SymbolicVariable *SymbolicEngine::convertRegToSymVar(uint64 regId, uint64 symVarSize, std::string symVarComment) {
SymbolicVariable *symVar = nullptr;
SymbolicExpression *expression = nullptr;
uint64 regSymId = UNSET;
if (regId >= ID_LAST_ITEM)
throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - Invalid register ID");
regSymId = this->getRegSymbolicID(regId);
if (regSymId == UNSET) {
symVar = this->addSymbolicVariable(SymVar::kind::REG, regId, symVarSize, symVarComment);
smt2lib::smtAstAbstractNode *tmp = smt2lib::variable(symVar->getSymVarName());
if (tmp == nullptr)
throw std::runtime_error("convertRegToSymVar can't create smtAstAbstractNode (nullptr)");
SymbolicExpression *se = this->newSymbolicExpression(tmp);
if (se == nullptr)
throw std::runtime_error("convertRegToSymVar can't create symbolic expression (nullptr)");
this->symbolicReg[regId] = se->getID();
}
else {
expression = this->getExpressionFromId(regSymId);
if (expression == nullptr)
return nullptr;
symVar = this->addSymbolicVariable(SymVar::kind::REG, regId, symVarSize, symVarComment);
expression->setExpression(smt2lib::variable(symVar->getSymVarName()));
}
return symVar;
}
static PyObject *SymbolicVariable_hasConcreteValue(PyObject *self, PyObject *noarg)
{
SymbolicVariable *variable = PySymbolicVariable_AsSymbolicVariable(self);
if (variable->hasConcreteValue() == true)
Py_RETURN_TRUE;
Py_RETURN_FALSE;
}
uint64 SymbolicEngine::convertRegToSymVar(uint64 regId, uint64 symVarSize)
{
SymbolicVariable *symVar = nullptr;
SymbolicElement *element = nullptr;
std::stringstream newExpr;
uint64 regSymId = UNSET;
if (regId >= ID_LAST_ITEM)
throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - Invalid register ID");
regSymId = this->getRegSymbolicID(regId);
if (regSymId == UNSET)
throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - This register ID is UNSET");
element = this->getElementFromId(regSymId);
if (element == nullptr)
return UNSET;
if (symVarSize != BYTE_SIZE && symVarSize != WORD_SIZE && symVarSize != DWORD_SIZE && symVarSize != QWORD_SIZE && symVarSize != DQWORD_SIZE)
throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - Invalid symVarSize");
symVar = this->addSymbolicVariable(SymVar::kind::REG, regId, symVarSize);
newExpr << symVar->getSymVarName();
element->setSrcExpr(newExpr);
return symVar->getSymVarId();
}
static PyObject *SymbolicVariable_getComment(PyObject *self, PyObject *noarg) {
SymbolicVariable *variable = PySymbolicVariable_AsSymbolicVariable(self);
if (variable->getSymVarComment().empty() == false)
return PyString_FromFormat("%s", variable->getSymVarComment().c_str());
Py_INCREF(Py_None);
return Py_None;
}
uint64 SymbolicEngine::convertMemToSymVar(uint64 memAddr, uint64 symVarSize)
{
SymbolicVariable *symVar = nullptr;
SymbolicElement *element = nullptr;
std::stringstream newExpr;
uint64 memSymId = UNSET;
memSymId = this->getMemSymbolicID(memAddr);
if (memSymId == UNSET)
throw std::runtime_error("SymbolicEngine::convertMemToSymVar() - This memory address is UNSET");
element = this->getElementFromId(memSymId);
if (element == nullptr)
return UNSET;
if (symVarSize != BYTE_SIZE && symVarSize != WORD_SIZE && symVarSize != DWORD_SIZE && symVarSize != QWORD_SIZE && symVarSize != DQWORD_SIZE)
throw std::runtime_error("SymbolicEngine::convertMemToSymVar() - Invalid symVarSize");
symVar = this->addSymbolicVariable(SymVar::kind::MEM, memAddr, symVarSize);
newExpr << symVar->getSymVarName();
element->setSrcExpr(newExpr);
return symVar->getSymVarId();
}
SymbolicVariable *AnalysisProcessor::convertRegToSymVar(uint64 regId, uint64 symVarSize, std::string symVarComment) {
uint128 mask = 1;
mask = (mask << symVarSize) - 1;
uint128 regValue = this->getRegisterValue(regId) & mask;
SymbolicVariable *symVar = this->symEngine.convertRegToSymVar(regId, symVarSize, symVarComment);
symVar->setSymVarConcreteValue(regValue);
return symVar;
}
/*
* Converts an expression ID to a symbolic variable.
