当前位置: 首页>>代码示例>>C++>>正文


C++ SymbolicExpression类代码示例

本文整理汇总了C++中SymbolicExpression的典型用法代码示例。如果您正苦于以下问题:C++ SymbolicExpression类的具体用法?C++ SymbolicExpression怎么用?C++ SymbolicExpression使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了SymbolicExpression类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: imm

void JnsIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
  SymbolicExpression *se;
  smt2lib::smtAstAbstractNode *expr, *sf;
  auto imm = this->operands[0].getImm().getValue();

  /* Create the SMT semantic */
  sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);

  /* Finale expr */
  expr = smt2lib::ite(
            smt2lib::equal(
              sf,
              smt2lib::bvfalse()),
            smt2lib::bv(imm, REG_SIZE_BIT),
            smt2lib::bv(this->nextAddress, REG_SIZE_BIT));

  /* Create the symbolic expression */
  se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "RIP");

  /* Apply the taint */
  ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_SF);

  /* Add the constraint in the PathConstraints list */
  ap.addPathConstraint(se->getID());
}
开发者ID:shenyanjun,项目名称:Triton,代码行数:25,代码来源:JnsIRBuilder.cpp

示例2:

SymbolicExpression *AnalysisProcessor::createFlagSE(Inst &inst, smt2lib::smtAstAbstractNode *expr, RegisterOperand &flag, std::string comment) {
  uint64 flagId = flag.getTritonRegId();
  SymbolicExpression *se = this->symEngine.newSymbolicExpression(expr, comment);
  this->symEngine.symbolicReg[flagId] = se->getID();
  inst.addExpression(se);
  return se;
}
开发者ID:h0wl,项目名称:Triton,代码行数:7,代码来源:analysisProcessor.cpp

示例3: imm

void JleIRBuilder::imm(Inst &inst) const {
  SymbolicExpression *se;
  smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
  auto imm = this->operands[0].getImm().getValue();

  /* Create the SMT semantic */
  sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
  of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
  zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);

  /* 
   * Finale expr
   * JLE: Jump if less or equal ((SF^OF | ZF) == 1).
   * SMT: ( = (bvor (bvxor sf of) zf) TRUE)
   */
  expr = smt2lib::ite(
            smt2lib::equal(
                smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
                smt2lib::bvtrue()
            ),
            smt2lib::bv(imm, REG_SIZE_BIT),
            smt2lib::bv(this->nextAddress, REG_SIZE_BIT));

  /* Create the symbolic expression */
  se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "Program Counter");

  /* Apply the taint */
  ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_SF);
  ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_OF);
  ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_ZF);

  /* Add the constraint in the PathConstraints list */
  ap.addPathConstraint(se->getID());

}
开发者ID:EgoIncarnate,项目名称:Triton,代码行数:35,代码来源:JleIRBuilder.cpp

示例4:

SymbolicExpression *AnalysisProcessor::createRegSE(Inst &inst, smt2lib::smtAstAbstractNode *expr, uint64 regID, std::string comment)
{
  SymbolicExpression *se = this->symEngine.newSymbolicExpression(expr, comment);
  this->symEngine.symbolicReg[regID] = se->getID();
  inst.addExpression(se);
  return se;
}
开发者ID:sigma-random,项目名称:Triton,代码行数:7,代码来源:analysisProcessor.cpp

示例5: PySymbolicExpression_AsSymbolicExpression

static PyObject *SymbolicExpression_getComment(PyObject *self, PyObject *noarg) {
  SymbolicExpression *expression = PySymbolicExpression_AsSymbolicExpression(self);
  if (expression->getComment().empty() == false)
    return PyString_FromFormat("%s", expression->getComment().c_str());
  Py_INCREF(Py_None);
  return Py_None;
}
开发者ID:shenyanjun,项目名称:Triton,代码行数:7,代码来源:PySymbolicExpression.cpp

