angr 9.2.135__py3-none-manylinux2014_x86_64.whl → 9.2.137__py3-none-manylinux2014_x86_64.whl

angr/engines/failure.py

@@ -1,9 +1,11 @@
 from __future__ import annotations
-from .engine import SuccessorsMixin
-from .procedure import ProcedureMixin
 
 import logging
 
+from angr.errors import AngrExitError
+from .engine import SuccessorsMixin
+from .procedure import ProcedureMixin
+
 l = logging.getLogger(name=__name__)
 
 
@@ -23,6 +25,3 @@ class SimEngineFailure(SuccessorsMixin, ProcedureMixin):
             return self.process_procedure(state, successors, terminator, **kwargs)
 
         return super().process_successors(successors, **kwargs)
-
-
-from angr.errors import AngrExitError

angr/engines/pcode/emulate.py

@@ -92,7 +92,7 @@ class PcodeEmulatorMixin(SimEngineBase):
                 self.state,
                 fallthru_addr,
                 self.state.scratch.guard,
-                "Ijk_Boring",
+                irsb.jumpkind,
                 exit_stmt_idx=DEFAULT_STATEMENT,
                 exit_ins_addr=self.state.scratch.ins_addr,
             )

angr/engines/pcode/lifter.py

@@ -7,7 +7,7 @@
 from __future__ import annotations
 
 import logging
-from typing import Optional
+from typing import Any, TYPE_CHECKING
 from collections.abc import Iterable, Sequence
 
 import archinfo
@@ -35,6 +35,12 @@ except ImportError:
     pypcode = None
 
 
+if TYPE_CHECKING:
+    # this is to make pyright happy; otherwise it believes pypcode is None
+    import pypcode
+    from pypcode import PcodeOp, Context
+
+
 l = logging.getLogger(__name__)
 
 IRSB_MAX_SIZE = 400
@@ -130,8 +136,8 @@ class IRSB:
 
     _direct_next: bool | None
     _exit_statements: Sequence[tuple[int, int, ExitStatement]]
-    _instruction_addresses: Sequence[int] | None
-    _ops: Sequence[pypcode.PcodeOp]  # FIXME: Merge into _statements
+    _instruction_addresses: list[int] | None
+    _ops: list[PcodeOp]  # FIXME: Merge into _statements
     _size: int | None
     _statements: Iterable  # Note: currently unused
     _disassembly: PcodeDisassemblerBlock | None
@@ -140,7 +146,7 @@ class IRSB:
     behaviors: BehaviorFactory | None
     data_refs: Sequence  # Note: currently unused
     const_vals: Sequence  # Note: currently unused
-    default_exit_target: Optional  # Note: currently used
+    default_exit_target: Any  # Note: currently used
     jumpkind: str | None
     next: int | None
 
@@ -199,7 +205,7 @@ class IRSB:
         self._direct_next = None
         self._exit_statements = []
         self._instruction_addresses = None
-        self._ops = []
+        self._ops: list[PcodeOp] = []
         self._size = None
         self._statements = []
         self.addr = mem_addr
@@ -248,7 +254,7 @@ class IRSB:
 
     @property
     def has_statements(self) -> bool:
-        return self.statements is not None and self.statements
+        return bool(self.statements is not None and self.statements)
 
     @property
     def exit_statements(self) -> Sequence[tuple[int, int, ExitStatement]]:
@@ -320,7 +326,7 @@ class IRSB:
         return len(self.statements)
 
     @property
-    def offsIP(self) -> int:
+    def offsIP(self) -> int | None:
         return self.arch.ip_offset
 
     @property
@@ -459,10 +465,10 @@ class IRSB:
         jumpkind: str | None = None,
         direct_next: bool | None = None,
         size: int | None = None,
-        ops: Sequence[pypcode.PcodeOp] | None = None,
-        instruction_addresses: Iterable[int] | None = None,
+        ops: list[PcodeOp] | None = None,
+        instruction_addresses: list[int] | None = None,
         exit_statements: Sequence[tuple[int, int, ExitStatement]] | None = None,
-        default_exit_target: Optional | None = None,
+        default_exit_target: Any = None,
     ) -> None:
         # pylint: disable=unused-argument
         self._statements = statements if statements is not None else []
@@ -490,7 +496,7 @@ class IRSB:
         )
 
     @property
-    def statements(self) -> Iterable:
+    def statements(self) -> list:
         # FIXME: For compatibility, may want to implement Ist_IMark and
         # pyvex.IRStmt.Exit to ease analyses.
         l.debug("Returning empty statements list!")
@@ -807,7 +813,7 @@ class PcodeBasicBlockLifter:
     Lifts basic blocks to P-code
     """
 
