Python z3.simplify() Examples
The following are 30
code examples of z3.simplify().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
z3
, or try the search function
.
.
Example #1
| Source File: simplify.py From ethereum-dasm with GNU General Public License v2.0 | 6 votes |
|
def get_z3_value(item):
if (type(item) == int):
return item
elif (type(item) == mythril.laser.smt.bitvec.BitVec and not item.symbolic):
return item.value
elif (type(item) == z3.BitVecNumRef):
return item.as_long()
try:
return z3.simplify(item).as_long()
except AttributeError:
return str(z3.simplify(item))
except z3.Z3Exception:
return str(item)
Example #2
| Source File: svm_utils.py From ilf with Apache License 2.0 | 6 votes |
|
def split_bv_into_bytes(bv):
if type(bv) == int:
bv = z3.BitVecVal(bv, 256)
assert bv.size() % 8 == 0
is_conc = False
if is_bv_concrete(bv):
is_conc = True
length = bv.size() // 8
concrete_data = get_concrete_int(bv)
data_bytes = ethereum.utils.zpad(ethereum.utils.int_to_bytes(concrete_data), length)
bv_bytes = []
for data_byte in data_bytes:
bv_bytes.append(z3.BitVecVal(data_byte, 8))
bv_bytes_a = bv_bytes
bv_bytes = []
for i in range(bv.size(), 0, -8):
bv_bytes.append(z3.simplify(z3.Extract(i-1, i-8, bv)))
if is_conc:
assert bv_bytes == bv_bytes_a
assert len(bv_bytes) == bv.size() // 8
return bv_bytes
Example #3
| Source File: mcts.py From syntia with GNU General Public License v2.0 | 6 votes |
|
def synthesise(command, result, index):
ret = ""
max_iter = command[0]
uct_scalar = command[1]
game = command[2]
oracle = command[3]
synthesis_inputs = command[4]
mc = MCTS(game, oracle, synthesis_inputs, uct_scalar=uct_scalar)
mc.verbosity_level = 2
s = State(game, BITSIZE)
mc.search(s, max_iter)
if mc.final_expression:
ret = rpn_to_infix(mc.final_expression)
print "{} ({} iterations)".format(rpn_to_infix(mc.final_expression), mc.current_iter)
try:
print "{} (simplified)".format(simplify(game.to_z3(mc.final_expression)))
except:
pass
result[index] = ret
Example #4
| Source File: execution.py From ilf with Apache License 2.0 | 6 votes |
|
def SHA3(self, gstate, index, length):
if svm_utils.is_bv_concrete(index) and svm_utils.is_bv_concrete(length):
index = svm_utils.get_concrete_int(index)
length = svm_utils.get_concrete_int(length)
if length == 0:
gstate.mstate.stack.append(z3.BitVecVal(SHA_EMPTY_ARGS_VALUE, 256))
return
data = z3.simplify(svm_utils.get_memory_data(gstate.mstate.memory, index, length))
sha_constraints, hash_vector = svm_utils.symbolic_keccak(self, data)
gstate.wstate.constraints.extend(sha_constraints)
gstate.mstate.stack.append(hash_vector)
return
hash_vector = self.svm.sym_bv_generator.get_sym_bitvec(constraints.ConstraintType.SHA3,
gstate.wstate.gen,
unique=True)
logging.debug('SHA index or len not resolved. Using the symbolic vector')
gstate.mstate.stack.append(hash_vector)
return
Example #5
| Source File: mcts_synthesis_multi_core.py From syntia with GNU General Public License v2.0 | 6 votes |
|
def synthesise(command, result, index):
ret = ""
max_iter = command[0]
uct_scalar = command[1]
game = command[2]
oracle = command[3]
synthesis_inputs = command[4]
mc = MCTS(game, oracle, synthesis_inputs, uct_scalar=uct_scalar)
mc.verbosity_level = 1
s = State(game, BITSIZE)
mc.search(s, max_iter)
