Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Predicate calculus and program semantics
Predicate calculus and program semantics
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Hilbert's tenth problem
Efficient building and placing of gating functions
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Automatic formal verification of DSP software
Proceedings of the 37th Annual Design Automation Conference
Symbolic execution and program testing
Communications of the ACM
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The verifying compiler: A grand challenge for computing research
Journal of the ACM (JACM)
Automated Software Engineering
Specification and verification of concurrent systems in CESAR
Proceedings of the 5th Colloquium on International Symposium on Programming
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
Bogor: an extensible and highly-modular software model checking framework
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Predicate Abstraction of ANSI-C Programs Using SAT
Formal Methods in System Design
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient weakest preconditions
Information Processing Letters
Static detection of leaks in polymorphic containers
Proceedings of the 28th international conference on Software engineering
Constructing efficient formal models from high-level descriptions using symbolic simulation
International Journal of Parallel Programming
Static error detection using semantic inconsistency inference
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Boosting Verification by Automatic Tuning of Decision Procedures
FMCAD '07 Proceedings of the Formal Methods in Computer Aided Design
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Exploiting shared structure in software verification conditions
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
What's decidable about arrays?
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Loop Summarization Using Abstract Transformers
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
Symbolic program analysis using term rewriting and generalization
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Width-Based Restart Policies for Clause-Learning Satisfiability Solvers
SAT '09 Proceedings of the 12th International Conference on Theory and Applications of Satisfiability Testing
ACM Computing Surveys (CSUR)
Integration of verification methods for program systems
Programming and Computing Software
Automatic Inference of Frame Axioms Using Static Analysis
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Exploiting program dependencies for scalable multiple-path symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
Small formulas for large programs: on-line constraint simplification in scalable static analysis
SAS'10 Proceedings of the 17th international conference on Static analysis
Practical and effective symbolic analysis for buffer overflow detection
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Context-bounded translations for concurrent software: an empirical evaluation
SPIN'10 Proceedings of the 17th international SPIN conference on Model checking software
Predicate abstraction with adjustable-block encoding
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Defective error/pointer interactions in the Linux kernel
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Generating analyses for detecting faults in path segments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Empirical study of the anatomy of modern sat solvers
SAT'11 Proceedings of the 14th international conference on Theory and application of satisfiability testing
Dynamic scoring functions with variable expressions: new SLS methods for solving SAT
SAT'10 Proceedings of the 13th international conference on Theory and Applications of Satisfiability Testing
Development and evaluation of LAV: an SMT-based error finding platform
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
LLBMC: bounded model checking of C and C++ programs using a compiler IR
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Puzzle-based automatic testing: bringing humans into the loop by solving puzzles
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
A solver for reachability modulo theories
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Interpolation-Based function summaries in bounded model checking
HVC'11 Proceedings of the 7th international Haifa Verification conference on Hardware and Software: verification and testing
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
| Hi-index | 0.00 |
Automatically detecting bugs in programs has been a long-held goal in software engineering. Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases. This paper presents the Calysto static checker, which achieves an unprecedented combination of precision and scalability in a completely automatic extended static checker. Calysto is interprocedurally path-sensitive, fully context-sensitive, and bit-accurate in modeling data operations --- comparable coverage and precision to very expensive formal analyses --- yet scales comparably to the leading, less precise, static-analysis-based tool for similar properties. Using Calysto, we have discovered dozens of bugs, completely automatically, in hundreds of thousands of lines of production, open-source applications, with a very low rate of false error reports. This paper presents the design decisions, algorithms, and optimizations behind Calysto's performance.