angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl

angr/analyses/variable_recovery/irsb_scanner.py

@@ -3,10 +3,10 @@ from __future__ import annotations
 
 import pyvex
 
-from angr.engines.light import SimEngineLightVEXMixin
+from angr.engines.light import SimEngineLightVEX
 
 
-class VEXIRSBScanner(SimEngineLightVEXMixin):
+class VEXIRSBScanner(SimEngineLightVEX[None, None, None, None]):
     """
     Scan the VEX IRSB to determine if any argument-passing registers should be narrowed by detecting cases of loading
     the whole register and immediately narrowing the register before writing to the tmp.
@@ -33,22 +33,22 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
         self.reg_read_stmt_id: dict[int, int] = {}
         self.reg_read_stmts_to_ignore: set[int] = set()
 
-    def _top(self, size: int):
+    def _top(self, bits: int):
         return None
 
     def _is_top(self, expr) -> bool:
         return True
 
-    def _process_Stmt(self, whitelist=None):
+    def _process(self, state, *, block=None, whitelist=None, **kwargs):
         self.tmps_with_64bit_regs = set()
         self.tmps_assignment_stmtidx = {}
         self.tmps_converted_to_32bit = set()
 
-        super()._process_Stmt(whitelist=whitelist)
+        super()._process(state, block=block, whitelist=whitelist, **kwargs)
 
         self.stmts_to_lower = {self.tmps_assignment_stmtidx[i] for i in self.tmps_converted_to_32bit}
 
-    def _handle_Put(self, stmt):
+    def _handle_stmt_Put(self, stmt):
         if isinstance(stmt.data, pyvex.IRExpr.RdTmp) and stmt.data.tmp in self.tmp_with_reg_as_value:
             if (
                 stmt.offset in self.reg_with_reg_as_value
@@ -61,25 +61,46 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
                 self.reg_read_stmts_to_ignore.add(self.reg_read_stmt_id[old_reg_offset])
             self.reg_with_reg_as_value[stmt.offset] = self.tmp_with_reg_as_value[stmt.data.tmp]
 
-    def _handle_PutI(self, stmt):
+    def _handle_stmt_PutI(self, stmt):
         pass
 
-    def _handle_Load(self, expr):
+    def _handle_expr_Load(self, expr):
         pass
 
-    def _handle_Store(self, stmt):
+    def _handle_stmt_Store(self, stmt):
         pass
 
-    def _handle_LoadG(self, stmt):
+    def _handle_stmt_LoadG(self, stmt):
         pass
 
-    def _handle_LLSC(self, stmt: pyvex.IRStmt.LLSC):
+    def _handle_stmt_LLSC(self, stmt):
         pass
 
-    def _handle_StoreG(self, stmt):
+    def _handle_stmt_CAS(self, stmt):
         pass
 
-    def _handle_WrTmp(self, stmt):
+    def _handle_stmt_StoreG(self, stmt):
+        pass
+
+    def _handle_stmt_MBE(self, stmt):
+        pass
+
+    def _handle_stmt_Exit(self, stmt):
+        pass
+
+    def _handle_stmt_NoOp(self, stmt):
+        pass
+
+    def _handle_stmt_IMark(self, stmt):
+        pass
+
+    def _handle_stmt_AbiHint(self, stmt):
+        pass
+
+    def _process_block_end(self, stmt_result, whitelist):
+        pass
+
+    def _handle_stmt_WrTmp(self, stmt):
         if isinstance(stmt.data, pyvex.IRExpr.Get) and stmt.data.result_size(self.tyenv) == 64:
             self.tmps_with_64bit_regs.add(stmt.tmp)
         self.tmps_assignment_stmtidx[stmt.tmp] = self.stmt_idx
@@ -87,46 +108,36 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
         if isinstance(stmt.data, pyvex.IRExpr.Get) and stmt.data.result_size(self.tyenv) == 64:
             self.tmp_with_reg_as_value[stmt.tmp] = stmt.data.offset
 
