def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
conop = self.test_operand
conval = simstate.rhs(iaddr, conop)
if conval.is_undefined:
raise SU.CHBSimError(
simstate,
iaddr,
"movn: condition value undefined")
elif conval.is_literal:
if conval.literal_value != 0:
dstop = self.dst_operand
srcop = self.src_operand
srcval = simstate.rhs(iaddr, srcop)
lhs = simstate.set(iaddr, dstop, srcval)
result = SU.simassign(iaddr, simstate, lhs, srcval)
else:
result = str(conval) + " == 0: nop"
else:
raise SU.CHBSimError(
simstate,
iaddr,
"movn: condition value not recognized: " + str(conval))
simstate.increment_programcounter()
return result
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
srcval = simstate.rhs(iaddr, srcop, opsize=1)
if srcval.is_undefined:
result = cast(SV.SimLiteralValue, SV.simUndefinedDW)
simstate.add_logmsg(
"warning", "lb: value undefined at " + iaddr +
" from address " + str(srcop))
elif srcval.is_symbolic:
raise SU.CHBSimError(simstate, iaddr,
('encountered symbolic value in lb: ' +
str(srcval) + ' at address: ' + str(srcop)))
elif srcval.is_literal:
result = cast(SV.SimLiteralValue, srcval).sign_extend(4)
else:
result = SV.simUndefinedDW
simstate.add_logmsg(
"warning", "lb: source value at " + iaddr +
" not recognized " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result)
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None:
srcop = self.src_operand
dstop = self.dst_operand
srcptrop = self.srcptr_operand
dstptrop = self.dstptr_operand
srcval = simstate.get_rhs(iaddr, srcop)
srcptrval = simstate.get_rhs(iaddr, srcptrop)
dstptrval = simstate.get_rhs(iaddr, dstptrop)
dflag = simstate.get_flag_value(iaddr, 'DF')
incr = SV.mk_simvalue(srcptrop.size, self.size)
simstate.set(iaddr, dstop, srcval)
if (srcptrval.is_literal and srcptrval.is_defined
and dstptrval.is_literal and dstptrval.is_defined):
srcptrval = cast(SV.SimLiteralValue, srcptrval)
dstptrval = cast(SV.SimLiteralValue, dstptrval)
if dflag == 0:
simstate.set(iaddr, srcptrop, srcptrval.add(incr))
simstate.set(iaddr, dstptrop, dstptrval.add(incr))
elif dflag == 1:
simstate.set(iaddr, srcptrop, srcptrval.sub(incr))
simstate.set(iaddr, dstptrop, dstptrval.sub(incr))
else:
raise SU.CHBSimError(
simstate, iaddr,
'Unexpected value for direction flag: ' + str(dflag))
else:
raise SU.CHBSimError(
simstate, iaddr,
("Movs not supported for " + str(srcptrop) + ":" +
str(srcptrval) + ", " + str(dstptrop) + ":" + str(dstptrval)))
def simulate(self,
simstate: "X86SimulationState",
processed: List[X86Instruction] = []) -> None:
blockaddr = self.faddr
while True:
try:
(baddr,
processed) = self.simulate_block(simstate, blockaddr,
processed)
bsuccessors = self.cfg.successors(baddr)
except SU.CHBSimFallthroughException as e:
baddr = e.blockaddr
processed = cast(List[X86Instruction], e.processed)
bsuccessors = self.cfg.successors(baddr)
bsuccessors = [x for x in bsuccessors if not x == e.tgtaddr]
if len(bsuccessors) == 1:
blockaddr = bsuccessors[0]
if not (blockaddr in self.blocks):
raise SU.CHBSimError(
simstate, blockaddr,
'Block successor not found: ' + str(blockaddr))
elif len(bsuccessors) == 0:
raise SU.CHBSimError(
simstate, blockaddr,
'No block successors found' + str(self.cfg))
else:
err = SU.CHBSimError(simstate, blockaddr,
('Multiple block successors found: ' +
','.join([str(x) for x in bsuccessors])))
err.set_instructions_processed(
cast(List[Instruction], processed))
raise err
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + ' == ' + str(src2val)
if src1val.is_undefined or src2val.is_undefined:
raise SU.CHBSimError(
simstate,
iaddr,
"teq: some operands are undefined: " + expr)
elif src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, src1op, expr)
elif src1val.is_literal and src2val.is_literal:
if src1val.literal_value == src2val.literal_value:
raise SU.CHBSimTrapSignalException(
simstate, iaddr, src1val, src2val)
else:
