def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + " | " + str(src2val)
if src1val.is_undefined or src2val.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg("warning",
"or: some operand is undefined: " + expr)
elif src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_literal and src2val.is_literal:
v1 = SV.mk_simvalue(src1val.literal_value)
v2 = SV.mk_simvalue(src2val.literal_value)
result = v1.bitwise_or(v2)
else:
result = SV.simUndefinedDW
simstate.add_logmsg("warning",
"or: some operand not recognized: " + expr)
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
immop = self.imm_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.to_unsigned_int()
expr = str(srcval) + ' >> ' + str(immval)
result: SV.SimValue = SV.simUndefinedDW
if srcval.is_undefined:
simstate.add_logmsg("warning",
"srl: operand is undefined: " + str(srcop))
elif srcval.is_literal:
srcval = SV.mk_simvalue(srcval.literal_value)
result = (SV.mk_simvalue(srcval.literal_value)).bitwise_srl(immval)
elif srcval.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif srcval.is_address:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
else:
simstate.add_logmsg("warning",
"srl: operand not recognized: " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
srcop = self.src_operand
immop = self.imm_operand
dstop = self.dst_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.to_unsigned_int()
imm = SV.SimDoubleWordValue(immval)
expr = str(srcval) + ' | ' + str(immval)
if srcval.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg(
"warning",
"ori: operand is undefined: " + str(srcop))
elif srcval.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
if srcval.is_literal:
result = SV.mk_simvalue(srcval.literal_value).bitwise_or(imm)
else:
result = SV.simUndefinedDW
simstate.add_logmsg(
"warning",
"ori: operand not recognized: " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def json_to_simval(d: Dict[str, Any]) -> SV.SimValue:
id = d["i"]
# SimValue (generic, covers all cases with jsonval implementation)
if id == "x":
return SSV.SimSymbolicValue(0, defined=False)
# SimByteValue
elif id == "b":
if "d" in d:
data = d["d"]
v: int = data.get("v", 0)
defined: bool = data.get("d", True)
return SV.SimByteValue(v, defined)
else:
return SV.SimByteValue(0)
# SimDoubleWordValue
elif id == "d":
if "d" in d:
data = d["d"]
v = data.get("v", 0)
defined = data.get("d", True)
b1defined: bool = data.get("db1", True)
b2defined: bool = data.get("db2", True)
b3defined: bool = data.get("db3", True)
b4defined: bool = data.get("db4", True)
return SV.SimDoubleWordValue(v,
defined=defined,
b1defined=b1defined,
b2defined=b2defined,
b3defined=b3defined,
b4defined=b4defined)
else:
return SV.SimDoubleWordValue(0)
# SimGlobalAddress
elif id == "sga":
data = d["d"]
modulename: str = data.get("m", "?")
offset = cast(SV.SimDoubleWordValue, json_to_simval(data["o"]))
return SSV.SimGlobalAddress(modulename, offset)
# SimReturnAddress
elif id == "sra":
data = d["d"]
modulename = data.get("m", "?")
