angr 9.2.115__py3-none-manylinux2014_aarch64.whl → 9.2.117__py3-none-manylinux2014_aarch64.whl

angr/procedures/cgc/random.py

@@ -1,6 +1,9 @@
 import itertools
 
+import claripy
+
 import angr
+from angr.state_plugins.sim_action_object import SimActionObject
 
 rand_count = itertools.count()
 
@@ -9,6 +12,9 @@ class random(angr.SimProcedure):
     # pylint:disable=arguments-differ,missing-class-docstring
 
     def run(self, buf, count, rnd_bytes, concrete_data=None):
+        if isinstance(rnd_bytes, SimActionObject):
+            rnd_bytes = rnd_bytes.ast
+
         if self.state.mode == "fastpath":
             # Special case for CFG
             if (
@@ -28,15 +34,15 @@ class random(angr.SimProcedure):
                     self.state.memory.store(rnd_bytes, count, endness="Iend_LE")
 
             # We always return something in fastpath mode
-            return self.state.solver.BVV(0, self.state.arch.bits)
+            return claripy.BVV(0, self.state.arch.bits)
 
         # return code
-        r = self.state.solver.ite_cases(
+        r = claripy.ite_cases(
             (
                 (self.state.cgc.addr_invalid(buf), self.state.cgc.EFAULT),
-                (self.state.solver.And(rnd_bytes != 0, self.state.cgc.addr_invalid(rnd_bytes)), self.state.cgc.EFAULT),
+                (claripy.And(rnd_bytes != 0, self.state.cgc.addr_invalid(rnd_bytes)), self.state.cgc.EFAULT),
             ),
-            self.state.solver.BVV(0, self.state.arch.bits),
+            claripy.BVV(0, self.state.arch.bits),
         )
 
         if self.state.satisfiable(extra_constraints=[count != 0]):
@@ -46,7 +52,7 @@ class random(angr.SimProcedure):
             )
 
             if concrete_data:
-                value = self.state.solver.BVS(f"random_{next(rand_count)}", max_size)
+                value = claripy.BVS(f"random_{next(rand_count)}", max_size)
                 self.state.preconstrainer.preconstrain(concrete_data, value)
             else:
                 value = self.state.solver.Unconstrained(

angr/procedures/cgc/receive.py

@@ -1,5 +1,7 @@
 from itertools import count
 
+import claripy
+
 import angr
 
 from ... import sim_options as o
@@ -30,7 +32,7 @@ class receive(angr.SimProcedure):
                 count = self.state.solver.Unconstrained("receive_length", self.state.arch.bits)
             self.state.memory.store(rx_bytes, count, endness="Iend_LE")
 
-            return self.state.solver.BVV(0, self.state.arch.bits)
+            return claripy.BVV(0, self.state.arch.bits)
 
         # check invalid memory accesses
         # rules for invalid: greater than 0xc0 or wraps around
@@ -56,7 +58,7 @@ class receive(angr.SimProcedure):
             )
             read_length = simfd.read(buf, count, short_reads=False, do_concrete_update=do_concrete_update)
             if type(read_length) is int:
-                read_length = self.state.solver.BVV(read_length, 32)
+                read_length = claripy.BVV(read_length, 32)
             self.state.memory.store(rx_bytes, read_length, condition=rx_bytes != 0, endness="Iend_LE")
             self.size = read_length
 
@@ -86,6 +88,6 @@ class receive(angr.SimProcedure):
 
             self.size = read_length
             if type(read_length) is int:
-                read_length = self.state.solver.BVV(read_length, 32)
+                read_length = claripy.BVV(read_length, 32)
             self.state.memory.store(rx_bytes, read_length, condition=rx_bytes != 0, endness="Iend_LE")
             return 0

angr/procedures/cgc/transmit.py

@@ -1,5 +1,6 @@
-import angr
+import claripy
 
+import angr
 from ... import sim_options as o
 
 
@@ -17,7 +18,7 @@ class transmit(angr.SimProcedure):
         if self.state.mode == "fastpath":
             # Special case for CFG generation
             self.state.memory.store(tx_bytes, count, endness="Iend_LE")
-            return self.state.solver.BVV(0, self.state.arch.bits)
+            return claripy.BVV(0, self.state.arch.bits)
 
         if o.ABSTRACT_MEMORY in self.state.options:
             simfd.write(buf, count)
@@ -54,10 +55,10 @@ class transmit(angr.SimProcedure):
             )
 
             if do_concrete_update and count.symbolic:
-                concrete_count = self.state.solver.BVV(self.state.solver.eval(count), 32)
+                concrete_count = claripy.BVV(self.state.solver.eval(count), 32)
                 self.state.memory.store(tx_bytes, concrete_count, endness="Iend_LE", condition=tx_bytes != 0)
 
             self.state.memory.store(tx_bytes, count, endness="Iend_LE", condition=tx_bytes != 0)
 
