Python ManticoreWASM.register_plugin示例

示例#1

    def test_trace(self):
        """
        This checks the sequence of pushes and pops that take place during an example execution.
        That sequence isn't meant to be invariant, so if you change the implementation and break
        this test, by all means, replace it with the new sequence.
        :return:
        """

        def arg_gen(_state):
            return [I32(1337)]

        m = ManticoreWASM(wasm_file)
        tracker_plugin = StackTrackerPlugin()
        m.register_plugin(tracker_plugin)
        m.invoke("collatz", arg_gen)
        m.run()

        results = []
        for idx, val_list in enumerate(m.collect_returns()):
            results.append(val_list[0][0])

        self.assertEqual(sorted(results), [44])
        push_pop_seq = "".join(tracker_plugin.context.get("push_pop_seq"))

        self.assertEqual(push_pop_seq, "+-" * 892)

示例#2

文件： test_examples.py 项目： thyanin/manticore

    def test_plugin(self):
        def arg_gen(_state):
            return [I32(1337)]

        m = ManticoreWASM(wasm_file)
        counter_plugin = CallCounterPlugin()
        m.register_plugin(counter_plugin)
        m.invoke("collatz", arg_gen)
        m.run()

        # counts = m.context.get("<class 'test_examples.CallCounterPlugin'>").get("counter")
        counts = counter_plugin.context.get("counter")

        self.assertEqual(counts["br_if"], 45)
        self.assertEqual(counts["loop"], 44)
        self.assertEqual(counts["i32.add"], 88)

        results = []
        for idx, val_list in enumerate(m.collect_returns()):
            results.append(val_list[0][0])

        self.assertEqual(sorted(results), [44])

示例#3

文件： test_examples.py 项目： zumb08/manticore

    def test_implicit_call(self):
        m = ManticoreWASM(collatz_file)
        counter_plugin = CallCounterPlugin()
        m.register_plugin(counter_plugin)
        m.collatz(lambda s: [I32(1337)])

        counts = counter_plugin.context.get("counter")

        self.assertEqual(counts["br_if"], 45)
        self.assertEqual(counts["loop"], 44)
        self.assertEqual(counts["i32.add"], 88)

        results = []
        for idx, val_list in enumerate(m.collect_returns()):
            results.append(val_list[0][0])

        self.assertEqual(sorted(results), [44])

        m.collatz(lambda s: [I32(1338)])
        results = []
        for idx, val_list in enumerate(m.collect_returns()):
            results.append(val_list[0][0])

        self.assertEqual(sorted(results), [70])

示例#4

文件： test_state_saving.py 项目： zumb08/manticore

    def test_resume(self):
        m = ManticoreWASM(collatz_file)
        plugin = CallCounterPlugin()
        m.register_plugin(plugin)
        m.collatz(lambda s: [I32(1337)])
        m.run()

        counts_canonical = plugin.context.get("counter")

        m = ManticoreWASM(collatz_file)
        plugin = SerializerPlugin()
        m.register_plugin(plugin)
        m.collatz(lambda s: [I32(1337)])
        m.run()

        counts_save = plugin.context.get("counter")

        m = ManticoreWASM.from_saved_state("/tmp/collatz_checkpoint.pkl")
        plugin = CallCounterPlugin()
        m.register_plugin(plugin)
        m.run()

        counts_resume = plugin.context.get("counter")

        for k in counts_canonical:
            with self.subTest(k):
                self.assertEqual(
                    counts_save.get(k, 0) + counts_resume.get(k, 0),
                    counts_canonical[k],
                    f"Mismatched {k} count",
                )

        results = []
        for idx, val_list in enumerate(m.collect_returns()):
            results.append(val_list[0][0])

        self.assertEqual(sorted(results), [44])

示例#5

文件： collatz.py 项目： zumb08/manticore

    """

    def did_execute_instruction_callback(self, state, instruction):
        with self.locked_context("counter", dict) as ctx:
            val = ctx.setdefault(instruction.mnemonic, 0)
            ctx[instruction.mnemonic] = val + 1

    def did_terminate_state_callback(self, state, *args):
        insn_sum = 0
        with self.locked_context("counter") as ctx:
            for mnemonic, count in sorted(ctx.items(), key=lambda x: x[1], reverse=True):
                print("{: <10} {: >4}".format(mnemonic, count))
                insn_sum += count
        print(insn_sum, "instructions executed")


m = ManticoreWASM("collatz.wasm")

# Registering the plugin connects its callbacks to the correct events
m.register_plugin(CounterPlugin())

# Invoke `collatz(1337)`
m.collatz(lambda s: [I32(1337)])

# Manually collect return values
for idx, val_list in enumerate(m.collect_returns()):
    print("State", idx, "::", val_list[0])

# Finalize the run (dump testcases)
m.finalize()

示例#6

文件： solve.py 项目： zumb08/manticore

    """ Symbolic `getchar` implementation. Returns an arbitrary single byte """
    res = state.new_symbolic_value(32, "getchar_res")
    state.constrain(0 < res)
    state.constrain(res < 256)
    return [res]


class PrintRetPlugin(Plugin):
    """ A plugin that looks for states that returned zero and solves for their inputs """
    def will_terminate_state_callback(self, state, *args):
        retval = state.stack.peek()
        if retval == 0:
            print("Solution found!")
            for sym in state.input_symbols:
                solved = state.solve_one(sym)
                print(f"{sym.name}: {chr(solved)} --> Return {retval}")


# Pass our symbolic implementation of the `getchar` function into the WASM environment
# as an import.
m = ManticoreWASM("if_check.wasm", env={"getchar": getchar})

# Register our state termination callback
m.register_plugin(PrintRetPlugin())

# Run the main function, which will call getchar
m.main()

# Save a copy of the inputs to the disk
m.finalize()