smallworld-re 1.0.0__py3-none-any.whl

smallworld/emulators/angr/machdefs/machdef.py

@@ -0,0 +1,138 @@
+import abc
+import typing
+
+import angr
+import archinfo
+
+from .... import exceptions, platforms, utils
+
+
+class AngrMachineDef:
+    """Container class for angr architecture-specific definitions"""
+
+    @property
+    @abc.abstractmethod
+    def arch(self) -> platforms.Architecture:
+        """The architecture ID"""
+        raise NotImplementedError("This is an abstract method.")
+
+    @property
+    @abc.abstractmethod
+    def byteorder(self) -> platforms.Byteorder:
+        """The byte order"""
+        raise NotImplementedError("This is an abstract method.")
+
+    @property
+    @abc.abstractmethod
+    def angr_arch(self) -> archinfo.arch.Arch:
+        """The angr architecture to use"""
+        raise NotImplementedError("This is an abstract method.")
+
+    @property
+    @abc.abstractmethod
+    def pc_reg(self) -> str:
+        """The program counter register name"""
+        return ""
+
+    # Is this thumb?
+    # Almost always no, but angr needs to ask.
+    is_thumb: bool = False
+
+    # The angr execution engine.
+    # Setting this to "none" uses the default Vex engine.
+    # This only needs to be overridden if you're a pcode machine.
+    angr_engine: typing.Optional[typing.Type[angr.engines.UberEnginePcode]] = None
+
+    # Does angr support single-instruction stepping for this ISA.
+    #
+    # Instructions with delay slots cannot be lifted into VEX
+    # without also lifting the instruction in the delay slot.
+    #
+    # This flag indicates that this machine uses such instructions,
+    # and is not safe to step in this manner.
+    supports_single_step: bool = True
+
+    _registers: typing.Dict[str, str]
+
+    def angr_reg(self, name: str) -> typing.Tuple[int, int]:
+        """Find the offset and size of a register in the angr state's register file."""
+        if name not in self._registers:
+            raise KeyError(f"Unknown register for {self.arch}:{self.byteorder}: {name}")
+        name = self._registers[name]
+
+        if name not in self.angr_arch.registers:
+            raise exceptions.UnsupportedRegisterError(
+                f"Register {name} not recognized by angr for {self.arch}:{self.byteorder}"
+            )
+        return self.angr_arch.registers[name]
+
+    def successors(self, state: angr.SimState, **kwargs) -> typing.Any:
+        """Compute successor states for this architecture
+
+        This allows a particular machine definition
+        to compensate for cases where the default
+        successor computation produces inaccurate results.
+
+        For the overwhelming majority of machine models,
+        the default should be sufficient.
+
+        The biggest case to date is to handle
+        user-defined operations in pcode.
+        These are treated as illegal ops by angr,
+        and there is currently no way to intercept their processing.
+
+        Arguments:
+            state: The angr state for which to compute successors
+            kwargs: See AngrObjectFactory.successors()
+
+        Returns:
+            The successor states of `state`.
+        """
+        if state.project is None:
+            raise exceptions.ConfigurationError("Angr state had no project.")
+        return state.project.factory.successors(state, **kwargs)
+
+    @classmethod
+    def for_platform(cls, platform: platforms.Platform):
+        """Find the appropriate MachineDef for your architecture
+
+        Arguments:
+            arch: The architecture ID you want
+            mode: The mode ID you want
+            byteorder: The byteorderness you want
+
+        Returns:
+            An instance of the appropriate MachineDef
+
+        Raises:
+            ValueError: If no MachineDef subclass matches your request
+        """
+        try:
+            return utils.find_subclass(
+                cls,
+                lambda x: x.arch == platform.architecture
+                and x.byteorder == platform.byteorder,
+            )
+        except:
+            raise ValueError(f"No machine model for {platform}")
+
+
+class PcodeMachineDef(AngrMachineDef):
+    """Container class for pcode-dependent angr architecture-specific definitions"""
+
+    @property
+    @abc.abstractmethod
+    def pcode_language(self) -> str:
+        """The pcode language ID string"""
+        return ""
+
+    @property
+    def angr_arch(self) -> archinfo.arch.Arch:
+        return self._angr_arch
+
+    angr_engine: typing.Optional[
+        typing.Type[angr.engines.UberEnginePcode]
+    ] = angr.engines.UberEnginePcode
+
+    def __init__(self):
+        self._angr_arch = archinfo.ArchPcode(self.pcode_language)

