[Valgrind-users] Dynamic analysis with given input

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I have a C program and I want to track all branch conditions which belong
to an execution path corresponding to a concrete input. For example,
consider a simple program:

#include <stdio.h>
#include <string.h>
int test(char* a) {
    if (strcmp(a, "123") == 0)
       return 0;

    if (strcmp(a, "123") < 0)
       return -1;
    else
       return 1;
  }

   int main() {
      char* a;
      return test (a);
  }

With a = "1234", the program return 1 and the corresponding path condition
is strcmp(a, "123") > 0. I want to collect strcmp, "123" and value of this
operator (1). I first thought about working with some C parser but seems
like its not that simple. To get the values of parameters we have to deal
with pointer analysis or external library call, which I don't know how to
solve.

Then I made several searches and come to valgrind. I read around the
documentation and tool description. It's so expressive that valgrind
supports many useful tools. I'm thinking to use *Callgrind *to solve my
problem, but I'm not sure whether its a right choice. Could you please give
me some suggestion? Is this a possible approach and how can I process this
way?

Thank you,

-- 
Loi, Luu The (Mr.)
RA at Security Lab, SoC, NUS