angr 9.2.116__py3-none-manylinux2014_aarch64.whl → 9.2.118__py3-none-manylinux2014_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (1316) hide show
  1. angr/__init__.py +2 -1
  2. angr/__main__.py +21 -1
  3. angr/analyses/__init__.py +4 -0
  4. angr/analyses/analysis.py +45 -45
  5. angr/analyses/backward_slice.py +15 -18
  6. angr/analyses/binary_optimizer.py +29 -34
  7. angr/analyses/bindiff.py +35 -44
  8. angr/analyses/boyscout.py +1 -0
  9. angr/analyses/callee_cleanup_finder.py +3 -4
  10. angr/analyses/calling_convention.py +98 -98
  11. angr/analyses/cdg.py +5 -12
  12. angr/analyses/cfg/__init__.py +1 -0
  13. angr/analyses/cfg/cfb.py +14 -20
  14. angr/analyses/cfg/cfg.py +2 -1
  15. angr/analyses/cfg/cfg_arch_options.py +4 -1
  16. angr/analyses/cfg/cfg_base.py +122 -165
  17. angr/analyses/cfg/cfg_emulated.py +64 -96
  18. angr/analyses/cfg/cfg_fast.py +273 -314
  19. angr/analyses/cfg/cfg_fast_soot.py +10 -17
  20. angr/analyses/cfg/cfg_job_base.py +6 -7
  21. angr/analyses/cfg/indirect_jump_resolvers/__init__.py +1 -0
  22. angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +2 -3
  23. angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py +2 -3
  24. angr/analyses/cfg/indirect_jump_resolvers/arm_elf_fast.py +6 -8
  25. angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py +3 -5
  26. angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py +1 -0
  27. angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +104 -119
  28. angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +29 -34
  29. angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +1 -0
  30. angr/analyses/cfg/indirect_jump_resolvers/resolver.py +7 -7
  31. angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +3 -8
  32. angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py +2 -3
  33. angr/analyses/cfg_slice_to_sink/__init__.py +1 -0
  34. angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +4 -4
  35. angr/analyses/cfg_slice_to_sink/graph.py +4 -1
  36. angr/analyses/cfg_slice_to_sink/transitions.py +4 -2
  37. angr/analyses/class_identifier.py +1 -0
  38. angr/analyses/code_tagging.py +9 -9
  39. angr/analyses/complete_calling_conventions.py +28 -36
  40. angr/analyses/congruency_check.py +6 -11
  41. angr/analyses/data_dep/__init__.py +1 -0
  42. angr/analyses/data_dep/data_dependency_analysis.py +38 -48
  43. angr/analyses/data_dep/dep_nodes.py +13 -12
  44. angr/analyses/data_dep/sim_act_location.py +3 -0
  45. angr/analyses/datagraph_meta.py +7 -7
  46. angr/analyses/ddg.py +48 -69
  47. angr/analyses/decompiler/__init__.py +3 -0
  48. angr/analyses/decompiler/ail_simplifier.py +929 -400
  49. angr/analyses/decompiler/ailgraph_walker.py +1 -0
  50. angr/analyses/decompiler/block_io_finder.py +13 -4
  51. angr/analyses/decompiler/block_similarity.py +28 -18
  52. angr/analyses/decompiler/block_simplifier.py +40 -104
  53. angr/analyses/decompiler/callsite_maker.py +124 -82
  54. angr/analyses/decompiler/ccall_rewriters/__init__.py +1 -0
  55. angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +115 -105
  56. angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +2 -1
  57. angr/analyses/decompiler/clinic.py +348 -172
  58. angr/analyses/decompiler/condition_processor.py +86 -100
  59. angr/analyses/decompiler/counters/__init__.py +5 -0
  60. angr/analyses/decompiler/counters/boolean_counter.py +27 -0
  61. angr/analyses/decompiler/{call_counter.py → counters/call_counter.py} +5 -4
  62. angr/analyses/decompiler/{expression_counters.py → counters/expression_counters.py} +5 -4
  63. angr/analyses/decompiler/counters/seq_cf_structure_counter.py +63 -0
  64. angr/analyses/decompiler/decompilation_cache.py +2 -1
  65. angr/analyses/decompiler/decompilation_options.py +1 -0
  66. angr/analyses/decompiler/decompiler.py +47 -27
  67. angr/analyses/decompiler/dephication/__init__.py +6 -0
  68. angr/analyses/decompiler/dephication/dephication_base.py +87 -0
  69. angr/analyses/decompiler/dephication/graph_dephication.py +63 -0
  70. angr/analyses/decompiler/dephication/graph_rewriting.py +116 -0
  71. angr/analyses/decompiler/dephication/graph_vvar_mapping.py +313 -0
  72. angr/analyses/decompiler/dephication/rewriting_engine.py +247 -0
  73. angr/analyses/decompiler/dephication/seqnode_dephication.py +106 -0
  74. angr/analyses/decompiler/empty_node_remover.py +1 -0
  75. angr/analyses/decompiler/expression_narrower.py +12 -17
  76. angr/analyses/decompiler/goto_manager.py +43 -4
  77. angr/analyses/decompiler/graph_region.py +19 -31
  78. angr/analyses/decompiler/jump_target_collector.py +1 -0
  79. angr/analyses/decompiler/jumptable_entry_condition_rewriter.py +1 -0
  80. angr/analyses/decompiler/optimization_passes/__init__.py +7 -3
  81. angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +23 -18
  82. angr/analyses/decompiler/optimization_passes/call_stmt_rewriter.py +46 -0
  83. angr/analyses/decompiler/optimization_passes/code_motion.py +4 -2
  84. angr/analyses/decompiler/optimization_passes/const_derefs.py +36 -36
  85. angr/analyses/decompiler/optimization_passes/const_prop_reverter.py +6 -9
  86. angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py +4 -3
  87. angr/analyses/decompiler/optimization_passes/deadblock_remover.py +1 -0
  88. angr/analyses/decompiler/optimization_passes/div_simplifier.py +78 -72
  89. angr/analyses/decompiler/optimization_passes/duplication_reverter/__init__.py +2 -0
  90. angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py +500 -0
  91. angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +1211 -0
  92. angr/analyses/decompiler/optimization_passes/duplication_reverter/errors.py +16 -0
  93. angr/analyses/decompiler/optimization_passes/duplication_reverter/similarity.py +126 -0
  94. angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +169 -0
  95. angr/analyses/decompiler/optimization_passes/engine_base.py +60 -63
  96. angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +6 -7
  97. angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +1 -0
  98. angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +88 -23
  99. angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +8 -10
  100. angr/analyses/decompiler/optimization_passes/ite_region_converter.py +128 -18
  101. angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +142 -145
  102. angr/analyses/decompiler/optimization_passes/mod_simplifier.py +27 -23
  103. angr/analyses/decompiler/optimization_passes/multi_simplifier.py +30 -34
  104. angr/analyses/decompiler/optimization_passes/optimization_pass.py +108 -47
  105. angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +10 -3
  106. angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +5 -6
  107. angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +3 -2
  108. angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +125 -13
  109. angr/analyses/decompiler/optimization_passes/return_duplicator_high.py +1 -0
  110. angr/analyses/decompiler/optimization_passes/return_duplicator_low.py +3 -2
  111. angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +52 -21
  112. angr/analyses/decompiler/optimization_passes/switch_default_case_duplicator.py +3 -2
  113. angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +47 -36
  114. angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +2 -1
  115. angr/analyses/decompiler/peephole_optimizations/__init__.py +2 -0
  116. angr/analyses/decompiler/peephole_optimizations/a_div_const_add_a_mul_n_div_const.py +26 -22
  117. angr/analyses/decompiler/peephole_optimizations/a_mul_const_div_shr_const.py +2 -2
  118. angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +1 -0
  119. angr/analyses/decompiler/peephole_optimizations/a_sub_a_div.py +2 -2
  120. angr/analyses/decompiler/peephole_optimizations/a_sub_a_div_const_mul_const.py +1 -0
  121. angr/analyses/decompiler/peephole_optimizations/a_sub_a_sub_n.py +8 -4
  122. angr/analyses/decompiler/peephole_optimizations/arm_cmpf.py +28 -27
  123. angr/analyses/decompiler/peephole_optimizations/base.py +17 -20
  124. angr/analyses/decompiler/peephole_optimizations/basepointeroffset_add_n.py +1 -0
  125. angr/analyses/decompiler/peephole_optimizations/basepointeroffset_and_mask.py +1 -0
  126. angr/analyses/decompiler/peephole_optimizations/bitwise_or_to_logical_or.py +2 -2
  127. angr/analyses/decompiler/peephole_optimizations/bool_expr_xor_1.py +2 -2
  128. angr/analyses/decompiler/peephole_optimizations/bswap.py +29 -22
  129. angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +3 -4
  130. angr/analyses/decompiler/peephole_optimizations/coalesce_adjacent_shrs.py +39 -0
  131. angr/analyses/decompiler/peephole_optimizations/coalesce_same_cascading_ifs.py +2 -1
  132. angr/analyses/decompiler/peephole_optimizations/const_mull_a_shift.py +94 -29
  133. angr/analyses/decompiler/peephole_optimizations/constant_derefs.py +1 -0
  134. angr/analyses/decompiler/peephole_optimizations/conv_a_sub0_shr_and.py +48 -49
  135. angr/analyses/decompiler/peephole_optimizations/conv_shl_shr.py +1 -0
  136. angr/analyses/decompiler/peephole_optimizations/eager_eval.py +41 -34
  137. angr/analyses/decompiler/peephole_optimizations/extended_byte_and_mask.py +2 -1
  138. angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +28 -18
  139. angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +8 -4
  140. angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +28 -18
  141. angr/analyses/decompiler/peephole_optimizations/invert_negated_logical_conjuction_disjunction.py +32 -32
  142. angr/analyses/decompiler/peephole_optimizations/one_sub_bool.py +2 -2
  143. angr/analyses/decompiler/peephole_optimizations/remove_cascading_conversions.py +23 -3
  144. angr/analyses/decompiler/peephole_optimizations/remove_empty_if_body.py +2 -1
  145. angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +4 -0
  146. angr/analyses/decompiler/peephole_optimizations/remove_redundant_bitmasks.py +1 -0
  147. angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +4 -6
  148. angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_branch.py +14 -13
  149. angr/analyses/decompiler/peephole_optimizations/remove_redundant_ite_comparisons.py +2 -2
  150. angr/analyses/decompiler/peephole_optimizations/remove_redundant_nots.py +1 -0
  151. angr/analyses/decompiler/peephole_optimizations/remove_redundant_reinterprets.py +3 -2
  152. angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +2 -2
  153. angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts_around_comparators.py +20 -16
  154. angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +3 -3
  155. angr/analyses/decompiler/peephole_optimizations/rewrite_mips_gp_loads.py +4 -2
  156. angr/analyses/decompiler/peephole_optimizations/rol_ror.py +66 -40
  157. angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +64 -57
  158. angr/analyses/decompiler/peephole_optimizations/simplify_pc_relative_loads.py +14 -14
  159. angr/analyses/decompiler/peephole_optimizations/single_bit_cond_to_boolexpr.py +1 -0
  160. angr/analyses/decompiler/peephole_optimizations/single_bit_xor.py +8 -5
  161. angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +4 -6
  162. angr/analyses/decompiler/redundant_label_remover.py +20 -19
  163. angr/analyses/decompiler/region_identifier.py +64 -77
  164. angr/analyses/decompiler/region_simplifiers/__init__.py +1 -0
  165. angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +2 -1
  166. angr/analyses/decompiler/region_simplifiers/cascading_ifs.py +1 -0
  167. angr/analyses/decompiler/region_simplifiers/expr_folding.py +43 -29
  168. angr/analyses/decompiler/region_simplifiers/goto.py +1 -0
  169. angr/analyses/decompiler/region_simplifiers/if_.py +29 -36
  170. angr/analyses/decompiler/region_simplifiers/ifelse.py +1 -0
  171. angr/analyses/decompiler/region_simplifiers/loop.py +27 -13
  172. angr/analyses/decompiler/region_simplifiers/node_address_finder.py +1 -0
  173. angr/analyses/decompiler/region_simplifiers/region_simplifier.py +1 -0
  174. angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +12 -16
  175. angr/analyses/decompiler/region_simplifiers/switch_expr_simplifier.py +36 -32
  176. angr/analyses/decompiler/region_walker.py +1 -0
  177. angr/analyses/decompiler/return_maker.py +1 -0
  178. angr/analyses/decompiler/seq_to_blocks.py +1 -0
  179. angr/analyses/decompiler/sequence_walker.py +5 -10
  180. angr/analyses/decompiler/ssailification/__init__.py +4 -0
  181. angr/analyses/decompiler/ssailification/rewriting.py +325 -0
  182. angr/analyses/decompiler/ssailification/rewriting_engine.py +601 -0
  183. angr/analyses/decompiler/ssailification/rewriting_state.py +60 -0
  184. angr/analyses/decompiler/ssailification/ssailification.py +213 -0
  185. angr/analyses/decompiler/ssailification/traversal.py +97 -0
  186. angr/analyses/decompiler/ssailification/traversal_engine.py +131 -0
  187. angr/analyses/decompiler/ssailification/traversal_state.py +42 -0
  188. angr/analyses/decompiler/structured_codegen/__init__.py +1 -0
  189. angr/analyses/decompiler/structured_codegen/base.py +2 -2
  190. angr/analyses/decompiler/structured_codegen/c.py +163 -158
  191. angr/analyses/decompiler/structured_codegen/dummy.py +1 -0
  192. angr/analyses/decompiler/structured_codegen/dwarf_import.py +1 -0
  193. angr/analyses/decompiler/structuring/__init__.py +1 -0
  194. angr/analyses/decompiler/structuring/dream.py +19 -36
  195. angr/analyses/decompiler/structuring/phoenix.py +199 -199
  196. angr/analyses/decompiler/structuring/recursive_structurer.py +4 -3
  197. angr/analyses/decompiler/structuring/sailr.py +5 -4
  198. angr/analyses/decompiler/structuring/structurer_base.py +26 -23
  199. angr/analyses/decompiler/structuring/structurer_nodes.py +14 -24
  200. angr/analyses/decompiler/utils.py +112 -52
  201. angr/analyses/disassembly.py +75 -77
  202. angr/analyses/disassembly_utils.py +10 -13
  203. angr/analyses/dominance_frontier.py +25 -7
  204. angr/analyses/find_objects_static.py +3 -2
  205. angr/analyses/flirt.py +7 -10
  206. angr/analyses/forward_analysis/__init__.py +1 -0
  207. angr/analyses/forward_analysis/forward_analysis.py +9 -6
  208. angr/analyses/forward_analysis/job_info.py +3 -3
  209. angr/analyses/forward_analysis/visitors/__init__.py +1 -0
  210. angr/analyses/forward_analysis/visitors/call_graph.py +1 -0
  211. angr/analyses/forward_analysis/visitors/function_graph.py +3 -2
  212. angr/analyses/forward_analysis/visitors/graph.py +9 -9
  213. angr/analyses/forward_analysis/visitors/loop.py +1 -0
  214. angr/analyses/forward_analysis/visitors/single_node_graph.py +2 -2
  215. angr/analyses/identifier/__init__.py +1 -0
  216. angr/analyses/identifier/custom_callable.py +2 -2
  217. angr/analyses/identifier/errors.py +1 -0
  218. angr/analyses/identifier/func.py +6 -3
  219. angr/analyses/identifier/functions/__init__.py +2 -1
  220. angr/analyses/identifier/functions/atoi.py +2 -4
  221. angr/analyses/identifier/functions/based_atoi.py +3 -6
  222. angr/analyses/identifier/functions/fdprintf.py +1 -0
  223. angr/analyses/identifier/functions/free.py +6 -6
  224. angr/analyses/identifier/functions/int2str.py +11 -26
  225. angr/analyses/identifier/functions/malloc.py +4 -6
