BF Declaration (DCL) Bugs Class

Definition

Declaration (DCL) class – An object, a function, a type, or a namespace is declared or defined improperly.

Taxonomy

OperationsDefinition
DeclareDeclare operation – Specify the name and type of an object; the name, return type, and parameters of a function; or the name and type parameters of a type.
DefineDefine operation – Specify the implementation of a function; or the member objects and functions of a type. (The data of an object is specified at its initialization – see MAD and MUS.)
OperandsDefinition
NameName operand – The identifier of an object, function, or data type entity used to reference it.
TypeType operand – The data type of an object – i.e., the set of allowed values (e.g., char is within [-128, 127]) and operations over them (e.g., +, *, mod).
CausesDefinition
Code BugCode Bug type – An error in the implementation of an operation – proper operands over an improper operation. It is the roor cause of a security vulnerability. Must be fixed to resolve the vulnerability.
   Missing CodeMissing Code bug - The operation is misplaced entirely absent.
   Wrong CodeWrong Code bug - An incorrect operator or function is used, or an incorrect data type is specified.
   Erroneous CodeErroneous Code bug - There is a coding error in the implementation of the operation.
Specification BugSpecification Bug type – A defect in the metadata or algorithm of an operation – proper operands over an improper operation. It is the roor cause of a security vulnerability. It must be fixed to resolve the vulnerability.
   Missing ModifierA required behavioral restriction is absent.
   Wrong ModifierA wrong behavioral restriction is specified.
   Anonymous ScopeThe declaration is in an unnamed scope.
   Wrong Scope
Name FaultName Fault/Error type – The fully resolved name of an entity is wrong.
   Wrong Name
Type FaultType Fault/Error type – The set or range of allowed values of an entity is wrong or the operations allowed on them are wrong.
   Wrong Type ResolvedWrong Type Resolved fault/error – A data type is resolved from a wrong scope.
ConsequencesDefinition
Name ErrorName Fault/Error type – The fully resolved name of an entity is wrong.
   Missing Overloaded FunctionMissing Overloaded Function fault/error – Code for particular function parameters' data types is absent.
Type ErrorType Fault/Error type – The set or range of allowed values of an entity is wrong or the operations allowed on them are wrong.
   Wrong TypeWrong Type fault/error – A data type range or structure is not correct.
   Incomplete TypeIncomplete Type fault/error – A specific constructor, method, or overridden function is missing.
   Wrong Generic TypeWrong Generic Type fault/error – A generic object is instantiated via wrong type argument.
   Wrong Argument TypeWrong Argument Type fault/error – An argument to an overloaded function is of incorrect data type.
Size ErrorType Fault/Error type – The set or range of allowed values of an entity is wrong or the operations allowed on them are wrong.
   Insufficient SizeInsufficient Size fault/error – The allocated memory is too little for the data it should store.
Entity Access Final ErrorEntity Access final error type – An exploitable or undefined system behavior caused by declaration bugs.
   Wrong Access ObjectWrong Access Object final error – An unauthorized access to an object; allows access to sensitive data or to member functions.
   Wrong Access TypeWrong Access Type final error – An unauthorized access to a data type; allows access to member objects and functions.
   Wrong Access FunctionWrong Access Function final error – An unauthorized access to a function; allows its execution.
Operations AttributesDefinition
MechanismMechanism operation attribute type – Shows how the operation the operation with a bug or faulty operand is performed.
   SimpleSimple operation attribute – The operation is via non-polymorphic types.
   GenericsGenerics operation attribute – The operation is via parameterization by types.
   OverridingOverriding operation attribute – The operation is via functions with the same name as one in the base type but implemented in different subtypes.
   OverloadingOverloading operation attribute – The operation is via functions with the same name in the same declaration scope, but implemented with different signature.
Source CodeSource Code operation attribute type – Shows where the code of the operation with a bug or faulty operand resides within the software, firmware, or hardware.
   CodebaseCodebase operation attribute – The operation is in the programmer's code - in the application itself.
   Third-PartyThird-Party operation attribute – The operation code is in a third-party source.
   Standard LibraryStandard Library operation attribute – The operation code is in the standard library for a particular programming language.
   Compiler/InterpreterCompiler/Interpreter operation attribute – The operation code is in the language processor that allows execution or creates executables (interpreter, compiler, assembler).
Execution SpaceExecution Space operation attribute type – Shows where the operation with a bug or faulty operand is executed and the privilege level at which it runs.
   LocalLocal operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission.
   AdminAdmin operation attribute – The bugged code runs in an environment with access control policy with unlimited (admin user) permission.
   Bare-MetalBare-Metal operation attribute – The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware.
Operands AttributesDefinition
         Name KindName Kind operand attribute type – Shows what the entity with this name is.
            ObjectObject operand attribute – A memory region used to store data.
            FunctionFunction operand attribute – An organized block of code that when called takes in data, processes it, and produces a result(s).
            Data TypeData Type operand attribute – A set of allowed values and the operations allowed over them.
            NamespaceNamespace operand attribute – An organization of entities' names, utilized to avoid names collision.
         Type KindType Kind operand attribute type – Shows what the data type composition is.
            PrimitivePrimitive operand attribute – A scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types.
            StructureStructure operand attribute – A composite data type - e.g., array, list, map, class. A structured data type is built from other data types and has primitive or structured members.