Python claripy.BVV Examples
The following are 30
code examples of claripy.BVV().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
claripy
, or try the search function
.
.
Example #1
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _op_generic_QAdd(self, args):
"""
Saturating add.
"""
components = []
for a, b in self.vector_args(args):
top_a = a[self._vector_size-1]
top_b = b[self._vector_size-1]
res = a + b
top_r = res[self._vector_size-1]
if self.is_signed:
big_top_r = (~top_r).zero_extend(self._vector_size-1)
cap = (claripy.BVV(-1, self._vector_size)//2) + big_top_r
cap_cond = ((~(top_a ^ top_b)) & (top_a ^ top_r)) == 1
else:
cap = claripy.BVV(-1, self._vector_size)
cap_cond = claripy.ULT(res, a)
components.append(claripy.If(cap_cond, cap, res))
return claripy.Concat(*components)
Example #2
| Source File: dirty.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def amd64g_check_ldmxcsr(state, mxcsr):
rmode = state.solver.LShR(mxcsr, 13) & 3
ew = state.solver.If(
(mxcsr & 0x1F80) != 0x1F80,
state.solver.BVV(EmWarn_X86_sseExns, 64),
state.solver.If(
mxcsr & (1 << 15) != 0,
state.solver.BVV(EmWarn_X86_fz, 64),
state.solver.If(
mxcsr & (1 << 6) != 0,
state.solver.BVV(EmWarn_X86_daz, 64),
state.solver.BVV(EmNote_NONE, 64)
)
)
)
return (ew << 32) | rmode, ()
# see canonical implementation of this in guest_amd64_helpers.c
Example #3
| Source File: dirty.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def x86g_dirtyhelper_loadF80le(state, addr):
tbyte = state.memory.load(addr, size=10, endness='Iend_LE')
sign = tbyte[79]
exponent = tbyte[78:64]
mantissa = tbyte[62:0]
normalized_exponent = exponent[10:0] - 16383 + 1023
zero_exponent = state.solver.BVV(0, 11)
inf_exponent = state.solver.BVV(-1, 11)
final_exponent = claripy.If(exponent == 0, zero_exponent, claripy.If(exponent == -1, inf_exponent, normalized_exponent))
normalized_mantissa = tbyte[62:11]
zero_mantissa = claripy.BVV(0, 52)
inf_mantissa = claripy.BVV(-1, 52)
final_mantissa = claripy.If(exponent == 0, zero_mantissa, claripy.If(exponent == -1, claripy.If(mantissa == 0, zero_mantissa, inf_mantissa), normalized_mantissa))
qword = claripy.Concat(sign, final_exponent, final_mantissa)
assert len(qword) == 64
return qword, []
Example #4
| Source File: rop_register_control.py From rex with BSD 2-Clause "Simplified" License | 6 votes |
|
def apply(self, **kwargs):
min_chain = None
chosen_register = None
value_var = claripy.BVV(0xc0debabe, self.crash.project.arch.bits)
for register in self.target_registers:
try:
chain = self.rop.set_regs(**{register: value_var})
if min_chain is None or chain.payload_bv().size() < min_chain.payload_bv().size():
chosen_register = register
min_chain = chain
except angrop.errors.RopException:
l.debug("no rop chains which set register %s", register)
if min_chain is not None:
return self.set_register(chosen_register, min_chain, value_var)
raise CannotExploit("no register setting chains")
Example #5
| Source File: list.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def run(self, this_ref, obj_ref):
log.debug('Called SimProcedure java.util.List.add with args: {} {}'.format(this_ref, obj_ref))
if this_ref.symbolic:
return claripy.BoolS('list.append')
try:
array_ref = this_ref.load_field(self.state, ELEMS, 'java.lang.Object[]')
array_len = this_ref.load_field(self.state, SIZE, 'int')
self.state.javavm_memory.store_array_element(array_ref, array_len, obj_ref)
# Update size
new_array_len = claripy.BVV(self.state.solver.eval(array_len) + 1, 32)
this_ref.store_field(self.state, SIZE, 'int', new_array_len)
except KeyError:
log.warning('Could not add element to list {}'.format(this_ref))
