From: Stuart Henderson Subject: Re: AI-Driven Security Enhancements for OpenBSD Kernel To: Alfredo Ortega Cc: tech@openbsd.org Date: Tue, 11 Jun 2024 13:54:19 +0100 On 2024/06/11 09:28, Alfredo Ortega wrote: > I added 10000+ checks so far, in about 4 or 5 hs. Final count will > likely be close to a million. > It's true that many are useless, perhaps up to 50% of them. Most > stack protections put into place by the compiler are also useless. > But the question is, how many are not useless? and how many checks > humans missed, but the AI correctly put in place? Seems that many of the checks are adding return/continue when things don't match conditions which aren't handled in the code. But who is to say that's a safe thing to do in any given case? It might often be better to let the kernel crash so the problems are more obvious.