Software engineers face challenges managing C++ codebases with security, correctness, and readability issues. These codebases are critical in industries such as finance, healthcare, and transportation. This study addresses the need for a cost-effective, automated remediation solution. It evaluates a methodology to alleviate warnings flagged by open-source SATs in C++ codebases, focusing on improving code readability, security, and correctness.

This study employs a constructive approach, integrating quantitative and qualitative analysis to develop a tool for automating the identification, classification, and mitigation of warnings. The quantitative analysis classifies warning frequencies and types. Qualitative feedback from experienced developers validates and refines the corrections.

The research questions and hypotheses guiding this study are: 1) Can an automated remediation approach be developed to address specific categories of flaws in C++ codebases? 2) What are the measurable impacts of implementing an automated remediation process? 3) Do source code modifications meet the acceptance criteria of human developers?

The study methodology involves developing an automated approach to identify critical flaws, constructing a defect classification system, automating code modifications, and collecting developer feedback. The study findings demonstrated that the tool successfully addressed security and correctness flaws, but increased readability warnings. Developer feedback on proposed solutions was mixed; while technically sound, concerns were raised about impacts on long-term maintenance and code semantics.

The study concludes that automated remediation enhances C++ code quality around security and correctness, but not readability. Future research should explore expanding the tool’s capabilities and its application to other programming languages.