smallworld-re 1.0.0__py3-none-any.whl

smallworld/state/memory/stack/amd64.py

@@ -0,0 +1,42 @@
+import typing
+
+from .... import platforms
+from ... import state
+from . import stack
+
+
+class AMD64Stack(stack.DescendingStack):
+    """A stack for an AMD 64-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.X86_64, platforms.Byteorder.LITTLE
+    )
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 16
+
+    def push(self, value: state.Value) -> int:
+        return super().push(value)
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        s = cls(*args, **kwargs)
+        argv_address = []
+        total_strings_bytes = 0
+        for i, arg in enumerate(argv):
+            arg_size = len(arg)
+            total_strings_bytes += arg_size
+            argv_address.append((i, s.push_bytes(arg, label=f"argv[{i}]")))
+
+        argc = len(argv)
+        total_space = (8 * (argc + 2)) + total_strings_bytes
+        padding = 16 - (total_space % 16)
+        s.push_bytes(bytes(padding), label="stack alignment padding bytes")
+        s.push_integer(0, size=8, label="null terminator of argv array")
+        for i, addr in reversed(argv_address):
+            s.push_integer(addr, size=8, label=f"pointer to argv[{i}]")
+        s.push_integer(argc, size=8, label="argc")
+        return s

smallworld/state/memory/stack/arm.py

@@ -0,0 +1,66 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class ARM32Stack(stack.DescendingStack):
+    """A stack for an ARM 32-bit CPU"""
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 8
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for ARM32")
+
+
+class ARMv5tStack(ARM32Stack):
+    """A stack for an ARMv5t 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.ARM_V5T, platforms.Byteorder.LITTLE
+    )
+
+
+class ARMv6mStack(ARM32Stack):
+    """A stack for an ARMv6m 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.ARM_V6M, platforms.Byteorder.LITTLE
+    )
+
+
+class ARMv6mThumbStack(ARM32Stack):
+    """A stack for an ARMv6mThumb 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.ARM_V6M_THUMB, platforms.Byteorder.LITTLE
+    )
+
+
+class ARMv7mStack(ARM32Stack):
+    """A stack for an ARMv7m 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.ARM_V7M, platforms.Byteorder.LITTLE
+    )
+
+
+class ARMv7rStack(ARM32Stack):
+    """A stack for an ARMv7r 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.ARM_V7R, platforms.Byteorder.LITTLE
+    )
+
+
+class ARMv7aStack(ARM32Stack):
+    """A stack for an ARMv7a 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.ARM_V7A, platforms.Byteorder.LITTLE
+    )

smallworld/state/memory/stack/i386.py

@@ -0,0 +1,22 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class X86Stack(stack.DescendingStack):
+    """A stack for an Intel 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.X86_32, platforms.Byteorder.LITTLE
+    )
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 4
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for i386")

smallworld/state/memory/stack/mips.py

@@ -0,0 +1,34 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class MIPSStack(stack.DescendingStack):
+    """A stack for a MIPS 32-bit CPU"""
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 4
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for MIPS32")
+
+
+class MIPSBEStack(MIPSStack):
+    """A stack for a big-endian MIPS 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.MIPS32, platforms.Byteorder.BIG
+    )
+
+
+class MIPSELStack(MIPSStack):
+    """A stack for a little-endian MIPS 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.MIPS32, platforms.Byteorder.LITTLE
+    )

smallworld/state/memory/stack/mips64.py

@@ -0,0 +1,34 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class MIPS64Stack(stack.DescendingStack):
+    """A stack for a MIPS 64-bit CPU"""
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 4
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for MIPS64")
+
+
+class MIPS64BEStack(MIPS64Stack):
+    """A stack for a big-endian MIPS 64-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.MIPS64, platforms.Byteorder.BIG
+    )
+
+
+class MIPS64ELStack(MIPS64Stack):
+    """A stack for a little-endian MIPS 64-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.MIPS64, platforms.Byteorder.LITTLE
+    )

