def test_mix_of_concrete_and_symbolic__push_pop_cleaning_store(self): #global mainsolver my_solver = Solver() mem = SMemory(my_solver, 32, 12) start_mapping_addr = mem.mmap(None, 0x1000, 'rwx') concrete_addr = start_mapping_addr symbolic_addr = start_mapping_addr+1 mem.putchar(concrete_addr, 'C') sym = my_solver.mkBitVec(8) mem.putchar(symbolic_addr, sym) my_solver.add(sym.uge(0xfe)) values = list(my_solver.getallvalues(sym)) self.assertIn(0xfe, values) self.assertIn(0xff, values) self.assertNotIn(0x7f, values) values = list(my_solver.getallvalues(mem.getchar(symbolic_addr))) self.assertIn(0xfe, values) self.assertIn(0xff, values) self.assertNotIn(0x7f, values) my_solver.push() my_solver.add(sym==0xfe) values = list(my_solver.getallvalues(sym)) self.assertIn(0xfe, values) self.assertNotIn(0xff, values) self.assertNotIn(0x7f, values) values = list(my_solver.getallvalues(mem.getchar(symbolic_addr))) self.assertIn(0xfe, values) self.assertNotIn(0xff, values) self.assertNotIn(0x7f, values) my_solver.pop() values = list(my_solver.getallvalues(sym)) self.assertIn(0xfe, values) self.assertIn(0xff, values) self.assertNotIn(0x7f, values) values = list(my_solver.getallvalues(mem.getchar(symbolic_addr))) self.assertIn(0xfe, values) self.assertIn(0xff, values) self.assertNotIn(0x7f, values)
pass linux.cpu.IF = linux.solver.simplify(linux.cpu.IF) linux.cpu.RCX = linux.solver.simplify(linux.cpu.RCX) ''' new_pc=None vals = None count += 1 except Exception,e: test_case_no+=1 if e.message == 'Finished': print "Program Finnished correctly" generate_testcase(linux) elif e.message == "Max number of different solutions hit": print "Max number of target PCs hit. Checking for wild PC." solver = linux.solver solver.push() try: #Quick heuristics to determine wild pc solver.push() solver.add(linux.cpu.PC == 0x41414141) if solver.check() == 'sat': print "PC seems controled!" solver.pop() m,M = solver.minmax(linux.cpu.PC) print "Program counter range: %016x - %016x" %(m,M) generate_testcase(linux) finally: solver.pop() else: print Exception, e generate_testcase(linux)