def test_loadg_no_constraint_creation():
state = SimState(arch='armel', mode='symbolic')
engine = HeavyVEXMixin(None)
stmt = pyvex.IRStmt.LoadG(
'Iend_LE',
'ILGop_16Uto32',
0, # dst
pyvex.IRExpr.Const(pyvex.const.U32(0x2000)), # addr (src)
pyvex.IRExpr.Const(pyvex.const.U32(0x1337)), # alt
pyvex.IRExpr.RdTmp(1) # guard
)
tyenv = pyvex.IRTypeEnv(state.arch)
tyenv.types = ['Ity_I32', 'Ity_I32']
state.scratch.set_tyenv(tyenv)
state.scratch.temps[1] = state.solver.BVS('tmp_1', 32)
engine.state = state
engine._handle_vex_stmt(stmt)
# LOADG should not create new constraints - it is a simple conditional memory read. The conditions should only be
# used inside the value AST to guard the memory read.
assert not state.solver.constraints
assert state.scratch.temps[0] is not None
assert state.scratch.temps[0].variables.issuperset(
state.scratch.temps[1].variables)
assert state.scratch.temps[0].op == 'If'
def test_inspect_exit():
class counts: #pylint:disable=no-init
exit_before = 0
exit_after = 0
def handle_exit_before(state):
counts.exit_before += 1
exit_target = state.inspect.exit_target
assert state.solver.eval(exit_target) == 0x3f8
# change exit target
state.inspect.exit_target = 0x41414141
assert state.inspect.exit_jumpkind == "Ijk_Boring"
assert state.inspect.exit_guard.is_true()
def handle_exit_after(state): #pylint:disable=unused-argument
counts.exit_after += 1
s = SimState(arch="AMD64", mode="symbolic")
irsb = pyvex.IRSB(b"\x90\x90\x90\x90\xeb\x0a", mem_addr=1000, arch=archinfo.ArchAMD64())
# break on exit
s.inspect.b('exit', BP_BEFORE, action=handle_exit_before)
s.inspect.b('exit', BP_AFTER, action=handle_exit_after)
# step it
succ = HeavyVEXMixin(None).process(s, irsb=irsb).flat_successors
# check
assert succ[0].solver.eval(succ[0].ip) == 0x41414141
assert counts.exit_before == 1
assert counts.exit_after == 1
def test_store_simplification():
state = SimState(arch='X86')
state.regs.esp = state.solver.BVS('stack_pointer', 32)
state.regs.ebp = state.solver.BVS('base_pointer', 32)
state.regs.eax = state.solver.BVS('base_eax', 32)
irsb = pyvex.IRSB(b'PT]\xc2\x10\x00', 0x4000, state.arch)
sim_successors = HeavyVEXMixin(None).process(state.copy(), irsb=irsb)
exit_state = sim_successors.all_successors[0]
nose.tools.assert_true(claripy.backends.z3.is_true(exit_state.regs.ebp == state.regs.esp - 4))
def test_store_simplification():
state = SimState(arch="X86")
state.regs.esp = state.solver.BVS("stack_pointer", 32)
state.regs.ebp = state.solver.BVS("base_pointer", 32)
state.regs.eax = state.solver.BVS("base_eax", 32)
irsb = pyvex.IRSB(b"PT]\xc2\x10\x00", 0x4000, state.arch)
sim_successors = HeavyVEXMixin(None).process(state.copy(), irsb=irsb)
exit_state = sim_successors.all_successors[0]
assert claripy.backends.z3.is_true(exit_state.regs.ebp == state.regs.esp -
4)
def test_some_vector_ops():
engine = HeavyVEXMixin(None)
s = SimState(arch='AMD64')
def translate(state, op, args):
return engine._perform_vex_expr_Op(op, args)
a = s.solver.BVV(0xffff0000000100020003000400050006, 128)
b = s.solver.BVV(0x00020002000200020002000200020002, 128)
calc_result = translate(s, 'Iop_Sub16x8', (a, b))
correct_result = s.solver.BVV(0xfffdfffeffff00000001000200030004, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpEQ16x8', (a, b))
correct_result = s.solver.BVV(0x000000000000ffff0000000000000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpEQ8x16', (a, b))
correct_result = s.solver.BVV(0x0000ff00ff00ffffff00ff00ff00ff00, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpGT16Sx8', (a, b))
correct_result = s.solver.BVV(0x0000000000000000ffffffffffffffff, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpGT16Ux8', (a, b))
correct_result = s.solver.BVV(0xffff000000000000ffffffffffffffff, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_InterleaveLO16x8', (a, b))
correct_result = s.solver.BVV(0x00030002000400020005000200060002, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_InterleaveLO8x16', (a, b))
