def test_replacement_solver():
sr = claripy.ReplacementFrontend(claripy.FullFrontend(claripy.backends.z3))
x = claripy.BVS('x', 32)
nose.tools.assert_equals(len(sr.eval(x, 10)), 10)
sr.result = None
sr.add_replacement(x, claripy.BVV(0x101, 32))
nose.tools.assert_items_equal(sr.eval(x, 10), [0x101])
y = claripy.BVS('y', 32)
sr.add([y+1 == 200])
assert (y+1).cache_key in sr._replacements
assert sr._replacement(y+1) is claripy.BVV(200, 32)
srb = sr.branch()
assert len(srb.constraints) == len(sr.constraints)
assert (y+1).cache_key in sr._replacements
assert sr._replacement(y+1) is claripy.BVV(200, 32)
sr = claripy.ReplacementFrontend(claripy.FullFrontend(claripy.backends.z3))
b = claripy.BoolS('b')
assert sr._replacement(b) is b
sr.add(claripy.Not(b))
assert sr._replacement(b) is claripy.false
sr = claripy.ReplacementFrontend(claripy.LightFrontend(claripy.backends.vsa), complex_auto_replace=True)
x = claripy.BVS('x', 64)
sr.add([x + 8 <= 0xffffffffffffffff])
sr.add([x + 8 >= 0])
assert sr._replacement(x) is not x
def test_solver_branching():
yield raw_solver_branching, lambda: claripy.FullFrontend(claripy.backends.
z3)
yield raw_solver_branching, lambda: claripy.HybridFrontend(claripy.backends
.z3)
yield raw_solver_branching, lambda: claripy.CompositeFrontend(
claripy.FullFrontend(claripy.backends.z3))
def test_minmax():
s = claripy.FullFrontend(claripy.backends.z3)
x = claripy.BVS("x", 32)
nose.tools.assert_equal(s.max(x), 2**32-1)
nose.tools.assert_equal(s.min(x), 0)
nose.tools.assert_true(s.satisfiable())
def test_composite_solver():
s = claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
x = claripy.BVS("x", 32)
y = claripy.BVS("y", 32)
z = claripy.BVS("z", 32)
c = claripy.And(x == 1, y == 2, z == 3)
s.add(c)
nose.tools.assert_equals(len(s._solver_list), 4) # including the CONSTANT solver
nose.tools.assert_true(s.satisfiable())
s.add(x < y)
nose.tools.assert_equal(len(s._solver_list), 3)
nose.tools.assert_true(s.satisfiable())
s.simplify()
nose.tools.assert_equal(len(s._solver_list), 4)
nose.tools.assert_true(s.satisfiable())
s1 = s.branch()
s1.add(x > y)
nose.tools.assert_equal(len(s1._solver_list), 3)
nose.tools.assert_false(s1.satisfiable())
nose.tools.assert_equal(len(s._solver_list), 4)
nose.tools.assert_true(s.satisfiable())
s.add(claripy.BVV(1, 32) == claripy.BVV(2, 32))
nose.tools.assert_equal(len(s._solver_list), 4) # the CONCRETE one
nose.tools.assert_false(s.satisfiable())
def test_datalayer():
l.info("Running test_datalayer")
pickle_dir = tempfile.mkdtemp()
ana.set_dl(pickle_dir=pickle_dir)
l.debug("Pickling to %s", pickle_dir)
a = claripy.BVV(1, 32)
b = claripy.BVS("x", 32)
c = a + b
d = a + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b + b
l.debug("Storing!")
a.ana_store()
c_info = c.ana_store()
d_info = d.ana_store()
l.debug("Loading!")
ana.set_dl(pickle_dir=pickle_dir)
#nose.tools.assert_equal(len(claripy.dl._cache), 0)
cc = claripy.ast.BV.ana_load(c_info)
nose.tools.assert_equal(str(cc), str(c))
cd = claripy.ast.BV.ana_load(d_info)
nose.tools.assert_equal(str(cd), str(d))
l.debug("Time to test some solvers!")
s = claripy.FullFrontend(claripy.backends.z3)
x = claripy.BVS("x", 32)
s.add(x == 3)
s.finalize()
ss = claripy.FullFrontend.ana_load(s.ana_store())
nose.tools.assert_equal(str(s.constraints), str(ss.constraints))
nose.tools.assert_equal(str(s.variables), str(ss.variables))
s = claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
x = claripy.BVS("x", 32)
s.add(x == 3)
s.finalize()
ss = claripy.CompositeFrontend.ana_load(s.ana_store())
old_constraint_sets = [[hash(j) for j in k.constraints]
for k in s._solver_list]
new_constraint_sets = [[hash(j) for j in k.constraints]
for k in ss._solver_list]
nose.tools.assert_items_equal(old_constraint_sets, new_constraint_sets)
nose.tools.assert_equal(str(s.variables), str(ss.variables))
def compare_states(self, sl, sr):
"""
Compares two states for similarity.
