[docs]classSymbion(ExplorationTechnique):""" The Symbion exploration technique uses the SimEngineConcrete available to step a SimState. :param find: address or list of addresses that we want to reach, these will be translated into breakpoints inside the concrete process using the ConcreteTarget interface provided by the user inside the SimEngineConcrete. :param memory_concretize: list of tuples (address, symbolic variable) that are going to be written in the concrete process memory. :param register_concretize: list of tuples (reg_name, symbolic variable) that are going to be written :param timeout: how long we should wait the concrete target to reach the breakpoint """
[docs]def__init__(self,find=None,memory_concretize=None,register_concretize=None,timeout=0,find_stash="found"):super().__init__()# need to keep the raw list of addresses toself.breakpoints=findself.find=condition_to_lambda(find)self.memory_concretize=memory_concretizeself.register_concretize=register_concretizeself.find_stash=find_stashself.timeout=timeout
[docs]defsetup(self,simgr):# adding the 'found' stash during the setupsimgr.stashes[self.find_stash]=[]
[docs]defstep(self,simgr,stash="active",**kwargs):# safe guardifnotlen(simgr.stashes[stash]):l.warning("No stashes to step, aborting.")returnNone# check if the stash contains only one SimState and if not warn the user that only the# first state in the stash can be stepped in the SimEngineConcrete.# This because for now we support only one concrete execution, in future we can think about# a snapshot engine and give to each SimState an instance of a concrete process.iflen(simgr.stashes[stash])>1:l.warning("You are trying to use the Symbion exploration technique on multiple state, ""this is not supported now.")returnsimgr.step(stash=stash,**kwargs)
[docs]defcomplete(self,simgr):# We are done if we have hit at least one breakpoint in# the concrete executionreturnlen(simgr.stashes[self.find_stash])>=1