示例6: switch

SymbolicExpression *AnalysisProcessor::createRegSE(Inst &inst, smt2lib::smtAstAbstractNode *expr, uint64 regID, uint64 regSize)
{
  smt2lib::smtAstAbstractNode *finalExpr = nullptr, *origReg = nullptr;

  origReg = this->buildSymbolicRegOperand(regID, REG_SIZE);

  switch (regSize) {
    case BYTE_SIZE:
      finalExpr = smt2lib::concat(smt2lib::extract(63, 8, origReg), expr);
      break;

    case WORD_SIZE:
      finalExpr = smt2lib::concat(smt2lib::extract(63, 16, origReg), expr);
      break;

    case DWORD_SIZE:
      /* In AMD64, if a reg32 is written, it clears the 32-bit MSB of the corresponding register (Thx Wisk!) */
      finalExpr = smt2lib::zx(DWORD_SIZE_BIT, expr);
      break;

    case QWORD_SIZE:
    case DQWORD_SIZE:
      finalExpr = expr;
      break;
  }

  SymbolicExpression *se = this->symEngine.newSymbolicExpression(finalExpr);
  this->symEngine.symbolicReg[regID] = se->getID();
  inst.addExpression(se);

  return se;
}
开发者ID:sigma-random,项目名称:Triton,代码行数:32,代码来源:analysisProcessor.cpp

示例7: imm

void JnbeIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
  SymbolicExpression *se;
  smt2lib::smtAstAbstractNode *expr, *cf, *zf;
  auto imm = this->operands[0].getImm().getValue();

  /* Create the SMT semantic */
  cf = ap.buildSymbolicFlagOperand(ID_CF);
  zf = ap.buildSymbolicFlagOperand(ID_ZF);

  /* 
   * Finale expr
   * JNBE: Jump if not below or equal (CF =0 and ZF =0).
   * SMT: ( = (bvand (bvnot zf) (bvnot cf)) (_ bv1 1))
   */
  expr = smt2lib::ite(
            smt2lib::equal(
              smt2lib::bvand(
                smt2lib::bvnot(cf),
                smt2lib::bvnot(zf)
              ),
              smt2lib::bvtrue()
            ),
            smt2lib::bv(imm, REG_SIZE_BIT),
            smt2lib::bv(this->nextAddress, REG_SIZE_BIT));

  /* Create the symbolic expression */
  se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");

  /* Add the constraint in the PathConstraints list */
  ap.addPathConstraint(se->getID());
}
开发者ID:nnamon,项目名称:Triton,代码行数:31,代码来源:JnbeIRBuilder.cpp

示例8: while

SymbolicExpression *AnalysisProcessor::createMemSE(Inst &inst, smt2lib::smtAstAbstractNode *expr, uint64 address, uint64 writeSize, std::string comment)
{
  SymbolicExpression *ret = nullptr;
  smt2lib::smtAstAbstractNode *tmp;

  /*
   * As the x86's memory can be accessed without alignment, each byte of the
   * memory must be assigned to an unique reference.
   */
  while (writeSize){
    /* Extract each byte if the size > 1 byte (8 bits) */
    if (writeSize > BYTE_SIZE){
      tmp = smt2lib::extract(((writeSize * REG_SIZE) - 1), ((writeSize * REG_SIZE) - REG_SIZE), expr);
      SymbolicExpression *se = symEngine.newSymbolicExpression(tmp, "byte reference");
      inst.addExpression(se);
      /* Assign memory with little endian */
      this->symEngine.addMemoryReference((address + writeSize) - 1, se->getID());
    }
    /* Otherwise keep the full formula */
    else {
      SymbolicExpression *se = symEngine.newSymbolicExpression(expr, comment);
      inst.addExpression(se);
      this->symEngine.addMemoryReference(address, se->getID());
      ret = se;
    }
    writeSize--;
  }

  return ret;
}
开发者ID:sigma-random,项目名称:Triton,代码行数:30,代码来源:analysisProcessor.cpp

示例9: smtAstAbstractNode

SymbolicVariable *SymbolicEngine::convertRegToSymVar(uint64 regId, uint64 symVarSize, std::string symVarComment) {
  SymbolicVariable   *symVar = nullptr;
  SymbolicExpression *expression = nullptr;
  uint64             regSymId = UNSET;

  if (regId >= ID_LAST_ITEM)
    throw std::runtime_error("SymbolicEngine::convertRegToSymVar() - Invalid register ID");

  regSymId = this->getRegSymbolicID(regId);
  if (regSymId == UNSET) {
    symVar = this->addSymbolicVariable(SymVar::kind::REG, regId, symVarSize, symVarComment);

    smt2lib::smtAstAbstractNode *tmp = smt2lib::variable(symVar->getSymVarName());
    if (tmp == nullptr)
      throw std::runtime_error("convertRegToSymVar can't create smtAstAbstractNode (nullptr)");

