def _abstract_to_primitive(self, ctx, ast):
decl = z3.Z3_get_app_decl(ctx, ast)
decl_num = z3.Z3_get_decl_kind(ctx, decl)
if decl_num not in z3_op_nums:
raise ClaripyError("unknown decl kind %d" % decl_num)
if z3_op_nums[decl_num] not in op_map:
raise ClaripyError("unknown decl op %s" % z3_op_nums[decl_num])
op_name = op_map[z3_op_nums[decl_num]]
if op_name == 'BitVecVal':
if z3.Z3_get_numeral_uint64(ctx, ast, self._c_uint64_p):
return self._c_uint64_p.contents.value
else:
bv_num = int(z3.Z3_get_numeral_string(ctx, ast))
return bv_num
elif op_name == 'True':
return True
elif op_name == 'False':
return False
elif op_name in ('FPVal', 'MinusZero', 'MinusInf', 'PlusZero',
'PlusInf', 'NaN'):
return self._abstract_fp_val(ctx, ast, op_name)
else:
raise BackendError("Unable to abstract Z3 object to primitive")
def _abstract_to_primitive(ctx, ast):
decl = z3.Z3_get_app_decl(ctx, ast)
decl_num = z3.Z3_get_decl_kind(ctx, decl)
if decl_num not in z3_op_nums:
raise ClaripyError("unknown decl kind %d" % decl_num)
if z3_op_nums[decl_num] not in op_map:
raise ClaripyError("unknown decl op %s" % z3_op_nums[decl_num])
op_name = op_map[z3_op_nums[decl_num]]
if op_name == 'BitVecVal':
return long(z3.Z3_get_numeral_string(ctx, ast))
elif op_name == 'FPVal':
# this is really imprecise
fp_mantissa = float(z3.Z3_fpa_get_numeral_significand_string(ctx, ast))
fp_exp = long(z3.Z3_fpa_get_numeral_exponent_string(ctx, ast))
return fp_mantissa * (2 ** fp_exp)
elif op_name == 'True':
return True
elif op_name == 'False':
return False
else:
raise BackendError("Unable to abstract Z3 object to primitive")
def _abstract_internal(self, ctx, ast, split_on=None):
h = self._z3_ast_hash(ctx, ast)
try:
return self._ast_cache[h]
except KeyError:
pass
decl = z3.Z3_get_app_decl(ctx, ast)
decl_num = z3.Z3_get_decl_kind(ctx, decl)
z3_sort = z3.Z3_get_sort(ctx, ast)
if decl_num not in z3_op_nums:
raise ClaripyError("unknown decl kind %d" % decl_num)
if z3_op_nums[decl_num] not in op_map:
raise ClaripyError("unknown decl op %s" % z3_op_nums[decl_num])
op_name = op_map[z3_op_nums[decl_num]]
num_args = z3.Z3_get_app_num_args(ctx, ast)
split_on = self._split_on if split_on is None else split_on
new_split_on = split_on if op_name in split_on else set()
children = [
self._abstract_internal(ctx, z3.Z3_get_app_arg(ctx, ast, i),
new_split_on) for i in range(num_args)
]
append_children = True
if op_name == 'True':
return BoolV(True)
elif op_name == 'False':
return BoolV(False)
elif op_name.startswith('RM_'):
return RM.from_name(op_name)
elif op_name == 'BitVecVal':
bv_size = z3.Z3_get_bv_sort_size(ctx, z3_sort)
if z3.Z3_get_numeral_uint64(ctx, ast, self._c_uint64_p):
return BVV(self._c_uint64_p.contents.value, bv_size)
else:
bv_num = int(z3.Z3_get_numeral_string(ctx, ast))
return BVV(bv_num, bv_size)
elif op_name in ('FPVal', 'MinusZero', 'MinusInf', 'PlusZero',
'PlusInf', 'NaN'):
ebits = z3.Z3_fpa_get_ebits(ctx, z3_sort)
sbits = z3.Z3_fpa_get_sbits(ctx, z3_sort)
sort = FSort.from_params(ebits, sbits)
val = self._abstract_fp_val(ctx, ast, op_name)