  226. angr/analyses/identifier/functions/memcmp.py +2 -4
  227. angr/analyses/identifier/functions/memcpy.py +2 -2
  228. angr/analyses/identifier/functions/memset.py +2 -2
  229. angr/analyses/identifier/functions/printf.py +1 -0
  230. angr/analyses/identifier/functions/recv_until.py +3 -6
  231. angr/analyses/identifier/functions/skip_calloc.py +2 -1
  232. angr/analyses/identifier/functions/skip_realloc.py +4 -6
  233. angr/analyses/identifier/functions/skip_recv_n.py +4 -6
  234. angr/analyses/identifier/functions/snprintf.py +2 -4
  235. angr/analyses/identifier/functions/sprintf.py +1 -0
  236. angr/analyses/identifier/functions/strcasecmp.py +1 -0
  237. angr/analyses/identifier/functions/strcmp.py +2 -1
  238. angr/analyses/identifier/functions/strcpy.py +2 -2
  239. angr/analyses/identifier/functions/strlen.py +1 -0
  240. angr/analyses/identifier/functions/strncmp.py +2 -1
  241. angr/analyses/identifier/functions/strncpy.py +2 -2
  242. angr/analyses/identifier/functions/strtol.py +2 -4
  243. angr/analyses/identifier/identify.py +46 -67
  244. angr/analyses/identifier/runner.py +8 -7
  245. angr/analyses/init_finder.py +17 -17
  246. angr/analyses/loop_analysis.py +10 -14
  247. angr/analyses/loopfinder.py +9 -13
  248. angr/analyses/propagator/__init__.py +1 -0
  249. angr/analyses/propagator/engine_ail.py +159 -165
  250. angr/analyses/propagator/engine_base.py +3 -2
  251. angr/analyses/propagator/engine_vex.py +47 -48
  252. angr/analyses/propagator/outdated_definition_walker.py +18 -23
  253. angr/analyses/propagator/propagator.py +8 -12
  254. angr/analyses/propagator/tmpvar_finder.py +1 -0
  255. angr/analyses/propagator/top_checker_mixin.py +2 -4
  256. angr/analyses/propagator/values.py +1 -0
  257. angr/analyses/propagator/vex_vars.py +3 -2
  258. angr/analyses/proximity_graph.py +12 -20
  259. angr/analyses/reaching_definitions/__init__.py +5 -4
  260. angr/analyses/reaching_definitions/call_trace.py +7 -6
  261. angr/analyses/reaching_definitions/dep_graph.py +18 -23
  262. angr/analyses/reaching_definitions/engine_ail.py +89 -121
  263. angr/analyses/reaching_definitions/engine_vex.py +20 -32
  264. angr/analyses/reaching_definitions/function_handler.py +32 -33
  265. angr/analyses/reaching_definitions/function_handler_library/__init__.py +1 -0
  266. angr/analyses/reaching_definitions/function_handler_library/stdio.py +4 -6
  267. angr/analyses/reaching_definitions/function_handler_library/stdlib.py +1 -2
  268. angr/analyses/reaching_definitions/function_handler_library/string.py +2 -4
  269. angr/analyses/reaching_definitions/function_handler_library/unistd.py +1 -0
  270. angr/analyses/reaching_definitions/heap_allocator.py +7 -6
  271. angr/analyses/reaching_definitions/rd_initializer.py +27 -25
  272. angr/analyses/reaching_definitions/rd_state.py +14 -16
  273. angr/analyses/reaching_definitions/reaching_definitions.py +27 -36
  274. angr/analyses/reaching_definitions/subject.py +3 -2
  275. angr/analyses/reassembler.py +189 -253
  276. angr/analyses/s_liveness/__init__.py +2 -0
  277. angr/analyses/s_liveness/s_liveness.py +153 -0
  278. angr/analyses/s_propagator/__init__.py +2 -0
  279. angr/analyses/s_propagator/s_propagator.py +250 -0
  280. angr/analyses/s_reaching_definitions/__init__.py +2 -0
  281. angr/analyses/s_reaching_definitions/s_rda.py +479 -0
  282. angr/analyses/soot_class_hierarchy.py +15 -24
  283. angr/analyses/stack_pointer_tracker.py +83 -93
  284. angr/analyses/static_hooker.py +3 -2
  285. angr/analyses/typehoon/__init__.py +1 -0
  286. angr/analyses/typehoon/dfa.py +5 -5
  287. angr/analyses/typehoon/lifter.py +5 -4
  288. angr/analyses/typehoon/simple_solver.py +80 -64
  289. angr/analyses/typehoon/translator.py +7 -14
  290. angr/analyses/typehoon/typeconsts.py +14 -12
  291. angr/analyses/typehoon/typehoon.py +8 -10
  292. angr/analyses/typehoon/typevars.py +37 -49
  293. angr/analyses/typehoon/variance.py +1 -0
  294. angr/analyses/variable_recovery/__init__.py +1 -0
  295. angr/analyses/variable_recovery/annotations.py +1 -0
  296. angr/analyses/variable_recovery/engine_ail.py +78 -32
  297. angr/analyses/variable_recovery/engine_base.py +233 -59
  298. angr/analyses/variable_recovery/engine_vex.py +10 -11
  299. angr/analyses/variable_recovery/irsb_scanner.py +1 -0
  300. angr/analyses/variable_recovery/variable_recovery.py +14 -16
  301. angr/analyses/variable_recovery/variable_recovery_base.py +12 -14
  302. angr/analyses/variable_recovery/variable_recovery_fast.py +67 -47
  303. angr/analyses/veritesting.py +10 -16
  304. angr/analyses/vfg.py +105 -151
  305. angr/analyses/vsa_ddg.py +3 -5
  306. angr/analyses/vtable.py +6 -6
  307. angr/analyses/xrefs.py +9 -13
  308. angr/angrdb/__init__.py +4 -2
  309. angr/angrdb/db.py +51 -53
  310. angr/angrdb/models.py +1 -0
  311. angr/angrdb/serializers/__init__.py +1 -0
  312. angr/angrdb/serializers/cfg_model.py +2 -2
  313. angr/angrdb/serializers/comments.py +1 -0
  314. angr/angrdb/serializers/funcs.py +4 -3
  315. angr/angrdb/serializers/kb.py +3 -2
  316. angr/angrdb/serializers/labels.py +1 -0
  317. angr/angrdb/serializers/structured_code.py +5 -10
  318. angr/angrdb/serializers/variables.py +6 -6
  319. angr/angrdb/serializers/xrefs.py +2 -2
  320. angr/annocfg.py +17 -25
  321. angr/blade.py +19 -23
  322. angr/block.py +11 -13
  323. angr/callable.py +4 -3
  324. angr/calling_conventions.py +80 -123
  325. angr/code_location.py +12 -13
  326. angr/codenode.py +2 -1
  327. angr/concretization_strategies/__init__.py +6 -6
  328. angr/concretization_strategies/any.py +5 -4
  329. angr/concretization_strategies/any_named.py +4 -1
  330. angr/concretization_strategies/controlled_data.py +5 -2
  331. angr/concretization_strategies/eval.py +2 -2
  332. angr/concretization_strategies/logging.py +1 -0
  333. angr/concretization_strategies/max.py +6 -6
  334. angr/concretization_strategies/nonzero.py +1 -0
  335. angr/concretization_strategies/nonzero_range.py +4 -3
  336. angr/concretization_strategies/norepeats.py +2 -1
  337. angr/concretization_strategies/norepeats_range.py +1 -0
  338. angr/concretization_strategies/range.py +1 -0
  339. angr/concretization_strategies/signed_add.py +15 -9
  340. angr/concretization_strategies/single.py +2 -0
  341. angr/concretization_strategies/solutions.py +1 -0
  342. angr/concretization_strategies/unlimited_range.py +1 -0
  343. angr/distributed/__init__.py +1 -0
  344. angr/distributed/server.py +2 -2
  345. angr/distributed/worker.py +3 -3
  346. angr/engines/__init__.py +1 -0
  347. angr/engines/concrete.py +4 -1
  348. angr/engines/engine.py +4 -6
  349. angr/engines/failure.py +2 -1
  350. angr/engines/hook.py +1 -0
  351. angr/engines/light/__init__.py +1 -0
  352. angr/engines/light/data.py +221 -255
  353. angr/engines/light/engine.py +66 -74
  354. angr/engines/pcode/__init__.py +1 -0
  355. angr/engines/pcode/behavior.py +5 -3
  356. angr/engines/pcode/cc.py +1 -0
  357. angr/engines/pcode/emulate.py +16 -19
  358. angr/engines/pcode/engine.py +8 -10
  359. angr/engines/pcode/lifter.py +62 -79
  360. angr/engines/procedure.py +1 -0
  361. angr/engines/soot/__init__.py +1 -0
  362. angr/engines/soot/engine.py +48 -53
  363. angr/engines/soot/exceptions.py +3 -0
  364. angr/engines/soot/expressions/__init__.py +1 -0
  365. angr/engines/soot/expressions/arrayref.py +1 -0
  366. angr/engines/soot/expressions/base.py +4 -5
  367. angr/engines/soot/expressions/binop.py +1 -0
  368. angr/engines/soot/expressions/cast.py +1 -0
  369. angr/engines/soot/expressions/condition.py +1 -0
  370. angr/engines/soot/expressions/constants.py +7 -5
  371. angr/engines/soot/expressions/instanceOf.py +1 -0
  372. angr/engines/soot/expressions/instancefieldref.py +1 -0
  373. angr/engines/soot/expressions/invoke.py +7 -9
  374. angr/engines/soot/expressions/length.py +1 -0
  375. angr/engines/soot/expressions/local.py +1 -0
  376. angr/engines/soot/expressions/new.py +1 -0
  377. angr/engines/soot/expressions/newArray.py +4 -1
  378. angr/engines/soot/expressions/newMultiArray.py +6 -4
  379. angr/engines/soot/expressions/paramref.py +1 -0
  380. angr/engines/soot/expressions/phi.py +1 -0
  381. angr/engines/soot/expressions/staticfieldref.py +1 -0
  382. angr/engines/soot/expressions/thisref.py +1 -0
  383. angr/engines/soot/expressions/unsupported.py +1 -0
  384. angr/engines/soot/field_dispatcher.py +5 -8
  385. angr/engines/soot/method_dispatcher.py +4 -7
  386. angr/engines/soot/statements/__init__.py +4 -4
  387. angr/engines/soot/statements/assign.py +1 -0
  388. angr/engines/soot/statements/base.py +6 -7
  389. angr/engines/soot/statements/goto.py +4 -1
  390. angr/engines/soot/statements/identity.py +1 -0
  391. angr/engines/soot/statements/if_.py +4 -1
  392. angr/engines/soot/statements/invoke.py +1 -0
  393. angr/engines/soot/statements/return_.py +1 -0
  394. angr/engines/soot/statements/switch.py +4 -1
  395. angr/engines/soot/statements/throw.py +5 -2
  396. angr/engines/soot/values/__init__.py +4 -2
  397. angr/engines/soot/values/arrayref.py +13 -15
  398. angr/engines/soot/values/base.py +4 -1
  399. angr/engines/soot/values/constants.py +1 -0
  400. angr/engines/soot/values/instancefieldref.py +1 -0
  401. angr/engines/soot/values/local.py +1 -0
  402. angr/engines/soot/values/paramref.py +1 -0
  403. angr/engines/soot/values/staticfieldref.py +1 -0
  404. angr/engines/soot/values/strref.py +3 -2
  405. angr/engines/soot/values/thisref.py +1 -0
  406. angr/engines/successors.py +20 -23
  407. angr/engines/syscall.py +9 -9
  408. angr/engines/unicorn.py +20 -14
  409. angr/engines/vex/__init__.py +1 -0
  410. angr/engines/vex/claripy/__init__.py +1 -0
  411. angr/engines/vex/claripy/ccall.py +86 -112
  412. angr/engines/vex/claripy/datalayer.py +12 -16
  413. angr/engines/vex/claripy/irop.py +85 -104
  414. angr/engines/vex/heavy/__init__.py +1 -0
  415. angr/engines/vex/heavy/actions.py +1 -0
  416. angr/engines/vex/heavy/concretizers.py +14 -15
  417. angr/engines/vex/heavy/dirty.py +20 -21
  418. angr/engines/vex/heavy/heavy.py +17 -20
  419. angr/engines/vex/heavy/inspect.py +1 -0
  420. angr/engines/vex/heavy/resilience.py +2 -2
  421. angr/engines/vex/heavy/super_fastpath.py +2 -2
  422. angr/engines/vex/lifter.py +28 -35
  423. angr/engines/vex/light/__init__.py +1 -0
  424. angr/engines/vex/light/light.py +2 -4
  425. angr/engines/vex/light/resilience.py +1 -0
  426. angr/engines/vex/light/slicing.py +1 -0
  427. angr/errors.py +2 -1
  428. angr/exploration_techniques/__init__.py +3 -2
  429. angr/exploration_techniques/bucketizer.py +2 -3
  430. angr/exploration_techniques/common.py +3 -3
  431. angr/exploration_techniques/dfs.py +1 -0
  432. angr/exploration_techniques/director.py +18 -20
  433. angr/exploration_techniques/driller_core.py +5 -6
  434. angr/exploration_techniques/explorer.py +7 -3
  435. angr/exploration_techniques/lengthlimiter.py +1 -0
  436. angr/exploration_techniques/local_loop_seer.py +2 -2
  437. angr/exploration_techniques/loop_seer.py +11 -14
  438. angr/exploration_techniques/manual_mergepoint.py +3 -2
  439. angr/exploration_techniques/memory_watcher.py +1 -0
  440. angr/exploration_techniques/oppologist.py +4 -4
  441. angr/exploration_techniques/slicecutor.py +1 -0
  442. angr/exploration_techniques/spiller.py +8 -8
  443. angr/exploration_techniques/spiller_db.py +1 -0
  444. angr/exploration_techniques/stochastic.py +3 -4
  445. angr/exploration_techniques/stub_stasher.py +1 -0
  446. angr/exploration_techniques/suggestions.py +3 -2
  447. angr/exploration_techniques/symbion.py +1 -0
  448. angr/exploration_techniques/tech_builder.py +1 -0
  449. angr/exploration_techniques/threading.py +1 -0
  450. angr/exploration_techniques/timeout.py +1 -0
  451. angr/exploration_techniques/tracer.py +36 -40
  452. angr/exploration_techniques/unique.py +1 -0
  453. angr/exploration_techniques/veritesting.py +1 -0
  454. angr/factory.py +9 -9
  455. angr/flirt/__init__.py +1 -0
  456. angr/flirt/build_sig.py +8 -12
  457. angr/keyed_region.py +10 -17
  458. angr/knowledge_base/__init__.py +1 -0
  459. angr/knowledge_base/knowledge_base.py +17 -17
  460. angr/knowledge_plugins/__init__.py +1 -0
  461. angr/knowledge_plugins/callsite_prototypes.py +1 -0
  462. angr/knowledge_plugins/cfg/__init__.py +2 -0
  463. angr/knowledge_plugins/cfg/cfg_manager.py +2 -1
  464. angr/knowledge_plugins/cfg/cfg_model.py +25 -42
  465. angr/knowledge_plugins/cfg/cfg_node.py +8 -19
  466. angr/knowledge_plugins/cfg/indirect_jump.py +3 -5
  467. angr/knowledge_plugins/cfg/memory_data.py +3 -3
  468. angr/knowledge_plugins/comments.py +1 -0
  469. angr/knowledge_plugins/custom_strings.py +1 -0
  470. angr/knowledge_plugins/data.py +1 -0
  471. angr/knowledge_plugins/debug_variables.py +18 -23
  472. angr/knowledge_plugins/functions/__init__.py +1 -0
  473. angr/knowledge_plugins/functions/function.py +49 -53
  474. angr/knowledge_plugins/functions/function_manager.py +14 -14
  475. angr/knowledge_plugins/functions/function_parser.py +38 -42
  476. angr/knowledge_plugins/functions/soot_function.py +5 -6
  477. angr/knowledge_plugins/indirect_jumps.py +1 -0
  478. angr/knowledge_plugins/key_definitions/__init__.py +1 -0
  479. angr/knowledge_plugins/key_definitions/atoms.py +65 -17
  480. angr/knowledge_plugins/key_definitions/constants.py +6 -0
  481. angr/knowledge_plugins/key_definitions/definition.py +22 -25
  482. angr/knowledge_plugins/key_definitions/environment.py +18 -14
  483. angr/knowledge_plugins/key_definitions/heap_address.py +4 -3
  484. angr/knowledge_plugins/key_definitions/key_definition_manager.py +5 -4
  485. angr/knowledge_plugins/key_definitions/live_definitions.py +36 -45
  486. angr/knowledge_plugins/key_definitions/liveness.py +18 -23
  487. angr/knowledge_plugins/key_definitions/rd_model.py +29 -34
  488. angr/knowledge_plugins/key_definitions/tag.py +7 -6
  489. angr/knowledge_plugins/key_definitions/undefined.py +3 -0
  490. angr/knowledge_plugins/key_definitions/unknown_size.py +3 -0
  491. angr/knowledge_plugins/key_definitions/uses.py +21 -23
  492. angr/knowledge_plugins/labels.py +3 -2
  493. angr/knowledge_plugins/patches.py +2 -1
  494. angr/knowledge_plugins/plugin.py +2 -1
  495. angr/knowledge_plugins/propagations/__init__.py +1 -0
  496. angr/knowledge_plugins/propagations/prop_value.py +25 -27
  497. angr/knowledge_plugins/propagations/propagation_manager.py +2 -2
  498. angr/knowledge_plugins/propagations/propagation_model.py +5 -4
  499. angr/knowledge_plugins/propagations/states.py +71 -81
  500. angr/knowledge_plugins/structured_code/__init__.py +1 -0
  501. angr/knowledge_plugins/structured_code/manager.py +5 -4
  502. angr/knowledge_plugins/sync/__init__.py +1 -0
  503. angr/knowledge_plugins/sync/sync_controller.py +10 -15
  504. angr/knowledge_plugins/types.py +1 -0
  505. angr/knowledge_plugins/variables/__init__.py +1 -0
  506. angr/knowledge_plugins/variables/variable_access.py +9 -10
  507. angr/knowledge_plugins/variables/variable_manager.py +84 -55
  508. angr/knowledge_plugins/xrefs/__init__.py +1 -0
  509. angr/knowledge_plugins/xrefs/xref.py +7 -11
  510. angr/knowledge_plugins/xrefs/xref_manager.py +1 -0
