Operations | Definition |
Calculate | Calculate operation – Find the result of a numeric, pointer, or string operation. |
Evaluate | Evaluate operation – Find the result of a Boolean condition (incl. comparison). |
Operands | Definition |
Name | Name operand – The identifier of an object, function, or data type entity used to reference it. |
Data | Data operand – The data value of an object – i.e., the actual value that is stored in memory. |
Causes | Definition |
Code Bug | Code Bug type – An error in the implementation of an operation – proper operands over an improper operation. It is the roor cause of a security vulnerability. Must be fixed to resolve the vulnerability. |
Wrong Code | Wrong Code bug - An incorrect operator or function is used, or an incorrect data type is specified. |
Erroneous Code | Erroneous Code bug - There is a coding error in the implementation of the operation. |
Name Fault | Name Fault/Error type – The fully resolved name of an entity is wrong. |
Wrong Object Resolved | Wrong Object Resolved fault/error – The object is resolved from wrong scope. |
Wrong Function Resolved | Wrong Function Resolved fault/error – The function is resolved from wrong scope. |
Wrong Generic Function Bound | Wrong Generic Function Bound fault/error – Code for a wrong data type is bound due to wrong generic type arguments. |
Wrong Overridden Function Bound | Wrong Overridden Function Bound fault/error – Code from wrong subtype is bound due to a wrong invoking subtype object. |
Wrong Overloaded Function Bound | Wrong Overloaded Function Bound fault/error – Wrong overloaded implementation is bound due to wrong function arguments. |
Data Fault | Data Fault/Error type – The data of an object has harmed semantics or inconsistent or wrong value. |
Wrong Argument | Wrong Argument fault/error – Inaccurate input data value, i.e., non-verified for harmed semantics. |
Reference vs. Dereference | Reference vs. Dereference fault/error – Using the address of an entity instead of its data value. |
Type Fault | Type Fault/Error type – The set or range of allowed values of an entity is wrong or the operations allowed on them are wrong. |
Wrong Type | Wrong Type fault/error – A data type range or structure is not correct. |
Wrong Object Type Resolved | Wrong Object Type Resolved fault/error – An object is resolved from a wrong scope, so its data type might be wrong (e.g., a parent vs a child data type). |
Consequences | Definition |
Data Error | Data Fault/Error type – The data of an object has harmed semantics or inconsistent or wrong value. |
Wrong Result | Wrong Result fault/error – Incorrect value – from type conversion or computation. |
Under Range | Under Range fault/error – The data value is smaller than the lower range of its type. |
Over Range | Over Range fault/error – The data value is larger than the upper range of its type. |
Flipped Sign | Flipped Sign fault/error – Sign bit is overwritten from type related calculation. |
Wrap Around | Wrap Around fault/error – A moved around-the-clock value over its data type upper or lower range, as it exceeds that range. (Integer Over-/Under-flow is a wrapped-around the upper/lower range integer value; may become very small/large and change to the opposite sign.) |
Type Computation Final Error | Type Computation final error type – An exploitable or undefined system behavior caused by type computation bugs. |
Undefined | Undefined final error – The Type System cannon represent the calculated result (e.g., division by 0). |
Operations Attributes | Definition |
Mechanism | Mechanism operation attribute type – Shows how the operation the operation with a bug or faulty operand is performed. |
Function | Function operation attribute – The operation is via a function. |
Operator | Operator operation attribute – The operation is via a function with a symbolic name that implements a mathematical, relational or logical operation. |
Method | Method operation attribute – The operation is via a member function of an OOP class. |
Lambda Expression | Lambda Expression operation attribute – The operation is performed via an anonymous function, implemented within another function. |
Procedure | Procedure operation attribute – The operation is via a function with a void return type. |
Source Code | Source Code operation attribute type – Shows where the code of the operation with a bug or faulty operand resides within the software, firmware, or hardware. |
Codebase | Codebase operation attribute – The operation is in the programmer's code - in the application itself. |
Third-Party | Third-Party operation attribute – The operation code is in a third-party source. |
Standard Library | Standard Library operation attribute – The operation code is in the standard library for a particular programming language. |
Compiler/Interpreter | Compiler/Interpreter operation attribute – The operation code is in the language processor that allows execution or creates executables (interpreter, compiler, assembler). |
Execution Space | Execution Space operation attribute type – Shows where the operation with a bug or faulty operand is executed and the privilege level at which it runs. |
Local | Local operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission. |
Admin | Admin operation attribute – The bugged code runs in an environment with access control policy with unlimited (admin user) permission. |
Bare-Metal | Bare-Metal operation attribute – The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware. |
Operands Attributes | Definition |
Name State | Name State operand attribute type – Shows what the stage of the entity name is. |
Resolved | Resolved operand attribute – The name scope is known to the Type System. |
Bound | Bound operand attribute – The name is linked to a declared (or inferred) data type, a defined object's data, or a called function implementation. |
Data Kind | Data Kind operand attribute type – Shows what the type or category of data is. |
Numeric | Numeric operand attribute – A number – a sequence of digits. |
Text | Text operand attribute – A string – a sequence of symbols. |
Pointer | Pointer operand attribute – A holder of the memory address of an object. |
Boolean | Boolean operand attribute – A truth/falsity value – true or false; 1 or 0. |