Hallucination in Code

Explanation

LLMs generate text by predicting likely next tokens. 'Likely' is statistical, not semantic. When a model generates filesystem.readFileContents(path), it looks syntactically correct and follows patterns similar to real functions, but may be entirely fabricated. The model isn't lying; it's predicting — incorrectly. Hallucination types: fabricated API methods (calling library.nonExistentMethod() — looks right but throws at runtime), incorrect logic (algorithm that seems plausible but produces wrong results on certain inputs), wrong library usage (real method with wrong arguments or deprecated patterns), invented imports (package that doesn't exist), and version mismatch (API that existed in an older library version but was removed). Risk factors: niche or rarely-used libraries (less training data, more guessing), recent library versions (training cutoff means the model doesn't know about changes), complex multi-step algorithms (more room for subtle errors), and vague prompts (model fills ambiguity with plausible-sounding guesses). Detection: run the code (obvious runtime errors catch hallucinated APIs immediately), test edge cases (wrong logic often only manifests on specific inputs), cross-reference documentation (verify method signatures), and ask the model to explain the code (often reveals uncertainty when asked to reason aloud).

Code Example

// Hallucination examples and how to catch them

// Type 1: Fabricated API
const content = await fs.readFileContents('./data.json');
// WRONG: Node.js fs has readFile/readFileSync, not readFileContents
// Fix: check Node.js docs → fs.promises.readFile('./data.json', 'utf8')

// Type 2: Incorrect algorithm (works for tested case, fails for others)
function binarySearch(arr, target) {
  let lo = 0, hi = arr.length;
  while (lo < hi) {
    const mid = (lo + hi) / 2;   // BUG: should be Math.floor()
    if (arr[mid] === target) return mid;
    arr[mid] < target ? lo = mid : hi = mid; // BUG: infinite loop when lo+1===hi
  }
  return -1;
}
// Passes: binarySearch([1,2,3], 2) → 1
// Fails:  binarySearch([1,2], 1)   → infinite loop!

// Detection checklist:
// 1. Run it — runtime errors surface fabricated APIs immediately
// 2. Test edge cases: empty input, single element, boundary values
// 3. Ask the AI: 'Does fs.readFileContents exist? Double-check.'
// 4. Verify in docs: always check official documentation for any AI-suggested method

Why It Matters for Engineers

Hallucinations are the primary reason AI-generated code requires review. A fabricated API method fails loudly at runtime — easy to catch. A logically incorrect algorithm can ship to production, causing silent data corruption or security vulnerabilities that only manifest on specific inputs or at scale. Understanding that hallucination is a fundamental property of LLMs — not a bug that will be fixed — is important for calibrating trust in AI output. The right response is systematic review: testing edge cases, verifying documentation, and reading generated code critically.