angr.state_plugins.heap.heap_brk¶
- class angr.state_plugins.heap.heap_brk.SimHeapBrk¶
Bases:
SimHeapBaseSimHeapBrk represents a trivial heap implementation based on the Unix brk system call. This type of heap stores virtually no metadata, so it is up to the user to determine when it is safe to release memory. This also means that it does not properly support standard heap operations like realloc.
This heap implementation is a holdover from before any more proper implementations were modelled. At the time, various libc (or win32) SimProcedures handled the heap in the same way that this plugin does now. To make future heap implementations plug-and-playable, they should implement the necessary logic themselves, and dependent SimProcedures should invoke a method by the same name as theirs (prepended with an underscore) upon the heap plugin. Depending on the heap implementation, if the method is not supported, an error should be raised.
Out of consideration for the original way the heap was handled, this plugin implements functionality for all relevant SimProcedures (even those that would not normally be supported together in a single heap implementation).
- Variables:
heap_location – the address of the top of the heap, bounding the allocations made starting from heap_base
- __init__(heap_base=None, heap_size=None)¶
- allocate(sim_size)¶
The actual allocation primitive for this heap implementation. Increases the position of the break to allocate space. Has no guards against the heap growing too large.
- Parameters:
sim_size – a size specifying how much to increase the break pointer by
- Returns:
a pointer to the previous break position, above which there is now allocated space
- release(sim_size)¶
The memory release primitive for this heap implementation. Decreases the position of the break to deallocate space. Guards against releasing beyond the initial heap base.
- Parameters:
sim_size – a size specifying how much to decrease the break pointer by (may be symbolic or not)