def test_CMPXCHG8B_symbolic(self): '''CMPXCHG8B''' cs = ConstraintSet() mem = SMemory32(cs) cpu = I386Cpu(mem) #alloc/map a little mem code = mem.mmap(0x1000, 0x1000, 'rwx') data = mem.mmap(0x2000, 0x1000, 'rwx') mem[code:code+5] = '\xf0\x0f\xc7\x0f;' cpu.EIP = code cpu.EDI = cs.new_bitvec(32, 'EDI') cs.add( Operators.OR(cpu.EDI == 0x2000, cpu.EDI == 0x2100, cpu.EDI == 0x2200 ) ) self.assertEqual(sorted(solver.get_all_values(cs, cpu.EDI)),[0x2000,0x2100,0x2200]) self.assertEqual(cpu.read_int(0x2000,64), 0) self.assertEqual(cpu.read_int(0x2100,64), 0) self.assertEqual(cpu.read_int(0x2200,64), 0) self.assertItemsEqual(solver.get_all_values(cs, cpu.read_int(cpu.EDI,64)), [0]) #self.assertEqual(cpu.read_int(cpu.EDI,64), 0 ) cpu.write_int(0x2100, 0x4142434445464748, 64) cpu.EAX = cs.new_bitvec(32, 'EAX') cs.add( Operators.OR(cpu.EAX == 0x41424344, cpu.EAX == 0x0badf00d, cpu.EAX == 0xf7f7f7f7 ) ) cpu.EDX= 0x45464748 cpu.execute() self.assertTrue(solver.check(cs)) self.assertItemsEqual(solver.get_all_values(cs, cpu.read_int(cpu.EDI,64)), [0, 4702394921427289928])
def testBool4(self): cs = ConstraintSet() bf = BoolConstant(value=False) bt = BoolConstant(value=True) cs.add(Operators.OR(True, bf)) cs.add(Operators.OR(bt, bt, False)) self.assertTrue(self.solver.check(cs))
def testRelated(self): cs = ConstraintSet() aa1 = cs.new_bool(name="AA1") aa2 = cs.new_bool(name="AA2") bb1 = cs.new_bool(name="BB1") bb2 = cs.new_bool(name="BB2") cs.add(Operators.OR(aa1, aa2)) cs.add(Operators.OR(bb1, bb2)) self.assertTrue(self.solver.check(cs)) # No BB variables related to AA self.assertNotIn("BB", cs.related_to(aa1).to_string()) self.assertNotIn("BB", cs.related_to(aa2).to_string()) self.assertNotIn("BB", cs.related_to(aa1 == aa2).to_string()) self.assertNotIn("BB", cs.related_to(aa1 == False).to_string()) # No AA variables related to BB self.assertNotIn("AA", cs.related_to(bb1).to_string()) self.assertNotIn("AA", cs.related_to(bb2).to_string()) self.assertNotIn("AA", cs.related_to(bb1 == bb2).to_string()) self.assertNotIn("AA", cs.related_to(bb1 == False).to_string()) # Nothing is related to tautologies? self.assertEqual("", cs.related_to(simplify(bb1 == bb1)).to_string()) # But if the tautollogy can not get simplified we have to ask the solver # and send in all the other stuff self.assertNotIn("AA", cs.related_to(bb1 == bb1).to_string())
def test_simplify_OR(self): cs = ConstraintSet() bf = BoolConstant(value=False) bt = BoolConstant(value=True) var = cs.new_bool() cs.add(simplify(Operators.OR(var, var)) == var) cs.add(simplify(Operators.OR(var, bt)) == bt) self.assertTrue(self.solver.check(cs))