On 6/11/24 2:28 PM, Alfredo Ortega wrote:
> I added 10000+ checks so far, in about 4 or 5 hs. Final count will
> likely be close to a million.
> It's true that many are useless, perhaps up to 50% of them.  Most
> stack protections put into place by the compiler are also useless.
> But the question is, how many are not useless? and how many checks
> humans missed, but the AI correctly put in place?
> How many vulnerabilities are catched by those new checks? Those are
> the important metrics imho.
> 

A more valuable metric, is how much time will a skilled dev lose on 
checking which ones are valid/useful/wrong?
There is basically nothing wrong with the idea of your approach, but 
committing anything that comes from that AI without human verification 
is, at best, dangerous. And checking with a human has a huge cost.

Besides, you should also avoid changing identation as it makes the diffs 
way less readable.

> El mar, 11 jun 2024 a las 8:59, Stuart Henderson
> (<stu@spacehopper.org>) escribió:
>>
>> On 2024/06/11 07:41, Alfredo Ortega wrote:
>>> But the fact that whole netinet/netinet6 10000+ checks were added with
>>> no human intervention and produced a working, arguably safer kernel,
>>> is surprising to me.
>>> Beware that at the current state, it might not be actually safer as
>>> the checks may actually introduce new bugs.
>>
>> So, 10000+ checks, impossible to properly review, but some of which are
>> obviously at best useless, and even the person showing the changes warns
>> (correctly) that they may introduce bugs. This doesn't really seem a
>> good topic for tech@, perhaps misc if anywhere.
>>
> 

• smime.p7s (4K)