def test_instruction_semantics_jl(self): # jl #0x124e raw = b'\x0c\x38' ip = 0x1234 ins, ins_len = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R0'] = BitVecVal( ip + ins_len, 16) # ip is always preincremented expected_taken = 0x124e expected_not_taken = 0x1236 new_states = state.cpu.step_jl(state, ins) self.assertEqual(len(new_states), 2) taken_states = [ st for st in new_states if intval(st.cpu.registers['R0']) == expected_taken ] not_taken_states = [ st for st in new_states if intval(st.cpu.registers['R0']) == expected_not_taken ] self.assertEqual(len(taken_states), 1) self.assertEqual(len(not_taken_states), 1)
def test_instruction_semantics_call(self): # call #0xdead raw = b'\xb0\x12\xad\xde' ip = 0xc0de ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R0'] = BitVecVal(ip + len(raw), 16) # ip preincrement state.cpu.registers['R1'] = BitVecVal(0x1234, 16) new_states = state.cpu.step_call(state, ins) self.assertEqual(len(new_states), 1) new_state = new_states[0] lo = new_state.memory[0x1232] hi = new_state.memory[0x1233] pushed_val = Concat(hi, lo) self.assertEqual(intval(pushed_val), ip + len(raw)) self.assertEqual(intval(new_state.cpu.registers['R1']), 0x1232) self.assertEqual(intval(new_state.cpu.registers['R0']), 0xdead)
def test_instruction_semantics_mov(self): # mov #0xdead, r6 raw = b'\x36\x40\xad\xde' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() new_states = state.cpu.step_mov(state, ins) self.assertEqual(len(new_states), 1) new_state = new_states[0] self.assertEqual(intval(new_state.cpu.registers['R6']), 0xdead)
def test_instruction_semantics_jmp(self): # should be jmp #0x446a raw = b'\x06\x3c' ip = 0x445c ins, _ = decode_instruction(ip, raw) state = blank_state() new_states = state.cpu.step_jmp(state, ins) self.assertEqual(len(new_states), 1) new_ip = new_states[0].cpu.registers['R0'] new_ip = simplify(new_ip).as_long() self.assertEqual(new_ip, 0x446a)
def test_instruction_semantics_sub(self): # sub.b #0x21, r15 raw = b'\x7f\x80\x21\x00' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R15'] = BitVecVal(0x80, 16) new_states = state.cpu.step_sub(state, ins, enable_unsound_optimizations=False) for st in new_states: self.assertEqual(intval(st.cpu.registers['R15']), 0x80 - 0x21)
def test_instruction_semantics_add(self): # add #0xc0de, r15 raw = b'\x3f\x50\xde\xc0' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R15'] = BitVecVal(0x1111, 16) new_states = state.cpu.step_add(state, ins, enable_unsound_optimizations=False) for st in new_states: self.assertEqual(intval(st.cpu.registers['R15']), 0xc0de + 0x1111)
def test_instruction_semantics_swpb(self): # swpb r6 raw = b'\x86\x10' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R6'] = BitVecVal(0xdead, 16) new_states = state.cpu.step_swpb(state, ins) self.assertEqual(len(new_states), 1) new_state = new_states[0] self.assertEqual(intval(new_state.cpu.registers['R6']), 0xadde)
def test_instruction_semantics_bis(self): # bis #0x0f0f, r6 raw = b'\x36\xd0\x0f\x0f' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R6'] = BitVecVal(0xdead, 16) new_states = state.cpu.step_bis(state, ins) self.assertEqual(len(new_states), 1) new_state = new_states[0] self.assertEqual(intval(new_state.cpu.registers['R6']), 0xdfaf)
def test_instruction_semantics_sxt_negative(self): # sxt r6 raw = b'\x86\x11' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R6'] = BitVecVal(0x008c, 16) new_states = state.cpu.step_sxt(state, ins) self.assertEqual(len(new_states), 4) for new_state in new_states: # TODO: Check flags self.assertEqual(intval(new_state.cpu.registers['R6']), 0xff8c)
def test_instruction_semantics_bit_cflag_set(self): # bit #0xff00, r15 raw = b'\x3f\xb0\x00\xff' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R15'] = BitVecVal(0x8000, 16) new_states = state.cpu.step_bit(state, ins, enable_unsound_optimizations=False) new_states = [st for st in new_states if st.path.is_sat()] # only sat states for st in new_states: flag_reg = intval(st.cpu.registers['R2']) c_flag = (flag_reg & st.cpu.registers.mask_C) != 0 self.assertTrue(c_flag)
def test_instruction_semantics_cmp_vflag_unset(self): # cmp.b #0x21, r15 raw = b'\x7f\x90\x21\x00' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R15'] = BitVecVal(0x30, 16) new_states = state.cpu.step_cmp(state, ins, enable_unsound_optimizations=False) new_states = [st for st in new_states if st.path.is_sat()] # only sat states for st in new_states: flag_reg = intval(st.cpu.registers['R2']) v_flag = (flag_reg & st.cpu.registers.mask_V) != 0 self.assertFalse(v_flag)
def test_instruction_semantics_add_vflag_set(self): # add #0x0123, r15 raw = b'\x3f\x50\x23\x01' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R15'] = BitVecVal(0x7fff, 16) new_states = state.cpu.step_add(state, ins, enable_unsound_optimizations=False) new_states = [st for st in new_states if st.path.is_sat()] # only sat states for st in new_states: flag_reg = intval(st.cpu.registers['R2']) v_flag = (flag_reg & st.cpu.registers.mask_V) != 0 self.assertTrue(v_flag)
def test_instruction_semantics_xor_zflag_set(self): # xor #0x21, r15 raw = b'\x3f\xe0\x21\x00' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R15'] = BitVecVal(0x0021, 16) new_states = state.cpu.step_xor(state, ins, enable_unsound_optimizations=False) new_states = [st for st in new_states if st.path.is_sat()] # only sat states for st in new_states: flag_reg = intval(st.cpu.registers['R2']) z_flag = (flag_reg & st.cpu.registers.mask_Z) != 0 self.assertTrue(z_flag)
def test_instruction_semantics_push(self): # push #0xdead raw = b'\x30\x12\xad\xde' ip = 0x1234 ins, _ = decode_instruction(ip, raw) state = blank_state() state.cpu.registers['R1'] = BitVecVal(0x1234, 16) new_states = state.cpu.step_push(state, ins) self.assertEqual(len(new_states), 1) new_state = new_states[0] lo = new_state.memory[0x1232] hi = new_state.memory[0x1233] pushed_val = Concat(hi, lo) self.assertEqual(intval(pushed_val), 0xdead) self.assertEqual(intval(new_state.cpu.registers['R1']), 0x1232)