return claripy.BoolV(1)
Example #6
| Source File: random.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def run(self, buf, count, rnd_bytes):
# return code
r = self.state.solver.ite_cases(((self.state.cgc.addr_invalid(buf), self.state.cgc.EFAULT),
(self.state.solver.And(rnd_bytes != 0,
self.state.cgc.addr_invalid(rnd_bytes)), self.state.cgc.EFAULT)),
claripy.BVV(0, self.state.arch.bits))
if self.state.satisfiable(extra_constraints=[count!=0]):
max_size = min(1024768 * 10, self.state.solver.max_int(count))
self.state.memory.store(buf,
claripy.BVV(b'A' * max_size),
size=count
)
self.state.memory.store(rnd_bytes,
count,
endness='Iend_LE',
condition=rnd_bytes != 0)
return r
Example #7
| Source File: dirty.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def x86g_dirtyhelper_storeF80le(state, addr, qword):
sign = qword[63]
exponent = qword[62:52]
mantissa = qword[51:0]
normalized_exponent = exponent.zero_extend(4) - 1023 + 16383
zero_exponent = state.solver.BVV(0, 15)
inf_exponent = state.solver.BVV(-1, 15)
final_exponent = claripy.If(exponent == 0, zero_exponent, claripy.If(exponent == -1, inf_exponent, normalized_exponent))
normalized_mantissa = claripy.Concat(claripy.BVV(1, 1), mantissa, claripy.BVV(0, 11))
zero_mantissa = claripy.BVV(0, 64)
inf_mantissa = claripy.BVV(-1, 64)
final_mantissa = claripy.If(exponent == 0, zero_mantissa, claripy.If(exponent == -1, claripy.If(mantissa == 0, zero_mantissa, inf_mantissa), normalized_mantissa))
tbyte = claripy.Concat(sign, final_exponent, final_mantissa)
assert len(tbyte) == 80
state.memory.store(addr, tbyte, endness='Iend_LE')
return None, []
Example #8
| Source File: light_registers.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _fill(self, name, size):
size_bits = size * self.state.arch.byte_width
if options.ZERO_FILL_UNCONSTRAINED_REGISTERS in self.state.options:
value = self.state.solver.BVV(0, size_bits)
else:
if options.SYMBOL_FILL_UNCONSTRAINED_REGISTERS not in self.state.options:
if once('mem_fill_warning'):
l.warning("The program is accessing memory or registers with an unspecified value. "
"This could indicate unwanted behavior.")
l.warning("angr will cope with this by generating an unconstrained symbolic variable and continuing. "
"You can resolve this by:")
l.warning("1) setting a value to the initial state")
l.warning("2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, "
"to make unknown regions hold null")
l.warning("3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY_REGISTERS}, "
"to suppress these messages.")
l.warning("Filling register %s with %d unconstrained bytes", name, size)
return self.state.solver.Unconstrained('reg_%s' % name, size_bits, key=('reg', name), eternal=True) # :)
self.registers[name] = value
return value
Example #9
| Source File: light_registers.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def store(self, offset, value, size=None, endness=None, **kwargs):
if size is None and type(offset) is not str and type(value) is not int:
try:
size = len(value) // self.state.arch.byte_width
except TypeError:
raise SimFastMemoryError("Invalid register store value") from None
name, extract, xsize = self.resolve_register(offset, size)
if size is not None:
try:
if not self.state.solver.is_true(size*self.state.arch.byte_width == xsize):
raise SimFastMemoryError("Inconsistent register store size")
except TypeError:
raise SimFastMemoryError("Invalid register store value") from None
if type(value) is int:
value = self.state.solver.BVV(value, xsize)
if endness is not None and endness != self.state.arch.register_endness:
