def SimIRExpr_CCall(engine, state, expr): if o.DO_CCALLS not in state.options: return state.solver.Unconstrained("ccall_ret", get_type_size(expr.ret_type)) call_args = [engine.handle_expression(state, e) for e in expr.args] if hasattr(ccall, expr.callee.name): try: func = getattr(ccall, expr.callee.name) result, constraints = func(state, *call_args) state.solver.add(*constraints) except SimCCallError: if o.BYPASS_ERRORED_IRCCALL not in state.options: raise state.history.add_event('resilience', resilience_type='ccall', callee=expr.callee.name, message='ccall raised SimCCallError') result = state.solver.Unconstrained("errored_%s" % expr.callee.name, get_type_size(expr.ret_type)) else: l.error("Unsupported CCall %s", expr.callee.name) if o.BYPASS_UNSUPPORTED_IRCCALL in state.options: if o.UNSUPPORTED_BYPASS_ZERO_DEFAULT in state.options: result = state.solver.BVV(0, get_type_size(expr.ret_type)) else: result = state.solver.Unconstrained("unsupported_%s" % expr.callee.name, get_type_size(expr.ret_type)) state.history.add_event('resilience', resilience_type='ccall', callee=expr.callee.name, message='unsupported ccall') else: raise UnsupportedCCallError("Unsupported CCall %s" % expr.callee.name) return result
def size_bits(self, ty=None): if not ty: if self.type is not None: return get_type_size(self.type) return len(self.stmt) else: # Allow subclasses to define which parameter they consider their size return get_type_size(ty)
def SimIRExpr_GetI(engine, state, expr): ix = engine.handle_expression(state, expr.ix) size_in_bits = get_type_size(expr.descr.elemTy) size = size_in_bits // state.arch.byte_width array_base = expr.descr.base array_index = (ix + expr.bias) % expr.descr.nElems offset = array_base + array_index * size # get it! result = state.registers.load(offset, size) if expr.descr.elemTy.startswith('Ity_F'): result = result.raw_to_fp() # finish it and save the register references if o.TRACK_REGISTER_ACTIONS in state.options: r = SimActionData(state, state.registers.id, SimActionData.READ, addr=offset, size=size_in_bits, data=result) state.history.add_action(r) return result
def SimIRExpr_Load(engine, state, expr): # size of the load size_bits = get_type_size(expr.type) size = size_bits // state.arch.byte_width # get the address expression and track stuff with state.history.subscribe_actions() as addr_actions: addr = engine.handle_expression(state, expr.addr) if o.UNINITIALIZED_ACCESS_AWARENESS in state.options: if getattr(addr._model_vsa, 'uninitialized', False): raise SimUninitializedAccessError('addr', addr) if o.DO_LOADS not in state.options: # only do the load if, uh, we have to result = state.solver.Unconstrained("load_expr_%#x_%d" % (state.scratch.ins_addr, state.scratch.stmt_idx), size_bits) else: # load from memory and fix endianness result = state.memory.load(addr, size, endness=expr.endness) if expr.type.startswith('Ity_F'): result = result.raw_to_fp() # finish it and save the mem read if o.TRACK_MEMORY_ACTIONS in state.options: addr_ao = SimActionObject(addr, deps=addr_actions, state=state) r = SimActionData(state, state.memory.id, SimActionData.READ, addr=addr_ao, size=size_bits, data=result) state.history.add_action(r) return result
def cast_to(self, rdt, tydest, signed=False, high=False): goalwidth = get_type_size(tydest) rdtwidth = self.get_rdt_width(rdt) if rdtwidth > goalwidth: return self.op_narrow_int(rdt, tydest, high_half=high) elif rdtwidth < goalwidth: return self.op_widen_int(rdt, tydest, signed=signed) else: return rdt
