SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 77

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: automated repair intent

...

Repairable—Can an automated repair tool reliably fix an alert by making local changes, and can the repair be guaranteed not to break the code even if the alert is a false positive? (There might exist a small set of cases that the tool cannot repair, but the tool can reliably identify these cases.)

In the context of automated repair, the phrase "break the code" requires more elaboration.  We posit that noncompliant and un-repaired code currently works for some subset of inputs, which we would deem "expected inputs".  To be noncompliant, there must also exist "unexpected inputs" that trigger the noncompliant code to do something unintended.  This might be undefined behavior or simply unexpected or counter-intuitive behavior, such as producing an inaccurate mathematical result.  For a repair to not break the code, the repaired code must exhibit the same behavior for all the expected inputs and only change behavior for some or all of the unexpected inputs.  The changed behavior could be to signal an error condition, using whatever error-handling mechanism the code has adopted.

This definition of a repair differs from a refactor, which we define as a modification of the code that changes no behavior.  That is, the refactored code behaves on both expected and unexpected inputs the same as the un-refactored code.  If code can be automatically refactored to comply with a rule without changing its behavior on any inputs, that rule is automatically repairable (even though any such modification would be a refactor rather than a repair).

An automated repair tool does not need to know the developer's intent of any lines of code when repairing them.  But it can be informed about idiosyncratic general details about the source code's conventions. One example would be whether assertions are disabled in production code. Knowing of such details is necessary if the repair tool must make code changes involving assertions.

The Detectable and Repairable These two questions are combined into a single single Remediation Cost metric value that ranges from 1 to 3, 

...