         # TODO: transmit failure
-        return self.state.solver.BVV(0, self.state.arch.bits)
+        return claripy.BVV(0, self.state.arch.bits)

angr/procedures/glibc/__libc_start_main.py

@@ -1,5 +1,6 @@
 import logging
 
+import claripy
 from cle import AT
 
 import angr
@@ -28,7 +29,7 @@ class __libc_start_main(angr.SimProcedure):
             # Each entry is 2 bytes
             self.state.memory.store(
                 table + (pos * 2),
-                self.state.solver.BVV(c, 16),
+                claripy.BVV(c, 16),
                 inspect=False,
                 disable_actions=True,
             )
@@ -60,7 +61,7 @@ class __libc_start_main(angr.SimProcedure):
         for pos, c in enumerate(self.state.libc.TOLOWER_LOC_ARRAY):
             self.state.memory.store(
                 table + (pos * 4),
-                self.state.solver.BVV(c, 32),
+                claripy.BVV(c, 32),
                 endness=self.state.arch.memory_endness,
                 inspect=False,
                 disable_actions=True,
@@ -93,7 +94,7 @@ class __libc_start_main(angr.SimProcedure):
         for pos, c in enumerate(self.state.libc.TOUPPER_LOC_ARRAY):
             self.state.memory.store(
                 table + (pos * 4),
-                self.state.solver.BVV(c, 32),
+                claripy.BVV(c, 32),
                 endness=self.state.arch.memory_endness,
                 inspect=False,
                 disable_actions=True,
@@ -122,7 +123,7 @@ class __libc_start_main(angr.SimProcedure):
         errno_loc = self.inline_call(malloc, self.state.arch.bytes).ret_expr
 
         self.state.libc.errno_location = errno_loc
-        self.state.memory.store(errno_loc, self.state.solver.BVV(0, self.state.arch.bits))
+        self.state.memory.store(errno_loc, claripy.BVV(0, self.state.arch.bits))
 
     @property
     def envp(self):

angr/procedures/java_jni/__init__.py

@@ -4,7 +4,7 @@ import logging
 import typing
 
 from archinfo import ArchSoot
-from claripy import BVV, StrSubstr
+import claripy
 
 from ...calling_conventions import default_cc
 from ...sim_procedure import SimProcedure
@@ -66,7 +66,7 @@ class JNISimProcedure(SimProcedure):
         if isinstance(data, int):
             if addr is None:
                 addr = self._allocate_native_memory(size=type_size // 8)
-            value = self.state.solver.BVV(data, type_size)
+            value = claripy.BVV(data, type_size)
             self.state.memory.store(addr, value, endness=native_memory_endness)
         # store array
         elif isinstance(data, list):
@@ -173,11 +173,11 @@ class JNISimProcedure(SimProcedure):
         # store chars one by one
         str_len = len(string) // 8
         for idx in range(str_len):
-            str_byte = StrSubstr(idx, 1, string)
+            str_byte = claripy.StrSubstr(idx, 1, string)
             self.state.memory.store(addr + idx, str_byte)
 
         # store terminating zero
-        self.state.memory.store(len(string), BVV(0, 8))
+        self.state.memory.store(len(string), claripy.BVV(0, 8))
 
         return addr
 

angr/procedures/java_jni/array_operations.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 from . import JNISimProcedure
 from ...engines.soot.expressions import SimSootExpr_NewArray
 from ...engines.soot.values import SimSootValue_ArrayRef
@@ -239,7 +241,7 @@ class GetArrayRegion(JNISimProcedure):
         # - start_idx <= last_idx < array_size
         #   with last_idx := start_idx+length-1
         # - 0 <= length <= array_size
-        range_constraints = state.solver.And(
+        range_constraints = claripy.And(
             start_idx.SGE(0),
             start_idx.SLT(array.size),
             array.size.SGT(start_idx + length - 1),

