Automated Detection of Bugs in Error Handling for Teaching Secure C Programming
| dc.contributor.author | Schrötter, Max | |
| dc.contributor.author | Falk, Maximilian | |
| dc.contributor.author | Schnor, Bettina | |
| dc.contributor.editor | Greubel, André | |
| dc.contributor.editor | Strickroth, Sven | |
| dc.contributor.editor | Striewe, Michael | |
| dc.date.accessioned | 2023-10-16T04:38:42Z | |
| dc.date.available | 2023-10-16T04:38:42Z | |
| dc.date.issued | 2023 | |
| dc.description.abstract | The Low-Level programming language C is widely used for Operating Systems, Embedded Systems and other performance critical applications. Since these applications are often security critical, they require secure programming. The C language on the other hand allows novice programmers to write insecure code easily. This makes it especially important to teach secure programming and give students feedback on potential security issues. One critical bug that is often overlooked is the incorrect handling of errors. In this paper, we present an Error Handling Analyzer (EHA) for the CoFee framework. The EHA detects missing error handling and incorrect error handling using the Clang Static Analyzer. We evaluated EHA on 100 student submissions and found that error handling bugs are a common mistake and that EHA can detect more than 80 % of the error handling bugs in these submissions. | en |
| dc.identifier.doi | 10.18420/abp2023-1 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/42564 | |
| dc.language.iso | en | |
| dc.pubPlace | Bonn | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Proceedings of the Sixth Workshop "Automatische Bewertung von Programmieraufgaben" (ABP 2023) | |
| dc.relation.ispartofseries | Workshop „Automatische Bewertung von Programmieraufgaben“ | |
| dc.subject | Automated Assessment | |
| dc.subject | Continuous Integration | |
| dc.subject | Continuous Feedback | |
| dc.subject | Situated Learning | |
| dc.subject | Secure Programming | |
| dc.title | Automated Detection of Bugs in Error Handling for Teaching Secure C Programming | en |
| dc.type | Text/Conference Paper | |
| gi.conference.date | October 12-13, 2023 | |
| gi.conference.location | Munich, Germany | |
| gi.conference.sessiontitle | Vollbeiträge |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- paper1.pdf
- Größe:
- 199.93 KB
- Format:
- Adobe Portable Document Format