angr 9.2.131__py3-none-win_amd64.whl → 9.2.133__py3-none-win_amd64.whl

angr/analyses/reaching_definitions/engine_ail.py

@@ -3,16 +3,18 @@ from __future__ import annotations
 from itertools import chain
 from collections.abc import Iterable
 import logging
+from typing import cast
 
-import archinfo
+from archinfo.types import RegisterOffset
 import claripy
 import ailment
 from claripy import FSORT_DOUBLE, FSORT_FLOAT
 
-from angr.engines.light import SimEngineLight, SimEngineLightAILMixin, SpOffset
+from angr.engines.light import SpOffset
+from angr.engines.light.engine import SimEngineNostmtAIL
 from angr.errors import SimEngineError, SimMemoryMissingError
 from angr.calling_conventions import default_cc, SimRegArg, SimTypeBottom
-from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues
+from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues, mv_is_bv
 from angr.knowledge_plugins.key_definitions.atoms import Atom, Register, Tmp, MemoryLocation
 from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE, OP_AFTER
 from angr.knowledge_plugins.key_definitions.live_definitions import Definition, LiveDefinitions
@@ -25,22 +27,19 @@ l = logging.getLogger(name=__name__)
 
 
 class SimEngineRDAIL(
-    SimEngineLightAILMixin,
-    SimEngineLight,
-):  # pylint:disable=abstract-method
-    arch: archinfo.Arch
-    state: ReachingDefinitionsState
-
+    SimEngineNostmtAIL[
+        ReachingDefinitionsState, MultiValues[claripy.ast.BV | claripy.ast.FP], None, ReachingDefinitionsState
+    ]
+):
     def __init__(
         self,
         project,
-        function_handler: FunctionHandler | None = None,
+        function_handler: FunctionHandler,
         stack_pointer_tracker=None,
         use_callee_saved_regs_at_return=True,
         bp_as_gpr: bool = False,
     ):
-        super().__init__()
-        self.project = project
+        super().__init__(project)
         self._function_handler = function_handler
         self._visited_blocks = None
         self._dep_graph = None
@@ -48,54 +47,53 @@ class SimEngineRDAIL(
         self._use_callee_saved_regs_at_return = use_callee_saved_regs_at_return
         self.bp_as_gpr = bp_as_gpr
 
-        self._stmt_handlers = {
-            ailment.Stmt.Assignment: self._ail_handle_Assignment,
-            ailment.Stmt.Store: self._ail_handle_Store,
-            ailment.Stmt.Jump: self._ail_handle_Jump,
-            ailment.Stmt.ConditionalJump: self._ail_handle_ConditionalJump,
-            ailment.Stmt.Call: self._ail_handle_Call,
-            ailment.Stmt.Return: self._ail_handle_Return,
-            ailment.Stmt.DirtyStatement: self._ail_handle_DirtyStatement,
-            ailment.Stmt.Label: ...,
-        }
-
-        self._expr_handlers = {
-            claripy.ast.BV: self._ail_handle_BV,
-            ailment.Expr.Tmp: self._ail_handle_Tmp,
-            ailment.Stmt.Call: self._ail_handle_CallExpr,
-            ailment.Expr.Register: self._ail_handle_Register,
-            ailment.Expr.Load: self._ail_handle_Load,
-            ailment.Expr.Convert: self._ail_handle_Convert,
-            ailment.Expr.Reinterpret: self._ail_handle_Reinterpret,
-            ailment.Expr.ITE: self._ail_handle_ITE,
-            ailment.Expr.UnaryOp: self._ail_handle_UnaryOp,
-            ailment.Expr.BinaryOp: self._ail_handle_BinaryOp,
-            ailment.Expr.Const: self._ail_handle_Const,
-            ailment.Expr.StackBaseOffset: self._ail_handle_StackBaseOffset,
-            ailment.Expr.DirtyExpression: self._ail_handle_DirtyExpression,
-        }
-
-    def process(self, state, *args, dep_graph=None, visited_blocks=None, block=None, fail_fast=False, **kwargs):
+    def _is_top(self, expr):
+        """
+        MultiValues are not really "top" in the stricter sense. They are just a collection of values,
+        some of which might be top
+        """
+        return False
+
+    def _top(self, bits) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return MultiValues(self.state.top(bits))
+
+    def process(
+        self, state, *, dep_graph=None, visited_blocks=None, block=None, fail_fast=False, whitelist=None, **kwargs
+    ):
         self._dep_graph = dep_graph
         self._visited_blocks = visited_blocks
 
-        # we are using a completely different state. Therefore, we directly call our _process() method before
-        # SimEngine becomes flexible enough.
         try:
-            self._process(
-                state,
-                None,
-                block=block,
-            )
-        except SimEngineError as e:
+            result_state = super().process(state, whitelist=whitelist, block=block)
+        except SimEngineError:
             if fail_fast is True:
-                raise e
+                raise
+            result_state = state
+        return result_state
+
+    def _process_block_end(self, block, stmt_data, whitelist):
         return self.state
 
