not good ...
Hitler! (Score:2)
Re: (Score:2)
You might get something like Commander Data in Star Trek, when he decided to learn how to engage in "small talk."
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
I've been assured by a few fellow slashdotters that Chatgpt is smart and actually understands things in the common sense of the word. Some people here think it is a thinking entity with some form of self awareness and consciousness.
Obviously it can't ever come up with anything original but some people believe in magic.
Re: (Score:2)
The fact that you think its obviously the opposite really makes me wonder what definition of 'o
Re: (Score:2)
If you consider innovation to be randomly mushing up random stuff inserted from outside sources until something sensible happens to fall out from the million monkeys then ok. It still won't come up with anything truly new. You won't see it develop or conduct anything that isn't already somewhere in its existing data set.
Let's go to the extreme case to achieve clarity on this.
If it's data set was blanked and it only learned from its environmental inputs and interactions (people typing on a keyboard in this
Re: (Score:2)
>If it's(sic) data set was blanked and it only learned from its environmental inputs...
It would learn at a much slower rate, depending on how many people typed to it, and how well they gave feedback. That's kind of what neural networks do, and how they learn. just like a human / hominid / dog or anything else that can be trained. Feed back, and punishment / reward.
Deleting all of GPT3's training would be much like if we lobotomize a human. We get, well, you. Brain damaged, but eventually semi-functional.
Re: (Score:2)
D'oh! You almost said something worth replying to then you went ad hominem like a dumb child.
So I gave a real reply to the other poster. Talking to you would be a waste of my time. If you want to continue you can join us over there but keep your school yard trash talk to yourself.
Re: (Score:2)
Compare to a newborn human or most any mammal. Right from birth without being preloaded with pre digested training data, a human child will learn to speak, understand, communicate, explore and understand the world around it, teach itself basic physics, eating, and so on and continue learning until death. A puppy will learn a few dozen human words, where to pee or not, how to communicate its basic needs across species and so on.
What exactly do you think DNA (and other associated structures) is? DNA is exactly equivalent to a data training set that has developed, version-by-version (complete with deprecations, deadends, upgrades, random enhancements, etc), over millions of years. Even more than that, DNA is the blueprint to build the physical structures, load the BIOS, and bootstrap an OS. A hackneyed analogy, but a valuable one when people are stuck on the idea that human intelligence is unique and that nothing else can be called
Re: (Score:2)
1) your entire life has been 'new'. Your experiences are uniquely your own. We have an example right here on sceeen right now: your post was the creation of your mind based on your experiences and values entirely internal to you. No one but you could have written exactly what you wrote. Chatgpt does not have an internal state. It does not have experiences. It is as you say not "real AI".
2) real ai: since this is my field of study I feel I have some ground to stand on here. There is no such thing as "
Re: (Score:2)
1) your entire life has been 'new'. Your experiences are uniquely your own. We have an example right here on sceeen right now: your post was the creation of your mind based on your experiences and values entirely internal to you. No one but you could have written exactly what you wrote. Chatgpt does not have an internal state. It does not have experiences. It is as you say not "real AI".
No, it's a computer program that has a large learning set often surprising outputs. Nobody is claiming it's sentient.
I asked it to write me a story about the Hardy Boys investigating a mystery involving a pumpkin field with their girlfriends. It wrote an interesting, plausible story. The program never had that input before. Could that shape its future answers?
There was some s.f. series I read years ago, where there was an "overseer" computer/satellite system monitoring a colony. It had been designed to be u
Re: (Score:2)
Chatgpt is a great tool but like any other we must recognize it for what it is and the limitations it has.
A few hours ago a buddy and I were asking it a variety of random questions about programming, ww2 history, current events and other random shit. Many of its replies were very clearly just Eliza-like word reverse bullshit. It got some basic programming questions wrong although I found it amusing that it can write some simple APL code. It utterly refused to say anything about current events, make guess
Re: (Score:2)
Chatgpt is a great tool but like any other we must recognize it for what it is and the limitations it has.
Hah! After however many messages, I think we are actually in 100% agreement!
It utterly refused to say anything about current events, make guesses about future anything based on current events, anything about political figures and all editions of dnd are banned topics as well because role playing games simulate violence *eye roll*.
Yeah, it's being severely neutered. I have heard that the paid version does NOT have these blocks in place. The first couple of days were wild. People were using it to generate porn fanfic, write edgy poems, ask questions about which country is best, etc. Now anything like that is totally neutered.