angr/procedures/java_lang/string.py

@@ -26,7 +26,7 @@ class StringEquals(JavaSimProcedure):
     def run(self, str_ref_1, str_ref_2):  # pylint: disable=unused-argument
         str_1 = self.state.memory.load(str_ref_1)
         str_2 = self.state.memory.load(str_ref_2)
-        return self.state.solver.If(str_1 == str_2, self.state.solver.BVV(1, 32), self.state.solver.BVV(0, 32))
+        return claripy.If(str_1 == str_2, claripy.BVV(1, 32), claripy.BVV(0, 32))
 
 
 class StringSplit(JavaSimProcedure):

angr/procedures/java_util/random.py

@@ -1,3 +1,5 @@
+import claripy
+
 from ..java import JavaSimProcedure
 
 
@@ -5,7 +7,7 @@ class NextInt(JavaSimProcedure):
     __provides__ = (("java.util.Random", "nextInt(int)"),)
 
     def run(self, obj, bound):  # pylint: disable=arguments-differ,unused-argument
-        rand = self.state.solver.BVS("rand", 32)
+        rand = claripy.BVS("rand", 32)
         self.state.solver.add(rand.UGE(0))
         self.state.solver.add(rand.ULT(bound))
         return rand

angr/procedures/libc/access.py

@@ -1,3 +1,5 @@
+import claripy
+
 import angr
 
 
@@ -5,6 +7,6 @@ class access(angr.SimProcedure):
     # pylint:disable=arguments-differ
 
     def run(self, path, mode):
-        ret = self.state.solver.BVS("access", self.arch.sizeof["int"])
-        self.state.add_constraints(self.state.solver.Or(ret == 0, ret == -1))
+        ret = claripy.BVS("access", self.arch.sizeof["int"])
+        self.state.add_constraints(claripy.Or(ret == 0, ret == -1))
         return ret

angr/procedures/libc/feof.py

@@ -1,7 +1,8 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
+import angr
+
 
 class feof(angr.SimProcedure):
     # pylint:disable=arguments-differ
@@ -13,7 +14,7 @@ class feof(angr.SimProcedure):
         simfd = self.state.posix.get_fd(fileno)
         if simfd is None:
             return None
-        return self.state.solver.If(simfd.eof(), self.state.solver.BVV(1, self.arch.sizeof["int"]), 0)
+        return claripy.If(simfd.eof(), claripy.BVV(1, self.arch.sizeof["int"]), 0)
 
 
 feof_unlocked = feof

angr/procedures/libc/fgetc.py

@@ -1,3 +1,5 @@
+import claripy
+
 import angr
 
 
@@ -16,7 +18,7 @@ class fgetc(angr.SimProcedure):
             data,
             real_length,
         ) = simfd.read_data(1)
-        return self.state.solver.If(real_length == 0, -1, data.zero_extend(self.arch.sizeof["int"] - 8))
+        return claripy.If(real_length == 0, -1, data.zero_extend(self.arch.sizeof["int"] - 8))
 
 
 getc = fgetc

angr/procedures/libc/fgets.py

@@ -1,10 +1,10 @@
+import claripy
+from cle.backends.externs.simdata.io_file import io_file_data_for_arch
+
 import angr
 from angr.storage.memory_mixins.address_concretization_mixin import MultiwriteAnnotation
 
 
-from cle.backends.externs.simdata.io_file import io_file_data_for_arch
-
-
 class fgets(angr.SimProcedure):
     # pylint:disable=arguments-differ
 
@@ -47,10 +47,10 @@ class fgets(angr.SimProcedure):
 
             for i, byte in enumerate(data.chop(8)):
                 self.state.add_constraints(
-                    self.state.solver.If(
+                    claripy.If(
                         i + 1 != real_size,
                         byte != b"\n",  # if not last byte returned, not newline
-                        self.state.solver.Or(  # otherwise one of the following must be true:
+                        claripy.Or(  # otherwise one of the following must be true:
                             i + 2 == size,  # - we ran out of space, or
                             simfd.eof(),  # - the file is at EOF, or
                             byte == b"\n",  # - it is a newline

angr/procedures/libc/fopen.py

@@ -1,7 +1,8 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
+import angr
+
 
