angr 9.2.118__py3-none-macosx_11_0_arm64.whl → 9.2.119__py3-none-macosx_11_0_arm64.whl

angr/calling_conventions.py

@@ -2,6 +2,7 @@
 from __future__ import annotations
 import logging
 from typing import cast
+from collections.abc import Iterable
 from collections import defaultdict
 
 import claripy
@@ -49,6 +50,7 @@ class AllocHelper:
         self.base = claripy.BVS("alloc_base", ptrsize)
         self.ptr = self.base
         self.stores = {}
+        self.store_asts = {}
 
     def alloc(self, size):
         out = self.ptr
@@ -58,7 +60,7 @@ class AllocHelper:
     def dump(self, val, state, loc=None):
         if loc is None:
             loc = self.stack_loc(val, state.arch)
-        self.stores[self.ptr.cache_key] = (val, loc)
+        self.stores[self.ptr] = (val, loc)
         return self.alloc(self.calc_size(val, state.arch))
 
     def translate(self, val, base):
@@ -66,7 +68,7 @@ class AllocHelper:
             return SimStructValue(
                 val.struct, {field: self.translate(subval, base) for field, subval in val._values.items()}
             )
-        if isinstance(val, claripy.Bits):
+        if isinstance(val, claripy.ast.Bits):
             return val.replace(self.base, base)
         if type(val) is list:
             return [self.translate(subval, base) for subval in val]
@@ -75,7 +77,7 @@ class AllocHelper:
     def apply(self, state, base):
         for ptr, (val, loc) in self.stores.items():
             translated_val = self.translate(val, base)
-            translated_ptr = self.translate(ptr.ast, base)
+            translated_ptr = self.translate(ptr, base)
             loc.set_value(state, translated_val, stack_base=translated_ptr)
 
     def size(self):
@@ -87,7 +89,7 @@ class AllocHelper:
     def calc_size(cls, val, arch):
         if type(val) is SimStructValue:
             return val.struct.size // arch.byte_width
-        if isinstance(val, claripy.Bits):
+        if isinstance(val, claripy.ast.Bits):
             return len(val) // arch.byte_width
         if type(val) is list:
             # TODO real strides
@@ -98,7 +100,7 @@ class AllocHelper:
 
     @classmethod
     def stack_loc(cls, val, arch, offset=0):
-        if isinstance(val, claripy.Bits):
+        if isinstance(val, claripy.ast.Bits):
             return SimStackArg(offset, len(val) // arch.byte_width)
         if type(val) is list:
             # TODO real strides
@@ -264,7 +266,7 @@ class SimFunctionArgument:
     def refine(self, size, arch=None, offset=None, is_fp=None):
         raise NotImplementedError
 
-    def get_footprint(self) -> list[SimRegArg | SimStackArg]:
+    def get_footprint(self) -> Iterable[SimRegArg | SimStackArg]:
         """
         Return a list of SimRegArg and SimStackArgs that are the base components used for this location
         """
@@ -289,13 +291,18 @@ class SimRegArg(SimFunctionArgument):
         self.clear_entire_reg = clear_entire_reg
 
     def get_footprint(self):
-        yield self
+        return {self}
 
     def __repr__(self):
         return f"<{self.reg_name}>"
 
     def __eq__(self, other):
-        return type(other) is SimRegArg and self.reg_name == other.reg_name and self.reg_offset == other.reg_offset
+        return (
+            type(other) is SimRegArg
+            and self.reg_name == other.reg_name
+            and self.reg_offset == other.reg_offset
+            and self.size == other.size
+        )
 
     def __hash__(self):
         return hash((self.size, self.reg_name, self.reg_offset))
@@ -337,12 +344,12 @@ class SimStackArg(SimFunctionArgument):
     :ivar bool is_fp:  Whether loads from this location should return a floating point bitvector
     """
 
