def test_symbolic_concrete(self):
s1 = "hi\0"
s2 = self.state.symbolicate_buffer("+++\0")
strs = self._push2(s1, s2)
ret = strcmp(self.state, *strs)
self.assertTrue(Z3Solver.instance().can_be_true(
self.state.constraints, ret != 0))
self.assertTrue(Z3Solver.instance().can_be_true(
self.state.constraints, ret == 0))
self.state.constrain(s2[0] == ord("a"))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret > 0))
self._clear_constraints()
self.state.constrain(s2[0] == ord("z"))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret < 0))
self._clear_constraints()
self.state.constrain(s2[0] == ord("h"))
self.state.constrain(s2[1] == ord("i"))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret <= 0))
self.state.constrain(s2[2] == ord("\0"))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret == 0))
def test_symbolic_concrete(self):
s1 = 'hi\0'
s2 = self.state.symbolicate_buffer('+++\0')
strs = self._push2(s1, s2)
ret = strcmp(self.state, *strs)
self.assertTrue(Z3Solver.instance().can_be_true(
self.state.constraints, ret != 0))
self.assertTrue(Z3Solver.instance().can_be_true(
self.state.constraints, ret == 0))
self.state.constrain(s2[0] == ord('a'))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret > 0))
self._clear_constraints()
self.state.constrain(s2[0] == ord('z'))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret < 0))
self._clear_constraints()
self.state.constrain(s2[0] == ord('h'))
self.state.constrain(s2[1] == ord('i'))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret <= 0))
self.state.constrain(s2[2] == ord('\0'))
ret = strcmp(self.state, *strs)
self.assertTrue(self.state.must_be_true(ret == 0))
def test_symbolic(self):
sy = self.state.symbolicate_buffer("+++\0")
s = self._push_string(sy)
ret = strlen(self.state, s)
self.assertItemsEqual(
range(4),
Z3Solver.instance().get_all_values(self.state.constraints, ret))
self.state.constrain(sy[0] == 0)
ret = strlen(self.state, s)
self.assertTrue(self.state.must_be_true(ret == 0))
self._clear_constraints()
self.state.constrain(sy[0] != 0)
self.state.constrain(sy[1] == 0)
ret = strlen(self.state, s)
self.assertTrue(self.state.must_be_true(ret == 1))
self._clear_constraints()
self.state.constrain(sy[0] != 0)
self.state.constrain(sy[1] != 0)
self.state.constrain(sy[2] == 0)
ret = strlen(self.state, s)
self.assertTrue(self.state.must_be_true(ret == 2))
self._clear_constraints()
self.state.constrain(sy[0] != 0)
self.state.constrain(sy[1] != 0)
self.state.constrain(sy[2] != 0)
ret = strlen(self.state, s)
self.assertTrue(self.state.must_be_true(ret == 3))
def _solve(self, constraints, val):
results = Z3Solver.instance().get_all_values(constraints,
val,
maxcnt=3)
# We constrain all values to single values!
self.assertEqual(len(results), 1)
return results[0]
def test_addmod(self):
"""
(declare-fun BV () (_ BitVec 256))
(declare-fun BV_2 () (_ BitVec 256))
(declare-fun BV_1 () (_ BitVec 256))
(declare-fun a_1 () (_ BitVec 256))(assert (= a_1 (bvmul BV BV_1)))
(declare-fun a_2 () (_ BitVec 512))(assert (= a_2 ((_ zero_extend 256) BV)))
(declare-fun a_3 () (_ BitVec 512))(assert (= a_3 ((_ zero_extend 256) BV_1)))
(declare-fun a_4 () (_ BitVec 512))(assert (= a_4 (bvmul a_2 a_3)))
(declare-fun a_5 () (_ BitVec 512))(assert (= a_5 ((_ zero_extend 256) BV_2)))
(declare-fun a_6 () (_ BitVec 512))(assert (= a_6 (bvsmod a_4 a_5)))
(declare-fun a_7 () (_ BitVec 256))(assert (= a_7 ((_ extract 255 0) a_6)))
(declare-fun a_8 () (_ BitVec 256))(assert (= a_8 (bvsmod a_1 BV_2)))
(declare-fun a_9 () Bool)(assert (= a_9 (= a_7 a_8)))
