Functions
def	emul_symb (ir_arch, ircfg, mdis, states_todo, states_done)

Variables
	machine = Machine("x86_32")

	parser = OptionParser(usage="usage: %prog [options] file")

	dest

	metavar

	help

	default

	options

	args

	loc_db = LocationDB()

	translator_smt2 = Translator.to_language("smt2")

	addr = int(options.address, 16)

	cont = Container.from_stream(open(args[0], 'rb'), loc_db)

	mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)

	ir_arch = machine.ir(mdis.loc_db)

	ircfg = ir_arch.new_ircfg()

	symbexec = SymbolicExecutionEngine(ir_arch)

	asmcfg

	argc_lbl = loc_db.get_name_location('argc')

	argv_lbl = loc_db.get_name_location('argv')

	ret_addr_lbl = loc_db.get_name_location('ret_addr')

	init_lbl = loc_db.get_name_location('init')

	argc_loc = ExprLoc(argc_lbl, 32)

	argv_loc = ExprLoc(argv_lbl, 32)

	ret_addr_loc = ExprLoc(ret_addr_lbl, 32)

	ret_addr = ExprId("ret_addr", ret_addr_loc.size)

dictionary	fix_args

	block = asmcfg.loc_key_to_block(init_lbl)

	irb = ircfg.blocks[init_lbl]

	ids

	blocks

	states_todo = set()

	states_done = set()

list	all_info = []

	key

list	reqs = []

	all_cases = set()

list	out

list	conditions = []

	all_ids = set()

	expr_test

	cond = translator_smt2.from_expr(ExprAssign(expr_test, value))

	cases

Function Documentation

◆ emul_symb()

def solve_condition_stp.emul_symb	(	ir_arch,
		ircfg,
		mdis,
		states_todo,
		states_done
	)

Here is the call graph for this function:

Variable Documentation

◆ addr

solve_condition_stp.addr = int(options.address, 16)

◆ all_cases

solve_condition_stp.all_cases = set()

◆ all_ids

solve_condition_stp.all_ids = set()

◆ all_info

list solve_condition_stp.all_info = []

◆ argc_lbl

solve_condition_stp.argc_lbl = loc_db.get_name_location('argc')

◆ argc_loc

solve_condition_stp.argc_loc = ExprLoc(argc_lbl, 32)

◆ args

solve_condition_stp.args

◆ argv_lbl

solve_condition_stp.argv_lbl = loc_db.get_name_location('argv')

◆ argv_loc

solve_condition_stp.argv_loc = ExprLoc(argv_lbl, 32)

◆ asmcfg

solve_condition_stp.asmcfg

Initial value:

 =  parse_asm.parse_txt(
         machine.mn, 32, ,
         loc_db
     )

◆ block

solve_condition_stp.block = asmcfg.loc_key_to_block(init_lbl)

◆ blocks

solve_condition_stp.blocks

◆ cases

solve_condition_stp.cases

Initial value:

 =  subprocess.check_output(["/home/serpilliere/tools/stp/stp",
                                              "-p", '--SMTLIB2',
                                              "out.dot"])

◆ cond

solve_condition_stp.cond = translator_smt2.from_expr(ExprAssign(expr_test, value))

◆ conditions

list solve_condition_stp.conditions = []

◆ cont

solve_condition_stp.cont = Container.from_stream(open(args[0], 'rb'), loc_db)

◆ default

solve_condition_stp.default

◆ dest

solve_condition_stp.dest

◆ expr_test

solve_condition_stp.expr_test

Initial value:

 =  ExprCond(expr,
                                  ExprInt(1, value.size),
                                  ExprInt(0, value.size))

◆ fix_args

dictionary solve_condition_stp.fix_args

Initial value:

 =  {
         argc_loc: ExprId("argc", argc_loc.size),
         argv_loc: ExprId("argv", argv_loc.size),
         ret_addr_loc: ret_addr,
     }

◆ help

solve_condition_stp.help

◆ ids

solve_condition_stp.ids

◆ init_lbl

solve_condition_stp.init_lbl = loc_db.get_name_location('init')

◆ ir_arch

solve_condition_stp.ir_arch = machine.ir(mdis.loc_db)

◆ irb

solve_condition_stp.irb = ircfg.blocks[init_lbl]

◆ ircfg

solve_condition_stp.ircfg = ir_arch.new_ircfg()

◆ key

solve_condition_stp.key

◆ loc_db

solve_condition_stp.loc_db = LocationDB()

◆ machine

solve_condition_stp.machine = Machine("x86_32")

◆ mdis

solve_condition_stp.mdis = machine.dis_engine(cont.bin_stream, loc_db=loc_db)

◆ metavar

solve_condition_stp.metavar

◆ options

solve_condition_stp.options

◆ out

list solve_condition_stp.out

Initial value:

1 = ['(set-logic QF_ABV)',

2 '(set-info :smt-lib-version 2.0)']

◆ parser

solve_condition_stp.parser = OptionParser(usage="usage: %prog [options] file")

◆ reqs

list solve_condition_stp.reqs = []

◆ ret_addr

solve_condition_stp.ret_addr = ExprId("ret_addr", ret_addr_loc.size)

◆ ret_addr_lbl

solve_condition_stp.ret_addr_lbl = loc_db.get_name_location('ret_addr')

◆ ret_addr_loc

solve_condition_stp.ret_addr_loc = ExprLoc(ret_addr_lbl, 32)

◆ states_done

solve_condition_stp.states_done = set()

◆ states_todo

solve_condition_stp.states_todo = set()

◆ symbexec

solve_condition_stp.symbexec = SymbolicExecutionEngine(ir_arch)

◆ translator_smt2

solve_condition_stp.translator_smt2 = Translator.to_language("smt2")

Functions

Variables

Function Documentation

◆ emul_symb()

Variable Documentation

◆ addr

◆ all_cases

◆ all_ids

◆ all_info

◆ argc_lbl

◆ argc_loc

◆ args

◆ argv_lbl

◆ argv_loc

◆ asmcfg

◆ block

◆ blocks

◆ cases

◆ cond

◆ conditions

◆ cont

◆ default

◆ dest

◆ expr_test

◆ fix_args

◆ help

◆ ids

◆ init_lbl

◆ ir_arch

◆ irb

◆ ircfg

◆ key

◆ loc_db

◆ machine

◆ mdis

◆ metavar

◆ options

◆ out

◆ parser

◆ reqs

◆ ret_addr

◆ ret_addr_lbl

◆ ret_addr_loc

◆ states_done

◆ states_todo

◆ symbexec

◆ translator_smt2