simstate.increment_programcounter()
return 'trap if equal: ' + expr
else:
raise SU.CHBSimError(
simstate,
iaddr,
"teq: some operands not recognized: " + expr)
def rhs(self, iaddr: str, op: Operand, opsize: int = 4) -> SV.SimValue:
if op.is_register:
return self.regval(iaddr, op.register, opsize=opsize)
elif op.is_immediate:
return SV.mk_simvalue(op.value, size=opsize)
elif op.is_indirect_register:
regval = self.regval(iaddr, op.indirect_register)
offset = op.offset
if not regval.is_defined:
return SV.mk_undefined_simvalue(opsize)
if regval.is_string_address and opsize == 1:
regval = cast(SSV.SimStringAddress, regval)
return self.rhs_string_char(iaddr, regval, offset)
elif regval.is_symbol:
regval = cast(SSV.SimSymbol, regval)
return self.rhs_symbol(iaddr, regval, offset, opsize)
elif regval.is_address:
regval = cast(SSV.SimAddress, regval)
return self.memval(iaddr, regval.add_offset(offset), opsize)
elif regval.is_literal:
regval = cast(SV.SimLiteralValue, regval)
return self.rhs_literal_address(iaddr, regval.value, offset,
opsize)
else:
raise SU.CHBSimError(
self, iaddr,
"Unable to resolve indirect register operand: " + str(op))
else:
raise SU.CHBSimError(
self, iaddr, "Operand " + str(op) + " not recognized in rhs")
def simulate_block(
self, simstate: "X86SimulationState", blockaddr: str,
processed: List[X86Instruction]
) -> Tuple[str, List[X86Instruction]]:
if blockaddr not in self.blocks:
raise SU.CHBSimError(simstate, blockaddr,
'Block address not found: ' + str(blockaddr))
block = self.blocks[blockaddr]
def f(baddr: str, i: X86Instruction) -> None:
i.simulate(simstate)
processed.append(i)
try:
block.iter_instructions(f)
return (block.baddr, processed)
except SU.CHBSimError as e:
e.set_instructions_processed(cast(List[Instruction], processed))
raise
except SU.CHBSimFallthroughException as e:
e.set_instructions_processed(cast(List[Instruction], processed))
e.set_block_address(block.baddr)
raise
except SU.CHBSimJumpException as e:
processed.append(cast(X86Instruction, self.instruction(e.iaddr)))
tgtaddr = str(e.tgtaddr)
if tgtaddr in self.blocks:
return self.simulate_block(simstate, tgtaddr, processed)
else:
targets = ','.join([str(t) for t in self.blocks])
eerror = SU.CHBSimError(
simstate, e.iaddr,
('Target block address not found: ' + str(e.tgtaddr) +
' (targets: ' + targets + ')'))
raise eerror
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
srcop = self.src_operand
immop = self.imm_operand
dstop = self.dst_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.value
expr = str(srcval) + " < " + str(immval)
if srcval.is_undefined:
result = SV.simUndefinedDW
simstate.add_logmsg("warning",
"slti: operand not defined: " + str(srcop))
elif srcval.is_literal:
v = SV.mk_simvalue(srcval.literal_value)
if v.to_signed_int() < immval:
result = SV.simOne
else:
result = SV.simZero
elif srcval.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
else:
result = SV.simUndefinedDW
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + ' >> ' + str(src2val)
result: SV.SimValue = SV.simUndefinedDW
if src1val.is_undefined or src2val.is_undefined:
simstate.add_logmsg("warning",
"srlv: some operand is undefined: " + expr)
elif src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_literal and src2val.is_literal:
v1 = SV.mk_simvalue(src1val.literal_value)
result = v1.bitwise_srl(src2val.literal_value % 32)
else:
simstate.add_logmsg("warning",
"srlv: some operand not recognized: " + expr)
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
srcval = simstate.rhs(iaddr, srcop)
result: SV.SimValue
if srcval.is_undefined:
result = SV.simUndefinedDW
if srcval.is_global_address:
val = cast(SV.SimDoubleWordValue,
SV.mk_simvalue(srcval.literal_value))
srcval = cast(SSV.SimGlobalAddress, srcval)
name = srcval.modulename
resultval = val.swap_bytes_within_halfwords()
result = SSV.mk_global_address(resultval.literal_value, name)