     #
     # Private methods
     #
 
+    def _expr_bv(self, expr: ailment.expression.Expression) -> MultiValues[claripy.ast.BV]:
+        result = self._expr(expr)
+        assert mv_is_bv(result)
+        return result
+
+    def _expr_pair(
+        self, arg0: ailment.expression.Expression, arg1: ailment.expression.Expression
+    ) -> (
+        tuple[MultiValues[claripy.ast.BV], MultiValues[claripy.ast.BV]]
+        | tuple[MultiValues[claripy.ast.FP], MultiValues[claripy.ast.FP]]
+    ):
+        r0 = self._expr(arg0)
+        r1 = self._expr(arg1)
+        assert type(r0) is type(r1)
+        return r0, r1  # type: ignore
+
     def _external_codeloc(self):
         return ExternalCodeLocation(self.state.codeloc.context)
 
@@ -115,52 +113,28 @@ class SimEngineRDAIL(
     # AIL statement handlers
     #
 
-    def _process_Stmt(self, whitelist=None):
-        super()._process_Stmt(whitelist=whitelist)
-
-    def _handle_Stmt(self, stmt):
+    def _stmt(self, stmt):
         if self.state.analysis:
             self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_BEFORE)
             self.state.analysis.insn_observe(self.ins_addr, stmt, self.block, self.state, OP_BEFORE)
 
         self._set_codeloc()
-        handler = self._stmt_handlers.get(type(stmt), None)
-        if handler is not None:
-            if handler is not ...:
-                handler(stmt)
-        else:
-            self.l.warning("Unsupported statement type %s.", type(stmt).__name__)
+        super()._stmt(stmt)
 
         if self.state.analysis:
             self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_AFTER)
             self.state.analysis.insn_observe(self.ins_addr, stmt, self.block, self.state, OP_AFTER)
 
-    def _expr(self, expr):
-        handler = self._expr_handlers.get(type(expr), None)
-        if handler is not None:
-            return handler(expr)
-        self.l.warning("Unsupported expression type %s.", type(expr).__name__)
-        return MultiValues(self.state.top(self.arch.bits))
-
-    def _ail_handle_Assignment(self, stmt):
-        """
-
-        :param ailment.Assignment stmt:
-        :return:
-        """
-
+    def _handle_stmt_Assignment(self, stmt):
         src = self._expr(stmt.src)
         dst = stmt.dst
 
-        if src is None:
-            src = MultiValues(self.state.top(dst.bits))
-
         if isinstance(dst, ailment.Tmp):
             self.state.kill_and_add_definition(Tmp(dst.tmp_idx, dst.size), src)
             self.tmps[dst.tmp_idx] = src
 
         elif isinstance(dst, ailment.Register):
-            reg = Register(dst.reg_offset, dst.size)
+            reg = Register(RegisterOffset(dst.reg_offset), dst.size)
             self.state.kill_and_add_definition(reg, src)
 
             if dst.reg_offset == self.arch.sp_offset:
@@ -169,9 +143,9 @@ class SimEngineRDAIL(
         else:
             l.warning("Unsupported type of Assignment dst %s.", type(dst).__name__)
 
-    def _ail_handle_Store(self, stmt: ailment.Stmt.Store) -> None:
-        data: MultiValues = self._expr(stmt.data)
-        addr: MultiValues = self._expr(stmt.addr)
+    def _handle_stmt_Store(self, stmt: ailment.Stmt.Store) -> None:
+        data = self._expr(stmt.data)
+        addr = self._expr_bv(stmt.addr)
         size: int = stmt.size
         if stmt.guard is not None:
             self._expr(stmt.guard)
@@ -192,20 +166,20 @@ class SimEngineRDAIL(
             if memory_location is not None:
                 self.state.kill_and_add_definition(memory_location, data, endness=stmt.endness)
 
-    def _ail_handle_Jump(self, stmt):
+    def _handle_stmt_Jump(self, stmt):
         _ = self._expr(stmt.target)
 
-    def _ail_handle_ConditionalJump(self, stmt):
+    def _handle_stmt_ConditionalJump(self, stmt):
         _ = self._expr(stmt.condition)  # pylint:disable=unused-variable
         if stmt.true_target is not None:
             _ = self._expr(stmt.true_target)  # pylint:disable=unused-variable
         if stmt.false_target is not None:
             _ = self._expr(stmt.false_target)  # pylint:disable=unused-variable
 
-        ip = Register(self.arch.ip_offset, self.arch.bytes)
+        ip = Register(cast(RegisterOffset, self.arch.ip_offset), self.arch.bytes)
         self.state.kill_definitions(ip)
 
