class TestAstSimplificationIssue1(unittest.TestCase):
"""Testing AST simplification. From #740."""
def setUp(self):
self.ctx = TritonContext()
self.ctx.setArchitecture(ARCH.X86_64)
self.ctx.addCallback(self.simplification_0,
CALLBACK.SYMBOLIC_SIMPLIFICATION)
self.astCtxt = self.ctx.getAstContext()
def test_simplification(self):
# (bvadd
# (bvadd
# (bvsub SymVar_2 (_ bv2142533311 64))
# (_ bv1 64)
# )
# (_ bv2142533311 64)
# )
a = self.astCtxt.bv(1, 64)
b = self.astCtxt.bv(2142533311, 64)
c = self.astCtxt.variable(self.ctx.newSymbolicVariable(64))
node = (((c - b) + a) + b)
snode = self.ctx.simplify(node)
self.assertEqual(node.getType(), AST_NODE.BVADD)
self.assertEqual(node.getChildren()[0], c)
self.assertEqual(node.getChildren()[1], a)
@staticmethod
def simplification_0(ctx, node):
# (((var - val1) + val2) + val1) => (var + val2)
if node.getType() == AST_NODE.BVADD:
c0 = node.getChildren()[0] # ((var + val1) + val2)
c1 = node.getChildren()[1] # val1
if c0.getType() == AST_NODE.BVADD and c1.getType() == AST_NODE.BV:
c00 = c0.getChildren()[0] # (var + val1)
c01 = c0.getChildren()[1] # val2
# ((var + val1) + val2)
if c00.getType() == AST_NODE.BVSUB and c01.getType(
) == AST_NODE.BV:
c000 = c00.getChildren()[0] # var
c001 = c00.getChildren()[1] # val1
# (var + val1)
if c001.getType() == AST_NODE.BV and c001.evaluate(
) == c1.evaluate():
# return (var + val2)
return c000 + c01
return node
def initialize():
Triton = TritonContext()
# Define the target architecture
Triton.setArchitecture(ARCH.X86_64)
# Define symbolic optimizations
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
# Define internal callbacks.
Triton.addCallback(memoryCaching, CALLBACK.GET_CONCRETE_MEMORY_VALUE)
Triton.addCallback(constantFolding, CALLBACK.SYMBOLIC_SIMPLIFICATION)
# Load the meory dump
load_dump(Triton, os.path.join(os.path.dirname(__file__), "baby-re.dump"))
# Symbolize user inputs
symbolizeInputs(Triton)
return Triton
def initialize():
Triton = TritonContext()
# Define the target architecture
Triton.setArchitecture(ARCH.X86_64)
# Define symbolic optimizations
Triton.enableMode(MODE.ALIGNED_MEMORY, True)
Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True)
# Define internal callbacks.
Triton.addCallback(memoryCaching, CALLBACK.GET_CONCRETE_MEMORY_VALUE)
Triton.addCallback(constantFolding, CALLBACK.SYMBOLIC_SIMPLIFICATION)
# Load the meory dump
load_dump(Triton, os.path.join(os.path.dirname(__file__), "baby-re.dump"))
# Symbolize user inputs
symbolizeInputs(Triton)
return Triton
class TestCallback(unittest.TestCase):
"""Testing callbacks."""
def test_get_concrete_memory_value(self):
global flag
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
flag = False
self.Triton.addCallback(self.cb_flag,
CALLBACK.GET_CONCRETE_MEMORY_VALUE)
# movabs rax, qword ptr [0x1000]
self.Triton.processing(
Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00"))
self.assertTrue(flag)
flag = False
self.Triton.removeCallback(self.cb_flag,
CALLBACK.GET_CONCRETE_MEMORY_VALUE)
# movabs rax, qword ptr [0x1000]
self.Triton.processing(
Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00"))
self.assertFalse(flag)
def test_get_concrete_register_value(self):
global flag
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
flag = False
self.Triton.addCallback(self.cb_flag,
CALLBACK.GET_CONCRETE_REGISTER_VALUE)
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertTrue(flag)
flag = False
self.Triton.removeCallback(self.cb_flag,
CALLBACK.GET_CONCRETE_REGISTER_VALUE)
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertFalse(flag)
# Remove all callbacks
flag = False
self.Triton.addCallback(self.cb_flag,
CALLBACK.GET_CONCRETE_REGISTER_VALUE)
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertTrue(flag)
flag = False
self.Triton.removeAllCallbacks()
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertFalse(flag)
@staticmethod
def cb_flag(api, x):
global flag
flag = True
class TestCallback(unittest.TestCase):
"""Testing callbacks."""
