예제 #1
0
    def __init__(self):

        #Make the constraint store
        constraints = ConstraintSet()
        #make the ethereum world state
        world = evm.EVMWorld(constraints)
        initial_state = State(constraints, world)
        initial_state.context['tx'] = []
        super(ManticoreEVM, self).__init__(initial_state)

        #The following should go to manticore.context so we can use multiprocessing
        self.context['seth'] = {}
        self.context['seth']['trace'] = []
        self.context['seth']['metadata'] = {}
        self.context['seth']['_pending_transaction'] = None
        self.context['seth']['_saved_states'] = []
        self.context['seth']['_final_states'] = []

        self._executor.subscribe('did_load_state', self.load_state_callback)
        self._executor.subscribe('will_terminate_state',
                                 self.terminate_state_callback)
        self._executor.subscribe('will_execute_instruction',
                                 self.will_execute_instruction_callback)
        self._executor.subscribe('did_execute_instruction',
                                 self.did_execute_instruction_callback)
        self._executor.subscribe('did_read_code', self.did_read_code)
        self._executor.subscribe('on_symbolic_sha3', self.symbolic_sha3)
        self._executor.subscribe('on_concrete_sha3', self.concrete_sha3)
예제 #2
0
    def testContextSerialization(self):
        import pickle as pickle
        initial_file = ''
        new_file = ''
        new_new_file = ''
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())
        initial_state.context['step'] = 10
        initial_file = pickle.dumps(initial_state)
        with initial_state as new_state:
            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 10)

            new_state.context['step'] = 20 

            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 20)
            new_file = pickle.dumps(new_state)

            with new_state as new_new_state:
                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 20)

                new_new_state.context['step'] += 10 

                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 30)

                new_new_file = pickle.dumps(new_new_state)

                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 30)

            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 20)

        self.assertEqual( initial_state.context['step'], 10)

        del initial_state
        del new_state
        del new_new_state



        initial_state = pickle.loads(initial_file)
        self.assertEqual( initial_state.context['step'], 10)
        new_state = pickle.loads(new_file)
        self.assertEqual( new_state.context['step'], 20)
        new_new_state = pickle.loads(new_new_file)
        self.assertEqual( new_new_state.context['step'], 30)
예제 #3
0
 def get_state(cls):
     if cls.cpu is None:
         constraints = ConstraintSet()
         platform = linux.SLinux('/bin/ls')
         cls.state = State(constraints, platform)
         cls.cpu = platform._mk_proc('armv7')
     return (cls.cpu, cls.state)
예제 #4
0
 def get_state(cls):
     if cls.cpu is None:
         constraints = ConstraintSet()
         dirname = os.path.dirname(__file__)
         platform = linux.SLinux(os.path.join(dirname, 'binaries', 'basic_linux_amd64'))
         cls.state = State(constraints, platform)
         cls.cpu = platform._mk_proc('armv7')
     return (cls.cpu, cls.state)
예제 #5
0
 def setUp(self):
     if not hasattr(self, 'manager'):
         self.manager = SyncManager()
         self.manager.start(
             lambda: signal.signal(signal.SIGINT, signal.SIG_IGN))
     l = linux.Linux('/bin/ls')
     self.state = State(ConstraintSet(), l)
     self.lock = self.manager.Condition()
예제 #6
0
 def setUp(self):
     if not hasattr(self, 'manager'):
         self.manager = SyncManager()
         self.manager.start(
             lambda: signal.signal(signal.SIGINT, signal.SIG_IGN))
     dirname = os.path.dirname(__file__)
     l = linux.Linux(os.path.join(dirname, 'binaries', 'basic_linux_amd64'))
     self.state = State(ConstraintSet(), l)
     self.lock = self.manager.Condition()
예제 #7
0
    def test_state(self):
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())

        arr = initial_state.symbolicate_buffer('+' * 100, label='SYMBA')
        initial_state.constrain(arr[0] > 0x41)
        self.assertTrue(len(initial_state.constraints.declarations) == 1)
        with initial_state as new_state:

            self.assertTrue(len(initial_state.constraints.declarations) == 1)
            self.assertTrue(len(new_state.constraints.declarations) == 1)
            arrb = new_state.symbolicate_buffer('+' * 100, label='SYMBB')