 def mode_to_flag(mode):
     # TODO improve this: handle mode = strings
@@ -60,5 +61,5 @@ class fopen(angr.SimProcedure):
             return file_struct_ptr
         else:
             # still possible that open failed
-            null = self.state.solver.BVV(0, self.state.arch.bits)
-            return self.state.solver.If(fd == fd_concr, file_struct_ptr, null)
+            null = claripy.BVV(0, self.state.arch.bits)
+            return claripy.If(fd == fd_concr, file_struct_ptr, null)

angr/procedures/libc/fread.py

@@ -1,7 +1,8 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
+import angr
+
 
 class fread(angr.SimProcedure):
     # pylint:disable=arguments-differ
@@ -16,7 +17,7 @@ class fread(angr.SimProcedure):
             return -1
 
         ret = simfd.read(dst, size * nm)
-        return self.state.solver.If(self.state.solver.Or(size == 0, nm == 0), 0, ret // size)
+        return claripy.If(claripy.Or(size == 0, nm == 0), 0, ret // size)
 
 
 fread_unlocked = fread

angr/procedures/libc/fseek.py

@@ -1,6 +1,7 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
+
+import angr
 from ...errors import SimSolverError
 
 
@@ -26,7 +27,7 @@ class fseek(angr.SimProcedure):
         simfd = self.state.posix.get_fd(fd)
         if simfd is None:
             return -1
-        return self.state.solver.If(simfd.seek(offset, whence), self.state.solver.BVV(0, self.arch.sizeof["int"]), -1)
+        return claripy.If(simfd.seek(offset, whence), claripy.BVV(0, self.arch.sizeof["int"]), -1)
 
 
 fseeko = fseek

angr/procedures/libc/getdelim.py

@@ -1,7 +1,10 @@
-import angr
+import logging
+
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
-import logging
+import angr
+
 
 l = logging.getLogger(name=__name__)
 
@@ -72,10 +75,10 @@ class __getdelim(angr.SimProcedure):
 
             for i, byte in enumerate(data.chop(8)):
                 self.state.add_constraints(
-                    self.state.solver.If(
+                    claripy.If(
                         i + 1 != real_size,
                         byte != delim_byte,  # if not last byte returned, not newline
-                        self.state.solver.Or(  # otherwise one of the following must be true:
+                        claripy.Or(  # otherwise one of the following must be true:
                             i + 2 == size,  # - we ran out of space, or
                             simfd.eof(),  # - the file is at EOF, or
                             byte == delim_byte,  # - it is a newline

angr/procedures/libc/gets.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 import angr
 from angr.storage.memory_mixins.address_concretization_mixin import MultiwriteAnnotation
 from angr.misc.ux import once
@@ -48,10 +50,10 @@ class gets(angr.SimProcedure):
 
             for i, byte in enumerate(data.chop(8)):
                 self.state.add_constraints(
-                    self.state.solver.If(
+                    claripy.If(
                         i + 1 != real_size,
                         byte != b"\n",  # if not last byte returned, not newline
-                        self.state.solver.Or(  # otherwise one of the following must be true:
+                        claripy.Or(  # otherwise one of the following must be true:
                             i + 2 == max_size,  # - we ran out of space, or
                             simfd.eof(),  # - the file is at EOF, or
                             byte == b"\n",  # - it is a newline

angr/procedures/libc/memcmp.py

@@ -1,6 +1,9 @@
-import angr
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -25,19 +28,19 @@ class memcmp(angr.SimProcedure):
             s1_part = self.state.memory.load(s1_addr, definite_size, endness="Iend_BE")
             s2_part = self.state.memory.load(s2_addr, definite_size, endness="Iend_BE")
             cases = [
-                [s1_part == s2_part, self.state.solver.BVV(0, int_bits)],
-                [self.state.solver.ULT(s1_part, s2_part), self.state.solver.BVV(-1, int_bits)],
-                [self.state.solver.UGT(s1_part, s2_part), self.state.solver.BVV(1, int_bits)],
+                [s1_part == s2_part, claripy.BVV(0, int_bits)],
+                [claripy.ULT(s1_part, s2_part), claripy.BVV(-1, int_bits)],
+                [claripy.UGT(s1_part, s2_part), claripy.BVV(1, int_bits)],
             ]
-            definite_answer = self.state.solver.ite_cases(cases, 2)
-            constraint = self.state.solver.Or(*[c for c, _ in cases])
+            definite_answer = claripy.ite_cases(cases, 2)
+            constraint = claripy.Or(*[c for c, _ in cases])
             self.state.add_constraints(constraint)
 