smallworld/emulators/angr/machdefs/mips.py

@@ -0,0 +1,184 @@
+import archinfo
+
+from ....platforms import Architecture, Byteorder
+from .machdef import AngrMachineDef
+
+
+class MIPSMachineDef(AngrMachineDef):
+    arch = Architecture.MIPS32
+
+    pc_reg = "pc"
+
+    # NOTE: MIPS registers have a name and a number
+    # angr's machine state doesn't use the number,
+    # so... name.
+    _registers = {
+        # *** General-Purpose Registers ***
+        # Assembler-Temporary Register
+        "at": "at",
+        "1": "at",
+        # Return Value Registers
+        "v0": "v0",
+        "2": "v0",
+        "v1": "v1",
+        "3": "v3",
+        # Argument Registers
+        "a0": "a0",
+        "4": "a0",
+        "a1": "a1",
+        "5": "a1",
+        "a2": "a2",
+        "6": "a2",
+        "a3": "a3",
+        "7": "a3",
+        # Temporary Registers
+        "t0": "t0",
+        "8": "t0",
+        "t1": "t1",
+        "9": "t1",
+        "t2": "t2",
+        "10": "t2",
+        "t3": "t3",
+        "11": "t3",
+        "t4": "t4",
+        "12": "t4",
+        "t5": "t5",
+        "13": "t5",
+        "t6": "t6",
+        "14": "t6",
+        "t7": "t7",
+        "15": "t7",
+        # NOTE: These numbers aren't out of order.
+        # t8 and t9 are later in the register file than t0 - t7.
+        "t8": "t8",
+        "24": "t8",
+        "t9": "t9",
+        "25": "t9",
+        # Saved Registers
+        "s0": "s0",
+        "16": "s0",
+        "s1": "s1",
+        "17": "s1",
+        "s2": "s2",
+        "18": "s2",
+        "s3": "s3",
+        "19": "s3",
+        "s4": "s4",
+        "20": "s4",
+        "s5": "s5",
+        "21": "s5",
+        "s6": "s6",
+        "22": "s6",
+        "s7": "s7",
+        "23": "s7",
+        # NOTE: Register #30 was originally the Frame Pointer.
+        # It's been re-aliased as s8, since many ABIs don't use the frame pointer.
+        # Unicorn and Sleigh prefer to use the alias s8,
+        # so it should be the base register.
+        "s8": "s8",
+        "fp": "fp",
+        "30": "fp",
+        # Kernel-reserved Registers
+        "k0": "k0",
+        "26": "k0",
+        "k1": "k1",
+        "27": "k1",
+        # *** Pointer Registers ***
+        # Zero register
+        "zero": "zero",
+        "0": "zero",
+        # Global Offset Pointer
+        "gp": "gp",
+        "28": "gp",
+        # Stack Pointer
+        "sp": "sp",
+        "29": "sp",
+        # Return Address
+        "ra": "ra",
+        "31": "ra",
+        # Program Counter
+        "pc": "pc",
+        # Floating Point Registers
+        "f0": "f0",
+        "f1": "f1",
+        "f2": "f2",
+        "f3": "f3",
+        "f4": "f4",
+        "f5": "f5",
+        "f6": "f6",
+        "f7": "f7",
+        "f8": "f8",
+        "f9": "f9",
+        "f10": "f10",
+        "f11": "f11",
+        "f12": "f12",
+        "f13": "f13",
+        "f14": "f14",
+        "f15": "f15",
+        "f16": "f16",
+        "f17": "f17",
+        "f18": "f18",
+        "f19": "f19",
+        "f20": "f20",
+        "f21": "f21",
+        "f22": "f22",
+        "f23": "f23",
+        "f24": "f24",
+        "f25": "f25",
+        "f26": "f26",
+        "f27": "f27",
+        "f28": "f28",
+        "f29": "f29",
+        "f30": "f30",
+        "f31": "f31",
+        # *** Floating Point Control Registers ***
+        "fir": "fir",
+        "fcsr": "fcsr",
+        "fexr": "fexr",
+        "fenr": "fenr",
+        "fccr": "fccr",
+        # *** Accumulator Registers ***
+        # MIPS uses these to implement 64-bit results
+        # from 32-bit multiplication, amongst others.
+        "ac0": "ac0",
+        "hi0": "hi0",
+        "lo0": "lo0",
+        "ac1": "ac1",
+        "hi1": "hi1",
+        "lo1": "lo1",
+        "ac2": "ac2",
+        "hi2": "hi2",
+        "lo2": "lo2",
+        "ac3": "ac3",
+        "hi3": "hi3",
+        "lo3": "lo3",
+    }
+
+    _delay_slot_opcodes = {
+        "j",
+        "jal",
+        "jalx",
+        "jalr",
+        "jr",
+        "beq",
+        "beqz",
+        "bne" "bnez",
+        "bgez",
+        "bgezal",
+        "bgtz",
+        "blez",
+        "bltz",
+        "bltzal",
+    }
+
+    supports_single_step = False
+
+
+class MIPSELMachineDef(MIPSMachineDef):
+    byteorder = Byteorder.LITTLE
+    angr_arch = archinfo.ArchMIPS32(archinfo.Endness.LE)
+
+
+class MIPSBEMachineDef(MIPSMachineDef):
+    byteorder = Byteorder.BIG
+    angr_arch = archinfo.ArchMIPS32(archinfo.Endness.BE)

