Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If a code-generating tool is to be used, it is necessary to select an appropriate tool and undertake validation. Adherence to the requirements of this document may provide one criterion for assessing a tool.

Coding guidance varies depending on how code is generated and maintainedSecure coding guidance may vary depending on whether code is hand-coded versus automatically generated. Categories of code include the following:

  • Tool-generated, tool-maintained - code which that is specified and maintained in a higher - level format , from which language-specific source code is generated. The source code is generated from this higher level description and then provided as input to the language compiler. The generated source code is never viewed or modified by the programmer.
  • Tool-generated, hand-maintained - code which that is specified and maintained in a higher - level format , from which language-specific source code is generated. It is expected or anticipated, however, that at some point in the development cycle, however, that the tool will ceased cease to be used and that the generated source code will be visually inspected and/or manually modified and maintained.
  • Hand-coded - code that has been is manually written by a programmer using a text editor or interactive development environment where ; the programmer maintains source code directly in the source-code format which is provided to the compiler.
  • JIT compilation - also known as dynamic translation, is a technique for improving the runtime performance of a computer program. JIT converts code at runtime prior to executing it natively, for example bytecode into native machine code.
  • Interpreted execution - Interpretation is one of the two major ways in which a programming language can be implemented, the other being compilation. The term interpreter may refer to the program that executes source code that has already been translated to some intermediate form, or it may refer to the program that performs both the translation and execution.

Source code that is written and maintained by hand needs to must have the following properties:

  • readabilityReadability
  • program Program comprehension

These requirements do are not exist applicable for source code that is never directly handled directly by a programmer, although requirements for correct behavior are still applicable. Readability and program comprehension requirements exist for the source code which is hand-coded, regardless of if this source code is interpreted, compiled, or compiled just-in-time (JIT)still apply. Reading and comprehension requirements apply to code that is tool - generated but and hand - maintained , but does do not apply to code that is tool - generated and tool - maintained. Readability and program comprehension requirements do not apply to intermediate forms such as pcode, assembly language, byte-codes that are never meant to be maintained by the programmer. Adequate verification must be performed to ensure that the safety and security properties of the code are maintained at each level of translation and interpretation although this is outside the scope of these language standardsTool-generated, tool-maintained code can impose consistent constraints that ensure the safety of some constructs that are risky in hand-generated code.