if mc.final_expression:
ret = rpn_to_infix(mc.final_expression)
print "{} ({} iterations)".format(rpn_to_infix(mc.final_expression), mc.current_iter)
try:
simplified = simplify(game.to_z3(mc.final_expression))
print "{} (simplified)".format(simplified)
except:
pass
result[index] = ret
Example #6
| Source File: execution.py From ilf with Apache License 2.0 | 6 votes |
|
def MUL(self, gstate, a, b):
a, b = map(svm_utils.convert_to_bitvec, (a, b))
if self.svm.abs_mul and not svm_utils.is_bv_concrete(a) and not svm_utils.is_bv_concrete(b):
abs_bv = self.svm.sym_bv_generator.get_sym_bitvec(constraints.ConstraintType.MUL,
gstate.wstate.gen,
unique=True)
gstate.mstate.stack.append(abs_bv)
elif svm_utils.is_bv_pow2(a) or svm_utils.is_bv_pow2(b):
if svm_utils.is_bv_pow2(b):
a, b = b, a
a = svm_utils.get_concrete_int(a)
i = 0
while a != (1 << i):
i += 1
gstate.mstate.stack.append(z3.simplify(b << i))
else:
gstate.mstate.stack.append(a * b)
Example #7
| Source File: svm.py From ilf with Apache License 2.0 | 6 votes |
|
def update_sha(self, sha_data):
for arg, log_value, length_bytes in sha_data:
if log_value in self.log_sha_to_sym_sha:
continue
data = z3.BitVecVal(arg, length_bytes * 8)
if data.size() == 512:
data_words = svm_utils.split_bv_by_words(data)
data_words = [d.as_long() for d in data_words]
data_words = [self.log_sha_to_sym_sha.get(d, z3.BitVecVal(d, 256)) for d in data_words]
data = z3.simplify(z3.Concat(data_words))
sha_constraints, hash_vector = svm_utils.symbolic_keccak(self, data)
self.log_sha_to_sym_sha[log_value] = hash_vector
self.root_wstate.constraints.extend(sha_constraints)
solver = z3.Solver()
solver.add(self.root_wstate.constraints)
assert solver.check() == z3.sat
Example #8
| Source File: svm.py From ilf with Apache License 2.0 | 6 votes |
|
def update_storages(self, sstore_data):
for address, index, value in sstore_data:
address = int(address[2:], 16)
assert address in self.root_wstate.address_to_account
if index > 100:
if index in self.log_sha_to_sym_sha:
store_index = self.log_sha_to_sym_sha[index]
else:
log_shas = list(self.log_sha_to_sym_sha.keys())
diffs = [abs(l - index) for l in log_shas]
min_index = diffs.index(min(diffs))
diff = diffs[min_index]
if diff < 10:
relative_index = log_shas[min_index]
store_index = z3.simplify(self.log_sha_to_sym_sha[relative_index] + z3.BitVecVal(diff, 256))
self.log_sha_to_sym_sha[index] = store_index
else:
store_index = z3.BitVecVal(index, 256)
else:
store_index = z3.BitVecVal(index, 256)
store_value = self.log_sha_to_sym_sha.get(value, z3.BitVecVal(value, 256))
account = self.root_wstate.address_to_account[address]
account.storage.store(store_index, store_value)
Example #9
| Source File: mlil_ast.py From f-ing-around-with-binaryninja with MIT License | 6 votes |
|
def try_make_simple_if_else(
self, node1, node2, nodes_to_check, nodes_to_remove
):
log_debug("try_make_simple_if_else")
cond1 = node1.condition
cond2 = node2.condition
if is_true(simplify(cond1 == Not(cond2))):
log_debug(f"found a simple if/else match")
if cond1.decl().name() == "not":
node2[False] = node1[True]
nodes_to_check.remove(node2)
nodes_to_remove.append(node1)
else:
node1[False] = node2[True]
nodes_to_remove.append(node2)
return True
return False
Example #10