elif srcval.is_literal:
val = cast(SV.SimDoubleWordValue, srcval)
result = val.swap_bytes_within_halfwords()
else:
raise SU.CHBSimError(
simstate, iaddr, "wsbh: operand not recognized: " +
str(srcop) + ": " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr,
simstate,
lhs,
result,
intermediates=str(srcval))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + ' < ' + str(src2val)
if src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_undefined or src2val.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg("warning",
"slt: some operand is undefined: " + expr)
elif src1val.is_literal and src2val.is_literal:
v1 = SV.mk_simvalue(src1val.literal_value)
v2 = SV.mk_simvalue(src2val.literal_value)
if v1.to_signed_int() < v2.to_signed_int():
result = SV.simOne
else:
result = SV.simZero
else:
result = SV.simUndefinedDW
simstate.add_logmsg("warning",
"slt: some operand is not recognized: " + expr)
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + " xor " + str(src2val)
if src1val.is_undefined or src2val.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
elif src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_literal and src2val.is_literal:
v1 = SV.mk_simvalue(src1val.literal_value)
v2 = SV.mk_simvalue(src2val.literal_value)
result = v1.bitwise_xor(v2)
else:
result = SV.simUndefinedDW
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
immop = self.imm_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.to_unsigned_int()
expr = str(srcval) + ' >> ' + str(immval)
result: SV.SimValue = SV.simUndefinedDW
if srcval.is_undefined:
simstate.add_logmsg("warning",
"srl: operand is undefined: " + str(srcop))
elif srcval.is_literal:
srcval = SV.mk_simvalue(srcval.literal_value)
result = (SV.mk_simvalue(srcval.literal_value)).bitwise_srl(immval)
elif srcval.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif srcval.is_address:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
else:
simstate.add_logmsg("warning",
"srl: operand not recognized: " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
expr = str(src1val) + " * " + str(src2val)
if src1val.is_undefined or src2val.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg("warning",
"mul: some operand is undefined: " + expr)
elif src1val.is_symbol or src2val.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_literal and src2val.is_literal:
result = SV.mk_simvalue(src1val.literal_value *
src2val.literal_value)
else:
raise SU.CHBSimError(
simstate, iaddr,
"mul: some operand to mul not recognized: " + expr)
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr,
simstate,
lhs,
result,
intermediates=str(lhs) + ' := ' + expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
srcop = self.src_operand
immop = self.imm_operand
dstop = self.dst_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.to_unsigned_int()
imm = SV.SimDoubleWordValue(immval)
expr = str(srcval) + ' | ' + str(immval)
if srcval.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg(
"warning",
"ori: operand is undefined: " + str(srcop))
elif srcval.is_symbol:
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
if srcval.is_literal:
result = SV.mk_simvalue(srcval.literal_value).bitwise_or(imm)
else:
result = SV.simUndefinedDW
simstate.add_logmsg(
"warning",
"ori: operand not recognized: " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result, expr)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
"""Subtraction with trap on overflow (trap not currently implemented)."""
dstop = self.dst_operand
src1op = self.src1_operand
src2op = self.src2_operand
src1val = simstate.rhs(iaddr, src1op)
src2val = simstate.rhs(iaddr, src2op)
if src1val.is_undefined or src2val.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
elif src1val.is_symbol or src2val.is_symbol:
expr = str(src1val) + ' - ' + str(src2val)
raise SU.CHBSymbolicExpression(simstate, iaddr, dstop, expr)
