def static_exits(cls, arch, blocks):
# Execute those blocks with a blank state, and then dump the arguments
blank_state = simuvex.SimState(arch=arch, mode="fastpath")
# Execute each block
state = blank_state
for b in blocks:
# state.regs.ip = next(iter(stmt for stmt in b.statements if isinstance(stmt, pyvex.IRStmt.IMark))).addr
irsb = simuvex.SimIRSB(
state,
b,
addr=next(
iter(stmt for stmt in b.statements
if isinstance(stmt, pyvex.IRStmt.IMark))).addr)
if irsb.successors:
state = irsb.successors[0]
else:
break
cc = simuvex.DefaultCC[arch.name](arch)
args = [cc.arg(state, _) for _ in xrange(5)]
main, _, _, init, fini = cls._extract_args(blank_state, *args)
all_exits = [
(init, 'Ijk_Call'),
(main, 'Ijk_Call'),
(fini, 'Ijk_Call'),
]
return all_exits
def test_inspect_exit():
class counts: #pylint:disable=no-init
exit_before = 0
exit_after = 0
def handle_exit_before(state):
counts.exit_before += 1
exit_target = state.inspect.exit_target
nose.tools.assert_equal(state.se.any_int(exit_target), 0x3f8)
# change exit target
state.inspect.exit_target = 0x41414141
nose.tools.assert_equal(state.inspect.exit_jumpkind, "Ijk_Boring")
nose.tools.assert_true(state.inspect.exit_guard.is_true())
def handle_exit_after(state): #pylint:disable=unused-argument
counts.exit_after += 1
s = simuvex.SimState(arch="AMD64", mode="symbolic")
irsb = pyvex.IRSB("\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64())
# break on exit
s.inspect.b('exit', simuvex.BP_BEFORE, action=handle_exit_before)
s.inspect.b('exit', simuvex.BP_AFTER, action=handle_exit_after)
# step it
succ = simuvex.SimIRSB(s, irsb).successors
# check
nose.tools.assert_equal( succ[0].se.any_int(succ[0].ip), 0x41414141)
nose.tools.assert_equal(counts.exit_before, 1)
nose.tools.assert_equal(counts.exit_after, 1)
def static_exits(cls, arch, blocks):
# Execute those blocks with a blank state, and then dump the arguments
blank_state = simuvex.SimState(arch=arch, mode="fastpath")
# Execute each block
state = blank_state
for b in blocks:
# state.regs.ip = next(iter(stmt for stmt in b.statements if isinstance(stmt, pyvex.IRStmt.IMark))).addr
irsb = simuvex.SimIRSB(
state,
b,
addr=next(
iter(stmt for stmt in b.statements
if isinstance(stmt, pyvex.IRStmt.IMark))).addr)
if irsb.successors:
state = irsb.successors[0]
else:
break
cc = simuvex.DefaultCC[arch.name](arch)
callfunc = cc.arg(state, 2)
retaddr = state.memory.load(state.regs.sp, arch.bytes)
all_exits = [(callfunc, 'Ijk_Call'), (retaddr, 'Ijk_Ret')]
return all_exits
def test_inspect():
class counts: #pylint:disable=no-init
mem_read = 0
mem_write = 0
reg_read = 0
reg_write = 0
tmp_read = 0
tmp_write = 0
expr = 0
statement = 0
instruction = 0
constraints = 0
variables = 0
def act_mem_read(state): #pylint:disable=unused-argument
counts.mem_read += 1
def act_mem_write(state): #pylint:disable=unused-argument
counts.mem_write += 1
def act_reg_read(state): #pylint:disable=unused-argument
counts.reg_read += 1
def act_reg_write(state): #pylint:disable=unused-argument
counts.reg_write += 1
def act_tmp_read(state): #pylint:disable=unused-argument
counts.tmp_read += 1
def act_tmp_write(state): #pylint:disable=unused-argument
counts.tmp_write += 1
def act_expr(state): #pylint:disable=unused-argument
counts.expr += 1
def act_statement(state): #pylint:disable=unused-argument
counts.statement += 1
def act_instruction(state): #pylint:disable=unused-argument
