class TestAstSimplificationIssue1(unittest.TestCase): """Testing AST simplification. From #740.""" def setUp(self): self.ctx = TritonContext() self.ctx.setArchitecture(ARCH.X86_64) self.ctx.addCallback(self.simplification_0, CALLBACK.SYMBOLIC_SIMPLIFICATION) self.astCtxt = self.ctx.getAstContext() def test_simplification(self): # (bvadd # (bvadd # (bvsub SymVar_2 (_ bv2142533311 64)) # (_ bv1 64) # ) # (_ bv2142533311 64) # ) a = self.astCtxt.bv(1, 64) b = self.astCtxt.bv(2142533311, 64) c = self.astCtxt.variable(self.ctx.newSymbolicVariable(64)) node = (((c - b) + a) + b) snode = self.ctx.simplify(node) self.assertEqual(node.getType(), AST_NODE.BVADD) self.assertEqual(node.getChildren()[0], c) self.assertEqual(node.getChildren()[1], a) @staticmethod def simplification_0(ctx, node): # (((var - val1) + val2) + val1) => (var + val2) if node.getType() == AST_NODE.BVADD: c0 = node.getChildren()[0] # ((var + val1) + val2) c1 = node.getChildren()[1] # val1 if c0.getType() == AST_NODE.BVADD and c1.getType() == AST_NODE.BV: c00 = c0.getChildren()[0] # (var + val1) c01 = c0.getChildren()[1] # val2 # ((var + val1) + val2) if c00.getType() == AST_NODE.BVSUB and c01.getType( ) == AST_NODE.BV: c000 = c00.getChildren()[0] # var c001 = c00.getChildren()[1] # val1 # (var + val1) if c001.getType() == AST_NODE.BV and c001.evaluate( ) == c1.evaluate(): # return (var + val2) return c000 + c01 return node
def initialize(): Triton = TritonContext() # Define the target architecture Triton.setArchitecture(ARCH.X86_64) # Define symbolic optimizations Triton.enableMode(MODE.ALIGNED_MEMORY, True) Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) # Define internal callbacks. Triton.addCallback(memoryCaching, CALLBACK.GET_CONCRETE_MEMORY_VALUE) Triton.addCallback(constantFolding, CALLBACK.SYMBOLIC_SIMPLIFICATION) # Load the meory dump load_dump(Triton, os.path.join(os.path.dirname(__file__), "baby-re.dump")) # Symbolize user inputs symbolizeInputs(Triton) return Triton
def initialize(): Triton = TritonContext() # Define the target architecture Triton.setArchitecture(ARCH.X86_64) # Define symbolic optimizations Triton.enableMode(MODE.ALIGNED_MEMORY, True) Triton.enableMode(MODE.ONLY_ON_SYMBOLIZED, True) # Define internal callbacks. Triton.addCallback(memoryCaching, CALLBACK.GET_CONCRETE_MEMORY_VALUE) Triton.addCallback(constantFolding, CALLBACK.SYMBOLIC_SIMPLIFICATION) # Load the meory dump load_dump(Triton, os.path.join(os.path.dirname(__file__), "baby-re.dump")) # Symbolize user inputs symbolizeInputs(Triton) return Triton
class TestCallback(unittest.TestCase): """Testing callbacks.""" def test_get_concrete_memory_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE) # movabs rax, qword ptr [0x1000] self.Triton.processing( Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertTrue(flag) flag = False self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE) # movabs rax, qword ptr [0x1000] self.Triton.processing( Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertFalse(flag) def test_get_concrete_register_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) # Remove all callbacks flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeAllCallbacks() self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) @staticmethod def cb_flag(api, x): global flag flag = True
class TestCallback(unittest.TestCase): """Testing callbacks.""" def test_get_concrete_memory_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE) # movabs rax, qword ptr [0x1000] self.Triton.processing(Instruction("\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertTrue(flag) flag = False self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_MEMORY_VALUE) # movabs rax, qword ptr [0x1000] self.Triton.processing(Instruction("\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertFalse(flag) def test_get_concrete_register_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) # Remove all callbacks flag = False self.Triton.addCallback(self.cb_flag, CALLBACK.GET_CONCRETE_REGISTER_VALUE) self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeAllCallbacks() self.Triton.processing(Instruction("\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) @staticmethod def cb_flag(api, x): global flag flag = True
c2_not = getNot(c2) c1_nonNot = getNonNot(c1) c2_nonNot = getNonNot(c2) if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot): return c1_nonNot ^ c2_nonNot return node if __name__ == "__main__": # Set arch to init engines Triton.setArchitecture(ARCH.X86_64) # Record simplifications Triton.addCallback(CALLBACK.SYMBOLIC_SIMPLIFICATION, xor_1) Triton.addCallback(CALLBACK.SYMBOLIC_SIMPLIFICATION, xor_2) astCtxt = Triton.getAstContext() a = astCtxt.bv(1, 8) b = astCtxt.bv(2, 8) # Example 1 c = a ^ a print('Expr: ', c) c = Triton.simplify(c) print('Simp: ', c) print()