            self.assertTrue(len(initial_state.constraints.declarations) == 1)
            self.assertTrue(len(new_state.constraints.declarations) == 1)

            new_state.constrain(arrb[0] > 0x42)

            self.assertTrue(len(new_state.constraints.declarations) == 2)

        self.assertTrue(len(initial_state.constraints.declarations) == 1)
예제 #8
0
    def test_state(self):
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())

        arr = initial_state.symbolicate_buffer('+'*100, label='SYMBA')
        initial_state.constrain(arr[0] > 0x41)
        self.assertTrue(len(initial_state.constraints.declarations) == 1 )
        with initial_state as new_state:

            self.assertTrue(len(initial_state.constraints.declarations) == 1 )
            self.assertTrue(len(new_state.constraints.declarations) == 1 )
            arrb = new_state.symbolicate_buffer('+'*100, label='SYMBB')

            self.assertTrue(len(initial_state.constraints.declarations) == 1 )
            self.assertTrue(len(new_state.constraints.declarations) == 1 )

            new_state.constrain(arrb[0] > 0x42)


            self.assertTrue(len(new_state.constraints.declarations) == 2 )


        self.assertTrue(len(initial_state.constraints.declarations) == 1 )
예제 #9
0
class ModelTest(unittest.TestCase):
    l = linux.SLinux('/bin/ls')
    state = State(ConstraintSet(), l)
    stack_top = state.cpu.RSP

    def _clear_constraints(self):
        self.state._constraints = ConstraintSet()

    def tearDown(self):
        self._clear_constraints()
        self.state.cpu.RSP = self.stack_top

    def _push_string(self, s):
        cpu = self.state.cpu
        cpu.RSP -= len(s)
        cpu.write_bytes(cpu.RSP, s)
        return cpu.RSP
예제 #10
0
class ModelTest(unittest.TestCase):
    l = linux.SLinux('/bin/ls')
    state = State(ConstraintSet(), l)
    stack_top = state.cpu.RSP

    def _clear_constraints(self):
        self.state._constraints = ConstraintSet()

    def tearDown(self):
        self._clear_constraints()
        self.state.cpu.RSP = self.stack_top

    def _push_string(self, s):
        cpu = self.state.cpu
        cpu.RSP -= len(s)
        cpu.write_bytes(cpu.RSP, s)
        return cpu.RSP

    def assertItemsEqual(self, a, b):
        # Required for Python3 compatibility
        self.assertEqual(sorted(a), sorted(b))
예제 #11
0
class ModelTest(unittest.TestCase):
    dirname = os.path.dirname(__file__)
    l = linux.SLinux(os.path.join(dirname, 'binaries', 'basic_linux_amd64'))
    state = State(ConstraintSet(), l)
    stack_top = state.cpu.RSP

    def _clear_constraints(self):
        self.state._constraints = ConstraintSet()

    def tearDown(self):
        self._clear_constraints()
        self.state.cpu.RSP = self.stack_top

    def _push_string(self, s):
        cpu = self.state.cpu
        cpu.RSP -= len(s)
        cpu.write_bytes(cpu.RSP, s)
        return cpu.RSP

    def assertItemsEqual(self, a, b):
        # Required for Python3 compatibility
        self.assertEqual(sorted(a), sorted(b))
예제 #12
0
 def make_mock_evm_state():
     cs = ConstraintSet()
     fakestate = State(cs, EVMWorld(cs))
     return fakestate
예제 #13
0
 def setUp(self):
     l = linux.Linux('/bin/ls')
     self.state = State(ConstraintSet(), l)
     self.lock = manager.Condition(manager.RLock())
예제 #14
0
 def setUp(self):
     l = linux.Linux('/bin/ls')
     self.state = State(ConstraintSet(), l)
예제 #15
0
class StateTest(unittest.TestCase):
    _multiprocess_can_split_ = True
    def setUp(self):
        l = linux.Linux('/bin/ls')
        self.state = State(ConstraintSet(), l)

    def test_solve_one(self):
        val = 42
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr == val)
        solved = self.state.solve_one(expr)
        self.assertEqual(solved, val)