counts.instruction += 1
def act_variables(state): #pylint:disable=unused-argument
#print "CREATING:", state.inspect.symbolic_name
counts.variables += 1
# def act_constraints(state): #pylint:disable=unused-argument
# counts.constraints += 1
s = simuvex.SimState(arch="AMD64", mode="symbolic")
s.inspect.b('mem_write', when=simuvex.BP_AFTER, action=act_mem_write)
nose.tools.assert_equals(counts.mem_write, 0)
s.memory.store(100, s.se.BVV(10, 32))
nose.tools.assert_equals(counts.mem_write, 1)
s.inspect.b('mem_read', when=simuvex.BP_AFTER, action=act_mem_read)
s.inspect.b('mem_read', when=simuvex.BP_AFTER, action=act_mem_read, mem_read_address=100)
s.inspect.b('mem_read', when=simuvex.BP_AFTER, action=act_mem_read, mem_read_address=123)
s.inspect.b('mem_read', when=simuvex.BP_BEFORE, action=act_mem_read, mem_read_length=3)
nose.tools.assert_equals(counts.mem_read, 0)
s.memory.load(123, 4)
s.memory.load(223, 3)
nose.tools.assert_equals(counts.mem_read, 4)
s.inspect.b('reg_read', when=simuvex.BP_AFTER, action=act_reg_read)
nose.tools.assert_equals(counts.reg_read, 0)
s.registers.load(16)
nose.tools.assert_equals(counts.reg_read, 1)
s.inspect.b('reg_write', when=simuvex.BP_AFTER, action=act_reg_write)
nose.tools.assert_equals(counts.reg_write, 0)
s.registers.store(16, s.se.BVV(10, 32))
nose.tools.assert_equals(counts.reg_write, 1)
nose.tools.assert_equals(counts.mem_write, 1)
nose.tools.assert_equals(counts.mem_read, 4)
nose.tools.assert_equals(counts.reg_read, 1)
s.inspect.b('tmp_read', when=simuvex.BP_AFTER, action=act_tmp_read, tmp_read_num=0)
s.inspect.b('tmp_write', when=simuvex.BP_AFTER, action=act_tmp_write, tmp_write_num=0)
s.inspect.b('expr', when=simuvex.BP_AFTER, action=act_expr, expr=1016, expr_unique=False)
s.inspect.b('statement', when=simuvex.BP_AFTER, action=act_statement)
s.inspect.b('instruction', when=simuvex.BP_AFTER, action=act_instruction, instruction=1001)
s.inspect.b('instruction', when=simuvex.BP_AFTER, action=act_instruction, instruction=1000)
irsb = pyvex.IRSB("\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64())
irsb.pp()
simuvex.SimIRSB(s, irsb)
nose.tools.assert_equals(counts.reg_write, 7)
nose.tools.assert_equals(counts.reg_read, 2)
nose.tools.assert_equals(counts.tmp_write, 1)
nose.tools.assert_equals(counts.tmp_read, 1)
nose.tools.assert_equals(counts.expr, 3) # one for the Put, one for the WrTmp, and one to get the next address to jump to
nose.tools.assert_equals(counts.statement, 26)
nose.tools.assert_equals(counts.instruction, 2)
nose.tools.assert_equals(counts.constraints, 0)
nose.tools.assert_equals(counts.mem_write, 1)
nose.tools.assert_equals(counts.mem_read, 4)
s = simuvex.SimState(arch="AMD64", mode="symbolic")
s.inspect.b('symbolic_variable', when=simuvex.BP_AFTER, action=act_variables)
s.memory.load(0, 10)
nose.tools.assert_equals(counts.variables, 1)
def broken_inspect():
class counts: #pylint:disable=no-init
mem_read = 0
mem_write = 0
reg_read = 0
reg_write = 0
tmp_read = 0
tmp_write = 0
expr = 0
statement = 0
instruction = 0
constraints = 0
def act_mem_read(state): #pylint:disable=unused-argument
counts.mem_read += 1
def act_mem_write(state): #pylint:disable=unused-argument
counts.mem_write += 1
def act_reg_read(state): #pylint:disable=unused-argument
counts.reg_read += 1
def act_reg_write(state): #pylint:disable=unused-argument