-    def __init__(self, stack_offset, size, is_fp=False):
+    def __init__(self, stack_offset: int, size: int, is_fp: bool = False):
         SimFunctionArgument.__init__(self, size, is_fp)
-        self.stack_offset = stack_offset
+        self.stack_offset: int = stack_offset
 
     def get_footprint(self):
-        yield self
+        return {self}
 
     def __repr__(self):
         return f"[{self.stack_offset:#x}]"
@@ -385,8 +392,7 @@ class SimComboArg(SimFunctionArgument):
         self.locations = locations
 
     def get_footprint(self):
-        for x in self.locations:
-            yield from x.get_footprint()
+        return {y for x in self.locations for y in x.get_footprint()}
 
     def __repr__(self):
         return f"SimComboArg({self.locations!r})"
@@ -423,8 +429,21 @@ class SimStructArg(SimFunctionArgument):
         self.locs = locs
 
     def get_footprint(self):
-        for x in self.locs.values():
-            yield from x.get_footprint()
+        regs: defaultdict[str, set[SimRegArg]] = defaultdict(set)
+        others: set[SimRegArg | SimStackArg] = set()
+        for loc in self.locs.values():
+            for footloc in loc.get_footprint():
+                if isinstance(footloc, SimRegArg):
+                    regs[footloc.reg_name].add(footloc)
+                else:
+                    others.add(footloc)
+
+        for reg, locset in regs.items():
+            min_offset = min(loc.reg_offset for loc in locset)
+            max_offset = max(loc.reg_offset + loc.size for loc in locset)
+            others.add(SimRegArg(reg, max_offset - min_offset, min_offset))
+
+        return others
 
     def get_value(self, state, **kwargs):
         return SimStructValue(
@@ -442,8 +461,7 @@ class SimArrayArg(SimFunctionArgument):
         self.locs = locs
 
     def get_footprint(self):
-        for x in self.locs:
-            yield from x.get_footprint()
+        return {y for x in self.locs for y in x.get_footprint()}
 
     def get_value(self, state, **kwargs):
         return [getter.get_value(state, **kwargs) for getter in self.locs]
@@ -470,7 +488,7 @@ class SimReferenceArgument(SimFunctionArgument):
         self.main_loc = main_loc
 
     def get_footprint(self):
-        yield from self.ptr_loc.get_footprint()
+        return self.main_loc.get_footprint()
 
     def get_value(self, state, **kwargs):
         ptr_val = self.ptr_loc.get_value(state, **kwargs)
@@ -946,7 +964,7 @@ class SimCC:
                 raise TypeError(f"Type mismatch: expected {ty}, got pointer-wrapper")
 
             if arg.buffer:
-                if isinstance(arg.value, claripy.Bits):
+                if isinstance(arg.value, claripy.ast.Bits):
                     real_value = arg.value.chop(state.arch.byte_width)
                 elif type(arg.value) in (bytes, str):
                     real_value = claripy.BVV(arg.value).chop(8)
@@ -1069,15 +1087,21 @@ class SimCC:
         if sp_delta != cls.STACKARG_SP_DIFF:
             return False
 
+        def _arg_ident(a: SimRegArg | SimStackArg) -> int | str:
+            if isinstance(a, SimRegArg):
+                return a.reg_name
+            return a.stack_offset
+
         sample_inst = cls(arch)
-        all_fp_args = list(sample_inst.fp_args)
-        all_int_args = list(sample_inst.int_args)
+        all_fp_args: set[int | str] = {_arg_ident(a) for a in sample_inst.fp_args}
+        all_int_args: set[int | str] = {_arg_ident(a) for a in sample_inst.int_args}
         both_iter = sample_inst.memory_args
-        some_both_args = [next(both_iter) for _ in range(len(args))]
+        some_both_args: set[int | str] = {_arg_ident(next(both_iter)) for _ in range(len(args))}
 
         new_args = []
         for arg in args:
-            if arg not in all_fp_args and arg not in all_int_args and arg not in some_both_args:
+            arg_ident = _arg_ident(arg)
+            if arg_ident not in all_fp_args and arg_ident not in all_int_args and arg_ident not in some_both_args:
                 if isinstance(arg, SimRegArg) and arg.reg_name in sample_inst.CALLER_SAVED_REGS:
                     continue
                 return False
@@ -1258,6 +1282,8 @@ class SimCCMicrosoftAMD64(SimCC):
 
