Operations | Definition |
Cast | Cast operation – Explicitly convert the value of an object to another data type. |
Coerce | Coerce operation – Implicitly (forced by the Type System) convert the value of a passed in/out argument or the return into the corresponding parameter or return data type. (Type Coercion is known also as Type Juggling.) |
Operands | Definition |
Name | Name operand – The declared identifier for an entity. |
Data | Data operand – The data value of an object – stored in object's memory. |
Type | Type operand – The data type of an object – the set of allowed values (e.g., char is within [-128, 127]) and the operations allowed over them (e.g., +, *, mod). |
Causes | Definition |
Code Bug | Code Bug Type – A code operation defect – proper operands over an improper operation. A first cause for the chain of weaknesses underlying a software security vulnerability. Must be fixed to resolve the vulnerability. |
Wrong Code | |
Missing Code | |
Name Fault | Name Fault/Error Type – The resolved name is wrong. |
Wrong Object Resolved | Wrong Object Resolved fault/error – zzzxxx Object is resolved from wrong scope. |
Missing Overloaded Function | Missing Overloaded Function fault/error – Code for particular function parameters' data types is absent. |
Data Fault | Data Fault/Error Type – The object data has harmed semantics or inconsistent or wrong value |
Under Range | Under Range fault/error – Data value is smaller than type's lower range. |
Over Range | Over Range fault/error – Data value is larger than type's upper range. |
Flipped Sign | Flipped Sign fault/error – Sign bit is overwritten from type related calculation. |
Type Fault | Type Fault/Error Type – The the set or range of allowed values is wrong or the operations allowed on them are wrong. |
Wrong Type | Wrong Type fault/error – A data type range or structure is not correct. |
Wrong Object Type Resolved | Wrong Object Type Resolved fault/error – An object is resolved from a wrong scope, so its data type might be wrong (e.g. a parent vs a child data type). |
Mismatched Argument | Mismatched Argument fault/error – An argument is not of the parameter data type. |
Consequences | Definition |
Type Error | Type Fault/Error Type – The the set or range of allowed values is wrong or the operations allowed on them are wrong. |
Wrong Type | Wrong Type fault/error – A data type range or structure is not correct. |
Data Error | Data Fault/Error Type – The object data has harmed semantics or inconsistent or wrong value |
Wrong Value | Wrong Value fault/error – The value of the data is not accurate (e.g., outside of a range). |
Flipped Sign | Flipped Sign fault/error – Sign bit is overwritten from type related calculation. |
Truncated Value | Truncated Value fault/error – Rightmost bits of value that won’t fit type size are cut off. |
Distorted Value | Distorted Value fault/error – Incorrect value (although fits type size) due to sign flip or signed/unsigned and vice versa cast. |
Rounded Value | Rounded Value fault/error – Real number value precision loss. |
Operations Attributes | Definition |
Mechanism | Mechanism operation attribute type – Shows how the buggy/faulty operation code is performed. |
Pass In | Pass In operation attribute – Supplying "in" arguments' data values to a function/ operator. |
Pass Out | Pass Out operation attribute – Supplying "out" or "in/out" arguments' data values or a return value to a function/ operator. |
Source Code | Source Code operation attribute type – Shows where the buggy/faulty operation code is in the program – in what kind of software. |
Codebase | Codebase operation attribute – The operation is in the programmer's code - in the application itself. |
Third-Party | Third-Party operation attribute – The operation is in a third-party software. |
Standard Library | Standard Library operation attribute – The operation is in the standard library for a particular programming language. |
Compiler/Interpreter | Compiler/Interpreter operation attribute – The operation is in the language processor that allows execution or creates executables (compiler, assembler, interpreter). |
Execution Space | Execution Space operation attribute type – Shows where the buggy/faulty operation code is running or with what privilege level. |
Local | Local operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission. |
Admin | Admin operation attribute – The bugged code runs in an environment with access control policy with unlimited (admin user) permission. |
Bare-Metal | Bare-Metal operation attribute – The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware. |
Operands Attributes | Definition |
Name State | Name State operand attribute type – Shows at what stage the entity name is. |
Resolved | Resolved operand attribute – The name scope is known to the Type System. |
Bound | Bound operand attribute – The name is linked to a declared (or inferred) data type, a defined object's data, or a called function implementation. |
Data Kind | Data Kind operand attribute type – Shows what the data value is. |
Numeric | Numeric operand attribute – A number – a sequence of digits. |
Text | Text operand attribute – A string – a sequence of symbols. |
Pointer | Pointer operand attribute – A holder of the memory address of an object. |
Boolean | Boolean operand attribute – A truth/falcity value – true or false; 1 or 0. |
Type Kind | Type Kind operand attribute type – Shows what the data type composition is. |
Primitive | Primitive operand attribute – A scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types. |
Structure | Structure operand attribute – A composite data type - e.g., array, list, map, class. A structured data type is built from other data types and has primitive or structured members. |