smallworld/state/memory/stack/ppc.py

@@ -0,0 +1,34 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class PowerPCStack(stack.DescendingStack):
+    """A stack for a PPC 32-bit CPU"""
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 4
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for PowerPC")
+
+
+class PowerPC32Stack(PowerPCStack):
+    """A stack for a PPC 32-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.POWERPC32, platforms.Byteorder.BIG
+    )
+
+
+class PowerPC64Stack(PowerPCStack):
+    """A stack for a PPC 64-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.POWERPC64, platforms.Byteorder.BIG
+    )

smallworld/state/memory/stack/riscv.py

@@ -0,0 +1,22 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class RISCV64Stack(stack.DescendingStack):
+    """A stack for a RISCV 64-bit CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.RISCV64, platforms.Byteorder.LITTLE
+    )
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 16
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for AArch64")

smallworld/state/memory/stack/stack.py

@@ -0,0 +1,127 @@
+import abc
+import typing
+
+from .... import platforms, utils
+from ... import state
+from .. import memory
+
+
+class Stack(memory.Memory):
+    """A stack-like region of memory with convenient operations like push and pop."""
+
+    @property
+    @abc.abstractmethod
+    def platform(self) -> platforms.Platform:
+        """The platform for which this stack is intended."""
+        pass
+
+    @classmethod
+    def get_platform(cls) -> platforms.Platform:
+        """Retrieve the platform for this stack."""
+        if not isinstance(cls.platform, platforms.Platform):
+            raise TypeError(f"{cls.__name__}.platform is not a Platform object")
+        return cls.platform
+
+    @abc.abstractmethod
+    def get_pointer(self) -> int:
+        """Get the current stack pointer.
+
+        Returns:
+          The current value of the stack pointer.
+        """
+        pass
+
+    @abc.abstractmethod
+    def get_alignment(self) -> int:
+        """Get the alignment for this stack.
+
+        Returns:
+          The alignment for this stack.
+        """
+        pass
+
+    @abc.abstractmethod
+    def push(self, value: state.Value) -> int:
+        """Push a value to the stack.
+
+        Arguments:
+            value: The value to be pushed.
+        Returns:
+            The stack pointer after the push.
+        """
+        pass
+
+    def push_integer(self, integer: int, size: int, label: str) -> int:
+        """Push an integer to the stack.
+
+        Arguments:
+            integer: The integer value to be pushed.
+            size: The size in bytes for the integer on the stack.
+            label: The label for the integer.
+        Returns:
+            The stack pointer after the push.
+        """
+
+        value = state.IntegerValue(integer, size, label)
+        return self.push(value)
+
+    def push_bytes(self, content: typing.Union[bytes, bytearray], label: str) -> int:
+        """Push some bytes to the stack.
+
+        Arguments:
+            content: The bytes to push.
+            label: The label for the bytes.
+
+        Returns:
+            The stack pointer after the push.
+        """
+        value = state.BytesValue(content, label)
+        return self.push(value)
+
+    def push_ctype(self, content: typing.Any, label: str) -> int:
+        """Push some structured bytes to the stack.
+
+        Arguments:
+            content: The ctypes structured bytes.
+            label: The label for the bytes.
+        Returns:
+            The stack pointer after the push.
+        """
+        value = state.Value.from_ctypes(content, label)
+        return self.push(value)
+
+    @classmethod
+    def for_platform(cls, platform: platforms.Platform, address: int, size: int):
+        """Create a stack for this platform.
+
+        Arguments:
+            platform: The platform for which this stack is intended.
+            address: Start address for this stack.
+            size: Size of requested stack, in bytes.
+        """
+
+        def check(x):
+            if x.get_platform():
+                return (
+                    x.get_platform().architecture == platform.architecture
+                    and x.get_platform().byteorder == platform.byteorder
+                )
+            return False
+
+        try:
+            return utils.find_subclass(cls, check, address, size)
+        except ValueError:
+            raise ValueError(f"No stack for {platform}")
+
+
+class DescendingStack(Stack):
+    """A stack that grows down, i.e., a push will decrease the stack pointer."""
+
+    def push(self, value: state.Value) -> int:
+        self._is_safe(value)
+        offset = (self.get_capacity()) - self.get_used() - value.get_size()
+        self[offset] = value
+        return offset
+
+
+__all__ = ["Stack"]