     ArgSession = MicrosoftAMD64ArgSession
 
+    STRUCT_RETURN_THRESHOLD = 64
+
     def next_arg(self, session, arg_type):
         if isinstance(arg_type, (SimTypeArray, SimTypeFixedSizeArray)):  # hack
             arg_type = SimTypePointer(arg_type.elem_type).with_arch(self.arch)
@@ -1282,7 +1308,26 @@ class SimCCMicrosoftAMD64(SimCC):
     def return_in_implicit_outparam(self, ty):
         if isinstance(ty, SimTypeBottom):
             return False
-        return not isinstance(ty, SimTypeFloat) and ty.size > 64
+        return not isinstance(ty, SimTypeFloat) and ty.size > self.STRUCT_RETURN_THRESHOLD
+
+    def return_val(self, ty, perspective_returned=False):
+        if ty._arch is None:
+            ty = ty.with_arch(self.arch)
+        if not isinstance(ty, SimStruct):
+            return super().return_val(ty, perspective_returned)
+
+        if ty.size > self.STRUCT_RETURN_THRESHOLD:
+            # TODO this code is duplicated a ton of places. how should it be a function?
+            byte_size = ty.size // self.arch.byte_width
+            referenced_locs = [SimStackArg(offset, self.arch.bytes) for offset in range(0, byte_size, self.arch.bytes)]
+            referenced_loc = refine_locs_with_struct_type(self.arch, referenced_locs, ty)
+            if perspective_returned:
+                ptr_loc = self.RETURN_VAL
+            else:
+                ptr_loc = self.next_arg(self.ArgSession(self), SimTypePointer(SimTypeBottom()).with_arch(self.arch))
+            return SimReferenceArgument(ptr_loc, referenced_loc)
+
+        return refine_locs_with_struct_type(self.arch, [self.RETURN_VAL], ty)
 
 
 class SimCCSyscall(SimCC):

angr/concretization_strategies/norepeats.py

@@ -29,8 +29,8 @@ class SimConcretizationStrategyNorepeats(SimConcretizationStrategy):
         )
 
     def merge(self, others):
-        seen = {s.cache_key for s in self._repeat_constraints}
+        seen = {s.hash() for s in self._repeat_constraints}
         for c in itertools.chain.from_iterable(o._repeat_constraints for o in others):
-            if c.cache_key not in seen:
-                seen.add(c.cache_key)
+            if c.hash() not in seen:
+                seen.add(c.hash())
                 self._repeat_constraints.append(c)

angr/engines/concrete.py

@@ -61,7 +61,7 @@ class SimEngineConcrete(SuccessorsMixin):
 
         successors.engine = "SimEngineConcrete"
         successors.sort = "SimEngineConcrete"
-        successors.add_successor(new_state, new_state.ip, claripy.true, new_state.unicorn.jumpkind)
+        successors.add_successor(new_state, new_state.ip, claripy.true(), new_state.unicorn.jumpkind)
         successors.description = "Concrete Successors"
         successors.processed = True
 

angr/engines/light/engine.py

@@ -419,7 +419,7 @@ class SimEngineLightVEXMixin(SimEngineLightMixin):
         vector_size, vector_count = None, None
         if handler is not None:
             # vector information
-            m = re.match(r"Iop_[^\d]+(\d+)U{0,1}x(\d+)", expr.op)
+            m = re.match(r"Iop_[^\d]+(\d+)[SU]{0,1}x(\d+)", expr.op)
             if m is not None:
                 vector_size = int(m.group(1))
                 vector_count = int(m.group(2))
@@ -1340,12 +1340,8 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
         if expr_1 is None:
             expr_1 = arg1
 
-        try:
-            if isinstance(expr_1, claripy.ast.BV) and expr_1.concrete:
-                return expr_0 << expr_1.concrete_value
-        except TypeError:
-            pass
-
+        if isinstance(expr_0, claripy.ast.BV) and isinstance(expr_1, claripy.ast.BV) and expr_1.concrete:
+            return expr_0 << expr_1.concrete_value
         return ailment.Expr.BinaryOp(expr.idx, "Shl", [expr_0, expr_1], expr.signed, **expr.tags)
 
     def _ail_handle_Sal(self, expr):
@@ -1385,10 +1381,9 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
         if expr_1 is None:
             expr_1 = arg1
 
