angr 9.2.116__py3-none-manylinux2014_x86_64.whl → 9.2.117__py3-none-manylinux2014_x86_64.whl

angr/procedures/java_jni/__init__.py

@@ -4,7 +4,7 @@ import logging
 import typing
 
 from archinfo import ArchSoot
-from claripy import BVV, StrSubstr
+import claripy
 
 from ...calling_conventions import default_cc
 from ...sim_procedure import SimProcedure
@@ -66,7 +66,7 @@ class JNISimProcedure(SimProcedure):
         if isinstance(data, int):
             if addr is None:
                 addr = self._allocate_native_memory(size=type_size // 8)
-            value = self.state.solver.BVV(data, type_size)
+            value = claripy.BVV(data, type_size)
             self.state.memory.store(addr, value, endness=native_memory_endness)
         # store array
         elif isinstance(data, list):
@@ -173,11 +173,11 @@ class JNISimProcedure(SimProcedure):
         # store chars one by one
         str_len = len(string) // 8
         for idx in range(str_len):
-            str_byte = StrSubstr(idx, 1, string)
+            str_byte = claripy.StrSubstr(idx, 1, string)
             self.state.memory.store(addr + idx, str_byte)
 
         # store terminating zero
-        self.state.memory.store(len(string), BVV(0, 8))
+        self.state.memory.store(len(string), claripy.BVV(0, 8))
 
         return addr
 

angr/procedures/java_jni/array_operations.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 from . import JNISimProcedure
 from ...engines.soot.expressions import SimSootExpr_NewArray
 from ...engines.soot.values import SimSootValue_ArrayRef
@@ -239,7 +241,7 @@ class GetArrayRegion(JNISimProcedure):
         # - start_idx <= last_idx < array_size
         #   with last_idx := start_idx+length-1
         # - 0 <= length <= array_size
-        range_constraints = state.solver.And(
+        range_constraints = claripy.And(
             start_idx.SGE(0),
             start_idx.SLT(array.size),
             array.size.SGT(start_idx + length - 1),

angr/procedures/java_lang/string.py

@@ -26,7 +26,7 @@ class StringEquals(JavaSimProcedure):
     def run(self, str_ref_1, str_ref_2):  # pylint: disable=unused-argument
         str_1 = self.state.memory.load(str_ref_1)
         str_2 = self.state.memory.load(str_ref_2)
-        return self.state.solver.If(str_1 == str_2, self.state.solver.BVV(1, 32), self.state.solver.BVV(0, 32))
+        return claripy.If(str_1 == str_2, claripy.BVV(1, 32), claripy.BVV(0, 32))
 
 
 class StringSplit(JavaSimProcedure):

angr/procedures/java_util/random.py

@@ -1,3 +1,5 @@
+import claripy
+
 from ..java import JavaSimProcedure
 
 
@@ -5,7 +7,7 @@ class NextInt(JavaSimProcedure):
     __provides__ = (("java.util.Random", "nextInt(int)"),)
 
     def run(self, obj, bound):  # pylint: disable=arguments-differ,unused-argument
-        rand = self.state.solver.BVS("rand", 32)
+        rand = claripy.BVS("rand", 32)
         self.state.solver.add(rand.UGE(0))
         self.state.solver.add(rand.ULT(bound))
         return rand

angr/procedures/libc/access.py

@@ -1,3 +1,5 @@
+import claripy
+
 import angr
 
 
@@ -5,6 +7,6 @@ class access(angr.SimProcedure):
     # pylint:disable=arguments-differ
 
     def run(self, path, mode):
-        ret = self.state.solver.BVS("access", self.arch.sizeof["int"])
-        self.state.add_constraints(self.state.solver.Or(ret == 0, ret == -1))
+        ret = claripy.BVS("access", self.arch.sizeof["int"])
+        self.state.add_constraints(claripy.Or(ret == 0, ret == -1))
         return ret

angr/procedures/libc/feof.py

@@ -1,7 +1,8 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
+import angr
+
 
 class feof(angr.SimProcedure):
     # pylint:disable=arguments-differ
@@ -13,7 +14,7 @@ class feof(angr.SimProcedure):
         simfd = self.state.posix.get_fd(fileno)
         if simfd is None:
             return None
-        return self.state.solver.If(simfd.eof(), self.state.solver.BVV(1, self.arch.sizeof["int"]), 0)
+        return claripy.If(simfd.eof(), claripy.BVV(1, self.arch.sizeof["int"]), 0)
 
