Operations | Definition |
Refer | Use a name in local or remote scopes of source code. The Type System resolves the name and binds a data type to it. |
Call | Invoke a function implementation. The Type System binds a function implementation to the resolved function name. A polymorphic function implementation is first resolved and then bound. |
Operands | Definition |
Name | The declared identifier for an entity. |
Type | The data type of an object -- the set of allowed values (e.g., char is within [-128, 127]) and the operations allowed over them (e.g., +, *, mod). |
Causes | Definition |
Code Defect Bug | The operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability. |
Erroneous Code | The operation implementation has a bug. |
Specification Defect Bug | A specification (algorithm, protocol) of an operation an error or a rule (policy, keying material) used by the operation has an error, which when implemented becomes the bug causing the chain of weaknesses underlying a software security vulnerability. It must be fixed to fix the bug and to resolve the vulnerability. |
Missing Qualifier | A namespace include is absent; or a scope is not specified in a fully qualified name. |
Wrong Qualifier | A wrong namespace is included, or a wrong scope is specified in a fully qualified name. |
Name Fault | The resolved name is wrong. |
Missing Overridden Function | Function implementation in a particular subclass is absent. |
Missing Overloaded Function | Code for particular function parameters' data types is absent. |
Type Fault | The set or range of allowed values is wrong or the operations allowed on them are wrong. |
Incomplete Type | A specific constructor, method, or overloaded function is missing. |
Wrong Generic Type | A generic object is instantiated via wrong type argument. |
Confused Subtype | The object invoking an overridden function is of wrong subtype data type. |
Wrong Argument Type | An argument to an overloaded function is of incorrect data type. |
Consequences | Definition |
Name Error | The resolved name is wrong. |
Wrong Object Resolved | zzzxxx Object is resolved from wrong scope. |
Wrong Function Resolved | Function is resolved from wrong scope. |
Wrong Generic Function Bound | Code for a wrong data type is bound due to wrong generic type arguments. |
Wrong Overridden Function Bound | Code from wrong subtype is bound due to a wrong invoking subtype object. |
Wrong Overloaded Function Bound | Wrong overloaded implementation is bound due to wrong function arguments. |
Type Error | The set or range of allowed values is wrong or the operations allowed on them are wrong. |
Wrong Type Resolved | A data type is resolved from a wrong scope. |
Operations Attributes | Definition |
Mechanism | Shows how the buggy/faulty operation code is performed. |
Resolve | Looking up a name and if needed determining its data type (infer from value, through hierarchy, via generic type attribute). |
Bind | Connect object data type, function return type, parameter data type, or simple function implementation. |
Early Bind | Resolving subtype and set generic function implementation. |
Late Bind | Resolving overridden function via subtype object and set implementation. |
Ad-hoc Bind | Resolve overloaded function via signature and set implementation. |
Source Code | Shows where the buggy/faulty operation code is in the program -- in what kind of software. |
Codebase | The operation is in the programmer's code - in the application itself. |
Third-Party | The operation is in a third-party software. |
Standard Library | The operation is in the standard library for a particular programming language. |
Compiler/Interpreter | The operation is in the language processor that allows execution or creates executables (compiler, assembler, interpreter). |
Execution Space | Shows where the buggy/faulty operation code is running or with what privilege level). |
Local | The bugged code runs in an environment with access control policy with limited (local user) permission. |
Admin | The bugged code runs in an environment with access control policy with unlimited (admin user) permission. |
Bare-Metal | The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware. |
Operands Attributes | Definition |
Name Kind | Shows what the entity with this name is. |
Object | A memory region used to store data. |
Function | An organized block of code that when called takes in data, processes it, and produces a result(s). |
Data Type | A set of allowed values and the operations allowed over them. |
Namespace | An organization of entities' names, utilized to avoid names collision. |
Type Kind | Shows what the data type composition is. |
Primitive | A scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types. |
Structure | A composite data type - e.g., array, list, map, class. A structured data type is built from other data types and has primitive or structured members. |