def _execute(self): #l.warning("LLSC is handled soundly but imprecisely.") addr = self._translate_expr(self.stmt.addr) if self.stmt.storedata is None: # it's a load-linked load_size = get_type_size(self.state.scratch.tyenv.lookup(self.stmt.result))//self.state.arch.byte_width data = self.state.memory.load(addr.expr, load_size, endness=self.stmt.endness) self.state.scratch.store_tmp(self.stmt.result, data, addr.reg_deps(), addr.tmp_deps()) else: # it's a store-conditional #result = self.state.se.Unconstrained('llcd_result', 1) #new_data = self._translate_expr(self.stmt.storedata) #old_data = self.state.memory.load(addr.expr, new_data.size_bytes(), endness=self.stmt.endness) #store_data = self.state.se.If(result == 1, new_data.expr, old_data) # for single-threaded programs, an SC will never fail. For now, we just assume it succeeded. store_data = self._translate_expr(self.stmt.storedata) result = self.state.se.BVV(1, 1) # the action if o.TRACK_MEMORY_ACTIONS in self.state.options: data_ao = SimActionObject(store_data.expr, reg_deps=store_data.reg_deps(), tmp_deps=store_data.tmp_deps()) addr_ao = SimActionObject(addr.expr, reg_deps=addr.reg_deps(), tmp_deps=addr.tmp_deps()) #guard_ao = SimActionObject(result == 1) size_ao = SimActionObject(store_data.expr.length) a = SimActionData(self.state, self.state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao) self.actions.append(a) else: a = None self.state.memory.store(addr.expr, store_data.expr, action=a) self.state.scratch.store_tmp(self.stmt.result, result, addr.reg_deps() | store_data.reg_deps(), addr.tmp_deps() | store_data.tmp_deps())
def symbol(ty, name): if ty == 'Ity_F32': return claripy.FPS(name, claripy.FSORT_FLOAT) elif ty == 'Ity_F64': return claripy.FPS(name, claripy.FSORT_DOUBLE) else: return claripy.BVS(name, pyvex.get_type_size(ty))
def value(ty, val): if ty == 'Ity_F32': return claripy.FPV(float(val), claripy.FSORT_FLOAT) elif ty == 'Ity_F64': return claripy.FPV(float(val), claripy.FSORT_DOUBLE) else: return claripy.BVV(int(val), pyvex.get_type_size(ty))
def _execute(self): #l.warning("LLSC is handled soundly but imprecisely.") addr = self._translate_expr(self.stmt.addr) if self.stmt.storedata is None: # it's a load-linked load_size = get_type_size(self.state.scratch.tyenv.lookup(self.stmt.result))//self.state.arch.byte_width data = self.state.memory.load(addr.expr, load_size, endness=self.stmt.endness) self.state.scratch.store_tmp(self.stmt.result, data, addr.reg_deps(), addr.tmp_deps()) else: # it's a store-conditional #result = self.state.solver.Unconstrained('llcd_result', 1) #new_data = self._translate_expr(self.stmt.storedata) #old_data = self.state.memory.load(addr.expr, new_data.size_bytes(), endness=self.stmt.endness) #store_data = self.state.solver.If(result == 1, new_data.expr, old_data) # for single-threaded programs, an SC will never fail. For now, we just assume it succeeded. store_data = self._translate_expr(self.stmt.storedata) result = self.state.solver.BVV(1, 1) # the action if o.TRACK_MEMORY_ACTIONS in self.state.options: data_ao = SimActionObject(store_data.expr, reg_deps=store_data.reg_deps(), tmp_deps=store_data.tmp_deps()) addr_ao = SimActionObject(addr.expr, reg_deps=addr.reg_deps(), tmp_deps=addr.tmp_deps()) #guard_ao = SimActionObject(result == 1) size_ao = SimActionObject(store_data.expr.length) a = SimActionData(self.state, self.state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao) self.actions.append(a) else: a = None self.state.memory.store(addr.expr, store_data.expr, action=a) self.state.scratch.store_tmp(self.stmt.result, result, addr.reg_deps() | store_data.reg_deps(), addr.tmp_deps() | store_data.tmp_deps())
def _perform_vex_expr_RdTmp(self, tmp): try: return super()._perform_vex_expr_RdTmp(tmp) except LookupError: if o.SUPER_FASTPATH in self.state.options: return claripy.BVV(0, pyvex.get_type_size(self.irsb.tyenv.lookup(tmp))) else: raise
def value(ty, val, size: Optional[int] = None): if ty == 'Ity_F32': return claripy.FPV(float(val), claripy.FSORT_FLOAT) elif ty == 'Ity_F64': return claripy.FPV(float(val), claripy.FSORT_DOUBLE) else: if size is not None: return claripy.BVV(int(val), size) return claripy.BVV(int(val), pyvex.get_type_size(ty))
