本文整理汇总了C++中AnalysisProcessor::addPathConstraint方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::addPathConstraint方法的具体用法?C++ AnalysisProcessor::addPathConstraint怎么用?C++ AnalysisProcessor::addPathConstraint使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor的用法示例。
在下文中一共展示了AnalysisProcessor::addPathConstraint方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: imm
void JnleIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, sf, of, zf;
uint64 imm = this->operands[0].getValue();
/* Create the SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
/*
* Finale expr
* JNLE: Jump if not less or equal ((SF^OF | ZF) == 0).
* SMT: (= (bvor (bvxor sf of) zf) FALSE)
*/
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf.str(), of.str()), zf.str()),
smt2lib::bvfalse()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例2: imm
void JnsIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
sf,
smt2lib::bvfalse()),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "RIP");
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_SF);
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例3: imm
void JnbeIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, cf, zf;
uint64 imm = this->operands[0].getValue();
/* Create the SMT semantic */
cf << ap.buildSymbolicFlagOperand(ID_CF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
/*
* Finale expr
* JNBE: Jump if not below or equal (CF=0 and ZF=0).
* SMT: (= (bvand (bvnot zf) (bvnot cf)) (_ bv1 1))
*/
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvand(
smt2lib::bvnot(cf.str()),
smt2lib::bvnot(zf.str())
),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例4: imm
void JnbeIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *cf, *zf;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_CF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
/*
* Finale expr
* JNBE: Jump if not below or equal (CF =0 and ZF =0).
* SMT: ( = (bvand (bvnot zf) (bvnot cf)) (_ bv1 1))
*/
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvand(
smt2lib::bvnot(cf),
smt2lib::bvnot(zf)
),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例5: imm
void JlIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
/*
* Finale expr
* JL: Jump if less (SF^OF).
* SMT: ( = (bvxor sf of) True)
*/
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvxor(sf, of),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例6: imm
void JbIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, cf;
uint64 imm = this->operands[0].getValue();
/* Create the SMT semantic */
cf << ap.buildSymbolicFlagOperand(ID_CF);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
cf.str(),
smt2lib::bvtrue()),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}