Test your AI Agents with the all-new Agent to Agent Testing Platform.Learn More

How to use simplify_constraints method in avocado

Best Python code snippet using avocado_python

test_solver.py

Source:test_solver.py

...66        solver = Solver([], [])67        solver.data = parameters68        solver.constraints = constraints69        solver.read_constraints()70        solver.simplify_constraints()71        self.assertEqual(solver.constraints, constraints, "simplify_constraints deleted some important constraints")72    def test_simplify_constraints_constraints_with_simplification(self):73        """74        Test that, function do not delete important constraints75        """76        parameters = [3, 3, 3, 3]77        constraints = {((0, 0), (2, 0)), ((0, 1), (2, 0), (1, 1)),78                       ((0, 2), (2, 0)), ((2, 0),)}79        solver = Solver([], [])80        solver.data = parameters81        solver.constraints = constraints82        solver.read_constraints()83        solver.simplify_constraints()84        expectation = {((2, 0),)}85        self.assertEqual(solver.constraints, expectation, "simplify_constraints deleted some important constraints")86    # Test of Minimum forbidden tuple algorithm87    def test_solver_without_secrete_constraints(self):88        """89        Test that, solver didn't change constraints if there isn't any secret constraint90        """91        parameters = [3, 3, 3]92        constraints = {((0, 0), (2, 0)), ((0, 1), (1, 1)), ((1, 0), (2, 0))}93        solver = Solver(parameters, constraints)94        self.assertEqual(solver.constraints, constraints, "solver change constraints without secret "95                                                          "constraint")96    def test_solver_constraints_without_simplification(self):97        """...

