Actions
Forum Thread Details
  • Replies 12 replies
  • Subscribers 46 subscribers
  • Views 364 views
  • Users 0 members are here
Related

AI induced errors in your code

michaelkellett

There's an interesting article here:

https://www.eenewseurope.com/en/llms-used-to-code-can-introduce-serious-errors/?hash=93e5355d8bf7ef1fe62975a87f9d012aac4b4f7c7d1099e932443336d0aa983e

The key point of the article is:

"discovered that 440,445 out of 2.23 million code samples generated in Python and JavaScript using LLM models referenced hallucinated packages"

Bad actors can identify popular hallucinations and make real malware packages which will then be loaded into your code.

So unless you have a bomb proof way of checking that any packages referenced in AI generated code you may have serious problems.

Worth thinking about !

MK

  • Indeed. Hence I'm viewing LLM's as currently only useful for driver development on embedded systems, as you always have the datasheet for reference and you can also sense check functions used against OEM SDK (assuming that's used). Probably also safer by sticking with C or if you have a good understanding of C++ go with that to develop your driver class.

    Using LLM's for large scale Python code development is a receipt for disaster, IMHO, unless you have a super rigorous testing programme.

  • in reply to BigG

    Have a look at "vibe coding" especially applied to website development and enjoy the show.

  • I've noticed that, sometimes the AI will choose unexpected libraries, and there is the temptation to just accept it and see where it goes with the code! Some orgs have mechanisms that would avoid that from being introduced into code. Example is financial orgs, they won't allow any library or API or middleware to be used without an 'on-boarding' process, which can easily drag out for months on end (and six months to a year is not unknown), because it needs approval from multiple departments and they will have a documented process to do that so that things are not ignored. As a result, there's massive incentive to try to use libraries/APIs etc that are already in use elsewhere in the org, simply to get the code released quicker.

    Another now popular thing is to modularize the code substantially, and then each portion has it's own enforced rules (for instance, which destinations the portion is allowed to communicate to, and over which ports etc), in other words there's a virtual firewall in-between almost every tiny portion of code, and anomalies are then easily noticed. This doesn't apply all that much to embedded apps unfortunately, although, the Microsoft SDK for a microcontroller (Azure Sphere, it was for some MediaTek chip) which was released around 2019 did contain separate areas for code to execute in, and a sort of rules that could be configured and enforced, for what communication was allowed between those two areas, i.e. a super-tiny firewall (but I don't remember much about it).

  • in reply to shabaz
    shabaz said:
    Some orgs have mechanisms that would avoid that from being introduced into code.

    Mine does. Our engine is vetted on a fenced set of information. And we have a process to introduce new knowledge.

    It 'll come at a cost - we miss a whole lot of training that's available in public. 
    On the other hand, we avoid to get unfriendly code in. And it avoids that our trade secrets leak out to the public.

  • in reply to Jan Cumps

    This makes perfect sense, but is ironic.  (Some) People are using AI to write their code.  But if you want safe, secure, reliable code, you have to check everything before it goes into production.  Is there a time savings?  Maybe.  Maybe not.  But if you don’t want safe reliable code, of course, there is a time savings.

  • Ai is making a lot of incompetent people think they're competent. I'm not a fan of it at all.

    I remember someone asking on a StreamDeck forum where to download the Python SDK. When I pointed out that there wasn't one I was told "ChatGPT says there is. Where is it?" When I pointed out that ChatGT was wrong I was told that I clearly didn't know what I was talking about and AI would take the jobs of dinosaurs like me.

    The best fit I've seen for AI is generating background scenery in Unreal. I feel that if you're making something that doesn't need to be right and that "good enough" will do, then maybe AI can help. If it needs to be exactly right, or you need to be able to understand why it came up with what it did and make fine adjustments then it's not much use.

  • in reply to Fred27

    I've changed my mind somewhat. It can make people that are skilled in using AI, more efficient.

    I've seen it in use (and have helped feed the engine) in  a professional setting now - with the current state of the technology. 

  • in reply to Jan Cumps

    I'll try to keep an open mind and see how things develop.

    Completely coincidentally, I just came across this. I have a lot of respect for Dylan Beattie (although he does seem to like getting his guitar out at conferences a lot).

    dylanbeattie.net/.../the-problem-with-vibe-coding.html

  • in reply to Jan Cumps

    We all make mistakes. The strange thing is that it's harder to spot our own mistakes.

    As such, I view AI as a helper, as you can either get AI to find your own mistakes or if AI has crafted some initial code, you'll find it easier to spot the AI mistakes. Win-win, in my opinion.