-        super()._handle_WrTmp(stmt)
+        self.tmps[stmt.tmp] = self._expr(stmt.data)
 
-    def _handle_Get(self, expr):
+    def _handle_expr_Get(self, expr):
         self.reg_read_stmt_id[expr.offset] = self.stmt_idx
         if expr.offset in self.reg_with_reg_as_value:
             del self.reg_with_reg_as_value[expr.offset]
 
-    def _handle_GetI(self, expr):
+    def _handle_expr_GetI(self, expr):
         pass
 
-    def _handle_RdTmp(self, expr):
+    def _handle_expr_RdTmp(self, expr):
         if expr.tmp in self.tmps_converted_to_32bit:
             self.tmps_converted_to_32bit.remove(expr.tmp)
 
-    def _handle_Conversion(self, expr: pyvex.IRExpr.Unop):
-        if expr.op == "Iop_64to32" and isinstance(expr.args[0], pyvex.IRExpr.RdTmp):
-            # special handling for t11 = GET:I64(rdi); t4 = 64to32(t11) style of code in x86-64 (and other 64-bit
-            # architectures as well)
-            tmp_src = expr.args[0].tmp
-            if tmp_src in self.tmps_with_64bit_regs:
-                self.tmps_converted_to_32bit.add(tmp_src)
-
-    def _handle_16HLto32(self, expr):
+    def _handle_expr_Const(self, expr):
         pass
 
-    def _handle_Cmp_v(self, expr, _vector_size, _vector_count):
+    def _handle_expr_ITE(self, expr):
         pass
 
-    _handle_CmpEQ_v = _handle_Cmp_v
-    _handle_CmpNE_v = _handle_Cmp_v
-    _handle_CmpLE_v = _handle_Cmp_v
-    _handle_CmpLT_v = _handle_Cmp_v
-    _handle_CmpGE_v = _handle_Cmp_v
-    _handle_CmpGT_v = _handle_Cmp_v
-
-    def _handle_ExpCmpNE64(self, expr):
+    def _handle_expr_VECRET(self, expr):
         pass
 
-    def _handle_CCall(self, expr):
+    def _handle_expr_GSPTR(self, expr):
         pass
 
-    def _handle_function(self, func_addr):
-        pass
+    def _handle_conversion(self, from_size, to_size, signed, operand):
+        if from_size == 64 and to_size == 32 and isinstance(operand, pyvex.IRExpr.RdTmp):
+            # special handling for t11 = GET:I64(rdi); t4 = 64to32(t11) style of code in x86-64 (and other 64-bit
+            # architectures as well)
+            tmp_src = operand.tmp
+            if tmp_src in self.tmps_with_64bit_regs:
+                self.tmps_converted_to_32bit.add(tmp_src)

angr/analyses/variable_recovery/variable_recovery.py

@@ -2,11 +2,14 @@ from __future__ import annotations
 import logging
 from collections import defaultdict
 
+import archinfo
 import claripy
 
+import angr
 from angr.analyses import ForwardAnalysis, visitors
 from angr.analyses import AnalysesHub
 from angr.errors import SimMemoryMissingError
+from angr.knowledge_plugins.functions.function import Function
 from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues
 from angr import BP, BP_AFTER
 from angr.sim_variable import SimRegisterVariable, SimStackVariable
@@ -24,8 +27,26 @@ class VariableRecoveryState(VariableRecoveryStateBase):
     :ivar angr.knowledge.variable_manager.VariableManager variable_manager: The variable manager.
     """
 
