On 3/19/26 10:48 AM, Steffen Möller via Emc-developers wrote:
We have taken some decisions already:
* cppcheck: We have our code screened for what is an obvious
contender of potential mayhem or just ugly.
Cppcheck's static analysis is a good choice.
These LLMs are exceptionally good in finding potential issues, too.
Yes, they also propose patches to fix those issues, but you do not
need to apply those but can implement this yourself. So:
* LLMs: Code hardening.
The LLMs are good at finding patterns, yes. They are also spectacularly
good at confidently producing bullshit.
So, yes, they can be used to detect potential problems, but each and
every report must be manually scrutinized very carefully. Just
submitting what an LLM found is by definition the slop we want to
prevent. So, yes, you can use it privately, but only submit reports that
have been properly vetted.
FWIW, you do not need a PhD to see the problems in the LinuxCNC code
base. Just the common sense of a reasonably versed programmer will
detect over 90% of the problems at first or second glance.
Do not use LLMs for patch(sets). That is a large problem on the rights
front, as mentioned in the other thread. The rights issues will take
many years to be solved. You do not want to contaminate the code base
and risk costly cleanups.
And then, for anybody not familiar with Ken Thompsen's Turing Award
lecture, please go (re-)read "Reflection on Trusting Trust":
https://dl.acm.org/doi/pdf/10.1145/358198.358210?download=true
(or any of the other sources)
And replace "compiler" with "LLM" where code is generated.
Also, I think we should embrace them for
* Help with the installation of LinuxCNC.
* Support for writing error reports when installation fails?
What people do privately is up to them. What we need to worry about is
what comes our way.
--
Greetings Bertho
(disclaimers are disclaimed)
_______________________________________________
Emc-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/emc-developers