    def test_solve_n(self):
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr > 4)
        self.state.constrain(expr < 7)
        solved = self.state.solve_n(expr, 2)
        self.assertEqual(solved, [5,6])

    def test_solve_n2(self):
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr > 4)
        self.state.constrain(expr < 100)
        solved = self.state.solve_n(expr, 5)
        self.assertEqual(len(solved), 5)

    def test_policy_one(self):
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr > 0)
        self.state.constrain(expr < 100)
        solved = self.state.concretize(expr, 'ONE')
        self.assertEqual(len(solved), 1)
        self.assertIn(solved[0], range(100))

    def test_state(self):
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())

        arr = initial_state.symbolicate_buffer('+'*100, label='SYMBA')
        initial_state.constrain(arr[0] > 0x41)
        self.assertTrue(len(initial_state.constraints.declarations) == 1 )
        with initial_state as new_state:

            self.assertTrue(len(initial_state.constraints.declarations) == 1 )
            self.assertTrue(len(new_state.constraints.declarations) == 1 )
            arrb = new_state.symbolicate_buffer('+'*100, label='SYMBB')

            self.assertTrue(len(initial_state.constraints.declarations) == 1 )
            self.assertTrue(len(new_state.constraints.declarations) == 1 )

            new_state.constrain(arrb[0] > 0x42)


            self.assertTrue(len(new_state.constraints.declarations) == 2 )


        self.assertTrue(len(initial_state.constraints.declarations) == 1 )

    def test_new_symbolic_buffer(self):
        length = 64
        expr = self.state.new_symbolic_buffer(length)
        self.assertEqual(len(expr), length)

    def test_new_symbolic_value(self):
        length = 64
        expr = self.state.new_symbolic_value(length)
        self.assertEqual(expr.size, length)

    def test_new_bad_symbolic_value(self):
        length = 62
        with self.assertRaises(Exception):
            expr = self.state.new_symbolic_value(length)

    def test_tainted_symbolic_buffer(self):
        taint = ('TEST_TAINT', )
        expr = self.state.new_symbolic_buffer(64, taint=taint)       
        self.assertEqual(expr.taint, frozenset(taint))

    def test_tainted_symbolic_value(self):
        taint = ('TEST_TAINT', )
        expr = self.state.new_symbolic_value(64, taint=taint)
        self.assertEqual(expr.taint, frozenset(taint))

    def testContextSerialization(self):
        import pickle as pickle
        initial_file = ''
        new_file = ''
        new_new_file = ''
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())
        initial_state.context['step'] = 10
        initial_file = pickle.dumps(initial_state)
        with initial_state as new_state:
            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 10)

            new_state.context['step'] = 20 

            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 20)
            new_file = pickle.dumps(new_state)

            with new_state as new_new_state:
                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 20)

                new_new_state.context['step'] += 10 

                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 30)

                new_new_file = pickle.dumps(new_new_state)

                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 30)

            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 20)

        self.assertEqual( initial_state.context['step'], 10)

        del initial_state
        del new_state
        del new_new_state



        initial_state = pickle.loads(initial_file)
        self.assertEqual( initial_state.context['step'], 10)
        new_state = pickle.loads(new_file)
        self.assertEqual( new_state.context['step'], 20)
        new_new_state = pickle.loads(new_new_file)
        self.assertEqual( new_new_state.context['step'], 30)


    def _test_state_gen_helper(self, name, msg):
        self.assertEqual(name, 'statename')
        self.assertEqual(msg, 'statemsg')
        raise _CallbackExecuted

    def testContextSerialization(self):
        import pickle as pickle
        initial_file = ''
        new_file = ''
        new_new_file = ''
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())
        initial_state.context['step'] = 10
        initial_file = pickle.dumps(initial_state)
        with initial_state as new_state:
            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 10)

            new_state.context['step'] = 20 

            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 20)
            new_file = pickle.dumps(new_state)

            with new_state as new_new_state:
                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 20)

                new_new_state.context['step'] += 10 

                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 30)

                new_new_file = pickle.dumps(new_new_state)

                self.assertEqual( initial_state.context['step'], 10)
                self.assertEqual( new_state.context['step'], 20)
                self.assertEqual( new_new_state.context['step'], 30)