 
 feof_unlocked = feof

angr/procedures/libc/fgetc.py

@@ -1,3 +1,5 @@
+import claripy
+
 import angr
 
 
@@ -16,7 +18,7 @@ class fgetc(angr.SimProcedure):
             data,
             real_length,
         ) = simfd.read_data(1)
-        return self.state.solver.If(real_length == 0, -1, data.zero_extend(self.arch.sizeof["int"] - 8))
+        return claripy.If(real_length == 0, -1, data.zero_extend(self.arch.sizeof["int"] - 8))
 
 
 getc = fgetc

angr/procedures/libc/fgets.py

@@ -1,10 +1,10 @@
+import claripy
+from cle.backends.externs.simdata.io_file import io_file_data_for_arch
+
 import angr
 from angr.storage.memory_mixins.address_concretization_mixin import MultiwriteAnnotation
 
 
-from cle.backends.externs.simdata.io_file import io_file_data_for_arch
-
-
 class fgets(angr.SimProcedure):
     # pylint:disable=arguments-differ
 
@@ -47,10 +47,10 @@ class fgets(angr.SimProcedure):
 
             for i, byte in enumerate(data.chop(8)):
                 self.state.add_constraints(
-                    self.state.solver.If(
+                    claripy.If(
                         i + 1 != real_size,
                         byte != b"\n",  # if not last byte returned, not newline
-                        self.state.solver.Or(  # otherwise one of the following must be true:
+                        claripy.Or(  # otherwise one of the following must be true:
                             i + 2 == size,  # - we ran out of space, or
                             simfd.eof(),  # - the file is at EOF, or
                             byte == b"\n",  # - it is a newline

angr/procedures/libc/fopen.py

@@ -1,7 +1,8 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
+import angr
+
 
 def mode_to_flag(mode):
     # TODO improve this: handle mode = strings
@@ -60,5 +61,5 @@ class fopen(angr.SimProcedure):
             return file_struct_ptr
         else:
             # still possible that open failed
-            null = self.state.solver.BVV(0, self.state.arch.bits)
-            return self.state.solver.If(fd == fd_concr, file_struct_ptr, null)
+            null = claripy.BVV(0, self.state.arch.bits)
+            return claripy.If(fd == fd_concr, file_struct_ptr, null)

angr/procedures/libc/fread.py

@@ -1,7 +1,8 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
+import angr
+
 
 class fread(angr.SimProcedure):
     # pylint:disable=arguments-differ
@@ -16,7 +17,7 @@ class fread(angr.SimProcedure):
             return -1
 
         ret = simfd.read(dst, size * nm)
-        return self.state.solver.If(self.state.solver.Or(size == 0, nm == 0), 0, ret // size)
+        return claripy.If(claripy.Or(size == 0, nm == 0), 0, ret // size)
 
 
 fread_unlocked = fread

angr/procedures/libc/fseek.py

@@ -1,6 +1,7 @@
-import angr
-
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
+
+import angr
 from ...errors import SimSolverError
 
 
@@ -26,7 +27,7 @@ class fseek(angr.SimProcedure):
         simfd = self.state.posix.get_fd(fd)
         if simfd is None:
             return -1
-        return self.state.solver.If(simfd.seek(offset, whence), self.state.solver.BVV(0, self.arch.sizeof["int"]), -1)
+        return claripy.If(simfd.seek(offset, whence), claripy.BVV(0, self.arch.sizeof["int"]), -1)
 
 
 fseeko = fseek

angr/procedures/libc/getdelim.py

@@ -1,7 +1,10 @@
-import angr
+import logging
+
+import claripy
 from cle.backends.externs.simdata.io_file import io_file_data_for_arch
 
-import logging
+import angr
+
 
 l = logging.getLogger(name=__name__)
 