    SymbolicExpression *se = this->newSymbolicExpression(tmp);
    if (se == nullptr)
      throw std::runtime_error("convertRegToSymVar can't create symbolic expression (nullptr)");

    this->symbolicReg[regId] = se->getID();
  }

  else {
    expression = this->getExpressionFromId(regSymId);
    if (expression == nullptr)
      return nullptr;
    symVar = this->addSymbolicVariable(SymVar::kind::REG, regId, symVarSize, symVarComment);
    expression->setExpression(smt2lib::variable(symVar->getSymVarName()));
  }

  return symVar;
}
开发者ID:v0re,项目名称:Triton,代码行数:33,代码来源:symbolicEngine.cpp

示例10: imm

void JlIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
  SymbolicExpression *se;
  smt2lib::smtAstAbstractNode *expr, *sf, *of;
  auto imm = this->operands[0].getImm().getValue();

  /* Create the SMT semantic */
  sf = ap.buildSymbolicFlagOperand(ID_SF);
  of = ap.buildSymbolicFlagOperand(ID_OF);

  /* 
   * Finale expr
   * JL: Jump if less (SF^OF).
   * SMT: ( = (bvxor sf of) True)
   */
  expr = smt2lib::ite(
            smt2lib::equal(
                smt2lib::bvxor(sf, of),
                smt2lib::bvtrue()
            ),
            smt2lib::bv(imm, REG_SIZE_BIT),
            smt2lib::bv(this->nextAddress, REG_SIZE_BIT));

  /* Create the symbolic expression */
  se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");

  /* Add the constraint in the PathConstraints list */
  ap.addPathConstraint(se->getID());
}
开发者ID:nnamon,项目名称:Triton,代码行数:28,代码来源:JlIRBuilder.cpp

示例11: imm

void JbeIRBuilder::imm(Inst &inst) const {
  SymbolicExpression *se;
  smt2lib::smtAstAbstractNode *expr, *cf, *zf;
  auto imm = this->operands[0].getImm().getValue();

  /* Create the SMT semantic */
  cf = ap.buildSymbolicFlagOperand(ID_TMP_CF);
  zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);

  /* 
   * Finale expr
   * JNBE: Jump if below or equal (CF =1 or ZF =1).
   * SMT: ( = (bvor zf cf) (_ bv1 1))
   */
  expr = smt2lib::ite(
            smt2lib::equal(
              smt2lib::bvor(
                cf,
                zf
              ),
              smt2lib::bvtrue()
            ),
            smt2lib::bv(imm, REG_SIZE_BIT),
            smt2lib::bv(this->nextAddress, REG_SIZE_BIT));

  /* Create the symbolic expression */
  se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "Program Counter");

  /* Apply the taint */
  ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_CF);
  ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_ZF);

  /* Add the constraint in the PathConstraints list */
  ap.addPathConstraint(se->getID());
}
开发者ID:EgoIncarnate,项目名称:Triton,代码行数:35,代码来源:JbeIRBuilder.cpp

示例12: switch

SymbolicExpression *AnalysisProcessor::createRegSE(Inst &inst, smt2lib::smtAstAbstractNode *expr, RegisterOperand &reg, uint64 regSize, std::string comment) {
  uint64 regId = reg.getTritonRegId();
  smt2lib::smtAstAbstractNode *finalExpr = nullptr, *origReg = nullptr;

  origReg = this->buildSymbolicRegOperand(reg, REG_SIZE, 63, 0);

  switch (regSize) {
    case BYTE_SIZE:
      if (reg.getLow() == 0)
        finalExpr = smt2lib::concat(smt2lib::extract(63, 8, origReg), expr);
      else
        finalExpr = smt2lib::concat(smt2lib::extract(63, 16, origReg), smt2lib::concat(expr, smt2lib::extract(7, 0, origReg)));
      break;

