An official website of the United States government
This research-to-practice paper reports students' perceptions on using a teaching framework called authentic learning to learn about information flow analysis. Using information flow analysis, practitioners find the flow of data across one or multiple programs. Information flow analysis is helpful for multiple software engineering activities, such as detecting software bugs and developing software fuzzing techniques. Despite being helpful in practice, learning about information flow analysis remains an impediment for students, which in turn prevents them from reaping the benefits of using information flow analysis. Therefore, an application of a teaching framework can aid students in learning about information flow analysis. To that end, we systematically investigate if authentic learning---a teaching framework that emphasizes on providing hands on experience for a practically relevant topic---is helpful for students to learn about information flow analysis. Upon conducting the exercise, students are asked to participate in a survey where they report perceptions about the conducted exercise. We analyze data from 170 students who were introduced to information flow analysis through an authentic learning-based exercise. From our analysis, we observe: (i) majority of the students to have little to no knowledge about information flow analysis prior to conducting the authentic learning-based exercise; (ii) 74.1\% of the 170 students find the authentic learning-based exercise helpful to learn about information flow analysis; and (iii) student perceptions to vary for the three components of the authentic learning-based exercise. We conclude our paper by describing the implications of our findings for instructors and researchers. For example, instructors should consider the education level of students while designing activities for individual authentic learning components to educate students on information flow analysis. Furthermore, researchers can devise strategies on how instructors can allocate their efforts for each authentic learning component through empirical studies. These studies may investigate the correlation between reported helpfulness and socio-technical factors, such as education level of students.
more »
« less
Student Perceptions of Authentic Learning to Learn White-box Testing
The pivotal role of white-box testing with respect to software quality assurance, necessitates dissemination of education materials related to white-box testing in the course curriculum. In this poster, we describe our experiences in conducting an authentic learning based exercise related to white-box testing. From a conducted survey with 124 students, we observe the authentic learning-based exercise to be helpful for students to learn about white-box testing.
more »
« less
- PAR ID:
- 10508697
- Publisher / Repository:
- ACM
- Date Published:
- Journal Name:
- The Technical Symposium on Computer Science Education (SIGCSE TS)
- Page Range / eLocation ID:
- 1784-1785
- Subject(s) / Keyword(s):
- Authentic learning White-box testing Student perception
- Format(s):
- Medium: X
- Location:
- Portland, OR, USA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Compiler correctness is crucial, as miscompilation can falsify program behaviors, leading to serious consequences over the software supply chain. In the literature, fuzzing has been extensively studied to uncover compiler defects. However, compiler fuzzing remains challenging: Existing arts focus on black- and grey-box fuzzing, which generates test programs without sufficient understanding of internal compiler behaviors. As such, they often fail to construct test programs to exercise intricate optimizations. Meanwhile, traditional white-box techniques, such as symbolic execution, are computationally inapplicable to the giant codebase of compiler systems. Recent advances demonstrate that Large Language Models (LLMs) excel in code generation/understanding tasks and even have achieved state-of-the-art performance in black-box fuzzing. Nonetheless, guiding LLMs with compiler source-code information remains a missing piece of research in compiler testing. To this end, we propose WhiteFox, the first white-box compiler fuzzer using LLMs with source-code information to test compiler optimization, with a spotlight on detecting deep logic bugs in the emerging deep learning (DL) compilers. WhiteFox adopts a multi-agent framework: (i) an LLM-based analysis agent examines the low-level optimization source code and produces requirements on the high-level test programs that can trigger the optimization; (ii) an LLM-based generation agent produces test programs based on the summarized requirements. Additionally, optimization-triggering tests are also used as feedback to further enhance the test generation prompt on the fly. Our evaluation on the three most popular DL compilers (i.e., PyTorch Inductor, TensorFlow-XLA, and TensorFlow Lite) shows that WhiteFox can generate high-quality test programs to exercise deep optimizations requiring intricate conditions, practicing up to 8 times more optimizations than state-of-the-art fuzzers. To date, WhiteFox has found in total 101 bugs for the compilers under test, with 92 confirmed as previously unknown and 70 already fixed. Notably, WhiteFox has been recently acknowledged by the PyTorch team, and is in the process of being incorporated into its development workflow. Finally, beyond DL compilers, WhiteFox can also be adapted for compilers in different domains, such as LLVM, where WhiteFox has already found multiple bugs.more » « less
-
In today’s fast-paced software development environments, DevOps has revolutionized the way teams build, test, and deploy applications by emphasizing automation, collaboration, and continuous integration/continuous delivery (CI/CD). However, with these advancements comes an increased need to address security proactively, giving rise to the DevSecOps movement, which integrates security practices into every phase of the software development lifecycle. DevOps security remains underrepresented in academic curricula despite its growing importance in the industry. To address this gap, this paper presents a handson learning module that combines Chaos Engineering and Whitebox Fuzzing to teach core principles of secure DevOps practices in an authentic, scenario-driven environment. Chaos Engineering allows students to intentionally disrupt systems to observe and understand their resilience, while White-box Fuzzing enables systematic exploration of internal code paths to discover cornercase vulnerabilities that typical tests might miss. The module was deployed across three academic institutions, and both pre- and post-surveys were conducted to evaluate its impact. Pre-survey data revealed that while most students had prior experience in software engineering and cybersecurity, the majority lacked exposure to DevOps security concepts. Post-survey responses gathered through ten structured questions showed highly positive feedback 66.7% of students strongly agreed, and 22.2% agreed that the hands-on labs improved their understanding of secure DevOps practices. Participants also reported increased confidence in secure coding, vulnerability detection, and resilient infrastructure design. These findings support the integration of experiential learning techniques like chaos simulations and white-box fuzzing into security education. By aligning academic training with realworld industry needs, this module effectively prepares students for the complex challenges of modern software development and operations.more » « less
-
Despite yielding benefits for organizations, infrastructure as code (IaC) scripts are susceptible to security weaknesses, such as hard-coded passwords. Existence of such security weaknesses necessitate integration of education materials related to secure development of IaC scripts. In this preliminary work, we describe our experiences of how application of authentic learning helped students learn about secure development of IaC scripts. Our paper shows education materials based on authentic learning to help students learn about secure IaC development.more » « less
-
The active learning student-centered teaching approach process-oriented guided inquiry learning (POGIL) is a stimulating peer-based pedagogical method gaining momentum based on reported students’ outcomes that align with STEM undergraduate goals and objectives and job market competencies. Specific advanced topics in biology are intractable to many undergraduate students and require innovative, collaborative methods to produce desired learning outcomes. Chemistry instructors originally designed POGIL, and while biology-based POGILs are present in the literature, there is a limited amount of POGILs available in molecular biology. Thus, the current article illustrates a POGIL exercise that explores the central dogma, a fundamental principle in molecular biology. The central dogma of molecular biology provides a framework for gene expression processes and describes the flow of genetic information in living organisms. The central dogma describes how DNA nucleotides are transcribed into RNA nucleotides and translated into proteins. This seminal concept of molecular biology is critical to student understanding in introductory and advanced biological sciences courses. The POGIL exercise is organized based on the learning cycle model associated with inquiry-focused teaching techniques. The learning cycle model promotes gradual concept comprehension and real-world utilization. An increase in molecular biology POGIL exercises is required to improve student understanding and course grades in molecular biology or related disciplines. Examining the efficacy of using the current molecular biology POGIL exercise is necessary from the perspectives of undergraduate students and biology faculty to fortify POGIL usage at colleges and universities.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1145/3626253.3635584
