def _execute(self):
#l.warning("LLSC is handled soundly but imprecisely.")
addr = self._translate_expr(self.stmt.addr)
if self.stmt.storedata is None:
# it's a load-linked
load_size = get_type_size(self.state.scratch.tyenv.lookup(self.stmt.result))//self.state.arch.byte_width
data = self.state.memory.load(addr.expr, load_size, endness=self.stmt.endness)
self.state.scratch.store_tmp(self.stmt.result, data, addr.reg_deps(), addr.tmp_deps())
else:
# it's a store-conditional
#result = self.state.se.Unconstrained('llcd_result', 1)
#new_data = self._translate_expr(self.stmt.storedata)
#old_data = self.state.memory.load(addr.expr, new_data.size_bytes(), endness=self.stmt.endness)
#store_data = self.state.se.If(result == 1, new_data.expr, old_data)
# for single-threaded programs, an SC will never fail. For now, we just assume it succeeded.
store_data = self._translate_expr(self.stmt.storedata)
result = self.state.se.BVV(1, 1)
# the action
if o.TRACK_MEMORY_ACTIONS in self.state.options:
data_ao = SimActionObject(store_data.expr, reg_deps=store_data.reg_deps(), tmp_deps=store_data.tmp_deps())
addr_ao = SimActionObject(addr.expr, reg_deps=addr.reg_deps(), tmp_deps=addr.tmp_deps())
#guard_ao = SimActionObject(result == 1)
size_ao = SimActionObject(store_data.expr.length)
a = SimActionData(self.state, self.state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao)
self.actions.append(a)
else:
a = None
self.state.memory.store(addr.expr, store_data.expr, action=a)
self.state.scratch.store_tmp(self.stmt.result, result, addr.reg_deps() | store_data.reg_deps(), addr.tmp_deps() | store_data.tmp_deps())
def symbol(ty, name):
if ty == 'Ity_F32':
return claripy.FPS(name, claripy.FSORT_FLOAT)
elif ty == 'Ity_F64':
return claripy.FPS(name, claripy.FSORT_DOUBLE)
else:
return claripy.BVS(name, pyvex.get_type_size(ty))
def value(ty, val):
if ty == 'Ity_F32':
return claripy.FPV(float(val), claripy.FSORT_FLOAT)
elif ty == 'Ity_F64':
return claripy.FPV(float(val), claripy.FSORT_DOUBLE)
else:
return claripy.BVV(int(val), pyvex.get_type_size(ty))
def _execute(self):
#l.warning("LLSC is handled soundly but imprecisely.")
addr = self._translate_expr(self.stmt.addr)
if self.stmt.storedata is None:
# it's a load-linked
load_size = get_type_size(self.state.scratch.tyenv.lookup(self.stmt.result))//self.state.arch.byte_width
data = self.state.memory.load(addr.expr, load_size, endness=self.stmt.endness)
self.state.scratch.store_tmp(self.stmt.result, data, addr.reg_deps(), addr.tmp_deps())
else:
# it's a store-conditional
#result = self.state.solver.Unconstrained('llcd_result', 1)
#new_data = self._translate_expr(self.stmt.storedata)
#old_data = self.state.memory.load(addr.expr, new_data.size_bytes(), endness=self.stmt.endness)
#store_data = self.state.solver.If(result == 1, new_data.expr, old_data)
# for single-threaded programs, an SC will never fail. For now, we just assume it succeeded.
store_data = self._translate_expr(self.stmt.storedata)
result = self.state.solver.BVV(1, 1)
# the action
if o.TRACK_MEMORY_ACTIONS in self.state.options:
data_ao = SimActionObject(store_data.expr, reg_deps=store_data.reg_deps(), tmp_deps=store_data.tmp_deps())
addr_ao = SimActionObject(addr.expr, reg_deps=addr.reg_deps(), tmp_deps=addr.tmp_deps())
#guard_ao = SimActionObject(result == 1)
size_ao = SimActionObject(store_data.expr.length)
a = SimActionData(self.state, self.state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao)
self.actions.append(a)
else:
a = None
self.state.memory.store(addr.expr, store_data.expr, action=a)
self.state.scratch.store_tmp(self.stmt.result, result, addr.reg_deps() | store_data.reg_deps(), addr.tmp_deps() | store_data.tmp_deps())
def _perform_vex_expr_RdTmp(self, tmp):
try:
return super()._perform_vex_expr_RdTmp(tmp)
except LookupError:
if o.SUPER_FASTPATH in self.state.options:
return claripy.BVV(0, pyvex.get_type_size(self.irsb.tyenv.lookup(tmp)))
else:
raise
def value(ty, val, size: Optional[int] = None):
if ty == 'Ity_F32':
return claripy.FPV(float(val), claripy.FSORT_FLOAT)
elif ty == 'Ity_F64':
return claripy.FPV(float(val), claripy.FSORT_DOUBLE)
else:
if size is not None:
return claripy.BVV(int(val), size)
return claripy.BVV(int(val), pyvex.get_type_size(ty))
def _perform_vex_expr_Get(self, offset_bundle, ty, **kwargs):
offset, offset_deps = offset_bundle
result = super()._perform_vex_expr_Get(offset, ty, **kwargs)
if o.TRACK_REGISTER_ACTIONS in self.state.options:
offset_ao = SimActionObject(offset, deps=offset_deps, state=self.state)
r = SimActionData(self.state, self.state.registers.id, SimActionData.READ, addr=offset_ao,
size=pyvex.get_type_size(ty), data=result
)
self.state.history.add_action(r)
a = frozenset((r,))
else:
a = frozenset()
return result, a
def SimIRStmt_LLSC(engine, state, stmt):
#l.warning("LLSC is handled soundly but imprecisely.")