correct_result = s.solver.BVV(0x00000302000004020000050200000602, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Min8Ux16', (a, b))
correct_result = s.solver.BVV(0x00020000000100020002000200020002, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Min8Sx16', (a, b))
correct_result = s.solver.BVV(0xffff0000000100020002000200020002, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QNarrowBin16Sto8Ux16', (a, b))
correct_result = s.solver.BVV(0x00000102030405060202020202020202, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
c = s.solver.BVV(0xff008877, 32)
d = s.solver.BVV(0x11111111, 32)
calc_result = translate(s, 'Iop_HAdd8Sx4', (c, d))
correct_result = s.solver.BVV(0x0808cc44, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QAdd8Sx4', (c, d))
correct_result = s.solver.BVV(0x1011997f, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QAdd8Ux4', (c, d))
correct_result = s.solver.BVV(0xff119988, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QSub8Sx4', (c, d))
correct_result = s.solver.BVV(0xeeef8066, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QSub8Ux4', (c, d))
correct_result = s.solver.BVV(0xee007766, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
e = s.solver.BVV(0xff00887766554433, 64)
f = s.solver.BVV(0x0202000200020002, 64)
calc_result = translate(s, 'Iop_QNarrowBin16Sto8Ux8', (e, f))
correct_result = s.solver.BVV(0x0000ffffff020202, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
g = claripy.BVV(0x111111112222222233333333ffffffff, 128)
h = claripy.BVV(0x1111111100000000ffffffffffffffff, 128)
calc_result = translate(s, 'Iop_CmpEQ32Fx4', (g, h))
correct_result = claripy.BVV(0xffffffff000000000000000000000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Clz32x4', (g,))
correct_result = claripy.BVV(0x00000003000000020000000200000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
i = claripy.BVV(0x1001000000001000, 64)
j = claripy.BVV(0x100000000000f000, 64)
calc_result = translate(s, 'Iop_Mull16Sx4', (i, j))
correct_result = claripy.BVV(0x10010000000000000000000ff000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Mull16Ux4', (i, j))
correct_result = claripy.BVV(0x100100000000000000000000f000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
def test_some_vector_ops():
engine = HeavyVEXMixin(None)
s = SimState(arch='AMD64')
def translate(state, op, args):
return engine._perform_vex_expr_Op(op, args)
a = s.solver.BVV(0xffff0000000100020003000400050006, 128)
b = s.solver.BVV(0x00020002000200020002000200020002, 128)
calc_result = translate(s, 'Iop_Sub16x8', (a, b))
correct_result = s.solver.BVV(0xfffdfffeffff00000001000200030004, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpEQ16x8', (a, b))
correct_result = s.solver.BVV(0x000000000000ffff0000000000000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpEQ8x16', (a, b))
correct_result = s.solver.BVV(0x0000ff00ff00ffffff00ff00ff00ff00, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpGT16Sx8', (a, b))
correct_result = s.solver.BVV(0x0000000000000000ffffffffffffffff, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_CmpGT16Ux8', (a, b))
correct_result = s.solver.BVV(0xffff000000000000ffffffffffffffff, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_InterleaveLO16x8', (a, b))
correct_result = s.solver.BVV(0x00030002000400020005000200060002, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_InterleaveLO8x16', (a, b))
correct_result = s.solver.BVV(0x00000302000004020000050200000602, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Min8Ux16', (a, b))
correct_result = s.solver.BVV(0x00020000000100020002000200020002, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Min8Sx16', (a, b))
correct_result = s.solver.BVV(0xffff0000000100020002000200020002, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QNarrowBin16Sto8Ux16', (a, b))
correct_result = s.solver.BVV(0x00000102030405060202020202020202, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