* e.g:
* #43 = (_ bv10 8)
* convertExprToSymVar(43, 8)
* #43 = SymVar_4
*/
SymbolicVariable *SymbolicEngine::convertExprToSymVar(uint64 exprId, uint64 symVarSize, std::string symVarComment) {
SymbolicVariable *symVar = nullptr;
SymbolicExpression *expression = this->getExpressionFromId(exprId);
if (expression == nullptr)
return nullptr;
symVar = this->addSymbolicVariable(SymVar::kind::UNDEF, 0, symVarSize, symVarComment);
expression->setExpression(smt2lib::variable(symVar->getSymVarName()));
return symVar;
}
static PyObject *Triton_getSymVarSize(PyObject *self, PyObject *symVarPy) {
SymbolicVariable *symVar;
if (!PyLong_Check(symVarPy) && !PyInt_Check(symVarPy) && !PyString_Check(symVarPy))
return PyErr_Format(PyExc_TypeError, "getSymVarSize(): expected a symbolic variable ID or a symbolic variable name");
if (PyLong_Check(symVarPy) || PyInt_Check(symVarPy))
symVar = ap.getSymVar(PyLong_AsLong(symVarPy));
else
symVar = ap.getSymVar(PyString_AsString(symVarPy));
if (symVar == nullptr)
return PyErr_Format(PyExc_TypeError, "getSymVarSize(): Invalid symbolic variable ID");
return Py_BuildValue("k", symVar->getSymVarSize());
}
// Note: symVarSize is in BYTE.
SymbolicVariable *SymbolicEngine::convertMemToSymVar(uint64 memAddr, uint64 symVarSize, std::string symVarComment)
{
SymbolicVariable *symVar = nullptr;
SymbolicExpression *expression = nullptr;
smt2lib::smtAstAbstractNode *tmp = nullptr;
uint64 memSymId = UNSET;
uint64 size_quotient = symVarSize;
memSymId = this->getMemSymbolicID(memAddr);
// First we create a symbolic variable
symVar = this->addSymbolicVariable(SymVar::kind::MEM, memAddr, symVarSize * 8, symVarComment);
smt2lib::smtAstAbstractNode *symVarNode = smt2lib::variable(symVar->getSymVarName());
if (symVarNode == nullptr)
throw std::runtime_error("convertMemToSymVar can't create smtAstAbstractNode (nullptr)");
std::list<smt2lib::smtAstAbstractNode *> symMemChunk;
while (size_quotient) {
tmp = smt2lib::extract((REG_SIZE * size_quotient - 1), (REG_SIZE * size_quotient - REG_SIZE), symVarNode);
symMemChunk.push_back(tmp);
if (tmp == nullptr)
throw std::runtime_error("convertMemToSymVar can't create extract (nullptr)");
if (memSymId == UNSET) {
if (size_quotient > 1 or symVarSize == 1) {
expression = this->newSymbolicExpression(tmp, "byte reference");
} else {
smt2lib::smtAstAbstractNode *concat = smt2lib::concat(symMemChunk);
expression = this->newSymbolicExpression(concat);
}
} else {
expression = this->getExpressionFromId(memSymId);
expression->setExpression(tmp);
}
if (expression == nullptr)
throw std::runtime_error("convertMemToSymVar can't create symbolic expression (nullptr)");
this->addMemoryReference((memAddr + size_quotient) - 1, expression->getID());
size_quotient--;
}
return symVar;
}
/*
* Converts an expression ID to a symbolic variable.
