Why Tree-Sitter Is Inadequate for Program Analysis

GitHub - meloalright/who-ast: ✨ A super simple code analysis tool for both humans and AI agents that tells you who called the function and who implemented it.

✨ A super simple code analysis tool for both humans and AI agents that tells you who called the function and who implemented it. - meloalright/who-ast

Praveen Koka (@praveenkoka) on X

@simonw Explaining HTML is baseline now. Claude parsing obfuscated exploit code is the real capability inflection.

Debt Behind the AI Boom: A Large-Scale Empirical Study of AI-Generated Code in the Wild

AI coding assistants are now widely used in software development. Software developers increasingly integrate AI-generated code into their codebases to improve productivity. Prior studies have shown that AI-generated code may contain code quality issues under controlled settings. However, we still know little about the real-world impact of AI-generated code on software quality and maintenance after it is introduced into production repositories. In other words, it remains unclear whether such issues are quickly fixed or persist and accumulate over time as technical debt. In this paper, we conduct a large-scale empirical study on the technical debt introduced by AI coding assistants in the wild. To achieve that, we built a dataset of 302.6k verified AI-authored commits from 6,299 GitHub repositories, covering five widely used AI coding assistants. For each commit, we run static analysis before and after the change to precisely attribute which code smells, correctness issues, and security issues the AI introduced. We then track each introduced issue from the introducing commit to the latest repository revision to study its lifecycle. Our results show that we identified 484,366 distinct issues, and that code smells are by far the most common type, accounting for 89.3% of all issues. We also find that more than 15% of commits from every AI coding assistant introduce at least one issue, although the rates vary across tools. More importantly, 22.7% of tracked AI-introduced issues still survive at the latest version of the repository. These findings show that AI-generated code can introduce long-term maintenance costs into real software projects and highlight the need for stronger quality assurance in AI-assisted development.

Dante (@thedntx) on X

@simonw i expected it to just reformat the code, but explaining the weird bits first is actually way smarter.

Claude Security mit Verbesserungen in der Public Beta

Mit der Integration von Opus 4.7 erhalten Entwickler tiefgehende Fehleranalysen samt Schweregrad und Konfidenzwert.

田中義弘 | taziku CEO / AI × Creative (@taziku_co) on X

既存スキャナが見逃した脆弱性を、Claude Securityが本番コードから検出。 重要なのは検出だけではない。 各findingを検証し、誤検知を削り、レビュー可能なパッチまで出す。 AIがセキュリティチームの一次対応者になる未来、かなり近い。 詳細は🧵

Release 1.1.0 · rife2/bld-spotbugs

Summary Refactor parsing logic Add nullability contracts What's Changed in 1.1.0 Refactor to extract parsing and enforce nullability contracts in 9721edd Extract XML/SARIF parsing from SpotBugs...

Tempest vs Tempest

The Making and Remaking of Atari's Iconic Video Game