-    def _ail_handle_Call(self, stmt: ailment.Stmt.Call):
+    def _handle_stmt_Call(self, stmt: ailment.Stmt.Call):
         data = self._handle_Call_base(stmt, is_expr=False)
         src = data.ret_values
         if src is None:
@@ -217,7 +191,9 @@ class SimEngineRDAIL(
             self.tmps[dst.tmp_idx] = src
 
         elif isinstance(dst, ailment.Register):
-            full_reg_offset, full_reg_size = self.arch.registers[self.arch.register_names[dst.reg_offset]]
+            full_reg_offset, full_reg_size = self.arch.registers[
+                self.arch.register_names[RegisterOffset(dst.reg_offset)]
+            ]
             if dst.size != full_reg_size:
                 # we need to extend the value to overwrite the entire register
                 otv = {}
@@ -250,7 +226,7 @@ class SimEngineRDAIL(
             target = stmt.target
             func_name = None
 
-        ip = Register(self.arch.ip_offset, self.arch.bytes)
+        ip = Register(cast(RegisterOffset, self.arch.ip_offset), self.arch.bytes)
         self.state.kill_definitions(ip)
 
         statement = self.block.statements[self.stmt_idx]
@@ -283,14 +259,19 @@ class SimEngineRDAIL(
 
         # kill all cc_ops
         if "cc_op" in self.arch.registers:
-            self.state.kill_definitions(Register(*self.arch.registers["cc_op"]))
-            self.state.kill_definitions(Register(*self.arch.registers["cc_dep1"]))
-            self.state.kill_definitions(Register(*self.arch.registers["cc_dep2"]))
-            self.state.kill_definitions(Register(*self.arch.registers["cc_ndep"]))
+
+            def killreg(name: str):
+                offset, size = self.arch.registers[name]
+                self.state.kill_definitions(Register(offset, size))
+
+            killreg("cc_op")
+            killreg("cc_dep1")
+            killreg("cc_dep2")
+            killreg("cc_ndep")
 
         return data
 
-    def _ail_handle_Return(self, stmt: ailment.Stmt.Return):  # pylint:disable=unused-argument
+    def _handle_stmt_Return(self, stmt: ailment.Stmt.Return):  # pylint:disable=unused-argument
         cc = None
         prototype = None
         if self.state.analysis.subject.type == SubjectType.Function:
@@ -362,39 +343,42 @@ class SimEngineRDAIL(
         # We don't add sp since stack pointers are supposed to be get rid of in AIL. this is definitely a hack though
         # self.state.add_use(Register(self.project.arch.sp_offset, self.project.arch.bits // 8))
 
-    def _ail_handle_DirtyStatement(self, stmt: ailment.Stmt.DirtyStatement):
+    def _handle_stmt_DirtyStatement(self, stmt: ailment.Stmt.DirtyStatement):
         self._expr(stmt.dirty)
 
     #
     # AIL expression handlers
     #
 
-    def _ail_handle_BV(self, expr: claripy.ast.Base) -> MultiValues:
-        return MultiValues(expr)
-
-    def _ail_handle_Tmp(self, expr: ailment.Expr.Tmp) -> MultiValues:
+    def _handle_expr_Tmp(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         self.state.add_tmp_use(expr.tmp_idx)
 
-        tmp = super()._ail_handle_Tmp(expr)
-        if tmp is None:
-            return MultiValues(self.state.top(expr.bits))
-        return tmp
+        try:
+            return self.tmps[expr.tmp_idx]
+        except KeyError:
+            return self._top(expr.bits)
 
-    def _ail_handle_CallExpr(self, expr: ailment.Stmt.Call) -> MultiValues:
+    def _handle_expr_Call(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         data = self._handle_Call_base(expr, is_expr=True)
         result = data.ret_values
 
+        if result is None:
+            return self._top(expr.bits)
+
         # truncate result if needed
-        if result is not None:
-            if len(result) > expr.bits:
-                result = result.extract((len(result) - expr.bits) // 8, expr.bits // 8, "Iend_BE")
+        if len(result) > expr.bits:
+            assert mv_is_bv(result)
+            result = cast(
+                MultiValues[claripy.ast.BV | claripy.ast.FP],
+                result.extract((len(result) - expr.bits) // 8, expr.bits // 8, "Iend_BE"),
+            )
 
-            if data.ret_values_deps is not None:
-                for dep in data.ret_values_deps:
-                    result = self.state.annotate_mv_with_def(result, dep)
+        if data.ret_values_deps is not None:
+            for dep in data.ret_values_deps:
+                result = self.state.annotate_mv_with_def(result, dep)
         return result
 
-    def _ail_handle_Register(self, expr: ailment.Expr.Register) -> MultiValues:
+    def _handle_expr_Register(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         self.state: ReachingDefinitionsState
 
         reg_offset = expr.reg_offset
@@ -412,7 +396,7 @@ class SimEngineRDAIL(
                 if sb_offset is not None:
                     return MultiValues(v=self.state._initial_stack_pointer() + sb_offset)
 
-        reg_atom = Register(reg_offset, size)
+        reg_atom = Register(RegisterOffset(reg_offset), size)
 