-    def __init__(self, block_addr, analysis, arch, func, concrete_states, stack_region=None, register_region=None):
-        super().__init__(block_addr, analysis, arch, func, stack_region=stack_region, register_region=register_region)
+    def __init__(
+        self,
+        project: angr.Project,
+        block_addr: int,
+        analysis,
+        arch: archinfo.Arch,
+        func: Function,
+        concrete_states,
+        stack_region=None,
+        register_region=None,
+    ):
+        super().__init__(
+            project=project,
+            block_addr=block_addr,
+            analysis=analysis,
+            arch=arch,
+            func=func,
+            stack_region=stack_region,
+            register_region=register_region,
+        )
 
         self._concrete_states = concrete_states
         # register callbacks
@@ -50,13 +71,14 @@ class VariableRecoveryState(VariableRecoveryStateBase):
         """
 
         for s in self.concrete_states:
-            if s.ip.concrete_value == addr:
+            if s.addr == addr:
                 return s
 
         return None
 
     def copy(self):
         return VariableRecoveryState(
+            self.project,
             self.block_addr,
             self._analysis,
             self.arch,
@@ -88,7 +110,7 @@ class VariableRecoveryState(VariableRecoveryStateBase):
             )
             concrete_state.inspect.add_breakpoint("mem_write", BP(enabled=True, action=self._hook_memory_write))
 
-    def merge(self, others: tuple[VariableRecoveryState], successor=None) -> tuple[VariableRecoveryState, bool]:
+    def merge(self, others: tuple[VariableRecoveryState, ...], successor=None) -> tuple[VariableRecoveryState, bool]:
         """
         Merge two abstract states.
 
@@ -115,6 +137,7 @@ class VariableRecoveryState(VariableRecoveryStateBase):
 
         return (
             VariableRecoveryState(
+                self.project,
                 successor,
                 self._analysis,
                 self.arch,
@@ -477,7 +500,7 @@ class VariableRecovery(ForwardAnalysis, VariableRecoveryBase):  # pylint:disable
         # give it enough stack space
         concrete_state.regs.bp = concrete_state.regs.sp + 0x100000
 
-        return VariableRecoveryState(node.addr, self, self.project.arch, self.function, [concrete_state])
+        return VariableRecoveryState(self.project, node.addr, self, self.project.arch, self.function, [concrete_state])
 
     def _merge_states(self, node, *states: VariableRecoveryState):
         if len(states) == 1:

angr/analyses/variable_recovery/variable_recovery_base.py

@@ -1,17 +1,19 @@
 from __future__ import annotations
 import weakref
-from typing import Any, TYPE_CHECKING
+from typing import Any, TYPE_CHECKING, cast, TypeVar
 from collections.abc import Generator, Iterable
 import logging
 from collections import defaultdict
 
+import archinfo
 import claripy
 from claripy.annotation import Annotation
 from archinfo import Arch
 from ailment.expression import BinaryOp, StackBaseOffset
 
+from angr.knowledge_plugins.functions.function import Function
+from angr.project import Project
 from angr.utils.cowdict import DefaultChainMapCOW
-from angr.engines.light import SpOffset
 from angr.sim_variable import SimVariable
 from angr.errors import AngrRuntimeError
 from angr.storage.memory_mixins import MultiValuedMemory
@@ -24,6 +26,8 @@ if TYPE_CHECKING:
 
 l = logging.getLogger(name=__name__)
 
+AnyClaripy = TypeVar("AnyClaripy", bound=claripy.ast.Base)
+
 
 def parse_stack_pointer(sp):
     """
@@ -152,10 +156,11 @@ class VariableRecoveryStateBase:
 
     def __init__(
         self,
-        block_addr,
-        analysis,
-        arch,
-        func,
+        block_addr: int,
+        analysis: VariableRecoveryBase,
+        arch: archinfo.Arch,
+        func: Function,
+        project: Project,
         stack_region=None,
         register_region=None,
         global_region=None,
@@ -164,7 +169,6 @@ class VariableRecoveryStateBase:
         func_typevar=None,
         delayed_type_constraints=None,
         stack_offset_typevars=None,
-        project=None,
     ):
         self.block_addr = block_addr
         self._analysis = analysis
@@ -246,18 +250,16 @@ class VariableRecoveryStateBase:
         return bool(isinstance(thing, claripy.ast.BV) and thing.op == "BVS" and thing.args[0] == "top")
 