  511. angr/knowledge_plugins/xrefs/xref_types.py +3 -0
  512. angr/misc/__init__.py +1 -0
  513. angr/misc/ansi.py +1 -0
  514. angr/misc/autoimport.py +3 -2
  515. angr/misc/bug_report.py +6 -5
  516. angr/misc/hookset.py +3 -2
  517. angr/misc/loggers.py +2 -2
  518. angr/misc/picklable_lock.py +1 -0
  519. angr/misc/plugins.py +11 -13
  520. angr/misc/range.py +3 -0
  521. angr/misc/testing.py +2 -1
  522. angr/misc/ux.py +5 -5
  523. angr/misc/weakpatch.py +1 -0
  524. angr/procedures/__init__.py +1 -0
  525. angr/procedures/cgc/_terminate.py +1 -0
  526. angr/procedures/cgc/allocate.py +9 -10
  527. angr/procedures/cgc/deallocate.py +11 -3
  528. angr/procedures/cgc/fdwait.py +16 -13
  529. angr/procedures/cgc/random.py +12 -5
  530. angr/procedures/cgc/receive.py +30 -28
  531. angr/procedures/cgc/transmit.py +6 -4
  532. angr/procedures/definitions/__init__.py +9 -10
  533. angr/procedures/definitions/cgc.py +1 -0
  534. angr/procedures/definitions/glibc.py +1 -0
  535. angr/procedures/definitions/gnulib.py +1 -0
  536. angr/procedures/definitions/libstdcpp.py +1 -0
  537. angr/procedures/definitions/linux_kernel.py +1 -0
  538. angr/procedures/definitions/linux_loader.py +1 -0
  539. angr/procedures/definitions/msvcr.py +1 -0
  540. angr/procedures/definitions/parse_syscalls_from_local_system.py +2 -1
  541. angr/procedures/definitions/parse_win32json.py +27 -30
  542. angr/procedures/definitions/types_win32.py +1 -0
  543. angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-4.py +1 -0
  544. angr/procedures/definitions/wdk_api-ms-win-dx-d3dkmt-l1-1-6.py +1 -0
  545. angr/procedures/definitions/wdk_clfs.py +1 -0
  546. angr/procedures/definitions/wdk_fltmgr.py +1 -0
  547. angr/procedures/definitions/wdk_fwpkclnt.py +1 -0
  548. angr/procedures/definitions/wdk_fwpuclnt.py +1 -0
  549. angr/procedures/definitions/wdk_gdi32.py +1 -0
  550. angr/procedures/definitions/wdk_hal.py +1 -0
  551. angr/procedures/definitions/wdk_ksecdd.py +1 -0
  552. angr/procedures/definitions/wdk_ndis.py +1 -0
  553. angr/procedures/definitions/wdk_ntoskrnl.py +1 -0
  554. angr/procedures/definitions/wdk_offreg.py +1 -0
  555. angr/procedures/definitions/wdk_pshed.py +1 -0
  556. angr/procedures/definitions/wdk_secur32.py +1 -0
  557. angr/procedures/definitions/wdk_vhfum.py +1 -0
  558. angr/procedures/definitions/win32_aclui.py +1 -0
  559. angr/procedures/definitions/win32_activeds.py +1 -0
  560. angr/procedures/definitions/win32_advapi32.py +1 -0
  561. angr/procedures/definitions/win32_advpack.py +1 -0
  562. angr/procedures/definitions/win32_amsi.py +1 -0
  563. angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-1.py +1 -0
  564. angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-3.py +1 -0
  565. angr/procedures/definitions/win32_api-ms-win-appmodel-runtime-l1-1-6.py +1 -0
  566. angr/procedures/definitions/win32_api-ms-win-core-apiquery-l2-1-0.py +1 -0
  567. angr/procedures/definitions/win32_api-ms-win-core-backgroundtask-l1-1-0.py +1 -0
  568. angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-1.py +1 -0
  569. angr/procedures/definitions/win32_api-ms-win-core-comm-l1-1-2.py +1 -0
  570. angr/procedures/definitions/win32_api-ms-win-core-enclave-l1-1-1.py +1 -0
  571. angr/procedures/definitions/win32_api-ms-win-core-errorhandling-l1-1-3.py +1 -0
  572. angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-0.py +1 -0
  573. angr/procedures/definitions/win32_api-ms-win-core-featurestaging-l1-1-1.py +1 -0
  574. angr/procedures/definitions/win32_api-ms-win-core-file-fromapp-l1-1-0.py +1 -0
  575. angr/procedures/definitions/win32_api-ms-win-core-handle-l1-1-0.py +1 -0
  576. angr/procedures/definitions/win32_api-ms-win-core-ioring-l1-1-0.py +1 -0
  577. angr/procedures/definitions/win32_api-ms-win-core-marshal-l1-1-0.py +1 -0
  578. angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-3.py +1 -0
  579. angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-4.py +1 -0
  580. angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-5.py +1 -0
  581. angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-6.py +1 -0
  582. angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-7.py +1 -0
  583. angr/procedures/definitions/win32_api-ms-win-core-memory-l1-1-8.py +1 -0
  584. angr/procedures/definitions/win32_api-ms-win-core-path-l1-1-0.py +1 -0
  585. angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-0.py +1 -0
  586. angr/procedures/definitions/win32_api-ms-win-core-psm-appnotify-l1-1-1.py +1 -0
  587. angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-1.py +1 -0
  588. angr/procedures/definitions/win32_api-ms-win-core-realtime-l1-1-2.py +1 -0
  589. angr/procedures/definitions/win32_api-ms-win-core-slapi-l1-1-0.py +1 -0
  590. angr/procedures/definitions/win32_api-ms-win-core-state-helpers-l1-1-0.py +1 -0
  591. angr/procedures/definitions/win32_api-ms-win-core-synch-l1-2-0.py +1 -0
  592. angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-0.py +1 -0
  593. angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-3.py +1 -0
  594. angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-4.py +1 -0
  595. angr/procedures/definitions/win32_api-ms-win-core-sysinfo-l1-2-6.py +1 -0
  596. angr/procedures/definitions/win32_api-ms-win-core-util-l1-1-1.py +1 -0
  597. angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-0.py +1 -0
  598. angr/procedures/definitions/win32_api-ms-win-core-winrt-error-l1-1-1.py +1 -0
  599. angr/procedures/definitions/win32_api-ms-win-core-winrt-l1-1-0.py +1 -0
  600. angr/procedures/definitions/win32_api-ms-win-core-winrt-registration-l1-1-0.py +1 -0
  601. angr/procedures/definitions/win32_api-ms-win-core-winrt-robuffer-l1-1-0.py +1 -0
  602. angr/procedures/definitions/win32_api-ms-win-core-winrt-roparameterizediid-l1-1-0.py +1 -0
  603. angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-0.py +1 -0
  604. angr/procedures/definitions/win32_api-ms-win-core-winrt-string-l1-1-1.py +1 -0
  605. angr/procedures/definitions/win32_api-ms-win-core-wow64-l1-1-1.py +1 -0
  606. angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-0.py +1 -0
  607. angr/procedures/definitions/win32_api-ms-win-devices-query-l1-1-1.py +1 -0
  608. angr/procedures/definitions/win32_api-ms-win-dx-d3dkmt-l1-1-0.py +1 -0
  609. angr/procedures/definitions/win32_api-ms-win-gaming-deviceinformation-l1-1-0.py +1 -0
  610. angr/procedures/definitions/win32_api-ms-win-gaming-expandedresources-l1-1-0.py +1 -0
  611. angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-0.py +1 -0
  612. angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-1.py +1 -0
  613. angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-2.py +1 -0
  614. angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-3.py +1 -0
  615. angr/procedures/definitions/win32_api-ms-win-gaming-tcui-l1-1-4.py +1 -0
  616. angr/procedures/definitions/win32_api-ms-win-mm-misc-l1-1-1.py +1 -0
  617. angr/procedures/definitions/win32_api-ms-win-net-isolation-l1-1-0.py +1 -0
  618. angr/procedures/definitions/win32_api-ms-win-security-base-l1-2-2.py +1 -0
  619. angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-0.py +1 -0
  620. angr/procedures/definitions/win32_api-ms-win-security-isolatedcontainer-l1-1-1.py +1 -0
  621. angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-3.py +1 -0
  622. angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-4.py +1 -0
  623. angr/procedures/definitions/win32_api-ms-win-service-core-l1-1-5.py +1 -0
  624. angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-0.py +1 -0
  625. angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-1.py +1 -0
  626. angr/procedures/definitions/win32_api-ms-win-shcore-scaling-l1-1-2.py +1 -0
  627. angr/procedures/definitions/win32_api-ms-win-shcore-stream-winrt-l1-1-0.py +1 -0
  628. angr/procedures/definitions/win32_api-ms-win-wsl-api-l1-1-0.py +1 -0
  629. angr/procedures/definitions/win32_apphelp.py +1 -0
  630. angr/procedures/definitions/win32_authz.py +1 -0
  631. angr/procedures/definitions/win32_avicap32.py +1 -0
  632. angr/procedures/definitions/win32_avifil32.py +1 -0
  633. angr/procedures/definitions/win32_avrt.py +1 -0
  634. angr/procedures/definitions/win32_bcp47mrm.py +1 -0
  635. angr/procedures/definitions/win32_bcrypt.py +1 -0
  636. angr/procedures/definitions/win32_bcryptprimitives.py +1 -0
  637. angr/procedures/definitions/win32_bluetoothapis.py +1 -0
  638. angr/procedures/definitions/win32_bthprops.py +1 -0
  639. angr/procedures/definitions/win32_bthprops_cpl.py +1 -0
  640. angr/procedures/definitions/win32_cabinet.py +1 -0
  641. angr/procedures/definitions/win32_certadm.py +1 -0
  642. angr/procedures/definitions/win32_certpoleng.py +1 -0
  643. angr/procedures/definitions/win32_cfgmgr32.py +1 -0
  644. angr/procedures/definitions/win32_chakra.py +1 -0
  645. angr/procedures/definitions/win32_cldapi.py +1 -0
  646. angr/procedures/definitions/win32_clfsw32.py +1 -0
  647. angr/procedures/definitions/win32_clusapi.py +1 -0
  648. angr/procedures/definitions/win32_comctl32.py +1 -0
  649. angr/procedures/definitions/win32_comdlg32.py +1 -0
  650. angr/procedures/definitions/win32_compstui.py +1 -0
  651. angr/procedures/definitions/win32_computecore.py +1 -0
  652. angr/procedures/definitions/win32_computenetwork.py +1 -0
  653. angr/procedures/definitions/win32_computestorage.py +1 -0
  654. angr/procedures/definitions/win32_comsvcs.py +1 -0
  655. angr/procedures/definitions/win32_coremessaging.py +1 -0
  656. angr/procedures/definitions/win32_credui.py +1 -0
  657. angr/procedures/definitions/win32_crypt32.py +1 -0
  658. angr/procedures/definitions/win32_cryptnet.py +1 -0
  659. angr/procedures/definitions/win32_cryptui.py +1 -0
  660. angr/procedures/definitions/win32_cryptxml.py +1 -0
  661. angr/procedures/definitions/win32_cscapi.py +1 -0
  662. angr/procedures/definitions/win32_d2d1.py +1 -0
  663. angr/procedures/definitions/win32_d3d10.py +1 -0
  664. angr/procedures/definitions/win32_d3d10_1.py +1 -0
  665. angr/procedures/definitions/win32_d3d11.py +1 -0
  666. angr/procedures/definitions/win32_d3d12.py +1 -0
  667. angr/procedures/definitions/win32_d3d9.py +1 -0
  668. angr/procedures/definitions/win32_d3dcompiler_47.py +1 -0
  669. angr/procedures/definitions/win32_d3dcsx.py +1 -0
  670. angr/procedures/definitions/win32_davclnt.py +1 -0
  671. angr/procedures/definitions/win32_dbgeng.py +1 -0
  672. angr/procedures/definitions/win32_dbghelp.py +1 -0
  673. angr/procedures/definitions/win32_dbgmodel.py +1 -0
  674. angr/procedures/definitions/win32_dciman32.py +1 -0
  675. angr/procedures/definitions/win32_dcomp.py +1 -0
  676. angr/procedures/definitions/win32_ddraw.py +1 -0
  677. angr/procedures/definitions/win32_deviceaccess.py +1 -0
  678. angr/procedures/definitions/win32_dflayout.py +1 -0
  679. angr/procedures/definitions/win32_dhcpcsvc.py +1 -0
  680. angr/procedures/definitions/win32_dhcpcsvc6.py +1 -0
  681. angr/procedures/definitions/win32_dhcpsapi.py +1 -0
  682. angr/procedures/definitions/win32_diagnosticdataquery.py +1 -0
  683. angr/procedures/definitions/win32_dinput8.py +1 -0
  684. angr/procedures/definitions/win32_directml.py +1 -0
  685. angr/procedures/definitions/win32_dmprocessxmlfiltered.py +1 -0
  686. angr/procedures/definitions/win32_dnsapi.py +1 -0
  687. angr/procedures/definitions/win32_drt.py +1 -0
  688. angr/procedures/definitions/win32_drtprov.py +1 -0
  689. angr/procedures/definitions/win32_drttransport.py +1 -0
  690. angr/procedures/definitions/win32_dsound.py +1 -0
  691. angr/procedures/definitions/win32_dsparse.py +1 -0
  692. angr/procedures/definitions/win32_dsprop.py +1 -0
  693. angr/procedures/definitions/win32_dssec.py +1 -0
  694. angr/procedures/definitions/win32_dsuiext.py +1 -0
  695. angr/procedures/definitions/win32_dwmapi.py +1 -0
  696. angr/procedures/definitions/win32_dwrite.py +1 -0
  697. angr/procedures/definitions/win32_dxcompiler.py +1 -0
  698. angr/procedures/definitions/win32_dxcore.py +1 -0
  699. angr/procedures/definitions/win32_dxgi.py +1 -0
  700. angr/procedures/definitions/win32_dxva2.py +1 -0
  701. angr/procedures/definitions/win32_eappcfg.py +1 -0
  702. angr/procedures/definitions/win32_eappprxy.py +1 -0
  703. angr/procedures/definitions/win32_efswrt.py +1 -0
  704. angr/procedures/definitions/win32_elscore.py +1 -0
  705. angr/procedures/definitions/win32_esent.py +1 -0
  706. angr/procedures/definitions/win32_evr.py +1 -0
  707. angr/procedures/definitions/win32_faultrep.py +1 -0
  708. angr/procedures/definitions/win32_fhsvcctl.py +1 -0
  709. angr/procedures/definitions/win32_firewallapi.py +1 -0
  710. angr/procedures/definitions/win32_fltlib.py +1 -0
  711. angr/procedures/definitions/win32_fontsub.py +1 -0
  712. angr/procedures/definitions/win32_forceinline.py +1 -0
  713. angr/procedures/definitions/win32_fwpuclnt.py +1 -0
  714. angr/procedures/definitions/win32_fxsutility.py +1 -0
  715. angr/procedures/definitions/win32_gdi32.py +1 -0
  716. angr/procedures/definitions/win32_gdiplus.py +1 -0
  717. angr/procedures/definitions/win32_glu32.py +1 -0
  718. angr/procedures/definitions/win32_gpedit.py +1 -0
  719. angr/procedures/definitions/win32_hhctrl_ocx.py +1 -0
  720. angr/procedures/definitions/win32_hid.py +1 -0
  721. angr/procedures/definitions/win32_hlink.py +1 -0
  722. angr/procedures/definitions/win32_hrtfapo.py +1 -0
  723. angr/procedures/definitions/win32_httpapi.py +1 -0
  724. angr/procedures/definitions/win32_icm32.py +1 -0
  725. angr/procedures/definitions/win32_icmui.py +1 -0
  726. angr/procedures/definitions/win32_icu.py +1 -0
  727. angr/procedures/definitions/win32_ieframe.py +1 -0
  728. angr/procedures/definitions/win32_imagehlp.py +1 -0
  729. angr/procedures/definitions/win32_imgutil.py +1 -0
  730. angr/procedures/definitions/win32_imm32.py +1 -0
  731. angr/procedures/definitions/win32_infocardapi.py +1 -0
  732. angr/procedures/definitions/win32_inkobjcore.py +1 -0
  733. angr/procedures/definitions/win32_iphlpapi.py +1 -0
  734. angr/procedures/definitions/win32_iscsidsc.py +1 -0
  735. angr/procedures/definitions/win32_isolatedwindowsenvironmentutils.py +1 -0
  736. angr/procedures/definitions/win32_kernel32.py +1 -0
  737. angr/procedures/definitions/win32_kernelbase.py +1 -0
  738. angr/procedures/definitions/win32_keycredmgr.py +1 -0
  739. angr/procedures/definitions/win32_ksproxy_ax.py +1 -0
  740. angr/procedures/definitions/win32_ksuser.py +1 -0
  741. angr/procedures/definitions/win32_ktmw32.py +1 -0
  742. angr/procedures/definitions/win32_licenseprotection.py +1 -0
  743. angr/procedures/definitions/win32_loadperf.py +1 -0
  744. angr/procedures/definitions/win32_magnification.py +1 -0
  745. angr/procedures/definitions/win32_mapi32.py +1 -0
  746. angr/procedures/definitions/win32_mdmlocalmanagement.py +1 -0
  747. angr/procedures/definitions/win32_mdmregistration.py +1 -0
  748. angr/procedures/definitions/win32_mf.py +1 -0
  749. angr/procedures/definitions/win32_mfcore.py +1 -0
  750. angr/procedures/definitions/win32_mfplat.py +1 -0
  751. angr/procedures/definitions/win32_mfplay.py +1 -0
  752. angr/procedures/definitions/win32_mfreadwrite.py +1 -0