c2_not = getNot(c2) c1_nonNot = getNonNot(c1) c2_nonNot = getNonNot(c2) if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot): return c1_nonNot ^ c2_nonNot return node if __name__ == "__main__": # Set arch to init engines Triton.setArchitecture(ARCH.X86_64) # Record simplifications Triton.addCallback(xor_1, CALLBACK.SYMBOLIC_SIMPLIFICATION) Triton.addCallback(xor_2, CALLBACK.SYMBOLIC_SIMPLIFICATION) astCtxt = Triton.getAstContext() a = astCtxt.bv(1, 8) b = astCtxt.bv(2, 8) # Example 1 c = a ^ a print('Expr: ', c) c = Triton.simplify(c) print('Simp: ', c) print()
class TestCallback(unittest.TestCase): """Testing callbacks.""" def test_get_concrete_memory_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE, self.cb_flag) # movabs rax, qword ptr [0x1000] self.Triton.processing( Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertTrue(flag) flag = False self.Triton.removeCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE, self.cb_flag) # movabs rax, qword ptr [0x1000] self.Triton.processing( Instruction(b"\x48\xa1\x00\x10\x00\x00\x00\x00\x00\x00")) self.assertFalse(flag) def test_get_concrete_register_value(self): global flag self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) flag = False self.Triton.addCallback(CALLBACK.GET_CONCRETE_REGISTER_VALUE, self.cb_flag) self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.removeCallback(CALLBACK.GET_CONCRETE_REGISTER_VALUE, self.cb_flag) self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) # Remove all callbacks flag = False self.Triton.addCallback(CALLBACK.GET_CONCRETE_REGISTER_VALUE, self.cb_flag) self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertTrue(flag) flag = False self.Triton.clearCallbacks() self.Triton.processing(Instruction(b"\x48\x89\xd8")) # mov rax, rbx self.assertFalse(flag) @staticmethod def cb_flag(api, x): global flag flag = True def method_callback(self, api, _): pass def test_method_callback_removal(self): # regression test for #809 import sys self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) cb = self.method_callback.__func__ cb_initial_refcnt = sys.getrefcount(cb) self.Triton.addCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE, self.method_callback) self.Triton.removeCallback(CALLBACK.GET_CONCRETE_MEMORY_VALUE, self.method_callback) self.assertTrue(cb_initial_refcnt == sys.getrefcount(cb))
class TestAstSimplification(unittest.TestCase): """Testing AST simplification.""" def setUp(self): self.Triton = TritonContext() self.Triton.setArchitecture(ARCH.X86_64) self.Triton.addCallback(self.xor_1, CALLBACK.SYMBOLIC_SIMPLIFICATION) self.Triton.addCallback(self.xor_2, CALLBACK.SYMBOLIC_SIMPLIFICATION) self.astCtxt = self.Triton.getAstContext() def test_simplification(self): a = self.astCtxt.bv(1, 8) b = self.astCtxt.bv(2, 8) # Example 1 c = a ^ a c = self.Triton.simplify(c) self.assertEqual(str(c), "(_ bv0 8)") c = a ^ b c = self.Triton.simplify(c) self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))") c = (a & ~b) | (~a & b) c = self.Triton.simplify(c) self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))") # Example 2 - forme B c = (~b & a) | (~a & b) c = self.Triton.simplify(c) self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))") # Example 2 - forme C c = (~b & a) | (b & ~a) c = self.Triton.simplify(c) self.assertEqual(str(c), "(bvxor (_ bv1 8) (_ bv2 8))") # Example 2 - forme D c = (b & ~a) | (~b & a) c = self.Triton.simplify(c) self.assertEqual(str(c), "(bvxor (_ bv2 8) (_ bv1 8))") return # a ^ a -> a = 0 @staticmethod def xor_1(api, node): if node.getKind() == AST_NODE.BVXOR: if node.getChildren()[0].equalTo(node.getChildren()[1]): return api.getAstContext().bv(0, node.getBitvectorSize()) return node # ((a & ~b) | (~a & b)) -> (a ^ b) @staticmethod def xor_2(api, node): def getNot(node): a = node.getChildren()[0] b = node.getChildren()[1] if a.getKind() == AST_NODE.BVNOT and b.getKind() != AST_NODE.BVNOT: return a if b.getKind() == AST_NODE.BVNOT and a.getKind() != AST_NODE.BVNOT: return b return None def getNonNot(node): a = node.getChildren()[0] b = node.getChildren()[1] if a.getKind() != AST_NODE.BVNOT and b.getKind() == AST_NODE.BVNOT: return a if b.getKind() != AST_NODE.BVNOT and a.getKind() == AST_NODE.BVNOT: return b return None if node.getKind() == AST_NODE.BVOR: c1 = node.getChildren()[0] c2 = node.getChildren()[1] if c1.getKind() == AST_NODE.BVAND and c2.getKind() == AST_NODE.BVAND: c1_not = getNot(c1) c2_not = getNot(c2) c1_nonNot = getNonNot(c1) c2_nonNot = getNonNot(c2) if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot): return c1_nonNot ^ c2_nonNot return node
c2_not = getNot(c2) c1_nonNot = getNonNot(c1) c2_nonNot = getNonNot(c2) if c1_not.equalTo(~c2_nonNot) and c2_not.equalTo(~c1_nonNot): return c1_nonNot ^ c2_nonNot return node if __name__ == "__main__": # Set arch to init engines Triton.setArchitecture(ARCH.X86_64) # Record simplifications Triton.addCallback(xor_1, CALLBACK.SYMBOLIC_SIMPLIFICATION) Triton.addCallback(xor_2, CALLBACK.SYMBOLIC_SIMPLIFICATION) astCtxt = Triton.getAstContext() a = astCtxt.bv(1, 8) b = astCtxt.bv(2, 8) # Example 1 c = a ^ a print 'Expr: ', c c = Triton.simplify(c) print 'Simp: ', c print