smallworld-re 1.0.3__py3-none-any.whl → 2.0.0__py3-none-any.whl

smallworld/state/models/riscv64/systemv/c99/string.py

@@ -0,0 +1,139 @@
+from ....c99 import (
+    Memchr,
+    Memcmp,
+    Memcpy,
+    Memmove,
+    Memset,
+    Strcat,
+    Strchr,
+    Strcmp,
+    Strcoll,
+    Strcpy,
+    Strcspn,
+    Strerror,
+    Strlen,
+    Strncat,
+    Strncmp,
+    Strncpy,
+    Strpbrk,
+    Strrchr,
+    Strspn,
+    Strstr,
+    Strtok,
+    Strxfrm,
+)
+from ..systemv import RiscV64SysVModel
+
+
+class RiscV64SysVMemcpy(Memcpy, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVMemmove(Memmove, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrcpy(Strcpy, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrncpy(Strncpy, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrcat(Strcat, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrncat(Strncat, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVMemcmp(Memcmp, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrncmp(Strncmp, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrcmp(Strcmp, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrcoll(Strcoll, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrxfrm(Strxfrm, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVMemchr(Memchr, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrchr(Strchr, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrcspn(Strcspn, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrpbrk(Strpbrk, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrrchr(Strrchr, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrspn(Strspn, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrstr(Strstr, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrtok(Strtok, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVMemset(Memset, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrerror(Strerror, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrlen(Strlen, RiscV64SysVModel):
+    pass
+
+
+__all__ = [
+    "RiscV64SysVMemcpy",
+    "RiscV64SysVMemmove",
+    "RiscV64SysVStrcpy",
+    "RiscV64SysVStrncpy",
+    "RiscV64SysVStrcat",
+    "RiscV64SysVStrncat",
+    "RiscV64SysVMemcmp",
+    "RiscV64SysVStrncmp",
+    "RiscV64SysVStrcmp",
+    "RiscV64SysVStrcoll",
+    "RiscV64SysVStrxfrm",
+    "RiscV64SysVMemchr",
+    "RiscV64SysVStrchr",
+    "RiscV64SysVStrcspn",
+    "RiscV64SysVStrpbrk",
+    "RiscV64SysVStrrchr",
+    "RiscV64SysVStrspn",
+    "RiscV64SysVStrstr",
+    "RiscV64SysVStrtok",
+    "RiscV64SysVMemset",
+    "RiscV64SysVStrerror",
+    "RiscV64SysVStrlen",
+]

smallworld/state/models/riscv64/systemv/c99/time.py

@@ -0,0 +1,61 @@
+from ....c99 import (
+    Asctime,
+    Clock,
+    Ctime,
+    Difftime,
+    Gmtime,
+    Localtime,
+    Mktime,
+    Strftime,
+    Time,
+)
+from ..systemv import RiscV64SysVModel
+
+
+class RiscV64SysVTime(Time, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVLocaltime(Localtime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVGmtime(Gmtime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVCtime(Ctime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVAsctime(Asctime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVStrftime(Strftime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVDifftime(Difftime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVMktime(Mktime, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVClock(Clock, RiscV64SysVModel):
+    pass
+
+
+__all__ = [
+    "RiscV64SysVTime",
+    "RiscV64SysVLocaltime",
+    "RiscV64SysVGmtime",
+    "RiscV64SysVCtime",
+    "RiscV64SysVAsctime",
+    "RiscV64SysVStrftime",
+    "RiscV64SysVDifftime",
+    "RiscV64SysVMktime",
+    "RiscV64SysVClock",
+]

smallworld/state/models/riscv64/systemv/posix/__init__.py

@@ -0,0 +1,6 @@
+from .libgen import *  # noqa: F401, F403
+from .libgen import __all__ as __libgen__
+from .signal import *  # noqa: F401, F403
+from .signal import __all__ as __signal__
+
+__all__ = __libgen__ + __signal__

smallworld/state/models/riscv64/systemv/posix/libgen.py

@@ -0,0 +1,16 @@
+from ....posix.libgen import Basename, Dirname
+from ..systemv import RiscV64SysVModel
+
+
+class RiscV64SysVBasename(Basename, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVDirname(Dirname, RiscV64SysVModel):
+    pass
+
+
+__all__ = [
+    "RiscV64SysVBasename",
+    "RiscV64SysVDirname",
+]