counts.reg_write += 1
def act_tmp_read(state): #pylint:disable=unused-argument
counts.tmp_read += 1
def act_tmp_write(state): #pylint:disable=unused-argument
counts.tmp_write += 1
def act_expr(state): #pylint:disable=unused-argument
counts.expr += 1
def act_statement(state): #pylint:disable=unused-argument
counts.statement += 1
def act_instruction(state): #pylint:disable=unused-argument
counts.instruction += 1
# def act_constraints(state): #pylint:disable=unused-argument
# counts.constraints += 1
s = SimState(arch="AMD64", mode="symbolic")
s.inspect.add_breakpoint('mem_write', simuvex.BP(simuvex.BP_AFTER, action=act_mem_write))
nose.tools.assert_equals(counts.mem_write, 0)
s.memory.store(100, s.se.BitVecVal(10, 32))
nose.tools.assert_equals(counts.mem_write, 1)
s.inspect.add_breakpoint('mem_read', simuvex.BP(simuvex.BP_AFTER, action=act_mem_read))
s.inspect.add_breakpoint('mem_read', simuvex.BP(simuvex.BP_AFTER, action=act_mem_read, mem_read_address=100))
s.inspect.add_breakpoint('mem_read', simuvex.BP(simuvex.BP_AFTER, action=act_mem_read, mem_read_address=123))
nose.tools.assert_equals(counts.mem_read, 0)
s.memory.load(123, 4)
nose.tools.assert_equals(counts.mem_read, 2)
s.inspect.add_breakpoint('reg_read', simuvex.BP(simuvex.BP_AFTER, action=act_reg_read))
nose.tools.assert_equals(counts.reg_read, 0)
s.registers.load(16)
nose.tools.assert_equals(counts.reg_read, 1)
s.inspect.add_breakpoint('reg_write', simuvex.BP(simuvex.BP_AFTER, action=act_reg_write))
nose.tools.assert_equals(counts.reg_write, 0)
s.registers.store(16, s.se.BitVecVal(10, 32))
nose.tools.assert_equals(counts.mem_write, 1)
nose.tools.assert_equals(counts.mem_read, 2)
nose.tools.assert_equals(counts.reg_read, 1)
s.inspect.add_breakpoint('tmp_read', simuvex.BP(simuvex.BP_AFTER, action=act_tmp_read, tmp_read_num=0))
s.inspect.add_breakpoint('tmp_write', simuvex.BP(simuvex.BP_AFTER, action=act_tmp_write, tmp_write_num=0))
s.inspect.add_breakpoint('expr', simuvex.BP(simuvex.BP_AFTER, action=act_expr, expr=1016, expr_unique=False))
s.inspect.add_breakpoint('statement', simuvex.BP(simuvex.BP_AFTER, action=act_statement))
s.inspect.add_breakpoint('instruction', simuvex.BP(simuvex.BP_AFTER, action=act_instruction, instruction=1001))
s.inspect.add_breakpoint('instruction', simuvex.BP(simuvex.BP_AFTER, action=act_instruction, instruction=1000))
irsb = pyvex.IRSB("\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64())
irsb.pp()
simuvex.SimIRSB(s, irsb)
nose.tools.assert_equals(counts.reg_write, 6)
nose.tools.assert_equals(counts.reg_read, 2)
nose.tools.assert_equals(counts.tmp_write, 1)
nose.tools.assert_equals(counts.tmp_read, 1)
nose.tools.assert_equals(counts.expr, 3) # one for the Put, one for the WrTmp, and one to get the next address to jump to
nose.tools.assert_equals(counts.statement, 26)
nose.tools.assert_equals(counts.instruction, 2)
nose.tools.assert_equals(counts.constraints, 0)
# final tally
nose.tools.assert_equals(counts.mem_write, 1)
nose.tools.assert_equals(counts.mem_read, 2)
nose.tools.assert_equals(counts.reg_write, 6)
nose.tools.assert_equals(counts.reg_read, 2)
nose.tools.assert_equals(counts.tmp_write, 1)
nose.tools.assert_equals(counts.tmp_read, 1)
nose.tools.assert_equals(counts.expr, 3)
nose.tools.assert_equals(counts.statement, 26)
nose.tools.assert_equals(counts.instruction, 2)
nose.tools.assert_equals(counts.constraints, 0)