top | item 43991059

(no title)

csnate | 9 months ago

Solving the false positive problem is like solving the halting problem. I don’t think we get to a world where static analysis tools don’t have them, AI or otherwise.

That said, I have found LLMs can find bugs in binaries. It’s not all false positives, as far as I can tell. I have a side project I’ve been working on that does just this (shameless plug): PwnScan.com. It’s currently free and focused on binaries.

The bad news is that you quickly get into a situation where you have too many false positives where it’s sometimes not feasible to sort through them all.

discuss

ninetyninenine|9 months ago

It's definitely not like solving the halting problem. A solution 100% exists. You are it. If human intelligence can be realized in physical reality by an actual human brain, then it is provably realizable.

Few things in science exist as a north star in such abundance. We KNOW it can be built. Other futuristic things like interstellar travel... we don't actually know.

ToValueFunfetti|9 months ago

I think it maps perfectly onto the halting problem: just say one of the requirements of your program is halting. Humans can decide whether a program halts in a lot of cases, including more-or-less all of the programs we're likely to encounter. But for the overwhelming majority of possible programs, we can't figure it out.

A useful bug detector doesn't need to overcome this because it would be detecting bugs in the kind of code we write, but there is no bug detector which gives the correct answer for all inputs.