def SimIRExpr_CCall(engine, state, expr):
if o.DO_CCALLS not in state.options:
return state.solver.Unconstrained("ccall_ret", get_type_size(expr.ret_type))
call_args = [engine.handle_expression(state, e) for e in expr.args]
if hasattr(ccall, expr.callee.name):
try:
func = getattr(ccall, expr.callee.name)
result, constraints = func(state, *call_args)
state.solver.add(*constraints)
except SimCCallError:
if o.BYPASS_ERRORED_IRCCALL not in state.options:
raise
state.history.add_event('resilience', resilience_type='ccall', callee=expr.callee.name, message='ccall raised SimCCallError')
result = state.solver.Unconstrained("errored_%s" % expr.callee.name, get_type_size(expr.ret_type))
else:
l.error("Unsupported CCall %s", expr.callee.name)
if o.BYPASS_UNSUPPORTED_IRCCALL in state.options:
if o.UNSUPPORTED_BYPASS_ZERO_DEFAULT in state.options:
result = state.solver.BVV(0, get_type_size(expr.ret_type))
else:
result = state.solver.Unconstrained("unsupported_%s" % expr.callee.name, get_type_size(expr.ret_type))
state.history.add_event('resilience', resilience_type='ccall', callee=expr.callee.name, message='unsupported ccall')
else:
raise UnsupportedCCallError("Unsupported CCall %s" % expr.callee.name)
return result
def size_bits(self, ty=None):
if not ty:
if self.type is not None:
return get_type_size(self.type)
return len(self.stmt)
else:
# Allow subclasses to define which parameter they consider their size
return get_type_size(ty)
def size_bits(self, ty=None):
if not ty:
if self.type is not None:
return get_type_size(self.type)
return len(self.stmt)
else:
# Allow subclasses to define which parameter they consider their size
return get_type_size(ty)
def SimIRExpr_GetI(engine, state, expr):
ix = engine.handle_expression(state, expr.ix)
size_in_bits = get_type_size(expr.descr.elemTy)
size = size_in_bits // state.arch.byte_width
array_base = expr.descr.base
array_index = (ix + expr.bias) % expr.descr.nElems
offset = array_base + array_index * size
# get it!
result = state.registers.load(offset, size)
if expr.descr.elemTy.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the register references
if o.TRACK_REGISTER_ACTIONS in state.options:
r = SimActionData(state,
state.registers.id,
SimActionData.READ,
addr=offset,
size=size_in_bits,
data=result)
state.history.add_action(r)
return result
def SimIRExpr_Load(engine, state, expr):
# size of the load
size_bits = get_type_size(expr.type)
size = size_bits // state.arch.byte_width
# get the address expression and track stuff
with state.history.subscribe_actions() as addr_actions:
addr = engine.handle_expression(state, expr.addr)
if o.UNINITIALIZED_ACCESS_AWARENESS in state.options:
if getattr(addr._model_vsa, 'uninitialized', False):
raise SimUninitializedAccessError('addr', addr)
if o.DO_LOADS not in state.options:
# only do the load if, uh, we have to
result = state.solver.Unconstrained("load_expr_%#x_%d" % (state.scratch.ins_addr, state.scratch.stmt_idx), size_bits)
else:
# load from memory and fix endianness
result = state.memory.load(addr, size, endness=expr.endness)
if expr.type.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the mem read
if o.TRACK_MEMORY_ACTIONS in state.options:
addr_ao = SimActionObject(addr, deps=addr_actions, state=state)
r = SimActionData(state, state.memory.id, SimActionData.READ, addr=addr_ao, size=size_bits, data=result)
state.history.add_action(r)
return result
def cast_to(self, rdt, tydest, signed=False, high=False):
goalwidth = get_type_size(tydest)
rdtwidth = self.get_rdt_width(rdt)
if rdtwidth > goalwidth:
return self.op_narrow_int(rdt, tydest, high_half=high)
elif rdtwidth < goalwidth:
return self.op_widen_int(rdt, tydest, signed=signed)
else:
return rdt
def SimIRExpr_CCall(engine, state, expr):
if o.DO_CCALLS not in state.options:
return state.solver.Unconstrained("ccall_ret",
get_type_size(expr.ret_type))