     @staticmethod
-    def extract_variables(expr: claripy.ast.Base) -> Generator[tuple[int, SimVariable | SpOffset]]:
+    def extract_variables(expr: claripy.ast.Base) -> Generator[tuple[int, SimVariable]]:
         for anno in expr.annotations:
             if isinstance(anno, VariableAnnotation):
                 yield from anno.addr_and_variables
 
     @staticmethod
-    def annotate_with_variables(
-        expr: claripy.ast.Base, addr_and_variables: Iterable[tuple[int, SimVariable | SpOffset]]
-    ) -> claripy.ast.Base:
+    def annotate_with_variables(expr: AnyClaripy, addr_and_variables: Iterable[tuple[int, SimVariable]]) -> AnyClaripy:
         return expr.replace_annotations((VariableAnnotation(list(addr_and_variables)),))
 
-    def stack_address(self, offset: int) -> claripy.ast.Base:
+    def stack_address(self, offset: int) -> claripy.ast.BV:
         base = claripy.BVS("stack_base", self.arch.bits, explicit_name=True)
         if offset:
             return base + offset
@@ -267,9 +269,9 @@ class VariableRecoveryStateBase:
     def is_stack_address(addr: claripy.ast.Base) -> bool:
         return "stack_base" in addr.variables
 
-    def is_global_variable_address(self, addr: claripy.ast.Base) -> bool:
+    def is_global_variable_address(self, addr: claripy.ast.Bits) -> bool:
         if addr.op == "BVV":
-            addr_v = addr.concrete_value
+            addr_v = cast(claripy.ast.BV, addr).concrete_value
             # make sure it is within a mapped region
             obj = self.project.loader.find_object_containing(addr_v)
             if obj is not None:
@@ -277,45 +279,42 @@ class VariableRecoveryStateBase:
         return False
 
     @staticmethod
-    def extract_stack_offset_from_addr(addr: claripy.ast.Base) -> claripy.ast.Base | None:
+    def _get_stack_offset(addr: claripy.ast.Bits) -> int | None:
+        # recursive function that returns a python int without really trying to handle bitvector arithmetic wrapping
         r = None
         if addr.op == "BVS":
             if addr.args[0] == "stack_base":
-                return claripy.BVV(0, addr.size())
+                return 0
             return None
         if addr.op == "BVV":
-            r = addr
+            r = cast(int, addr.concrete_value)
         elif addr.op == "__add__":
             arg_offsets = []
-            for arg in addr.args:
-                arg_offset = VariableRecoveryStateBase.extract_stack_offset_from_addr(arg)
+            for arg in cast(list[claripy.ast.BV], addr.args):
+                arg_offset = VariableRecoveryStateBase._get_stack_offset(arg)
                 if arg_offset is None:
                     return None
                 arg_offsets.append(arg_offset)
             r = sum(arg_offsets)
         elif addr.op == "__sub__":
-            r1 = VariableRecoveryStateBase.extract_stack_offset_from_addr(addr.args[0])
-            r2 = VariableRecoveryStateBase.extract_stack_offset_from_addr(addr.args[1])
+            r1 = VariableRecoveryStateBase._get_stack_offset(cast(claripy.ast.BV, addr.args[0]))
+            r2 = VariableRecoveryStateBase._get_stack_offset(cast(claripy.ast.BV, addr.args[1]))
             if r1 is None or r2 is None:
                 return None
             r = r1 - r2
         return r
 
-    def get_stack_offset(self, addr: claripy.ast.Base) -> int | None:
+    def get_stack_offset(self, addr: claripy.ast.Bits) -> int | None:
         if "stack_base" in addr.variables:
-            r = VariableRecoveryStateBase.extract_stack_offset_from_addr(addr)
-            if r is None:
+            val = VariableRecoveryStateBase._get_stack_offset(addr)
+            if val is None:
                 return None
 