@@ -72,10 +75,10 @@ class __getdelim(angr.SimProcedure):
 
             for i, byte in enumerate(data.chop(8)):
                 self.state.add_constraints(
-                    self.state.solver.If(
+                    claripy.If(
                         i + 1 != real_size,
                         byte != delim_byte,  # if not last byte returned, not newline
-                        self.state.solver.Or(  # otherwise one of the following must be true:
+                        claripy.Or(  # otherwise one of the following must be true:
                             i + 2 == size,  # - we ran out of space, or
                             simfd.eof(),  # - the file is at EOF, or
                             byte == delim_byte,  # - it is a newline

angr/procedures/libc/gets.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 import angr
 from angr.storage.memory_mixins.address_concretization_mixin import MultiwriteAnnotation
 from angr.misc.ux import once
@@ -48,10 +50,10 @@ class gets(angr.SimProcedure):
 
             for i, byte in enumerate(data.chop(8)):
                 self.state.add_constraints(
-                    self.state.solver.If(
+                    claripy.If(
                         i + 1 != real_size,
                         byte != b"\n",  # if not last byte returned, not newline
-                        self.state.solver.Or(  # otherwise one of the following must be true:
+                        claripy.Or(  # otherwise one of the following must be true:
                             i + 2 == max_size,  # - we ran out of space, or
                             simfd.eof(),  # - the file is at EOF, or
                             byte == b"\n",  # - it is a newline

angr/procedures/libc/memcmp.py

@@ -1,6 +1,9 @@
-import angr
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -25,19 +28,19 @@ class memcmp(angr.SimProcedure):
             s1_part = self.state.memory.load(s1_addr, definite_size, endness="Iend_BE")
             s2_part = self.state.memory.load(s2_addr, definite_size, endness="Iend_BE")
             cases = [
-                [s1_part == s2_part, self.state.solver.BVV(0, int_bits)],
-                [self.state.solver.ULT(s1_part, s2_part), self.state.solver.BVV(-1, int_bits)],
-                [self.state.solver.UGT(s1_part, s2_part), self.state.solver.BVV(1, int_bits)],
+                [s1_part == s2_part, claripy.BVV(0, int_bits)],
+                [claripy.ULT(s1_part, s2_part), claripy.BVV(-1, int_bits)],
+                [claripy.UGT(s1_part, s2_part), claripy.BVV(1, int_bits)],
             ]
-            definite_answer = self.state.solver.ite_cases(cases, 2)
-            constraint = self.state.solver.Or(*[c for c, _ in cases])
+            definite_answer = claripy.ite_cases(cases, 2)
+            constraint = claripy.Or(*[c for c, _ in cases])
             self.state.add_constraints(constraint)
 
             l.debug("Created definite answer: %s", definite_answer)
             l.debug("Created constraint: %s", constraint)
             l.debug("... crom cases: %s", cases)
         else:
-            definite_answer = self.state.solver.BVV(0, int_bits)
+            definite_answer = claripy.BVV(0, int_bits)
 
         if not self.state.solver.symbolic(definite_answer) and self.state.solver.eval(definite_answer) != 0:
             return definite_answer
@@ -51,19 +54,19 @@ class memcmp(angr.SimProcedure):
                 s1_part = s1_all[conditional_size * 8 - 1 : bit - 8]
                 s2_part = s2_all[conditional_size * 8 - 1 : bit - 8]
                 cases = [
-                    [s1_part == s2_part, self.state.solver.BVV(0, int_bits)],
-                    [self.state.solver.ULT(s1_part, s2_part), self.state.solver.BVV(-1, int_bits)],
-                    [self.state.solver.UGT(s1_part, s2_part), self.state.solver.BVV(1, int_bits)],
+                    [s1_part == s2_part, claripy.BVV(0, int_bits)],
+                    [claripy.ULT(s1_part, s2_part), claripy.BVV(-1, int_bits)],
+                    [claripy.UGT(s1_part, s2_part), claripy.BVV(1, int_bits)],
                 ]
-                conditional_rets[byte + 1] = self.state.solver.ite_cases(cases, 0)
-                self.state.add_constraints(self.state.solver.Or(*[c for c, _ in cases]))
+                conditional_rets[byte + 1] = claripy.ite_cases(cases, 0)
+                self.state.add_constraints(claripy.Or(*[c for c, _ in cases]))
 
-            ret_expr = self.state.solver.If(
+            ret_expr = claripy.If(
                 definite_answer == 0,
-                self.state.solver.ite_dict(n - definite_size, conditional_rets, 2),
+                claripy.ite_dict(n - definite_size, conditional_rets, 2),
                 definite_answer,
             )
-            self.state.add_constraints(self.state.solver.Or(*[n - definite_size == c for c in conditional_rets]))
+            self.state.add_constraints(claripy.Or(*[n - definite_size == c for c in conditional_rets]))
             return ret_expr
         else:
             return definite_answer

angr/procedures/libc/memset.py

@@ -1,7 +1,9 @@
-import angr
-
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -37,12 +39,12 @@ class memset(angr.SimProcedure):
 