-        try:
-            return expr_0 >> expr_1
-        except TypeError:
-            return ailment.Expr.BinaryOp(expr.idx, "Sar", [expr_0, expr_1], expr.signed, **expr.tags)
+        if isinstance(expr_0, claripy.ast.Bits) and isinstance(expr_1, claripy.ast.Bits) and expr_1.concrete:
+            return expr_0 >> expr_1.concrete_value
+        return ailment.Expr.BinaryOp(expr.idx, "Sar", [expr_0, expr_1], expr.signed, **expr.tags)
 
     def _ail_handle_Concat(self, expr):
         arg0, arg1 = expr.operands

angr/engines/pcode/engine.py

@@ -85,7 +85,7 @@ class HeavyPcodeMixin(
         successors.sort = "IRSB"
         successors.description = "IRSB"
         self.state.history.recent_block_count = 1
-        self.state.scratch.guard = claripy.true
+        self.state.scratch.guard = claripy.true()
         self.state.scratch.sim_procedure = None
         addr = successors.addr
         self.state.scratch.bbl_addr = addr
@@ -240,7 +240,7 @@ class HeavyPcodeMixin(
                 l.debug("%s adding postcall exit.", self)
 
                 ret_state = exit_state.copy()
-                guard = claripy.true if o.TRUE_RET_EMULATION_GUARD in self.state.options else claripy.false
+                guard = claripy.true() if o.TRUE_RET_EMULATION_GUARD in self.state.options else claripy.false()
                 ret_target = claripy.BVV(successors.addr + self.state.scratch.irsb.size, ret_state.arch.bits)
                 if ret_state.arch.call_pushes_ret and not exit_jumpkind.startswith("Ijk_Sys"):
                     ret_state.regs.sp = ret_state.regs.sp + ret_state.arch.bytes

angr/engines/soot/engine.py

@@ -136,7 +136,7 @@ class SootMixin(SuccessorsMixin, ProcedureMixin):
                 next_addr = self._get_next_linear_instruction(state, stmt_idx)
                 l.debug("Advancing execution linearly to %s", next_addr)
                 if next_addr is not None:
-                    successors.add_successor(state.copy(), next_addr, claripy.true, "Ijk_Boring")
+                    successors.add_successor(state.copy(), next_addr, claripy.true(), "Ijk_Boring")
 
     def _handle_soot_stmt(self, state, successors, stmt_idx, stmt):
         # execute statement
@@ -174,7 +174,7 @@ class SootMixin(SuccessorsMixin, ProcedureMixin):
             # add invoke state as the successor and terminate execution
             # prematurely, since Soot does not guarantee that an invoke stmt
             # terminates a block
-            successors.add_successor(invoke_state, addr, claripy.true, "Ijk_Call")
+            successors.add_successor(invoke_state, addr, claripy.true(), "Ijk_Call")
             return True
 
         # add jmp exit
@@ -199,7 +199,7 @@ class SootMixin(SuccessorsMixin, ProcedureMixin):
     def _add_return_exit(cls, state, successors, return_val=None):
         ret_state = state.copy()
         cls.prepare_return_state(ret_state, return_val)
-        successors.add_successor(ret_state, state.callstack.ret_addr, claripy.true, "Ijk_Ret")
+        successors.add_successor(ret_state, state.callstack.ret_addr, claripy.true(), "Ijk_Ret")
         successors.processed = True
 
     def _get_sim_procedure(self, addr):
@@ -320,7 +320,7 @@ class SootMixin(SuccessorsMixin, ProcedureMixin):
             # TODO symbolic exit code?
             exit_code = claripy.BVV(exit_code, state.arch.bits)
         state.history.add_event("terminate", exit_code=exit_code)
-        successors.add_successor(state, state.regs.ip, claripy.true, "Ijk_Exit")
+        successors.add_successor(state, state.regs.ip, claripy.true(), "Ijk_Exit")
         successors.processed = True
         raise BlockTerminationNotice
 
@@ -342,7 +342,7 @@ class SootMixin(SuccessorsMixin, ProcedureMixin):
 
         # set successor flags
         ret_state.regs._ip = ret_state.callstack.ret_addr
-        ret_state.scratch.guard = claripy.true
+        ret_state.scratch.guard = claripy.true()
         ret_state.history.jumpkind = "Ijk_Ret"
 