  753. angr/procedures/definitions/win32_mfsensorgroup.py +1 -0
  754. angr/procedures/definitions/win32_mfsrcsnk.py +1 -0
  755. angr/procedures/definitions/win32_mgmtapi.py +1 -0
  756. angr/procedures/definitions/win32_mi.py +1 -0
  757. angr/procedures/definitions/win32_mmdevapi.py +1 -0
  758. angr/procedures/definitions/win32_mpr.py +1 -0
  759. angr/procedures/definitions/win32_mprapi.py +1 -0
  760. angr/procedures/definitions/win32_mqrt.py +1 -0
  761. angr/procedures/definitions/win32_mrmsupport.py +1 -0
  762. angr/procedures/definitions/win32_msacm32.py +1 -0
  763. angr/procedures/definitions/win32_msajapi.py +1 -0
  764. angr/procedures/definitions/win32_mscms.py +1 -0
  765. angr/procedures/definitions/win32_mscoree.py +1 -0
  766. angr/procedures/definitions/win32_msctfmonitor.py +1 -0
  767. angr/procedures/definitions/win32_msdelta.py +1 -0
  768. angr/procedures/definitions/win32_msdmo.py +1 -0
  769. angr/procedures/definitions/win32_msdrm.py +1 -0
  770. angr/procedures/definitions/win32_msi.py +1 -0
  771. angr/procedures/definitions/win32_msimg32.py +1 -0
  772. angr/procedures/definitions/win32_mspatcha.py +1 -0
  773. angr/procedures/definitions/win32_mspatchc.py +1 -0
  774. angr/procedures/definitions/win32_msports.py +1 -0
  775. angr/procedures/definitions/win32_msrating.py +1 -0
  776. angr/procedures/definitions/win32_mssign32.py +1 -0
  777. angr/procedures/definitions/win32_mstask.py +1 -0
  778. angr/procedures/definitions/win32_msvfw32.py +1 -0
  779. angr/procedures/definitions/win32_mswsock.py +1 -0
  780. angr/procedures/definitions/win32_mtxdm.py +1 -0
  781. angr/procedures/definitions/win32_ncrypt.py +1 -0
  782. angr/procedures/definitions/win32_ndfapi.py +1 -0
  783. angr/procedures/definitions/win32_netapi32.py +1 -0
  784. angr/procedures/definitions/win32_netsh.py +1 -0
  785. angr/procedures/definitions/win32_netshell.py +1 -0
  786. angr/procedures/definitions/win32_newdev.py +1 -0
  787. angr/procedures/definitions/win32_ninput.py +1 -0
  788. angr/procedures/definitions/win32_normaliz.py +1 -0
  789. angr/procedures/definitions/win32_ntdll.py +1 -0
  790. angr/procedures/definitions/win32_ntdllk.py +1 -0
  791. angr/procedures/definitions/win32_ntdsapi.py +1 -0
  792. angr/procedures/definitions/win32_ntlanman.py +1 -0
  793. angr/procedures/definitions/win32_odbc32.py +1 -0
  794. angr/procedures/definitions/win32_odbcbcp.py +1 -0
  795. angr/procedures/definitions/win32_ole32.py +1 -0
  796. angr/procedures/definitions/win32_oleacc.py +1 -0
  797. angr/procedures/definitions/win32_oleaut32.py +1 -0
  798. angr/procedures/definitions/win32_oledlg.py +1 -0
  799. angr/procedures/definitions/win32_ondemandconnroutehelper.py +1 -0
  800. angr/procedures/definitions/win32_opengl32.py +1 -0
  801. angr/procedures/definitions/win32_opmxbox.py +1 -0
  802. angr/procedures/definitions/win32_p2p.py +1 -0
  803. angr/procedures/definitions/win32_p2pgraph.py +1 -0
  804. angr/procedures/definitions/win32_pdh.py +1 -0
  805. angr/procedures/definitions/win32_peerdist.py +1 -0
  806. angr/procedures/definitions/win32_powrprof.py +1 -0
  807. angr/procedures/definitions/win32_prntvpt.py +1 -0
  808. angr/procedures/definitions/win32_projectedfslib.py +1 -0
  809. angr/procedures/definitions/win32_propsys.py +1 -0
  810. angr/procedures/definitions/win32_psapi.py +1 -0
  811. angr/procedures/definitions/win32_quartz.py +1 -0
  812. angr/procedures/definitions/win32_query.py +1 -0
  813. angr/procedures/definitions/win32_qwave.py +1 -0
  814. angr/procedures/definitions/win32_rasapi32.py +1 -0
  815. angr/procedures/definitions/win32_rasdlg.py +1 -0
  816. angr/procedures/definitions/win32_resutils.py +1 -0
  817. angr/procedures/definitions/win32_rometadata.py +1 -0
  818. angr/procedures/definitions/win32_rpcns4.py +1 -0
  819. angr/procedures/definitions/win32_rpcproxy.py +1 -0
  820. angr/procedures/definitions/win32_rpcrt4.py +1 -0
  821. angr/procedures/definitions/win32_rstrtmgr.py +1 -0
  822. angr/procedures/definitions/win32_rtm.py +1 -0
  823. angr/procedures/definitions/win32_rtutils.py +1 -0
  824. angr/procedures/definitions/win32_rtworkq.py +1 -0
  825. angr/procedures/definitions/win32_sas.py +1 -0
  826. angr/procedures/definitions/win32_scarddlg.py +1 -0
  827. angr/procedures/definitions/win32_schannel.py +1 -0
  828. angr/procedures/definitions/win32_sechost.py +1 -0
  829. angr/procedures/definitions/win32_secur32.py +1 -0
  830. angr/procedures/definitions/win32_sensapi.py +1 -0
  831. angr/procedures/definitions/win32_sensorsutilsv2.py +1 -0
  832. angr/procedures/definitions/win32_setupapi.py +1 -0
  833. angr/procedures/definitions/win32_sfc.py +1 -0
  834. angr/procedures/definitions/win32_shdocvw.py +1 -0
  835. angr/procedures/definitions/win32_shell32.py +1 -0
  836. angr/procedures/definitions/win32_shlwapi.py +1 -0
  837. angr/procedures/definitions/win32_slc.py +1 -0
  838. angr/procedures/definitions/win32_slcext.py +1 -0
  839. angr/procedures/definitions/win32_slwga.py +1 -0
  840. angr/procedures/definitions/win32_snmpapi.py +1 -0
  841. angr/procedures/definitions/win32_spoolss.py +1 -0
  842. angr/procedures/definitions/win32_srclient.py +1 -0
  843. angr/procedures/definitions/win32_srpapi.py +1 -0
  844. angr/procedures/definitions/win32_sspicli.py +1 -0
  845. angr/procedures/definitions/win32_sti.py +1 -0
  846. angr/procedures/definitions/win32_t2embed.py +1 -0
  847. angr/procedures/definitions/win32_tapi32.py +1 -0
  848. angr/procedures/definitions/win32_tbs.py +1 -0
  849. angr/procedures/definitions/win32_tdh.py +1 -0
  850. angr/procedures/definitions/win32_tokenbinding.py +1 -0
  851. angr/procedures/definitions/win32_traffic.py +1 -0
  852. angr/procedures/definitions/win32_txfw32.py +1 -0
  853. angr/procedures/definitions/win32_ualapi.py +1 -0
  854. angr/procedures/definitions/win32_uiautomationcore.py +1 -0
  855. angr/procedures/definitions/win32_urlmon.py +1 -0
  856. angr/procedures/definitions/win32_user32.py +1 -0
  857. angr/procedures/definitions/win32_userenv.py +1 -0
  858. angr/procedures/definitions/win32_usp10.py +1 -0
  859. angr/procedures/definitions/win32_uxtheme.py +1 -0
  860. angr/procedures/definitions/win32_verifier.py +1 -0
  861. angr/procedures/definitions/win32_version.py +1 -0
  862. angr/procedures/definitions/win32_vertdll.py +1 -0
  863. angr/procedures/definitions/win32_virtdisk.py +1 -0
  864. angr/procedures/definitions/win32_vmdevicehost.py +1 -0
  865. angr/procedures/definitions/win32_vmsavedstatedumpprovider.py +1 -0
  866. angr/procedures/definitions/win32_vssapi.py +1 -0
  867. angr/procedures/definitions/win32_wcmapi.py +1 -0
  868. angr/procedures/definitions/win32_wdsbp.py +1 -0
  869. angr/procedures/definitions/win32_wdsclientapi.py +1 -0
  870. angr/procedures/definitions/win32_wdsmc.py +1 -0
  871. angr/procedures/definitions/win32_wdspxe.py +1 -0
  872. angr/procedures/definitions/win32_wdstptc.py +1 -0
  873. angr/procedures/definitions/win32_webauthn.py +1 -0
  874. angr/procedures/definitions/win32_webservices.py +1 -0
  875. angr/procedures/definitions/win32_websocket.py +1 -0
  876. angr/procedures/definitions/win32_wecapi.py +1 -0
  877. angr/procedures/definitions/win32_wer.py +1 -0
  878. angr/procedures/definitions/win32_wevtapi.py +1 -0
  879. angr/procedures/definitions/win32_winbio.py +1 -0
  880. angr/procedures/definitions/win32_windows_ai_machinelearning.py +1 -0
  881. angr/procedures/definitions/win32_windows_data_pdf.py +1 -0
  882. angr/procedures/definitions/win32_windows_media_mediacontrol.py +1 -0
  883. angr/procedures/definitions/win32_windows_networking.py +1 -0
  884. angr/procedures/definitions/win32_windows_ui_xaml.py +1 -0
  885. angr/procedures/definitions/win32_windowscodecs.py +1 -0
  886. angr/procedures/definitions/win32_winfax.py +1 -0
  887. angr/procedures/definitions/win32_winhttp.py +1 -0
  888. angr/procedures/definitions/win32_winhvemulation.py +1 -0
  889. angr/procedures/definitions/win32_winhvplatform.py +1 -0
  890. angr/procedures/definitions/win32_wininet.py +1 -0
  891. angr/procedures/definitions/win32_winml.py +1 -0
  892. angr/procedures/definitions/win32_winmm.py +1 -0
  893. angr/procedures/definitions/win32_winscard.py +1 -0
  894. angr/procedures/definitions/win32_winspool.py +1 -0
  895. angr/procedures/definitions/win32_winspool_drv.py +1 -0
  896. angr/procedures/definitions/win32_wintrust.py +1 -0
  897. angr/procedures/definitions/win32_winusb.py +1 -0
  898. angr/procedures/definitions/win32_wlanapi.py +1 -0
  899. angr/procedures/definitions/win32_wlanui.py +1 -0
  900. angr/procedures/definitions/win32_wldap32.py +1 -0
  901. angr/procedures/definitions/win32_wldp.py +1 -0
  902. angr/procedures/definitions/win32_wmvcore.py +1 -0
  903. angr/procedures/definitions/win32_wnvapi.py +1 -0
  904. angr/procedures/definitions/win32_wofutil.py +1 -0
  905. angr/procedures/definitions/win32_ws2_32.py +1 -0
  906. angr/procedures/definitions/win32_wscapi.py +1 -0
  907. angr/procedures/definitions/win32_wsclient.py +1 -0
  908. angr/procedures/definitions/win32_wsdapi.py +1 -0
  909. angr/procedures/definitions/win32_wsmsvc.py +1 -0
  910. angr/procedures/definitions/win32_wsnmp32.py +1 -0
  911. angr/procedures/definitions/win32_wtsapi32.py +1 -0
  912. angr/procedures/definitions/win32_xaudio2_8.py +1 -0
  913. angr/procedures/definitions/win32_xinput1_4.py +1 -0
  914. angr/procedures/definitions/win32_xinputuap.py +1 -0
  915. angr/procedures/definitions/win32_xmllite.py +1 -0
  916. angr/procedures/definitions/win32_xolehlp.py +1 -0
  917. angr/procedures/definitions/win32_xpsprint.py +1 -0
  918. angr/procedures/glibc/__ctype_b_loc.py +2 -3
  919. angr/procedures/glibc/__ctype_tolower_loc.py +2 -3
  920. angr/procedures/glibc/__ctype_toupper_loc.py +2 -3
  921. angr/procedures/glibc/__errno_location.py +1 -0
  922. angr/procedures/glibc/__libc_init.py +1 -0
  923. angr/procedures/glibc/__libc_start_main.py +7 -7
  924. angr/procedures/glibc/dynamic_loading.py +1 -0
  925. angr/procedures/glibc/scanf.py +1 -0
  926. angr/procedures/glibc/sscanf.py +1 -0
  927. angr/procedures/gnulib/xalloc_die.py +1 -0
  928. angr/procedures/gnulib/xstrtol_fatal.py +1 -0
  929. angr/procedures/java/__init__.py +1 -0
  930. angr/procedures/java/unconstrained.py +3 -2
  931. angr/procedures/java_io/read.py +1 -0
  932. angr/procedures/java_io/write.py +1 -0
  933. angr/procedures/java_jni/__init__.py +8 -9
  934. angr/procedures/java_jni/array_operations.py +4 -1
  935. angr/procedures/java_jni/class_and_interface_operations.py +3 -3
  936. angr/procedures/java_jni/field_access.py +3 -6
  937. angr/procedures/java_jni/global_and_local_refs.py +1 -0
  938. angr/procedures/java_jni/method_calls.py +3 -2
  939. angr/procedures/java_jni/not_implemented.py +2 -1
  940. angr/procedures/java_jni/object_operations.py +3 -4
  941. angr/procedures/java_jni/string_operations.py +1 -0
  942. angr/procedures/java_jni/version_information.py +1 -0
  943. angr/procedures/java_lang/character.py +2 -3
  944. angr/procedures/java_lang/double.py +2 -2
  945. angr/procedures/java_lang/exit.py +1 -0
  946. angr/procedures/java_lang/getsimplename.py +2 -2
  947. angr/procedures/java_lang/integer.py +1 -0
  948. angr/procedures/java_lang/load_library.py +1 -0
  949. angr/procedures/java_lang/math.py +1 -0
  950. angr/procedures/java_lang/string.py +3 -3
  951. angr/procedures/java_lang/stringbuilder.py +1 -0
  952. angr/procedures/java_lang/system.py +1 -0
  953. angr/procedures/java_util/collection.py +1 -0
  954. angr/procedures/java_util/iterator.py +1 -0
  955. angr/procedures/java_util/list.py +1 -0
  956. angr/procedures/java_util/map.py +3 -4
  957. angr/procedures/java_util/random.py +4 -1
  958. angr/procedures/java_util/scanner_nextline.py +1 -0
  959. angr/procedures/libc/abort.py +1 -0
  960. angr/procedures/libc/access.py +5 -2
  961. angr/procedures/libc/atoi.py +2 -2
  962. angr/procedures/libc/atol.py +1 -0
  963. angr/procedures/libc/calloc.py +1 -0
  964. angr/procedures/libc/closelog.py +1 -0
  965. angr/procedures/libc/err.py +1 -0
  966. angr/procedures/libc/error.py +2 -3
  967. angr/procedures/libc/exit.py +1 -0
  968. angr/procedures/libc/fclose.py +2 -3
  969. angr/procedures/libc/feof.py +5 -3
  970. angr/procedures/libc/fflush.py +1 -0
  971. angr/procedures/libc/fgetc.py +4 -1
  972. angr/procedures/libc/fgets.py +22 -22
  973. angr/procedures/libc/fopen.py +9 -10
  974. angr/procedures/libc/fprintf.py +1 -0
  975. angr/procedures/libc/fputc.py +1 -0
  976. angr/procedures/libc/fputs.py +1 -0
  977. angr/procedures/libc/fread.py +5 -3
  978. angr/procedures/libc/free.py +1 -0
  979. angr/procedures/libc/fscanf.py +2 -2
  980. angr/procedures/libc/fseek.py +7 -5
  981. angr/procedures/libc/ftell.py +1 -0
  982. angr/procedures/libc/fwrite.py +1 -0
  983. angr/procedures/libc/getchar.py +2 -2
  984. angr/procedures/libc/getdelim.py +30 -27
  985. angr/procedures/libc/getegid.py +1 -0
  986. angr/procedures/libc/geteuid.py +1 -0
  987. angr/procedures/libc/getgid.py +1 -0
  988. angr/procedures/libc/gets.py +20 -18
  989. angr/procedures/libc/getuid.py +1 -0
  990. angr/procedures/libc/malloc.py +1 -0
  991. angr/procedures/libc/memcmp.py +21 -21
  992. angr/procedures/libc/memcpy.py +1 -0
  993. angr/procedures/libc/memset.py +10 -7
  994. angr/procedures/libc/openlog.py +1 -0
  995. angr/procedures/libc/perror.py +1 -0
  996. angr/procedures/libc/printf.py +1 -0
  997. angr/procedures/libc/putchar.py +1 -0
  998. angr/procedures/libc/puts.py +4 -1
  999. angr/procedures/libc/rand.py +1 -0
  1000. angr/procedures/libc/realloc.py +1 -0
  1001. angr/procedures/libc/rewind.py +2 -1
  1002. angr/procedures/libc/scanf.py +2 -2
  1003. angr/procedures/libc/setbuf.py +1 -0
  1004. angr/procedures/libc/setvbuf.py +1 -0
  1005. angr/procedures/libc/snprintf.py +5 -2
  1006. angr/procedures/libc/sprintf.py +4 -1
  1007. angr/procedures/libc/srand.py +1 -0
  1008. angr/procedures/libc/sscanf.py +2 -2
  1009. angr/procedures/libc/stpcpy.py +2 -2
  1010. angr/procedures/libc/strcat.py +1 -0
  1011. angr/procedures/libc/strchr.py +7 -3
  1012. angr/procedures/libc/strcmp.py +6 -3
  1013. angr/procedures/libc/strcpy.py +2 -2
  1014. angr/procedures/libc/strlen.py +38 -34
  1015. angr/procedures/libc/strncat.py +1 -0
  1016. angr/procedures/libc/strncmp.py +34 -36
  1017. angr/procedures/libc/strncpy.py +6 -2
  1018. angr/procedures/libc/strnlen.py +2 -2
  1019. angr/procedures/libc/strstr.py +17 -10
  1020. angr/procedures/libc/strtol.py +39 -41
  1021. angr/procedures/libc/strtoul.py +2 -2
  1022. angr/procedures/libc/system.py +1 -0
  1023. angr/procedures/libc/time.py +2 -2
  1024. angr/procedures/libc/tmpnam.py +1 -0
  1025. angr/procedures/libc/tolower.py +4 -1
  1026. angr/procedures/libc/toupper.py +4 -1
  1027. angr/procedures/libc/ungetc.py +1 -0
  1028. angr/procedures/libc/vsnprintf.py +1 -0
  1029. angr/procedures/libc/wchar.py +1 -0
  1030. angr/procedures/libstdcpp/_unwind_resume.py +1 -0
  1031. angr/procedures/libstdcpp/std____throw_bad_alloc.py +1 -0
  1032. angr/procedures/libstdcpp/std____throw_bad_cast.py +1 -0