smallworld/state/memory/stack/xtensa.py

@@ -0,0 +1,34 @@
+import typing
+
+from .... import platforms
+from . import stack
+
+
+class XTensaStack(stack.DescendingStack):
+    """A stack for an XTensa CPU"""
+
+    def get_pointer(self) -> int:
+        return (self.address + self.size) - self.get_used()
+
+    def get_alignment(self) -> int:
+        return 4
+
+    @classmethod
+    def initialize_stack(cls, argv: typing.List[bytes], *args, **kwargs):
+        raise NotImplementedError("Stack initialization not implemented for XTensa")
+
+
+class XTensaBEStack(XTensaStack):
+    """A stack for a big-endian XTensa CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.XTENSA, platforms.Byteorder.BIG
+    )
+
+
+class XTensaELStack(XTensaStack):
+    """A stack for a little-endian XTensa CPU"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.XTENSA, platforms.Byteorder.LITTLE
+    )

smallworld/state/models/__init__.py

@@ -0,0 +1,6 @@
+from . import x86
+from .mmio import MemoryMappedModel
+from .model import *  # noqa: F401, F403
+from .model import __all__ as __model__
+
+__all__ = __model__ + ["MemoryMappedModel", "x86"]

smallworld/state/models/mmio.py

@@ -0,0 +1,186 @@
+import abc
+import logging
+import typing
+
+import claripy
+
+from ... import emulators
+from .. import state
+
+logger = logging.getLogger(__name__)
+
+
+class MemoryMappedModel(state.Stateful):
+    """A model of a memory-mapped IO device dealing with concrete values
+
+    This lets you specify alternate handler routines
+    for reads and writes within a range of memory addressess,
+    bypassing the emulator's normal memory model.
+    As the name suggests, this is useful for modeling
+    MMIO devices, where accessing a particular address
+    actually accesses a register of a peripheral device.
+
+    The callback routines on_read() and on_write()
+    will trigger on any access within the specified range;
+    one MemoryMappedModel can handle multiple registers,
+    allowing you to model an entire device, or even a set of adjacent devices
+    in one object.
+
+    Arguments:
+        address: Starting address of the MMIO region
+        size: Size of the MMIO region in bytes
+    """
+
+    def __init__(self, address: int, size: int):
+        self.address = address
+        self.size = size
+
+    @abc.abstractmethod
+    def on_read(
+        self, emu: emulators.Emulator, addr: int, size: int, unused: bytes
+    ) -> typing.Optional[bytes]:
+        """Callback handling reads from an MMIO register
+
+        NOTE: Results must be encoded in the emulator's byte order.
+
+        NOTE: Attempting to access memory in this MMIO range
+        inside this handler will produce undefined behavior.
+
+        Arguments:
+            emu: The emulator object mediating this operation
+            addr: The start address of the read operation
+            size: The number of bytes read
+
+        Returns:
+            `size` bytes containing the result of the modeled read
+        """
+        raise NotImplementedError("Abstract method")
+
+    @abc.abstractmethod
+    def on_write(
+        self, emu: emulators.Emulator, addr: int, size: int, value: bytes
+    ) -> None:
+        """Callback handling writes to an MMIO register
+
+        NOTE: `value` will be encoded in the emulator's byte order.
+
+        NOTE: Attempting to access memory in this MMIO range
+        inside this handler will produce undefined behavior.
+
+        Arguments:
+            emu: The emulator object mediating this operation
+            addr: The start address of the write operation
+            size: The number of bytes written
+            value: The bytes written
+        """
+        raise NotImplementedError("Abstract method")
+
+    def extract(self, emulator: emulators.Emulator) -> None:
+        logger.debug(f"Skipping extract for {self} (mmio)")
+
+    def apply(self, emulator: emulators.Emulator) -> None:
+        logger.debug(f"Hooking MMIO {self} {self.address:x}")
+        emulator.map_memory(self.address, self.size)
+        if self.on_read is not None:
+            if not isinstance(emulator, emulators.MemoryReadHookable):