            self.assertEqual( initial_state.context['step'], 10)
            self.assertEqual( new_state.context['step'], 20)

        self.assertEqual( initial_state.context['step'], 10)

        del initial_state
        del new_state
        del new_new_state



        initial_state = pickle.loads(initial_file)
        self.assertEqual( initial_state.context['step'], 10)
        new_state = pickle.loads(new_file)
        self.assertEqual( new_state.context['step'], 20)
        new_new_state = pickle.loads(new_new_file)
        self.assertEqual( new_new_state.context['step'], 30)
        
    def test_state_gen(self):
        self.state.subscribe('will_generate_testcase', self._test_state_gen_helper)
        with self.assertRaises(_CallbackExecuted):
            self.state.generate_testcase('statename', 'statemsg')
예제 #16
0
 def setUp(self):
     dirname = os.path.dirname(__file__)
     l = linux.Linux(os.path.join(dirname, 'binaries', 'basic_linux_amd64'))
     self.state = State(ConstraintSet(), l)
예제 #17
0
 def setUp(self):
     l = linux.Linux('/bin/ls')
     self.state = State(ConstraintSet(), l)
예제 #18
0
class StateTest(unittest.TestCase):
    _multiprocess_can_split_ = True
    def setUp(self):
        l = linux.Linux('/bin/ls')
        self.state = State(ConstraintSet(), l)

    def test_solve_one(self):
        val = 42
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr == val)
        solved = self.state.solve_one(expr)
        self.assertEqual(solved, val)

    def test_solve_n(self):
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr > 4)
        self.state.constrain(expr < 7)
        solved = self.state.solve_n(expr, 2)
        self.assertEqual(solved, [5,6])

    def test_solve_n2(self):
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr > 4)
        self.state.constrain(expr < 100)
        solved = self.state.solve_n(expr, 5)
        self.assertEqual(len(solved), 5)

    def test_policy_one(self):
        expr = BitVecVariable(32, 'tmp')
        self.state.constrain(expr > 0)
        self.state.constrain(expr < 100)
        solved = self.state.concretize(expr, 'ONE')
        self.assertEqual(len(solved), 1)
        self.assertIn(solved[0], xrange(100))

    def test_state(self):
        constraints = ConstraintSet()
        initial_state = State(constraints, FakePlatform())

        arr = initial_state.symbolicate_buffer('+'*100, label='SYMBA')
        initial_state.constrain(arr[0] > 0x41)
        self.assertTrue(len(initial_state.constraints.declarations) == 1 )
        with initial_state as new_state:

            self.assertTrue(len(initial_state.constraints.declarations) == 1 )
            self.assertTrue(len(new_state.constraints.declarations) == 1 )
            arrb = new_state.symbolicate_buffer('+'*100, label='SYMBB')

            self.assertTrue(len(initial_state.constraints.declarations) == 1 )
            self.assertTrue(len(new_state.constraints.declarations) == 1 )

            new_state.constrain(arrb[0] > 0x42)


            self.assertTrue(len(new_state.constraints.declarations) == 2 )


        self.assertTrue(len(initial_state.constraints.declarations) == 1 )

    def test_new_symbolic_buffer(self):
        length = 64
        expr = self.state.new_symbolic_buffer(length)
        self.assertEqual(len(expr), length)

    def test_new_symbolic_value(self):
        length = 64
        expr = self.state.new_symbolic_value(length)
        self.assertEqual(expr.size, length)

    def test_new_bad_symbolic_value(self):
        length = 62
        with self.assertRaises(Exception):
            expr = self.state.new_symbolic_value(length)

    @unittest.skip('Record branches not a part of state anymore')
    def test_record_branches(self):
        branch = 0x80488bb
        target = 0x8048997
        fallthrough = 0x80488c1
        self.state.last_pc = (0, branch)

        self.state.record_branches([target, fallthrough])

        self.assertEqual(self.state.branches[(branch, target)], 1)
        self.assertEqual(self.state.branches[(branch, fallthrough)], 1)

        self.state.record_branches([target, fallthrough])

        self.assertEqual(self.state.branches[(branch, target)], 2)
        self.assertEqual(self.state.branches[(branch, fallthrough)], 2)