You don't, similar to you don't trust code written by human. The code needs to be audited, line-by-line.
AI can’t even spell/grammar check this article lol.
No it won't. The sequence it follows is 2, 1, 1, 1, ...
After spotting that I was curious if LLMs would also spot it. I asked Perplexity this and gave it the code:
> This is Python code someone posted for a hypothetical vibrator. They said it will vibrate with increasing frequency following Fibonacci numbers: 2, 3, 5, 8, ...
> Does the frequency really increase following that sequence?
It correctly found the actual sequence, explained why the code fails, and offered a fix.
I just ran it, and as long as you start counting at 1, their code works fine, outputting `1, 1, 2, 3, 5, ...`. (Not sure why they say the Fibonacci sequence starts with 2, that's odd.)
But try reading the code that calls fib. It’s so outrageously wrong that it’s fairly easy to read it and pretend they wrote something sensible. Never mind that there isn’t actually a straightforward single-line fix - next_fib would be an entirely different beast from fib.
If they had started with frequency = 4, the real effect of the code would have been to send a couple pulses and then to spend very rapidly (worse than exponentially) increasing time and stack space trying to compute fib.
Fibonacci sequence is defined as "F0 = 0, F1 = 1, Fn = F(n-1) + F(n-2)". The author implemented F1 as a special case but it doesn't need to be. That's the weird part.
Matt Parker (Stand-up Maths) delves into this in a very approachable manner: https://www.youtube.com/watch?v=ghxQA3vvhsk
> How do you write programs when a bug can kill their user?
You accept that you will have a hand in killing users, and you fight like hell to prove yourself wrong. Every code change, PR approval, process update, unit test, hell, even meetings all weigh heavier. You move slower, leaving no stone unturned. To touch on the pacemakers example, even buggy code that kills X% of users will keep Y% alive/improve QoL. Does the good outweigh the bad? Even small amounts of complexity can bubble up and lead to unintended behavior. In a corrected vibrator example, what if frequency becomes so large it overflows and leads to burning the user? Youch.
The best insight I have to offer is that time is often overlooked and taken for granted. I'm talking Y2K data type, time drift, time skew, special relativity, precision, and more. Some of the most interesting and disturbing bugs I've come across all occurred because of time. "This program works perfectly fine, but after 24 hours it starts infinitely logging." If time is an input, do not underestimate time.
> How do we get to a point to `trust` it?
You traverse the entire input space to validate the output space. This is not always possible. In these cases, audit compliance can take the form of traversing a subset of the input space deemed "typical/expected" and moving forward with the knowledge that edge cases can exist. Even with a fully audited software, oddities like a cosmic bit flip can occur. What then? At some point, in this beautifully imperfect world, one must settle for good enough over perfection.
The astute reading above might be furiously pounding their keyboards mentioning the halting problem. We can't even verifiably prove a particular input will provide an output - moreover an entire space.
> I am convinced that open code, specs and (processes) must be requirement going forward.
I completely agree, but I don't believe this will outright prevent user deaths. Having open code, specs, etc aids towards accountability, transparency, and external verification. I must express I feel there are pressures against this, as there is monumental power in being the only party able to ascertain the facts.
https://www.edn.com/toyotas-killer-firmware-bad-design-and-i...
> Embedded software used to be low-level code we’d bang together using C or assembler. These days, even a relatively straightforward, albeit critical, task like throttle control is likely to use a sophisticated RTOS and tens of thousands of lines of code.
Engineers had this responsibility for a long time. The Code of Hammurabi talked about what to do when a builder builds a house and it collapses: Put the builder inside a house and make it collapse. Different versions of this method exist today without killing, but ruining the rest of your life anyway. Today if you build a bridge and it collapses, a house and it collapses or it burns, a car or a motorway that provokes accidents.
A plane that falls down, a toxic detergent, a product that is carcinogenic, a nuclear plant meltdown...
In the case of a Pacemaker is actually not that hard, it is a very simple device and you will die if you don't use it for sure, so first patients accepted the risk of dying from the pacemaker malfunction gladly against the alternative of not using it and dying for sure.