     def run(self, dst_addr, char, num):
         if char.size() != self.state.arch.byte_width:  # sizeof(char)
-            char = self.state.solver.Extract(self.state.arch.byte_width - 1, 0, char)
+            char = claripy.Extract(self.state.arch.byte_width - 1, 0, char)
 
         if self.state.solver.symbolic(num):
             l.debug("symbolic length")
             max_size = self.state.solver.min_int(num) + self.state.libc.max_buffer_size
-            write_bytes = self.state.solver.Concat(*([char] * max_size))
+            write_bytes = claripy.Concat(*([char] * max_size))
             self.state.memory.store(dst_addr, write_bytes, size=num)
         else:
             max_size = self.state.solver.eval(num)
@@ -54,14 +56,14 @@ class memset(angr.SimProcedure):
 
                 if self.state.solver.symbolic(char):
                     l.debug("symbolic char")
-                    write_bytes = self.state.solver.Concat(*([char] * chunksize))
+                    write_bytes = claripy.Concat(*([char] * chunksize))
                 else:
                     # Concatenating many bytes is slow, so some sort of optimization is required
                     if char.concrete_value == 0:
-                        write_bytes = self.state.solver.BVV(0, chunksize * 8)
+                        write_bytes = claripy.BVV(0, chunksize * 8)
                     else:
                         rb = memset._repeat_bytes(char.concrete_value, chunksize)
-                        write_bytes = self.state.solver.BVV(rb, chunksize * 8)
+                        write_bytes = claripy.BVV(rb, chunksize * 8)
 
                 self.state.memory.store(dst_addr + offset, write_bytes)
                 offset += chunksize

angr/procedures/libc/puts.py

@@ -1,3 +1,5 @@
+import claripy
+
 import angr
 
 
@@ -12,5 +14,5 @@ class puts(angr.SimProcedure):
         strlen = angr.SIM_PROCEDURES["libc"]["strlen"]
         length = self.inline_call(strlen, string).ret_expr
         out = stdout.write(string, length)
-        stdout.write_data(self.state.solver.BVV(b"\n"))
+        stdout.write_data(claripy.BVV(b"\n"))
         return (out + 1)[31:0]

angr/procedures/libc/snprintf.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 from angr.procedures.stubs.format_parser import FormatParser
 
 l = logging.getLogger(name=__name__)
@@ -15,7 +17,7 @@ class snprintf(FormatParser):
         self.state.memory.store(dst_ptr, out_str)
 
         # place the terminating null byte
-        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), self.state.solver.BVV(0, 8))
+        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), claripy.BVV(0, 8))
 
         return out_str.size() // self.arch.byte_width
 
@@ -28,6 +30,6 @@ class __snprintf_chk(FormatParser):
         self.state.memory.store(dst_ptr, out_str)
 
         # place the terminating null byte
-        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), self.state.solver.BVV(0, 8))
+        self.state.memory.store(dst_ptr + (out_str.size() // self.arch.byte_width), claripy.BVV(0, 8))
 
         return out_str.size() // self.arch.byte_width

angr/procedures/libc/sprintf.py

@@ -1,5 +1,7 @@
 import logging
 
+import claripy
+
 from angr.procedures.stubs.format_parser import FormatParser
 
 l = logging.getLogger(name=__name__)
@@ -16,7 +18,7 @@ class sprintf(FormatParser):
 
         # place the terminating null byte
         self.state.memory.store(
-            dst_ptr + (out_str.size() // self.arch.byte_width), self.state.solver.BVV(0, self.arch.byte_width)
+            dst_ptr + (out_str.size() // self.arch.byte_width), claripy.BVV(0, self.arch.byte_width)
         )
 
         return out_str.size() // self.arch.byte_width

angr/procedures/libc/strchr.py

@@ -1,8 +1,11 @@
+import logging
+
+import claripy
+
 import angr
 from angr.storage.memory_mixins.address_concretization_mixin import MultiwriteAnnotation
 from angr.sim_options import MEMORY_CHUNK_INDIVIDUAL_READS
 
-import logging
 
 l = logging.getLogger(name=__name__)
 