  1033. angr/procedures/libstdcpp/std____throw_length_error.py +1 -0
  1034. angr/procedures/libstdcpp/std____throw_logic_error.py +1 -0
  1035. angr/procedures/libstdcpp/std__terminate.py +1 -0
  1036. angr/procedures/linux_kernel/access.py +1 -0
  1037. angr/procedures/linux_kernel/arch_prctl.py +1 -0
  1038. angr/procedures/linux_kernel/arm_user_helpers.py +1 -0
  1039. angr/procedures/linux_kernel/brk.py +1 -0
  1040. angr/procedures/linux_kernel/cwd.py +1 -0
  1041. angr/procedures/linux_kernel/fstat.py +15 -14
  1042. angr/procedures/linux_kernel/fstat64.py +17 -16
  1043. angr/procedures/linux_kernel/futex.py +3 -3
  1044. angr/procedures/linux_kernel/getegid.py +1 -0
  1045. angr/procedures/linux_kernel/geteuid.py +1 -0
  1046. angr/procedures/linux_kernel/getgid.py +1 -0
  1047. angr/procedures/linux_kernel/getpid.py +1 -0
  1048. angr/procedures/linux_kernel/getrlimit.py +3 -3
  1049. angr/procedures/linux_kernel/gettid.py +1 -0
  1050. angr/procedures/linux_kernel/getuid.py +1 -0
  1051. angr/procedures/linux_kernel/iovec.py +1 -0
  1052. angr/procedures/linux_kernel/lseek.py +6 -3
  1053. angr/procedures/linux_kernel/mmap.py +1 -0
  1054. angr/procedures/linux_kernel/mprotect.py +7 -6
  1055. angr/procedures/linux_kernel/munmap.py +1 -0
  1056. angr/procedures/linux_kernel/openat.py +3 -5
  1057. angr/procedures/linux_kernel/set_tid_address.py +1 -0
  1058. angr/procedures/linux_kernel/sigaction.py +5 -2
  1059. angr/procedures/linux_kernel/sigprocmask.py +6 -3
  1060. angr/procedures/linux_kernel/stat.py +3 -2
  1061. angr/procedures/linux_kernel/sysinfo.py +1 -0
  1062. angr/procedures/linux_kernel/tgkill.py +4 -1
  1063. angr/procedures/linux_kernel/time.py +7 -3
  1064. angr/procedures/linux_kernel/uid.py +1 -0
  1065. angr/procedures/linux_kernel/uname.py +1 -0
  1066. angr/procedures/linux_kernel/unlink.py +2 -2
  1067. angr/procedures/linux_kernel/vsyscall.py +1 -0
  1068. angr/procedures/linux_loader/_dl_initial_error_catch_tsd.py +1 -0
  1069. angr/procedures/linux_loader/_dl_rtld_lock.py +1 -0
  1070. angr/procedures/linux_loader/sim_loader.py +1 -0
  1071. angr/procedures/linux_loader/tls.py +2 -2
  1072. angr/procedures/msvcr/__getmainargs.py +1 -0
  1073. angr/procedures/msvcr/_initterm.py +1 -0
  1074. angr/procedures/msvcr/fmode.py +4 -1
  1075. angr/procedures/ntdll/exceptions.py +7 -4
  1076. angr/procedures/posix/accept.py +2 -2
  1077. angr/procedures/posix/bind.py +1 -0
  1078. angr/procedures/posix/bzero.py +4 -1
  1079. angr/procedures/posix/chroot.py +1 -0
  1080. angr/procedures/posix/close.py +2 -2
  1081. angr/procedures/posix/closedir.py +1 -0
  1082. angr/procedures/posix/dup.py +4 -3
  1083. angr/procedures/posix/fcntl.py +1 -0
  1084. angr/procedures/posix/fdopen.py +19 -20
  1085. angr/procedures/posix/fileno.py +1 -0
  1086. angr/procedures/posix/fork.py +7 -4
  1087. angr/procedures/posix/getenv.py +1 -0
  1088. angr/procedures/posix/gethostbyname.py +1 -0
  1089. angr/procedures/posix/getpass.py +1 -0
  1090. angr/procedures/posix/getsockopt.py +1 -0
  1091. angr/procedures/posix/htonl.py +2 -2
  1092. angr/procedures/posix/htons.py +2 -2
  1093. angr/procedures/posix/inet_ntoa.py +3 -5
  1094. angr/procedures/posix/listen.py +1 -0
  1095. angr/procedures/posix/mmap.py +8 -4
  1096. angr/procedures/posix/open.py +1 -0
  1097. angr/procedures/posix/opendir.py +1 -0
  1098. angr/procedures/posix/poll.py +8 -7
  1099. angr/procedures/posix/pread64.py +1 -0
  1100. angr/procedures/posix/pthread.py +3 -3
  1101. angr/procedures/posix/pwrite64.py +1 -0
  1102. angr/procedures/posix/read.py +1 -0
  1103. angr/procedures/posix/readdir.py +11 -8
  1104. angr/procedures/posix/recv.py +1 -0
  1105. angr/procedures/posix/recvfrom.py +1 -0
  1106. angr/procedures/posix/select.py +10 -8
  1107. angr/procedures/posix/send.py +6 -5
  1108. angr/procedures/posix/setsockopt.py +1 -0
  1109. angr/procedures/posix/sigaction.py +5 -2
  1110. angr/procedures/posix/sim_time.py +4 -1
  1111. angr/procedures/posix/sleep.py +1 -0
  1112. angr/procedures/posix/socket.py +2 -2
  1113. angr/procedures/posix/strcasecmp.py +4 -1
  1114. angr/procedures/posix/strdup.py +1 -0
  1115. angr/procedures/posix/strtok_r.py +38 -39
  1116. angr/procedures/posix/syslog.py +1 -0
  1117. angr/procedures/posix/tz.py +1 -0
  1118. angr/procedures/posix/unlink.py +1 -0
  1119. angr/procedures/posix/usleep.py +1 -0
  1120. angr/procedures/posix/write.py +1 -0
  1121. angr/procedures/procedure_dict.py +1 -0
  1122. angr/procedures/stubs/CallReturn.py +1 -0
  1123. angr/procedures/stubs/NoReturnUnconstrained.py +1 -0
  1124. angr/procedures/stubs/Nop.py +1 -0
  1125. angr/procedures/stubs/PathTerminator.py +1 -0
  1126. angr/procedures/stubs/Redirect.py +5 -2
  1127. angr/procedures/stubs/ReturnChar.py +4 -3
  1128. angr/procedures/stubs/ReturnUnconstrained.py +2 -1
  1129. angr/procedures/stubs/UnresolvableCallTarget.py +1 -0
  1130. angr/procedures/stubs/UnresolvableJumpTarget.py +1 -0
  1131. angr/procedures/stubs/UserHook.py +4 -1
  1132. angr/procedures/stubs/b64_decode.py +4 -1
  1133. angr/procedures/stubs/caller.py +1 -0
  1134. angr/procedures/stubs/crazy_scanf.py +7 -4
  1135. angr/procedures/stubs/format_parser.py +24 -30
  1136. angr/procedures/stubs/syscall_stub.py +6 -7
  1137. angr/procedures/testing/manyargs.py +1 -0
  1138. angr/procedures/testing/retreg.py +2 -2
  1139. angr/procedures/tracer/random.py +1 -0
  1140. angr/procedures/tracer/receive.py +6 -4
  1141. angr/procedures/tracer/transmit.py +6 -4
  1142. angr/procedures/uclibc/__uClibc_main.py +1 -0
  1143. angr/procedures/win32/EncodePointer.py +1 -0
  1144. angr/procedures/win32/ExitProcess.py +1 -0
  1145. angr/procedures/win32/GetCommandLine.py +1 -0
  1146. angr/procedures/win32/GetCurrentProcessId.py +1 -0
  1147. angr/procedures/win32/GetCurrentThreadId.py +1 -0
  1148. angr/procedures/win32/GetLastInputInfo.py +5 -2
  1149. angr/procedures/win32/GetModuleHandle.py +3 -4
  1150. angr/procedures/win32/GetProcessAffinityMask.py +5 -2
  1151. angr/procedures/win32/InterlockedExchange.py +2 -1
  1152. angr/procedures/win32/IsProcessorFeaturePresent.py +1 -0
  1153. angr/procedures/win32/VirtualAlloc.py +2 -1
  1154. angr/procedures/win32/VirtualProtect.py +1 -0
  1155. angr/procedures/win32/critical_section.py +1 -0
  1156. angr/procedures/win32/dynamic_loading.py +2 -1
  1157. angr/procedures/win32/file_handles.py +4 -4
  1158. angr/procedures/win32/gethostbyname.py +5 -3
  1159. angr/procedures/win32/heap.py +4 -1
  1160. angr/procedures/win32/is_bad_ptr.py +1 -0
  1161. angr/procedures/win32/local_storage.py +11 -8
  1162. angr/procedures/win32/mutex.py +1 -0
  1163. angr/procedures/win32/sim_time.py +9 -9
  1164. angr/procedures/win32/system_paths.py +5 -4
  1165. angr/procedures/win32_kernel/ExAllocatePool.py +1 -0
  1166. angr/procedures/win32_kernel/ExFreePoolWithTag.py +1 -0
  1167. angr/procedures/win_user32/chars.py +5 -2
  1168. angr/procedures/win_user32/keyboard.py +1 -0
  1169. angr/procedures/win_user32/messagebox.py +5 -5
  1170. angr/project.py +15 -22
  1171. angr/protos/__init__.py +1 -0
  1172. angr/serializable.py +6 -3
  1173. angr/sim_manager.py +18 -18
  1174. angr/sim_options.py +5 -7
  1175. angr/sim_procedure.py +18 -17
  1176. angr/sim_state.py +48 -59
  1177. angr/sim_state_options.py +9 -15
  1178. angr/sim_type.py +96 -126
  1179. angr/sim_variable.py +23 -38
  1180. angr/simos/__init__.py +3 -1
  1181. angr/simos/cgc.py +4 -3
  1182. angr/simos/javavm.py +77 -83
  1183. angr/simos/linux.py +53 -63
  1184. angr/simos/simos.py +16 -24
  1185. angr/simos/snimmuc_nxp.py +3 -6
  1186. angr/simos/userland.py +6 -6
  1187. angr/simos/windows.py +18 -15
  1188. angr/slicer.py +13 -11
  1189. angr/state_hierarchy.py +3 -3
  1190. angr/state_plugins/__init__.py +1 -0
  1191. angr/state_plugins/callstack.py +19 -18
  1192. angr/state_plugins/cgc.py +5 -4
  1193. angr/state_plugins/concrete.py +7 -8
  1194. angr/state_plugins/debug_variables.py +15 -17
  1195. angr/state_plugins/filesystem.py +13 -19
  1196. angr/state_plugins/gdb.py +3 -2
  1197. angr/state_plugins/globals.py +5 -1
  1198. angr/state_plugins/heap/__init__.py +1 -0
  1199. angr/state_plugins/heap/heap_base.py +1 -0
  1200. angr/state_plugins/heap/heap_brk.py +14 -9
  1201. angr/state_plugins/heap/heap_freelist.py +12 -9
  1202. angr/state_plugins/heap/heap_libc.py +1 -0
  1203. angr/state_plugins/heap/heap_ptmalloc.py +32 -40
  1204. angr/state_plugins/heap/utils.py +1 -0
  1205. angr/state_plugins/history.py +14 -15
  1206. angr/state_plugins/inspect.py +1 -0
  1207. angr/state_plugins/javavm_classloader.py +3 -2
  1208. angr/state_plugins/jni_references.py +2 -1
  1209. angr/state_plugins/libc.py +4 -4
  1210. angr/state_plugins/light_registers.py +8 -10
  1211. angr/state_plugins/log.py +1 -0
  1212. angr/state_plugins/loop_data.py +1 -0
  1213. angr/state_plugins/plugin.py +9 -10
  1214. angr/state_plugins/posix.py +39 -45
  1215. angr/state_plugins/preconstrainer.py +4 -2
  1216. angr/state_plugins/scratch.py +5 -4
  1217. angr/state_plugins/sim_action.py +15 -20
  1218. angr/state_plugins/sim_action_object.py +205 -82
  1219. angr/state_plugins/sim_event.py +1 -0
  1220. angr/state_plugins/solver.py +73 -117
  1221. angr/state_plugins/symbolizer.py +5 -6
  1222. angr/state_plugins/trace_additions.py +33 -47
  1223. angr/state_plugins/uc_manager.py +20 -11
  1224. angr/state_plugins/unicorn_engine.py +22 -38
  1225. angr/state_plugins/view.py +21 -20
  1226. angr/storage/__init__.py +1 -0
  1227. angr/storage/file.py +40 -47
  1228. angr/storage/memory_mixins/__init__.py +12 -15
  1229. angr/storage/memory_mixins/__init__.pyi +13 -14
  1230. angr/storage/memory_mixins/actions_mixin.py +5 -2
  1231. angr/storage/memory_mixins/address_concretization_mixin.py +13 -17
  1232. angr/storage/memory_mixins/bvv_conversion_mixin.py +10 -11
  1233. angr/storage/memory_mixins/clouseau_mixin.py +1 -0
  1234. angr/storage/memory_mixins/conditional_store_mixin.py +1 -0
  1235. angr/storage/memory_mixins/convenient_mappings_mixin.py +1 -0
  1236. angr/storage/memory_mixins/default_filler_mixin.py +16 -16
  1237. angr/storage/memory_mixins/dirty_addrs_mixin.py +1 -0
  1238. angr/storage/memory_mixins/hex_dumper_mixin.py +6 -9
  1239. angr/storage/memory_mixins/javavm_memory/__init__.py +1 -0
  1240. angr/storage/memory_mixins/javavm_memory/javavm_memory_mixin.py +23 -28
  1241. angr/storage/memory_mixins/keyvalue_memory/__init__.py +1 -0
  1242. angr/storage/memory_mixins/keyvalue_memory/keyvalue_memory_mixin.py +2 -1
  1243. angr/storage/memory_mixins/label_merger_mixin.py +2 -2
  1244. angr/storage/memory_mixins/multi_value_merger_mixin.py +1 -0
  1245. angr/storage/memory_mixins/name_resolution_mixin.py +12 -15
  1246. angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +6 -6
  1247. angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +23 -37
  1248. angr/storage/memory_mixins/paged_memory/paged_memory_multivalue_mixin.py +1 -0
  1249. angr/storage/memory_mixins/paged_memory/pages/__init__.py +1 -2
  1250. angr/storage/memory_mixins/paged_memory/pages/cooperation.py +4 -3
  1251. angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +4 -4
  1252. angr/storage/memory_mixins/paged_memory/pages/ispo_mixin.py +1 -0
  1253. angr/storage/memory_mixins/paged_memory/pages/list_page.py +12 -20
  1254. angr/storage/memory_mixins/paged_memory/pages/multi_values.py +14 -19
  1255. angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +26 -32
  1256. angr/storage/memory_mixins/paged_memory/pages/permissions_mixin.py +1 -0
  1257. angr/storage/memory_mixins/paged_memory/pages/refcount_mixin.py +2 -2
  1258. angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +37 -41
  1259. angr/storage/memory_mixins/paged_memory/privileged_mixin.py +1 -0
  1260. angr/storage/memory_mixins/paged_memory/stack_allocation_mixin.py +1 -0
  1261. angr/storage/memory_mixins/regioned_memory/__init__.py +1 -0
  1262. angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +5 -4
  1263. angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +6 -21
  1264. angr/storage/memory_mixins/regioned_memory/region_category_mixin.py +1 -0
  1265. angr/storage/memory_mixins/regioned_memory/region_data.py +7 -6
  1266. angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +130 -14
  1267. angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +2 -1
  1268. angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +38 -47
  1269. angr/storage/memory_mixins/regioned_memory/static_find_mixin.py +7 -9
  1270. angr/storage/memory_mixins/simple_interface_mixin.py +10 -13
  1271. angr/storage/memory_mixins/simplification_mixin.py +1 -0
  1272. angr/storage/memory_mixins/size_resolution_mixin.py +7 -4
  1273. angr/storage/memory_mixins/slotted_memory.py +4 -4
  1274. angr/storage/memory_mixins/smart_find_mixin.py +3 -2
  1275. angr/storage/memory_mixins/symbolic_merger_mixin.py +6 -3
  1276. angr/storage/memory_mixins/top_merger_mixin.py +2 -2
  1277. angr/storage/memory_mixins/underconstrained_mixin.py +12 -14
  1278. angr/storage/memory_mixins/unwrapper_mixin.py +1 -0
  1279. angr/storage/memory_object.py +30 -28
  1280. angr/storage/pcap.py +3 -3
  1281. angr/tablespecs.py +4 -3
  1282. angr/utils/__init__.py +1 -0
  1283. angr/utils/ail.py +30 -0
  1284. angr/utils/algo.py +1 -0
  1285. angr/utils/bits.py +12 -0
  1286. angr/utils/constants.py +2 -0
  1287. angr/utils/cowdict.py +3 -4
  1288. angr/utils/dynamic_dictlist.py +4 -7
  1289. angr/utils/endness.py +1 -0
  1290. angr/utils/enums_conv.py +1 -0
  1291. angr/utils/env.py +1 -0
  1292. angr/utils/formatting.py +1 -0
  1293. angr/utils/funcid.py +15 -14
  1294. angr/utils/graph.py +52 -19
  1295. angr/utils/lazy_import.py +1 -0
  1296. angr/utils/library.py +10 -13
  1297. angr/utils/loader.py +6 -6
  1298. angr/utils/mp.py +4 -3
  1299. angr/utils/orderedset.py +1 -0
  1300. angr/utils/segment_list.py +7 -9
  1301. angr/utils/ssa/__init__.py +198 -0
  1302. angr/utils/ssa/tmp_uses_collector.py +23 -0
  1303. angr/utils/ssa/vvar_uses_collector.py +37 -0
  1304. angr/utils/timing.py +2 -2
  1305. angr/utils/typing.py +1 -0
  1306. angr/vaults.py +7 -8
  1307. {angr-9.2.116.dist-info → angr-9.2.118.dist-info}/METADATA +7 -8
  1308. angr-9.2.118.dist-info/RECORD +1344 -0
  1309. {angr-9.2.116.dist-info → angr-9.2.118.dist-info}/WHEEL +1 -1
  1310. angr/analyses/decompiler/optimization_passes/spilled_register_finder.py +0 -18
  1311. angr/analyses/decompiler/seq_cf_structure_counter.py +0 -37
  1312. angr/service.py +0 -35
  1313. angr-9.2.116.dist-info/RECORD +0 -1310
  1314. {angr-9.2.116.dist-info → angr-9.2.118.dist-info}/LICENSE +0 -0
  1315. {angr-9.2.116.dist-info → angr-9.2.118.dist-info}/entry_points.txt +0 -0
  1316. {angr-9.2.116.dist-info → angr-9.2.118.dist-info}/top_level.txt +0 -0
angr/analyses/cfg/indirect_jump_resolvers/jumptable.py CHANGED
@@ -1,4 +1,5 @@
1
1
  # pylint:disable=wrong-import-position,wrong-import-order
2
+ from __future__ import annotations
2
3
  import enum
3
4
  from typing import TYPE_CHECKING
4
5
  from collections.abc import Sequence
@@ -143,14 +144,14 @@ class ConstantValueManager:
143
144
  "mapping",
144
145
  )
145
146
 