             l.debug("Created definite answer: %s", definite_answer)
             l.debug("Created constraint: %s", constraint)
             l.debug("... crom cases: %s", cases)
         else:
-            definite_answer = self.state.solver.BVV(0, int_bits)
+            definite_answer = claripy.BVV(0, int_bits)
 
         if not self.state.solver.symbolic(definite_answer) and self.state.solver.eval(definite_answer) != 0:
             return definite_answer
@@ -51,19 +54,19 @@ class memcmp(angr.SimProcedure):
                 s1_part = s1_all[conditional_size * 8 - 1 : bit - 8]
                 s2_part = s2_all[conditional_size * 8 - 1 : bit - 8]
                 cases = [
-                    [s1_part == s2_part, self.state.solver.BVV(0, int_bits)],
-                    [self.state.solver.ULT(s1_part, s2_part), self.state.solver.BVV(-1, int_bits)],
-                    [self.state.solver.UGT(s1_part, s2_part), self.state.solver.BVV(1, int_bits)],
+                    [s1_part == s2_part, claripy.BVV(0, int_bits)],
+                    [claripy.ULT(s1_part, s2_part), claripy.BVV(-1, int_bits)],
+                    [claripy.UGT(s1_part, s2_part), claripy.BVV(1, int_bits)],
                 ]
-                conditional_rets[byte + 1] = self.state.solver.ite_cases(cases, 0)
-                self.state.add_constraints(self.state.solver.Or(*[c for c, _ in cases]))
+                conditional_rets[byte + 1] = claripy.ite_cases(cases, 0)
+                self.state.add_constraints(claripy.Or(*[c for c, _ in cases]))
 
-            ret_expr = self.state.solver.If(
+            ret_expr = claripy.If(
                 definite_answer == 0,
-                self.state.solver.ite_dict(n - definite_size, conditional_rets, 2),
+                claripy.ite_dict(n - definite_size, conditional_rets, 2),
                 definite_answer,
             )
-            self.state.add_constraints(self.state.solver.Or(*[n - definite_size == c for c in conditional_rets]))
+            self.state.add_constraints(claripy.Or(*[n - definite_size == c for c in conditional_rets]))
             return ret_expr
         else:
             return definite_answer

angr/procedures/libc/memset.py

@@ -1,7 +1,9 @@
-import angr
-
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -37,12 +39,12 @@ class memset(angr.SimProcedure):
 
     def run(self, dst_addr, char, num):
         if char.size() != self.state.arch.byte_width:  # sizeof(char)
-            char = self.state.solver.Extract(self.state.arch.byte_width - 1, 0, char)
+            char = claripy.Extract(self.state.arch.byte_width - 1, 0, char)
 
         if self.state.solver.symbolic(num):
             l.debug("symbolic length")
             max_size = self.state.solver.min_int(num) + self.state.libc.max_buffer_size
-            write_bytes = self.state.solver.Concat(*([char] * max_size))
+            write_bytes = claripy.Concat(*([char] * max_size))
             self.state.memory.store(dst_addr, write_bytes, size=num)
         else:
             max_size = self.state.solver.eval(num)
@@ -54,14 +56,14 @@ class memset(angr.SimProcedure):
 
                 if self.state.solver.symbolic(char):
                     l.debug("symbolic char")
-                    write_bytes = self.state.solver.Concat(*([char] * chunksize))
+                    write_bytes = claripy.Concat(*([char] * chunksize))
                 else:
                     # Concatenating many bytes is slow, so some sort of optimization is required
                     if char.concrete_value == 0:
-                        write_bytes = self.state.solver.BVV(0, chunksize * 8)
+                        write_bytes = claripy.BVV(0, chunksize * 8)
                     else:
                         rb = memset._repeat_bytes(char.concrete_value, chunksize)
-                        write_bytes = self.state.solver.BVV(rb, chunksize * 8)
+                        write_bytes = claripy.BVV(rb, chunksize * 8)
 
                 self.state.memory.store(dst_addr + offset, write_bytes)
                 offset += chunksize

angr/procedures/libc/puts.py

@@ -1,3 +1,5 @@
+import claripy
+
 import angr
 
 
@@ -12,5 +14,5 @@ class puts(angr.SimProcedure):
         strlen = angr.SIM_PROCEDURES["libc"]["strlen"]
         length = self.inline_call(strlen, string).ret_expr
         out = stdout.write(string, length)
-        stdout.write_data(self.state.solver.BVV(b"\n"))
+        stdout.write_data(claripy.BVV(b"\n"))
         return (out + 1)[31:0]

angr/procedures/libc/snprintf.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 from angr.procedures.stubs.format_parser import FormatParser
 
 l = logging.getLogger(name=__name__)
@@ -15,7 +17,7 @@ class snprintf(FormatParser):
         self.state.memory.store(dst_ptr, out_str)
 