@@ -36,9 +39,9 @@ class strchr(angr.SimProcedure):
         # ensure that the string length is long enough to include
         # the character!
         chrpos = a - s_addr
-        self.state.add_constraints(self.state.solver.If(a != 0, chrpos <= s_strlen.ret_expr, True))
+        self.state.add_constraints(claripy.If(a != 0, chrpos <= s_strlen.ret_expr, True))
 
         return a
-        # self.state.add_constraints(self.state.solver.ULT(a - s_addr, s_strlen.ret_expr))
+        # self.state.add_constraints(claripy.ULT(a - s_addr, s_strlen.ret_expr))
         # self.max_chr_index = max(i)
         # return a

angr/procedures/libc/strcmp.py

@@ -1,7 +1,9 @@
-import angr
-
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -13,7 +15,7 @@ class strcmp(angr.SimProcedure):
 
         a_strlen = self.inline_call(strlen, a_addr, wchar=wchar)
         b_strlen = self.inline_call(strlen, b_addr, wchar=wchar)
-        maxlen = self.state.solver.BVV(max(a_strlen.max_null_index, b_strlen.max_null_index), self.state.arch.bits)
+        maxlen = claripy.BVV(max(a_strlen.max_null_index, b_strlen.max_null_index), self.state.arch.bits)
 
         strncmp = self.inline_call(
             angr.SIM_PROCEDURES["libc"]["strncmp"],

angr/procedures/libc/strlen.py

@@ -16,10 +16,10 @@ class strlen(angr.SimProcedure):
 
     def run(self, s, wchar=False, maxlen=None):
         if wchar:
-            null_seq = self.state.solver.BVV(0, 16)
+            null_seq = claripy.BVV(0, 16)
             char_size = 2
         else:
-            null_seq = self.state.solver.BVV(0, 8)
+            null_seq = claripy.BVV(0, 8)
             char_size = 1
 
         max_symbolic_bytes = self.state.libc.buf_symbolic_bytes
@@ -38,7 +38,7 @@ class strlen(angr.SimProcedure):
             addr_desc: AbstractAddressDescriptor = self.state.memory._normalize_address(s)
 
             # size_t
-            length = self.state.solver.ESI(self.arch.bits)
+            length = claripy.ESI(self.arch.bits)
             for s_aw in self.state.memory._concretize_address_descriptor(addr_desc, None):
                 s_ptr = s_aw.to_valueset(self.state)
                 r, c, i = self.state.memory.find(

angr/procedures/libc/strncmp.py

@@ -1,7 +1,9 @@
-import angr
-
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -50,9 +52,9 @@ class strncmp(angr.SimProcedure):
                 maxlen = max(a_strlen.max_null_index, b_strlen.max_null_index)
 
             match_constraints.append(
-                self.state.solver.Or(
+                claripy.Or(
                     a_len == b_len,
-                    self.state.solver.And(self.state.solver.UGE(a_len, limit), self.state.solver.UGE(b_len, limit)),
+                    claripy.And(claripy.UGE(a_len, limit), claripy.UGE(b_len, limit)),
                 )
             )
 
@@ -62,7 +64,7 @@ class strncmp(angr.SimProcedure):
             if self.state.solver.single_valued(limit) and self.state.solver.eval(limit) == 0:
                 # limit is 0
                 l.debug("returning equal for 0-limit")
-                return self.state.solver.BVV(0, 32)
+                return claripy.BVV(0, 32)
             elif (
                 self.state.solver.single_valued(a_len)
                 and self.state.solver.single_valued(b_len)
@@ -70,14 +72,14 @@ class strncmp(angr.SimProcedure):
             ):
                 # two empty strings
                 l.debug("returning equal for two empty strings")
-                return self.state.solver.BVV(0, 32)
+                return claripy.BVV(0, 32)
             else:
                 # all other cases fall into this branch
                 l.debug("returning non-equal for comparison of an empty string and a non-empty string")
                 if a_strlen.max_null_index == 0:
-                    return self.state.solver.BVV(-1, 32)
+                    return claripy.BVV(-1, 32)
                 else:
-                    return self.state.solver.BVV(1, 32)
+                    return claripy.BVV(1, 32)
 
