* initial
* Add test for mul checker
* clean
* Rename and clean
* Rm testing
* Better comment, and clean
* Split tests, add more tests
* Clean up stuff, remove unnecessary masking
* fmt
* Add back constrain to make it match the originall buggy situation
* Clean up surrounding code, make it unit testable
* Correct name
* Use individual arguments for helpers
* Clean some unused variables
* Add basic infrastructure
* Add real eth regression tests
* Use check_call
* Suppress stdout
* Make 705 work
* Less error prone way of testing
* Create EVMInstructionException, properly emit did_evm_execute_instruction for insns that trap to the platform
* Emit event before execution of platform handlers. This is because many of the
platform handles actually destroy the cpu (platform.current) via pop_vm.
Clients that receive the event may want to access the cpu though, for example
to see the current PC. so we emit the event right before, so they can do this
* simplify
* move closure below result decl
* Add comment to explain
* Fix typo
* Revert back to pythonic style
It was this way to test emitting the did execute signal here, rather
than in the evm cpu
* Remove inline function definition from critical path
* Add test for events for exception instructions
* Armv7 code refactor
Removes dead imports, makes code style more consistent and a bit more compliant with pep8 (yeah i seems we don't enforce any particular style, but this seems to be a reasonable default for me).
* Review fix: add comment for armv7 _shift
* WIP. issues with setting PC correctly via POP are corrected. issues with pc relative addressing in thumb mode corrected. Still a memory access error, but getting there
* WIP - PC relative addressing in thumb mode now aligns the value for PC per the spec before applying offset
* General thumb mode fixes:
* ldr pc, <operand> now swaps modes and sets pc correctly
* the bl instruction sets the lr appropriately for the current mode
* the two operand forms of the ORR, EOR, and BIC instructions now exist
* tests added for these updates
* comment cleanup
* WIP :more thumb mode instructions, a special case for the sys_brk handled, and a really ugly solution to an internal plumbing problem
* First attempt at concretizing ARM mode
* Handle symbolic mode for ARMv7
* Clean up imports
* Make comment more accurate and use instruction.size
* Collapse _Shift and _Shift_thumb
* Make ARM mode handling more Pythonic
* Improve comment on arm shift register handling and capstone behavior
* whitespace cleanup
* Remove access check from COWMap.__setitem__/__getitem__
* Access checks happen via read/write, so these checks are unecessary.
* Add force parameter to read/write functions
* Introduce to AbstractCpu's accessors
* Add mem force tests
* Apply force param to symbolic operations
* Add symbolic force write tests
* Clean up test
* Fix symbolic write behavior; add tests
* Fix unicorn tests and exception handling; add a sym wrapper for sys_exit
* Add debug output when solving for exit() arg
* Update how sys_exit(expr) is handled
* Move algorithm into ManticoreEVM
* Rm buggy unused line
* Initial eth testing setup
* Check for overflow in mul also
* clarifying comment
* Install solc for travis
* Add sudo
* x
* Rm travis_retry, since we rarely actually use it, and it's not available in this script for some reason
* Check for specific findings
* Fix test
* Clean up transaction firing logic
* Use less strict check, better for floating point
* Fixes symbolic reentrancy example
* Fix coverage Issue# 527
* Remove debug unused code
* New solidity biased API and reporting
* Updated examples to new api WIP
* simple_mapping FIXED. new api
* Simple transaction example added. msg.value can be symbolic now
* Reentrancy symbolic now updated to new API + bugfixes
* Doc and cleanups in evm assembler
* EVMInstruction -> Instruction
* cleanups
* typo
* deepcopy in Constant
* Better EVM-asm api and doc
* some docs
* More evm asm docs
* Fix import *
* typo
* newline between text and param
* similar phrasing to all the other flags
* typo
* typo
* fix function name in comment
* sphinx newline
* documentation fixes
* documentation fixes