         # first check if it is ever defined
         try:
@@ -465,12 +449,13 @@ class SimEngineRDAIL(
 
         return value
 
-    def _ail_handle_Load(self, expr: ailment.Expr.Load) -> MultiValues:
-        addrs: MultiValues = self._expr(expr.addr)
+    def _handle_expr_Load(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        addrs = self._expr_bv(expr.addr)
 
         size = expr.size
         bits = expr.bits
         if expr.guard is not None:
+            assert expr.alt is not None
             self._expr(expr.guard)
             self._expr(expr.alt)
 
@@ -527,7 +512,7 @@ class SimEngineRDAIL(
 
         return result
 
-    def _ail_handle_Convert(self, expr: ailment.Expr.Convert) -> MultiValues:
+    def _handle_expr_Convert(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         to_conv: MultiValues = self._expr(expr.operand)
         bits = expr.to_bits
         size = bits // self.arch.byte_width
@@ -561,7 +546,7 @@ class SimEngineRDAIL(
 
         return MultiValues(offset_to_values={0: converted})
 
-    def _ail_handle_Reinterpret(self, expr: ailment.Expr.Reinterpret) -> MultiValues:
+    def _handle_expr_Reinterpret(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         _: MultiValues = self._expr(expr.operand)
         bits = expr.to_bits
 
@@ -570,78 +555,67 @@ class SimEngineRDAIL(
 
         return MultiValues(reinterpreted)
 
-    def _ail_handle_ITE(self, expr: ailment.Expr.ITE) -> MultiValues:
+    def _handle_unop_Default(self, expr):
+        return self._top(expr.bits)
+
+    _handle_unop_Reference = _handle_unop_Default
+    _handle_unop_Clz = _handle_unop_Default
+    _handle_unop_Ctz = _handle_unop_Default
+    _handle_unop_Dereference = _handle_unop_Default
+    _handle_unop_GetMSBs = _handle_unop_Default
+    _handle_unop_unpack = _handle_unop_Default
+    _handle_unop_Sqrt = _handle_unop_Default
+    _handle_unop_RSqrtEst = _handle_unop_Default
+
+    def _handle_expr_ITE(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         _: MultiValues = self._expr(expr.cond)
         iftrue: MultiValues = self._expr(expr.iftrue)
         _: MultiValues = self._expr(expr.iffalse)
         top = self.state.top(len(iftrue))
         return MultiValues(top)
 
-    def _ail_handle_Not(self, expr: ailment.Expr.UnaryOp) -> MultiValues:
-        operand: MultiValues = self._expr(expr.operand)
+    def _handle_unop_Not(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        operand = self._expr_bv(expr.operand)
         bits = expr.bits
 
-        if operand is None:
-            return MultiValues(self.state.top(bits))
-
         operand_v = operand.one_value()
 
         if operand_v is not None and operand_v.concrete:
-            r = MultiValues(~operand_v)  # pylint:disable=invalid-unary-operand-type
-        else:
-            r = MultiValues(self.state.top(bits))
-
-        return r
+            return MultiValues(~operand_v)  # pylint:disable=invalid-unary-operand-type
+        return MultiValues(self.state.top(bits))
 
-    def _ail_handle_Neg(self, expr: ailment.Expr.UnaryOp) -> MultiValues:
+    def _handle_unop_Neg(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         operand: MultiValues = self._expr(expr.operand)
         bits = expr.bits
 
-        if operand is None:
-            return MultiValues(self.state.top(bits))
-
         operand_v = operand.one_value()
 
         if operand_v is not None and operand_v.concrete:
-            r = MultiValues(-operand_v)  # pylint:disable=invalid-unary-operand-type
-        else:
-            r = MultiValues(self.state.top(bits))
-
-        return r
+            return MultiValues(-operand_v)  # pylint:disable=invalid-unary-operand-type
+        return MultiValues(self.state.top(bits))
 
-    def _ail_handle_BitwiseNeg(self, expr: ailment.Expr.UnaryOp) -> MultiValues:
-        operand: MultiValues = self._expr(expr.operand)
+    def _handle_unop_BitwiseNeg(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        operand = self._expr_bv(expr.operand)
         bits = expr.bits
 
-        r = None
         operand_v = operand.one_value()
 
         if operand_v is not None and operand_v.concrete:
-            r = MultiValues(offset_to_values={0: {~operand_v}})  # pylint:disable=invalid-unary-operand-type
-        else:
-            r = MultiValues(offset_to_values={0: {self.state.top(bits)}})
+            return MultiValues(offset_to_values={0: {~operand_v}})
+        return MultiValues(offset_to_values={0: {self.state.top(bits)}})
 
