def __init__(self): #Make the constraint store constraints = ConstraintSet() #make the ethereum world state world = evm.EVMWorld(constraints) initial_state = State(constraints, world) initial_state.context['tx'] = [] super(ManticoreEVM, self).__init__(initial_state) #The following should go to manticore.context so we can use multiprocessing self.context['seth'] = {} self.context['seth']['trace'] = [] self.context['seth']['metadata'] = {} self.context['seth']['_pending_transaction'] = None self.context['seth']['_saved_states'] = [] self.context['seth']['_final_states'] = [] self._executor.subscribe('did_load_state', self.load_state_callback) self._executor.subscribe('will_terminate_state', self.terminate_state_callback) self._executor.subscribe('will_execute_instruction', self.will_execute_instruction_callback) self._executor.subscribe('did_execute_instruction', self.did_execute_instruction_callback) self._executor.subscribe('did_read_code', self.did_read_code) self._executor.subscribe('on_symbolic_sha3', self.symbolic_sha3) self._executor.subscribe('on_concrete_sha3', self.concrete_sha3)
def testContextSerialization(self): import pickle as pickle initial_file = '' new_file = '' new_new_file = '' constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) initial_state.context['step'] = 10 initial_file = pickle.dumps(initial_state) with initial_state as new_state: self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 10) new_state.context['step'] = 20 self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) new_file = pickle.dumps(new_state) with new_state as new_new_state: self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 20) new_new_state.context['step'] += 10 self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 30) new_new_file = pickle.dumps(new_new_state) self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 30) self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( initial_state.context['step'], 10) del initial_state del new_state del new_new_state initial_state = pickle.loads(initial_file) self.assertEqual( initial_state.context['step'], 10) new_state = pickle.loads(new_file) self.assertEqual( new_state.context['step'], 20) new_new_state = pickle.loads(new_new_file) self.assertEqual( new_new_state.context['step'], 30)
def get_state(cls): if cls.cpu is None: constraints = ConstraintSet() platform = linux.SLinux('/bin/ls') cls.state = State(constraints, platform) cls.cpu = platform._mk_proc('armv7') return (cls.cpu, cls.state)
def get_state(cls): if cls.cpu is None: constraints = ConstraintSet() dirname = os.path.dirname(__file__) platform = linux.SLinux(os.path.join(dirname, 'binaries', 'basic_linux_amd64')) cls.state = State(constraints, platform) cls.cpu = platform._mk_proc('armv7') return (cls.cpu, cls.state)
def setUp(self): if not hasattr(self, 'manager'): self.manager = SyncManager() self.manager.start( lambda: signal.signal(signal.SIGINT, signal.SIG_IGN)) l = linux.Linux('/bin/ls') self.state = State(ConstraintSet(), l) self.lock = self.manager.Condition()
def setUp(self): if not hasattr(self, 'manager'): self.manager = SyncManager() self.manager.start( lambda: signal.signal(signal.SIGINT, signal.SIG_IGN)) dirname = os.path.dirname(__file__) l = linux.Linux(os.path.join(dirname, 'binaries', 'basic_linux_amd64')) self.state = State(ConstraintSet(), l) self.lock = self.manager.Condition()
def test_state(self): constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) arr = initial_state.symbolicate_buffer('+' * 100, label='SYMBA') initial_state.constrain(arr[0] > 0x41) self.assertTrue(len(initial_state.constraints.declarations) == 1) with initial_state as new_state: self.assertTrue(len(initial_state.constraints.declarations) == 1) self.assertTrue(len(new_state.constraints.declarations) == 1) arrb = new_state.symbolicate_buffer('+' * 100, label='SYMBB') self.assertTrue(len(initial_state.constraints.declarations) == 1) self.assertTrue(len(new_state.constraints.declarations) == 1) new_state.constrain(arrb[0] > 0x42) self.assertTrue(len(new_state.constraints.declarations) == 2) self.assertTrue(len(initial_state.constraints.declarations) == 1)
def test_state(self): constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) arr = initial_state.symbolicate_buffer('+'*100, label='SYMBA') initial_state.constrain(arr[0] > 0x41) self.assertTrue(len(initial_state.constraints.declarations) == 1 ) with initial_state as new_state: self.assertTrue(len(initial_state.constraints.declarations) == 1 ) self.assertTrue(len(new_state.constraints.declarations) == 1 ) arrb = new_state.symbolicate_buffer('+'*100, label='SYMBB') self.assertTrue(len(initial_state.constraints.declarations) == 1 ) self.assertTrue(len(new_state.constraints.declarations) == 1 ) new_state.constrain(arrb[0] > 0x42) self.assertTrue(len(new_state.constraints.declarations) == 2 ) self.assertTrue(len(initial_state.constraints.declarations) == 1 )