         # place the terminating null byte
-        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), self.state.solver.BVV(0, 8))
+        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), claripy.BVV(0, 8))
 
         return out_str.size() // self.arch.byte_width
 
@@ -28,6 +30,6 @@ class __snprintf_chk(FormatParser):
         self.state.memory.store(dst_ptr, out_str)
 
         # place the terminating null byte
-        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), self.state.solver.BVV(0, 8))
+        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), claripy.BVV(0, 8))
 
         return out_str.size() // self.arch.byte_width

angr/procedures/libc/sprintf.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 from angr.procedures.stubs.format_parser import FormatParser
 
 l = logging.getLogger(name=__name__)
@@ -16,7 +18,7 @@ class sprintf(FormatParser):
 
         # place the terminating null byte
         self.state.memory.store(
-            dst_ptr + (out_str.size() // self.arch.byte_width), self.state.solver.BVV(0, self.arch.byte_width)
+            dst_ptr + (out_str.size() // self.arch.byte_width), claripy.BVV(0, self.arch.byte_width)
         )
 
         return out_str.size() // self.arch.byte_width

angr/procedures/libc/strchr.py

@@ -1,8 +1,11 @@
+import logging
+
+import claripy
+
 import angr
 from angr.storage.memory_mixins.address_concretization_mixin import MultiwriteAnnotation
 from angr.sim_options import MEMORY_CHUNK_INDIVIDUAL_READS
 
-import logging
 
 l = logging.getLogger(name=__name__)
 
@@ -36,9 +39,9 @@ class strchr(angr.SimProcedure):
         # ensure that the string length is long enough to include
         # the character!
         chrpos = a - s_addr
-        self.state.add_constraints(self.state.solver.If(a != 0, chrpos <= s_strlen.ret_expr, True))
+        self.state.add_constraints(claripy.If(a != 0, chrpos <= s_strlen.ret_expr, True))
 
         return a
-        # self.state.add_constraints(self.state.solver.ULT(a - s_addr, s_strlen.ret_expr))
+        # self.state.add_constraints(claripy.ULT(a - s_addr, s_strlen.ret_expr))
         # self.max_chr_index = max(i)
         # return a

angr/procedures/libc/strcmp.py

@@ -1,7 +1,9 @@
-import angr
-
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -13,7 +15,7 @@ class strcmp(angr.SimProcedure):
 
         a_strlen = self.inline_call(strlen, a_addr, wchar=wchar)
         b_strlen = self.inline_call(strlen, b_addr, wchar=wchar)
-        maxlen = self.state.solver.BVV(max(a_strlen.max_null_index, b_strlen.max_null_index), self.state.arch.bits)
+        maxlen = claripy.BVV(max(a_strlen.max_null_index, b_strlen.max_null_index), self.state.arch.bits)
 
         strncmp = self.inline_call(
             angr.SIM_PROCEDURES["libc"]["strncmp"],

angr/procedures/libc/strlen.py

@@ -16,10 +16,10 @@ class strlen(angr.SimProcedure):
 
     def run(self, s, wchar=False, maxlen=None):
         if wchar:
-            null_seq = self.state.solver.BVV(0, 16)
+            null_seq = claripy.BVV(0, 16)
             char_size = 2
         else:
-            null_seq = self.state.solver.BVV(0, 8)
+            null_seq = claripy.BVV(0, 8)
             char_size = 1
 
         max_symbolic_bytes = self.state.libc.buf_symbolic_bytes
@@ -38,7 +38,7 @@ class strlen(angr.SimProcedure):
             addr_desc: AbstractAddressDescriptor = self.state.memory._normalize_address(s)
 
             # size_t
-            length = self.state.solver.ESI(self.arch.bits)
+            length = claripy.ESI(self.arch.bits)
             for s_aw in self.state.memory._concretize_address_descriptor(addr_desc, None):
                 s_ptr = s_aw.to_valueset(self.state)
                 r, c, i = self.state.memory.find(