How to use the claripy.ast.Base function in claripy
To help you get started, we’ve selected a few claripy examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
angr / angr / angr / engines / vex / irop.py View on Github 
def calculate(self, *args):
if not all(isinstance(a, claripy.ast.Base) for a in args):
import ipdb; ipdb.set_trace()
raise SimOperationError("IROp needs all args as claripy expressions")
if not self._float:
args = tuple(arg.raw_to_bv() for arg in args)
try:
return self.extend_size(self._calculate(args))
except (ZeroDivisionError, claripy.ClaripyZeroDivisionError) as e:
raise SimZeroDivisionException("divide by zero!") from e
except (TypeError, ValueError, SimValueError, claripy.ClaripyError) as e:
raise SimOperationError("%s._calculate() raised exception" % self.name) from edef _compare_integer_content(state, val, expected):
# note that size difference does not matter - we only compare their concrete values
if isinstance(val, claripy.ast.Base) and val.symbolic:
# we do not support symboli arguments
return False
return state.solver.eval(val) == state.solver.eval(expected)def _translate_cond(self, c): #pylint:disable=no-self-use
"""
Checks whether this condition can be supported by FastMemory."
"""
if isinstance(c, claripy.ast.Base) and not c.singlevalued:
raise SimFastMemoryError("size not supported")
if c is None:
return True
else:
return self.state.solver.eval_upto(c, 1)[0]def simplify(self, *args):
if len(args) == 0:
return self._solver.simplify()
elif isinstance(args[0], (int, long, float, bool)):
return args[0]
elif isinstance(args[0], claripy.ast.Base) and args[0].op in claripy.operations.leaf_operations_concrete:
return args[0]
elif isinstance(args[0], SimActionObject) and args[0].op in claripy.operations.leaf_operations_concrete:
return args[0].ast
elif not isinstance(args[0], (SimActionObject, claripy.ast.Base)):
return args[0]
else:
return self._claripy_simplify(*args)named_addr, named_size = self._resolve_location_name(addr)
addr = named_addr
addr_e = addr
if size is None:
size = named_size
size_e = size
if size is None:
size = self.state.arch.bits / 8
size_e = size
if self.category == 'reg': self.state._inspect('reg_read', BP_BEFORE, reg_read_offset=addr_e, reg_read_length=size_e)
if self.category == 'mem': self.state._inspect('mem_read', BP_BEFORE, mem_read_address=addr_e, mem_read_length=size_e)
if (o.UNDER_CONSTRAINED_SYMEXEC in self.state.options and
isinstance(addr_e, claripy.ast.Base) and
addr_e.uninitialized
):
# It's uninitialized. Did we initialize it to some other value before? Or, is it unbounded?
if not self.state.uc_manager.is_bounded(addr_e) or self.state.se.max_int(addr_e) - self.state.se.min_int(addr_e) >= self._read_address_range:
# in under-constrained symbolic execution, we'll assign a new memory region for this address
mem_region = self.state.uc_manager.assign(addr_e)
self.state.add_constraints(addr_e == mem_region)
l.debug('Under-constrained symbolic execution: assigned a new memory region @ %s to %s', mem_region, addr_e)
a,r,c = self._load(addr_e, size_e, condition=condition_e, fallback=fallback_e)
if add_constraints:
self.state.add_constraints(*c)
if (self.category == 'mem' and o.SIMPLIFY_MEMORY_READS in self.state.options) or \
(self.category == 'reg' and o.SIMPLIFY_REGISTER_READS in self.state.options):
l.debug("simplifying %s read...", self.category)elif isinstance(self._memory_backer[i], bytes):
backer = self._memory_backer[i]
if self.byte_width != 8: # if we have direct bytes we can store it directly
backer = claripy.BVV(backer)
else:
backer = claripy.BVV(self._memory_backer[i], self.byte_width)
mo = SimMemoryObject(backer, i, byte_width=self.byte_width)
self._apply_object_to_page(n*self._page_size, mo, page=new_page)
initialized = True
elif len(self._memory_backer) > self._page_size:
for i in range(self._page_size):
try:
backer = self._memory_backer[i]
if not isinstance(self._memory_backer[i], (claripy.ast.Base, bytes)):
backer = claripy.BVV(self._memory_backer[i], self.byte_width)
if type(backer) is bytes and self.byte_width != 8:
backer = claripy.BVV(backer)
mo = SimMemoryObject(backer, new_page_addr+i, byte_width=self.byte_width)
self._apply_object_to_page(n*self._page_size, mo, page=new_page)
initialized = True
except KeyError:
pass
if self.state is not None:
self.state.scratch.pop_priv()
return initializeddef _normalize_address_type(self, addr): #pylint:disable=no-self-use
"""
Convert address of different types to a list of mapping between region IDs and offsets (strided intervals).