def test_get_concrete_memory_value(self):
global flag
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
flag = False
self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE)
# movabs rax, qword ptr [0x1000]
self.Triton.processing(Instruction("\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00"))
self.assertTrue(flag)
flag = False
self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE)
# movabs rax, qword ptr [0x1000]
self.Triton.processing(Instruction("\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00"))
self.assertFalse(flag)
def test_get_concrete_register_value(self):
global flag
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
flag = False
self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE)
self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx
self.assertTrue(flag)
flag = False
self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE)
self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx
self.assertFalse(flag)
# Remove all callbacks
flag = False
self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE)
self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx
self.assertTrue(flag)
flag = False
self.Triton.removeAllCallbacks()
self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx
self.assertFalse(flag)
@staticmethod
def cb_flag(api, x):
global flag
flag = True
c2_not = getNot(c2)
c1_nonNot = getNonNot(c1)
c2_nonNot = getNonNot(c2)
if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot):
return c1_nonNot ^ c2_nonNot
return node
if __name__ == "__main__":
# Set arch to init engines
Triton.setArchitecture(ARCH.X86_64)
# Record simplifications
Triton.addCallback(CALLBACK.SYMBOLIC_SIMPLIFICATION, xor_1)
Triton.addCallback(CALLBACK.SYMBOLIC_SIMPLIFICATION, xor_2)
astCtxt = Triton.getAstContext()
a = astCtxt.bv(1, 8)
b = astCtxt.bv(2, 8)
# Example 1
c = a ^ a
print('Expr: ', c)
c = Triton.simplify(c)
print('Simp: ', c)
print()
c2_not = getNot(c2)
c1_nonNot = getNonNot(c1)
c2_nonNot = getNonNot(c2)
if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot):
return c1_nonNot ^ c2_nonNot
return node
if __name__ == "__main__":
# Set arch to init engines
Triton.setArchitecture(ARCH.X86_64)
# Record simplifications
Triton.addCallback(xor_1, CALLBACK.SYMBOLIC_SIMPLIFICATION)
Triton.addCallback(xor_2, CALLBACK.SYMBOLIC_SIMPLIFICATION)
astCtxt = Triton.getAstContext()
a = astCtxt.bv(1, 8)
b = astCtxt.bv(2, 8)
# Example 1
c = a ^ a
print('Expr: ', c)
c = Triton.simplify(c)
print('Simp: ', c)
print()
class TestCallback(unittest.TestCase):
"""Testing callbacks."""
def test_get_concrete_memory_value(self):
global flag
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
flag = False
self.Triton.addCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE,
self.cb_flag)
# movabs rax, qword ptr [0x1000]
self.Triton.processing(
Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00"))
self.assertTrue(flag)
flag = False
self.Triton.removeCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE,
self.cb_flag)
# movabs rax, qword ptr [0x1000]
self.Triton.processing(
Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00"))
self.assertFalse(flag)
def test_get_concrete_register_value(self):
global flag
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
flag = False
self.Triton.addCallback(CALLBACK.GET_CONCRETE_REGISTER_VALUE,
self.cb_flag)
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertTrue(flag)
flag = False
self.Triton.removeCallback(CALLBACK.GET_CONCRETE_REGISTER_VALUE,
self.cb_flag)
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertFalse(flag)
# Remove all callbacks
flag = False
self.Triton.addCallback(CALLBACK.GET_CONCRETE_REGISTER_VALUE,
self.cb_flag)
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertTrue(flag)
flag = False
self.Triton.clearCallbacks()
self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx
self.assertFalse(flag)
@staticmethod
def cb_flag(api, x):
global flag
flag = True
def method_callback(self, api, _):
pass
def test_method_callback_removal(self):
# regression test for #809
import sys
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
cb = self.method_callback.__func__
cb_initial_refcnt = sys.getrefcount(cb)
self.Triton.addCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE,
self.method_callback)
self.Triton.removeCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE,
self.method_callback)
self.assertTrue(cb_initial_refcnt == sys.getrefcount(cb))
class TestAstSimplification(unittest.TestCase):
"""Testing AST simplification."""
