dwarfcore.detectors.uninitialized_stack_variable module

class dwarfcore.detectors.uninitialized_stack_variable.DetectUninitializedStackVariable(dwarfcore: dwarfcore.dwarfcore.DwarfCore, poi_info: Optional[List[mate_common.models.integration.FunctionVariableInfo]], fast: bool = True)

Bases: manticore.core.plugin.Plugin

Detect uninitialized stack variables by tracking reads and writes.

Parameters

• dwarfcore (dwarfcore.dwarfcore.DwarfCore) –

• poi_info (Optional[List[mate_common.models.integration.FunctionVariableInfo]]) –

• fast (bool) –

MCORE_TESTCASE_LIST: Final[str] = 'UninitializedVariable_testcases'

property RESULTS_KEY: str

The plugin’s key to access results.

Returns

Key name to access results

class Result(function_name: str, variable_name: str, instruction_addr: dwarfcore.dwarfcore.ManticoreAddress, variable_pretty: str, file_path: str, line_number: int)

Bases: object

Result data structure for uninitialized stack variables.

Parameters

• function_name (str) –

• variable_name (str) –

• instruction_addr (dwarfcore.dwarfcore.ManticoreAddress) –

• variable_pretty (str) –

• file_path (str) –

• line_number (int) –

Return type

None

file_path: str

function_name: str

instruction_addr: dwarfcore.dwarfcore.ManticoreAddress

line_number: int

variable_name: str

variable_pretty: str

property TARGET_FUNCTION_IS_LIVE_KEY: str

Whether the target function is live during program execution.

This is not exact information since we only look at whether the target function is on the call stack.

Used mostly for efficiency to avoid needless variable range lookups through the call stack, which is expensive.

property VAR_WRITE_KEY: str

Whether a variable has been written to in the current function.

Value at this key is an Optional[Dict[str,bool]] type

manticore

record_testcase(state: manticore.native.state.State, message: str)

Parameters

• state (manticore.native.state.State) –

• message (str) –

property results: List[mate_common.models.integration.ReachingTestCase]

Any test case results found during execution.

will_execute_instruction_callback(state: manticore.native.state.State, pc: Union[int, manticore.core.smtlib.expression.Expression], insn: manticore.native.cpu.disasm.Instruction)

Manticore instruction callback to determine which function we are executing within.

Parameters

• state (manticore.native.state.State) –

• pc (Union[int, manticore.core.smtlib.expression.Expression]) –

• insn (manticore.native.cpu.disasm.Instruction) –

will_read_memory_callback(state: manticore.native.state.State, where: Union[int, manticore.core.smtlib.expression.Expression], size: Union[int, manticore.core.smtlib.expression.Expression])

Parameters

• state (manticore.native.state.State) –

• where (Union[int, manticore.core.smtlib.expression.Expression]) –

• size (Union[int, manticore.core.smtlib.expression.Expression]) –

will_write_memory_callback(state: manticore.native.state.State, where: Union[int, manticore.core.smtlib.expression.Expression], expression: Union[int, manticore.core.smtlib.expression.Expression], size: Union[int, manticore.core.smtlib.expression.Expression])

Parameters

• state (manticore.native.state.State) –

• where (Union[int, manticore.core.smtlib.expression.Expression]) –

• expression (Union[int, manticore.core.smtlib.expression.Expression]) –

• size (Union[int, manticore.core.smtlib.expression.Expression]) –

dwarfcore.detectors.uninitialized_stack_variable.get_var_element_access_names(where: dwarfcore.dwarfcore.ManticoreAddress, var_at_where: dwarfcore.detectors.common.VariableAtMemoryInfo, size: int) → List[str]

Determine the refined name element name variable accessed at a specific location.

Parameters

• where – The memory access made by Manticore

• var_at_where – The variable containing the Manticore access

• size – The size of the access

• where (dwarfcore.dwarfcore.ManticoreAddress) –

• var_at_where (dwarfcore.detectors.common.VariableAtMemoryInfo) –

• size (int) –

Returns

name with element number

Return type

List[str]