Coding is like gardening; it requires good plan, good supplies, but most importantly continuous nurture and maintenance.
In this talk, I will concentrate on refactorings and program transformations that help nurture good code by removing code smells and vulnerabilities. I will describe OpenRefactory/C, an infrastructure for building program transformations for C programs. C, in spite of its popularity, has IDEs with a limited portfolio of program transformations, with limited scalability and limited applicability to real-world programs. OpenRefactory/C aims to have full support for the C preprocessor, support for static analyses, and an API and environment that make it easy for new developers to contribute new refactorings. Refactorings that we have implemented on OpenRefactory/C are bug-free, unlike the refactorings featured in commercial IDEs such as Eclipse CDT, Visual Studio, etc.
I will also describe three complex, security-oriented program transformations that fix issues in C integers. These transformations fixed all variants of integer vulnerabilities featured in benchmark programs of NIST's SAMATE reference dataset and 5 open source software, making the changes automatically on over 15 million lines of code. Being integrated with source code and development process, refactorings and program transformations not only help maintain good code, but also teach developers about how to write and appreciate good code.