"""
joint_solver = claripy.FullFrontend(claripy.backends.z3)
# make sure the canonicalized constraints are the same
n_map, n_counter, n_canon_constraint = claripy.And(
*sr.se.constraints).canonicalize() #pylint:disable=no-member
u_map, u_counter, u_canon_constraint = claripy.And(
*sl.se.constraints).canonicalize() #pylint:disable=no-member
joint_solver.add((n_canon_constraint, u_canon_constraint))
if n_canon_constraint is not u_canon_constraint:
self._report_incongruency("Different constraints!")
return False
# get the differences in registers and memory
mem_diff = sr.memory.changed_bytes(sl.memory)
reg_diff = sr.registers.changed_bytes(sl.registers)
# this is only for unicorn
if "UNICORN" in sl.options | sr.options:
if sl.arch.name == "X86":
reg_diff -= set(range(40, 52)) #ignore cc psuedoregisters
reg_diff -= set(range(320, 324)) #some other VEX weirdness
elif sl.arch.name == "AMD64":
reg_diff -= set(range(144, 168)) #ignore cc psuedoregisters
# make sure the differences in registers and memory are actually just renamed
# versions of the same ASTs
for diffs, (um, nm) in (
(reg_diff, (sl.registers, sr.registers)),
(mem_diff, (sl.memory, sr.memory)),
):
for i in diffs:
bn = nm.load(i, 1)
bu = um.load(i, 1)
bnc = bn.canonicalize(var_map=n_map, counter=n_counter)[-1]
buc = bu.canonicalize(var_map=u_map, counter=u_counter)[-1]
if bnc is not buc:
self._report_incongruency(
"Different memory or registers (index %d, values %r and %r)!",
i, bn, bu)
return False
# make sure the flags are the same
if sl.arch.name in ("AMD64", "X86", "ARM", "AARCH64"):
n_flags = simuvex.vex.ccall._get_flags(sr)[0].canonicalize(
var_map=n_map, counter=n_counter)[-1]
u_flags = simuvex.vex.ccall._get_flags(sl)[0].canonicalize(
var_map=u_map, counter=u_counter)[-1]
if n_flags is not u_flags:
self._report_incongruency("Different flags!")
return False
return True
def _solver(self):
if self._stored_solver is not None:
return self._stored_solver
if o.ABSTRACT_SOLVER in self.state.options:
self._stored_solver = claripy.LightFrontend(claripy.backends.vsa, cache=False)
elif o.REPLACEMENT_SOLVER in self.state.options:
self._stored_solver = claripy.ReplacementFrontend(claripy.FullFrontend(claripy.backends.z3), unsafe_replacement=True)
elif o.COMPOSITE_SOLVER in self.state.options:
self._stored_solver = claripy.CompositeFrontend(claripy.hybrid_vsa_z3())
elif o.SYMBOLIC in self.state.options:
if o.approximation & self.state.options:
self._stored_solver = claripy.hybrid_vsa_z3()
else:
self._stored_solver = claripy.FullFrontend(claripy.backends.z3)
else:
self._stored_solver = claripy.LightFrontend(claripy.backends.concrete)
return self._stored_solver
def _solver(self):
if self._stored_solver is not None:
return self._stored_solver
if o.ABSTRACT_SOLVER in self.state.options:
self._stored_solver = claripy.LightFrontend(claripy.backend_vsa)
elif o.COMPOSITE_SOLVER in self.state.options:
self._stored_solver = claripy.CompositeFrontend(claripy.backend_z3)
else:
self._stored_solver = claripy.FullFrontend(claripy.backend_z3)
return self._stored_solver
def test_pickle_frontend():
s = claripy.FullFrontend(claripy.backends.z3)
x = claripy.BVS('x', 32)
s.add(x == 1)
assert s.eval(x, 10), (1, )
ss = pickle.dumps(s)
del s
import gc
gc.collect()
s = pickle.loads(ss)
assert s.eval(x, 10), (1, )
def test_simple_merging():
yield raw_simple_merging, lambda: claripy.FullFrontend(claripy.backends.z3)
yield raw_simple_merging, claripy.hybrid_vsa_z3
yield raw_simple_merging, lambda: claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
def test_ite():
yield raw_ite, lambda: claripy.FullFrontend(claripy.backends.z3)
yield raw_ite, lambda: claripy.HybridFrontend(claripy.backends.z3)
yield raw_ite, lambda: claripy.CompositeFrontend(
claripy.FullFrontend(claripy.backends.z3))
def test_solver():
yield raw_solver, lambda: claripy.FullFrontend(claripy.backends.z3)
yield raw_solver, claripy.hybrid_vsa_z3
yield raw_solver, lambda: claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
def test_combine():
yield raw_combine, lambda: claripy.FullFrontend(claripy.backends.z3)
yield raw_combine, claripy.hybrid_vsa_z3
yield raw_combine, lambda: claripy.CompositeFrontend(claripy.FullFrontend(claripy.backends.z3))