call_args = [engine.handle_expression(state, e) for e in expr.args]
if hasattr(ccall, expr.callee.name):
try:
func = getattr(ccall, expr.callee.name)
result, constraints = func(state, *call_args)
state.solver.add(*constraints)
except SimCCallError:
if o.BYPASS_ERRORED_IRCCALL not in state.options:
raise
state.history.add_event('resilience',
resilience_type='ccall',
callee=expr.callee.name,
message='ccall raised SimCCallError')
result = state.solver.Unconstrained(
"errored_%s" % expr.callee.name, get_type_size(expr.ret_type))
else:
l.error("Unsupported CCall %s", expr.callee.name)
if o.BYPASS_UNSUPPORTED_IRCCALL in state.options:
if o.UNSUPPORTED_BYPASS_ZERO_DEFAULT in state.options:
result = state.solver.BVV(0, get_type_size(expr.ret_type))
else:
result = state.solver.Unconstrained(
"unsupported_%s" % expr.callee.name,
get_type_size(expr.ret_type))
state.history.add_event('resilience',
resilience_type='ccall',
callee=expr.callee.name,
message='unsupported ccall')
else:
raise UnsupportedCCallError("Unsupported CCall %s" %
expr.callee.name)
return result
def translate_irconst(state, c):
size = get_type_size(c.type)
if isinstance(c.value, int):
return state.solver.BVV(c.value, size)
elif isinstance(c.value, float):
if options.SUPPORT_FLOATING_POINT not in state.options:
raise UnsupportedIRExprError("floating point support disabled")
if size == 32:
return state.solver.FPV(c.value, FSORT_FLOAT)
elif size == 64:
return state.solver.FPV(c.value, FSORT_DOUBLE)
else:
raise SimExpressionError("Unsupported floating point size: %d" % size)
raise SimExpressionError("Unsupported constant type: %s" % type(c.value))
def translate_irconst(state, c):
size = get_type_size(c.type)
if isinstance(c.value, (int, long)):
return state.se.BVV(c.value, size)
elif isinstance(c.value, float):
if options.SUPPORT_FLOATING_POINT not in state.options:
raise UnsupportedIRExprError("floating point support disabled")
if size == 32:
return state.se.FPV(c.value, FSORT_FLOAT)
elif size == 64:
return state.se.FPV(c.value, FSORT_DOUBLE)
else:
raise SimExpressionError("Unsupported floating point size: %d" %
size)
raise SimExpressionError("Unsupported constant type: %s" % type(c.value))
def SimIRStmt_LoadG(engine, state, stmt):
with state.history.subscribe_actions() as addr_deps:
addr = engine.handle_expression(state, stmt.addr)
with state.history.subscribe_actions() as alt_deps:
alt = engine.handle_expression(state, stmt.alt)
with state.history.subscribe_actions() as guard_deps:
guard = engine.handle_expression(state, stmt.guard)
read_type, converted_type = stmt.cvt_types
read_size_bits = get_type_size(read_type)
converted_size_bits = get_type_size(converted_type)
read_size = read_size_bits // state.arch.byte_width
read_expr = state.memory.load(addr, read_size, endness=stmt.end, condition=guard != 0)
if read_size_bits == converted_size_bits:
converted_expr = read_expr
elif "S" in stmt.cvt:
converted_expr = read_expr.sign_extend(converted_size_bits - read_size_bits)
elif "U" in stmt.cvt:
converted_expr = read_expr.zero_extend(converted_size_bits - read_size_bits)
else:
raise SimStatementError("Unrecognized IRLoadGOp %s!" % stmt.cvt)
read_expr = state.solver.If(guard != 0, converted_expr, alt)
state.scratch.store_tmp(stmt.dst, read_expr, deps=addr_deps + alt_deps + guard_deps)
if o.TRACK_MEMORY_ACTIONS in state.options:
data_ao = SimActionObject(converted_expr)
alt_ao = SimActionObject(alt, deps=alt_deps, state=state)
addr_ao = SimActionObject(addr, deps=addr_deps, state=state)
guard_ao = SimActionObject(guard, deps=guard_deps, state=state)
size_ao = SimActionObject(converted_size_bits)
r = SimActionData(state, state.memory.id, SimActionData.READ, addr=addr_ao, data=data_ao, condition=guard_ao, size=size_ao, fallback=alt_ao)
state.history.add_action(r)
def SimIRExpr_Get(_, state, expr):
size_in_bits = get_type_size(expr.ty)