smallworld/state/models/riscv64/systemv/posix/signal.py

@@ -0,0 +1,157 @@
+from ....posix.signal import (
+    BsdSignal,
+    Kill,
+    Killpg,
+    PthreadKill,
+    PthreadSigmask,
+    Sigaction,
+    Sigaddset,
+    Sigaltstack,
+    Sigdelset,
+    Sigemptyset,
+    Sigfillset,
+    Sighold,
+    Sigignore,
+    Siginterrupt,
+    Sigismember,
+    Sigpause,
+    Sigpending,
+    Sigprocmask,
+    Sigqueue,
+    Sigrelse,
+    Sigset,
+    Sigsuspend,
+    Sigtimedwait,
+    Sigwait,
+    Sigwaitinfo,
+)
+from ..systemv import RiscV64SysVModel
+
+
+class RiscV64SysVBsdSignal(BsdSignal, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVKill(Kill, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVKillpg(Killpg, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVPthreadKill(PthreadKill, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVPthreadSigmask(PthreadSigmask, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigaction(Sigaction, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigaddset(Sigaddset, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigaltstack(Sigaltstack, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigdelset(Sigdelset, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigemptyset(Sigemptyset, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigfillset(Sigfillset, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSighold(Sighold, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigignore(Sigignore, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSiginterrupt(Siginterrupt, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigismember(Sigismember, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigpause(Sigpause, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigpending(Sigpending, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigprocmask(Sigprocmask, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigqueue(Sigqueue, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigrelse(Sigrelse, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigset(Sigset, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigsuspend(Sigsuspend, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigtimedwait(Sigtimedwait, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigwait(Sigwait, RiscV64SysVModel):
+    pass
+
+
+class RiscV64SysVSigwaitinfo(Sigwaitinfo, RiscV64SysVModel):
+    pass
+
+
+__all__ = [
+    "RiscV64SysVBsdSignal",
+    "RiscV64SysVKill",
+    "RiscV64SysVKillpg",
+    "RiscV64SysVPthreadKill",
+    "RiscV64SysVPthreadSigmask",
+    "RiscV64SysVSigaction",
+    "RiscV64SysVSigaddset",
+    "RiscV64SysVSigaltstack",
+    "RiscV64SysVSigdelset",
+    "RiscV64SysVSigemptyset",
+    "RiscV64SysVSigfillset",
+    "RiscV64SysVSighold",
+    "RiscV64SysVSigignore",
+    "RiscV64SysVSiginterrupt",
+    "RiscV64SysVSigismember",
+    "RiscV64SysVSigpause",
+    "RiscV64SysVSigpending",
+    "RiscV64SysVSigprocmask",
+    "RiscV64SysVSigqueue",
+    "RiscV64SysVSigrelse",
+    "RiscV64SysVSigset",
+    "RiscV64SysVSigsuspend",
+    "RiscV64SysVSigtimedwait",
+    "RiscV64SysVSigwait",
+    "RiscV64SysVSigwaitinfo",
+]