-    context: pypcode.Context
+    context: Context
     behaviors: BehaviorFactory
 
     def __init__(self, arch: archinfo.Arch):
@@ -1032,7 +1038,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
         self,
         addr: int | None = None,
         state: SimState | None = None,
-        clemory: cle.Clemory | None = None,
+        clemory: cle.Clemory | cle.ClemoryReadOnlyView | None = None,
         insn_bytes: bytes | None = None,
         arch: archinfo.Arch | None = None,
         size: int | None = None,
@@ -1047,7 +1053,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
         load_from_ro_regions: bool = False,
         cross_insn_opt: bool | None = None,
         const_prop: bool | None = None,
-    ):
+    ) -> IRSB:
         """
         Temporary compatibility interface for integration with block code.
         """
@@ -1075,7 +1081,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
         self,
         addr: int | None = None,
         state: SimState | None = None,
-        clemory: cle.Clemory | None = None,
+        clemory: cle.Clemory | cle.ClemoryReadOnlyView | None = None,
         insn_bytes: bytes | None = None,
         arch: archinfo.Arch | None = None,
         size: int | None = None,
@@ -1090,7 +1096,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
         load_from_ro_regions: bool = False,
         cross_insn_opt: bool | None = None,
         const_prop: bool | None = None,
-    ):
+    ) -> IRSB:
         """
         Lift an IRSB.
 
@@ -1137,6 +1143,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
 
         # phase 1: parameter defaults
         if addr is None:
+            assert state is not None
             addr = state.solver.eval(state._ip)
         if size is not None:
             size = min(size, IRSB_MAX_SIZE)
@@ -1158,6 +1165,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
                     " disabled."
                 )
             opt_level = 0
+            assert state is not None
             if state and o.OPTIMIZE_IR in state.options:
                 state.options.remove(o.OPTIMIZE_IR)
         if skip_stmts is not True:
@@ -1278,13 +1286,18 @@ class PcodeLifterEngineMixin(SimEngineBase):
                     )
                 return irsb
 
+            raise SimEngineError("Unreachable code reached")
         # phase x: error handling
         except PyVEXError as e:
             l.debug("Translation error at %#x", addr)
             raise SimTranslationError("Unable to translate bytecode") from e
 
     def _load_bytes(
-        self, addr: int, max_size: int, state: SimState | None = None, clemory: cle.Clemory | None = None
+        self,
+        addr: int,
+        max_size: int,
+        state: SimState | None = None,
+        clemory: cle.Clemory | cle.ClemoryReadOnlyView | None = None,
     ) -> tuple[bytes, int, int]:
         if clemory is None and state is None:
             raise SimEngineError("state and clemory cannot both be None in _load_bytes().")
@@ -1306,7 +1319,7 @@ class PcodeLifterEngineMixin(SimEngineBase):
 
         # Load from the clemory if we can
         if not load_from_state or not state:
-            if isinstance(clemory, cle.Clemory):
+            if isinstance(clemory, (cle.Clemory, cle.ClemoryReadOnlyView)):
                 try:
                     start, backer = next(clemory.backers(addr))
                 except StopIteration:

angr/engines/procedure.py

@@ -1,10 +1,13 @@
 from __future__ import annotations
 import logging
 
-l = logging.getLogger(name=__name__)
-
+from angr import sim_options as o
+from angr import errors
+from angr.state_plugins.inspect import BP_BEFORE, BP_AFTER
 from .engine import SuccessorsMixin
 
+
+l = logging.getLogger(name=__name__)
 # pylint: disable=arguments-differ
 
 
@@ -65,8 +68,3 @@ class ProcedureEngine(ProcedureMixin, SuccessorsMixin):
         if procedure is None:
             raise errors.SimEngineError("Must provide the procedure explicitly to use ProcedureEngine")
         self.process_procedure(self.state, successors, procedure, **kwargs)
-
-
-from angr import sim_options as o
-from angr import errors
-from angr.state_plugins.inspect import BP_BEFORE, BP_AFTER

angr/engines/soot/expressions/__init__.py

@@ -2,29 +2,6 @@ from __future__ import annotations
 
 import logging
 
-l = logging.getLogger("angr.engines.soot.expressions")
-
-
-def translate_expr(expr, state):
-    expr_name = expr.__class__.__name__.split(".")[-1]
-    if expr_name.startswith("Soot"):
-        expr_name = expr_name[4:]
-    if expr_name.endswith("Expr"):
-        expr_name = expr_name[:-4]
-    expr_cls_name = "SimSootExpr_" + expr_name
-
-    g = globals()
-    if expr_cls_name in g:
-        expr_cls = g[expr_cls_name]
-    else:
-        l.warning("Unsupported Soot expression %s.", expr_cls_name)
-        expr_cls = SimSootExpr_Unsupported
-
-    expr = expr_cls(expr, state)
-    expr.process()
-    return expr
-
-
 from .arrayref import SimSootExpr_ArrayRef
 from .binop import SimSootExpr_Binop
 from .cast import SimSootExpr_Cast
@@ -57,6 +34,26 @@ from .paramref import SimSootExpr_ParamRef
 from .unsupported import SimSootExpr_Unsupported
 from .instanceOf import SimSootExpr_InstanceOf
 