There is a methodology for creating things that can't fail, that goes from exhaustive testing to redundancy elements. As an engineer I have studied and applied it. Some times testing can make things ten to twenty times more expensive, like in aviation or medical components.
There is the option of failing often and learning from mistakes. It is by far the cheapest and fastest option. It was used by early aviators, most of them died testing their machines, but we got amazing planes as a result. It was used in WWII by Americans producing in enormous quantities against much better German machines in smaller numbers. It was used by Soviet Russia to compete against the West spending way less money(and sacrificing people) and it is used today by Elon Musk creating rockets. Thanks to automation we don't need to risk lives while testing, only equipment.
Now some people criticise Elon for testing autopilot with people: It can kill people!!, they say. But also not using it kills people when someone has not slept well and needs to go to a job meeting and falls asleep at the wheel and kills herself and some other driver on the road.
Where can one find such code? Is all of it locked under NDAs?
I worked at a hospital ER when I was still in school. My job was fetching and archiving patient records (physical paper files back in those days). I had to add the most recent report to the file and then return it to the archives. Of course I frequently read those files, and I was very aware of who was coming in and why.
The number of foreign objects lodged in anuses and vaginas was quite high. And it was always stupid objects, like a stick of deodorant, or a candle (?), or a fucking doorknob. It was never a dildo or a vibrator.
Using sex toys made out of (relatively) body safe materials, which are easy to clean, which have flared ends, definitely makes the whole experience a lot safer, and makes a trip to the ER a lot less likely.
I would have guessed that AI ought to be pretty good at converting code into formally verifiable forms. Is anyone working on that?
If I think about anything which might not directly impact human life, AI Code is ok for me.
The point where the majority will start to trust the generated code like we trust our E-Mail Spam Filter it may be difficult. „The machine will probably do the right thing, no need to interact.“
MangoToupe•10h ago
Bold! I wonder what leads to this sort of confidence.
> Radical transparency is the only answer. I am convinced that open code, specs and procesees must be requirement going forward.
Yes. Transparency is the only foundation of trust.
darkwater•6h ago
> Yes. Transparency is the only foundation of trust.
If there is transparency there is no need to trust. You can verify yourself and if you are verifying yourself, you are not trusting. Trust means believing the output someone told you without following all the trails.
Now, transparency, openness and trails to follow are GOOD, and they should always be there. Because if you don't trust, you can check everything yourself. Or because if you forgot something, or start from scratch, you can go back in time and learn what happened and why and who did what, and have a picture in your mind pretty close to actual reality.
Now, we can argue that after a few iterations where you did check someone/something's output completely due to its transparency, you build trust on it and you will not check it in depth anymore. But you could also trust someone just based on the outcome and not the internal procedure. If the outcome was aligned with the promises and its good enough for you, you end up trusting that person anyway.
pbhjpbhj•6h ago
Now, it depends what is on the line, even an open-hardware device could have had a routine built into a chip that seeks to set the battery on fire. Do you decap and check the silicon? Dunno all the firmware and indirect every routine?
For almost anything it's impossible to make a thorough check by yourself.
Transparency means the provider enables such actions though. That builds trust.
* regulatory environment includes the possibility that you can find a person and enact violence on them.
jackdoe•6h ago
honestly just skimming through MIRSA C 2004
> Rule 17.4 (required): Array indexing shall be the only allowed form of pointer arithmetic. Array indexing is the only acceptable form of pointer arithmetic, because it is clearer and hence less error prone than pointer manipulation.
I don't think compliance with such rules really solve things, and in some cases just introduce complexity, e.g there is also rule for never using recursion: Rule 16.2 (required): Functions shall not call themselves, either directly or indirectly
but also, it is easier to judge if a book is good than to write a good book
> Yes. Transparency is the only foundation of trust.
teenagers and corporations disagree :)
guappa•5h ago
praptak•3h ago
guappa•3h ago
praptak•2h ago
I agree that the call stack limit is much more important in environments with tight memory but the rule is about the stack limit, not memory in general.
Edit: for 2. I obviously mean recursion as the class of algorithms, not as the property of the functions used to implement it.
earnestinger•2h ago
Corporation does not care about life per se, it looks at impact on profit.
Corporation has option to sue offender into oblivion (by thoroughly writing contracts)