def test_CMPXCHG8B_symbolic(self):
'''CMPXCHG8B'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
#alloc/map a little mem
code = mem.mmap(0x1000, 0x1000, 'rwx')
data = mem.mmap(0x2000, 0x1000, 'rwx')
mem[code:code+5] = '\xf0\x0f\xc7\x0f;'
cpu.EIP = code
cpu.EDI = cs.new_bitvec(32, 'EDI')
cs.add( Operators.OR(cpu.EDI == 0x2000, cpu.EDI == 0x2100, cpu.EDI == 0x2200 ) )
self.assertEqual(sorted(solver.get_all_values(cs, cpu.EDI)),[0x2000,0x2100,0x2200])
self.assertEqual(cpu.read_int(0x2000,64), 0)
self.assertEqual(cpu.read_int(0x2100,64), 0)
self.assertEqual(cpu.read_int(0x2200,64), 0)
self.assertItemsEqual(solver.get_all_values(cs, cpu.read_int(cpu.EDI,64)), [0])
#self.assertEqual(cpu.read_int(cpu.EDI,64), 0 )
cpu.write_int(0x2100, 0x4142434445464748, 64)
cpu.EAX = cs.new_bitvec(32, 'EAX')
cs.add( Operators.OR(cpu.EAX == 0x41424344, cpu.EAX == 0x0badf00d, cpu.EAX == 0xf7f7f7f7 ) )
cpu.EDX= 0x45464748
cpu.execute()
self.assertTrue(solver.check(cs))
self.assertItemsEqual(solver.get_all_values(cs, cpu.read_int(cpu.EDI,64)), [0, 4702394921427289928])
def testBool4(self):
cs = ConstraintSet()
bf = BoolConstant(value=False)
bt = BoolConstant(value=True)
cs.add(Operators.OR(True, bf))
cs.add(Operators.OR(bt, bt, False))
self.assertTrue(self.solver.check(cs))
def testRelated(self):
cs = ConstraintSet()
aa1 = cs.new_bool(name="AA1")
aa2 = cs.new_bool(name="AA2")
bb1 = cs.new_bool(name="BB1")
bb2 = cs.new_bool(name="BB2")
cs.add(Operators.OR(aa1, aa2))
cs.add(Operators.OR(bb1, bb2))
self.assertTrue(self.solver.check(cs))
# No BB variables related to AA
self.assertNotIn("BB", cs.related_to(aa1).to_string())
self.assertNotIn("BB", cs.related_to(aa2).to_string())
self.assertNotIn("BB", cs.related_to(aa1 == aa2).to_string())
self.assertNotIn("BB", cs.related_to(aa1 == False).to_string())
# No AA variables related to BB
self.assertNotIn("AA", cs.related_to(bb1).to_string())
self.assertNotIn("AA", cs.related_to(bb2).to_string())
self.assertNotIn("AA", cs.related_to(bb1 == bb2).to_string())
self.assertNotIn("AA", cs.related_to(bb1 == False).to_string())
# Nothing is related to tautologies?
self.assertEqual("", cs.related_to(simplify(bb1 == bb1)).to_string())
# But if the tautollogy can not get simplified we have to ask the solver
# and send in all the other stuff
self.assertNotIn("AA", cs.related_to(bb1 == bb1).to_string())
def test_simplify_OR(self):
cs = ConstraintSet()
bf = BoolConstant(value=False)
bt = BoolConstant(value=True)
var = cs.new_bool()
cs.add(simplify(Operators.OR(var, var)) == var)
cs.add(simplify(Operators.OR(var, bt)) == bt)
self.assertTrue(self.solver.check(cs))
