Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Conference Paper

Automated Code Repair Based on Inferred Specifications

  • November 2016
  • By William Klieber, William Snavely
  • In this paper, the authors describe automated repairs for three types of bugs: integer overflows, missing array bounds checks, and missing authorization checks.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Abstract

    Techniques for automated code repair have the potential for greatly aiding in the development of secure and correct code. There are currently a few major difficulties confronting the development and deployment of tools for automated repair; we examine these and briefly explore possible solutions. To give a flavor of what automated repair might look like, we discuss in detail three types of proposed automated repair: (1) repairing inequality comparisons involving integer overflow to behave the same as if unlimited-bitwidth integers were used, (2) inserting memory bounds checks where needed, using dynamic analysis to infer tightest correct bounds, (3) inserting missing authorization checks in a client-server application based on an inferred access control policy.

  • Download

Part of a Collection

2017 SEI Year in Review Resources