smallworld/state/models/riscv64/systemv/systemv.py

@@ -0,0 +1,85 @@
+import struct
+
+from ..... import emulators, platforms
+from ...cstd import ArgumentType, CStdModel
+
+
+class RiscV64SysVModel(CStdModel):
+    """Base class for C models using the AArch64 System V ABI"""
+
+    platform = platforms.Platform(
+        platforms.Architecture.RISCV64, platforms.Byteorder.LITTLE
+    )
+    abi = platforms.ABI.SYSTEMV
+
+    _int_sign_mask = 0x80000000
+    _int_inv_mask = 0xFFFFFFFF
+    _long_sign_mask = 0x8000000000000000
+    _long_inv_mask = 0xFFFFFFFFFFFFFFFF
+    _long_long_sign_mask = 0x8000000000000000
+    _long_long_inv_mask = 0xFFFFFFFFFFFFFFFF
+
+    _four_byte_types = {ArgumentType.INT, ArgumentType.UINT}
+
+    _eight_byte_types = {
+        ArgumentType.LONG,
+        ArgumentType.ULONG,
+        ArgumentType.LONGLONG,
+        ArgumentType.ULONGLONG,
+        ArgumentType.SIZE_T,
+        ArgumentType.SSIZE_T,
+        ArgumentType.POINTER,
+    }
+
+    _four_byte_arg_regs = ["a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7"]
+
+    _eight_byte_arg_regs = [
+        "a0",
+        "a1",
+        "a2",
+        "a3",
+        "a4",
+        "a5",
+        "a6",
+        "a7",
+    ]
+
+    _soft_float = False
+    _variadic_soft_float = True
+    _floats_are_doubles = False
+    _float_arg_regs = ["fa0", "fa1", "fa2", "fa3", "fa4", "fa5", "fa6"]
+
+    _double_arg_regs = ["fa0", "fa1", "fa2", "fa3", "fa4", "fa5", "fa6"]
+
+    _init_stack_offset = 0
+    _align_stack = False
+    _eight_byte_reg_size = 1
+    _double_reg_size = 1
+    _four_byte_stack_size = 8
+    _eight_byte_stack_size = 8
+    _float_stack_size = 8
+    _double_stack_size = 8
+
+    def _return_4_byte(self, emulator: emulators.Emulator, val: int) -> None:
+        """Return a four-byte type"""
+        val &= self._int_inv_mask
+        # riscv64 sign-extends 4-byte ints to fill the register.
+        if val & self._int_sign_mask != 0:
+            val |= self._int_signext_mask
+        emulator.write_register("a0", val)
+
+    def _return_8_byte(self, emulator: emulators.Emulator, val: int) -> None:
+        """Return an eight-byte type"""
+        emulator.write_register("a0", val)
+
+    def _return_float(self, emulator: emulators.Emulator, val: float) -> None:
+        """Return a float"""
+        data = struct.pack("<f", val)
+        intval = int.from_bytes(data, "little")
+        emulator.write_register("fa0", intval)
+
+    def _return_double(self, emulator: emulators.Emulator, val: float) -> None:
+        """Return a double"""
+        data = struct.pack("<d", val)
+        intval = int.from_bytes(data, "little")
+        emulator.write_register("fa0", intval)

smallworld/state/state.py

@@ -42,7 +42,7 @@ class Stateful(metaclass=abc.ABCMeta):
 
 
 class Value(metaclass=abc.ABCMeta):
-    """An abstract class whose subclasses all have a tuple of content, type, and label. Content is the value which must be convertable into bytes. The type is a ctype reprensenting the type of content. Label is a string that is a human label for the object. Any or all are optional."""
+    """An abstract class whose subclasses all have a tuple of content, type, and label.  Content is the value which must be convertable into bytes. The type is a ctype reprensenting the type of content. Label is a string that is a human label for the object. Any or all are optional."""
 
     def __init__(self: typing.Any) -> None:
         self._content: typing.Union[None, int, bytes, claripy.ast.bv.BV] = None
@@ -197,6 +197,14 @@ class Value(metaclass=abc.ABCMeta):
         else:
             return None
 
+    def __getstate__(self):
+        # Override default pickling operation
+        # The '_type' field is a ctypes class which won't be pickleable.
+        # TODO: figure out how to pickle ctypes classes
+        state = self.__dict__.copy()
+        state["_type"] = None
+        return state
+
     @abc.abstractmethod
     def to_bytes(self, byteorder: platforms.Byteorder) -> bytes:
         """Convert this value into a byte string.
@@ -222,17 +230,26 @@ class Value(metaclass=abc.ABCMeta):
         """
 
         class CTypeValue(Value):
-            _type = ctype.__class__
-            _label = label
-            _content = ctype
+            def __init__(self, ctype: typing.Any, label: str):
+                self._content = ctype
+                self._label = label
+                self._type = ctype.__class__
+
+            def __getstate__(self):
+                state = self.__dict__.copy()
+                del state["_content"]
+                del state["_type"]
+                return state
+
+            # def __setstate__(self, state):
 
             def get_size(self) -> int:
-                return ctypes.sizeof(self._content)
+                return ctypes.sizeof(self._content)  # type: ignore
 
             def to_bytes(self, byteorder: platforms.Byteorder) -> bytes:
-                return bytes(self._content)
+                return bytes(self._content)  # type: ignore
 