-        return r
-
-    def _ail_handle_BinaryOp(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        r = super()._ail_handle_BinaryOp(expr)
-        if isinstance(r, ailment.Expr.BinaryOp):
-            l.warning("Unimplemented operation %s.", expr.op)
-            top = self.state.top(expr.bits)
-            return MultiValues(top)
-        return r
-
-    def _ail_handle_Add(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Add(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0, expr1 = self._expr_pair(expr.operands[0], expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            # adding two single values together
+            if (expr0_v.concrete or self.state.is_stack_address(expr0_v)) and expr1_v.concrete:
+                r = MultiValues(expr0_v + expr1_v)  # type: ignore
         elif expr0_v is None and expr1_v is not None:
             # adding a single value to a multivalue
             if (
@@ -649,34 +623,32 @@ class SimEngineRDAIL(
                 and 0 in expr0
                 and all(v.concrete or self.state.is_stack_address(v) for v in expr0[0])
             ):
-                vs = {v + expr1_v for v in expr0[0]}
+                vs = {v + expr1_v for v in expr0[0]}  # type: ignore
                 r = MultiValues(offset_to_values={0: vs})
         elif expr0_v is not None and expr1_v is None:
             # adding a single value to a multivalue
             if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
-                vs = {v + expr0_v for v in expr1[0]}
+                vs = {v + expr0_v for v in expr1[0]}  # type: ignore
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            # adding two single values together
-            if (expr0_v.concrete or self.state.is_stack_address(expr0_v)) and expr1_v.concrete:
-                r = MultiValues(expr0_v + expr1_v)
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Sub(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Sub(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0, expr1 = self._expr_pair(expr.operands[0], expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if (expr0_v.concrete or self.state.is_stack_address(expr0_v)) and expr1_v.concrete:
+                r = MultiValues(expr0_v - expr1_v)  # type: ignore
         elif expr0_v is None and expr1_v is not None:
             # subtracting a single value from a multivalue
             if (
@@ -684,35 +656,22 @@ class SimEngineRDAIL(
                 and 0 in expr0
                 and all(v.concrete or self.state.is_stack_address(v) for v in expr0[0])
             ):
-                vs = {v - expr1_v for v in expr0[0]}
+                vs = {v - expr1_v for v in expr0[0]}  # type: ignore
                 r = MultiValues(offset_to_values={0: vs})
         elif expr0_v is not None and expr1_v is None:
             # subtracting a single value from a multivalue
             if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
-                vs = {expr0_v - v for v in expr1[0]}
+                vs = {expr0_v - v for v in expr1[0]}  # type: ignore
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            if (expr0_v.concrete or self.state.is_stack_address(expr0_v)) and expr1_v.concrete:
-                r = MultiValues(expr0_v - expr1_v)
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Div(self, expr):
-        arg0, arg1 = expr.operands
-
-        self._expr(arg0)
-        self._expr(arg1)
-        bits = expr.bits
-
-        return MultiValues(self.state.top(bits))
-
-    def _ail_handle_DivMod(self, expr):
-        return self._ail_handle_Div(expr)
-
-    def _ail_handle_Mul(self, expr):
+    def _handle_binop_Default(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         arg0, arg1 = expr.operands
 
         self._expr(arg0)
@@ -721,53 +680,88 @@ class SimEngineRDAIL(
 
         return MultiValues(self.state.top(bits))
 
-    _ail_handle_AddV = _ail_handle_Add
-    _ail_handle_MulV = _ail_handle_Mul
-
-    def _ail_handle_Mull(self, expr):
-        arg0, arg1 = expr.operands
-
-        self._expr(arg0)
-        self._expr(arg1)
+    _handle_binop_AddV = _handle_binop_Add
+    _handle_binop_Div = _handle_binop_Default
+    _handle_binop_MulV = _handle_binop_Default
+    _handle_binop_MulHiV = _handle_binop_Default
+    _handle_binop_Mod = _handle_binop_Default
+    _handle_binop_AddF = _handle_binop_Default
+    _handle_binop_DivF = _handle_binop_Default
+    _handle_binop_DivV = _handle_binop_Default
+    _handle_binop_MulF = _handle_binop_Default
+    _handle_binop_SubF = _handle_binop_Default
+    _handle_binop_SubV = _handle_binop_Default
+    _handle_binop_InterleaveLOV = _handle_binop_Default
+    _handle_binop_InterleaveHIV = _handle_binop_Default
+    _handle_binop_CasCmpEQ = _handle_binop_Default
+    _handle_binop_CasCmpNE = _handle_binop_Default
+    _handle_binop_ExpCmpNE = _handle_binop_Default
+    _handle_binop_SarNV = _handle_binop_Default
+    _handle_binop_ShrNV = _handle_binop_Default
+    _handle_binop_ShlNV = _handle_binop_Default
+    _handle_binop_CmpEQV = _handle_binop_Default
+    _handle_binop_CmpNEV = _handle_binop_Default
+    _handle_binop_CmpGEV = _handle_binop_Default
+    _handle_binop_CmpGTV = _handle_binop_Default
+    _handle_binop_CmpLEV = _handle_binop_Default
+    _handle_binop_CmpLTV = _handle_binop_Default
+    _handle_binop_MinV = _handle_binop_Default
+    _handle_binop_MaxV = _handle_binop_Default
+    _handle_binop_QAddV = _handle_binop_Default
+    _handle_binop_QNarrowBinV = _handle_binop_Default
+    _handle_binop_PermV = _handle_binop_Default
+    _handle_binop_Set = _handle_binop_Default
+
+    def _handle_binop_Mul(self, expr):
+        expr0 = self._expr(expr.operands[0])
+        expr1 = self._expr(expr.operands[1])
         bits = expr.bits
 
