Design and Use of a Visualization for Teaching Integer Coercion

ABSTRACTThe C language is used to develop software that implements fundamental mechanisms used by higher level software to protect data. Yet C continues to be difficult for students to understand and use securely, and integer errors continue to create vulnerabilities. In fact, \em Integer Overflow or Wraparound is listed at position 11 in the 2020 CWE Top 25 Most Dangerous Software Weaknesses. This paper presents the Expression Evaluation (EE) visualization tool that helps students understand the type conversions that take place implicitly within a C program. This tool depicts step-wise the coercions that take place within the compilation of an expression with mixed integer type operands. This enables students to create unlimited examples to test their understanding. We present the results of our evaluation of EE in both a lower-level class and an upper-level class. We also present the results of an expanded evaluation of a complementary integer security education tool Integer Representation (IR) in these same classes. This represents evaluation of IR across a wider student audience; prior evaluations of the IR tool were within classes focused on low-level programming and security. Our evaluation results showed that students in an upper-level course improved their understanding in both IR and EE more significantly than students in a lower-level course. As shown by the data collected from both classes, our tools were easy to use and very effective.