smallworld/emulators/angr/machdefs/mips64.py

@@ -0,0 +1,189 @@
+import archinfo
+
+from ....platforms import Architecture, Byteorder
+from .machdef import AngrMachineDef
+
+
+class MIPS64MachineDef(AngrMachineDef):
+    arch = Architecture.MIPS64
+
+    pc_reg = "pc"
+
+    # NOTE: MIPS registers have a name and a number
+    # angr's machine state doesn't use the number,
+    # so... name.
+    # NOTE: angr's register names are wrong.
+    # It follows Wikipedia's definition of the 64-bit ABI,
+    # which has a4 - a7 and t0 - t3 overlapping.
+    _registers = {
+        # *** General-Purpose Registers ***
+        # Assembler-Temporary Register
+        "at": "at",
+        "1": "at",
+        # Return Value Registers
+        "v0": "v0",
+        "2": "v0",
+        "v1": "v1",
+        "3": "v1",
+        # Argument Registers
+        "a0": "a0",
+        "4": "a0",
+        "a1": "a1",
+        "5": "a1",
+        "a2": "a2",
+        "6": "a2",
+        "a3": "a3",
+        "7": "a3",
+        "a4": "a4",
+        "8": "a4",
+        "a5": "a5",
+        "9": "a5",
+        "a6": "a6",
+        "10": "a6",
+        "a7": "a7",
+        "11": "a7",
+        # Temporary Registers
+        # NOTE: angr names registers 12 - 15 incorrectly.
+        # Be very careful if accessing angr's state directly.
+        "t0": "t4",
+        "12": "t4",
+        "t1": "t5",
+        "13": "t5",
+        "t2": "t6",
+        "14": "t6",
+        "t3": "t7",
+        "15": "t7",
+        # NOTE: These numbers aren't out of order.
+        # t8 and t9 are later in the register file than t0 - t7.
+        "t8": "t8",
+        "24": "t8",
+        "t9": "t9",
+        "25": "t9",
+        # Saved Registers
+        "s0": "s0",
+        "16": "s0",
+        "s1": "s1",
+        "17": "s1",
+        "s2": "s2",
+        "18": "s2",
+        "s3": "s3",
+        "19": "s3",
+        "s4": "s4",
+        "20": "s4",
+        "s5": "s5",
+        "21": "s5",
+        "s6": "s6",
+        "22": "s6",
+        "s7": "s7",
+        "23": "s7",
+        # NOTE: Register #30 was originally the Frame Pointer.
+        # It's been re-aliased as s8, since many ABIs don't use the frame pointer.
+        # Unicorn and Sleigh prefer to use the alias s8,
+        # so it should be the base register.
+        "s8": "s8",
+        "fp": "fp",
+        "30": "fp",
+        # Kernel-reserved Registers
+        "k0": "k0",
+        "26": "k0",
+        "k1": "k1",
+        "27": "k1",
+        # *** Pointer Registers ***
+        # Zero register
+        "zero": "zero",
+        "0": "zero",
+        # Global Offset Pointer
+        "gp": "gp",
+        "28": "gp",
+        # Stack Pointer
+        "sp": "sp",
+        "29": "sp",
+        # Return Address
+        "ra": "ra",
+        "31": "ra",
+        # Program Counter
+        "pc": "pc",
+        # Floating Point Registers
+        "f0": "f0",
+        "f1": "f1",
+        "f2": "f2",
+        "f3": "f3",
+        "f4": "f4",
+        "f5": "f5",
+        "f6": "f6",
+        "f7": "f7",
+        "f8": "f8",
+        "f9": "f9",
+        "f10": "f10",
+        "f11": "f11",
+        "f12": "f12",
+        "f13": "f13",
+        "f14": "f14",
+        "f15": "f15",
+        "f16": "f16",
+        "f17": "f17",
+        "f18": "f18",
+        "f19": "f19",
+        "f20": "f20",
+        "f21": "f21",
+        "f22": "f22",
+        "f23": "f23",
+        "f24": "f24",
+        "f25": "f25",
+        "f26": "f26",
+        "f27": "f27",
+        "f28": "f28",
+        "f29": "f29",
+        "f30": "f30",
+        "f31": "f31",
+        # *** Floating Point Control Registers ***
+        "fir": "fir",
+        "fcsr": "fcsr",
+        "fexr": "fexr",
+        "fenr": "fenr",
+        "fccr": "fccr",
+        # *** Accumulator Registers ***
+        # MIPS uses these to implement 64-bit results
+        # from 32-bit multiplication, amongst others.
+        "ac0": "ac0",
+        "hi0": "hi0",
+        "lo0": "lo0",
+        "ac1": "ac1",
+        "hi1": "hi1",
+        "lo1": "lo1",
+        "ac2": "ac2",
+        "hi2": "hi2",
+        "lo2": "lo2",
+        "ac3": "ac3",
+        "hi3": "hi3",
+        "lo3": "lo3",
+    }
+
+    _delay_slot_opcodes = {
+        "j",
+        "jal",
+        "jalx",
+        "jalr",
+        "jr",
+        "beq",
+        "beqz",
+        "bne" "bnez",
+        "bgez",
+        "bgezal",
+        "bgtz",
+        "blez",
+        "bltz",
+        "bltzal",
+    }
+
+    supports_single_step = False
+
+
+class MIPS64ELMachineDef(MIPS64MachineDef):
+    byteorder = Byteorder.LITTLE
+    angr_arch = archinfo.ArchMIPS64(archinfo.Endness.LE)
+
+
+class MIPS64BEMachineDef(MIPS64MachineDef):
+    byteorder = Byteorder.BIG
+    angr_arch = archinfo.ArchMIPS64(archinfo.Endness.BE)