-        return MultiValues(self.state.top(bits))
-
-    def _ail_handle_Mod(self, expr):
-        arg0, arg1 = expr.operands
+        expr0_v = expr0.one_value()
+        expr1_v = expr1.one_value()
 
-        self._expr(arg0)
-        self._expr(arg1)
-        bits = expr.bits
+        if expr0_v is not None and expr1_v is not None and expr0_v.concrete and expr1_v.concrete:
+            r = MultiValues(offset_to_values={0: {expr0_v * expr1_v}})  # type: ignore
+        else:
+            r = MultiValues(offset_to_values={0: {self.state.top(bits)}})
 
-        return MultiValues(self.state.top(bits))
+        return r
 
-    def _ail_handle_Mul(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Mull(self, expr):
+        expr0 = self._expr(expr.operands[0])
+        expr1 = self._expr(expr.operands[1])
         bits = expr.bits
 
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
         if expr0_v is not None and expr1_v is not None and expr0_v.concrete and expr1_v.concrete:
-            r = MultiValues(offset_to_values={0: {expr0_v * expr1_v}})
+            xt = expr.bits // 2
+            if expr.signed:
+                r = MultiValues(
+                    offset_to_values={0: {expr0_v.sign_extend(xt) * expr1_v.sign_extend(xt)}}  # type: ignore
+                )
+            else:
+                r = MultiValues(
+                    offset_to_values={0: {expr0_v.zero_extend(xt) * expr1_v.zero_extend(xt)}}  # type: ignore
+                )
         else:
             r = MultiValues(offset_to_values={0: {self.state.top(bits)}})
 
         return r
 
-    def _ail_handle_Shr(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Shr(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(claripy.LShR(expr0_v, expr1_v.concrete_value))
         elif expr0_v is None and expr1_v is not None:
             # each value in expr0 >> expr1_v
             if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]) and expr1_v.concrete:
@@ -783,25 +777,25 @@ class SimEngineRDAIL(
                 }
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            if expr0_v.concrete and expr1_v.concrete:
-                r = MultiValues(claripy.LShR(expr0_v, expr1_v.concrete_value))
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Sar(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Sar(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v >> expr1_v.concrete_value)
         elif expr0_v is None and expr1_v is not None:
             # each value in expr0 >> expr1_v
             if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]) and expr1_v.concrete:
@@ -817,25 +811,25 @@ class SimEngineRDAIL(
                 }
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            if expr0_v.concrete and expr1_v.concrete:
-                r = MultiValues(expr0_v >> expr1_v.concrete_value)
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Shl(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Shl(self, expr):
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v << expr1_v.concrete_value)
         elif expr0_v is None and expr1_v is not None:
             # each value in expr0 << expr1_v
             if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]) and expr1_v.concrete:
@@ -847,74 +841,60 @@ class SimEngineRDAIL(
                 vs = {((expr0_v << v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr1[0]}
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            if expr0_v.concrete and expr1_v.concrete:
-                r = MultiValues(expr0_v << expr1_v.concrete_value)
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Rol(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        self._expr(expr.operands[0])
-        self._expr(expr.operands[1])
-        bits = expr.bits
-
-        return MultiValues(self.state.top(bits))
-
-    def _ail_handle_Ror(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        self._expr(expr.operands[0])
-        self._expr(expr.operands[1])
-        bits = expr.bits
-
-        return MultiValues(self.state.top(bits))
+    _handle_binop_Rol = _handle_binop_Default
+    _handle_binop_Ror = _handle_binop_Default
 
-    def _ail_handle_And(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_And(self, expr):
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            return MultiValues(self.state.top(bits))
-
-        if expr0_v is None and expr1_v is not None:
-            # expr1_v & each value in expr0
-            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
-                vs = {v & expr1_v for v in expr0[0]}
-                r = MultiValues(offset_to_values={0: vs})
-        elif expr0_v is not None and expr1_v is None:
-            # expr0_v & each value in expr1
-            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
-                vs = {expr0_v & v for v in expr1[0]}
-                r = MultiValues(offset_to_values={0: vs})
-        else:
+        if expr0_v is not None and expr1_v is not None:
             # special handling for stack alignment
             if self.state.is_stack_address(expr0_v):
                 r = MultiValues(expr0_v)
             else:
                 if expr0_v.concrete and expr1_v.concrete:
                     r = MultiValues(expr0_v & expr1_v)
+        elif expr0_v is None and expr1_v is not None:
+            # expr1_v & each value in expr0
+            if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
+                r = MultiValues(offset_to_values={0: {v & expr1_v for v in expr0[0]}})
+        elif expr0_v is not None and expr1_v is None:
+            # expr0_v & each value in expr1
+            if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
+                r = MultiValues(offset_to_values={0: {expr0_v & v for v in expr1[0]}})
+        else:
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Or(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_Or(self, expr):
         expr0: MultiValues = self._expr(expr.operands[0])
         expr1: MultiValues = self._expr(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v | expr1_v)
         elif expr0_v is None and expr1_v is not None:
             # expr1_v | each value in expr0
             if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
@@ -926,15 +906,14 @@ class SimEngineRDAIL(
                 vs = {expr0_v | v for v in expr1[0]}
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            if expr0_v.concrete and expr1_v.concrete:
-                r = MultiValues(expr0_v | expr1_v)
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_LogicalAnd(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_LogicalAnd(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         expr0: MultiValues = self._expr(expr.operands[0])
         expr1: MultiValues = self._expr(expr.operands[1])
         bits = expr.bits
@@ -949,7 +928,7 @@ class SimEngineRDAIL(
 
