Software Engineering Institute

Techniques for automated code repair have the potential for greatly aiding in the development of secure and correct code. There are currently a few major difficulties confronting the development and deployment of tools for automated repair; we examine these and briefly explore possible solutions. To give a flavor of what automated repair might look like, we discuss in detail three types of proposed automated repair: (1) repairing inequality comparisons involving integer overflow to behave the same as if unlimited-bitwidth integers were used, (2) inserting memory bounds checks where needed, using dynamic analysis to infer tightest correct bounds, (3) inserting missing authorization checks in a client-server application based on an inferred access control policy.