# ???????
value = value.reversed
self._complex_store(name, value, extract)
Example #10
| Source File: light_registers.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def set_state(self, state):
super().set_state(state)
if not self.registers:
ip_name = state.arch.register_names[state.arch.ip_offset]
self.registers[ip_name] = claripy.BVV(0, state.arch.registers[ip_name][1])
if self.reg_map:
return
bw = state.arch.byte_width
for reg in state.arch.register_list:
self.reg_map[(reg.vex_offset, reg.size)] = reg.name, None, reg.size*bw
for subreg_name, subreg_suboffset, subreg_size in reg.subregisters:
# endian swap gets undone here
if state.arch.register_endness == 'Iend_BE':
extract_high = (reg.size - 1 - subreg_suboffset) * bw + 7
extract_low = extract_high - subreg_size * bw + 1
else:
extract_low = subreg_suboffset * bw
extract_high = extract_low + subreg_size * bw - 1
self.reg_map[(reg.vex_offset + subreg_suboffset, subreg_size)] = reg.name, (extract_high, extract_low), subreg_size*bw
Example #11
| Source File: fast_memory.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def __init__(self, memory_backer=None, memory_id=None, endness=None, contents=None, width=None, uninitialized_read_handler=None):
SimMemory.__init__(self, endness=endness)
self._contents = { } if contents is None else contents
self.width = width
self._uninitialized_read_handler = uninitialized_read_handler
self.id = memory_id
self._backer = memory_backer
if self._backer is not None:
raise SimFastMemoryError("TODO: support memory backers in SimFastMemory")
# TODO: support backers
#def _get_from_backer(self, missing_addr, size):
# for addr, backer in self._memory_backer.cbackers:
# start_backer = missing_addr - addr
# if start_backer < 0 and abs(start_backer) >= self._page_size: continue
# if start_backer >= len(backer): continue
# snip_start = max(0, start_backer)
# write_start = max(missing_addr, addr + snip_start)
# write_size = self._page_size - write_start%self._page_size
# snip = _ffi.buffer(backer)[snip_start:snip_start+write_size]
# mo = SimMemoryObject(claripy.BVV(snip), write_start)
# self._apply_object_to_page(n*self._page_size, mo, page=new_page)
Example #12
| Source File: symbolizer.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def init_state(self):
super().init_state()
assert self.state.memory.mem._page_size == PAGE_SIZE
self._LE_FMT = self.state.arch.struct_fmt(endness='Iend_LE')
self._BE_FMT = self.state.arch.struct_fmt(endness='Iend_BE')
# ignore CLE pages
for i in range(0, self.state.project.loader.kernel_object.map_size, PAGE_SIZE):
self.ignore_target_pages.add((self.state.project.loader.kernel_object.mapped_base+i)//PAGE_SIZE)
for i in range(0, self.state.project.loader.extern_object.map_size, PAGE_SIZE):
self.ignore_target_pages.add((self.state.project.loader.extern_object.mapped_base+i)//PAGE_SIZE)
self.state.inspect.make_breakpoint('memory_page_map', when=self.state.inspect.BP_BEFORE, action=_page_map_cb)
self.state.inspect.make_breakpoint('mem_write', when=self.state.inspect.BP_BEFORE, action=_mem_write_cb)
#self.state.inspect.make_breakpoint('mem_read', when=self.state.inspect.BP_BEFORE, action=_mem_read_cb)
#self.state.inspect.make_breakpoint('reg_write', when=self.state.inspect.BP_BEFORE, action=_reg_write_cb)
#self.state.inspect.make_breakpoint('reg_read', when=self.state.inspect.BP_BEFORE, action=_reg_read_cb)
self._zero = claripy.BVV(0, self.state.arch.bytes)
Example #13
| Source File: sim_type.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def extract(self, state, addr, concrete=False):
if self.length is None:
out = None
last_byte = state.memory.load(addr, 2)
# if we try to extract a symbolic string, it's likely that we are going to be trapped in a very large loop.
if state.solver.symbolic(last_byte):
raise ValueError("Trying to extract a symbolic string at %#x" % state.solver.eval(addr))
addr += 2
while not (claripy.is_true(last_byte == 0) or state.solver.symbolic(last_byte)):
out = last_byte if out is None else out.concat(last_byte)
last_byte = state.memory.load(addr, 2)
addr += 2
else:
out = state.memory.load(addr, self.length*2)
if out is None: out = claripy.BVV(0, 0)
if not concrete:
return out
else:
return u''.join(chr(state.solver.eval(x.reversed if state.arch.memory_endness == 'Iend_LE' else x)) for x in out.chop(16))
Example #14
| Source File: sim_type.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def extract(self, state, addr, concrete=False):
if self.length is None:
out = None
last_byte = state.memory.load(addr, 1)