-            # extract_stack_offset_from_addr should ensure that r is a BVV
-            assert r.concrete
-
-            val = r.concrete_value
             # convert it to a signed integer
-            if val >= 2 ** (self.arch.bits - 1):
-                return val - 2**self.arch.bits
-            if val < -(2 ** (self.arch.bits - 1)):
-                return 2**self.arch.bits + val
+            while val >= 2 ** (self.arch.bits - 1):
+                val -= 2**self.arch.bits
+            while val < -(2 ** (self.arch.bits - 1)):
+                val += 2**self.arch.bits
             return val
 
         return None
@@ -328,7 +327,7 @@ class VariableRecoveryStateBase:
             base = 0x7F_FFFF_FFFE_0000
             mask = 0xFFFF_FFFF_FFFF_FFFF
         else:
-            raise AngrRuntimeError("Unsupported bits %d" % self.arch.bits)
+            raise AngrRuntimeError(f"Unsupported bits {self.arch.bits}")
         return (offset + base) & mask
 
     @property
@@ -414,7 +413,7 @@ class VariableRecoveryStateBase:
 
         return mos_self == mos_other
 
-    def _make_phi_variable(self, values: set[claripy.ast.Base]) -> claripy.ast.Base | None:
+    def _make_phi_variable(self, values: set[claripy.ast.BV | claripy.ast.FP]) -> claripy.ast.Base | None:
         # we only create a new phi variable if the there is at least one variable involved
         variables = set()
         bits: int | None = None

angr/analyses/variable_recovery/variable_recovery_fast.py

@@ -74,11 +74,7 @@ class VariableRecoveryFastState(VariableRecoveryStateBase):
         self.ret_val_size = ret_val_size
 
     def __repr__(self):
-        return "<VRAbstractState@%#x: %d register variables, %d stack variables>" % (
-            self.block_addr,
-            len(self.register_region),
-            len(self.stack_region),
-        )
+        return f"<VRAbstractState@{self.block_addr:#x}: {len(self.register_region)} register variables, {len(self.stack_region)} stack variables>"
 
     def __eq__(self, other):
         if type(other) is not VariableRecoveryFastState:
@@ -288,8 +284,8 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
 
         # cleanup (for cpython pickle)
         self.downsize()
-        self._ail_engine = None
-        self._vex_engine = None
+        del self._ail_engine
+        del self._vex_engine
 
     #
     # Main analysis routines
@@ -523,7 +519,7 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
             256: pyvex.const.V256,
         }
         if size not in mapping:
-            raise TypeError("Unsupported size %d." % size)
+            raise TypeError(f"Unsupported size {size}.")
         return mapping.get(size)(value)
 
     def _peephole_optimize(self, block: Block):

angr/analyses/veritesting.py

@@ -339,7 +339,7 @@ class Veritesting(Analysis):
             for merge_point_addr, merge_point_looping_times in merge_points:
                 manager.stash(
                     lambda s, merge_point_addr=merge_point_addr: s.addr == merge_point_addr,
-                    to_stash="_merge_%x_%d" % (merge_point_addr, merge_point_looping_times),
+                    to_stash=f"_merge_{merge_point_addr:x}_{merge_point_looping_times}",
                 )
 
             # Try to merge a set of previously stashed paths, and then unstash them
@@ -370,7 +370,7 @@ class Veritesting(Analysis):
             if merged_anything:
                 break
 
-            stash_name = "_merge_%x_%d" % (merge_point_addr, merge_point_looping_times)
+            stash_name = f"_merge_{merge_point_addr:x}_{merge_point_looping_times}"
             if stash_name not in manager.stashes:
                 continue
 

angr/analyses/vfg.py

@@ -93,11 +93,11 @@ class PendingJob:
 