c = s.solver.BVV(0xff008877, 32)
d = s.solver.BVV(0x11111111, 32)
calc_result = translate(s, 'Iop_HAdd8Sx4', (c, d))
correct_result = s.solver.BVV(0x0808cc44, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QAdd8Sx4', (c, d))
correct_result = s.solver.BVV(0x1011997f, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QAdd8Ux4', (c, d))
correct_result = s.solver.BVV(0xff119988, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QSub8Sx4', (c, d))
correct_result = s.solver.BVV(0xeeef8066, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_QSub8Ux4', (c, d))
correct_result = s.solver.BVV(0xee007766, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
e = s.solver.BVV(0xff00887766554433, 64)
f = s.solver.BVV(0x0202000200020002, 64)
calc_result = translate(s, 'Iop_QNarrowBin16Sto8Ux8', (e, f))
correct_result = s.solver.BVV(0x0000ffffff020202, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
gg = claripy.BVV(0x111111112222222233333333ffffffff, 128)
h = claripy.BVV(0x1111111100000000ffffffffffffffff, 128)
calc_result = translate(s, 'Iop_CmpEQ32Fx4', (gg, h))
correct_result = claripy.BVV(0xffffffff000000000000000000000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Clz32x4', (gg, ))
correct_result = claripy.BVV(0x00000003000000020000000200000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
i = claripy.BVV(0x1001000000001000, 64)
j = claripy.BVV(0x100000000000f000, 64)
calc_result = translate(s, 'Iop_Mull16Sx4', (i, j))
correct_result = claripy.BVV(0x10010000000000000000000ff000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Mull16Ux4', (i, j))
correct_result = claripy.BVV(0x100100000000000000000000f000000, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
k = claripy.BVV(0xe7, 8)
ll = claripy.BVV(0x1234, 16)
m = claripy.BVV(0x12345678, 32)
calc_result = translate(s, 'Iop_Dup8x8', (k, ))
correct_result = claripy.BVV(0xe7e7e7e7e7e7e7e7, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Dup8x16', (k, ))
correct_result = claripy.BVV(0xe7e7e7e7e7e7e7e7e7e7e7e7e7e7e7e7, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Dup16x4', (ll, ))
correct_result = claripy.BVV(0x1234123412341234, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Dup16x8', (ll, ))
correct_result = claripy.BVV(0x12341234123412341234123412341234, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Dup32x2', (m, ))
correct_result = claripy.BVV(0x1234567812345678, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_Dup32x4', (m, ))
correct_result = claripy.BVV(0x12345678123456781234567812345678, 128)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
n = claripy.BVV(0x0123456789abcdef, 64)
o = claripy.BVV(0xaf, 8)
p = claripy.BVV(0xdfec, 16)
q = claripy.BVV(0xbfcfdfef, 32)
r = claripy.BVV(0x0102030405060708, 64)
ss = claripy.BVS('index', 8)
# According to the source code of LibVex, the index is a U8 constant
calc_result = translate(s, 'Iop_GetElem8x8', (n, claripy.BVV(0, 8)))
correct_result = claripy.BVV(0xef, 8)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem8x8', (n, claripy.BVV(1, 8)))
correct_result = claripy.BVV(0xcd, 8)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem8x8', (n, claripy.BVV(6, 8)))
correct_result = claripy.BVV(0x23, 8)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem8x8', (n, claripy.BVV(7, 8)))
correct_result = claripy.BVV(0x01, 8)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem16x4', (n, claripy.BVV(0, 8)))
correct_result = claripy.BVV(0xcdef, 16)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem16x4', (n, claripy.BVV(3, 8)))
correct_result = claripy.BVV(0x0123, 16)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem32x2', (n, claripy.BVV(0, 8)))
correct_result = claripy.BVV(0x89abcdef, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem32x2', (n, claripy.BVV(1, 8)))
correct_result = claripy.BVV(0x01234567, 32)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem8x8', (n, claripy.BVV(0, 8), o))
