Calysto: scalable and precise extended static checking

Automatically detecting bugs in programs has been a long-held goal in software engineering. Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases. This paper presents the Calysto stati...

Full description

Saved in:
Bibliographic Details
Published in:International Conference on Software Engineering 2008 Vol. 2008; no. 24
Main Authors: Babic, Domagoj, Hu, Alan J
Format: Journal Article
Language:English
Published: 01.01.2008
ISBN:1605580791, 9781605580791
ISSN:0270-5257
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Automatically detecting bugs in programs has been a long-held goal in software engineering. Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases. This paper presents the Calysto static checker, which achieves an unprecedented combination of precision and scalability in a completely automatic extended static checker. Calysto is interprocedurally path-sensitive, fully context-sensitive, and bit-accurate in modeling data operations - comparable coverage and precision to very expensive formal analyses - yet scales comparably to the leading, less precise, static-analysis-based tool for similar properties. Using Calysto, we have discovered dozens of bugs, completely automatically, in hundreds of thousands of lines of production, open-source applications, with a very low rate of false error reports. This paper presents the design decisions, algorithms, and optimizations behind Calysto's performance.
Bibliography:SourceType-Scholarly Journals-2
ObjectType-Feature-2
ObjectType-Conference Paper-1
content type line 23
SourceType-Conference Papers & Proceedings-1
ObjectType-Article-3
ISBN:1605580791
9781605580791
ISSN:0270-5257
DOI:10.1145/1368088.1368118