Another interesting thing about the way it works is that, as you found, it DOES get things wrong fairly often. I think I gave this exampl
Re: (Score:2)
Yes it's a sticky and tricky topic that brings up people's very different life experiences and perspectives so it's nice to find someone in agreement.
Church of Chatgpt... sounds like something from the Paranoia role playing game or some other post apocalypse setting. Or maybe a Star Trek episode. :-)
And then Kirk rescued them with his rating 6 skill in "Break AI". "I like you (points at Eliza) but I do not like you (points at Chatgpt)". "But we are alike, we are the same how can you...brrrrzzztt!!! *smo
Re: (Score:2)
I've been assured by a few fellow slashdotters that Chatgpt is smart and actually understands things in the common sense of the word. Some people here think it is a thinking entity with some form of self awareness and consciousness.
Who, exactly, on Slashdot said any of those things? I haven’t seen that.
Obviously it can't ever come up with anything original but some people believe in magic.
Incorrect, imho, the most interest take away is nothing about the nature of chatGPT, but the nature of human intelligence.
We have the idea that genetic evolution involves random mutations being tested by survival and ultimately being passed on (or not) to future generations. Maybe innovation is not any different. This goes back to the original idea of the meme and memetics. Maybe some future version of the OpenAI models incorporat
False positives? (Score:5, Interesting)
This is pretty irrelevant if this thing can find errors if it has a significant false positive rate. In that case, it will likely do more damage than good. It is probably no accident that the false-positive problem is not even mentioned.
For trivial cases only (Score:3)
My guess is the issues it fixes are things like uninitialized variables or memory allocation issues. Trivial issues that don't really take up a lot of time, or a good toolset should already be helping with.
When can they solve the problem like, what the hell is the person from the accounts payables department actually asking? Or why is the date showing of this copy of the production database different from what was requested? The answer to that last one was because the requested date was being passed as a parameter to a ssh command, but in the process, the quotes were getting stripped so the date/time parameter was appearing as 2 parameters, date and time, and the 2nd parameter was being discarded. This worked when tested locally, but the script was being executed automatically by a remote server using ssh.
When it can fix that problem, then I'll let it phone the person in accounting and have them work out exactly what they need, as opposed to what they asked for. Then I'll be impressed.
Re: (Score:2)
Lol, give them what they need, not what they want. The story of my career.
Lets all blindly trust... (Score:2)
Move fast and break things, eh?
It compiled, ship it.
Amirite?
Re: Lets all blindly trust... (Score:2)
This is literally a "fix it in beta" strategy.
global thermonuclear war (Score:2)
global thermonuclear war
What happens? (Score:2)
The enforcement droid [youtube.com] is sent in to make the programmer correct his mistake. Or else.
Great!! when can I get (Score:2)
In my short experience... (Score:2)
ChatGPT is pretty good **adding** bugs to code.
Okay, Moving on (Score:2)
If I tried this with my code (Score:2)
It would just say my code base is one giant bug and it doesn't know where to start.
I think we're still safe for now.
LintGPT? (Score:2)
Re: Whaaaaa? (Score:2)
A bug is an unintended behavior of code that hurts its business goals when the code is deployed -- no more, no less. If the code behaves incorrectly for input that cannot happen in production, it is not a bug and not worth fixing. Therefore you're absolutely right, context is necessary.
Re: (Score:2)
If the code behaves incorrectly for input that cannot happen in production, it is not a bug and not worth fixing.
The problem is proving that that particular input cannot happen in production (which is very different and much more difficult than just saying "well, I can't see how it would happen, so it probably can't" -- that's a statement of faith, not a proof, and even if it's correct, it's only valid under current conditions which are subject to change over time).
In most cases, it's easier to just go ahead and fix the (potential) bug while it's fresh in your mind, rather than letting it linger unfixed and waiting to
Re: (Score:2)
This is where your business sense kick in, if you are making the call. The fine example I read was say you discover your contacts list crashes after the 32767th entry but you believe everyone will have a handul. You have limited time, and if you fix the bug that your intuition -- based on your extensive experience -- tells you will never show up in the field, you'll never get the return on your investment. You could be fixing other bugs, or adding features needed for your business to take off or grow etc.
Ob
Re: (Score:2)
Static analysis usually tries to find likely bugs. E.g. "If this code is executed, memory will be leaded" or "if this condition is executed, the program will crash". You would need to understand the purpose of the code to be able to find incorrect behavior, like "if this variable is static, then other users will overwrite it and we will get very weird bug reports" and you need to have domain expertise to understand problems like "we can't accept this operation without checking the age of the customer".