correct_result = claripy.BVV(0x0123456789abcdaf, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem8x8', (n, claripy.BVV(1, 8), o))
correct_result = claripy.BVV(0x0123456789abafef, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem8x8', (n, claripy.BVV(6, 8), o))
correct_result = claripy.BVV(0x01af456789abcdef, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem8x8', (n, claripy.BVV(7, 8), o))
correct_result = claripy.BVV(0xaf23456789abcdef, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem16x4', (n, claripy.BVV(0, 8), p))
correct_result = claripy.BVV(0x0123456789abdfec, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem16x4', (n, claripy.BVV(3, 8), p))
correct_result = claripy.BVV(0xdfec456789abcdef, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem32x2', (n, claripy.BVV(0, 8), q))
correct_result = claripy.BVV(0x01234567bfcfdfef, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_SetElem32x2', (n, claripy.BVV(1, 8), q))
correct_result = claripy.BVV(0xbfcfdfef89abcdef, 64)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
# Symbolic indexes
calc_result = translate(ss, 'Iop_GetElem8x8', (r, ss))
correct_result = claripy.If(
ss == 7, claripy.BVV(0x01, 8),
claripy.If(
ss == 6, claripy.BVV(0x02, 8),
claripy.If(
ss == 5, claripy.BVV(0x03, 8),
claripy.If(
ss == 4, claripy.BVV(0x04, 8),
claripy.If(
ss == 3, claripy.BVV(0x05, 8),
claripy.If(
ss == 2, claripy.BVV(0x06, 8),
claripy.If(ss == 1, claripy.BVV(0x07, 8),
claripy.BVV(0x08, 8))))))))
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem16x4', (r, ss))
correct_result = claripy.If(
ss == 3, claripy.BVV(0x0102, 16),
claripy.If(
ss == 2, claripy.BVV(0x0304, 16),
claripy.If(ss == 1, claripy.BVV(0x0506, 16),
claripy.BVV(0x0708, 16))))
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
calc_result = translate(s, 'Iop_GetElem32x2', (r, ss))
correct_result = claripy.If(ss == 1, claripy.BVV(0x01020304, 32),
claripy.BVV(0x05060708, 32))
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
r_slices = r.chop(8)
calc_result = translate(s, 'Iop_SetElem8x8', (r, ss, o))
correct_result = claripy.Concat(claripy.If(ss == 7, o, r_slices[0]),
claripy.If(ss == 6, o, r_slices[1]),
claripy.If(ss == 5, o, r_slices[2]),
claripy.If(ss == 4, o, r_slices[3]),
claripy.If(ss == 3, o, r_slices[4]),
claripy.If(ss == 2, o, r_slices[5]),
claripy.If(ss == 1, o, r_slices[6]),
claripy.If(ss == 0, o, r_slices[7]))
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
r_slices = r.chop(16)
calc_result = translate(s, 'Iop_SetElem16x4', (r, ss, p))
correct_result = claripy.Concat(claripy.If(ss == 3, p, r_slices[0]),
claripy.If(ss == 2, p, r_slices[1]),
claripy.If(ss == 1, p, r_slices[2]),
claripy.If(ss == 0, p, r_slices[3]))
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
r_slices = r.chop(32)
calc_result = translate(s, 'Iop_SetElem32x2', (r, ss, q))
correct_result = claripy.Concat(
claripy.If(ss == 1, q, r_slices[0]),
claripy.If(ss == 0, q, r_slices[1]),
)
nose.tools.assert_true(s.solver.is_true(calc_result == correct_result))
def test_some_vector_ops():
engine = HeavyVEXMixin(None)
s = SimState(arch="AMD64")
def translate(state, op, args):
return engine._perform_vex_expr_Op(op, args)
a = s.solver.BVV(0xFFFF0000000100020003000400050006, 128)
b = s.solver.BVV(0x00020002000200020002000200020002, 128)
calc_result = translate(s, "Iop_Sub16x8", (a, b))
correct_result = s.solver.BVV(0xFFFDFFFEFFFF00000001000200030004, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_CmpEQ16x8", (a, b))
correct_result = s.solver.BVV(0x000000000000FFFF0000000000000000, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_CmpEQ8x16", (a, b))
correct_result = s.solver.BVV(0x0000FF00FF00FFFFFF00FF00FF00FF00, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_CmpGT16Sx8", (a, b))
correct_result = s.solver.BVV(0x0000000000000000FFFFFFFFFFFFFFFF, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_CmpGT16Ux8", (a, b))