# if we try to extract a symbolic string, it's likely that we are going to be trapped in a very large loop.
if state.solver.symbolic(last_byte):
raise ValueError("Trying to extract a symbolic string at %#x" % state.solver.eval(addr))
addr += 1
while not (claripy.is_true(last_byte == 0) or state.solver.symbolic(last_byte)):
out = last_byte if out is None else out.concat(last_byte)
last_byte = state.memory.load(addr, 1)
addr += 1
else:
out = state.memory.load(addr, self.length)
if not concrete:
return out if out is not None else claripy.BVV(0, 0)
else:
return state.solver.eval(out, cast_to=bytes) if out is not None else ''
Example #15
| Source File: ccall.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def amd64g_calculate_RCR(state, arg, rot_amt, eflags_in, sz):
if sz.op != 'BVV':
raise SimError('Hit a symbolic "sz" in an x86 rotate with carry instruction. Panic.')
want_flags = claripy.SLT(sz, 0).is_true()
if want_flags: sz = -sz
carry_bit_in = eflags_in[data['AMD64']['CondBitOffsets']['G_CC_SHIFT_C']]
carry_bit_out, overflow_bit_out, arg_out = generic_rotate_with_carry(state, False, arg, rot_amt, carry_bit_in, sz)
if want_flags:
cf = carry_bit_out.zero_extend(63)
of = overflow_bit_out.zero_extend(63)
eflags_out = eflags_in
eflags_out &= ~(data['AMD64']['CondBitMasks']['G_CC_MASK_C'] | data['AMD64']['CondBitMasks']['G_CC_MASK_O'])
eflags_out |= (cf << data['AMD64']['CondBitOffsets']['G_CC_SHIFT_C']) | \
(of << data['AMD64']['CondBitOffsets']['G_CC_SHIFT_O'])
return eflags_out
else:
return arg_out
Example #16
| Source File: ccall.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def amd64g_check_ldmxcsr(state, mxcsr):
rmode = claripy.LShR(mxcsr, 13) & 3
ew = claripy.If(
(mxcsr & 0x1F80) != 0x1F80,
claripy.BVV(EmWarn_X86_sseExns, 64),
claripy.If(
mxcsr & (1<<15) != 0,
claripy.BVV(EmWarn_X86_fz, 64),
claripy.If(
mxcsr & (1<<6) != 0,
claripy.BVV(EmWarn_X86_daz, 64),
claripy.BVV(EmNote_NONE, 64)
)
)
)
return (ew << 32) | rmode
#################
### ARM Flags ###
#################
Example #17
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _op_generic_pack_StoU_saturation(self, args, src_size, dst_size):
"""
Generic pack with unsigned saturation.
Split args in chunks of src_size signed bits and in pack them into unsigned saturated chunks of dst_size bits.
Then chunks are concatenated resulting in a BV of len(args)*dst_size//src_size*len(args[0]) bits.
"""
if src_size <= 0 or dst_size <= 0:
raise SimOperationError("Can't pack from or to zero or negative size" % self.name)
result = None
max_value = claripy.BVV(-1, dst_size).zero_extend(src_size - dst_size) #max value for unsigned saturation
min_value = claripy.BVV(0, src_size) #min unsigned value always 0
for v in args:
for src_value in v.chop(src_size):
dst_value = self._op_generic_StoU_saturation(src_value, min_value, max_value)
dst_value = dst_value.zero_extend(dst_size - src_size)
if result is None:
result = dst_value
else:
result = self._op_concat((result, dst_value))
return result
Example #18
| Source File: ccall.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _concat_flags(nbits, flags_vec):
"""
Concatenate different flag BVs to a single BV. Currently used for ARM, X86
and AMD64.
:param nbits : platform size in bits.
:param flags_vec: vector of flag BVs and their offset in the resulting BV.
:type nbits : int
:type flags_vec : list
:return : the resulting flag BV.
:rtype : claripy.BVV
"""
result = claripy.BVV(0, 0)
for offset, bit in flags_vec:
current_position = nbits - 1 - result.length
result = result.concat(claripy.BVV(0, current_position - offset), bit)
result = result.concat(claripy.BVV(0, nbits - result.length))
return result
Example #19
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def _op_generic_QSub(self, args):
"""
Saturating subtract.
