def test_replacement_solver(): sr = claripy.ReplacementFrontend(claripy.FullFrontend(claripy.backends.z3)) x = claripy.BVS('x', 32) nose.tools.assert_equals(len(sr.eval(x, 10)), 10) sr.result = None sr.add_replacement(x, claripy.BVV(0x101, 32)) nose.tools.assert_items_equal(sr.eval(x, 10), [0x101]) y = claripy.BVS('y', 32) sr.add([y+1 == 200]) assert (y+1).cache_key in sr._replacements assert sr._replacement(y+1) is claripy.BVV(200, 32) srb = sr.branch() assert len(srb.constraints) == len(sr.constraints) assert (y+1).cache_key in sr._replacements assert sr._replacement(y+1) is claripy.BVV(200, 32) sr = claripy.ReplacementFrontend(claripy.FullFrontend(claripy.backends.z3)) b = claripy.BoolS('b') assert sr._replacement(b) is b sr.add(claripy.Not(b)) assert sr._replacement(b) is claripy.false sr = claripy.ReplacementFrontend(claripy.LightFrontend(claripy.backends.vsa), complex_auto_replace=True) x = claripy.BVS('x', 64) sr.add([x + 8 <= 0xffffffffffffffff]) sr.add([x + 8 >= 0]) assert sr._replacement(x) is not x
def test_solver_branching(): yield raw_solver_branching, lambda: claripy.FullFrontend(claripy.backends. z3) yield raw_solver_branching, lambda: claripy.HybridFrontend(claripy.backends .z3) yield raw_solver_branching, lambda: claripy.CompositeFrontend( claripy.FullFrontend(claripy.backends.z3))
def test_minmax(): s = claripy.FullFrontend(claripy.backends.z3) x = claripy.BVS("x", 32) nose.tools.assert_equal(s.max(x), 2**32-1) nose.tools.assert_equal(s.min(x), 0) nose.tools.assert_true(s.satisfiable())
def test_composite_solver(): s = claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3)) x = claripy.BVS("x", 32) y = claripy.BVS("y", 32) z = claripy.BVS("z", 32) c = claripy.And(x == 1, y == 2, z == 3) s.add(c) nose.tools.assert_equals(len(s._solver_list), 4) # including the CONSTANT solver nose.tools.assert_true(s.satisfiable()) s.add(x < y) nose.tools.assert_equal(len(s._solver_list), 3) nose.tools.assert_true(s.satisfiable()) s.simplify() nose.tools.assert_equal(len(s._solver_list), 4) nose.tools.assert_true(s.satisfiable()) s1 = s.branch() s1.add(x > y) nose.tools.assert_equal(len(s1._solver_list), 3) nose.tools.assert_false(s1.satisfiable()) nose.tools.assert_equal(len(s._solver_list), 4) nose.tools.assert_true(s.satisfiable()) s.add(claripy.BVV(1, 32) == claripy.BVV(2, 32)) nose.tools.assert_equal(len(s._solver_list), 4) # the CONCRETE one nose.tools.assert_false(s.satisfiable())
def test_datalayer(): l.info("Running test_datalayer") pickle_dir = tempfile.mkdtemp() ana.set_dl(pickle_dir=pickle_dir) l.debug("Pickling to %s", pickle_dir) a = claripy.BVV(1, 32) b = claripy.BVS("x", 32) c = a + b d = a + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b l.debug("Storing!") a.ana_store() c_info = c.ana_store() d_info = d.ana_store() l.debug("Loading!") ana.set_dl(pickle_dir=pickle_dir) #nose.tools.assert_equal(len(claripy.dl._cache), 0) cc = claripy.ast.BV.ana_load(c_info) nose.tools.assert_equal(str(cc), str(c)) cd = claripy.ast.BV.ana_load(d_info) nose.tools.assert_equal(str(cd), str(d)) l.debug("Time to test some solvers!") s = claripy.FullFrontend(claripy.backends.z3) x = claripy.BVS("x", 32) s.add(x == 3) s.finalize() ss = claripy.FullFrontend.ana_load(s.ana_store()) nose.tools.assert_equal(str(s.constraints), str(ss.constraints)) nose.tools.assert_equal(str(s.variables), str(ss.variables)) s = claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3)) x = claripy.BVS("x", 32) s.add(x == 3) s.finalize() ss = claripy.CompositeFrontend.ana_load(s.ana_store()) old_constraint_sets = [[hash(j) for j in k.constraints] for k in s._solver_list] new_constraint_sets = [[hash(j) for j in k.constraints] for k in ss._solver_list] nose.tools.assert_items_equal(old_constraint_sets, new_constraint_sets) nose.tools.assert_equal(str(s.variables), str(ss.variables))