+                raise NotImplementedError("Emulator does not support read hooking")
+            emulator.hook_memory_read(
+                self.address, self.address + self.size, self.on_read
+            )
+        if self.on_write is not None:
+            if not isinstance(emulator, emulators.MemoryWriteHookable):
+                raise NotImplementedError("Emulator does not support write hooking")
+            emulator.hook_memory_write(
+                self.address, self.address + self.size, self.on_write
+            )
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({hex(self.address)})"
+
+
+class SymbolicMemoryMappedModel(state.Stateful):
+    """A model of a memory-mapped IO device dealing with symbolic values
+
+    This lets you specify alternate handler routines
+    for reads and writes within a range of memory addressess,
+    bypassing the emulator's normal memory model.
+    As the name suggests, this is useful for modeling
+    MMIO devices, where accessing a particular address
+    actually accesses a register of a peripheral device.
+
+    The callback routines on_read() and on_write()
+    will trigger on any access within the specified range;
+    one MemoryMappedModel can handle multiple registers,
+    allowing you to model an entire device, or even a set of adjacent devices
+    in one object.
+
+    Arguments:
+        address: Starting address of the MMIO region
+        size: Size of the MMIO region in bytes
+    """
+
+    def __init__(self, address: int, size: int):
+        self.address = address
+        self.size = size
+
+    @abc.abstractmethod
+    def on_read(
+        self, emu: emulators.Emulator, addr: int, size: int, unused: claripy.ast.bv.BV
+    ) -> typing.Optional[claripy.ast.bv.BV]:
+        """Callback handling reads from an MMIO register
+
+        NOTE: Results must be encoded in the emulator's byte order.
+
+        NOTE: Attempting to access memory in this MMIO range
+        inside this handler will produce undefined behavior.
+
+        Arguments:
+            emu: The emulator object mediating this operation
+            addr: The start address of the read operation
+            size: The number of bytes read
+
+        Returns:
+            `size` bytes containing the result of the modeled read
+        """
+        raise NotImplementedError("Abstract method")
+
+    @abc.abstractmethod
+    def on_write(
+        self, emu: emulators.Emulator, addr: int, size: int, value: claripy.ast.bv.BV
+    ) -> None:
+        """Callback handling writes to an MMIO register
+
+        NOTE: `value` will be encoded in the emulator's byte order.
+
+        NOTE: Attempting to access memory in this MMIO range
+        inside this handler will produce undefined behavior.
+
+        Arguments:
+            emu: The emulator object mediating this operation
+            addr: The start address of the write operation
+            size: The number of bytes written
+            value: The bytes written
+        """
+        raise NotImplementedError("Abstract method")
+
+    def extract(self, emulator: emulators.Emulator) -> None:
+        logger.debug(f"Skipping extract for {self} (mmio)")
+
+    def apply(self, emulator: emulators.Emulator) -> None:
+        logger.debug(f"Hooking MMIO {self} {self.address:x}")
+        emulator.map_memory(self.address, self.size)
+        if self.on_read is not None:
+            if not isinstance(emulator, emulators.MemoryReadHookable):
+                raise NotImplementedError("Emulator does not support read hooking")
+            emulator.hook_memory_read_symbolic(
+                self.address, self.address + self.size, self.on_read
+            )
+        if self.on_write is not None:
+            if not isinstance(emulator, emulators.MemoryWriteHookable):
+                raise NotImplementedError("Emulator does not support write hooking")
+            emulator.hook_memory_write_symbolic(
+                self.address, self.address + self.size, self.on_write
+            )
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({hex(self.address)})"