def exprEqual(self, expr, e):
expr = EX.eval_expr(expr, self.use_esf)
if self.use_esf:
expand_esf_inplace(expr.vec)
simplify_inplace(expr.vec)
simplify_inplace(e.vec)
simplify_inplace(expr.vec)
self.assertEqual(expr, e)
def test_cmp(self):
e = EX.ExprCond(EX.ExprCmpEq(self.x8_expr, EX.ExprCst(10, 8)),
self.y8_expr, self.z8_expr)
e = EX.eval_expr(e)
for i in range(256):
eref = self.z8 if i != 10 else self.y8
self.assertEqual(e.eval({self.x8: i}), eref.vec)
def astEquals(self, ast, v):
if self.use_expr:
e = tritonast2arybo(ast, use_exprs=True, use_esf=False)
e = eval_expr(e, use_esf=False)
v = expand_esf_inplace(v)
v = simplify_inplace(v)
else:
e = tritonast2arybo(ast, use_exprs=False, use_esf=True)
self.assertEqual(e, v)
def check_expr(self, e, args):
M,cfunc = self.get_c_func(e, args)
# Eval 'e'
evale = EX.eval_expr(e)
for n in range(100):
args_v = [random.getrandbits(a.nbits) for a in args]
self.assertEqual(cfunc(*args_v), evale.eval({a: args_v[i] for i,a in enumerate(args)}))
self.engine.remove_module(M)
def test_exprs_xor_5C(self):
# Based on djo's example
# This is the xor_5C example compiled with optimisations for x86-4
code = [
"\x41\xB8\xE5\xFF\xFF\xFF",
"\x89\xF8",
"\xBA\x26\x00\x00\x00",
"\x41\x0F\xAF\xC0",
"\xB9\xED\xFF\xFF\xFF",
"\x89\xC7",
"\x89\xD0",
"\x83\xEF\x09",
"\x0F\xAF\xC7",
"\x89\xC2",
"\x89\xF8",
"\x0F\xAF\xC1",
"\xB9\x4B\x00\x00\x00",
"\x8D\x44\x02\x2A",
"\x0F\xB6\xC0",
"\x89\xC2",
"\xF7\xDA",
"\x8D\x94\x12\xFF\x00\x00\x00",
"\x81\xE2\xFE\x00\x00\x00",
"\x01\xD0",
"\x8D\x14\x00",
"\x8D\x54\x02\x4D",
"\x0F\xB6\xF2",
"\x6B\xF6\x56",
"\x83\xC6\x24",
"\x83\xE6\x46",
"\x89\xF0",
"\x0F\xAF\xC1",
"\xB9\xE7\xFF\xFF\xFF",
"\x89\xC6",
"\x89\xD0",
"\xBA\x3A\x00\x00\x00",
"\x0F\xAF\xC1",
"\x89\xC1",
"\x89\xD0",
"\x8D\x4C\x0E\x76",
"\xBE\x63\x00\x00\x00",
"\x0F\xAF\xC1",
"\x89\xC2",
"\x89\xC8",
"\x0F\xAF\xC6",
"\x83\xEA\x51",
"\xBE\x2D\x00\x00\x00",
"\x83\xE2\xF4",
"\x89\xC1",
"\x8D\x4C\x0A\x2E",
"\x89\xC8",
"\x25\x94\x00\x00\x00",
"\x01\xC0",
"\x29\xC8",
"\xB9\x67\x00\x00\x00",
"\x0F\xAF\xC1",
"\x8D\x48\x0D",
"\x0F\xB6\xD1",
"\x69\xD2\xAE\x00\x00\x00",
"\x83\xCA\x22",
"\x89\xD0",
"\x41\x0F\xAF\xC0",
"\x89\xC2",
"\x89\xC8",
"\x0F\xAF\xC6",
"\x8D\x44\x02\xC2",
"\x0F\xB6\xC0",
"\x2D\xF7\x00\x00\x00",
"\x69\xC0\xED\x00\x00\x00",
"\x0F\xB6\xC0",
]
TT.setArchitecture(TT.ARCH.X86_64)
rdi = TT.convertRegisterToSymbolicVariable(TT.REG.RDI)
rdi = tritonast2arybo(TAst.variable(rdi), use_exprs=False)
for opcodes in code:
inst = TT.Instruction(opcodes)
TT.processing(inst)
rax_ast = TT.buildSymbolicRegister(TT.REG.RAX)
rax_ast = TT.getFullAst(rax_ast)
rax_ast = TT.simplify(rax_ast, True)
# Check that this gives a xor 5C
e = tritonast2arybo(rax_ast, use_exprs=self.use_expr, use_esf=False)
if self.use_expr:
e = eval_expr(e)
self.assertEqual(e, ((rdi & 0xff) ^ 0x5C).vec)
def test_logical(self):
e = TAst.equal(self.x8_t, self.y8_t)
ea = tritonast2arybo(e, use_exprs=True, use_esf=False)
ea = eval_expr(ea, use_esf=False)
self.assertEqual(ea.nbits, 1)
use_exprs = int(sys.argv[1])
def f(x):
v0 = x * 0xe5 + 0xF7
v0 = v0 & 0xFF
v3 = (((((v0 * 0x26) + 0x55) & 0xFE) + (v0 * 0xED) + 0xD6) & 0xFF)
v4 = ((((((-(v3 * 0x2)) + 0xFF) & 0xFE) + v3) * 0x03) + 0x4D)
v5 = (((((v4 * 0x56) + 0x24) & 0x46) * 0x4B) + (v4 * 0xE7) + 0x76)
v7 = ((((v5 * 0x3A) + 0xAF) & 0xF4) + (v5 * 0x63) + 0x2E)
v6 = (v7 & 0x94)
v8 = ((((v6 + v6 + (-(v7 & 0xFF))) * 0x67) + 0xD))
res = ((v8 * 0x2D) + (((v8 * 0xAE) | 0x22) * 0xE5) + 0xC2) & 0xFF
return (0xed * (res - 0xF7)) & 0xff
mba8 = MBA(8)
X = mba8.var('X')
if use_exprs:
X = EX.ExprBV(X)
res = f(X)
if use_exprs:
res = EX.eval_expr(res, use_esf=False)
print(res)
if use_exprs:
X = X.v
VD = res.vectorial_decomp([X])
print("====")
print("Cst = " + hex(VD.cst().get_int_be()))
def check(self, e, ref):
app = e.vectorial_decomp([self.x])
eid = identify(app,"x")
self.assertEqual(EX.eval_expr(eid), EX.eval_expr(ref))