         # if available, lookup the return value in native memory

angr/engines/soot/expressions/condition.py

@@ -19,7 +19,7 @@ class SimSootExpr_Condition(SimSootExpr):
         elif isinstance(v1.expr, (SootNullConstant, SimSootValue_StringRef)) or isinstance(
             v2.expr, (SootNullConstant, SimSootValue_StringRef)
         ):
-            self.expr = claripy.true if operator_func(v1.expr, v2.expr) else claripy.false
+            self.expr = claripy.true() if operator_func(v1.expr, v2.expr) else claripy.false()
         else:
             self.expr = operator_func(v1.expr, v2.expr)
 

angr/engines/soot/statements/goto.py

@@ -11,4 +11,4 @@ l = logging.getLogger("angr.engines.soot.statements.goto")
 class SimSootStmt_Goto(SimSootStmt):
     def _execute(self):
         jmp_target = self._get_bb_addr_from_instr(instr=self.stmt.target)
-        self._add_jmp_target(target=jmp_target, condition=claripy.true)
+        self._add_jmp_target(target=jmp_target, condition=claripy.true())

angr/engines/soot/statements/if_.py

@@ -15,5 +15,5 @@ class SimSootStmt_If(SimSootStmt):
         self._add_jmp_target(target=jmp_target, condition=jmp_condition)
         self._add_jmp_target(
             target=None,  # if target is None, engine goes on linearly
-            condition=(jmp_condition == claripy.false),
+            condition=(jmp_condition == claripy.false()),
         )

angr/engines/soot/statements/throw.py

@@ -12,4 +12,4 @@ l = logging.getLogger(name=__name__)
 class SimSootStmt_Throw(SimSootStmt):
     def _execute(self):
         # TODO: implement simprocedure to throw exception
-        self._add_jmp_target(target=SootAddressTerminator(), condition=claripy.true)
+        self._add_jmp_target(target=SootAddressTerminator(), condition=claripy.true())

angr/engines/successors.py

@@ -320,7 +320,7 @@ class SimSuccessors:
                 skip_max_targets_warning = False
                 if o.NO_IP_CONCRETIZATION in state.options:
                     # Don't try to concretize the IP
-                    cond_and_targets = [(claripy.true, target)]
+                    cond_and_targets = [(claripy.true(), target)]
                     max_targets = 0
                     skip_max_targets_warning = True  # don't warn
                 elif o.KEEP_IP_SYMBOLIC in state.options:

angr/engines/unicorn.py

@@ -184,7 +184,7 @@ class SimEngineUnicorn(SuccessorsMixin):
 
         self._instr_mem_write_addrs = set()  # pylint:disable=attribute-defined-outside-init
         for block_details in self.state.unicorn._get_details_of_blocks_with_symbolic_vex_stmts():
-            self.state.scratch.guard = claripy.true
+            self.state.scratch.guard = claripy.true()
             try:
                 if self.state.os_name == "CGC" and block_details["block_addr"] in {
                     self.state.unicorn.cgc_random_addr,
@@ -481,7 +481,7 @@ class SimEngineUnicorn(SuccessorsMixin):
 
         if state.unicorn.jumpkind.startswith("Ijk_Sys"):
             state.ip = state.unicorn._syscall_pc
-        successors.add_successor(state, state.ip, claripy.true, state.unicorn.jumpkind)
+        successors.add_successor(state, state.ip, claripy.true(), state.unicorn.jumpkind)
 
         successors.description = description
         successors.processed = True

angr/engines/vex/heavy/heavy.py

@@ -116,7 +116,7 @@ class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEX
         successors.sort = "IRSB"
         successors.description = "IRSB"
         self.state.history.recent_block_count = 1
-        self.state.scratch.guard = claripy.true
+        self.state.scratch.guard = claripy.true()
         self.state.scratch.sim_procedure = None
         addr = successors.addr
         self.state.scratch.bbl_addr = addr
@@ -216,7 +216,7 @@ class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEX
                 l.debug("%s adding postcall exit.", self)
 
                 ret_state = exit_state.copy()
-                guard = claripy.true if o.TRUE_RET_EMULATION_GUARD in self.state.options else claripy.false
+                guard = claripy.true() if o.TRUE_RET_EMULATION_GUARD in self.state.options else claripy.false()
                 ret_target = claripy.BVV(successors.addr + irsb.size, ret_state.arch.bits)
                 ret_state.registers.store(
                     ret_state.arch.ret_offset, ret_state.solver.Unconstrained("fake_ret_value", ret_state.arch.bits)