(assert (not a_9))
(check-sat)
"""
from manticore.platforms import evm
from manticore.core.smtlib import ConstraintSet, Z3Solver, Operators
constraints = ConstraintSet()
address = 0x41414141414141414141
data = b""
caller = 0x42424242424242424242
value = 0
bytecode = ""
vm = evm.EVM(constraints, address, data, caller, value, bytecode)
self.assertEqual(vm.ADDMOD(12323, 2343, 20), 6)
self.assertEqual(vm.ADDMOD(12323, 2343, 0), 0)
A, B, C = (
0x780000002090309A004201626B1400041D318000000200008A0080089C042DA7,
0xF000000740403F7007C012807BED003BE2CE800000060000FFFFBFF7E4087033,
0x338000080FFFFF64AAAACFFCF7DBFA408000000000000270120000001E7C2ACF,
)
self.assertEqual(
vm.ADDMOD(A, B, C),
23067954172474524581131069693479689311231082562138745684554374357070230297856,
)
a, b, c = (
constraints.new_bitvec(256),
constraints.new_bitvec(256),
constraints.new_bitvec(256),
)
constraints.add(a == A)
constraints.add(b == B)
constraints.add(c == C)
result = vm.ADDMOD(a, b, c)
# 0x32ffffd700d073ae080133f517d922bd000000000007f1611e003fffc9239d00
self.assertEqual(
Z3Solver.instance().get_all_values(constraints, result),
[
0x32FFFFD700D073AE080133F517D922BD000000000007F1611E003FFFC9239D00
],
)
def test_mulmod(self):
"""
(declare-fun BV () (_ BitVec 256))
(declare-fun BV_2 () (_ BitVec 256))
(declare-fun BV_1 () (_ BitVec 256))
(declare-fun a_1 () (_ BitVec 256))(assert (= a_1 (bvmul BV BV_1)))
(declare-fun a_2 () (_ BitVec 512))(assert (= a_2 ((_ zero_extend 256) BV)))
(declare-fun a_3 () (_ BitVec 512))(assert (= a_3 ((_ zero_extend 256) BV_1)))
(declare-fun a_4 () (_ BitVec 512))(assert (= a_4 (bvmul a_2 a_3)))
(declare-fun a_5 () (_ BitVec 512))(assert (= a_5 ((_ zero_extend 256) BV_2)))
(declare-fun a_6 () (_ BitVec 512))(assert (= a_6 (bvsmod a_4 a_5)))
(declare-fun a_7 () (_ BitVec 256))(assert (= a_7 ((_ extract 255 0) a_6)))
(declare-fun a_8 () (_ BitVec 256))(assert (= a_8 (bvsmod a_1 BV_2)))
(declare-fun a_9 () Bool)(assert (= a_9 (= a_7 a_8)))
(assert (not a_9))
(check-sat)
"""
from manticore.platforms import evm
from manticore.core.smtlib import ConstraintSet, Z3Solver, Operators
constraints = ConstraintSet()
address = 0x41414141414141414141
data = b""
caller = 0x42424242424242424242
value = 0
bytecode = ""
vm = evm.EVM(constraints,
address,
data,
caller,
value,
bytecode,
gas=23000)
self.assertEqual(vm.MULMOD(12323, 2343, 20), 9)
self.assertEqual(vm.MULMOD(12323, 2343, 0), 0)
A, B, C = (
110427941548649020598956093796432407239217743554726184882600387580788736,
1048576,
4194319,
)
self.assertEqual(vm.MULMOD(A, B, C), 2423129)
a, b, c = (
constraints.new_bitvec(256),
constraints.new_bitvec(256),
constraints.new_bitvec(256),
)
constraints.add(a == A)
constraints.add(b == B)
constraints.add(c == C)
result = vm.MULMOD(a, b, c)
# 0x8000000000000000000000000000000000000000000000000000000082000011
self.assertEqual(
Z3Solver.instance().get_all_values(constraints, result), [2423129])
import tempfile
import os
import gc
import pickle
import fcntl
import resource
from itertools import *
import sys
from manticore.native.memory import *
from manticore.utils.helpers import issymbolic
from manticore.core.smtlib import Z3Solver, Operators
from manticore.core.smtlib.expression import *
from manticore.core.smtlib.visitors import *
solver = Z3Solver.instance()
class LazyMemoryTest(unittest.TestCase):
_multiprocess_can_split_ = True
def test_basic(self):
cs = ConstraintSet()
mem = LazySMemory32(cs)
mem.mmap(0, 4096, 'rwx', name='map')
m = mem.maps.pop()
self.assertIsInstance(m, AnonMap)
self.assertEqual(m.name, 'map')
def test_read(self):