elif src1val.is_string_address and src2val.is_string_address:
src1val = cast(SSV.SimStringAddress, src1val)
src2val = cast(SSV.SimStringAddress, src2val)
diff = src2val.stringval.find(src1val.stringval)
result = SV.mk_simvalue(diff)
elif src1val.is_stack_address and src2val.is_stack_address:
src1val = cast(SSV.SimStackAddress, src1val)
src2val = cast(SSV.SimStackAddress, src2val)
diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1)
result = SV.mk_simvalue(diff)
elif src1val.is_stack_address and src2val.is_literal:
src1val = cast(SSV.SimStackAddress, src1val)
result = cast(SV.SimValue,
src1val.add_offset(-src2val.literal_value))
elif src1val.is_global_address and src2val.is_global_address:
src1val = cast(SSV.SimGlobalAddress, src1val)
src2val = cast(SSV.SimGlobalAddress, src2val)
diff = (src1val.offsetvalue - src2val.offsetvalue) % (SU.max32 + 1)
result = SV.mk_simvalue(diff)
elif src1val.is_global_address and src2val.is_literal:
src1val = cast(SSV.SimGlobalAddress, src1val)
diff = (src1val.offsetvalue - src2val.literal_value) % (SU.max32 +
1)
result = SV.mk_simvalue(diff)
elif src1val.is_literal and src2val.is_literal:
diff = (src1val.literal_value -
src2val.literal_value) % (SU.max32 + 1)
result = SV.mk_simvalue(diff)
else:
result = SV.simUndefinedDW
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result,
('val(' + str(src1op) + ') = ' + str(src1val) +
', val(' + str(src2op) + ') = ' + str(src2val)))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
syscallindex = simstate.registers['v0']
if syscallindex.is_literal and syscallindex.is_defined:
syscallindex = cast(SV.SimLiteralValue, syscallindex)
raise SU.CHBSimSystemCallException(simstate, iaddr,
syscallindex.value)
else:
raise SU.CHBSimCallTargetUnknownError(
simstate, iaddr, syscallindex,
'syscall = ' + str(syscallindex))
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None:
ecxval = simstate.get_regval(iaddr, 'ecx')
if ecxval.is_literal:
ecxval = cast(SV.SimLiteralValue, ecxval)
newval = ecxval.sub(SV.simOne)
simstate.set_register(iaddr, 'ecx', newval)
tgtaddr = str(self.target_address)
if newval.value != 0:
raise SU.CHBSimJumpException(iaddr, tgtaddr)
raise SU.CHBSimFallthroughException(iaddr, tgtaddr)
else:
raise SU.CHBSimError(simstate, iaddr,
"Loop cannot be applied to " + str(ecxval))
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
srcval = simstate.rhs(iaddr, self.src_operand)
simstate.increment_programcounter()
if srcval.is_undefined:
raise SU.CHBSimError(
simstate,
iaddr,
"jr: jump target is undefined: " + str(srcval))
elif srcval.is_symbol:
if str(srcval).endswith("ra_in"):
simstate.trace.add_delayed("\n")
return "return"
else:
raise SU.CHBSimError(
simstate,
iaddr,
"jr: internal error: symbolic return address: " + str(srcval))
elif srcval.is_function_return_address:
addr = cast(SSV.SimReturnAddress, srcval)
simstate.simprogramcounter.set_delayed_programcounter(addr)
simstate.trace.add_delayed("\n")
simstate.set_function_address(addr.functionaddr)
return "return to " + addr.functionaddr
elif srcval.is_global_address:
gaddr = cast(SSV.SimGlobalAddress, srcval)
simstate.simprogramcounter.set_delayed_programcounter(gaddr)
simstate.trace.add_delayed("\n")
simstate.set_function_address(hex(gaddr.offsetvalue))
return "goto " + str(gaddr)
elif srcval.is_literal:
gaddr = simstate.resolve_literal_address(iaddr, srcval.literal_value)
if gaddr.is_defined:
simstate.simprogramcounter.set_delayed_programcounter(gaddr)
return "goto " + str(gaddr)
else:
raise SU.CHBSimError(
simstate,
iaddr,
"jr: target address cannot be resolved: " + str(srcval))
else:
raise SU.CHBSimError(
simstate,
iaddr,
"jr: illegal target address: " + str(srcval))
def do_assign(result: SV.SimValue) -> str:
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(
iaddr, simstate, lhs, result,
('val(' + str(src1op) + ') = ' + str(src1val) + ', val(' +
str(src2op) + ') = ' + str(src2val)))