         # the bytes
         max_byte_len = maxlen * char_size
@@ -111,9 +113,9 @@ class strncmp(angr.SimProcedure):
                 if a_conc != b_conc:
                     l.debug("... found mis-matching concrete bytes 0x%x and 0x%x", a_conc, b_conc)
                     if a_conc < b_conc:
-                        return self.state.solver.BVV(-1, 32)
+                        return claripy.BVV(-1, 32)
                     else:
-                        return self.state.solver.BVV(1, 32)
+                        return claripy.BVV(1, 32)
             else:
                 if self.state.mode == "static":
                     return_values.append(a_byte - b_byte)
@@ -122,17 +124,17 @@ class strncmp(angr.SimProcedure):
 
             if self.state.mode != "static":
                 if ignore_case:
-                    byte_constraint = self.state.solver.Or(
-                        self.state.solver.Or(
+                    byte_constraint = claripy.Or(
+                        claripy.Or(
                             a_byte == b_byte,
-                            self.state.solver.And(
+                            claripy.And(
                                 ord("A") <= a_byte,
                                 a_byte <= ord("Z"),
                                 ord("a") <= b_byte,
                                 b_byte <= ord("z"),
                                 b_byte - ord(" ") == a_byte,
                             ),
-                            self.state.solver.And(
+                            claripy.And(
                                 ord("A") <= b_byte,
                                 b_byte <= ord("Z"),
                                 ord("a") <= a_byte,
@@ -140,21 +142,19 @@ class strncmp(angr.SimProcedure):
                                 a_byte - ord(" ") == b_byte,
                             ),
                         ),
-                        self.state.solver.ULT(a_len, i),
-                        self.state.solver.ULE(limit, i),
+                        claripy.ULT(a_len, i),
+                        claripy.ULE(limit, i),
                     )
                 else:
-                    byte_constraint = self.state.solver.Or(
-                        a_byte == b_byte, self.state.solver.ULT(a_len, i), self.state.solver.ULE(limit, i)
-                    )
+                    byte_constraint = claripy.Or(a_byte == b_byte, claripy.ULT(a_len, i), claripy.ULE(limit, i))
                 match_constraints.append(byte_constraint)
 
         if concrete_run:
             l.debug("concrete run made it to the end!")
-            return self.state.solver.BVV(0, 32)
+            return claripy.BVV(0, 32)
 
         if self.state.mode == "static":
-            ret_expr = self.state.solver.ESI(8)
+            ret_expr = claripy.ESI(8)
             for expr in return_values:
                 ret_expr = ret_expr.union(expr)
 
@@ -164,17 +164,17 @@ class strncmp(angr.SimProcedure):
             # make the constraints
 
             l.debug("returning symbolic")
-            match_constraint = self.state.solver.And(*match_constraints)
-            nomatch_constraint = self.state.solver.Not(match_constraint)
+            match_constraint = claripy.And(*match_constraints)
+            nomatch_constraint = claripy.Not(match_constraint)
 
             # l.debug("match constraints: %s", match_constraint)
             # l.debug("nomatch constraints: %s", nomatch_constraint)
 
-            match_case = self.state.solver.And(limit != 0, match_constraint, ret_expr == 0)
-            nomatch_case = self.state.solver.And(limit != 0, nomatch_constraint, ret_expr == 1)
-            l0_case = self.state.solver.And(limit == 0, ret_expr == 0)
-            empty_case = self.state.solver.And(a_strlen.ret_expr == 0, b_strlen.ret_expr == 0, ret_expr == 0)
+            match_case = claripy.And(limit != 0, match_constraint, ret_expr == 0)
+            nomatch_case = claripy.And(limit != 0, nomatch_constraint, ret_expr == 1)
+            l0_case = claripy.And(limit == 0, ret_expr == 0)
+            empty_case = claripy.And(a_strlen.ret_expr == 0, b_strlen.ret_expr == 0, ret_expr == 0)
 
-            self.state.add_constraints(self.state.solver.Or(match_case, nomatch_case, l0_case, empty_case))
+            self.state.add_constraints(claripy.Or(match_case, nomatch_case, l0_case, empty_case))
 
         return ret_expr

angr/procedures/libc/strncpy.py

@@ -1,6 +1,9 @@
-import angr
 import logging
 
+import claripy
+
+import angr
+
 l = logging.getLogger(name=__name__)
 
 
@@ -12,7 +15,7 @@ class strncpy(angr.SimProcedure):
         memcpy = angr.SIM_PROCEDURES["libc"]["memcpy"]
 
         src_len = src_len if src_len is not None else self.inline_call(strlen, src_addr).ret_expr
-        cpy_size = self.state.solver.If(self.state.solver.ULE(limit, src_len + 1), limit, src_len + 1)
+        cpy_size = claripy.If(claripy.ULE(limit, src_len + 1), limit, src_len + 1)
 
         self.inline_call(memcpy, dst_addr, src_addr, cpy_size)
         return dst_addr