"""
components = []
for a, b in self.vector_args(args):
top_a = a[self._vector_size-1]
top_b = b[self._vector_size-1]
res = a - b
top_r = res[self._vector_size-1]
if self.is_signed:
big_top_r = (~top_r).zero_extend(self._vector_size-1)
cap = (claripy.BVV(-1, self._vector_size)//2) + big_top_r
cap_cond = ((top_a ^ top_b) & (top_a ^ top_r)) == 1
else:
cap = claripy.BVV(0, self._vector_size)
cap_cond = claripy.UGT(res, a)
components.append(claripy.If(cap_cond, cap, res))
return claripy.Concat(*components)
Example #20
| Source File: gdb.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def set_regs(self, regs_dump):
"""
Initialize register values within the state
:param regs_dump: The output of ``info registers`` in gdb.
"""
if self.real_stack_top == 0 and self.adjust_stack is True:
raise SimStateError("You need to set the stack first, or set"
"adjust_stack to False. Beware that in this case, sp and bp won't be updated")
data = self._read_data(regs_dump)
rdata = re.split(b"\n", data)
for r in rdata:
if r == b"":
continue
reg = re.split(b" +", r)[0].decode()
val = int(re.split(b" +", r)[1],16)
try:
self.state.registers.store(reg, claripy.BVV(val, self.state.arch.bits))
# Some registers such as cs, ds, eflags etc. aren't supported in angr
except KeyError as e:
l.warning("Reg %s was not set", e)
self._adjust_regs()
Example #21
| Source File: x86_setregister.py From rex with BSD 2-Clause "Simplified" License | 6 votes |
|
def raw(self, arch=None):
register = self.register
value = self.value
ip = self.pc
if isinstance(value, int):
value = claripy.BVV(value, 32)
if isinstance(ip, int):
ip = claripy.BVV(ip, 32)
try:
code_row = [claripy.BVV(x) for x in self.codes[register]]
except KeyError:
raise ValueError("register '%s' does not exist" % register)
return claripy.Concat(code_row[0], value.reversed, code_row[1], ip.reversed, code_row[2])
Example #22
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 6 votes |
|
def generic_compare(self, args, comparison):
if self._vector_size is not None:
res_comps = []
for i in reversed(range(self._vector_count)):
a_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[0])
b_comp = claripy.Extract((i+1) * self._vector_size - 1,
i * self._vector_size,
args[1])
res_comps.append(claripy.If(comparison(a_comp, b_comp),
claripy.BVV(-1, self._vector_size),
claripy.BVV(0, self._vector_size)))
return claripy.Concat(*res_comps)
else:
return claripy.If(comparison(args[0], args[1]), claripy.BVV(1, 1), claripy.BVV(0, 1))
Example #23
| Source File: calling_conventions.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def set_value(self, state, value, endness=None, size=None, **kwargs): # pylint: disable=unused-argument,arguments-differ
self.check_value(value)
if endness is None: endness = state.arch.register_endness
if isinstance(value, int): value = claripy.BVV(value, self.size*8)
if size is None: size = min(self.size, value.length // 8)
offset = self._fix_offset(state, size)
state.registers.store(offset, value, endness=endness, size=size)
Example #24
| Source File: fuzzing_type_2.py From rex with BSD 2-Clause "Simplified" License | 5 votes |
|
def _fix_reg_vals(self, reg_vals):
if self.addr_ast is None:
return reg_vals
# if we have an ast fix it!
out_val = self.addr_ast
reg_vals2 = {self._reg_asts[r]: claripy.BVV(v, 32) for r, v in reg_vals.items() if r in CGC_GENERAL_REGS}
replace_dict = {a.cache_key: b for a, b in reg_vals2.items()}
out_val = out_val.replace_dict(replace_dict)
if out_val.symbolic:
raise CannotExploit("symbolic value after replacing regs")
return {"AST": out_val.args[0], "eip": reg_vals["eip"]}
Example #25
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_int_to_fp(self, args):
rm_exists = self._from_size != 32 or self._to_size != 64
rm = self._translate_rm(args[0] if rm_exists else claripy.BVV(0, 32))
arg = args[1 if rm_exists else 0]
return arg.val_to_fp(claripy.fp.FSort.from_size(self._output_size_bits), signed=True, rm=rm)
Example #26
| Source File: list.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def run(self, this_ref):
log.debug('Called SimProcedure java.util.List.getFirst with args: {}'.format(this_ref))
if this_ref.symbolic:
return SimSootValue_ThisRef.new_object(self.state, 'java.lang.Object', symbolic=True)
try:
array_ref = this_ref.load_field(self.state, ELEMS, 'java.lang.Object[]')
array_len = this_ref.load_field(self.state, SIZE, 'int')
# TODO should check boundaries?
return self.state.javavm_memory.load_array_element(array_ref, claripy.BVV(0, 32))
except KeyError:
return SimSootValue_ThisRef.new_object(self.state, 'java.lang.Object', symbolic=True)
Example #27
| Source File: system_paths.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def run(self, nBufferLength, lpBuffer):
try:
length = self.state.solver.eval_one(nBufferLength)
except angr.errors.SimValueError:
raise angr.errors.SimProcedureError("Can't handle symbolic nBufferLength in GetTempPath")
copy_len = min(self.RESULT.length//8, length - 1)
self.state.memory.store(lpBuffer, self.RESULT[self.RESULT.length - 1 : self.RESULT.length - copy_len*8].concat(claripy.BVV(0, 8)))
return self.RESULT.length // 8
Example #28
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_generic_CatOddLanes(self, args):
vec_0 = args[0].chop(self._vector_size)
vec_1 = args[1].chop(self._vector_size)
return claripy.Concat(*(vec_0[::2] + vec_1[::2]))
#def _op_Iop_Yl2xF64(self, args):
# rm = self._translate_rm(args[0])
# arg2_bv = args[2].raw_to_bv()
# # IEEE754 double looks like this:
# # SEEEEEEEEEEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# # thus, we extract the exponent bits, re-bias them, then
# # (signed) convert them back into an FP value for the integer
# # part of the log. then we make the approximation that log2(x)
# # = x - 1 for 1.0 <= x < 2.0 to account for the mantissa.
# # the bias for doubles is 1023
# arg2_exp = (arg2_bv[62:52] - 1023).val_to_fp(claripy.fp.FSORT_DOUBLE, signed=True, rm=rm)
# arg2_mantissa = claripy.Concat(claripy.BVV(int('001111111111', 2), 12), arg2_bv[51:0]).raw_to_fp()
# # this is the hacky approximation:
# log2_arg2_mantissa = claripy.fpSub(rm, arg2_mantissa, claripy.FPV(1.0, claripy.fp.FSORT_DOUBLE))
# return claripy.fpMul(rm, args[1].raw_to_fp(), claripy.fpAdd(rm, arg2_exp, log2_arg2_mantissa))
#def _op_Iop_Yl2xp1F64(self, args):
# rm_raw, arg1, arg2 = args
# rm = self._translate_rm(rm_raw)
# arg2_p1 = claripy.fpAdd(rm, arg2.raw_to_fp(), claripy.FPV(1.0, claripy.fp.FSORT_DOUBLE))
# return self._op_Iop_Yl2xF64((rm_raw, arg1, arg2_p1))
Example #29
| Source File: format_parser.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _get_str_at(self, str_addr, max_length=None):
if max_length is None:
strlen = self.parser._sim_strlen(str_addr)
#TODO: we probably could do something more fine-grained here.
# throw away strings which are just the NULL terminator
max_length = self.parser.state.solver.max_int(strlen)
if max_length == 0:
return claripy.BVV(b'')
return self.parser.state.memory.load(str_addr, max_length)
Example #30
| Source File: irop.py From angr with BSD 2-Clause "Simplified" License | 5 votes |
|
def _op_fgeneric_CmpEQ(self, a0, a1): # pylint: disable=no-self-use
# for cmpps_eq stuff, i.e. Iop_CmpEQ32Fx4
return claripy.If(claripy.fpEQ(a0, a1), claripy.BVV(-1, len(a0)), claripy.BVV(0, len(a0)))