* EVMAssembler to EVMAsm
* Fix evm @hook signature
* EVMAsm
* EVMasm refactor
* WIP New Policy class
* WIP pubsub
* Update Signal tests
* EVM support - Wip
* EVM support - dependencies fixed
* EVM support - fix decree merge
* fix decode instrucion event
* Fix small bugs in evm opcodes (too many arguments + wrong LOG name) (#380)
Fix wrong call parameters + typo
* Fix Create/Call
* Fix depth
* Default fixed point in arithmetic simplifier
* small fixes from github comments
* Fix event decode_instruction signature
* wip wip
* Auto tests for evm
* New EVM tests
* Ran 9556 FAILED (failures=166, errors=8, skipped=62)
* Fix some arithmetic instructions
* Ran 9556 FAILED (failures=136, errors=8, skipped=62)
* More instructions - Optimizing symbolic memory
* Added gas to opcodes description - FIX DELEGATECALL POPS
* Add wip wallet example
* The tests
* Solidity constructors need argument after bytecode
* Simple integer overflow working
* Good merge
* Good good merge
* WIP manticore refactor
* Fix default old-style initial state
* context now working
* Fix context serialization
* Fix test models. Can not set a state constraints
* typo
* A few typos (constraints setter) and use of public properties in internal methods
* Fix init wallet example
* State __init__ needs to initialize platform constraints
* Internal methods use internal properties
* Better attack modeling
* Better example layout
* Storage backup on CALL is now faster .. and correct
* Add LOG support
* Minimal SE test
* Added examples
* Send ether bugfix
* EVM: Fix wrong balance destination on CALL + decrease caller balance on CREATE
* New balance management
* Trying to maintain known hashes
* Known hash concretization policy
* CALLDATA max size bugfix
* Minimal SE example
* Remove evm tests
* add -> enqueue
* @m.init
* Fix workspace url
* Some test skipped
* Ad Fixme to platform specific stuff in State
* add -> enqueue
* Enqueue created state
* Fix m.init
Use a messy hack to adhere to the spec (callback func receive 1 state argument)
* Add _coverage_file ivar to Manticore
* Fix symbolic files
* remove extra enqueue
* Fixing __main__
* comments
* Fix visitors oddity
* setup merged
* remove duplicates and add pysha3
* Remove EVMTests import
* Refactor platform specific code out of ManticoreOutput (#505)
* Initial moving work
* Clean
* Make linux.generate_workspace_files work
* Fix
* clean
* Add test
* Test workspace for platform files
* Skip EVM cpu pretty print
* Remove bad import
* Fix coverage.py for testing
* Clean comment
* Comment hack
* Print evm cpu
* pretty print evm world instead of platform
* delet old scripts/examples
* delet old tests
* Remove z3 install script
* Array.max_size can be None, include check for that
* Rm unused _symbolic_files
add_symbolic_files was moved to linux, so this is not needed
* Rm unused args
* Import evm
* Rm dup function
* Rm stray prints
* Add docs for new classmethod apis
* minimal
* minimal example
* fix minimal
* Fair symbolic SHA3 handling
* Simple mapping example
* coverage example
* fix tests
* fix minimal
* Some eko fixes
* New SETH
* integer_overflow refactored
* Fixing the examples
* init_bytecode -> init
'
* Concrete reentrancy exampole
* concrete reentrancy selfdestruct
* Update minimal.py
* It's a new Minimal
* Integer overflow example
* New minimal
* minimal fix
* Examples last minute fixes
* Remove debug print
* add plugin.py
* Fixing event subscription
* remove temp params
* Remove param
* Update uncovered will_exec callback prototype
* Clean up debug output
* Automatically generated intruction tests
* Uninplemented instruction test removed
* Unused concretization policy removed
* Fixes enabling default bplugins
* solc from PATH
* Removed unused import
* Logger name updated
* WIP New Policy class
* WIP pubsub
* Update Signal tests
* small fixes from github comments
* Fix event decode_instruction signature
* Good merge
* Good good merge
* WIP manticore refactor
* Fix default old-style initial state
* add -> enqueue
* @m.init
* Fix workspace url
* Some test skipped
* Ad Fixme to platform specific stuff in State
* add -> enqueue
* Enqueue created state
* Fix m.init