def setUp(self):
self.Triton = TritonContext()
self.Triton.setArchitecture(ARCH.X86_64)
self.Triton.addCallback(self.xor_1, CALLBACK.SYMBOLIC_SIMPLIFICATION)
self.Triton.addCallback(self.xor_2, CALLBACK.SYMBOLIC_SIMPLIFICATION)
self.astCtxt = self.Triton.getAstContext()
def test_simplification(self):
a = self.astCtxt.bv(1, 8)
b = self.astCtxt.bv(2, 8)
# Example 1
c = a ^ a
c = self.Triton.simplify(c)
self.assertEqual(str(c), "(_ bv0 8)")
c = a ^ b
c = self.Triton.simplify(c)
self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))")
c = (a & ~b) | (~a & b)
c = self.Triton.simplify(c)
self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))")
# Example 2 - forme B
c = (~b & a) | (~a & b)
c = self.Triton.simplify(c)
self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))")
# Example 2 - forme C
c = (~b & a) | (b & ~a)
c = self.Triton.simplify(c)
self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))")
# Example 2 - forme D
c = (b & ~a) | (~b & a)
c = self.Triton.simplify(c)
self.assertEqual(str(c), "(bvxor (_ bv2 8) (_ bv1 8))")
return
# a ^ a -> a = 0
@staticmethod
def xor_1(api, node):
if node.getKind() == AST_NODE.BVXOR:
if node.getChildren()[0].equalTo(node.getChildren()[1]):
return api.getAstContext().bv(0, node.getBitvectorSize())
return node
# ((a & ~b) | (~a & b)) -> (a ^ b)
@staticmethod
def xor_2(api, node):
def getNot(node):
a = node.getChildren()[0]
b = node.getChildren()[1]
if a.getKind() == AST_NODE.BVNOT and b.getKind() != AST_NODE.BVNOT:
return a
if b.getKind() == AST_NODE.BVNOT and a.getKind() != AST_NODE.BVNOT:
return b
return None
def getNonNot(node):
a = node.getChildren()[0]
b = node.getChildren()[1]
if a.getKind() != AST_NODE.BVNOT and b.getKind() == AST_NODE.BVNOT:
return a
if b.getKind() != AST_NODE.BVNOT and a.getKind() == AST_NODE.BVNOT:
return b
return None
if node.getKind() == AST_NODE.BVOR:
c1 = node.getChildren()[0]
c2 = node.getChildren()[1]
if c1.getKind() == AST_NODE.BVAND and c2.getKind() == AST_NODE.BVAND:
c1_not = getNot(c1)
c2_not = getNot(c2)
c1_nonNot = getNonNot(c1)
c2_nonNot = getNonNot(c2)
if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot):
return c1_nonNot ^ c2_nonNot
return node
c2_not = getNot(c2)
c1_nonNot = getNonNot(c1)
c2_nonNot = getNonNot(c2)
if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot):
return c1_nonNot ^ c2_nonNot
return node
if __name__ == "__main__":
# Set arch to init engines
Triton.setArchitecture(ARCH.X86_64)
# Record simplifications
Triton.addCallback(xor_1, CALLBACK.SYMBOLIC_SIMPLIFICATION)
Triton.addCallback(xor_2, CALLBACK.SYMBOLIC_SIMPLIFICATION)
astCtxt = Triton.getAstContext()
a = astCtxt.bv(1, 8)
b = astCtxt.bv(2, 8)
# Example 1
c = a ^ a
print 'Expr: ', c
c = Triton.simplify(c)
print 'Simp: ', c
print
