Calysto: scalable and precise extended static checking. Automatically detecting bugs in programs has been a long-held goal in software engineering. Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases. This paper presents the Calysto static checker, which achieves an unprecedented combination of precision and scalability in a completely automatic extended static checker. Calysto is interprocedurally path-sensitive, fully context-sensitive, and bit-accurate in modeling data operations --- comparable coverage and precision to very expensive formal analyses --- yet scales comparably to the leading, less precise, static-analysis-based tool for similar properties. Using Calysto, we have discovered dozens of bugs, completely automatically, in hundreds of thousands of lines of production, open-source applications, with a very low rate of false error reports. This paper presents the design decisions, algorithms, and optimizations behind Calysto’s performance.

Keywords for this software

Anything in here will be replaced on browsers that support the canvas element