:param claripy.ast.Base addr: Address to convert
:return: A list of mapping between region IDs and offsets.
:rtype: dict
"""
addr_e = _raw_ast(addr)
if isinstance(addr_e, (claripy.bv.BVV, claripy.vsa.StridedInterval, claripy.vsa.ValueSet)):
raise SimMemoryError('_normalize_address_type() does not take claripy models.')
if isinstance(addr_e, claripy.ast.Base):
if not isinstance(addr_e._model_vsa, ValueSet):
# Convert it to a ValueSet first by annotating it
addr_e = addr_e.annotate(RegionAnnotation('global', 0, addr_e._model_vsa))
return addr_e._model_vsa.items()
else:
raise SimAbstractMemoryError('Unsupported address type %s' % type(addr_e))def check_value(self, value):
if not isinstance(value, claripy.ast.Base) and self.size is None:
raise TypeError("Only claripy objects may be stored through SimFunctionArgument when size is not provided")
if self.size is not None and isinstance(value, claripy.ast.Base) and self.size*8 < value.length:
raise TypeError("%s doesn't fit in an argument of size %d" % (value, self.size))named_addr, named_size = self._resolve_location_name(addr)
addr = named_addr
addr_e = addr
if size is None:
size = named_size
size_e = size
if size is None:
size = self.state.arch.bits / 8
size_e = size
if self.category == 'reg': self.state._inspect('reg_read', BP_BEFORE, reg_read_offset=addr_e, reg_read_length=size_e)
if self.category == 'mem': self.state._inspect('mem_read', BP_BEFORE, mem_read_address=addr_e, mem_read_length=size_e)
if (o.UNDER_CONSTRAINED_SYMEXEC in self.state.options and
isinstance(addr_e, claripy.ast.Base) and
addr_e.uninitialized
):
# It's uninitialized. Did we initialize it to some other value before? Or, is it unbounded?
if not self.state.uc_manager.is_bounded(addr_e) or self.state.se.max_int(addr_e) - self.state.se.min_int(addr_e) >= self._read_address_range:
# in under-constrained symbolic execution, we'll assign a new memory region for this address
mem_region = self.state.uc_manager.assign(addr_e)
self.state.add_constraints(addr_e == mem_region)
l.debug('Under-constrained symbolic execution: assigned a new memory region @ %s to %s', mem_region, addr_e)
a,r,c = self._load(addr_e, size_e, condition=condition_e, fallback=fallback_e)
if add_constraints:
self.state.add_constraints(*c)
if (self.category == 'mem' and o.SIMPLIFY_MEMORY_READS in self.state.options) or \
(self.category == 'reg' and o.SIMPLIFY_REGISTER_READS in self.state.options):
l.debug("simplifying %s read...", self.category)def action_writes(action):
if action.type != write_type:
return False
if action.action != 'write':
return False
if write_offset is None:
return True
addr = action.addr
if isinstance(addr, SimActionObject):
addr = addr.ast
if isinstance(addr, claripy.ast.Base):
if addr.symbolic:
return False
addr = self.state.solver.eval(addr)
if addr != write_offset:
return False
return Trueclaripy
An abstraction layer for constraint solvers