def simulate(self, iaddr: str, simstate: X86SimulationState) -> None:
op1 = self.operand_1
op2 = self.operand_2
val1 = simstate.get_rhs(iaddr, op1)
val2 = simstate.get_rhs(iaddr, op2)
if val2.is_literal:
val2 = cast(SV.SimLiteralValue, val2)
if val2.is_byte:
val2 = cast(SV.SimByteValue, val2)
val2 = val2.sign_extend(op1.size)
elif val2.is_word:
val2 = cast(SV.SimWordValue, val2)
val2 = val2.sign_extend(op1.size)
if (val1.is_doubleword and val1.is_literal and val2.is_doubleword
and val2.is_literal):
val1 = cast(SV.SimDoubleWordValue, val1)
val2 = cast(SV.SimDoubleWordValue, val2)
result = val1.sub(val2)
simstate.update_flag(iaddr, 'CF', val1.sub_carries(val2))
simstate.update_flag(iaddr, 'OF', val1.sub_overflows(val2))
simstate.update_flag(iaddr, 'SF', result.is_negative)
simstate.update_flag(iaddr, 'ZF', result.is_zero)
simstate.update_flag(iaddr, 'PF', result.is_odd_parity)
else:
raise SU.CHBSimError(
simstate, iaddr,
("Comparison of " + str(op1) + ":" + str(val1) + " and " +
str(op2) + ":" + str(val2) + " not yet supported"))
def char_string(self, iaddr: str, address: SSV.SimAddress,
size: int) -> str:
offset = address.offsetvalue
if offset not in self._mem:
raise SU.CHBSimError(
self.simstate, iaddr,
"Address " + str(address) + " not found in memory")
if self._mem[offset].is_link:
return "----"
if size == 4:
b1 = self.byte(iaddr, offset + 3)
b2 = self.byte(iaddr, offset + 2)
b3 = self.byte(iaddr, offset + 1)
b4 = self.byte(iaddr, offset)
result = ""
if b1.value == 0 and b2.value == 0 and b3.value == 0 and b4.value == 0:
return result
if self.bigendian:
seq = [b4, b3, b2, b1]
else:
seq = [b1, b2, b3, b4]
for b in seq:
if b.value > 10 and b.value < 127:
result += chr(b.value)
else:
result += "?"
return result
else:
return "?"
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
immop = self.imm_operand
srcval = simstate.rhs(iaddr, srcop)
immval = immop.opkind.value
if srcval.is_undefined:
result = cast(SV.SimValue, SV.simUndefinedDW)
simstate.add_logmsg("warning",
"sltiu: operand is undefined: " + str(srcop))
elif srcval.is_literal:
if srcval.literal_value < immval:
result = SV.simOne
else:
result = SV.simZero
else:
result = SV.simUndefinedDW
simstate.add_logmsg(
"warning", "sltiu: operand not recognized: " + str(srcval))
lhs = simstate.set(iaddr, dstop, result)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, result,
str(srcval) + " < " + str(immval))
def get(self, iaddr: str, address: SSV.SimAddress,
size: int) -> SV.SimValue:
offset = address.offsetvalue
if address.base.startswith("/stderr"):
return cast(SV.SimValue, address)
if offset not in self._mem:
raise SU.CHBSimError(
self.simstate, iaddr,
"Address " + str(address) + " not found in memory")
elif self._mem[offset].is_link:
if self.bigendian:
try:
return self.symbolic_big_endian(iaddr, offset, size)
except UF.CHBError as e:
raise UF.CHBError(str(e) + ": " + str(self._mem[offset]))
else:
try:
return self.symbolic_little_endian(iaddr, offset, size)
except UF.CHBError as e:
raise UF.CHBError(
str(e) + ": " + str(address) + ": " +
str(self._mem[offset]))
elif size == 1:
return self.byte(iaddr, offset)
if self.bigendian:
return self.big_endian(iaddr, offset, size)
else:
return self.little_endian(iaddr, offset, size)
def byte(self, iaddr: str, offset: int) -> SV.SimByteValue:
if offset in self._mem:
simbyte = self._mem[offset]
if simbyte.is_defined:
return simbyte
else:
raise SU.CHBSimError(self.simstate, iaddr,
(self.name + " memory location at " +
hex(offset) + " is a symbolic value"))
else:
if self.initialized:
return SV.simZerobyte
else:
raise SU.CHBSimError(self.simstate, iaddr,
(self.name + " memory location at " +
str(hex(offset)) + " not initialized"))
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None:
srcop = self.src_operand
shiftop = self.shift_operand
dstop = self.dst_operand
srcval = simstate.get_rhs(iaddr, srcop)