smallworld/emulators/angr/machdefs/ppc.py

@@ -0,0 +1,101 @@
+import archinfo
+
+from ....platforms import Architecture, Byteorder
+from .machdef import AngrMachineDef
+
+
+class PowerPCMachineDef(AngrMachineDef):
+    byteorder = Byteorder.BIG
+
+    pc_reg = "pc"
+
+    _registers = {
+        "r0": "r0",
+        "r1": "r1",
+        "sp": "sp",
+        "r2": "r2",
+        "r3": "r3",
+        "r4": "r4",
+        "r5": "r5",
+        "r6": "r6",
+        "r7": "r7",
+        "r8": "r8",
+        "r9": "r9",
+        "r10": "r10",
+        "r11": "r11",
+        "r12": "r12",
+        "r13": "r13",
+        "r14": "r14",
+        "r15": "r15",
+        "r16": "r16",
+        "r17": "r17",
+        "r18": "r18",
+        "r19": "r19",
+        "r20": "r20",
+        "r21": "r21",
+        "r22": "r22",
+        "r23": "r23",
+        "r24": "r24",
+        "r25": "r25",
+        "r26": "r26",
+        "r27": "r27",
+        "r28": "r28",
+        "r29": "r29",
+        "r30": "r30",
+        "r31": "r31",
+        "pc": "pc",
+        "lr": "lr",
+        "ctr": "ctr",
+        "cr0": "cr0",
+        "cr1": "cr1",
+        "cr2": "cr2",
+        "cr3": "cr3",
+        "cr4": "cr4",
+        "cr5": "cr5",
+        "cr6": "cr6",
+        "cr7": "cr7",
+        "f0": "fpr0",
+        "f1": "fpr1",
+        "f2": "fpr2",
+        "f3": "fpr3",
+        "f4": "fpr4",
+        "f5": "fpr5",
+        "f6": "fpr6",
+        "f7": "fpr7",
+        "f8": "fpr8",
+        "f9": "fpr9",
+        "f10": "fpr10",
+        "f11": "fpr11",
+        "f12": "fpr12",
+        "f13": "fpr13",
+        "f14": "fpr14",
+        "f15": "fpr15",
+        "f16": "fpr16",
+        "f17": "fpr17",
+        "f18": "fpr18",
+        "f19": "fpr19",
+        "f20": "fpr20",
+        "f21": "fpr21",
+        "f22": "fpr22",
+        "f23": "fpr23",
+        "f24": "fpr24",
+        "f25": "fpr25",
+        "f26": "fpr26",
+        "f27": "fpr27",
+        "f28": "fpr28",
+        "f29": "fpr29",
+        "f30": "fpr30",
+        "f31": "fpr31",
+        "xer": "",
+        "fpscr": "",
+    }
+
+
+class PowerPC32MachineDef(PowerPCMachineDef):
+    arch = Architecture.POWERPC32
+    angr_arch = archinfo.arch_ppc32.ArchPPC32(archinfo.Endness.BE)
+
+
+class PowerPC64MachineDef(PowerPCMachineDef):
+    arch = Architecture.POWERPC64
+    angr_arch = archinfo.arch_ppc64.ArchPPC64(archinfo.Endness.BE)