return FPV(val, sort)
elif op_name == 'UNINTERPRETED' and num_args == 0: # symbolic value
symbol_name = z3.Z3_get_symbol_string(
ctx, z3.Z3_get_decl_name(ctx, decl))
symbol_ty = z3.Z3_get_sort_kind(ctx, z3_sort)
if symbol_ty == z3.Z3_BV_SORT:
bv_size = z3.Z3_get_bv_sort_size(ctx, z3_sort)
return BV('BVS',
(symbol_name, None, None, None, False, False, None),
length=bv_size,
variables={symbol_name},
symbolic=True)
elif symbol_ty == z3.Z3_FLOATING_POINT_SORT:
ebits = z3.Z3_fpa_get_ebits(ctx, z3_sort)
sbits = z3.Z3_fpa_get_sbits(ctx, z3_sort)
sort = FSort.from_params(ebits, sbits)
return FP('FPS', (symbol_name, sort),
variables={symbol_name},
symbolic=True,
length=sort.length)
else:
raise BackendError("Unknown z3 term type %d...?" % symbol_ty)
elif op_name == 'UNINTERPRETED':
mystery_name = z3.Z3_get_symbol_string(
ctx, z3.Z3_get_decl_name(ctx, decl))
args = []
#
# TODO: DEPRECATED: remove the following after some reasonable amount of time.
#
if mystery_name == 'bvsmod_i':
l.error(
"Your Z3 is out of date. Please update angr-only-z3-custom or future releases of claripy will fail."
)
op_name = '__mod__'
decl_num = z3.Z3_OP_BSMOD
elif mystery_name == 'bvsdiv_i':
l.error(
"Your Z3 is out of date. Please update angr-only-z3-custom or future releases of claripy will fail."
)
op_name = 'SDiv'
decl_num = z3.Z3_OP_BSDIV
else:
l.error(
"Mystery operation %s in BackendZ3._abstract_internal. Please report this.",
mystery_name)
elif op_name == 'Extract':
hi = z3.Z3_get_decl_int_parameter(ctx, decl, 0)
lo = z3.Z3_get_decl_int_parameter(ctx, decl, 1)
args = [hi, lo]
elif op_name in ('SignExt', 'ZeroExt'):
num = z3.Z3_get_decl_int_parameter(ctx, decl, 0)
args = [num]
elif op_name in ('fpToFP', 'fpToFPSigned'):
exp = z3.Z3_fpa_get_ebits(ctx, z3_sort)
mantissa = z3.Z3_fpa_get_sbits(ctx, z3_sort)
sort = FSort.from_params(exp, mantissa)
args = children + [sort]
append_children = False
elif op_name in ('fpToSBV', 'fpToUBV'):
# uuuuuugggggghhhhhh
bv_size = z3.Z3_get_bv_sort_size(ctx, z3_sort)
args = children + [bv_size]
append_children = False
else:
args = []
if append_children:
args.extend(children)
# hmm.... honestly not sure what to do here
result_ty = op_type_map[z3_op_nums[decl_num]]
ty = type(args[-1])
if type(result_ty) is str:
err = "Unknown Z3 error in abstraction (result_ty == '%s'). Update your version of Z3, and, if the problem persists, open a claripy issue." % result_ty
l.error(err)
raise BackendError(err)
if op_name == 'If':
# If is polymorphic and thus must be handled specially
ty = type(args[1])
a = ty('If', tuple(args), length=args[1].length)
elif hasattr(ty, op_name) or hasattr(_all_operations, op_name):
op = getattr(ty if hasattr(ty, op_name) else _all_operations,
op_name)
if op.calc_length is not None:
length = op.calc_length(*args)
a = result_ty(op_name, tuple(args), length=length)
else:
a = result_ty(op_name, tuple(args))
else:
a = result_ty(op_name, tuple(args))
self._ast_cache[h] = a
return a
def _back_single_term(self, expr, args, model=None):
assert z3.is_expr(expr)
if z3.is_quantifier(expr):