def SimIRExpr_CCall(engine, state, expr): if o.DO_CCALLS not in state.options: return state.solver.Unconstrained("ccall_ret", get_type_size(expr.ret_type)) call_args = [engine.handle_expression(state, e) for e in expr.args] if hasattr(ccall, expr.callee.name): try: func = getattr(ccall, expr.callee.name) result, constraints = func(state, *call_args) state.solver.add(*constraints) except SimCCallError: if o.BYPASS_ERRORED_IRCCALL not in state.options: raise state.history.add_event('resilience', resilience_type='ccall', callee=expr.callee.name, message='ccall raised SimCCallError') result = state.solver.Unconstrained( "errored_%s" % expr.callee.name, get_type_size(expr.ret_type)) else: l.error("Unsupported CCall %s", expr.callee.name) if o.BYPASS_UNSUPPORTED_IRCCALL in state.options: if o.UNSUPPORTED_BYPASS_ZERO_DEFAULT in state.options: result = state.solver.BVV(0, get_type_size(expr.ret_type)) else: result = state.solver.Unconstrained( "unsupported_%s" % expr.callee.name, get_type_size(expr.ret_type)) state.history.add_event('resilience', resilience_type='ccall', callee=expr.callee.name, message='unsupported ccall') else: raise UnsupportedCCallError("Unsupported CCall %s" % expr.callee.name) return result
def translate_irconst(state, c): size = get_type_size(c.type) if isinstance(c.value, int): return state.solver.BVV(c.value, size) elif isinstance(c.value, float): if options.SUPPORT_FLOATING_POINT not in state.options: raise UnsupportedIRExprError("floating point support disabled") if size == 32: return state.solver.FPV(c.value, FSORT_FLOAT) elif size == 64: return state.solver.FPV(c.value, FSORT_DOUBLE) else: raise SimExpressionError("Unsupported floating point size: %d" % size) raise SimExpressionError("Unsupported constant type: %s" % type(c.value))
def translate_irconst(state, c): size = get_type_size(c.type) if isinstance(c.value, (int, long)): return state.se.BVV(c.value, size) elif isinstance(c.value, float): if options.SUPPORT_FLOATING_POINT not in state.options: raise UnsupportedIRExprError("floating point support disabled") if size == 32: return state.se.FPV(c.value, FSORT_FLOAT) elif size == 64: return state.se.FPV(c.value, FSORT_DOUBLE) else: raise SimExpressionError("Unsupported floating point size: %d" % size) raise SimExpressionError("Unsupported constant type: %s" % type(c.value))
def SimIRStmt_LoadG(engine, state, stmt): with state.history.subscribe_actions() as addr_deps: addr = engine.handle_expression(state, stmt.addr) with state.history.subscribe_actions() as alt_deps: alt = engine.handle_expression(state, stmt.alt) with state.history.subscribe_actions() as guard_deps: guard = engine.handle_expression(state, stmt.guard) read_type, converted_type = stmt.cvt_types read_size_bits = get_type_size(read_type) converted_size_bits = get_type_size(converted_type) read_size = read_size_bits // state.arch.byte_width read_expr = state.memory.load(addr, read_size, endness=stmt.end, condition=guard != 0) if read_size_bits == converted_size_bits: converted_expr = read_expr elif "S" in stmt.cvt: converted_expr = read_expr.sign_extend(converted_size_bits - read_size_bits) elif "U" in stmt.cvt: converted_expr = read_expr.zero_extend(converted_size_bits - read_size_bits) else: raise SimStatementError("Unrecognized IRLoadGOp %s!" % stmt.cvt) read_expr = state.solver.If(guard != 0, converted_expr, alt) state.scratch.store_tmp(stmt.dst, read_expr, deps=addr_deps + alt_deps + guard_deps) if o.TRACK_MEMORY_ACTIONS in state.options: data_ao = SimActionObject(converted_expr) alt_ao = SimActionObject(alt, deps=alt_deps, state=state) addr_ao = SimActionObject(addr, deps=addr_deps, state=state) guard_ao = SimActionObject(guard, deps=guard_deps, state=state) size_ao = SimActionObject(converted_size_bits) r = SimActionData(state, state.memory.id, SimActionData.READ, addr=addr_ao, data=data_ao, condition=guard_ao, size=size_ao, fallback=alt_ao) state.history.add_action(r)