with state.history.subscribe_actions() as addr_actions:
addr = engine.handle_expression(state, stmt.addr)
if stmt.storedata is None:
# it's a load-linked
load_size = get_type_size(state.scratch.tyenv.lookup(
stmt.result)) // state.arch.byte_width
data = state.memory.load(addr, load_size, endness=stmt.endness)
state.scratch.store_tmp(stmt.result, data, deps=addr_actions)
else:
# it's a store-conditional
#result = state.solver.Unconstrained('llcd_result', 1)
#new_data = self._translate_expr(stmt.storedata)
#old_data = state.memory.load(addr, new_data.size_bytes(), endness=stmt.endness)
#store_data = state.solver.If(result == 1, new_data, old_data)
# for single-threaded programs, an SC will never fail. For now, we just assume it succeeded.
with state.history.subscribe_actions() as data_actions:
store_data = engine.handle_expression(state, stmt.storedata)
# the action
if o.TRACK_MEMORY_ACTIONS in state.options:
data_ao = SimActionObject(store_data,
deps=data_actions,
state=state)
addr_ao = SimActionObject(addr, deps=addr_actions, state=state)
#guard_ao = SimActionObject(result == 1))
size_ao = SimActionObject(len(store_data))
a = SimActionData(state,
state.memory.id,
SimActionData.WRITE,
addr=addr_ao,
data=data_ao,
size=size_ao)
state.history.add_action(a)
else:
a = None
state.memory.store(addr, store_data, action=a)
result = state.solver.BVV(1, 1)
state.scratch.store_tmp(stmt.result,
result,
deps=addr_actions + data_actions)
def _perform_vex_expr_Load(self, addr_bundle, ty, end, **kwargs):
addr, addr_deps = addr_bundle
result = super()._perform_vex_expr_Load(addr, ty, end, **kwargs)
if o.TRACK_MEMORY_ACTIONS in self.state.options:
addr_ao = SimActionObject(addr, deps=addr_deps, state=self.state)
r = SimActionData(self.state,
self.state.memory.id,
SimActionData.READ,
addr=addr_ao,
size=pyvex.get_type_size(ty),
data=result)
self.state.history.add_action(r)
a = frozenset((r, ))
else:
a = frozenset()
return result, a
def SimIRStmt_LLSC(engine, state, stmt):
#l.warning("LLSC is handled soundly but imprecisely.")
with state.history.subscribe_actions() as addr_actions:
addr = engine.handle_expression(state, stmt.addr)
if stmt.storedata is None:
# it's a load-linked
load_size = get_type_size(state.scratch.tyenv.lookup(stmt.result))//state.arch.byte_width
data = state.memory.load(addr, load_size, endness=stmt.endness)
state.scratch.store_tmp(stmt.result, data, deps=addr_actions)
else:
# it's a store-conditional
#result = state.solver.Unconstrained('llcd_result', 1)
#new_data = self._translate_expr(stmt.storedata)
#old_data = state.memory.load(addr, new_data.size_bytes(), endness=stmt.endness)
#store_data = state.solver.If(result == 1, new_data, old_data)
# for single-threaded programs, an SC will never fail. For now, we just assume it succeeded.
with state.history.subscribe_actions() as data_actions:
store_data = engine.handle_expression(state, stmt.storedata)
# the action
if o.TRACK_MEMORY_ACTIONS in state.options:
data_ao = SimActionObject(store_data, deps=data_actions, state=state)
addr_ao = SimActionObject(addr, deps=addr_actions, state=state)
#guard_ao = SimActionObject(result == 1))
size_ao = SimActionObject(len(store_data))
a = SimActionData(state, state.memory.id, SimActionData.WRITE, addr=addr_ao, data=data_ao, size=size_ao)
state.history.add_action(a)
else:
a = None
state.memory.store(addr, store_data, action=a)
result = state.solver.BVV(1, 1)
state.scratch.store_tmp(stmt.result, result, deps=addr_actions + data_actions)
def _ty_to_bytes(self, ty):
return pyvex.get_type_size(ty) // getattr(
getattr(getattr(self, 'state', None), 'arch', None), 'byte_width',
8)
def __init__(self, irsb_c, rdt):
self.irsb_c = irsb_c
self.ty = self.irsb_c.get_type(rdt)
self.rdt = rdt
self.width = pyvex.get_type_size(self.ty)
self.is_signed = False