raise NotImplementedError(
"Quantified back conversion is currently not supported")
assert not len(args) > 2 or \
(z3.is_and(expr) or z3.is_or(expr) or
z3.is_add(expr) or z3.is_mul(expr) or
(len(args) == 3 and (z3.is_ite(expr) or z3.is_array_store(expr)))),\
"Unexpected n-ary term: %s" % expr
res = None
try:
decl = z3.Z3_get_app_decl(expr.ctx_ref(), expr.as_ast())
kind = z3.Z3_get_decl_kind(expr.ctx.ref(), decl)
# Try to get the back-conversion function for the given Kind
fun = self._back_fun[kind]
return fun(args, expr)
except KeyError as ex:
pass
if z3.is_const(expr):
# Const or Symbol
if z3.is_rational_value(expr):
n = expr.numerator_as_long()
d = expr.denominator_as_long()
f = Fraction(n, d)
return self.mgr.Real(f)
elif z3.is_int_value(expr):
n = expr.as_long()
return self.mgr.Int(n)
elif z3.is_bv_value(expr):
n = expr.as_long()
w = expr.size()
return self.mgr.BV(n, w)
elif z3.is_as_array(expr):
if model is None:
raise NotImplementedError("As-array expressions cannot be" \
" handled as they are not " \
"self-contained")
else:
interp_decl = z3.get_as_array_func(expr)
interp = model[interp_decl]
default = self.back(interp.else_value(), model=model)
assign = {}
for i in xrange(interp.num_entries()):
e = interp.entry(i)
assert e.num_args() == 1
idx = self.back(e.arg_value(0), model=model)
val = self.back(e.value(), model=model)
assign[idx] = val
arr_type = self._z3_to_type(expr.sort())
return self.mgr.Array(arr_type.index_type, default, assign)
elif z3.is_algebraic_value(expr):
# Algebraic value
return self.mgr._Algebraic(Numeral(expr))
else:
# it must be a symbol
try:
return self.mgr.get_symbol(str(expr))
except UndefinedSymbolError:
import warnings
symb_type = self._z3_to_type(expr.sort())
warnings.warn("Defining new symbol: %s" % str(expr))
return self.mgr.FreshSymbol(symb_type, template="__z3_%d")
elif z3.is_function(expr):
# This needs to be after we try to convert regular Symbols
fsymbol = self.mgr.get_symbol(expr.decl().name())
return self.mgr.Function(fsymbol, args)
# If we reach this point, we did not manage to translate the expression
raise ConvertExpressionError(message=("Unsupported expression: %s" %
(str(expr))),
expression=expr)
def _abstract_internal(self, ctx, ast, split_on=None):
h = self._z3_ast_hash(ctx, ast)
try:
return self._ast_cache[h]
except KeyError:
pass
decl = z3.Z3_get_app_decl(ctx, ast)
decl_num = z3.Z3_get_decl_kind(ctx, decl)
z3_sort = z3.Z3_get_sort(ctx, ast)
if decl_num not in z3_op_nums:
raise ClaripyError("unknown decl kind %d" % decl_num)
if z3_op_nums[decl_num] not in op_map:
raise ClaripyError("unknown decl op %s" % z3_op_nums[decl_num])
op_name = op_map[z3_op_nums[decl_num]]
num_args = z3.Z3_get_app_num_args(ctx, ast)
split_on = self._split_on if split_on is None else split_on
new_split_on = split_on if op_name in split_on else set()
children = [ self._abstract_internal(ctx, z3.Z3_get_app_arg(ctx, ast, i), new_split_on) for i in range(num_args) ]
append_children = True
if op_name == 'True':
return BoolI(True)
elif op_name == 'False':
return BoolI(False)
