On Fri, May 8, 2026 at 6:26 PM Steve Grubb <[email protected]> wrote: > > On Thursday, May 7, 2026 6:43:25 PM Eastern Daylight Time David Malcolm > wrote: > > On Mon, 2026-05-04 at 10:54 +0200, Siteshwar Vashisht wrote: > > > > > An AI analysis (Sonnet 4.6) of the mass scan is now available[1]. If > > > a > > > package is not listed in the AI analysis report, it did not find any > > > issues that may require immediate attention from upstream or package > > > maintainers. > > > > > > [1] > > > https://svashisht.fedorapeople.org/openscanhub/mass-scans/ai-analysis-f45 > > > -28-Apr-2026 > > > > This is really impressive, thanks. > > > > What inputs from the tools is the AI receiving? With my "GCC analyzer > > maintainer" hat on, I'm wondering: > > > > (a) if GCC could provide additional information that might be of use to > > the AI > > > > (b) if the AI could provide information to the GCC analyzer (e.g. parts > > of the code to focus attention on), or perhaps synthesize additional > > checks to be seen on particular API entrypoints (e.g. "can fail, need > > to check for null", "data is attacker-controlled and needs sanitizing", > > etc). > > > > Re (a), if this is all just text-based, then maybe better human- > > readable output leads to better AI-readable output? > > Better human readable is helpful. They really want well defined structured > output such as SARIF including the optional proposed fixes data. That helps > them zero in on exactly what might be wrong.
SARIF output for GCC was enabled during these scans and it is available in the raw results for each scan under `debug/raw-results/builddir/gcc-results/` directory. For example, see the results for glibc[1]. > > -Steve > > > > -- > _______________________________________________ > devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam, report it: > https://forge.fedoraproject.org/infra/tickets/issues/new [1] https://openscanhub.fedoraproject.org/task/112236/log/glibc-2.43.9000-12.fc45.tar.xz?format=raw -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