    case WORD_SIZE:
      finalExpr = smt2lib::concat(smt2lib::extract(63, 16, origReg), expr);
      break;

    case DWORD_SIZE:
      /* In AMD64, if a reg32 is written, it clears the 32-bit MSB of the corresponding register (Thx Wisk!) */
      finalExpr = smt2lib::zx(DWORD_SIZE_BIT, expr);
      break;

    case QWORD_SIZE:
    case DQWORD_SIZE:
      finalExpr = expr;
      break;
  }

  SymbolicExpression *se = this->symEngine.newSymbolicExpression(finalExpr, comment);
  this->symEngine.symbolicReg[regId] = se->getID();
  inst.addExpression(se);

  return se;
}
开发者ID:h0wl,项目名称:Triton,代码行数:35,代码来源:analysisProcessor.cpp

示例13: while

SymbolicExpression *AnalysisProcessor::createMemSE(Inst &inst, smt2lib::smtAstAbstractNode *expr, MemoryOperand &mem, uint64 writeSize, std::string comment) {
  SymbolicExpression *se = nullptr;
  smt2lib::smtAstAbstractNode *tmp;
  std::list<smt2lib::smtAstAbstractNode *> ret;
  uint64 address = mem.getAddress();

  /*
   * As the x86's memory can be accessed without alignment, each byte of the
   * memory must be assigned to an unique reference.
   */
  while (writeSize) {
    /* Extract each byte of the memory */
    tmp = smt2lib::extract(((writeSize * REG_SIZE) - 1), ((writeSize * REG_SIZE) - REG_SIZE), expr);
    se  = symEngine.newSymbolicExpression(tmp, "byte reference");
    ret.push_back(tmp);
    inst.addExpression(se);
    /* Assign memory with little endian */
    this->symEngine.addMemoryReference((address + writeSize) - 1, se->getID());
    writeSize--;
  }

  /* If there is only one reference, we return the symbolic expression */
  if (ret.size() == 1)
    return se;

  /* Otherwise, we return the concatenation of all symbolic expressions */
  return symEngine.newSymbolicExpression(smt2lib::concat(ret), "concat reference");
}
开发者ID:h0wl,项目名称:Triton,代码行数:28,代码来源:analysisProcessor.cpp

示例14:

/*
 * Converts an expression ID to a symbolic variable.
 * e.g:
 * #43 = (_ bv10 8)
 * convertExprToSymVar(43, 8)
 * #43 = SymVar_4
 */
SymbolicVariable *SymbolicEngine::convertExprToSymVar(uint64 exprId, uint64 symVarSize, std::string symVarComment) {
  SymbolicVariable    *symVar = nullptr;
  SymbolicExpression  *expression = this->getExpressionFromId(exprId);

  if (expression == nullptr)
    return nullptr;

  symVar = this->addSymbolicVariable(SymVar::kind::UNDEF, 0, symVarSize, symVarComment);

  expression->setExpression(smt2lib::variable(symVar->getSymVarName()));

  return symVar;
}
开发者ID:v0re,项目名称:Triton,代码行数:20,代码来源:symbolicEngine.cpp

示例15: runtime_error

SymbolicVariable *SymbolicEngine::convertMemToSymVar(uint64 memAddr, uint64 symVarSize, std::string symVarComment)
{
  SymbolicVariable   *symVar = nullptr;
  SymbolicExpression *expression = nullptr;
  uint64             memSymId = UNSET;

  memSymId = this->getMemSymbolicID(memAddr);
  if (memSymId == UNSET)
    throw std::runtime_error("SymbolicEngine::convertMemToSymVar() - This memory address is UNSET");

  expression = this->getExpressionFromId(memSymId);

  if (expression == nullptr)
    return nullptr;

  symVar = this->addSymbolicVariable(SymVar::kind::MEM, memAddr, symVarSize, symVarComment);

  expression->setExpression(smt2lib::variable(symVar->getSymVarName()));

  return symVar;
}
开发者ID:Jinmo,项目名称:Triton,代码行数:21,代码来源:symbolicEngine.cpp


注:本文中的SymbolicExpression类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。