angr/errors.py

@@ -605,5 +605,9 @@ class SimConcreteBreakpointError(AngrError):
 #
 
 
+class AngrDecompilationError(AngrError):
+    pass
+
+
 class UnsupportedNodeTypeError(AngrError, NotImplementedError):
     pass

angr/exploration_techniques/driller_core.py

@@ -94,8 +94,7 @@ class DrillerCore(ExplorationTechnique):
     @staticmethod
     def _has_false(state):
         # Check if the state is unsat even if we remove preconstraints.
-        claripy_false = claripy.false
-        if state.scratch.guard.cache_key == claripy_false.cache_key:
+        if state.scratch.guard.identical(claripy.false()):
             return True
 
-        return any(c.cache_key == claripy_false.cache_key for c in state.solver.constraints)
+        return any(c.identical(claripy.false()) for c in state.solver.constraints)

angr/exploration_techniques/suggestions.py

@@ -20,12 +20,12 @@ def ast_weight(ast, memo=None):
     if memo is None:
         memo = {}
 
-    result = memo.get(ast.cache_key, None)
+    result = memo.get(ast.hash(), None)
     if result is not None:
         return result
 
     result = 1 + sum(ast_weight(arg, memo) for arg in ast.args)
-    memo[ast.cache_key] = result
+    memo[ast.hash()] = result
     return result
 
 

angr/knowledge_plugins/cfg/cfg_model.py

@@ -721,7 +721,8 @@ class CFGModel(Serializable):
                             new_data_found = True
 
             else:
-                memory_data.size = memory_data.max_size
+                if memory_data.max_size is not None:
+                    memory_data.size = memory_data.max_size
 
             if seg_list is not None:
                 seg_list.occupy(data_addr, memory_data.size, memory_data.sort)

angr/knowledge_plugins/cfg/memory_data.py

@@ -16,6 +16,7 @@ class MemoryDataSort:
     GOTPLTEntry = "GOT PLT Entry"
     ELFHeader = "elf-header"
     FloatingPoint = "fp"  # the size is determined by the MemoryData itself
+    Alignment = "alignment"
 
 
 _SORT_TO_IDX = {

angr/misc/telemetry.py

@@ -0,0 +1,54 @@
+from __future__ import annotations
+from typing import TYPE_CHECKING
+import enum
+
+try:
+    from opentelemetry.trace import get_current_span, Status, StatusCode, Tracer, get_tracer as _get_tracer
+except ImportError:
+    if TYPE_CHECKING:
+        raise
+
+    # pylint: disable=missing-class-docstring,unused-argument
+    class Status:
+        def __init__(self, *args, **kwargs):
+            pass
+
+    class StatusCode(enum.Enum):
+        OK = 0
+        UNSET = 1
+        ERROR = 2
+
+    class Tracer:
+        @staticmethod
+        def start_as_current_span(*args, **kwargs):
+            def inner(f):
+                return f
+
+            return inner
+
+        @staticmethod
+        def get_current_span(*args, **kwargs):
+            return Span()
+
+    def _get_tracer(*args, **kwargs):
+        return Tracer()
+
+    class Span:
+        @staticmethod
+        def set_attribute(*args, **kwargs):
+            pass
+
+        @staticmethod
+        def add_event(*args, **kwargs):
+            pass
+
+    get_current_span = Tracer.get_current_span
+
+
+from angr import __version__
+
+__all__ = ["get_tracer", "get_current_span", "Status", "StatusCode"]
+
+
+def get_tracer(name: str) -> Tracer:
+    return _get_tracer(name, __version__)

angr/procedures/java/unconstrained.py

@@ -33,7 +33,7 @@ class UnconstrainedMethod(JavaSimProcedure):
             ret_value = claripy.FPS(f"unc_double_{method_descriptor.name}", claripy.FSORT_DOUBLE)
         elif method_descriptor.ret == "java.lang.String":
             str_ref = SimSootValue_StringRef.new_string(
-                self.state, claripy.StringS(f"unc_string_{method_descriptor.name}", 1000)
+                self.state, claripy.StringS(f"unc_string_{method_descriptor.name}")
             )
             ret_value = str_ref
         elif method_descriptor.ret.endswith("[][]"):