Use a messy hack to adhere to the spec (callback func receive 1 state argument)
* Add _coverage_file ivar to Manticore
* Fix symbolic files
* remove extra enqueue
* Fixing __main__
* comments
* Experimental plugin system
* tests fixed
* Fix plugins
* Some reporting moved to plugin
* Fix assertions test
* Add published events to classes that publish them
* Update how we verify callbacks
* Update Eventful._publish
* Dev plugins (#512)
* Yet another flavor for event name checking
* really it's a bunch of minimal bugfixes
* Remove get_all_event_names from Plugin
* Update where we get all events
* Use new metaclass-based event registry
* Define prefixes in one place
* remove debug print
* remove debug print
* WIP New Policy class
* WIP pubsub
* Update Signal tests
* small fixes from github comments
* Fix event decode_instruction signature
* Good merge
* Good good merge
* WIP manticore refactor
* Fix default old-style initial state
* add -> enqueue
* @m.init
* Fix workspace url
* Some test skipped
* Ad Fixme to platform specific stuff in State
* add -> enqueue
* Enqueue created state
* Fix m.init
Use a messy hack to adhere to the spec (callback func receive 1 state argument)
* Add _coverage_file ivar to Manticore
* Fix symbolic files
* remove extra enqueue
* Fixing __main__
* comments
* Refactor CLI, and Manticore high level interfaces (#498)
* Refactor main,
- classmethod for linux
- refactor manticore ctor - compat with old linux behavior
- changed verbosity API (to allow for this use case: what if you want to set verbosity for the stuff manticore does in its ctor?)
* rm old verbosity
* small
* Add decree classmethod
* Rm checks ; they are redundant anyway
* Misc
* Move add_symbolic_file to linux platform
* rm redundant checks
* Rm explicit args for deprecated interface
* Fix cli bug
* Allow for both linux and decree from cli
* Add back argv positional param for deprecated api compat
* adding abstract disasm class
* before adding abstract insn
* explicit capstone use
* (wip) removing capstone
* debugging nose
* removed disassembler from constructor
* nits
* capstone->cs and nits
* basic memory (wip)
* tmp
* added binja dissasm
* fixed execution pipeline - calling LLIL instructions
* updated parseargs to select disassembler
* unstable (disassembler at CPU constructor breaks tests)
* disasm fix for tests
* nit for aliases in x86
* added a flag to differentiate disassembly and IL-disassembly for binja
* before merging
* merging with dev-events master
* fixed signal forwarding for binja
* cleaner initialization
* Binja RegisterFile. Dropped Platform
* address fixup
* properly incrementing PC
* some work on XOR, SET_REG, REG, CONST, AND, PUSH, POP
* adding first CALL, JMP, LOAD (wip)
* JUMP fix
* GOTO and misc fixes in PC handling
* adding instructions (wip)
* fixing flags and sizes (wip)
* loading database if exists for faster analysis
* fix for register debug
* fixes for register sizes and flags
* FIX for multiple IL instructions sharing the same PC
* removed CONST_PTR and misc fixes
* RET, SHR, shift left & misc instructions, fixing insn sizes (wip)
* flag fixes
* ctypes 2's complement parsing
* JUMP_TO, SYSCALL
* syscall fixups and flag computation using binja il only
* FLAG, NEG, CMP(family) of LLIL, some unimplemented methods
* MUL, DIV
* cmpxchg
* MUL, IMUL, ROR, ROL
* fallback to capstone for all LLIL_UNIMPL and LLIL_UNIMPL_MEM
* fixes for registers and memory when switching CPUs
* check for binja to disable multiprocessing
* merging
* nit
* hack for serialization
* moved check for disassembler to Manticore from __main__
* removing __class__ refs
* cleanup from __class__.disasm
* size calculation from get_instruction_low_level_il
* fix for NEG, check for empty queue, execute refactor
* fixes for LLIL functions
* removal of redundant regfile writes
* nit fixes
* function overrides in Cpu classes and orphan printf cleanup
* nit
* incomplete merge
* verbosity temp mod
* cleanups of FIXMEs
* 2-stage constructor for disassembler
* cleanup binja refs in abstractcpu
* serialization for platform_cpu
* check for UNIMPL in all the il queue
* typo fix
* fix for arm