size = size_in_bits // state.arch.byte_width
# get it!
result = state.registers.load(expr.offset, size)
if expr.type.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the register references
if o.TRACK_REGISTER_ACTIONS in state.options:
r = SimActionData(state, state.registers.id, SimActionData.READ, addr=expr.offset,
size=size_in_bits, data=result
)
state.history.add_action(r)
return result
def SimIRExpr_Get(_, state, expr):
size_in_bits = get_type_size(expr.ty)
size = size_in_bits // state.arch.byte_width
# get it!
result = state.registers.load(expr.offset, size)
if expr.type.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the register references
if o.TRACK_REGISTER_ACTIONS in state.options:
r = SimActionData(state,
state.registers.id,
SimActionData.READ,
addr=expr.offset,
size=size_in_bits,
data=result)
state.history.add_action(r)
return result
def SimIRExpr_GetI(engine, state, expr):
ix = engine.handle_expression(state, expr.ix)
size_in_bits = get_type_size(expr.descr.elemTy)
size = size_in_bits // state.arch.byte_width
array_base = expr.descr.base
array_index = (ix + expr.bias) % expr.descr.nElems
offset = array_base + array_index*size
# get it!
result = state.registers.load(offset, size)
if expr.descr.elemTy.startswith('Ity_F'):
result = result.raw_to_fp()
# finish it and save the register references
if o.TRACK_REGISTER_ACTIONS in state.options:
r = SimActionData(state, state.registers.id, SimActionData.READ, addr=offset, size=size_in_bits, data=result)
state.history.add_action(r)
return result
def SimIRExpr_Op(engine, state, expr):
exprs = [engine.handle_expression(state, e) for e in expr.args]
try:
result = translate(state, expr.op, exprs)
if o.TRACK_OP_ACTIONS in state.options:
action_objects = []
for arg, ex in zip(expr.args, exprs):
if isinstance(arg, RdTmp):
action_objects.append(SimActionObject(ex, tmp_deps=frozenset({arg.tmp})))
elif isinstance(arg, Get):
action_objects.append(SimActionObject(ex, reg_deps=frozenset({arg.offset})))
else:
action_objects.append(SimActionObject(ex))
r = SimActionOperation(state, expr.op, action_objects, result)
state.history.add_action(r)
except UnsupportedIROpError:
if o.BYPASS_UNSUPPORTED_IROP in state.options:
state.history.add_event('resilience', resilience_type='irop', op=expr.op, message='unsupported IROp')
res_type = get_op_retty(expr.op)
res_size = get_type_size(res_type)
if o.UNSUPPORTED_BYPASS_ZERO_DEFAULT in state.options:
result = state.solver.BVV(0, res_size)
else:
result = state.solver.Unconstrained(type(expr).__name__, res_size)
if res_type.startswith('Ity_F'):
result = result.raw_to_fp()
else:
raise
except SimOperationError as e:
e.bbl_addr = state.scratch.bbl_addr
e.stmt_idx = state.scratch.stmt_idx
e.ins_addr = state.scratch.ins_addr
e.executed_instruction_count = state.history.recent_instruction_count
raise
return result
def get_msb(self, tmp, ty):
width = get_type_size(ty)
return self.get_bit(tmp, width - 1)
from claripy.fp import FSORT_FLOAT, FSORT_DOUBLE
from pyvex.const import get_type_size
def translate_irconst(state, c):
'''
BV化的地方
'''
size = get_type_size(c.type)
if isinstance(c.value, (int, long)):
return state.se.BVV(c.value, size)
elif isinstance(c.value, float):
if options.SUPPORT_FLOATING_POINT not in state.options:
raise UnsupportedIRExprError("floating point support disabled")
if size == 32:
return state.se.FPV(c.value, FSORT_FLOAT)
elif size == 64:
return state.se.FPV(c.value, FSORT_DOUBLE)
else:
raise SimExpressionError("Unsupported floating point size: %d" % size)
raise SimExpressionError("Unsupported constant type: %s" % type(c.value))
from .expressions import SimIRExpr, translate_expr
from .statements import SimIRStmt, translate_stmt
from .engine import SimEngineVEX
from . import ccall
from .irop import operations
from ...errors import SimExpressionError, UnsupportedIRExprError
from ... import sim_options as options