correct_result = s.solver.BVV(0xFFFF000000000000FFFFFFFFFFFFFFFF, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_InterleaveLO16x8", (a, b))
correct_result = s.solver.BVV(0x00030002000400020005000200060002, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_InterleaveLO8x16", (a, b))
correct_result = s.solver.BVV(0x00000302000004020000050200000602, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Min8Ux16", (a, b))
correct_result = s.solver.BVV(0x00020000000100020002000200020002, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Min8Sx16", (a, b))
correct_result = s.solver.BVV(0xFFFF0000000100020002000200020002, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_QNarrowBin16Sto8Ux16", (a, b))
correct_result = s.solver.BVV(0x00000102030405060202020202020202, 128)
assert s.solver.is_true(calc_result == correct_result)
c = s.solver.BVV(0xFF008877, 32)
d = s.solver.BVV(0x11111111, 32)
calc_result = translate(s, "Iop_HAdd8Sx4", (c, d))
correct_result = s.solver.BVV(0x0808CC44, 32)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_QAdd8Sx4", (c, d))
correct_result = s.solver.BVV(0x1011997F, 32)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_QAdd8Ux4", (c, d))
correct_result = s.solver.BVV(0xFF119988, 32)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_QSub8Sx4", (c, d))
correct_result = s.solver.BVV(0xEEEF8066, 32)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_QSub8Ux4", (c, d))
correct_result = s.solver.BVV(0xEE007766, 32)
assert s.solver.is_true(calc_result == correct_result)
e = s.solver.BVV(0xFF00887766554433, 64)
f = s.solver.BVV(0x0202000200020002, 64)
calc_result = translate(s, "Iop_QNarrowBin16Sto8Ux8", (e, f))
correct_result = s.solver.BVV(0x0000FFFFFF020202, 64)
assert s.solver.is_true(calc_result == correct_result)
gg = claripy.BVV(0x111111112222222233333333FFFFFFFF, 128)
h = claripy.BVV(0x1111111100000000FFFFFFFFFFFFFFFF, 128)
calc_result = translate(s, "Iop_CmpEQ32Fx4", (gg, h))
correct_result = claripy.BVV(0xFFFFFFFF000000000000000000000000, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Clz32x4", (gg, ))
correct_result = claripy.BVV(0x00000003000000020000000200000000, 128)
assert s.solver.is_true(calc_result == correct_result)
i = claripy.BVV(0x1001000000001000, 64)
j = claripy.BVV(0x100000000000F000, 64)
calc_result = translate(s, "Iop_Mull16Sx4", (i, j))
correct_result = claripy.BVV(0x10010000000000000000000FF000000, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Mull16Ux4", (i, j))
correct_result = claripy.BVV(0x100100000000000000000000F000000, 128)
assert s.solver.is_true(calc_result == correct_result)
k = claripy.BVV(0xE7, 8)
ll = claripy.BVV(0x1234, 16)
m = claripy.BVV(0x12345678, 32)
calc_result = translate(s, "Iop_Dup8x8", (k, ))
correct_result = claripy.BVV(0xE7E7E7E7E7E7E7E7, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Dup8x16", (k, ))
correct_result = claripy.BVV(0xE7E7E7E7E7E7E7E7E7E7E7E7E7E7E7E7, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Dup16x4", (ll, ))
correct_result = claripy.BVV(0x1234123412341234, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Dup16x8", (ll, ))
correct_result = claripy.BVV(0x12341234123412341234123412341234, 128)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Dup32x2", (m, ))
correct_result = claripy.BVV(0x1234567812345678, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_Dup32x4", (m, ))
correct_result = claripy.BVV(0x12345678123456781234567812345678, 128)
assert s.solver.is_true(calc_result == correct_result)
n = claripy.BVV(0x0123456789ABCDEF, 64)
o = claripy.BVV(0xAF, 8)
p = claripy.BVV(0xDFEC, 16)
q = claripy.BVV(0xBFCFDFEF, 32)
r = claripy.BVV(0x0102030405060708, 64)
ss = claripy.BVS("index", 8)
# According to the source code of LibVex, the index is a U8 constant
calc_result = translate(s, "Iop_GetElem8x8", (n, claripy.BVV(0, 8)))
correct_result = claripy.BVV(0xEF, 8)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem8x8", (n, claripy.BVV(1, 8)))
