Merge pull request #325 from commial/jitter-symbexec

Eval_Expr in jitter context

3 files changed, 112 insertions, 93 deletions

diff --git a/miasm2/jitter/emulatedsymbexec.py b/miasm2/jitter/emulatedsymbexec.py
new file mode 100644
index 00000000..a5e4d340
--- /dev/null
+++ b/miasm2/jitter/emulatedsymbexec.py
@@ -0,0 +1,83 @@
+import miasm2.expression.expression as m2_expr
+from miasm2.ir.symbexec import symbexec
+
+
+class EmulatedSymbExec(symbexec):
+    """Symbolic exec instance linked with a jitter"""
+
+    def __init__(self, cpu, *args, **kwargs):
+        """Instanciate an EmulatedSymbExec, associated to CPU @cpu and bind
+        memory accesses.
+        @cpu: JitCpu instance
+        """
+        super(EmulatedSymbExec, self).__init__(*args, **kwargs)
+        self.cpu = cpu
+        self.func_read = self._func_read
+        self.func_write = self._func_write
+
+    def reset_regs(self):
+        """Set registers value to 0. Ignore register aliases"""
+        for reg in self.ir_arch.arch.regs.all_regs_ids_no_alias:
+            self.symbols.symbols_id[reg] = m2_expr.ExprInt(0, size=reg.size)
+
+    # Memory management
+    def _func_read(self, expr_mem):
+        """Memory read wrapper for symbolic execution
+        @expr_mem: ExprMem"""
+
+        addr = expr_mem.arg.arg.arg
+        size = expr_mem.size / 8
+        value = self.cpu.get_mem(addr, size)
+
+        return m2_expr.ExprInt(int(value[::-1].encode("hex"), 16),
+                               expr_mem.size)
+
+    def _func_write(self, symb_exec, dest, data):
+        """Memory read wrapper for symbolic execution
+        @symb_exec: symbexec instance
+        @dest: ExprMem instance
+        @data: Expr instance"""
+
+        # Get the content to write
+        data = self.expr_simp(data)
+        if not isinstance(data, m2_expr.ExprInt):
+            raise RuntimeError("A simplification is missing: %s" % data)
+        to_write = data.arg.arg
+
+        # Format information
+        addr = dest.arg.arg.arg
+        size = data.size / 8
+        content = hex(to_write).replace("0x", "").replace("L", "")
+        content = "0" * (size * 2 - len(content)) + content
+        content = content.decode("hex")[::-1]
+
+        # Write in VmMngr context
+        self.cpu.set_mem(addr, content)
+
+    # Interaction symbexec <-> jitter
+    def update_cpu_from_engine(self):
+        """Updates @cpu instance according to new CPU values"""
+
+        for symbol in self.symbols:
+            if isinstance(symbol, m2_expr.ExprId):
+                if hasattr(self.cpu, symbol.name):
+                    value = self.symbols.symbols_id[symbol]
+                    if not isinstance(value, m2_expr.ExprInt):
+                        raise ValueError("A simplification is missing: %s" % value)
+
+                    setattr(self.cpu, symbol.name, value.arg.arg)
+            else:
+                raise NotImplementedError("Type not handled: %s" % symbol)
+
+
+    def update_engine_from_cpu(self):
+        """Updates CPU values according to @cpu instance"""
+
+        for symbol in self.symbols:
+            if isinstance(symbol, m2_expr.ExprId):
+                if hasattr(self.cpu, symbol.name):
+                    value = m2_expr.ExprInt(getattr(self.cpu, symbol.name),
+                                            symbol.size)
+                    self.symbols.symbols_id[symbol] = value
+            else:
+                raise NotImplementedError("Type not handled: %s" % symbol)
diff --git a/miasm2/jitter/jitcore_python.py b/miasm2/jitter/jitcore_python.py
index e29c81c0..eced9cd2 100644
--- a/miasm2/jitter/jitcore_python.py
+++ b/miasm2/jitter/jitcore_python.py
@@ -2,43 +2,7 @@ import miasm2.jitter.jitcore as jitcore
 import miasm2.expression.expression as m2_expr
 import miasm2.jitter.csts as csts
 from miasm2.expression.simplifications import expr_simp
-from miasm2.ir.symbexec import symbexec
-
-
-################################################################################
-#                      Util methods for Python jitter                          #
-################################################################################
-
-def update_cpu_from_engine(cpu, exec_engine):
-    """Updates @cpu instance according to new CPU values
-    @cpu: JitCpu instance
-    @exec_engine: symbexec instance"""
-
-    for symbol in exec_engine.symbols:
-        if isinstance(symbol, m2_expr.ExprId):
-            if hasattr(cpu, symbol.name):
-                value = exec_engine.symbols.symbols_id[symbol]
-                if not isinstance(value, m2_expr.ExprInt):
-                    raise ValueError("A simplification is missing: %s" % value)
-
-                setattr(cpu, symbol.name, value.arg.arg)
-        else:
-            raise NotImplementedError("Type not handled: %s" % symbol)
-
-
-def update_engine_from_cpu(cpu, exec_engine):
-    """Updates CPU values according to @cpu instance
-    @cpu: JitCpu instance
-    @exec_engine: symbexec instance"""
-
-    for symbol in exec_engine.symbols:
-        if isinstance(symbol, m2_expr.ExprId):
-            if hasattr(cpu, symbol.name):
-                value = m2_expr.ExprInt(getattr(cpu, symbol.name),
-                                        symbol.size)
-                exec_engine.symbols.symbols_id[symbol] = value
-        else:
-            raise NotImplementedError("Type not handled: %s" % symbol)
+from miasm2.jitter.emulatedsymbexec import EmulatedSymbExec
 
