Software Engineering Institute

The Redemption tool makes automated repairs to C/C++ source code based on alerts produced by static-analysis tools.

Static analysis tools scan source code, producing many defect alerts, requiring expert effort to validate. The SEI developed an extensible tool that automatically repairs associated code for multiple types of alerts. In May 2024, it repairs three types of alerts: null pointer dereference (EXP34-C), read of uninitialized memory (EXP33-C), and dead code (MSC12-C). The Redemption code repair system can be used as a command-line tool. We also provide a script and instructions for using it as part of a continuous integration (CI) development system. With common tools, users can review and accept any repairs.

The Redemption codebase includes a suite of unit, integration, and regression tests to support further development. We invite others to share their additions and enhancements to the Redemption system by extending it to repair more types of code flaws and to work with alerts from more static analysis tools.