elif op_name.startswith('RM_'):
return RM.from_name(op_name)
elif op_name == 'BitVecVal':
bv_num = long(z3.Z3_get_numeral_string(ctx, ast))
bv_size = z3.Z3_get_bv_sort_size(ctx, z3_sort)
return BVI(NativeBVV(bv_num, bv_size), length=bv_size)
elif op_name == 'FPVal':
# this is really imprecise
fp_mantissa = float(z3.Z3_fpa_get_numeral_significand_string(ctx, ast))
fp_exp = long(z3.Z3_fpa_get_numeral_exponent_string(ctx, ast))
value = fp_mantissa * (2 ** fp_exp)
ebits = z3.Z3_fpa_get_ebits(ctx, z3_sort)
sbits = z3.Z3_fpa_get_sbits(ctx, z3_sort)
sort = FSort.from_params(ebits, sbits)
return FPI(NativeFPV(value, sort))
elif op_name in ('MinusZero', 'MinusInf', 'PlusZero', 'PlusInf', 'NaN'):
ebits = z3.Z3_fpa_get_ebits(ctx, z3_sort)
sbits = z3.Z3_fpa_get_sbits(ctx, z3_sort)
sort = FSort.from_params(ebits, sbits)
if op_name == 'MinusZero':
return FPI(NativeFPV(-0.0, sort))
elif op_name == 'MinusInf':
return FPI(NativeFPV(float('-inf'), sort))
elif op_name == 'PlusZero':
return FPI(NativeFPV(0.0, sort))
elif op_name == 'PlusInf':
return FPI(NativeFPV(float('inf'), sort))
elif op_name == 'NaN':
return FPI(NativeFPV(float('nan'), sort))
elif op_name == 'UNINTERPRETED': # this *might* be a BitVec ;-)
bv_name = z3.Z3_get_symbol_string(ctx, z3.Z3_get_decl_name(ctx, decl))
bv_size = z3.Z3_get_bv_sort_size(ctx, z3_sort)
#if bv_name.count('_') < 2:
# import ipdb; ipdb.set_trace()
return BV("BitVec", (bv_name, bv_size), length=bv_size, variables={ bv_name }, symbolic=True)
elif op_name == 'Extract':
hi = z3.Z3_get_decl_int_parameter(ctx, decl, 0)
lo = z3.Z3_get_decl_int_parameter(ctx, decl, 1)
args = [ hi, lo ]
elif op_name in ('SignExt', 'ZeroExt'):
num = z3.Z3_get_decl_int_parameter(ctx, decl, 0)
args = [ num ]
elif op_name in ('fpToFP', 'fpToFPSigned'):
exp = z3.Z3_fpa_get_ebits(ctx, z3_sort)
mantissa = z3.Z3_fpa_get_sbits(ctx, z3_sort)
sort = FSort.from_params(exp, mantissa)
args = children + [sort]
append_children = False
elif op_name in ('fpToSBV', 'fpToUBV'):
# uuuuuugggggghhhhhh
bv_size = z3.Z3_get_bv_sort_size(ctx, z3_sort)
args = children + [bv_size]
append_children = False
else:
args = [ ]
if append_children:
args.extend(children)
# fix up many-arg __add__
if op_name in bin_ops and len(args) > 2:
many_args = args #pylint:disable=unused-variable
last = args[-1]
rest = args[:-1]
a = args[0].make_like(op_name, rest[:2])
for b in rest[2:]:
a = args[0].make_like(op_name, [a,b])
args = [ a, last ]
# hmm.... honestly not sure what to do here
result_ty = op_type_map[z3_op_nums[decl_num]]
ty = type(args[-1])
if op_name == 'If':
# If is polymorphic and thus must be handled specially
ty = type(args[1])
a = ty('If', tuple(args), length=args[1].length)
else:
if hasattr(ty, op_name) or hasattr(_all_operations, op_name):
op = getattr(ty if hasattr(ty, op_name) else _all_operations, op_name)
if op.calc_length is not None:
length = op.calc_length(*args)
a = result_ty(op_name, tuple(args), length=length)
else:
a = result_ty(op_name, tuple(args))
else:
a = result_ty(op_name, tuple(args))
self._ast_cache[h] = a
return a