 
 ################################################################################
@@ -51,50 +15,14 @@ class JitCore_Python(jitcore.JitCore):
 
     def __init__(self, ir_arch, bs=None):
         super(JitCore_Python, self).__init__(ir_arch, bs)
-        self.symbexec = None
         self.ir_arch = ir_arch
 
+        # CPU (None for now) will be set by the "jitted" Python function
+        self.symbexec = EmulatedSymbExec(None, self.ir_arch, {})
+
     def load(self):
         "Preload symbols according to current architecture"
-
-        symbols_init = {r:m2_expr.ExprInt(0, size=r.size)
-                        for r in self.ir_arch.arch.regs.all_regs_ids_no_alias}
-        self.symbexec = symbexec(self.ir_arch, symbols_init,
-                                 func_read = self.func_read,
-                                 func_write = self.func_write)
-
-    def func_read(self, expr_mem):
-        """Memory read wrapper for symbolic execution
-        @expr_mem: ExprMem"""
-
-        addr = expr_mem.arg.arg.arg
-        size = expr_mem.size / 8
-        value = self.cpu.get_mem(addr, size)
-
-        return m2_expr.ExprInt(int(value[::-1].encode("hex"), 16),
-                               expr_mem.size)
-
-    def func_write(self, symb_exec, dest, data):
-        """Memory read wrapper for symbolic execution
-        @symb_exec: symbexec instance
-        @dest: ExprMem instance
-        @data: Expr instance"""
-
-        # Get the content to write
-        data = expr_simp(data)
-        if not isinstance(data, m2_expr.ExprInt):
-            raise NotImplementedError("A simplification is missing: %s" % data)
-        to_write = data.arg.arg
-
-        # Format information
-        addr = dest.arg.arg.arg
-        size = data.size / 8
-        content = hex(to_write).replace("0x", "").replace("L", "")
-        content = "0" * (size * 2 - len(content)) + content
-        content = content.decode("hex")[::-1]
-
-        # Write in VmMngr context
-        self.cpu.set_mem(addr, content)
+        self.symbexec.reset_regs()
 
     def jitirblocs(self, label, irblocs):
         """Create a python function corresponding to an irblocs' group.
@@ -110,29 +38,27 @@ class JitCore_Python(jitcore.JitCore):
 
