Performance & Security Heuristics via Machine Learning

[draguve]

Proposing a potential machine learning feature for Zed: a heuristic that estimates the performance impact of each line of code. At a high level, the model would take in a tree of hidden states, each corresponding to a node of the AST and predict a "value" or performance metric for each. You could support multiple languages by passing code through a compiler frontend like LLVM or using Zed’s existing Tree-sitter representations. For additional context, function and variable names could be embedded using something like Sentence Transformers.

Training this model could be relatively straightforward in concept. You could use a fuzzer like AFL++ to generate a wide range of code execution traces, which already include performance metrics and crash data. This approach would let the model learn how code scales and where it might fail.

A major side benefit: since AFL++ tracks crashes and other anomalies, you could also train the model to detect insecure or crash-prone code. Zed could then surface warnings like “This part of the code might be insecure or prone to crashing,” offering developers actionable insights during development.

And because training would likely involve fuzzing open source targets, this process would naturally generate crash reports and edge cases. By filtering and forwarding these issues to the original repositories, you’d not only improve those projects’ security.