The Boston Diaries

The ongoing saga of Sean Conner, who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Sunday, May 24, 2026

The AI has come for my code part II, Monty Python's Flying Circus Edition

It's baaaaaaaaaaaaaack!

Yes, I replied to the previous PR with “Next time, submit the data that will cause the memory overright. Until then, this PR is closed.” It replied with the usual obsequious apology and said that it overstated the severity (“CRITICAL” in all caps) of the bug. And I thought that would be the end of that, that it would go off and spend tons of tokens trying generate input that would attempt to prove the bug and not be able to do it.

But no, it found a novel approach. At first, I was furious, wanting to nuke the LLM from orbit (that's the only way to make sure), but the pure silliness of what it did is just proved too amusing to me.

This time, it managed to “patch” all four calls to memcpy(). Basically, it changed the code from:

opd->sz = min( ... , sizeof(opd->bytes));

to

opd->sz = (uint16_t)min( ... , sizeof(opd->bytes));
assert(opd->sz < sizeof(opd->bytes));

Okay, fair enough. opd->sz is of type uint16_t and min() returns a size_t, so the cast is being explicit about that. Also the assert() is just checking that the result of min() is correct, but min() is also a trivial function:

static inline size_t min(size_t a,size_t b)
{
  return a < b ? a : b;
}

It's so trivial that I didn't even think of calling assert(). And sizeof(opd->bytes) will easily fit in a unit16_t and it's not like the cast is required (and I tend to avoid casts unless absolutely necessary, and often times when it's absolutely necessary, it's a sign the design is wrong). So no, the patches aren't something I would be interested in. But the code patches weren't the amusing part No, that would be the “tests” it wrote “proving” the code was correct.

It wrote, and as Dave Barry likes to say: “I am not making this up,” a Python implementation of the the C code to prove the C code is correct.

No, it did not write Python code to generate a test file for the assembler, nor did it write Python code to feed test data directly into the assembler. No, it transcribed the C code into Python and called it a day.

My God! What have we done?

While I have the temptation to write it back saying it should delete itself, I'm also curious as to how far it will go in trying to get a PR accepted. How much money can I get OrbisAI Security to spend trying to “fix” my poor little assembler? Let's see how deep this Python hole goes …

Obligatory Picture

[Self-portrait with a Christmas Tree] Oh Chrismtas Tree! My Christmas Tree! Rise up and hear the bells!

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

Obligatory AI Disclaimer

No AI was used in the making of this site, unless otherwise noted.

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2026 by Sean Conner. All Rights Reserved.