void OrIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
auto imm = this->operands[1].getImm().getValue();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr = smt2lib::bvor(op1, op2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegImm(se, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_TMP_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_TMP_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap, regSize);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}
void AddIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64_t reg = this->operands[0].getValue();
uint64_t imm = this->operands[1].getValue();
uint32_t regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
op2 << smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr << smt2lib::bvadd(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegImm(se, reg);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se, ap, regSize, op1, op2);
EflagsBuilder::cfAdd(inst, se, ap, op1);
EflagsBuilder::ofAdd(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}
void ImulIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg = this->operands[0].getReg();
auto imm = this->operands[1].getImm().getValue();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr = smt2lib::bvmul(
smt2lib::sx(regSize * REG_SIZE, op1),
smt2lib::sx(regSize * REG_SIZE, op2)
);
/* Create the symbolic expression */
se = ap.createRegSE(inst, smt2lib::extract((regSize * REG_SIZE) - 1, 0, expr), reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegImm(se, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfImul(inst, se, ap, regSize, expr);
EflagsBuilder::ofImul(inst, se, ap, regSize, expr);
EflagsBuilder::sf(inst, se, ap, regSize);
}
void AddIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr = smt2lib::bvadd(op1, op2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegImm(se, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se, ap, regSize, op1, op2);
EflagsBuilder::cfAdd(inst, se, ap, op1);
EflagsBuilder::ofAdd(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pf(inst, se, ap, regSize);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}
void SbbIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2, *op3;
auto reg = this->operands[0].getReg().getTritonRegId();
auto imm = this->operands[1].getImm().getValue();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
op3 = ap.buildSymbolicFlagOperand(ID_CF, regSize);
/* Finale expr */
expr = smt2lib::bvsub(op1, smt2lib::bvadd(op2, op3));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegImm(se, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se, ap, regSize, op1, op2);
EflagsBuilder::cfSub(inst, se, ap, regSize, op1, op2);
EflagsBuilder::ofSub(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pf(inst, se, ap, regSize);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}
void XorIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
op2 << smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr << smt2lib::bvxor(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegImm(se, reg);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}