* e.g:
* #43 = (_ bv10 8)
* convertExprToSymVar(43, 8)
* #43 = SymVar_4
*/
uint64 SymbolicEngine::convertExprToSymVar(uint64 exprId, uint64 symVarSize)
{
SymbolicVariable *symVar = nullptr;
SymbolicElement *element = this->getElementFromId(exprId);
std::stringstream newExpr;
if (element == nullptr)
return UNSET;
if (symVarSize != BYTE_SIZE && symVarSize != WORD_SIZE && symVarSize != DWORD_SIZE && symVarSize != QWORD_SIZE && symVarSize != DQWORD_SIZE)
throw std::runtime_error("SymbolicEngine::convertExprToSymVar() - Invalid symVarSize");
symVar = this->addSymbolicVariable(SymVar::kind::UNDEF, 0, symVarSize);
newExpr << symVar->getSymVarName();
element->setSrcExpr(newExpr);
return symVar->getSymVarId();
}
SymbolicVariable *SymbolicEngine::convertMemToSymVar(uint64 memAddr, uint64 symVarSize, std::string symVarComment)
{
SymbolicVariable *symVar = nullptr;
SymbolicExpression *expression = nullptr;
uint64 memSymId = UNSET;
memSymId = this->getMemSymbolicID(memAddr);
if (memSymId == UNSET)
throw std::runtime_error("SymbolicEngine::convertMemToSymVar() - This memory address is UNSET");
expression = this->getExpressionFromId(memSymId);
if (expression == nullptr)
return nullptr;
symVar = this->addSymbolicVariable(SymVar::kind::MEM, memAddr, symVarSize, symVarComment);
expression->setExpression(smt2lib::variable(symVar->getSymVarName()));
return symVar;
}
SymbolicVariable *SymbolicEngine::convertRegToSymVar(uint64 regId, uint64 symVarSize, std::string symVarComment)
{
SymbolicVariable *symVar = nullptr;
SymbolicExpression *expression = nullptr;
uint64 regSymId = UNSET;
if (regId >= ID_LAST_ITEM)
throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - Invalid register ID");
regSymId = this->getRegSymbolicID(regId);
if (regSymId == UNSET)
throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - This register ID is UNSET");
expression = this->getExpressionFromId(regSymId);
if (expression == nullptr)
return nullptr;
symVar = this->addSymbolicVariable(SymVar::kind::REG, regId, symVarSize, symVarComment);
expression->setExpression(smt2lib::variable(symVar->getSymVarName()));
return symVar;
}
SymbolicVariable *AnalysisProcessor::convertMemToSymVar(MemoryOperand &mem, uint64 symVarSize, std::string symVarComment) {
uint64 address = mem.getAddress();
SymbolicVariable *symVar = this->symEngine.convertMemToSymVar(address, symVarSize, symVarComment);
symVar->setSymVarConcreteValue(this->getMemValue(address, symVarSize));
return symVar;
}
SymbolicVariable *AnalysisProcessor::convertMemToSymVar(uint64 memAddr, uint64 symVarSize, std::string symVarComment) {
SymbolicVariable *symVar = this->symEngine.convertMemToSymVar(memAddr, symVarSize, symVarComment);
symVar->setSymVarConcreteValue(this->getMemValue(memAddr,symVarSize));
return symVar;
}
static PyObject *SymbolicVariable_getSize(PyObject *self, PyObject *noarg) {
SymbolicVariable *variable = PySymbolicVariable_AsSymbolicVariable(self);
return Py_BuildValue("k", variable->getSymVarSize());
}
static PyObject *SymbolicVariable_getName(PyObject *self, PyObject *noarg) {
SymbolicVariable *variable = PySymbolicVariable_AsSymbolicVariable(self);
return PyString_FromFormat("%s", variable->getSymVarName().c_str());
}
static PyObject *SymbolicVariable_getConcreteValue(PyObject *self, PyObject *noarg) {
SymbolicVariable *symVar = PySymbolicVariable_AsSymbolicVariable(self);
return uint128ToPyLongObject(symVar->getConcreteValue());
}