146
- def __init__(self, project, kb, func: "Function"):
147
+ def __init__(self, project, kb, func: Function):
147
148
  self.project = project
148
149
  self.kb = kb
149
150
  self.func = func
150
151
 
151
152
  self.mapping = None
152
153
 
153
- def reg_read_callback(self, state: "SimState"):
154
+ def reg_read_callback(self, state: SimState):
154
155
  if not self.mapping:
155
156
  self._build_mapping()
156
157
 
@@ -317,8 +318,7 @@ class JumpTableProcessor(
317
318
  return "SpOffset" in expr.variables
318
319
 
319
320
  def _get_spoffset_expr(self, sp_offset: SpOffset) -> claripy.ast.BV:
320
- v = self._SPOFFSET_BASE.annotate(RegOffsetAnnotation(sp_offset))
321
- return v
321
+ return self._SPOFFSET_BASE.annotate(RegOffsetAnnotation(sp_offset))
322
322
 
323
323
  @staticmethod
324
324
  def _extract_spoffset_from_expr(expr: claripy.ast.Base) -> SpOffset | None:
@@ -329,16 +329,15 @@ class JumpTableProcessor(
329
329
  elif expr.op == "__add__":
330
330
  if len(expr.args) == 1:
331
331
  return JumpTableProcessor._extract_spoffset_from_expr(expr.args[0])
332
- elif len(expr.args) == 2 and expr.args[1].op == "BVV":
332
+ if len(expr.args) == 2 and expr.args[1].op == "BVV":
333
333
  sp_offset = JumpTableProcessor._extract_spoffset_from_expr(expr.args[0])
334
334
  if sp_offset is not None:
335
335
  delta = expr.args[1].concrete_value
336
336
  sp_offset += delta
337
337
  return sp_offset
338
- elif expr.op == "__and__":
339
- if len(expr.args) == 2 and expr.args[1].op == "BVV":
340
- # ignore all masking on SpOffsets
341
- return JumpTableProcessor._extract_spoffset_from_expr(expr.args[0])
338
+ elif expr.op == "__and__" and len(expr.args) == 2 and expr.args[1].op == "BVV":
339
+ # ignore all masking on SpOffsets
340
+ return JumpTableProcessor._extract_spoffset_from_expr(expr.args[0])
342
341
  return None
343
342
 