* typo correction and starting caching implementation
* restored register printing and fixed import in x86.py
* orn instruction plus unit test
* uadd8 and it instructions implemented
* SEL instruction implementation
* GE flag set by UADD8
* IT instruction condition code properly no longer prevents its execution
* support for multiple instruction tests added to testing setup
* unit test for SEL instruction
* cleaned up the tests for thumb instructions
* implemented sxth and rev instructions
* implemented tests for sxth and rev instructions
* updated the add implementation to support two operand variant (i.e., add r4, #4)
* added test for itete ne instruction
* Use correct event name
* Add test for state.generate_testcase
Test merely tests that this function publishes the 'will_generate_testcase' event
* Properly test; make sure the callback executes and error if not
This is the most convoluted unit test I've ever written.
* "better"
* ran
* Some dirty work
* Rm unnecessary sanitization
* Fix state.generate_inputs event publishing
We don't need to manually pass `self` because State is automatically
forwarded as an argument. Also correctly specify a message for the state
and expose to the API
* Rename
* Update test for new save_testcase args, make test more robust
* Simplify arguments related to generate_testcase_callback by removing default arg. Add test for this behavior
* Minor test fixup
* Add official API docs
* Remove unnecessary new event type
* Fix context serialization
* Fix test models. Can not set a state constraints
* typo
* A few typos (constraints setter) and use of public properties in internal methods
* State __init__ needs to initialize platform constraints
* Internal methods use internal properties
* test_record_branches removed
* Add taint args to buffer creation
Allows the `new_symbolic_buffer` and `symbolicate_buffer` functions to take keyword args for tainting. Defaults to frozenset in both cases.
* Add unit tests and ArrayProxy taint propery
Adds simple unit tests for tainted buffers. Added a property to the ArrayProxy class in smtlib.expression so that it's possible to access the taint of the proxied ArrayVariable.
* Updated docstrings
* WIP New Policy class
* WIP pubsub
* Update Signal tests
* small fixes from github comments
* Fix event decode_instruction signature
* Good merge
* Good good merge
* Eventful class commented
* The million typos
* Code revision
* Fix tests for new mor strict Eventful
* Fix naming
* Separate storage from workspace
* Begin removing output generation from manticore.py
* Split up workspace and output
* Create a separation between output and workspace
* Get it to a working (hacky) state
* Start bringing state serialization into workspace
* More mcore->workspace moves
* Remove unused imports
* Update serializers; add interface
* move state saving to workspace
* can now save/load states and testcases
* Add redis as backend
* Implement streams in terms of values and vice versa
* Implement `ls` and move workspace loading to Workspace
* Better workspace initialization
* Fix how --workspace is parsed for tests
* update tests to new workspace indexes
* Fix state storage and handling
* Doc updates and extra error checking
* pep8 style changes
* Add Executor's 'sync'
* Remove previous workspace artifacts from Executor
* Comment out constraints check assert
* Centralize locking to new testcase ids
* Fix testcase generation
* pep8 updates
* propagate descriptor instead of path
* Add an in-memory state store
* Make memory maps be sortable
* Allow to produce an empty state
* Add workspace tests
* Make Memory.__cmp__() more robust
* remove md5 tests and replace with comparison
* fix directory path issue
* remove exact check as test is not deterministic
* fix argument assertion test and remove cdet_visited.txt
* allow extra addresses in actual to account for inter-machine differences
* initial
* Clean, only store address in message if not symbolic
If it's symbolic,it renders like
Generating testcase No. 2 - Invalid symbolic memory access (mode:r) <<manticore.core.smtlib.expression.BitVecAnd object at 0x7fd6dcd14410>>
which is not useful output to the user.