| Source File: mlil_ast.py From f-ing-around-with-binaryninja with MIT License | 6 votes |
|
def _convert_to_while_loop(
self, node: MediumLevelILAstLoopNode, while_condition
):
log_debug(f"{node} is a while loop")
node.loop_type = "while"
node.condition = reduce(
And, Tactic("ctx-solver-simplify")(Not(while_condition))[0]
)
break_cond = node.body.nodes[0]
if break_cond[False] is not None:
node.body._nodes[0] = break_cond[False]
# Flatten condition nodes that have the same condition
# as the loop condition
for idx, child in enumerate(node.body.nodes):
if (
isinstance(child, MediumLevelILAstCondNode)
and is_true(simplify(child.condition == node.condition))
and child[False] is None
):
node.body._nodes[idx] = child[True]
Example #11
| Source File: simplify.py From ethereum-dasm with GNU General Public License v2.0 | 6 votes |
|
def get_z3_value_hex(item):
if (type(item) == int):
return hex(item)
elif (type(item) == mythril.laser.smt.bitvec.BitVec and not item.symbolic):
return hex(item.value)
elif (type(item) == z3.BitVecNumRef):
return hex(item.as_long())
try:
return hex(z3.simplify(item).as_long())
except AttributeError:
return str(z3.simplify(item)).replace("\n","\n ")
except z3.Z3Exception:
return str(item).replace("\n","\n ")
Example #12
| Source File: z3_extra_util.py From teether with Apache License 2.0 | 5 votes |
|
def simplify_non_const_hashes(expr, sha_ids):
while True:
expr = z3.simplify(expr, expand_select_store=True)
sha_subst = get_sha_subst_non_recursive(expr, sha_ids)
if not sha_subst:
break
expr = z3.substitute(expr, [(s, z3.BoolVal(False)) for s in sha_subst])
return expr
Example #13
| Source File: z3_extra_util.py From teether with Apache License 2.0 | 5 votes |
|
def get_vars(f, rs=set()):
"""
shameless copy of z3util.get_vars,
but returning select-operations as well.
E.g.
>>> x = z3.Array('x', z3.IntSort(), z3.IntSort())
>>> get_vars(x[5])
[x[5]]
whereas
>>> x = z3.Array('x', z3.IntSort(), z3.IntSort())
>>> z3util.get_vars(x[5])
[x]
"""
if not rs:
f = z3.simplify(f)
if f.decl().kind() == z3.Z3_OP_SELECT:
arr, idx = f.children()
if z3.is_const(arr):
if z3.z3util.is_expr_val(idx):
return rs | {f}
else:
return rs | {f, idx}
if z3.is_const(f):
if z3.z3util.is_expr_val(f):
return rs
else: # variable
return rs | {f}
else:
for f_ in f.children():
rs = get_vars(f_, rs)
return set(rs)
Example #14
| Source File: z3_extra_util.py From teether with Apache License 2.0 | 5 votes |
|
def ast_eq(e1, e2, simplified=False):
if not simplified:
e1 = z3.simplify(e1)
e2 = z3.simplify(e2)
if e1.sort() != e2.sort():
return False
if e1.decl().kind() != e2.decl().kind():
return False
if z3.z3util.is_expr_val(e1) and z3.z3util.is_expr_val(e2):
return e1.as_long() == e2.as_long()
return all(ast_eq(c1, c2, True) for c1, c2 in zip(e1.children(), e2.children()))
Example #15
| Source File: z3_extra_util.py From teether with Apache License 2.0 | 5 votes |
|
def get_sha_subst_non_recursive(f, sha_ids):
import timeit
start = timeit.default_timer()
todo = [z3.simplify(f, expand_select_store=True)]
rs = set()
seen = set()
subexprcount = 0
while todo:
expr = todo.pop()
subexprcount += 1
if expr.get_id() in seen:
continue
seen.add(expr.get_id())
if expr.decl().kind() == z3.Z3_OP_EQ and all(is_simple_expr(c) for c in expr.children()):
l, r = expr.children()