             # Keep current location in irblocs
             cur_label = label
-            loop = True
 
             # Required to detect new instructions
             offsets_jitted = set()
 
             # Get exec engine
             exec_engine = self.symbexec
+            exec_engine.cpu = cpu
 
             # For each irbloc inside irblocs
-            while loop is True:
+            while True:
 
                 # Get the current bloc
-                loop = False
                 for irb in irblocs:
                     if irb.label == cur_label:
-                        loop = True
                         break
-
-                # Irblocs must end with returning an ExprInt instance
-                assert(loop is not False)
+                else:
+                    raise RuntimeError("Irblocs must end with returning an "
+                                       "ExprInt instance")
 
                 # Refresh CPU values according to @cpu instance
-                update_engine_from_cpu(cpu, exec_engine)
+                exec_engine.update_engine_from_cpu()
 
                 # Execute current ir bloc
                 for ir, line in zip(irb.irs, irb.lines):
@@ -143,7 +69,7 @@ class JitCore_Python(jitcore.JitCore):
 
                         # Log registers values
                         if self.log_regs:
-                            update_cpu_from_engine(cpu, exec_engine)
+                            exec_engine.update_cpu_from_engine()
                             cpu.dump_gpregs()
 
                         # Log instruction
@@ -152,7 +78,7 @@ class JitCore_Python(jitcore.JitCore):
 
                         # Check for memory exception
                         if (vmmngr.get_exception() != 0):
-                            update_cpu_from_engine(cpu, exec_engine)
+                            exec_engine.update_cpu_from_engine()
                             return line.offset
 
                     # Eval current instruction (in IR)
@@ -160,14 +86,14 @@ class JitCore_Python(jitcore.JitCore):
 
                     # Check for memory exception which do not update PC
                     if (vmmngr.get_exception() & csts.EXCEPT_DO_NOT_UPDATE_PC != 0):
-                        update_cpu_from_engine(cpu, exec_engine)
+                        exec_engine.update_cpu_from_engine()
                         return line.offset
 
                 # Get next bloc address
                 ad = expr_simp(exec_engine.eval_expr(self.ir_arch.IRDst))
 
                 # Updates @cpu instance according to new CPU values
-                update_cpu_from_engine(cpu, exec_engine)
+                exec_engine.update_cpu_from_engine()
 
                 # Manage resulting address
                 if isinstance(ad, m2_expr.ExprInt):
@@ -190,7 +116,5 @@ class JitCore_Python(jitcore.JitCore):
         # Get Python function corresponding to @label
         fc_ptr = self.lbl2jitbloc[label]
 
-        self.cpu = cpu
-
         # Execute the function
         return fc_ptr(cpu, vmmngr)
diff --git a/miasm2/jitter/jitload.py b/miasm2/jitter/jitload.py
index 9a4b4ff4..aeb917d8 100644
--- a/miasm2/jitter/jitload.py
+++ b/miasm2/jitter/jitload.py
@@ -9,6 +9,7 @@ from miasm2.core.utils import *
 from miasm2.core.bin_stream import bin_stream_vm
 from miasm2.ir.ir2C import init_arch_C
 from miasm2.core.interval import interval
+from miasm2.jitter.emulatedsymbexec import EmulatedSymbExec
 
 hnd = logging.StreamHandler()
 hnd.setFormatter(logging.Formatter("[%(levelname)s]: %(message)s"))
@@ -201,11 +202,13 @@ class jitter:
 
         self.vm = VmMngr.Vm()
         self.cpu = jcore.JitCpu()
-
-        self.bs = bin_stream_vm(self.vm)
         self.ir_arch = ir_arch
+        self.bs = bin_stream_vm(self.vm)
         init_arch_C(self.arch)
 
+        self.symbexec = EmulatedSymbExec(self.cpu, self.ir_arch, {})
+        self.symbexec.reset_regs()
+
         if jit_type == "tcc":
             self.jit = JitCore_Tcc(self.ir_arch, self.bs)
         elif jit_type == "llvm":
@@ -443,3 +446,12 @@ class jitter:
 
         for f_addr in libs.fad2cname:
             self.handle_function(f_addr)
+
+    def eval_expr(self, expr):
+        """Eval expression @expr in the context of the current instance. Side
+        effects are passed on it"""
+        self.symbexec.update_engine_from_cpu()
+        ret = self.symbexec.apply_expr(expr)
+        self.symbexec.update_cpu_from_engine()
+
+        return ret