Logo des Repositoriums
 
Konferenzbeitrag

Automated Detection of Bugs in Error Handling for Teaching Secure C Programming

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2023

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

The Low-Level programming language C is widely used for Operating Systems, Embedded Systems and other performance critical applications. Since these applications are often security critical, they require secure programming. The C language on the other hand allows novice programmers to write insecure code easily. This makes it especially important to teach secure programming and give students feedback on potential security issues. One critical bug that is often overlooked is the incorrect handling of errors. In this paper, we present an Error Handling Analyzer (EHA) for the CoFee framework. The EHA detects missing error handling and incorrect error handling using the Clang Static Analyzer. We evaluated EHA on 100 student submissions and found that error handling bugs are a common mistake and that EHA can detect more than 80 % of the error handling bugs in these submissions.

Beschreibung

Schrötter, Max; Falk, Maximilian; Schnor, Bettina (2023): Automated Detection of Bugs in Error Handling for Teaching Secure C Programming. Proceedings of the Sixth Workshop "Automatische Bewertung von Programmieraufgaben" (ABP 2023). DOI: 10.18420/abp2023-1. Gesellschaft für Informatik e.V.. Vollbeiträge. Munich, Germany. October 12-13, 2023

Zitierform

Tags