def _perform_vex_expr_Get(self, offset_bundle, ty, **kwargs): offset, offset_deps = offset_bundle result = super()._perform_vex_expr_Get(offset, ty, **kwargs) if o.TRACK_REGISTER_ACTIONS in self.state.options: offset_ao = SimActionObject(offset, deps=offset_deps, state=self.state) r = SimActionData(self.state, self.state.registers.id, SimActionData.READ, addr=offset_ao, size=pyvex.get_type_size(ty), data=result ) self.state.history.add_action(r) a = frozenset((r,)) else: a = frozenset() return result, a
def SimIRStmt_LLSC(engine, state, stmt): #l.warning("LLSC is handled soundly but imprecisely.") with state.history.subscribe_actions() as addr_actions: addr = engine.handle_expression(state, stmt.addr) if stmt.storedata is None: # it's a load-linked load_size = get_type_size(state.scratch.tyenv.lookup( stmt.result)) // state.arch.byte_width data = state.memory.load(addr, load_size, endness=stmt.endness) state.scratch.store_tmp(stmt.result, data, deps=addr_actions) else: # it's a store-conditional #result = state.solver.Unconstrained('llcd_result', 1) #new_data = self._translate_expr(stmt.storedata) #old_data = state.memory.load(addr, new_data.size_bytes(), endness=stmt.endness) #store_data = state.solver.If(result == 1, new_data, old_data) # for single-threaded programs, an SC will never fail. For now, we just assume it succeeded. with state.history.subscribe_actions() as data_actions: store_data = engine.handle_expression(state, stmt.storedata) # the action if o.TRACK_MEMORY_ACTIONS in state.options: data_ao = SimActionObject(store_data, deps=data_actions, state=state) addr_ao = SimActionObject(addr, deps=addr_actions, state=state) #guard_ao = SimActionObject(result == 1)) size_ao = SimActionObject(len(store_data)) a = SimActionData(state, state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao) state.history.add_action(a) else: a = None state.memory.store(addr, store_data, action=a) result = state.solver.BVV(1, 1) state.scratch.store_tmp(stmt.result, result, deps=addr_actions + data_actions)
def _perform_vex_expr_Load(self, addr_bundle, ty, end, **kwargs): addr, addr_deps = addr_bundle result = super()._perform_vex_expr_Load(addr, ty, end, **kwargs) if o.TRACK_MEMORY_ACTIONS in self.state.options: addr_ao = SimActionObject(addr, deps=addr_deps, state=self.state) r = SimActionData(self.state, self.state.memory.id, SimActionData.READ, addr=addr_ao, size=pyvex.get_type_size(ty), data=result) self.state.history.add_action(r) a = frozenset((r, )) else: a = frozenset() return result, a
def SimIRStmt_LLSC(engine, state, stmt): #l.warning("LLSC is handled soundly but imprecisely.") with state.history.subscribe_actions() as addr_actions: addr = engine.handle_expression(state, stmt.addr) if stmt.storedata is None: # it's a load-linked load_size = get_type_size(state.scratch.tyenv.lookup(stmt.result))//state.arch.byte_width data = state.memory.load(addr, load_size, endness=stmt.endness) state.scratch.store_tmp(stmt.result, data, deps=addr_actions) else: # it's a store-conditional #result = state.solver.Unconstrained('llcd_result', 1) #new_data = self._translate_expr(stmt.storedata) #old_data = state.memory.load(addr, new_data.size_bytes(), endness=stmt.endness) #store_data = state.solver.If(result == 1, new_data, old_data) # for single-threaded programs, an SC will never fail. For now, we just assume it succeeded. with state.history.subscribe_actions() as data_actions: store_data = engine.handle_expression(state, stmt.storedata) # the action if o.TRACK_MEMORY_ACTIONS in state.options: data_ao = SimActionObject(store_data, deps=data_actions, state=state) addr_ao = SimActionObject(addr, deps=addr_actions, state=state) #guard_ao = SimActionObject(result == 1)) size_ao = SimActionObject(len(store_data)) a = SimActionData(state, state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao) state.history.add_action(a) else: a = None state.memory.store(addr, store_data, action=a) result = state.solver.BVV(1, 1) state.scratch.store_tmp(stmt.result, result, deps=addr_actions + data_actions)
def _ty_to_bytes(self, ty): return pyvex.get_type_size(ty) // getattr( getattr(getattr(self, 'state', None), 'arch', None), 'byte_width', 8)
def __init__(self, irsb_c, rdt): self.irsb_c = irsb_c self.ty = self.irsb_c.get_type(rdt) self.rdt = rdt self.width = pyvex.get_type_size(self.ty) self.is_signed = False