     __slots__ = (
         "block_id",
-        "state",
         "call_stack",
         "src_block_id",
-        "src_stmt_idx",
         "src_ins_addr",
+        "src_stmt_idx",
+        "state",
     )
 
     def __init__(
@@ -147,7 +147,7 @@ class FunctionAnalysis(AnalysisTask):
         self.jobs = []
 
     def __repr__(self):
-        return "<Function @ %#08x with %d jobs>" % (self.function_address, len(self.jobs))
+        return f"<Function @ {self.function_address:#08x} with {len(self.jobs)} jobs>"
 
     #
     # Properties
@@ -182,7 +182,7 @@ class CallAnalysis(AnalysisTask):
         self._final_jobs = []
 
     def __repr__(self):
-        return "<Call @ %#08x with %d function tasks>" % (self.address, len(self.function_analysis_tasks))
+        return f"<Call @ {self.address:#08x} with {len(self.function_analysis_tasks)} function tasks>"
 
     #
     # Properties
@@ -1668,7 +1668,7 @@ class VFG(ForwardAnalysis[SimState, VFGNode, VFGJob, BlockID], Analysis):  # pyl
             except SimValueError:
                 l.debug("-  target cannot be concretized. %s [%s]", job.dbg_exit_status[suc], suc.history.jumpkind)
         l.debug("Remaining/pending jobs: %d/%d", len(self._job_info_queue), len(self._pending_returns))
-        l.debug("Remaining jobs: %s", ["%s %d" % (ent.job, id(ent.job)) for ent in self._job_info_queue])
+        l.debug("Remaining jobs: %s", [f"{ent.job} {id(ent.job)}" for ent in self._job_info_queue])
         l.debug("Task stack: %s", self._task_stack)
 
     @staticmethod

angr/analyses/xrefs.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 from collections import defaultdict
+from typing import cast
 
 import claripy
 import pyvex
@@ -7,27 +8,29 @@ import pyvex
 from angr.analyses import visitors, ForwardAnalysis
 from angr.knowledge_plugins.xrefs import XRef, XRefType
 from angr.knowledge_plugins.functions.function import Function
-from angr.engines.light import SimEngineLight, SimEngineLightVEXMixin
+from angr.engines.light import SimEngineNostmtVEX
 from .propagator.vex_vars import VEXTmp
 from .propagator.values import Top
 from . import register_analysis, PropagatorAnalysis
 from .analysis import Analysis
 
 
-class SimEngineXRefsVEX(
-    SimEngineLightVEXMixin,
-    SimEngineLight,
-):
+class SimEngineXRefsVEX(SimEngineNostmtVEX[None, None, None]):  # go girl give us nothing!!
     """
     The VEX engine class for XRefs analysis.
     """
 
-    def __init__(self, xref_manager, project=None, replacements=None):
-        super().__init__()
-        self.project = project
+    def __init__(self, xref_manager, project, replacements=None):
+        super().__init__(project)
         self.xref_manager = xref_manager
         self.replacements = replacements if replacements is not None else {}
 
+    def _top(self, bits):
+        return None
+
+    def _is_top(self, expr):
+        return True
+
     def add_xref(self, xref_type, from_loc, to_loc):
         self.xref_manager.add_xref(
             XRef(
@@ -49,24 +52,27 @@ class SimEngineXRefsVEX(
         """
 
         if isinstance(expr, claripy.ast.Base) and expr.op == "BVV":
-            return expr.args[0]
+            return cast(int, expr.args[0])
+        return None
+
+    def _process_block_end(self, stmt_result, whitelist):
         return None
 
     #
     # Statement handlers
     #
 
-    def _handle_WrTmp(self, stmt):
+    def _handle_stmt_WrTmp(self, stmt):
         # Don't execute the tmp write since it has been done during constant propagation
         self._expr(stmt.data)
         if type(stmt.data) is pyvex.IRExpr.Load:
             self._handle_data_offset_refs(stmt.tmp)
 
