Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mikestorrent 4 hours ago

Static analysis and other tools can find this, but they're expensive; wonder what the kernel team has access to?

PlasmaPower 4 hours ago | parent | next [-]

If static analysis could actually find these issues with a reasonable false positive rate, the companies behind them would be running them on Linux to get the publicity of having found the issues like all the AI companies are doing now. Imo the good static analysis heuristics are already built into compilers or in open source linters.

canucker2016 an hour ago | parent [-]

The cheap, low-hanging "fruit" lint rules have been added to today's C/C++ compilers. But these rules can be fragile, depending on what level the static analysis scan occurs - source-code-level-textual pattern matching or use of an AST/parse tree.

Possible problems within a function should be discoverable.

This particular bug would be hard to discover for a typical linter unless they knew/remembered that there are two execution paths for cleanup of a given element.

emmelaich 34 minutes ago | parent | prev | next [-]

Linus himself wrote a static analyzer. https://en.wikipedia.org/wiki/Sparse

There are other free ones, I don't know if they're run as a matter of course.

canucker2016 an hour ago | parent | prev | next [-]

Coverity scans several open source projects for free. see https://scan.coverity.com/faq and https://scan.coverity.com/projects

see https://scan.coverity.com/projects/linux for the linux-specific scan results - you need to create an account to view the reported defects.

This past couple of weeks isn't a good look for them with the releases of defects found in Linux and Firefox.

TheAdamist 4 hours ago | parent | prev | next [-]

If not static analysis what would ai tools be considered? They're operating off the same source code

Also nice the onion reference by op.

PlasmaPower 3 hours ago | parent | next [-]

"static analysis" is usually deterministic rules you can e.g. put in CI. AI is also somewhat dynamic in that it can execute commands to try stuff out. The best AI vuln finding harnesses work that way, by essentially putting the AI inside of a fuzzer-like environment and telling it to produce a crash.

wizzwizz4 3 hours ago | parent | prev [-]

It's a reference to Xe Iaso's blog (e.g. https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2025...), which is itself a reference to The Onion.

saghm 2 hours ago | parent [-]

It's possible I had seen that blog post and not remembered! I was intending to reference the Onion though (and even googled to make sure I had the wording right), but seeing someone else make the same joke and forgetting is certainly something I would do

ivan_gammel 4 hours ago | parent | prev [-]

Technically, the kernel team is sufficiently competent to design and build bespoke tools for themselves. It‘s probably a question of risk assessment and priorities.