correct_result = claripy.BVV(0xCD, 8)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem8x8", (n, claripy.BVV(6, 8)))
correct_result = claripy.BVV(0x23, 8)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem8x8", (n, claripy.BVV(7, 8)))
correct_result = claripy.BVV(0x01, 8)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem16x4", (n, claripy.BVV(0, 8)))
correct_result = claripy.BVV(0xCDEF, 16)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem16x4", (n, claripy.BVV(3, 8)))
correct_result = claripy.BVV(0x0123, 16)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem32x2", (n, claripy.BVV(0, 8)))
correct_result = claripy.BVV(0x89ABCDEF, 32)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem32x2", (n, claripy.BVV(1, 8)))
correct_result = claripy.BVV(0x01234567, 32)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem8x8", (n, claripy.BVV(0, 8), o))
correct_result = claripy.BVV(0x0123456789ABCDAF, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem8x8", (n, claripy.BVV(1, 8), o))
correct_result = claripy.BVV(0x0123456789ABAFEF, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem8x8", (n, claripy.BVV(6, 8), o))
correct_result = claripy.BVV(0x01AF456789ABCDEF, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem8x8", (n, claripy.BVV(7, 8), o))
correct_result = claripy.BVV(0xAF23456789ABCDEF, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem16x4", (n, claripy.BVV(0, 8), p))
correct_result = claripy.BVV(0x0123456789ABDFEC, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem16x4", (n, claripy.BVV(3, 8), p))
correct_result = claripy.BVV(0xDFEC456789ABCDEF, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem32x2", (n, claripy.BVV(0, 8), q))
correct_result = claripy.BVV(0x01234567BFCFDFEF, 64)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_SetElem32x2", (n, claripy.BVV(1, 8), q))
correct_result = claripy.BVV(0xBFCFDFEF89ABCDEF, 64)
assert s.solver.is_true(calc_result == correct_result)
# Symbolic indexes
calc_result = translate(ss, "Iop_GetElem8x8", (r, ss))
correct_result = claripy.If(
ss == 7,
claripy.BVV(0x01, 8),
claripy.If(
ss == 6,
claripy.BVV(0x02, 8),
claripy.If(
ss == 5,
claripy.BVV(0x03, 8),
claripy.If(
ss == 4,
claripy.BVV(0x04, 8),
claripy.If(
ss == 3,
claripy.BVV(0x05, 8),
claripy.If(
ss == 2,
claripy.BVV(0x06, 8),
claripy.If(ss == 1, claripy.BVV(0x07, 8),
claripy.BVV(0x08, 8)),
),
),
),
),
),
)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem16x4", (r, ss))
correct_result = claripy.If(
ss == 3,
claripy.BVV(0x0102, 16),
claripy.If(
ss == 2,
claripy.BVV(0x0304, 16),
claripy.If(ss == 1, claripy.BVV(0x0506, 16),
claripy.BVV(0x0708, 16)),
),
)
assert s.solver.is_true(calc_result == correct_result)
calc_result = translate(s, "Iop_GetElem32x2", (r, ss))
correct_result = claripy.If(ss == 1, claripy.BVV(0x01020304, 32),
claripy.BVV(0x05060708, 32))
assert s.solver.is_true(calc_result == correct_result)
r_slices = r.chop(8)
calc_result = translate(s, "Iop_SetElem8x8", (r, ss, o))
correct_result = claripy.Concat(
claripy.If(ss == 7, o, r_slices[0]),
claripy.If(ss == 6, o, r_slices[1]),
claripy.If(ss == 5, o, r_slices[2]),
claripy.If(ss == 4, o, r_slices[3]),
claripy.If(ss == 3, o, r_slices[4]),
claripy.If(ss == 2, o, r_slices[5]),
claripy.If(ss == 1, o, r_slices[6]),
claripy.If(ss == 0, o, r_slices[7]),
)
assert s.solver.is_true(calc_result == correct_result)
r_slices = r.chop(16)
calc_result = translate(s, "Iop_SetElem16x4", (r, ss, p))
correct_result = claripy.Concat(
claripy.If(ss == 3, p, r_slices[0]),
claripy.If(ss == 2, p, r_slices[1]),
claripy.If(ss == 1, p, r_slices[2]),
claripy.If(ss == 0, p, r_slices[3]),
)
assert s.solver.is_true(calc_result == correct_result)
r_slices = r.chop(32)
calc_result = translate(s, "Iop_SetElem32x2", (r, ss, q))
correct_result = claripy.Concat(
claripy.If(ss == 1, q, r_slices[0]),
claripy.If(ss == 0, q, r_slices[1]),
)
assert s.solver.is_true(calc_result == correct_result)