functionaddr: str = data["f"]
offset = cast(SV.SimDoubleWordValue, json_to_simval(data["o"]))
return SSV.SimReturnAddress(modulename, functionaddr, offset)
# SimMemoryByteLink
elif id == "bl":
data = d["d"]
linkedto = cast(SSV.SimSymbolicValue, json_to_simval(data["l"]))
position: int = cast(int, data["p"])
return SimMemoryByteLink(linkedto, position)
else:
raise UF.CHBError("No deserialization implemented yet for id = " + id)
def rhs(self, iaddr: str, op: Operand, opsize: int = 4) -> SV.SimValue:
if op.is_register:
return self.regval(iaddr, op.register, opsize=opsize)
elif op.is_immediate:
return SV.mk_simvalue(op.value, size=opsize)
elif op.is_indirect_register:
regval = self.regval(iaddr, op.indirect_register)
offset = op.offset
if not regval.is_defined:
return SV.mk_undefined_simvalue(opsize)
if regval.is_string_address and opsize == 1:
regval = cast(SSV.SimStringAddress, regval)
return self.rhs_string_char(iaddr, regval, offset)
elif regval.is_symbol:
regval = cast(SSV.SimSymbol, regval)
return self.rhs_symbol(iaddr, regval, offset, opsize)
elif regval.is_address:
regval = cast(SSV.SimAddress, regval)
return self.memval(iaddr, regval.add_offset(offset), opsize)
elif regval.is_literal:
regval = cast(SV.SimLiteralValue, regval)
return self.rhs_literal_address(iaddr, regval.value, offset,
opsize)
else:
raise SU.CHBSimError(
self, iaddr,
"Unable to resolve indirect register operand: " + str(op))
else:
raise SU.CHBSimError(
self, iaddr, "Operand " + str(op) + " not recognized in rhs")
def toupper_result(self) -> SV.SimLiteralValue:
if self.name == "ctype_toupper":
if self.offset1 >= 97 and self.offset2 <= 122:
return SV.mk_simvalue(self.offset1 // 2)
else:
return SV.mk_simvalue(self.offset1)
else:
return SV.simUndefinedDW
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
"""Subtraction with trap on overflow (trap not currently implemented)."""
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
if src1val.is_undefined or src2val.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
elif src1val.is_symbol or src2val.is_symbol:
expr = str(src1val) + ' - ' + str(src2val)
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_string_address and src2val.is_string_address:
src1val = cast(SSV.SimStringAddress, src1val)
src2val = cast(SSV.SimStringAddress, src2val)
diff = src2val.stringval.find(src1val.stringval)
result = SV.mk_simvalue(diff)
elif src1val.is_stack_address and src2val.is_stack_address:
src1val = cast(SSV.SimStackAddress, src1val)
src2val = cast(SSV.SimStackAddress, src2val)
diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1)
result = SV.mk_simvalue(diff)
elif src1val.is_stack_address and src2val.is_literal:
src1val = cast(SSV.SimStackAddress, src1val)
result = cast(SV.SimValue,
src1val.add_offset(-src2val.literal_value))
elif src1val.is_global_address and src2val.is_global_address:
src1val = cast(SSV.SimGlobalAddress, src1val)
src2val = cast(SSV.SimGlobalAddress, src2val)
diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1)
result = SV.mk_simvalue(diff)
elif src1val.is_global_address and src2val.is_literal:
src1val = cast(SSV.SimGlobalAddress, src1val)
diff = (src1val.offsetvalue - src2val.literal_value) % (SU.max32 +
1)
result = SV.mk_simvalue(diff)
elif src1val.is_literal and src2val.is_literal:
diff = (src1val.literal_value -
src2val.literal_value) % (SU.max32 + 1)
result = SV.mk_simvalue(diff)
else:
result = SV.simUndefinedDW
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result,
('val(' + str(src1op) + ') = ' + str(src1val) +