def compare_states(self, sl, sr): """ Compares two states for similarity. """ joint_solver = claripy.FullFrontend(claripy.backends.z3) # make sure the canonicalized constraints are the same n_map, n_counter, n_canon_constraint = claripy.And( *sr.se.constraints).canonicalize() #pylint:disable=no-member u_map, u_counter, u_canon_constraint = claripy.And( *sl.se.constraints).canonicalize() #pylint:disable=no-member joint_solver.add((n_canon_constraint, u_canon_constraint)) if n_canon_constraint is not u_canon_constraint: self._report_incongruency("Different constraints!") return False # get the differences in registers and memory mem_diff = sr.memory.changed_bytes(sl.memory) reg_diff = sr.registers.changed_bytes(sl.registers) # this is only for unicorn if "UNICORN" in sl.options | sr.options: if sl.arch.name == "X86": reg_diff -= set(range(40, 52)) #ignore cc psuedoregisters reg_diff -= set(range(320, 324)) #some other VEX weirdness elif sl.arch.name == "AMD64": reg_diff -= set(range(144, 168)) #ignore cc psuedoregisters # make sure the differences in registers and memory are actually just renamed # versions of the same ASTs for diffs, (um, nm) in ( (reg_diff, (sl.registers, sr.registers)), (mem_diff, (sl.memory, sr.memory)), ): for i in diffs: bn = nm.load(i, 1) bu = um.load(i, 1) bnc = bn.canonicalize(var_map=n_map, counter=n_counter)[-1] buc = bu.canonicalize(var_map=u_map, counter=u_counter)[-1] if bnc is not buc: self._report_incongruency( "Different memory or registers (index %d, values %r and %r)!", i, bn, bu) return False # make sure the flags are the same if sl.arch.name in ("AMD64", "X86", "ARM", "AARCH64"): n_flags = simuvex.vex.ccall._get_flags(sr)[0].canonicalize( var_map=n_map, counter=n_counter)[-1] u_flags = simuvex.vex.ccall._get_flags(sl)[0].canonicalize( var_map=u_map, counter=u_counter)[-1] if n_flags is not u_flags: self._report_incongruency("Different flags!") return False return True
def _solver(self): if self._stored_solver is not None: return self._stored_solver if o.ABSTRACT_SOLVER in self.state.options: self._stored_solver = claripy.LightFrontend(claripy.backends.vsa, cache=False) elif o.REPLACEMENT_SOLVER in self.state.options: self._stored_solver = claripy.ReplacementFrontend(claripy.FullFrontend(claripy.backends.z3), unsafe_replacement=True) elif o.COMPOSITE_SOLVER in self.state.options: self._stored_solver = claripy.CompositeFrontend(claripy.hybrid_vsa_z3()) elif o.SYMBOLIC in self.state.options: if o.approximation & self.state.options: self._stored_solver = claripy.hybrid_vsa_z3() else: self._stored_solver = claripy.FullFrontend(claripy.backends.z3) else: self._stored_solver = claripy.LightFrontend(claripy.backends.concrete) return self._stored_solver
def _solver(self): if self._stored_solver is not None: return self._stored_solver if o.ABSTRACT_SOLVER in self.state.options: self._stored_solver = claripy.LightFrontend(claripy.backend_vsa) elif o.COMPOSITE_SOLVER in self.state.options: self._stored_solver = claripy.CompositeFrontend(claripy.backend_z3) else: self._stored_solver = claripy.FullFrontend(claripy.backend_z3) return self._stored_solver
def test_pickle_frontend(): s = claripy.FullFrontend(claripy.backends.z3) x = claripy.BVS('x', 32) s.add(x == 1) assert s.eval(x, 10), (1, ) ss = pickle.dumps(s) del s import gc gc.collect() s = pickle.loads(ss) assert s.eval(x, 10), (1, )
def test_simple_merging(): yield raw_simple_merging, lambda: claripy.FullFrontend(claripy.backends.z3) yield raw_simple_merging, claripy.hybrid_vsa_z3 yield raw_simple_merging, lambda: claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
def test_ite(): yield raw_ite, lambda: claripy.FullFrontend(claripy.backends.z3) yield raw_ite, lambda: claripy.HybridFrontend(claripy.backends.z3) yield raw_ite, lambda: claripy.CompositeFrontend( claripy.FullFrontend(claripy.backends.z3))
def test_solver(): yield raw_solver, lambda: claripy.FullFrontend(claripy.backends.z3) yield raw_solver, claripy.hybrid_vsa_z3 yield raw_solver, lambda: claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
def test_combine(): yield raw_combine, lambda: claripy.FullFrontend(claripy.backends.z3) yield raw_combine, claripy.hybrid_vsa_z3 yield raw_combine, lambda: claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))