* Format as hex
* Fix tests
* Rm comments
- blx <Rm> swaps mode appropriately
- asr.w and lsr.w in thumb mode handle immediates for op2 correctly
- unit tests for thumb mode behavior for shifting instructions
- unit tests check for correct mode on BX and BLX instructions
* Wip refactoring
* Executor and exceptions refactor wip wip
* Fixing all_insts auto tests
* Visited and generate testcase now at manticore api level
* Aggregating state statistics into executor statistics
* Wip refactoring
* Executor and exceptions refactor wip wip
* Fixing all_insts auto tests
* Visited and generate testcase now at manticore api level
* Aggregating state statistics into executor statistics
* forwarding events wip
* state setstate fix and setup_stack merge fix
* will_terminate_state fix and tests skipped
* Update all ConcretizeRegister and ConcretizeMemory
* Wip refactoring
* Executor and exceptions refactor wip wip
* Fixing all_insts auto tests
* Visited and generate testcase now at manticore api level
* Aggregating state statistics into executor statistics
* Wip refactoring
* Executor and exceptions refactor wip wip
* Fixing all_insts auto tests
* Visited and generate testcase now at manticore api level
* Aggregating state statistics into executor statistics
* forwarding events wip
* state setstate fix and setup_stack merge fix
* will_terminate_state fix and tests skipped
* Update all ConcretizeRegister and ConcretizeMemory
* Exceptions are crazy crazy crazy
* fix last merge
* Merge merge until it pass
* Instructions count default to 0
* will/did execute/emulate
* Delayed keybpoard interrupt now shutdowns nicely
* fix auto test generator x86
* Undo bad merge
* utterly hopeless
* basic working
* Fix merge bugs and github comments
* Remove unnecesary comment - github comments
* trace_item not used there
* model-platform and system.py fixed
* backup/restore to store/load -- cpu.instruction property
* Slightly better did/will naming and dynamic signal forwarding
* platform.constraints and cpu.instruction as properties
* Fix forward signals getattr
* set las decoded pc at decode_instruction() / reenable instruction_cache
* Signals name convention: did/will/on
* Forward normal signals
* Maintain last decoded pc in abstractcpu
* Changed context manager so it just wont raise interrupt
* Decree now forwards signals and sets constraints
* linux.SymbolicFile does not need to maintain constraints
* remove debbug print
* Assimilating some PR commets
* size_total == size
* better merge of manticore.py
* typo
* Forwarding only specified objects in signal arguments
* Fix few broken tests
* revert + merge
* remove some unused stuff from manticore()
* manticore context <-> executor context
* manticore context <-> executor context2
* context context context
* forgotten return
* Fix basix.arm
* arm bitwise fix
* fix context
* Comment 1
* Comment 2
* Comment 3
* Comment 4
* Comment 5
* Comment 6
* Fix (still needs refactor but it works) profiling
* Fix (still needs refactor but it works) profiling
* The forgotten bit
* Update tests to reflect current output
* Verbosity fix
* Fix verbosity test
* Add MOVT instruction
* Add new ARM operand types for MRC
* mrc implementation seems to work
* UXTB inst implemented, provisional implementations of LDREX and STREX
* Added unit tests for MRC, MOVT, and UXTB
* Added mode swapping from blx instruction on arm cpu
* Make tests pass
* Add variadic decorator
* Add check for _variadic func attribute
* Expose @variadic at top level
* Use variable for the actual name of attr
* Update naming
* Use helper
* Maybe more pythonic?
* Add variadic to public API
* Add variadic decorator tests
* Clean
* Remove variadic parameter
* Add docstrings
* Document parameter
* Clean
* Better use of autodoc
* Update docstring
* Add todo comment