class ModelTest(unittest.TestCase): l = linux.SLinux('/bin/ls') state = State(ConstraintSet(), l) stack_top = state.cpu.RSP def _clear_constraints(self): self.state._constraints = ConstraintSet() def tearDown(self): self._clear_constraints() self.state.cpu.RSP = self.stack_top def _push_string(self, s): cpu = self.state.cpu cpu.RSP -= len(s) cpu.write_bytes(cpu.RSP, s) return cpu.RSP
class ModelTest(unittest.TestCase): l = linux.SLinux('/bin/ls') state = State(ConstraintSet(), l) stack_top = state.cpu.RSP def _clear_constraints(self): self.state._constraints = ConstraintSet() def tearDown(self): self._clear_constraints() self.state.cpu.RSP = self.stack_top def _push_string(self, s): cpu = self.state.cpu cpu.RSP -= len(s) cpu.write_bytes(cpu.RSP, s) return cpu.RSP def assertItemsEqual(self, a, b): # Required for Python3 compatibility self.assertEqual(sorted(a), sorted(b))
class ModelTest(unittest.TestCase): dirname = os.path.dirname(__file__) l = linux.SLinux(os.path.join(dirname, 'binaries', 'basic_linux_amd64')) state = State(ConstraintSet(), l) stack_top = state.cpu.RSP def _clear_constraints(self): self.state._constraints = ConstraintSet() def tearDown(self): self._clear_constraints() self.state.cpu.RSP = self.stack_top def _push_string(self, s): cpu = self.state.cpu cpu.RSP -= len(s) cpu.write_bytes(cpu.RSP, s) return cpu.RSP def assertItemsEqual(self, a, b): # Required for Python3 compatibility self.assertEqual(sorted(a), sorted(b))
def make_mock_evm_state(): cs = ConstraintSet() fakestate = State(cs, EVMWorld(cs)) return fakestate
def setUp(self): l = linux.Linux('/bin/ls') self.state = State(ConstraintSet(), l) self.lock = manager.Condition(manager.RLock())
def setUp(self): l = linux.Linux('/bin/ls') self.state = State(ConstraintSet(), l)
class StateTest(unittest.TestCase): _multiprocess_can_split_ = True def setUp(self): l = linux.Linux('/bin/ls') self.state = State(ConstraintSet(), l) def test_solve_one(self): val = 42 expr = BitVecVariable(32, 'tmp') self.state.constrain(expr == val) solved = self.state.solve_one(expr) self.assertEqual(solved, val) def test_solve_n(self): expr = BitVecVariable(32, 'tmp') self.state.constrain(expr > 4) self.state.constrain(expr < 7) solved = self.state.solve_n(expr, 2) self.assertEqual(solved, [5,6]) def test_solve_n2(self): expr = BitVecVariable(32, 'tmp') self.state.constrain(expr > 4) self.state.constrain(expr < 100) solved = self.state.solve_n(expr, 5) self.assertEqual(len(solved), 5) def test_policy_one(self): expr = BitVecVariable(32, 'tmp') self.state.constrain(expr > 0) self.state.constrain(expr < 100) solved = self.state.concretize(expr, 'ONE') self.assertEqual(len(solved), 1) self.assertIn(solved[0], range(100)) def test_state(self): constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) arr = initial_state.symbolicate_buffer('+'*100, label='SYMBA') initial_state.constrain(arr[0] > 0x41) self.assertTrue(len(initial_state.constraints.declarations) == 1 ) with initial_state as new_state: self.assertTrue(len(initial_state.constraints.declarations) == 1 ) self.assertTrue(len(new_state.constraints.declarations) == 1 ) arrb = new_state.symbolicate_buffer('+'*100, label='SYMBB') self.assertTrue(len(initial_state.constraints.declarations) == 1 ) self.assertTrue(len(new_state.constraints.declarations) == 1 ) new_state.constrain(arrb[0] > 0x42) self.assertTrue(len(new_state.constraints.declarations) == 2 ) self.assertTrue(len(initial_state.constraints.declarations) == 1 ) def test_new_symbolic_buffer(self): length = 64 expr = self.state.new_symbolic_buffer(length) self.assertEqual(len(expr), length) def test_new_symbolic_value(self): length = 64 expr = self.state.new_symbolic_value(length) self.assertEqual(expr.size, length) def test_new_bad_symbolic_value(self): length = 62 with self.assertRaises(Exception): expr = self.state.new_symbolic_value(length) def test_tainted_symbolic_buffer(self): taint = ('TEST_TAINT', ) expr = self.state.new_symbolic_buffer(64, taint=taint) self.assertEqual(expr.taint, frozenset(taint)) def test_tainted_symbolic_value(self): taint = ('TEST_TAINT', ) expr = self.state.new_symbolic_value(64, taint=taint) self.assertEqual(expr.taint, frozenset(taint)) def testContextSerialization(self): import pickle as pickle initial_file = '' new_file = '' new_new_file = '' constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) initial_state.context['step'] = 10 initial_file = pickle.dumps(initial_state) with initial_state as new_state: self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 10) new_state.context['step'] = 20 self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) new_file = pickle.dumps(new_state) with new_state as new_new_state: self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 20) new_new_state.context['step'] += 10 self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 30) new_new_file = pickle.dumps(new_new_state) self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 30) self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( initial_state.context['step'], 10) del initial_state del new_state del new_new_state initial_state = pickle.loads(initial_file) self.assertEqual( initial_state.context['step'], 10) new_state = pickle.loads(new_file) self.assertEqual( new_state.context['step'], 20) new_new_state = pickle.loads(new_new_file) self.assertEqual( new_new_state.context['step'], 30) def _test_state_gen_helper(self, name, msg): self.assertEqual(name, 'statename') self.assertEqual(msg, 'statemsg') raise _CallbackExecuted def testContextSerialization(self): import pickle as pickle initial_file = '' new_file = '' new_new_file = '' constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) initial_state.context['step'] = 10 initial_file = pickle.dumps(initial_state) with initial_state as new_state: self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 10) new_state.context['step'] = 20 self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) new_file = pickle.dumps(new_state) with new_state as new_new_state: self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 20) new_new_state.context['step'] += 10 self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 30) new_new_file = pickle.dumps(new_new_state) self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( new_new_state.context['step'], 30) self.assertEqual( initial_state.context['step'], 10) self.assertEqual( new_state.context['step'], 20) self.assertEqual( initial_state.context['step'], 10) del initial_state del new_state del new_new_state initial_state = pickle.loads(initial_file) self.assertEqual( initial_state.context['step'], 10) new_state = pickle.loads(new_file) self.assertEqual( new_state.context['step'], 20) new_new_state = pickle.loads(new_new_file) self.assertEqual( new_new_state.context['step'], 30) def test_state_gen(self): self.state.subscribe('will_generate_testcase', self._test_state_gen_helper) with self.assertRaises(_CallbackExecuted): self.state.generate_testcase('statename', 'statemsg')
def setUp(self): dirname = os.path.dirname(__file__) l = linux.Linux(os.path.join(dirname, 'binaries', 'basic_linux_amd64')) self.state = State(ConstraintSet(), l)
class StateTest(unittest.TestCase): _multiprocess_can_split_ = True def setUp(self): l = linux.Linux('/bin/ls') self.state = State(ConstraintSet(), l) def test_solve_one(self): val = 42 expr = BitVecVariable(32, 'tmp') self.state.constrain(expr == val) solved = self.state.solve_one(expr) self.assertEqual(solved, val) def test_solve_n(self): expr = BitVecVariable(32, 'tmp') self.state.constrain(expr > 4) self.state.constrain(expr < 7) solved = self.state.solve_n(expr, 2) self.assertEqual(solved, [5,6]) def test_solve_n2(self): expr = BitVecVariable(32, 'tmp') self.state.constrain(expr > 4) self.state.constrain(expr < 100) solved = self.state.solve_n(expr, 5) self.assertEqual(len(solved), 5) def test_policy_one(self): expr = BitVecVariable(32, 'tmp') self.state.constrain(expr > 0) self.state.constrain(expr < 100) solved = self.state.concretize(expr, 'ONE') self.assertEqual(len(solved), 1) self.assertIn(solved[0], xrange(100)) def test_state(self): constraints = ConstraintSet() initial_state = State(constraints, FakePlatform()) arr = initial_state.symbolicate_buffer('+'*100, label='SYMBA') initial_state.constrain(arr[0] > 0x41) self.assertTrue(len(initial_state.constraints.declarations) == 1 ) with initial_state as new_state: self.assertTrue(len(initial_state.constraints.declarations) == 1 ) self.assertTrue(len(new_state.constraints.declarations) == 1 ) arrb = new_state.symbolicate_buffer('+'*100, label='SYMBB') self.assertTrue(len(initial_state.constraints.declarations) == 1 ) self.assertTrue(len(new_state.constraints.declarations) == 1 ) new_state.constrain(arrb[0] > 0x42) self.assertTrue(len(new_state.constraints.declarations) == 2 ) self.assertTrue(len(initial_state.constraints.declarations) == 1 ) def test_new_symbolic_buffer(self): length = 64 expr = self.state.new_symbolic_buffer(length) self.assertEqual(len(expr), length) def test_new_symbolic_value(self): length = 64 expr = self.state.new_symbolic_value(length) self.assertEqual(expr.size, length) def test_new_bad_symbolic_value(self): length = 62 with self.assertRaises(Exception): expr = self.state.new_symbolic_value(length) @unittest.skip('Record branches not a part of state anymore') def test_record_branches(self): branch = 0x80488bb target = 0x8048997 fallthrough = 0x80488c1 self.state.last_pc = (0, branch) self.state.record_branches([target, fallthrough]) self.assertEqual(self.state.branches[(branch, target)], 1) self.assertEqual(self.state.branches[(branch, fallthrough)], 1) self.state.record_branches([target, fallthrough]) self.assertEqual(self.state.branches[(branch, target)], 2) self.assertEqual(self.state.branches[(branch, fallthrough)], 2)