Avalanche: dynamic program analysis tool
Avalanche − an automatic program traversal and defect detection tool based on Valgrind (dynamic instrumentation framework) − started by program analysis group as a project in 2009. It performs an extensive analysis of a target program by tracing tainted data flow (all external input data received through input streams, file system, network sockets, environment variables and command line arguments, and internal program data derived from external input data) through executed code branching points. Collected data is used to generate special queries which are subsequently processed by an SMT solver to produce modified input data sets; these data sets provide different execution paths when processed by the target program. Thus, through an iterative process every possible execution path in the target program is traversed and checked for critical runtime defects.
Avalanche tool provides support for automatic detection of such defects as null pointer dereferences, mathematical errors (division by zero) and others.
Current work on the project focuses on the following three major research directions:
- the use of parallel and distributed computing models;
- targeted dynamic analysis – traversing execution paths through specific program modules;
- hybrid static and dynamic analysis approach – using Avalanche to automatically reproduce and verify defects detected through a static analysis tool.