Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Conference Paper

Automated Code Repair Based on Inferred Specifications

  • November 2016
  • By William Klieber, William Snavely
  • In this paper, the authors describe automated repairs for three types of bugs: integer overflows, missing array bounds checks, and missing authorization checks.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Abstract

    Techniques for automated code repair have the potential for greatly aiding in the development of secure and correct code. There are currently a few major difficulties confronting the development and deployment of tools for automated repair; we examine these and briefly explore possible solutions. To give a flavor of what automated repair might look like, we discuss in detail three types of proposed automated repair: (1) repairing inequality comparisons involving integer overflow to behave the same as if unlimited-bitwidth integers were used, (2) inserting memory bounds checks where needed, using dynamic analysis to infer tightest correct bounds, (3) inserting missing authorization checks in a client-server application based on an inferred access control policy.

  • Download