shiftval = simstate.get_rhs(iaddr, shiftop)
dstval = simstate.get_rhs(iaddr, dstop)
if (shiftval.is_literal and srcval.is_literal and dstval.is_literal
and dstval.is_doubleword):
shiftval = cast(SV.SimLiteralValue, shiftval)
dstval = cast(SV.SimDoubleWordValue, dstval)
srcval = cast(SV.SimLiteralValue, srcval)
(cflag, result) = dstval.bitwise_shld(srcval, shiftval)
simstate.set(iaddr, dstop, result)
if shiftval.value > 0:
if shiftval.value == 1:
msbd = dstval.msb
msbr = result.msb
if msbd == msbr:
simstate.clear_flag(iaddr, 'OF')
else:
simstate.set_flag(iaddr, 'OF')
else:
simstate.undefine_flag(iaddr, 'OF')
simstate.update_flag(iaddr, 'CF', cflag == 1)
simstate.update_flag(iaddr, 'SF', result.is_negative)
simstate.update_flag(iaddr, 'ZF', result.is_zero)
simstate.update_flag(iaddr, 'PF', result.is_odd_parity)
else:
SU.CHBSimError(
simstate, iaddr,
("ShiftLeftDouble not yet implemented for " + str(dstop) +
":" + str(dstval) + ", " + str(srcop) + ":" + str(srcval) +
", " + str(shiftop) + ":" + str(shiftval)))
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None:
srcop = self.src_operand
dstop = self.dst_operand
if (srcop.is_register and dstop.is_register
and srcop.register == dstop.register):
simstate.set(iaddr, dstop, SV.simZero)
simstate.set_flag(iaddr, 'ZF')
simstate.clear_flag(iaddr, 'PF')
simstate.clear_flag(iaddr, 'CF')
simstate.clear_flag(iaddr, 'OF')
simstate.clear_flag(iaddr, 'SF')
else:
srcval = simstate.get_rhs(iaddr, srcop)
dstval = simstate.get_rhs(iaddr, dstop)
if dstval.is_literal:
dstval = cast(SV.SimLiteralValue, dstval)
result = dstval.bitwise_xor(srcval)
simstate.set(iaddr, dstop, result)
simstate.clear_flag(iaddr, 'OF')
simstate.clear_flag(iaddr, 'CF')
simstate.update_flag(iaddr, 'SF', result.is_negative)
simstate.update_flag(iaddr, 'ZF', result.is_zero)
simstate.update_flag(iaddr, 'PF', result.is_odd_parity)
else:
raise SU.CHBSimError(
simstate, iaddr,
("Xor cannot be applied to " + str(dstval)))
def get(self,
iaddr: str,
address: SSV.SimAddress,
size: int) -> SV.SimValue:
try:
for base in self.baseoffsets:
if (
address.offsetvalue >= base
and address.offsetvalue < base + self.buffersize):
address = address.add_offset(-base)
try:
memval = SimMemory.get(self, iaddr, address, size)
except SU.CHBSimError:
memval = SV.mk_simvalue(0, size=size)
return memval
else:
raise SU.CHBSimError(
self.simstate,
iaddr,
"invalid shared memory address: " + str(address))
except SU.CHBSimError as e:
print("Error in shared memory: " + str(e))
name = (self.name
+ '['
+ str(address.offsetvalue)
+ ']'
+ ' (value not retrieved: '
+ str(e)
+ ')')
return SSV.SimSymbol(name)
def simulate(self, iaddr: str, simstate: "SimulationState") -> str:
dstop = self.dst_operand
srcop = self.src_operand
srcval = simstate.rhs(iaddr, srcop, opsize=1)
lhs = simstate.set(iaddr, dstop, srcval)
simstate.increment_programcounter()
return SU.simassign(iaddr, simstate, lhs, srcval)
def simulate(self, iaddr: str, simstate: "X86SimulationState") -> None:
srcop = self.src_operand
dstop = self.dst_operand
srcval = simstate.get_rhs(iaddr, srcop)
dstval = simstate.get_rhs(iaddr, dstop)
if (srcval.is_literal and dstval.is_literal and dstval.is_doubleword):
srcval = cast(SV.SimLiteralValue, srcval)
dstval = cast(SV.SimDoubleWordValue, dstval)
(cflag, result) = dstval.bitwise_shr(srcval)
simstate.set(iaddr, dstop, result)
if srcval.value > 0:
simstate.update_flag(iaddr, 'CF', cflag == 1)
if srcval.value == 1:
msb = dstval.msb
simstate.update_flag(iaddr, 'OF', msb == 1)
else:
simstate.undefine_flag(iaddr, 'OF')
simstate.update_flag(iaddr, 'CF', cflag == 1)
simstate.update_flag(iaddr, 'SF', result.is_negative)
simstate.update_flag(iaddr, 'ZF', result.is_zero)
simstate.update_flag(iaddr, 'PF', result.is_odd_parity)
else:
raise SU.CHBSimError(
simstate, iaddr,
("ShiftRight not yet supported for " + str(dstop) + ":" +
str(dstval) + ", " + str(srcop) + ":" + str(srcval)))
