
Automated Program Repair - matt_d
https://cacm.acm.org/magazines/2019/12/241055-automated-program-repair/fulltext
======
derefr
One case where this is already eminently possible, is automatically keeping a
codebase's dependencies up-to-date. We already have CI scripts that find out-
of-date dependency specifications and notify the developer of them. It's not
far from there to having said CI script generate a PR for an update to said
dependency, hypothetically apply it, and then actually merge it in if all the
tests still pass. (And, rather than just giving up if the absolute-newest dep
version doesn't work, such a system could easily be extended to bisect the
dep's version history to find the newest version it _could_ update to without
breaking the build, perhaps constrained by the dependency's version-constraint
string.)

~~~
QuinnWilton
You can do this with Dependabot [0], recently acquired by Github.

We use Dependabot, and I love it for our backend repositories, but anything
with node dependencies ends up being easier to manually update (because there
ends up being so many dependencies that get updated every day, that opening a
PR for each one essentially launches a denial of service attack on our CI
system)

[0] [https://dependabot.com/](https://dependabot.com/)

~~~
nwah1
Their homepage states:

>Live, daily, weekly or monthly updates

>Choose to receive update PRs live, daily, weekly or monthly. We make an
exception for security patches, which you'll always receive immediately.

~~~
QuinnWilton
Configuring it to open pull requests less frequently doesn't help, since
dependencies still get updated one by one, rather than in batches. I've found
it easier to just run an interactive yarn upgrade every so often.

------
michael-ax
e.g. the true state of AI today suffers from our pedestrian ability to
actually specify what we're trying to do?

~~~
nine_k
Actually specifying what we are trying to do is nearly the whole of the
programming.

Describing things correctly and with all necessary detail is genuinely hard,
because building a _mental picture_ required for that is hard, even with all
the information tools we have.

