C is Brittle D is Plastic
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Thu Apr 9 02:47:15 UTC 2026
On 09/04/2026 8:01 AM, Walter Bright wrote:
> BTW, if the dedicated static analyzers work, why does AI keep finding
> security bugs in Linux code and everything else?
https://www.ffmpeg.org/security.html
"Note, we have recently seen a spike in false positives. Make sure that
what you report are real issues by careful human verification."
Due to LLM's: https://x.com/FFmpeg/status/2041895360839237952
Early static analyzers had a lot of false positives, which resulted in
the term: static analysis fatigue.
But unlike early static analyzers, LLM's can't be fixed. There is no
code that can be altered to get the desired behavior.
More information about the Digitalmars-d
mailing list