', val(' + str(src2op) + ') = ' + str(src2val)))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
srcval = SV.mk_simvalue(srcop.value)
lhs = simstate.set(iaddr, dstop, srcval)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, srcval)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
srcval = simstate.rhs(iaddr, srcop)
result: SV.SimValue
if srcval.is_undefined:
result = SV.simUndefinedDW
if srcval.is_global_address:
val = cast(SV.SimDoubleWordValue,
SV.mk_simvalue(srcval.literal_value))
srcval = cast(SSV.SimGlobalAddress, srcval)
name = srcval.modulename
resultval = val.swap_bytes_within_halfwords()
result = SSV.mk_global_address(resultval.literal_value, name)
elif srcval.is_literal:
val = cast(SV.SimDoubleWordValue, srcval)
result = val.swap_bytes_within_halfwords()
else:
raise SU.CHBSimError(
simstate, iaddr, "wsbh: operand not recognized: " +
str(srcop) + ": " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr,
simstate,
lhs,
result,
intermediates=str(srcval))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
srcval = srcop.to_unsigned_int()
v = 256 * 256 * srcval
try:
result = cast(SV.SimValue, simstate.resolve_literal_address(iaddr, v))
except SU.CHBSimError:
result = SV.mk_simvalue(v)
if result.is_undefined:
result = SV.mk_simvalue(v)
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, "")
def b_result(self) -> SV.SimLiteralValue:
if self.name == "ctype_b":
result = 0
print("ctype_b deref table value: " + str(self.offset1) + ", " +
str(chr(self.offset1 // 2)))
c = str(chr(self.offset1 // 2))
if c.isupper():
result += 1
if c.islower():
result += 2
if c.isalpha():
result += 4
if c.isnumeric():
result += 8
if c.isspace() or c == '\r' or c == '\n':
result += 32
if c.isprintable():
result += 64
if c.isspace():
result += 256
if not c.isprintable():
result += 512
if c in string.punctuation:
result += 1024
if c.isalnum():
result += 2048
return SV.mk_simvalue(result)
else:
return SV.simZero
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
srcop = self.src_operand
immop = self.imm_operand
dstop = self.dst_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.value
expr = str(srcval) + " < " + str(immval)
if srcval.is_undefined:
result = SV.simUndefinedDW
simstate.add_logmsg("warning",
"slti: operand not defined: " + str(srcop))
elif srcval.is_literal:
v = SV.mk_simvalue(srcval.literal_value)
if v.to_signed_int() < immval:
result = SV.simOne
else:
result = SV.simZero
elif srcval.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
else:
result = SV.simUndefinedDW
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def big_endian(self, iaddr: str, offset: int,
size: int) -> SV.SimLiteralValue:
if size == 2:
b1 = self.byte(iaddr, offset + 1)
b2 = self.byte(iaddr, offset)
return SV.compose_simvalue([b1, b2])
elif size == 4:
b1 = self.byte(iaddr, offset + 3)
b2 = self.byte(iaddr, offset + 2)
b3 = self.byte(iaddr, offset + 1)
b4 = self.byte(iaddr, offset)
return SV.compose_simvalue([b1, b2, b3, b4])
else:
raise SU.CHBSimError(
self.simstate, iaddr,
("Size of memory value request not supported: " + str(size)))
def get_patched_global(self,
address: SSV.SimAddress) -> SV.SimDoubleWordValue:
if self.has_patched_global(address):
hexval = self.patched_globals[hex(address.offsetvalue)]
return cast(SV.SimDoubleWordValue, SV.mk_simvalue(int(hexval, 16)))
else:
raise UF.CHBError('No patched global found for ' + str(address))
def mk_mapped_address(base: str, offset: int,
buffersize: int) -> "SimMappedAddress":
"""Makes an address within a memory-mapped region."""