angr_tgt.py

Source:angr_tgt.py

1#!/usr/bin/env python2import angr, claripy3import IPython4import logging, sys5from angr.block import CapstoneInsn6l = logging.getLogger("angr")7# silence some annoying logs8l.setLevel("WARNING")9def getFuncAddress(cfg, funcName, plt=None ):10    found = [11        addr for addr,func in cfg.kb.functions.items()12        if funcName == func.name and (plt is None or func.is_plt == plt)13    ]14    if len( found ) > 0:15        l.info("Found "+funcName+"'s address at "+hex(found[0])+"!")16        return found[0]17    else:18        raise Exception("No address found for function : "+funcName)19def getRetAddr(proj, fn):20    # let's disasm with capstone to search targets21    insn_bytes = proj.loader.memory.load(fn, 1000)22    for cs_insn in proj.arch.capstone.disasm(insn_bytes, fn):23        ins = CapstoneInsn(cs_insn)24        if ins.mnemonic == "ret":25            l.info(f"Found lfsr's return address at 0x{ins.address:x}!")26            return ins.address27    raise ValueError("failed to find ret op in {fn}")28def main(binary):29    proj = angr.project.Project(binary, use_sim_procedures=False, load_options={'auto_load_libs':False})30    cfg = proj.analyses.CFG(fail_fast=True)31    l.info("created CFG")32    tgtfn = getFuncAddress(cfg, 'init_state')33    final_addr = getRetAddr(proj, tgtfn)34    key = claripy.BVS("key",16*8)35    lfsr_state = claripy.BVS("lfsr_state",16*8)36    state = proj.factory.blank_state(addr=tgtfn)37    state.options |= { angr.sim_options.LAZY_SOLVES,38                       angr.sim_options.SIMPLIFY_CONSTRAINTS,39                       angr.sim_options.CONSTRAINT_TRACKING_IN_SOLVER,40                       angr.sim_options.ZERO_FILL_UNCONSTRAINED_MEMORY,41                       angr.sim_options.ZERO_FILL_UNCONSTRAINED_REGISTERS}42    state.regs.rax = 043    state.regs.rbx = 044    state.regs.rbp = 045    state.regs.r12 = 046    state.regs.r13 = 047    state.regs.r14 = 048    state.regs.r15 = 049    state.regs.ftop = 050    # key is symbolic51    for byte in key.chop(8):52        state.add_constraints(byte < 16)53        state.add_constraints(byte >= 0)54    state.regs.rdi = state.solver.BVV(0xd000000, 128)55    state.memory.store(0xd000000,key)56    state.regs.rsi = state.solver.BVV(0xd000010, 128)57    state.memory.store(0xd000010,lfsr_state)58    state.solver.simplify()59    simgr = proj.factory.simulation_manager(state, veritesting=True)60    simgr.explore(find=final_addr)61    s= simgr.found[0].copy()62    s.solver.simplify(s.memory.load(0xd000010, 16))63    print("init_lfsr -> lfsr_state:", s.memory.load(0xd000010, 16))64    tgtfn = getFuncAddress(cfg, 'lfsr')65    final_addr = getRetAddr(proj, tgtfn)66    state = proj.factory.blank_state(addr=tgtfn)67    # input_key is symbolic, and 1st and only param to the tgt fn68    lfsr_state = claripy.BVS("lfsr_state",16*8)69    lfsr_newstate = claripy.BVS("lfsr_newstate",16*8)70    state.regs.rdi = state.solver.BVV(0xd000000, 128)71    state.memory.store(0xd000000,lfsr_state)72    state.regs.rsi = state.solver.BVV(0xd000010, 128)73    state.memory.store(0xd000010,lfsr_newstate)74    state.options |= { angr.sim_options.LAZY_SOLVES,75                       angr.sim_options.SIMPLIFY_CONSTRAINTS,76                       angr.sim_options.CONSTRAINT_TRACKING_IN_SOLVER,77                       angr.sim_options.ZERO_FILL_UNCONSTRAINED_MEMORY,78                       angr.sim_options.ZERO_FILL_UNCONSTRAINED_REGISTERS}79    state.regs.rax = 080    state.regs.rbx = 081    state.regs.rbp = 082    state.regs.r12 = 083    state.regs.r13 = 084    state.regs.r14 = 085    state.regs.r15 = 086    state.regs.ftop = 087    simgr = proj.factory.simulation_manager(state, veritesting=True)88    simgr.explore(find=final_addr)89    s= simgr.found[0].copy()90    s.solver.simplify(s.memory.load(0xd000010, 16))91    print("lfsr -> next state:", s.memory.load(0xd000010, 16))92    tgtfn = getFuncAddress(cfg, 'extract_lfsr')93    final_addr = getRetAddr(proj, tgtfn)94    state = proj.factory.blank_state(addr=tgtfn)95    # input_key is symbolic, and 1st and only param to the tgt fn96    lfsr_state = claripy.BVS("lfsr_state",16*8)97    state.regs.rdi = state.solver.BVV(0xd000000, 128)98    state.memory.store(0xd000000,lfsr_state)99    state.options |= { angr.sim_options.LAZY_SOLVES,100                       angr.sim_options.SIMPLIFY_CONSTRAINTS,101                       angr.sim_options.CONSTRAINT_TRACKING_IN_SOLVER,102                       angr.sim_options.ZERO_FILL_UNCONSTRAINED_MEMORY,103                       angr.sim_options.ZERO_FILL_UNCONSTRAINED_REGISTERS}104    state.options -= {angr.sim_options.COMPOSITE_SOLVER}105    state.regs.rax = 0106    state.regs.rbx = 0107    state.regs.rbp = 0108    state.regs.r12 = 0109    state.regs.r13 = 0110    state.regs.r14 = 0111    state.regs.r15 = 0112    state.regs.ftop = 0113    simgr = proj.factory.simulation_manager(state, veritesting=True)114    simgr.explore(find=final_addr)115    s= simgr.found[0].copy()116    s.solver.simplify(s.regs.rax)117    print("lfsr_out:", s.regs.rax)118    #IPython.embed()119if __name__ == '__main__':...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.