angr/procedures/java_jni/__init__.py

@@ -152,8 +152,18 @@ class JNISimProcedure(SimProcedure):
                             If not set, native memory is allocated.
         :return:            Native address of the string.
         """
+        # warn if string is symbolic
+        if self.state.solver.symbolic(string):
+            l.warning(
+                "Support for symbolic strings, passed to native code, is limited. "
+                "Length will be concretized immediately. String value will get "
+                "concretized after `ReleaseStringUTFChars` is called."
+            )
+
+        length = self.state.solver.eval(claripy.StrLen(string)) * 8
+
         if addr is None:
-            addr = self._allocate_native_memory(size=len(string) + 1)
+            addr = self._allocate_native_memory(size=length + 1)
         else:
             # check if addr is symbolic
             if self.state.solver.symbolic(addr):
@@ -163,21 +173,19 @@ class JNISimProcedure(SimProcedure):
                 )
             addr = self.state.solver.eval(addr)
 
-        # warn if string is symbolic
-        if self.state.solver.symbolic(string):
-            l.warning(
-                "Support for symbolic strings, passed to native code, is limited. "
-                "String will get concretized after `ReleaseStringUTFChars` is called."
-            )
-
         # store chars one by one
-        str_len = len(string) // 8
-        for idx in range(str_len):
-            str_byte = claripy.StrSubstr(idx, 1, string)
-            self.state.memory.store(addr + idx, str_byte)
+        if string.symbolic:
+            bvs = claripy.BVS(next(iter(string.variables)), length)
+            self.state.memory.store(addr, bvs)
+        else:
+            str_len = length // 8
+            for idx in range(str_len):
+                str_byte = claripy.StrSubstr(idx, 1, string)
+                as_bv = claripy.BVV(ord(self.state.solver.eval(str_byte)), 8)
+                self.state.memory.store(addr + idx, as_bv)
 
         # store terminating zero
-        self.state.memory.store(len(string), claripy.BVV(0, 8))
+        self.state.memory.store(length, claripy.BVV(0, 8))
 
         return addr
 

angr/procedures/java_jni/string_operations.py

@@ -84,4 +84,4 @@ class GetStringUTFLength(JNISimProcedure):
     def run(self, ptr_env, str_ref_):
         str_ref = self.state.jni_references.lookup(str_ref_)
         str_val = self.state.javavm_memory.load(str_ref)
-        return StrLen(str_val, 32)
+        return StrLen(str_val)

angr/procedures/java_lang/double.py

@@ -21,4 +21,4 @@ class ParseDouble(JavaSimProcedure):
             double_val = float(str_value)
             return claripy.FPV(double_val, claripy.FSORT_DOUBLE)
 
-        return claripy.StrToInt(str_, self.arch.bits)
+        return claripy.StrToInt(str_)

angr/procedures/java_lang/string.py

@@ -65,7 +65,7 @@ class StringLength(JavaSimProcedure):
     def run(self, this_str):
         log.debug(f"Called SimProcedure java.lang.String.length with args: {this_str}")
 
-        return claripy.StrLen(self.state.memory.load(this_str), 32)
+        return claripy.StrLen(self.state.memory.load(this_str))
 
 
 class StringCharAt(JavaSimProcedure):

angr/procedures/java_util/scanner_nextline.py

@@ -14,7 +14,7 @@ class ScannerNextLine(JavaSimProcedure):
 
     def run(self, this):  # pylint: disable=arguments-differ,unused-argument
         str_ref = SimSootValue_StringRef(self.state.memory.get_new_uuid())
-        self.state.memory.store(str_ref, StringS("scanner_return", 100))
+        self.state.memory.store(str_ref, StringS("scanner_return"))
         # save reference in global dict, so we can easily access it later
         try:
             self.state.globals["java.util.Scanner"].append(str_ref)

angr/procedures/linux_kernel/vsyscall.py

@@ -13,4 +13,4 @@ class _vsyscall(angr.SimProcedure):
         else:
             ret_addr = self.state.registers.load(self.state.arch.lr_offset, self.state.arch.bytes)
 
-        self.successors.add_successor(self.state, ret_addr, claripy.true, "Ijk_Sys")
+        self.successors.add_successor(self.state, ret_addr, claripy.true(), "Ijk_Sys")