return SimMappedAddress(
base, cast(SV.SimDoubleWordValue, SV.mk_simvalue(offset, size=4)),
buffersize)
def get(self,
iaddr: str,
address: SSV.SimAddress,
size: int) -> SV.SimValue:
try:
for base in self.baseoffsets:
if (
address.offsetvalue >= base
and address.offsetvalue < base + self.buffersize):
address = address.add_offset(-base)
try:
memval = SimMemory.get(self, iaddr, address, size)
except SU.CHBSimError:
memval = SV.mk_simvalue(0, size=size)
return memval
else:
raise SU.CHBSimError(
self.simstate,
iaddr,
"invalid shared memory address: " + str(address))
except SU.CHBSimError as e:
print("Error in shared memory: " + str(e))
name = (self.name
+ '['
+ str(address.offsetvalue)
+ ']'
+ ' (value not retrieved: '
+ str(e)
+ ')')
return SSV.SimSymbol(name)
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None:
srcop = self.src_operand
dstop = self.dst_operand
srcptrop = self.srcptr_operand
dstptrop = self.dstptr_operand
srcval = simstate.get_rhs(iaddr, srcop)
srcptrval = simstate.get_rhs(iaddr, srcptrop)
dstptrval = simstate.get_rhs(iaddr, dstptrop)
dflag = simstate.get_flag_value(iaddr, 'DF')
incr = SV.mk_simvalue(srcptrop.size, self.size)
simstate.set(iaddr, dstop, srcval)
if (srcptrval.is_literal and srcptrval.is_defined
and dstptrval.is_literal and dstptrval.is_defined):
srcptrval = cast(SV.SimLiteralValue, srcptrval)
dstptrval = cast(SV.SimLiteralValue, dstptrval)
if dflag == 0:
simstate.set(iaddr, srcptrop, srcptrval.add(incr))
simstate.set(iaddr, dstptrop, dstptrval.add(incr))
elif dflag == 1:
simstate.set(iaddr, srcptrop, srcptrval.sub(incr))
simstate.set(iaddr, dstptrop, dstptrval.sub(incr))
else:
raise SU.CHBSimError(
simstate, iaddr,
'Unexpected value for direction flag: ' + str(dflag))
else:
raise SU.CHBSimError(
simstate, iaddr,
("Movs not supported for " + str(srcptrop) + ":" +
str(srcptrval) + ", " + str(dstptrop) + ":" + str(dstptrval)))
def bitwise_and(self, other: SV.SimLiteralValue) -> SV.SimValue:
if other.is_literal:
if other.value < self.value:
newval = self.value & other.value
return SV.mk_simvalue(newval)
else:
return mk_simbasevalue('unknown', self.value & other.value)
else:
return SV.simUndefinedDW
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
immop = self.imm_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.to_unsigned_int()
if srcval.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg(
"warning",
"sll: operand is not defined: " + str(srcop))
elif srcval.is_literal:
v = SV.mk_simvalue(srcval.literal_value)
result = v.bitwise_sll(immval)
elif srcval.is_symbol:
srcval = cast(SSV.SimSymbol, srcval)
if srcval.value is not None:
v = SV.mk_simvalue(srcval.value)
result = v.bitwise_sll(immval)
else:
raise SU.CHBSymbolicExpression(
simstate,
iaddr,
dstop,
str(srcval) + " << " + str(immval) + " (val(" + str(srcop) + "))")
else:
result = SV.simUndefinedDW
simstate.add_logmsg(
"warning",
"sll: operand not recognized: " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(
iaddr,
simstate,
lhs,
result,
"(val(" + str(srcop) + ") = " + str(srcval) + ")")
def b_result(self) -> SV.SimLiteralValue:
if self.name == "ctype_b":
result = 0
print("ctype_b: " + str(self.offset) + ', ' +
str(chr(self.offset // 2)))
c = chr(self.offset // 2)
if c.isspace():
result += 32
return SV.mk_simvalue(result)
else:
return SV.simZero
def mk_base_address(base: str,
offset: int = 0,
buffersize: Optional[int] = None,
tgttype: Optional[str] = None) -> "SimBaseAddress":
"""Makes a base address with offset (int) and buffer size (simvalue)."""