344
343
  @staticmethod
@@ -348,8 +347,7 @@ class JumpTableProcessor(
348
347
  def _get_regoffset_expr(self, reg_offset: RegisterOffset, bits: int) -> claripy.ast.BV:
349
348
  if bits not in self._REGOFFSET_BASE:
350
349
  self._REGOFFSET_BASE[bits] = claripy.BVS("RegisterOffset", bits, explicit_name=True)
351
- v = self._REGOFFSET_BASE[bits].annotate(RegOffsetAnnotation(reg_offset))
352
- return v
350
+ return self._REGOFFSET_BASE[bits].annotate(RegOffsetAnnotation(reg_offset))
353
351
 
354
352
  @staticmethod
355
353
  def _extract_regoffset_from_expr(expr: claripy.ast.Base) -> RegisterOffset | None:
@@ -360,16 +358,15 @@ class JumpTableProcessor(
360
358
  elif expr.op == "__add__":
361
359
  if len(expr.args) == 1:
362
360
  return JumpTableProcessor._extract_regoffset_from_expr(expr.args[0])
363
- elif len(expr.args) == 2 and expr.args[1].op == "BVV":
361
+ if len(expr.args) == 2 and expr.args[1].op == "BVV":
364
362
  reg_offset = JumpTableProcessor._extract_regoffset_from_expr(expr.args[0])
365
363
  if reg_offset is not None:
366
364
  delta = expr.args[1].concrete_value
367
365
  reg_offset += delta
368
366
  return reg_offset
369
- elif expr.op == "__and__":
370
- if len(expr.args) == 2 and expr.args[1].op == "BVV":
371
- # ignore all masking on SpOffsets
372
- return JumpTableProcessor._extract_spoffset_from_expr(expr.args[0])
367
+ elif expr.op == "__and__" and len(expr.args) == 2 and expr.args[1].op == "BVV":
368
+ # ignore all masking on SpOffsets
369
+ return JumpTableProcessor._extract_spoffset_from_expr(expr.args[0])
373
370
  return None
374
371
 
375
372
  def _handle_WrTmp(self, stmt):
@@ -383,10 +380,7 @@ class JumpTableProcessor(
383
380
  self._tsrc = set()
384
381
  offset = stmt.offset
385
382
  data = self._expr(stmt.data)
386
- if self._tsrc is not None:
387
- r = (self._tsrc, data)
388
- else:
389
- r = ((self.block.addr, self.stmt_idx), data)
383
+ r = (self._tsrc, data) if self._tsrc is not None else ((self.block.addr, self.stmt_idx), data)
390
384
  self.state._registers[offset] = r
391
385
 
392
386
  def _handle_Store(self, stmt):
@@ -448,10 +442,9 @@ class JumpTableProcessor(
448
442
  guard = self._expr(stmt.guard)
449
443
  if guard is True:
450
444
  return self._do_load(stmt.addr, stmt.addr.result_size(self.tyenv) // 8)
451
- elif guard is False:
445
+ if guard is False:
452
446
  return self._do_load(stmt.alt, stmt.alt.result_size(self.tyenv) // 8)
453
- else:
454
- return None
447
+ return None
455
448
 
456
449
  def _handle_Const(self, expr):
457
450
  v = super()._handle_Const(expr)
@@ -496,19 +489,13 @@ class JumpTableProcessor(
496
489
  if isinstance(arg0, pyvex.IRExpr.RdTmp):
497
490
  if arg0.tmp in self.state._tmpvar_source:
498
491
  arg0_src = self.state._tmpvar_source[arg0.tmp]
499
- if not arg0_src or len(arg0_src) > 1:
500
- arg0_src = None
501
- else:
502
- arg0_src = next(iter(arg0_src))
492
+ arg0_src = None if not arg0_src or len(arg0_src) > 1 else next(iter(arg0_src))
503
493
  elif isinstance(arg0, pyvex.IRExpr.Const):
504
494
  arg0_src = "const"
505
495
  if isinstance(arg1, pyvex.IRExpr.RdTmp):
506
496
  if arg1.tmp in self.state._tmpvar_source:
507
497
  arg1_src = self.state._tmpvar_source[arg1.tmp]
508
- if not arg1_src or len(arg1_src) > 1:
509
- arg1_src = None
510
- else:
511
- arg1_src = next(iter(arg1_src))
498
+ arg1_src = None if not arg1_src or len(arg1_src) > 1 else next(iter(arg1_src))
512
499
  elif isinstance(arg1, pyvex.IRExpr.Const):
513
500
  arg1_src = "const"
514
501
 
@@ -545,7 +532,7 @@ class JumpTableProcessor(
545
532
  #
546
533
  # Instead of writing 1 to [rbp+var_54], we want to write a symbolic variable there instead. Otherwise
547
534
  # we will only recover the second jump target instead of all 7 targets.
548
- self.state.stmts_to_instrument.append(("mem_write",) + arg1_src)
535
+ self.state.stmts_to_instrument.append(("mem_write", *arg1_src))
549
536
  elif isinstance(arg1_src_stmt, pyvex.IRStmt.WrTmp) and isinstance(arg1_src_stmt.data, pyvex.IRExpr.Load):
550
537
  # Loading a constant/variable from memory (and later the value is stored in a register)
551
538
  # Same as above, we will need to overwrite it when executing the slice to guarantee the full recovery
@@ -560,7 +547,7 @@ class JumpTableProcessor(
560
547
  # mov rax, qword [rax*8+0x220741]
561
548
  # jmp rax
562
549
  #
563
- self.state.stmts_to_instrument.append(("mem_read",) + arg1_src)
550
+ self.state.stmts_to_instrument.append(("mem_read", *arg1_src))
564
551
  elif isinstance(arg1_src_stmt, pyvex.IRStmt.Put):
565
552
  # Storing a constant/variable in register
566
553
  # Same as above...
@@ -574,7 +561,7 @@ class JumpTableProcessor(
574
561
  # mov eax, eax
575
562
  # mov rax, qword [rax*8+0x2231ae]
576
563
  #
577
- self.state.stmts_to_instrument.append(("reg_write",) + arg1_src)
564
+ self.state.stmts_to_instrument.append(("reg_write", *arg1_src))
578
565
 
579
566
  def _do_load(self, addr, size):
580
567
  src = (self.block.addr, self.stmt_idx)
@@ -590,8 +577,7 @@ class JumpTableProcessor(
590
577
  elif isinstance(addr, int):
591
578
  # Load data from memory if it is mapped
592
579
  try:
593
- v = self.project.loader.memory.unpack_word(addr, size=size)
594
- return v
580
+ return self.project.loader.memory.unpack_word(addr, size=size)
595
581
  except KeyError:
596
582
  return None
597
583
  elif self._is_registeroffset(addr):
@@ -604,7 +590,7 @@ class JumpTableProcessor(
604
590
  try:
605
591
  source = next(iter(src for src in self.state._registers[reg_offset.reg][0] if src != "const"))
606
592
  assert isinstance(source, tuple)
607
- self.state.regs_to_initialize.append(source + (reg_offset.reg, reg_offset.bits))
593
+ self.state.regs_to_initialize.append((*source, reg_offset.reg, reg_offset.bits))
608
594
  except StopIteration:
609
595
  # we don't need to initialize this register
610
596
  # it might be caused by an incorrect analysis result
@@ -634,7 +620,7 @@ class StoreHook:
634
620
  write_length = len(state.inspect.mem_write_expr)
635
621
  else:
636
622
  write_length = write_length * state.arch.byte_width
637
- state.inspect.mem_write_expr = state.solver.BVS("instrumented_store", write_length)
623
+ state.inspect.mem_write_expr = claripy.BVS("instrumented_store", write_length)
638
624
 
639
625
 
640
626
  class LoadHook:
@@ -648,7 +634,7 @@ class LoadHook:
648
634
  def hook_before(self, state):
649
635
  addr = state.inspect.mem_read_address
650
636
  size = state.solver.eval(state.inspect.mem_read_length)
651
- self._var = state.solver.BVS("instrumented_load", size * 8)
637
+ self._var = claripy.BVS("instrumented_load", size * 8)
652
638
  state.memory.store(addr, self._var, endness=state.arch.memory_endness)
653
639
 
654
640
  def hook_after(self, state):
@@ -662,7 +648,7 @@ class PutHook:
662
648
 
663
649
  @staticmethod
664
650
  def hook(state):
665
- state.inspect.reg_write_expr = state.solver.BVS(
651
+ state.inspect.reg_write_expr = claripy.BVS(
666
652
  "instrumented_put", state.solver.eval(state.inspect.reg_write_length) * 8
667
653
  )
668
654
 
@@ -678,7 +664,7 @@ class RegisterInitializerHook:
678
664
  self.value = value
679
665
 
680
666
  def hook(self, state):
681
- state.registers.store(self.reg_offset, state.solver.BVV(self.value, self.reg_bits))
667
+ state.registers.store(self.reg_offset, claripy.BVV(self.value, self.reg_bits))
682
668
 
683
669
 
684
670
  class BSSHook:
@@ -816,9 +802,7 @@ class JumpTableResolver(IndirectJumpResolver):
816
802
 
817
803
  if jumpkind == "Ijk_Boring":
818
804
  return True
819
- if self.resolve_calls and jumpkind == "Ijk_Call":
820
- return True
821
- return False
805
+ return bool(self.resolve_calls and jumpkind == "Ijk_Call")
822
806
 
823
807
  def resolve(self, cfg, addr, func_addr, block, jumpkind, func_graph_complete: bool = True, **kwargs):
824
808
  """
@@ -837,7 +821,7 @@ class JumpTableResolver(IndirectJumpResolver):
837
821
  # the function must exist in the KB
838
822
  return False, None
839
823
 
840
- func: "Function" = cfg.kb.functions[func_addr]
824
+ func: Function = cfg.kb.functions[func_addr]
841
825
  self._max_targets = cfg._indirect_jump_target_limit
842
826
 
843
827
  # this is an indirect call if (1) the instruction is a call, or (2) the instruction is a tail jump (we detect
@@ -901,7 +885,7 @@ class JumpTableResolver(IndirectJumpResolver):
901
885
  self,
902
886
  cfg,
903
887
  addr: int,
904
- func: "Function",
888
+ func: Function,
905
889
  b: Blade,
906
890
  cv_manager: ConstantValueManager | None,
907
891
  potential_call_table: bool = False,
@@ -976,7 +960,7 @@ class JumpTableResolver(IndirectJumpResolver):
976
960
  if len(pred_succs) == 2:
977
961
  non_node_succ = next(iter(pred_succ for pred_succ in pred_succs if pred_succ is not curr_node))
978
962
  while func.graph.out_degree[non_node_succ] == 1:
979
- non_node_succ = list(func.graph.successors(non_node_succ))[0]
963
+ non_node_succ = next(iter(func.graph.successors(non_node_succ)))
980
964
  if non_node_succ == curr_node:
981
965
  is_diamond = True
982
966
  break
@@ -998,9 +982,8 @@ class JumpTableResolver(IndirectJumpResolver):
998
982
  ij.jumptable = False
999
983
  ij.resolved_targets = {jump_target}
1000
984
  return True, [jump_target]
1001
- else:
1002
- l.debug("Found single constant load, but it does not appear to be a valid target")
1003
- return False, None
985
+ l.debug("Found single constant load, but it does not appear to be a valid target")
986
+ return False, None
1004
987
 
1005
988
  # Well, we have a real jump table to resolve!
1006
989
 
@@ -1214,7 +1197,7 @@ class JumpTableResolver(IndirectJumpResolver):
1214
1197
  AddressTransformationTypes.Assignment, [stmt.tmp, AddressSingleton]
1215
1198
  )
1216
1199
  continue
1217
- elif isinstance(stmt.data, pyvex.IRExpr.ITE):
1200
+ if isinstance(stmt.data, pyvex.IRExpr.ITE):
1218
1201
  # data transferring
1219
1202
  # t16 = if (t43) ILGop_Ident32(LDle(t29)) else 0x0000c844
1220
1203
  # > t44 = ITE(t43,t16,0x0000c844)
@@ -1224,7 +1207,7 @@ class JumpTableResolver(IndirectJumpResolver):
1224
1207
  AddressTransformationTypes.Assignment, [stmt.tmp, AddressSingleton]
1225
1208
  )
1226
1209
  continue
1227
- elif isinstance(stmt.data, pyvex.IRExpr.Unop):
1210
+ if isinstance(stmt.data, pyvex.IRExpr.Unop):
1228
1211
  if stmt.data.op == "Iop_32Sto64":
1229
1212
  # data transferring with conversion
1230
1213
  # t11 = 32Sto64(t12)
@@ -1234,7 +1217,7 @@ class JumpTableResolver(IndirectJumpResolver):
1234
1217
  AddressTransformationTypes.SignedExtension, [32, 64, AddressSingleton]
1235
1218
  )
1236
1219
  continue
1237
- elif stmt.data.op == "Iop_64to32":
1220
+ if stmt.data.op == "Iop_64to32":
1238
1221
  # data transferring with conversion
1239
1222
  # t24 = 64to32(t21)
1240
1223
  stmts_to_remove.append(stmt_loc)
@@ -1243,7 +1226,7 @@ class JumpTableResolver(IndirectJumpResolver):
1243
1226
  AddressTransformationTypes.Truncation, [64, 32, AddressSingleton]
1244
1227
  )
1245
1228
  continue
1246
- elif stmt.data.op == "Iop_32Uto64":
1229
+ if stmt.data.op == "Iop_32Uto64":
1247
1230
  # data transferring with conversion
1248
1231
  # t21 = 32Uto64(t22)
1249
1232
  stmts_to_remove.append(stmt_loc)
@@ -1252,7 +1235,7 @@ class JumpTableResolver(IndirectJumpResolver):
1252
1235
  AddressTransformationTypes.UnsignedExtension, [32, 64, AddressSingleton]
1253
1236
  )
1254
1237
  continue
1255
- elif stmt.data.op == "Iop_16Uto32":
1238
+ if stmt.data.op == "Iop_16Uto32":
1256
1239
  # data transferring with conversion
1257
1240
  stmts_to_remove.append(stmt_loc)
1258
1241
  if isinstance(stmt, pyvex.IRStmt.WrTmp):
@@ -1260,7 +1243,7 @@ class JumpTableResolver(IndirectJumpResolver):
1260
1243
  AddressTransformationTypes.UnsignedExtension, [16, 32, AddressSingleton]
1261
1244
  )
1262
1245
  continue
1263
- elif stmt.data.op == "Iop_8Uto32":
1246
+ if stmt.data.op == "Iop_8Uto32":
1264
1247
  # data transferring with conversion
1265
1248
  stmts_to_remove.append(stmt_loc)
1266
1249
  if isinstance(stmt, pyvex.IRStmt.WrTmp):
@@ -1268,7 +1251,7 @@ class JumpTableResolver(IndirectJumpResolver):
1268
1251
  AddressTransformationTypes.UnsignedExtension, [8, 32, AddressSingleton]
1269
1252
  )
1270
1253
  continue
1271
- elif stmt.data.op == "Iop_8Uto64":
1254
+ if stmt.data.op == "Iop_8Uto64":
1272
1255
  stmts_to_remove.append(stmt_loc)
1273
1256
  if isinstance(stmt, pyvex.IRStmt.WrTmp):
1274
1257
  transformations[(stmt_loc[0], stmt.tmp)] = AddressTransformation(
@@ -1359,7 +1342,7 @@ class JumpTableResolver(IndirectJumpResolver):
1359
1342
  # not supported
1360
1343
  pass
1361
1344
  continue
1362
- elif stmt.data.op.startswith("Iop_Or"):
1345
+ if stmt.data.op.startswith("Iop_Or"):
1363
1346
  # this is sometimes used in VEX statements in THUMB mode code to adjust the address to an odd
1364
1347
  # number
1365
1348
  # e.g.
@@ -1410,7 +1393,6 @@ class JumpTableResolver(IndirectJumpResolver):
1410
1393
  AddressTransformationTypes.ShiftLeft, [AddressSingleton, stmt.data.args[1].con.value]
1411
1394
  )
1412
1395
  continue
1413
- elif stmt.data.op.startswith("Iop_Sar"):
1414
1396
  # AArch64
1415
1397
  #
1416
1398
  # LDRB W0, [X20,W26,UXTW]
@@ -1437,15 +1419,17 @@ class JumpTableResolver(IndirectJumpResolver):
1437
1419
  # 15 | PUT(x0) = t4
1438
1420
  # + 16 | ------ IMark(0x51f858, 4, 0) ------
1439
1421
  # + Next: t4
1440
- if isinstance(stmt.data.args[0], pyvex.IRExpr.RdTmp) and isinstance(
1441
- stmt.data.args[1], pyvex.IRExpr.Const
1442
- ):
1443
- # found it
1444
- stmts_to_remove.append(stmt_loc)
1445
- transformations[(stmt_loc[0], stmt.tmp)] = AddressTransformation(
1446
- AddressTransformationTypes.ShiftRight, [AddressSingleton, stmt.data.args[1].con.value]
1447
- )
1448
- continue
1422
+ elif (
1423
+ stmt.data.op.startswith("Iop_Sar")
1424
+ and isinstance(stmt.data.args[0], pyvex.IRExpr.RdTmp)
1425
+ and isinstance(stmt.data.args[1], pyvex.IRExpr.Const)
1426
+ ):
1427
+ # found it
1428
+ stmts_to_remove.append(stmt_loc)
1429
+ transformations[(stmt_loc[0], stmt.tmp)] = AddressTransformation(
1430
+ AddressTransformationTypes.ShiftRight, [AddressSingleton, stmt.data.args[1].con.value]
1431
+ )
1432
+ continue
1449
1433
  elif isinstance(stmt.data, pyvex.IRExpr.Load):
1450
1434
  # Got it!
1451
1435
  load_stmt, load_stmt_loc, load_size = (
@@ -1583,7 +1567,7 @@ class JumpTableResolver(IndirectJumpResolver):
1583
1567
  if state.is_jumptable:
1584
1568
  return state.stmts_to_instrument, state.regs_to_initialize
1585
1569
  if state.is_jumptable is False:
1586
- raise NotAJumpTableNotification()
1570
+ raise NotAJumpTableNotification
1587
1571
 