lvars, rvars = [{v.get_id() for v in get_vars_non_recursive(e, True)} for e in (l, r)]
sha_left = bool(lvars & sha_ids)
sha_right = bool(rvars & sha_ids)
if sha_left and sha_right:
# both sides use a sha-expression
# => can be equal only if ASTs are equal
if not ast_eq(l, r):
rs.add(expr)
elif sha_left ^ sha_right:
# only one side uses a sha-expression
# => assume not equal (e.g. SHA == 5 seems unlikely)
rs.add(expr)
else:
todo.extend(expr.children())
end = timeit.default_timer()
# logging.info("get_sha_subst_non_recursive took %d microseconds (%d subexpressions)", (end-start)*1000000.0, subexprcount)
return rs
Example #16
| Source File: evmdasm.py From ethereum-dasm with GNU General Public License v2.0 | 5 votes |
|
def simplified(self):
return evmsimplify.simplify(self.disassembly,
show_pseudocode=True,
show_asm=self._simplify_show_asm,
show_unreachable=self._simplify_show_unreachable)
Example #17
| Source File: esil.py From winapi-deobfuscation with GNU Lesser General Public License v3.0 | 5 votes |
|
def rol(x,y):
return z3.simplify(z3.RotateLeft(x,y))
Example #18
| Source File: svm_utils.py From ilf with Apache License 2.0 | 5 votes |
|
def extract_index_features(index):
current_index = index
features = []
if current_index.decl().name() == 'bvadd':
current_index = current_index.arg(0)
if current_index.decl().name().startswith('sha'):
current_index = current_index.arg(0)
features.append(current_index.size())
else:
return features
if current_index.decl().name() == 'concat':
args = [current_index.arg(i) for i in range(current_index.num_args())]
if svm_utils.is_bv_concrete(args[-1]):
features.append(args[-1])
current_index = z3.Concat(args[0:-1]) if len(args) > 2 else args[0]
else:
return features
elif is_bv_concrete(current_index):
if current_index.size() > 256:
prefix, suffix = split_bv(current_index, 256)
suffix = z3.simplify(suffix)
features.append(suffix)
current_index = z3.simplify(prefix)
elif current_index.size() == 256:
features.append(current_index)
return features
else:
features.append(current_index)
return features
else:
return features
if current_index.decl().name().startswith('sha'):
print(current_index)
current_index = current_index.arg(0)
features.append(current_index.size())
else:
return features
return features
Example #19
| Source File: svm_utils.py From ilf with Apache License 2.0 | 5 votes |
|
def get_wstate_z3vars(wstate):
r = get_z3vars(z3.simplify(z3.And(wstate.constraints)))
for address, gstate in wstate.address_to_account.items():
r.update(get_z3vars(z3.simplify(gstate.storage.storage)))
return r
Example #20
| Source File: svm_utils.py From ilf with Apache License 2.0 | 5 votes |
|
def convert_concrete_int_to_bytes(val):
if type(val) == int:
return val.to_bytes(32, byteorder='big')
return (z3.simplify(val).as_long()).to_bytes(32, byteorder='big')
Example #21
| Source File: svm_utils.py From ilf with Apache License 2.0 | 5 votes |
|
def is_bv_concrete(bv):
if isinstance(bv, int):
return True
try:
hex(z3.simplify(bv).as_long())
return True
except AttributeError as e:
return False
except Exception:
raise Exception("pdb")
Example #22
| Source File: esil.py From winapi-deobfuscation with GNU Lesser General Public License v3.0 | 5 votes |
|
def ror(x, y):
return z3.simplify(z3.RotateRight(x,y))
Example #23