return SimBaseAddress(base,
cast(SV.SimDoubleWordValue,
SV.mk_simvalue(offset, size=4)),
buffersize=buffersize,
tgttype=tgttype)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
srcop = self.src_operand
dstop = self.dst_operand
srcval = simstate.rhs(iaddr, srcop)
if srcval.is_literal:
result = SV.mk_simvalue(srcval.literal_value).leading_zeroes
else:
result = SV.simUndefinedDW
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstlo = self.dstlo_operand
dsthi = self.dsthi_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + " * " + str(src2val)
if src1val.is_undefined or src2val.is_undefined:
loval = cast(SV.SimValue, SV.simUndefinedDW)
hival = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg("warning",
"mult: some operand is undefined: " + expr)
elif src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstlo, expr)
elif src1val.is_literal and src2val.is_literal:
v1 = SV.mk_simvalue(src1val.literal_value).to_signed_int()
v2 = SV.mk_simvalue(src2val.literal_value).to_signed_int()
p = v1 * v2
if p < 0:
p = p + SU.max64 + 1
loval = SV.mk_simvalue(p % (SU.max32 + 1))
hival = SV.mk_simvalue(p >> 32)
else:
loval = SV.simUndefinedDW
hival = SV.simUndefinedDW
simstate.add_logmsg("warning",
"mult: some operand is not a literal: " + expr)
lhslo = simstate.set(iaddr, dstlo, loval)
lhshi = simstate.set(iaddr, dsthi, hival)
simstate.increment_programcounter()
return SU.simassign(iaddr,
simstate,
lhslo,
loval,
intermediates=str(lhshi) + ' := ' + str(hival))
def get_from_section(self, iaddr: str, address: SSV.SimAddress,
size: int) -> SV.SimValue:
if address.is_defined:
offset = address.offsetvalue
# address has been patched by user
if self.has_patched_global(address):
return self.get_patched_global(address)
# try to get the value from the file image
else:
sectionindex = self.elfheader.get_elf_section_index(offset)
if sectionindex is None:
# address is not in file image
self.simstate.add_logmsg("global memory",
str(address) + " uninitialized")
return SV.mk_simvalue(0, size=size)
# store in global memory data structure
for i in range(offset, offset + size):
byteval = self.elfheader.get_memory_value(sectionindex, i)
if byteval is not None:
self.set_byte(iaddr, i, SV.SimByteValue(byteval))
else:
raise UF.CHBError("No value found for " + hex(i) +
" in section " + str(sectionindex))
# retrieve from global memory data structure
memval = SimMemory.get(self, iaddr, address, size)
if not memval.is_defined:
memval = SV.mk_simvalue(0, size=size)
self.simstate.add_logmsg('global memory',
str(address) + ' uninitialized')
self._accesses.setdefault(str(address), [])
self._accesses[str(address)].append(
str(iaddr) + ':' + str(memval))
return memval
else:
raise UF.CHBError("Address is not defined: " + str(address))
def rhs_string_char(self, iaddr: str, addr: SSV.SimStringAddress,
offset: int) -> SV.SimValue:
regstr = addr.stringval
if offset == len(regstr):
return SV.simZerobyte
elif offset < len(regstr):
return SV.mk_simbytevalue(ord(regstr[offset]))
else:
raise SU.CHBSimError(
self, iaddr,
("Access of string value out of bounds. String: " + regstr +
"; offset: " + str(offset)))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dsthi = self.dsthi_operand
dstlo = self.dstlo_operand
srcrs = self.rs_operand
srcrt = self.rt_operand
src1val = simstate.rhs(iaddr, srcrs)
src2val = simstate.rhs(iaddr, srcrt)
if src1val.is_undefined or src2val.is_undefined:
resultlo = SV.simUndefinedDW
resulthi = SV.simUndefinedDW
simstate.add_logmsg(
"warning", "some operand of division not defined: " +
str(src1val) + " / " + str(src2val))
elif src1val.is_symbol or src2val.is_symbol:
expr = str(src1val) + " / " + str(src2val)
raise SU.CHBSymbolicExpression(simstate, iaddr, dstlo, expr)
elif src1val.is_literal and src2val.is_literal:
v1 = src1val.literal_value
v2 = src2val.literal_value
resultlo = cast(SV.SimDoubleWordValue, SV.mk_simvalue(v1 // v2))
resulthi = cast(SV.SimDoubleWordValue, SV.mk_simvalue(v1 % v2))
else:
resultlo = SV.simUndefinedDW
resulthi = SV.simUndefinedDW
simstate.add_logmsg(
"warning", "some operand of division not recognized: " +
str(src1val) + " / " + str(src2val))
lhslo = simstate.set(iaddr, dstlo, resultlo)
lhshi = simstate.set(iaddr, dsthi, resulthi)
simstate.increment_programcounter()
return SU.simassign(iaddr,
simstate,
lhslo,
resultlo,
intermediates=str(lhshi) + ' := ' + str(resulthi))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
def do_assign(result: SV.SimValue) -> str:
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(
iaddr, simstate, lhs, result,
('val(' + str(src1op) + ') = ' + str(src1val) + ', val(' +
str(src2op) + ') = ' + str(src2val)))
if src1val.is_undefined or src2val.is_undefined:
return do_assign(SV.simUndefinedDW)
elif src1val.is_symbol or src2val.is_symbol:
expr = str(src1val) + ' + ' + str(src2val)
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
# two global addresses, one of which is spurious
elif (src1val.is_address and src2val.is_address and src1val.is_literal
and src2val.is_literal):
if src1val.literal_value > src2val.literal_value:
src1addr = cast(SSV.SimAddress, src1val)
result = cast(SV.SimValue,
src1addr.add_offset(src2val.literal_value))
else:
src2addr = cast(SSV.SimAddress, src2val)
result = src2addr.add_offset(src1val.literal_value)
return do_assign(result)
elif src2val.is_address and src1val.is_literal:
src2addr = cast(SSV.SimAddress, src2val)
result = src2addr.add_offset(src1val.literal_value)
return do_assign(result)
elif src1val.is_address and src2val.is_literal:
src1addr = cast(SSV.SimAddress, src1val)
result = src1addr.add_offset(src2val.literal_value)
return do_assign(result)
elif src1val.is_literal and src2val.is_literal:
v1 = src1val.literal_value
v2 = src2val.literal_value
result = cast(SV.SimValue, SV.mk_simvalue(v1 + v2))
return do_assign(result)
else:
return do_assign(SV.simUndefinedDW)
def mk_address(self, offset: int) -> SSV.SimAddress:
addr = cast(SV.SimDoubleWordValue, SV.mk_simvalue(offset, size=4))
if self.name.startswith("global"):
names = self.name.split(":")
if len(names) == 2:
image = names[1]
else:
image = "mainx"
return SSV.SimGlobalAddress(image, addr)
elif self.name == "stack":
return SSV.SimStackAddress(addr)
else:
return SSV.SimBaseAddress(self.name, addr)
def initialize_cmdline_arguments(self,
simstate: "SimulationState") -> None:
simstate.registers["a0"] = SV.mk_simvalue(len(self.cmdlineargs))
simstate.registers["a1"] = SSV.mk_stack_address(16)
aoffset = 100 # offset of information block on the initial process stack
for (i, arg) in enumerate(self.cmdlineargs):
argptr = SSV.mk_stack_address((i * 4) + 16)
argvalptr = SSV.mk_stack_address(aoffset)
simstate.set_memval(simstate.startaddr, argptr, argvalptr)
for c in arg:
addr = SSV.mk_stack_address(aoffset)
cval = SV.mk_simcharvalue(c)
simstate.set_memval(simstate.startaddr, addr, cval)
aoffset += 1
addr = SSV.mk_stack_address(aoffset)
simstate.set_memval(simstate.startaddr, addr, SV.simZerobyte)
aoffset += 1
# null-terminate the list of arguments
argptr = SSV.mk_stack_address((len(self.cmdlineargs) * 4) + 16)
simstate.set_memval(simstate.startaddr, argptr, SV.simZero)
def get_patched_global(self, address: SSV.SimAddress) -> SV.SimValue:
if self.has_patched_global(address):
glbval = self.patched_globals[hex(address.offsetvalue)]
result: SV.SimValue
if glbval == "stderr":
result = SFU.sim_openfile("/stderr", "w")
result = cast(SV.SimValue, result)
else:
result = cast(SV.SimValue, SV.mk_simvalue(int(glbval, 16)))
return result
else:
raise UF.CHBError('No patched global found for ' + str(address))
