| Operations | Definition |
| Refer | Refer operation – Use a name to access an entity in local or remote scopes of source code. The Type System resolves the name and binds a data type to it. |
| Call | Call operation – Invoke a function implementation. The Type System binds a function implementation to the resolved function name. A polymorphic function implementation is first resolved and then bound. |
| Operands | Definition |
| Name | Name operand – The identifier of an object, function, or data type entity used to reference it. |
| Type | Type operand – The data type of an object – i.e., the set of allowed values (e.g., char is within [-128, 127]) and operations over them (e.g., +, *, mod). |
| Causes | Definition |
| Code Bug | Code Bug type – An error in the implementation of an operation – proper operands over an improper operation. A first cause for the chain of weaknesses underlying a software security vulnerability. Must be fixed to resolve the vulnerability. |
| Erroneous Code | Erroneous Code bug - There is a coding error in the implementation of the operation. |
| Specification Bug | Specification Bug type – A defect in the metadata or algorithm of an operation – proper operands over an improper operation. It is always the first cause for the chain of weaknesses underlying a software security vulnerability. It must be fixed to resolve the vulnerability. |
| Missing Qualifier | A namespace include is absent; or a scope is not specified i na fully qualified name. |
| Wrong Qualifier | A wrong namespace is included, or a wrong scope is specified in a fully qualified name. |
| Name Fault | Name Fault/Error type – The fully resolved name of an entity is wrong. |
| Missing Overridden Function | Missing Overridden Function fault/error – The function implementation in a particular subclass is absent. |
| Missing Overloaded Function | Missing Overloaded Function fault/error – Code for particular function parameters' data types is absent. |
| Type Fault | Type Fault/Error type – The set or range of allowed values of an entity is wrong or the operations allowed on them are wrong. |
| Incomplete Type | Incomplete Type fault/error – A specific constructor, method, or overloaded function is missing. |
| Wrong Generic Type | Wrong Generic Type fault/error – A generic object is instantiated via wrong type argument. |
| Downcast Pointer | Downcast Pointer fault/error – A pointer is cast to a subtype (base to subclass or subclass to subclass) that is incompatible with its object's data type. The object may invoke an overridden function is of a wrong subtype. |
| Wrong Argument Type | Wrong Argument Type fault/error – An argument to an overloaded function is of incorrect data type. |
| Consequences | Definition |
| Name Error | Name Fault/Error type – The fully resolved name of an entity is wrong. |
| Wrong Object Resolved | Wrong Object Resolved fault/error – The object is resolved from wrong scope. |
| Wrong Function Resolved | Wrong Function Resolved fault/error – The function is resolved from wrong scope. |
| Wrong Generic Function Bound | Wrong Generic Function Bound fault/error – Code for a wrong data type is bound due to wrong generic type arguments. |
| Wrong Overridden Function Bound | Wrong Overridden Function Bound fault/error – Code from wrong subtype is bound due to a wrong invoking subtype object. |
| Wrong Overloaded Function Bound | Wrong Overloaded Function Bound fault/error – Wrong overloaded implementation is bound due to wrong function arguments. |
| Type Error | Type Fault/Error type – The set or range of allowed values of an entity is wrong or the operations allowed on them are wrong. |
| Wrong Object Type Resolved | Wrong Object Type Resolved fault/error – An object is resolved from a wrong scope, so its data type might be wrong (e.g., a parent vs a child data type). |
| Wrong Type Resolved | Wrong Type Resolved fault/error – A data type is resolved from a wrong scope. |
| Operations Attributes | Definition |
| Mechanism | Mechanism operation attribute type – Shows how the operation the operation with a bug or faulty operand is performed. |
| Resolve | Resolve operation attribute – The operation is via looking up a name and if needed determining its data type (infer from value, through hierarchy, via generic type attribute). |
| Bind | Bind operation attribute – The operation connects object data type, function return type, parameter data type, or simple function implementation. |
| Early Bind | Early Bind operation attribute – The operation resolves a subtype and sets its a generic function implementation. |
| Late Bind | Late Bind operation attribute – The operation resolves an overridden function via subtype object and sets its implementation. |
| Ad-hoc Bind | Ad-hoc Bind operation attribute – The operation resolves an overloaded function via signature and sets its implementation. |
| Source Code | Source Code operation attribute type – Shows where the code of the operation with a bug or faulty operand resides within the software, firmware, or hardware. |
| Codebase | Codebase operation attribute – The operation is in the programmer's code - in the application itself. |
| Third-Party | Third-Party operation attribute – The operation code is in a third-party source. |
| Standard Library | Standard Library operation attribute – The operation code is in the standard library for a particular programming language. |
| Compiler/Interpreter | Compiler/Interpreter operation attribute – The operation code is in the language processor that allows execution or creates executables (interpreter, compiler, assembler). |
| Execution Space | Execution Space operation attribute type – Shows where the operation with a bug or faulty operand is executed and the privilege level at which it runs. |
| Local | Local operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission. |
| Admin | Admin operation attribute – The bugged code runs in an environment with access control policy with unlimited (admin user) permission. |
| Bare-Metal | Bare-Metal operation attribute – The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware. |
| Operands Attributes | Definition |
| Name Kind | Name Kind operand attribute type – Shows what the entity with this name is. |
| Object | Object operand attribute – A memory region used to store data. |
| Function | Function operand attribute – An organized block of code that when called takes in data, processes it, and produces a result(s). |
| Data Type | Data Type operand attribute – A set of allowed values and the operations allowed over them. |
| Namespace | Namespace operand attribute – An organization of entities' names, utilized to avoid names collision. |
| Type Kind | Type Kind operand attribute type – Shows what the data type composition is. |
| Primitive | Primitive operand attribute – A scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types. |
| Structure | Structure operand attribute – A composite data type - e.g., array, list, map, class. A structured data type is built from other data types and has primitive or structured members. |