         return MultiValues(claripy.If(expr0_v == 0, expr0_v, expr1_v))
 
-    def _ail_handle_LogicalOr(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_LogicalOr(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         expr0: MultiValues = self._expr(expr.operands[0])
         expr1: MultiValues = self._expr(expr.operands[1])
         bits = expr.bits
@@ -962,7 +941,7 @@ class SimEngineRDAIL(
 
         return MultiValues(claripy.If(expr0_v != 0, expr0_v, expr1_v))
 
-    def _ail_handle_LogicalXor(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_LogicalXor(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         expr0: MultiValues = self._expr(expr.operands[0])
         expr1: MultiValues = self._expr(expr.operands[1])
         bits = expr.bits
@@ -975,17 +954,18 @@ class SimEngineRDAIL(
 
         return MultiValues(claripy.If(expr0_v != 0, expr1_v, expr0_v))
 
-    def _ail_handle_Xor(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_Xor(self, expr):
         expr0: MultiValues = self._expr(expr.operands[0])
         expr1: MultiValues = self._expr(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(expr0_v ^ expr1_v)
         elif expr0_v is None and expr1_v is not None:
             # expr1_v ^ each value in expr0
             if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
@@ -997,63 +977,60 @@ class SimEngineRDAIL(
                 vs = {expr0_v ^ v for v in expr1[0]}
                 r = MultiValues(offset_to_values={0: vs})
         else:
-            if expr0_v.concrete and expr1_v.concrete:
-                r = MultiValues(expr0_v ^ expr1_v)
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Carry(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_Carry(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         _ = self._expr(expr.operands[0])
         _ = self._expr(expr.operands[1])
         bits = expr.bits
         return MultiValues(self.state.top(bits))
 
-    def _ail_handle_SCarry(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_SCarry(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         _ = self._expr(expr.operands[0])
         _ = self._expr(expr.operands[1])
         bits = expr.bits
         return MultiValues(self.state.top(bits))
 
-    def _ail_handle_SBorrow(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
+    def _handle_binop_SBorrow(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         _ = self._expr(expr.operands[0])
         _ = self._expr(expr.operands[1])
         bits = expr.bits
         return MultiValues(self.state.top(bits))
 
-    def _ail_handle_Concat(self, expr: ailment.Expr.BinaryOp) -> MultiValues:
-        expr0: MultiValues = self._expr(expr.operands[0])
-        expr1: MultiValues = self._expr(expr.operands[1])
+    def _handle_binop_Concat(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        expr0 = self._expr_bv(expr.operands[0])
+        expr1 = self._expr_bv(expr.operands[1])
         bits = expr.bits
 
-        r = None
+        r: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
         expr0_v = expr0.one_value()
         expr1_v = expr1.one_value()
 
-        if expr0_v is None and expr1_v is None:
-            r = MultiValues(self.state.top(bits))
+        if expr0_v is not None and expr1_v is not None:
+            if expr0_v.concrete and expr1_v.concrete:
+                r = MultiValues(claripy.Concat(expr0_v, expr1_v))
         elif expr0_v is None and expr1_v is not None:
             # concatenate expr1_v with each value in expr0
             if expr0.count() == 1 and 0 in expr0 and all(v.concrete for v in expr0[0]):
-                vs = {claripy.Concat(v, expr1_v) for v in expr0[0]}
-                r = MultiValues(offset_to_values={0: vs})
+                r = MultiValues(offset_to_values={0: {claripy.Concat(v, expr1_v) for v in expr0[0]}})
         elif expr0_v is not None and expr1_v is None:
             # concatenate expr0_v with each value in expr1
             if expr1.count() == 1 and 0 in expr1 and all(v.concrete for v in expr1[0]):
-                vs = {claripy.Concat(expr0_v, v) for v in expr1[0]}
-                r = MultiValues(offset_to_values={0: vs})
+                r = MultiValues(offset_to_values={0: {claripy.Concat(expr0_v, v) for v in expr1[0]}})
         else:
-            if expr0_v.concrete and expr1_v.concrete:
-                r = MultiValues(claripy.Concat(expr0_v, expr1_v))
+            r = MultiValues(self.state.top(bits))
 
         if r is None:
             r = MultiValues(self.state.top(bits))
 
         return r
 
-    def _ail_handle_Cmp(self, expr) -> MultiValues:
+    def _handle_binop_Cmp(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         op0 = self._expr(expr.operands[0])
         op1 = self._expr(expr.operands[1])
 