-        return CTypeValue()
+        return CTypeValue(ctype, label)
 
 
 class SymbolicValue(Value):
@@ -812,18 +829,12 @@ class Machine(StatefulSet):
                 machine_copy = copy.deepcopy(self)
                 machine_copy.extract(emulator)
                 yield machine_copy
+
             except exceptions.EmulationBounds:
-                # import pdb
-                # pdb.set_trace()
                 print(
                     "emulation complete; encountered exit point or went out of bounds"
                 )
                 break
-            except Exception as e:
-                # import pdb
-                # pdb.set_trace()
-                print(f"emulation ended; raised exception {e}")
-                break
         return None
 
     def fuzz(
@@ -839,26 +850,56 @@ class Machine(StatefulSet):
         Arguments:
             emulator: Currently, must be the unicorn emulator
             input_callback: A callback that applies an input to a machine
+            input_file_path: The path of the input file AFL will mutate. If not given, we assume argv[1].
             crash_callback: An optional callback that is given the unicorn state and can decide whether or not to record it as a crash. (See unicornafl documentation for more info)
             always_validate: Whether to run the crash_callback on every run or only when unicorn returns an error.
             iterations: The number of iterations to run before forking a new child
         Returns:
             Bytes for this value with the given byteorder.
         """
-        try:
-            import argparse
-
-            import unicornafl
-        except ImportError:
-            raise RuntimeError(
-                "missing `unicornafl` - afl++ must be installed manually from source"
-            )
+        import argparse
 
         arg_parser = argparse.ArgumentParser(description="AFL Harness")
         arg_parser.add_argument(
             "input_file", type=str, help="File path AFL will mutate"
         )
         args = arg_parser.parse_args()
+        self.fuzz_with_file(
+            emulator,
+            input_callback,
+            args.input_file,
+            crash_callback,
+            always_validate,
+            iterations,
+        )
+
+    def fuzz_with_file(
+        self,
+        emulator: emulators.Emulator,
+        input_callback: typing.Callable,
+        input_file_path: str,
+        crash_callback: typing.Optional[typing.Callable] = None,
+        always_validate: bool = False,
+        iterations: int = 1,
+    ) -> None:
+        """Fuzz the machine using unicornafl.
+
+        Arguments:
+            emulator: Currently, must be the unicorn emulator
+            input_callback: A callback that applies an input to a machine
+            input_file_path: The path of the input file AFL will mutate. If not given, we assume argv[1].
+            crash_callback: An optional callback that is given the unicorn state and can decide whether or not to record it as a crash. (See unicornafl documentation for more info)
+            always_validate: Whether to run the crash_callback on every run or only when unicorn returns an error.
+            iterations: The number of iterations to run before forking a new child
+        Returns:
+            Bytes for this value with the given byteorder.
+        """
+        try:
+            import unicornafl
+        except ImportError:
+            raise RuntimeError(
+                "missing `unicornafl` - afl++ must be installed manually from source"
+            )
 
         if not isinstance(emulator, emulators.UnicornEmulator):
             raise RuntimeError("you must use a unicorn emulator to fuzz")
@@ -867,7 +908,7 @@ class Machine(StatefulSet):
 
         unicornafl.uc_afl_fuzz(
             uc=emulator.engine,
-            input_file=args.input_file,
+            input_file=input_file_path,
             place_input_callback=input_callback,
             exits=emulator.get_exit_points(),
             validate_crash_callback=crash_callback,
@@ -942,7 +983,7 @@ class Machine(StatefulSet):
         for m in self:
             if issubclass(type(m), state.memory.Memory):
                 for po, v in m.items():
-                    if m.address + po <= address <= m.address + po + v._size:
+                    if m.address + po <= address <= m.address + po + v.get_size():
                         c = m[po].get()
                         o = address - (m.address + po)
                         return c[o : o + size]