| Source File: esil.py From winapi-deobfuscation with GNU Lesser General Public License v3.0 | 5 votes |
|
def mem_key(addr, size):
# addr_str = parse_addr_str(str(z3.simplify(addr)))
addr_str = str(z3.simplify(addr))
return '{0}:{1}'.format(size, addr_str)
Example #24
| Source File: analysis.py From winapi-deobfuscation with GNU Lesser General Public License v3.0 | 5 votes |
|
def get_arguments_from_stack(n_args, vm, exe, max_args=12):
args = []
n_stack_val = len(vm.x86_stack)
if n_stack_val > max_args:
n_stack_val = max_args
x = max([n_args, n_stack_val])
for i in xrange(x):
if vm.x86_stack:
if i < n_args:
val = vm.x86_stack.pop()
else:
val = vm.x86_stack[n_args - i - 1]
arg = z3.simplify(val)
if hasattr(arg, 'as_long'):
ptr_ = check_pointer(arg.as_long(), exe)
if ptr_:
arg = ptr_
else:
arg = '0x%x' % arg.as_long()
else:
arg = str(arg)
name = process_arg_str(arg)#
if name: arg = name
else:
if i >= n_args:break
arg = '*'
args.append(arg)
return args
Example #25
| Source File: backend_z3.py From claripy with BSD 2-Clause "Simplified" License | 5 votes |
|
def _boolref_tactics(self):
try:
return self._tls.boolref_tactics
except AttributeError:
tactics = z3.Then(
z3.Tactic("simplify", ctx=self._context),
z3.Tactic("propagate-ineqs", ctx=self._context),
z3.Tactic("propagate-values", ctx=self._context),
z3.Tactic("unit-subsume-simplify", ctx=self._context),
z3.Tactic("aig", ctx=self._context),
ctx=self._context
)
self._tls.boolref_tactics = tactics
return self._tls.boolref_tactics
Example #26
| Source File: backend_z3.py From claripy with BSD 2-Clause "Simplified" License | 5 votes |
|
def _is_false(self, e, extra_constraints=(), solver=None, model_callback=None):
return z3.simplify(e).eq(z3.BoolVal(False, ctx=self._context))
Example #27
| Source File: backend_z3.py From claripy with BSD 2-Clause "Simplified" License | 5 votes |
|
def _is_true(self, e, extra_constraints=(), solver=None, model_callback=None):
return z3.simplify(e).eq(z3.BoolVal(True, ctx=self._context))
Example #28
| Source File: utils.py From ilf with Apache License 2.0 | 5 votes |
|
def format_stack(stack):
stack_string = ''
for s in stack:
stack_string += str(simplify(s)).replace('\n', '')
stack_string += ', '
stack_string = ' '.join(stack_string.split())
stack_string = re.sub("([\d]{1}\d+)", lambda m: hex(int(m.group(1))), str(stack_string))
return stack_string[:-1]
Example #29
| Source File: utils.py From ilf with Apache License 2.0 | 5 votes |
|
def format_storage(storage):
storage_string = ' '.join(str(simplify(storage)).split())
matches = re.findall('\), ([^,\)]+), ([^,\)]+)', storage_string)
storage_map = {}
for index, value in matches:
storage_map[index] = value
return pprint.pformat(storage_map)
Example #30
| Source File: execution.py From ilf with Apache License 2.0 | 5 votes |
|
def BALANCE(self, gstate, address):
if svm_utils.is_bv_concrete(address) and svm_utils.get_concrete_int(address) in gstate.wstate.address_to_account:
balance = gstate.wstate.address_to_account[svm_utils.get_concrete_int(address)].balance
gstate.mstate.stack.append(balance)
return
address = str(z3.simplify(address)).replace(' ', '_')
gstate.mstate.stack.append(self.svm.sym_bv_generator.get_sym_bitvec(constraints.ConstraintType.BALANCE,
gstate.wstate.gen,
unique=True))