-    def _handle_Put(self, stmt):
+    def _handle_stmt_Put(self, stmt):
         # if there is a Load, get it executed
         self._expr(stmt.data)
 
-    def _handle_Store(self, stmt):
+    def _handle_stmt_Store(self, stmt):
         if isinstance(stmt.addr, pyvex.IRExpr.RdTmp):
             addr_tmp = VEXTmp(stmt.addr.tmp)
             blockloc = self._codeloc(block_only=True)
@@ -79,7 +85,7 @@ class SimEngineXRefsVEX(
             addr = stmt.addr.con.value
             self.add_xref(XRefType.Write, self._codeloc(), addr)
 
-    def _handle_StoreG(self, stmt):
+    def _handle_stmt_StoreG(self, stmt):
         blockloc = self._codeloc(block_only=True)
         if type(stmt.addr) is pyvex.IRExpr.RdTmp:
             addr_tmp = VEXTmp(stmt.addr.tmp)
@@ -89,7 +95,7 @@ class SimEngineXRefsVEX(
                 if addr_v is not None:
                     self.add_xref(XRefType.Write, self._codeloc(), addr_v)
 
-    def _handle_LoadG(self, stmt):
+    def _handle_stmt_LoadG(self, stmt):
         # What are we reading?
         blockloc = self._codeloc(block_only=True)
         if type(stmt.addr) is pyvex.IRExpr.RdTmp:
@@ -101,7 +107,7 @@ class SimEngineXRefsVEX(
                     self.add_xref(XRefType.Read, self._codeloc(), addr_v)
         self._handle_data_offset_refs(stmt.dst)
 
-    def _handle_LLSC(self, stmt: pyvex.IRStmt.LLSC):
+    def _handle_stmt_LLSC(self, stmt: pyvex.IRStmt.LLSC):
         blockloc = self._codeloc(block_only=True)
         if isinstance(stmt.addr, pyvex.IRExpr.RdTmp):
             addr_tmp = VEXTmp(stmt.addr.tmp)
@@ -135,10 +141,16 @@ class SimEngineXRefsVEX(
     # Expression handlers
     #
 
-    def _handle_Get(self, expr):
+    def _handle_conversion(self, from_size, to_size, signed, operand):
         return None
 
-    def _handle_Load(self, expr):
+    def _handle_expr_Const(self, expr):
+        return None
+
+    def _handle_expr_Get(self, expr):
+        return None
+
+    def _handle_expr_Load(self, expr):
         blockloc = self._codeloc(block_only=True)
         if type(expr.addr) is pyvex.IRExpr.RdTmp:
             addr_tmp = VEXTmp(expr.addr.tmp)
@@ -151,7 +163,22 @@ class SimEngineXRefsVEX(
             addr = expr.addr.con.value
             self.add_xref(XRefType.Read, self._codeloc(), addr)
 
-    def _handle_CCall(self, expr):
+    def _handle_expr_CCall(self, expr):
+        return None
+
+    def _handle_expr_VECRET(self, expr):
+        return None
+
+    def _handle_expr_GSPTR(self, expr):
+        return None
+
+    def _handle_expr_ITE(self, expr):
+        return None
+
+    def _handle_expr_RdTmp(self, expr):
+        return None
+
+    def _handle_expr_GetI(self, expr):
         return None
 
     def _handle_function(self, func):
@@ -231,7 +258,7 @@ class XRefsAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-metho
         return None
 
     def _merge_states(self, node, *states):
-        return None
+        return None, False
 
     def _run_on_node(self, node, state):
         block = self.project.factory.block(node.addr, node.size, opt_level=1, cross_insn_opt=False)

angr/angrdb/serializers/__init__.py

@@ -5,6 +5,6 @@ from .kb import KnowledgeBaseSerializer
 
 
 __all__ = (
-    "LoaderSerializer",
     "KnowledgeBaseSerializer",
+    "LoaderSerializer",
 )