1588
1572
  # find the next block
1589
1573
  src = None
@@ -1597,7 +1581,7 @@ class JumpTableResolver(IndirectJumpResolver):
1597
1581
  traced.add(block_addr_)
1598
1582
  break
1599
1583
 
1600
- raise NotAJumpTableNotification()
1584
+ raise NotAJumpTableNotification
1601
1585
 
1602
1586
  @staticmethod
1603
1587
  def _try_resolve_single_constant_loads(load_stmt, cfg, addr):
@@ -1626,27 +1610,26 @@ class JumpTableResolver(IndirectJumpResolver):
1626
1610
  l.info(
1627
1611
  "Constant indirect jump %#x points outside of loaded memory to %#08x", addr, jump_target_addr
1628
1612
  )
1629
- raise NotAJumpTableNotification()
1613
+ raise NotAJumpTableNotification
1630
1614
 
1631
1615
  l.info("Resolved constant indirect jump from %#08x to %#08x", addr, jump_target_addr)
1632
1616
  return jump_target
1633
1617
 
1634
- elif isinstance(load_stmt, pyvex.IRStmt.LoadG):
1635
- if type(load_stmt.addr) is pyvex.IRExpr.Const:
1636
- # It's directly loading from a constant address
1637
- # e.g.,
1638
- # 4352c SUB R1, R11, #0x1000
1639
- # 43530 LDRHI R3, =loc_45450
1640
- # ...
1641
- # 43540 MOV PC, R3
1642
- #
1643
- # It's not a jump table, but we resolve it anyway
1644
- # Note that this block has two branches: One goes to 45450, the other one goes to whatever the original
1645
- # value of R3 is. Some intensive data-flow analysis is required in this case.
1646
- jump_target_addr = load_stmt.addr.con.value
1647
- jump_target = cfg._fast_memory_load_pointer(jump_target_addr)
1648
- l.info("Resolved constant indirect jump from %#08x to %#08x", addr, jump_target_addr)
1649
- return jump_target
1618
+ elif isinstance(load_stmt, pyvex.IRStmt.LoadG) and type(load_stmt.addr) is pyvex.IRExpr.Const:
1619
+ # It's directly loading from a constant address
1620
+ # e.g.,
1621
+ # 4352c SUB R1, R11, #0x1000
1622
+ # 43530 LDRHI R3, =loc_45450
1623
+ # ...
1624
+ # 43540 MOV PC, R3
1625
+ #
1626
+ # It's not a jump table, but we resolve it anyway
1627
+ # Note that this block has two branches: One goes to 45450, the other one goes to whatever the original
1628
+ # value of R3 is. Some intensive data-flow analysis is required in this case.
1629
+ jump_target_addr = load_stmt.addr.con.value
1630
+ jump_target = cfg._fast_memory_load_pointer(jump_target_addr)
1631
+ l.info("Resolved constant indirect jump from %#08x to %#08x", addr, jump_target_addr)
1632
+ return jump_target
1650
1633
 
1651
1634
  return None
1652
1635
 
@@ -1734,25 +1717,25 @@ class JumpTableResolver(IndirectJumpResolver):
1734
1717
  # full-function data propagation before performing jump table recovery.
1735
1718
  l.debug("Multiple statements adding bases, not supported yet") # FIXME: Just check the addresses?
1736
1719
 
1737
- jumptable_addr_vsa = claripy.backends.vsa.convert(jumptable_addr)
1738
-
1739
- if not isinstance(jumptable_addr_vsa, claripy.vsa.StridedInterval):
1720
+ if jumptable_addr.has_annotation_type(claripy.annotation.RegionAnnotation):
1740
1721
  return None
1741
1722
 
1742
1723
  all_targets = []
1743
1724
  jump_table = []
1744
1725
 
1726
+ jumptable_si = claripy.SI(bits=project.arch.bits, to_conv=jumptable_addr)
1727
+
1745
1728
  # we may resolve a vtable (in C, e.g., the IO_JUMPS_FUNC in libc), but the stride of this load is usually 1
1746
1729
  # while the read statement reads a word size at a time.
1747
1730
  # we use this to differentiate between traditional jump tables (where each entry is some blocks that belong to
1748
1731
  # the current function) and vtables (where each entry is a function).
1749
- if jumptable_addr_vsa.stride < load_size:
1732
+ if jumptable_si.args[3] < load_size: # stride < load_size
1750
1733
  stride = load_size
1751
- total_cases = jumptable_addr_vsa.cardinality // load_size
1734
+ total_cases = jumptable_addr.cardinality // load_size
1752
1735
  sort = "vtable" # it's probably a vtable!
1753
1736
  else:
1754
- stride = jumptable_addr_vsa.stride
1755
- total_cases = jumptable_addr_vsa.cardinality
1737
+ stride = jumptable_si.args[3]
1738
+ total_cases = jumptable_addr.cardinality
1756
1739
  sort = "jumptable"
1757
1740
 
1758
1741
  if total_cases > self._max_targets:
@@ -1780,7 +1763,7 @@ class JumpTableResolver(IndirectJumpResolver):
1780
1763
  break
1781
1764
  l.debug("- %#x[%d] -> %#x", table_base_addr, i, target)
1782
1765
  jump_table.append(target)
1783
- addr += jumptable_addr_vsa.stride
1766
+ addr += stride
1784
1767
  num_targets = len(jump_table)
1785
1768
  if num_targets == 0:
1786
1769
  l.debug("Didn't find any plausible targets in suspected jump table %#x", table_base_addr)
@@ -1816,18 +1799,22 @@ class JumpTableResolver(IndirectJumpResolver):
1816
1799
 
1817
1800
  # Both the min jump target and the max jump target should be within a mapped memory region
1818
1801
  # i.e., we shouldn't be jumping to the stack or somewhere unmapped
1819
- if not project.loader.find_segment_containing(min_jumptable_addr) or not project.loader.find_segment_containing(
1820
- max_jumptable_addr
1802
+ if not (
1803
+ (
1804
+ project.loader.find_segment_containing(min_jumptable_addr)
1805
+ and project.loader.find_segment_containing(max_jumptable_addr)
1806
+ )
1807
+ or (
1808
+ project.loader.find_section_containing(min_jumptable_addr)
1809
+ and project.loader.find_section_containing(max_jumptable_addr)
1810
+ )
1821
1811
  ):
1822
- if not project.loader.find_section_containing(
1823
- min_jumptable_addr
1824
- ) or not project.loader.find_section_containing(max_jumptable_addr):
1825
- l.debug(
1826
- "Jump table %#x might have jump targets outside mapped memory regions. "
1827
- "Continue to resolve it from the next data source.",
1828
- addr,
1829
- )
1830
- return None
1812
+ l.debug(
1813
+ "Jump table %#x might have jump targets outside mapped memory regions. "
1814
+ "Continue to resolve it from the next data source.",
1815
+ addr,
1816
+ )
1817
+ return None
1831
1818
 
1832
1819
  # Load the jump table from memory
1833
1820
  should_skip = False
@@ -1847,7 +1834,7 @@ class JumpTableResolver(IndirectJumpResolver):
1847
1834
 
1848
1835
  # Adjust entries inside the jump table
1849
1836
  mask = (2**self.project.arch.bits) - 1
1850
- transformation_list = list(reversed(list(v for v in transformations.values() if not v.first_load)))
1837
+ transformation_list = list(reversed([v for v in transformations.values() if not v.first_load]))
1851
1838
  if transformation_list:
1852
1839
 
1853
1840
  def handle_signed_ext(a):
@@ -2056,7 +2043,7 @@ class JumpTableResolver(IndirectJumpResolver):
2056
2043
  )
2057
2044
  state.inspect.add_breakpoint("reg_write", bp)
2058
2045
  else:
2059
- raise NotImplementedError("Unsupported sort %s in stmts_to_instrument." % sort)
2046
+ raise NotImplementedError(f"Unsupported sort {sort} in stmts_to_instrument.")
2060
2047
 
2061
2048
  reg_val = 0x13370000
2062
2049
 
@@ -2103,10 +2090,10 @@ class JumpTableResolver(IndirectJumpResolver):
2103
2090
 
2104
2091
  read_length = state.inspect.mem_read_length
2105
2092
  if not isinstance(read_length, int):
2106
- read_length = claripy.backends.vsa.convert(read_length).upper_bound
2093
+ read_length = read_length.args[3] # max
2107
2094
  if read_length > 16:
2108
2095
  return
2109
- new_read_addr = state.solver.BVV(UninitReadMeta.uninit_read_base, state.arch.bits)
2096
+ new_read_addr = claripy.BVV(UninitReadMeta.uninit_read_base, state.arch.bits)
2110
2097
  UninitReadMeta.uninit_read_base += read_length
2111
2098
 
2112
2099
  # replace the expression in registers
@@ -2123,7 +2110,7 @@ class JumpTableResolver(IndirectJumpResolver):
2123
2110
  def _dbg_repr_slice(self, blade, in_slice_stmts_only=False):
2124
2111
  stmts = defaultdict(set)
2125
2112
 
2126
- for addr, stmt_idx in sorted(list(blade.slice.nodes())):
2113
+ for addr, stmt_idx in sorted(blade.slice.nodes()):
2127
2114
  stmts[addr].add(stmt_idx)
2128
2115
 
2129
2116
  for addr in sorted(stmts.keys()):
@@ -2131,7 +2118,7 @@ class JumpTableResolver(IndirectJumpResolver):
2131
2118
  irsb = self.project.factory.block(addr, cross_insn_opt=True, backup_state=self.base_state).vex
2132
2119
 
2133
2120
  print(" ####")
2134
- print(" #### Block %#x" % addr)
2121
+ print(f" #### Block {addr:#x}")
2135
2122
  print(" ####")
2136
2123
 
2137
2124
  for i, stmt in enumerate(irsb.statements):
@@ -2139,7 +2126,7 @@ class JumpTableResolver(IndirectJumpResolver):
2139
2126
  display = stmt_taken if in_slice_stmts_only else True
2140
2127
  if display:
2141
2128
  s = "%s %x:%02d | " % ("+" if stmt_taken else " ", addr, i)
2142
- s += "%s " % stmt.pp_str(arch=self.project.arch, tyenv=irsb.tyenv)
2129
+ s += f"{stmt.pp_str(arch=self.project.arch, tyenv=irsb.tyenv)} "
2143
2130
  if stmt_taken:
2144
2131
  s += "IN: %d" % blade.slice.in_degree((addr, i))
2145
2132
  print(s)
@@ -2238,7 +2225,7 @@ class JumpTableResolver(IndirectJumpResolver):
2238
2225
  # blx r0
2239
2226
  # It's not a jump table, but we resolve it anyway
2240
2227
  jump_target_addr = load_stmt.data.addr.con.value
2241
- return state.solver.BVV(jump_target_addr, state.arch.bits)
2228
+ return claripy.BVV(jump_target_addr, state.arch.bits)
2242
2229
  elif isinstance(load_stmt, pyvex.IRStmt.LoadG):
2243
2230
  if type(load_stmt.addr) is pyvex.IRExpr.RdTmp:
2244
2231
  load_addr_tmp = load_stmt.addr.tmp
@@ -2254,9 +2241,9 @@ class JumpTableResolver(IndirectJumpResolver):
2254
2241
  # Note that this block has two branches: One goes to 45450, the other one goes to whatever the original
2255
2242
  # value of R3 is. Some intensive data-flow analysis is required in this case.
2256
2243
  jump_target_addr = load_stmt.addr.con.value
2257
- return state.solver.BVV(jump_target_addr, state.arch.bits)
2244
+ return claripy.BVV(jump_target_addr, state.arch.bits)
2258
2245
  else:
2259
- raise TypeError("Unsupported address loading statement type %s." % type(load_stmt))
2246
+ raise TypeError(f"Unsupported address loading statement type {type(load_stmt)}.")
2260
2247
 
2261
2248
  if state.scratch.temps[load_addr_tmp] is None:
2262
2249
  # the tmp variable is not there... umm...
@@ -2293,9 +2280,7 @@ class JumpTableResolver(IndirectJumpResolver):
2293
2280
  return False
2294
2281
  if vex_block.jumpkind == "Ijk_NoDecode":
2295
2282
  return False
2296
- if vex_block.size == 0:
2297
- return False
2298
- return True
2283
+ return vex_block.size != 0
2299
2284
 
2300
2285
  def _is_address_mapped(self, addr: int) -> bool:
2301
2286
  return (