@@ -1065,41 +1042,30 @@ class SimEngineRDAIL(
         top = self.state.top(expr.bits)
         return MultiValues(top)
 
-    _ail_handle_CmpF = _ail_handle_Cmp
-    _ail_handle_CmpEQ = _ail_handle_Cmp
-    _ail_handle_CmpNE = _ail_handle_Cmp
-    _ail_handle_CmpLE = _ail_handle_Cmp
-    _ail_handle_CmpLEs = _ail_handle_Cmp
-    _ail_handle_CmpLT = _ail_handle_Cmp
-    _ail_handle_CmpLTs = _ail_handle_Cmp
-    _ail_handle_CmpGE = _ail_handle_Cmp
-    _ail_handle_CmpGEs = _ail_handle_Cmp
-    _ail_handle_CmpGT = _ail_handle_Cmp
-    _ail_handle_CmpGTs = _ail_handle_Cmp
-    _ail_handle_CmpORD = _ail_handle_Cmp
-
-    def _ail_handle_TernaryOp(self, expr) -> MultiValues:
-        _ = self._expr(expr.operands[0])
-        _ = self._expr(expr.operands[1])
-        _ = self._expr(expr.operands[2])
-
-        top = self.state.top(expr.bits)
-        return MultiValues(offset_to_values={0: {top}})
-
-    def _ail_handle_ExpCmpNE(self, expr) -> MultiValues:
+    _handle_binop_CmpF = _handle_binop_Cmp
+    _handle_binop_CmpEQ = _handle_binop_Cmp
+    _handle_binop_CmpNE = _handle_binop_Cmp
+    _handle_binop_CmpLE = _handle_binop_Cmp
+    _handle_binop_CmpLEs = _handle_binop_Cmp
+    _handle_binop_CmpLT = _handle_binop_Cmp
+    _handle_binop_CmpLTs = _handle_binop_Cmp
+    _handle_binop_CmpGE = _handle_binop_Cmp
+    _handle_binop_CmpGEs = _handle_binop_Cmp
+    _handle_binop_CmpGT = _handle_binop_Cmp
+    _handle_binop_CmpGTs = _handle_binop_Cmp
+    _handle_binop_CmpORD = _handle_binop_Cmp
+
+    def _handle_binop_ExpCmpNE(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         self._expr(expr.operands[0])
         self._expr(expr.operands[1])
 
-        top = self.state.top(expr.bits)
-        return MultiValues(offset_to_values={0: {top}})
+        return MultiValues(self.state.top(expr.bits))
 
-    def _ail_handle_Clz(self, expr) -> MultiValues:
+    def _handle_unop_Clz(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         self._expr(expr.operand)
+        return MultiValues(self.state.top(expr.bits))
 
-        top = self.state.top(expr.bits)
-        return MultiValues(offset_to_values={0: {top}})
-
-    def _ail_handle_Const(self, expr) -> MultiValues:
+    def _handle_expr_Const(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         self.state.mark_const(expr.value, expr.size)
         if isinstance(expr.value, float):
             sort = None
@@ -1110,7 +1076,7 @@ class SimEngineRDAIL(
             return MultiValues(claripy.FPV(expr.value, sort))
         return MultiValues(claripy.BVV(expr.value, expr.bits))
 
-    def _ail_handle_StackBaseOffset(self, expr: ailment.Expr.StackBaseOffset) -> MultiValues:
+    def _handle_expr_StackBaseOffset(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
         stack_addr = self.state.stack_address(expr.offset)
         return MultiValues(stack_addr)
 
@@ -1121,15 +1087,24 @@ class SimEngineRDAIL(
         top = self.state.top(expr.bits)
         return MultiValues(top)
 
-    def _ail_handle_DirtyExpression(
-        self, expr: ailment.Expr.DirtyExpression
-    ) -> MultiValues:  # pylint:disable=no-self-use
-        for operand in expr.operands:
-            self._expr(operand)
+    def _handle_expr_Phi(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return self._top(expr.bits)  # TODO
 
-        top = self.state.top(expr.bits)
-        return MultiValues(top)
+    def _handle_expr_VEXCCallExpression(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return self._top(expr.bits)  # TODO
 
-    #
-    # User defined high-level statement handlers
-    #
+    def _handle_expr_VirtualVariable(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        return self._top(expr.bits)  # TODO
+
+    def _handle_expr_DirtyExpression(self, expr) -> MultiValues[claripy.ast.BV | claripy.ast.FP]:
+        if isinstance(expr.dirty_expr, ailment.expression.VEXCCallExpression):
+            for operand in expr.dirty_expr.operands:
+                self._expr(operand)
+
+        return MultiValues(self.state.top(expr.bits))
+
+    def _handle_expr_BasePointerOffset(self, expr):
+        return self._top(expr.bits)
+
+    def _handle_expr_MultiStatementExpression(self, expr):
+        return self._top(expr.bits)