total_queries = 0
start = time.time()
while True:
if timeout is not None and time.time() - start >= timeout:
imm.log("Timeout of %d seconds expired during first phase" %
timeout)
break
# Preserve solver state
sa.push()
reg_expr = sa.state.regs[output_reg]
try:
addr_range = ranges_to_test.pop()
except IndexError:
sa.pop()
break
lower = addr_range.start
upper = addr_range.end
imm.log("Checking range %s:%s" % (hex(lower), hex(upper)))
lower_expr = solver.constExpr(lower)
upper_expr = solver.constExpr(upper)
rel_expr = boundsExpr(sa, reg_expr, lower_expr, upper_expr)
res = solver.checkUnsat(rel_expr)
total_queries += 1
if res == 0:
imm.log("SAT: %s <= VAL <= %s" % (hex(lower), hex(upper)))
diff = upper - lower
total_queries = 0
start = time.time()
while True:
if timeout is not None and time.time() - start >= timeout:
imm.log("Timeout of %d seconds expired during first phase" % timeout)
break
# Preserve solver state
sa.push()
reg_expr = sa.state.regs[output_reg]
try:
addr_range = ranges_to_test.pop()
except IndexError:
sa.pop()
break
lower = addr_range.start
upper = addr_range.end
imm.log("Checking range %s:%s" % (hex(lower), hex(upper)))
lower_expr = solver.constExpr(lower)
upper_expr = solver.constExpr(upper)
rel_expr = boundsExpr(sa, reg_expr, lower_expr,
upper_expr)
res = solver.checkUnsat(rel_expr)
total_queries += 1
if res == 0:
imm.log("SAT: %s <= VAL <= %s" % (hex(lower), hex(upper)))
