angr.engines.icicle¶
icicle.py: An angr engine that uses Icicle to execute code.
- class angr.engines.icicle.IcicleEngine¶
Bases:
SuccessorsEngineAn angr engine that uses Icicle to execute concrete states. The purpose of this implementation is to provide a high-performance concrete execution engine in angr. While historically, angr has focused on symbolic execution, better support for concrete execution enables new use cases such as fuzzing in angr. This is ideal for testing bespoke binary targets, such as microcontroller firmware, which may be difficult to correctly harness for use with traditional fuzzing engines.
This class is the base class for the Icicle engine. It implements execution by creating an Icicle instance, copying the state from angr to Icicle, and then running the Icicle instance. The results are then copied back to the angr state. The Icicle instance is cached on the engine and reused across runs: the first call takes a snapshot of the fresh VM, and subsequent calls either continue with the cached emu (same-run successors) or restore the snapshot and delta-sync the input state (branches).
For a more complete implementation, use the UberIcicleEngine class, which intends to provide a more complete set of features, such as hooks and syscalls.
- class angr.engines.icicle.UberIcicleEngine¶
Bases:
SimEngineFailure,SimEngineSyscall,HooksMixin,IcicleEngineAn extension of the IcicleEngine that uses mixins to add support for syscalls and hooks. Most users will prefer to use this engine instead of the IcicleEngine directly.