def SimIRExpr_Get(_, state, expr): size_in_bits = get_type_size(expr.ty) size = size_in_bits // state.arch.byte_width # get it! result = state.registers.load(expr.offset, size) if expr.type.startswith('Ity_F'): result = result.raw_to_fp() # finish it and save the register references if o.TRACK_REGISTER_ACTIONS in state.options: r = SimActionData(state, state.registers.id, SimActionData.READ, addr=expr.offset, size=size_in_bits, data=result ) state.history.add_action(r) return result
def SimIRExpr_Get(_, state, expr): size_in_bits = get_type_size(expr.ty) size = size_in_bits // state.arch.byte_width # get it! result = state.registers.load(expr.offset, size) if expr.type.startswith('Ity_F'): result = result.raw_to_fp() # finish it and save the register references if o.TRACK_REGISTER_ACTIONS in state.options: r = SimActionData(state, state.registers.id, SimActionData.READ, addr=expr.offset, size=size_in_bits, data=result) state.history.add_action(r) return result
def SimIRExpr_GetI(engine, state, expr): ix = engine.handle_expression(state, expr.ix) size_in_bits = get_type_size(expr.descr.elemTy) size = size_in_bits // state.arch.byte_width array_base = expr.descr.base array_index = (ix + expr.bias) % expr.descr.nElems offset = array_base + array_index*size # get it! result = state.registers.load(offset, size) if expr.descr.elemTy.startswith('Ity_F'): result = result.raw_to_fp() # finish it and save the register references if o.TRACK_REGISTER_ACTIONS in state.options: r = SimActionData(state, state.registers.id, SimActionData.READ, addr=offset, size=size_in_bits, data=result) state.history.add_action(r) return result
def SimIRExpr_Op(engine, state, expr): exprs = [engine.handle_expression(state, e) for e in expr.args] try: result = translate(state, expr.op, exprs) if o.TRACK_OP_ACTIONS in state.options: action_objects = [] for arg, ex in zip(expr.args, exprs): if isinstance(arg, RdTmp): action_objects.append(SimActionObject(ex, tmp_deps=frozenset({arg.tmp}))) elif isinstance(arg, Get): action_objects.append(SimActionObject(ex, reg_deps=frozenset({arg.offset}))) else: action_objects.append(SimActionObject(ex)) r = SimActionOperation(state, expr.op, action_objects, result) state.history.add_action(r) except UnsupportedIROpError: if o.BYPASS_UNSUPPORTED_IROP in state.options: state.history.add_event('resilience', resilience_type='irop', op=expr.op, message='unsupported IROp') res_type = get_op_retty(expr.op) res_size = get_type_size(res_type) if o.UNSUPPORTED_BYPASS_ZERO_DEFAULT in state.options: result = state.solver.BVV(0, res_size) else: result = state.solver.Unconstrained(type(expr).__name__, res_size) if res_type.startswith('Ity_F'): result = result.raw_to_fp() else: raise except SimOperationError as e: e.bbl_addr = state.scratch.bbl_addr e.stmt_idx = state.scratch.stmt_idx e.ins_addr = state.scratch.ins_addr e.executed_instruction_count = state.history.recent_instruction_count raise return result
def get_msb(self, tmp, ty): width = get_type_size(ty) return self.get_bit(tmp, width - 1)
from claripy.fp import FSORT_FLOAT, FSORT_DOUBLE from pyvex.const import get_type_size def translate_irconst(state, c): ''' BV化的地方 ''' size = get_type_size(c.type) if isinstance(c.value, (int, long)): return state.se.BVV(c.value, size) elif isinstance(c.value, float): if options.SUPPORT_FLOATING_POINT not in state.options: raise UnsupportedIRExprError("floating point support disabled") if size == 32: return state.se.FPV(c.value, FSORT_FLOAT) elif size == 64: return state.se.FPV(c.value, FSORT_DOUBLE) else: raise SimExpressionError("Unsupported floating point size: %d" % size) raise SimExpressionError("Unsupported constant type: %s" % type(c.value)) from .expressions import SimIRExpr, translate_expr from .statements import SimIRStmt, translate_stmt from .engine import SimEngineVEX from . import ccall from .irop import operations from ...errors import SimExpressionError, UnsupportedIRExprError from ... import sim_options as options