+l = logging.getLogger("angr.engines.soot.expressions")
+
+
+def translate_expr(expr, state):
+    expr_name = expr.__class__.__name__.split(".")[-1]
+    expr_name = expr_name.removeprefix("Soot")
+    expr_name = expr_name.removesuffix("Expr")
+    expr_cls_name = "SimSootExpr_" + expr_name
+
+    g = globals()
+    if expr_cls_name in g:
+        expr_cls = g[expr_cls_name]
+    else:
+        l.warning("Unsupported Soot expression %s.", expr_cls_name)
+        expr_cls = SimSootExpr_Unsupported
+
+    expr = expr_cls(expr, state)
+    expr.process()
+    return expr
+
 
 __all__ = (
     "SimSootExpr_ArrayRef",

angr/engines/soot/expressions/base.py

@@ -1,6 +1,6 @@
 from __future__ import annotations
-from . import translate_expr
-from angr.engines.soot.values import translate_value
+
+import angr
 
 
 class SimSootExpr:
@@ -15,7 +15,7 @@ class SimSootExpr:
         raise NotImplementedError
 
     def _translate_expr(self, expr):
-        return translate_expr(expr, self.state)
+        return angr.engines.soot.expressions.translate_expr(expr, self.state)
 
     def _translate_value(self, value):
-        return translate_value(value, self.state)
+        return angr.engines.soot.values.translate_value(value, self.state)

angr/engines/soot/expressions/invoke.py

@@ -1,7 +1,6 @@
 from __future__ import annotations
 from archinfo.arch_soot import SootArgument, SootMethodDescriptor
 
-from . import translate_expr
 from angr.engines.soot.method_dispatcher import resolve_method
 from angr.engines.soot.exceptions import SootMethodNotLoadedException
 from .base import SimSootExpr
@@ -56,7 +55,7 @@ class SimSootExpr_VirtualInvoke(InvokeBase):
 
     def _resolve_invoke_target(self, expr, state):
         # get the type of the base object
-        base = translate_expr(self.expr.base, self.state).expr
+        base = self._translate_expr(self.expr.base).expr
         # if the base is not set, for example if we process an invocation of an
         # unloaded library function
         # => fallback: use the statically retrieved type

angr/engines/soot/statements/__init__.py

@@ -2,13 +2,21 @@ from __future__ import annotations
 
 import logging
 
+from .assign import SimSootStmt_Assign
+from .return_ import SimSootStmt_Return, SimSootStmt_ReturnVoid
+from .identity import SimSootStmt_Identity
+from .goto import SimSootStmt_Goto
+from .invoke import SimSootStmt_Invoke
+from .if_ import SimSootStmt_If
+from .switch import SimSootStmt_TableSwitch, SimSootStmt_LookupSwitch
+from .throw import SimSootStmt_Throw
+
 l = logging.getLogger("angr.engines.soot.statements")
 
 
 def translate_stmt(stmt, state):
     stmt_name = stmt.__class__.__name__.split(".")[-1]
-    if stmt_name.endswith("Stmt"):
-        stmt_name = stmt_name[:-4]
+    stmt_name = stmt_name.removesuffix("Stmt")
 
     stmt_cls_name = f"SimSootStmt_{stmt_name}"
     if stmt_cls_name in globals():
@@ -21,16 +29,6 @@ def translate_stmt(stmt, state):
     return None
 
 
-from .assign import SimSootStmt_Assign
-from .return_ import SimSootStmt_Return, SimSootStmt_ReturnVoid
-from .identity import SimSootStmt_Identity
-from .goto import SimSootStmt_Goto
-from .invoke import SimSootStmt_Invoke
-from .if_ import SimSootStmt_If
-from .switch import SimSootStmt_TableSwitch, SimSootStmt_LookupSwitch
-from .throw import SimSootStmt_Throw
-
-
 __all__ = (
     "SimSootStmt_Assign",
     "SimSootStmt_Goto",

angr/engines/soot/values/__init__.py

@@ -1,10 +1,18 @@
 from __future__ import annotations
 
+from .local import SimSootValue_Local
+from .paramref import SimSootValue_ParamRef
+from .arrayref import SimSootValue_ArrayRef, SimSootValue_ArrayBaseRef
+from .thisref import SimSootValue_ThisRef
+from .staticfieldref import SimSootValue_StaticFieldRef
+from .instancefieldref import SimSootValue_InstanceFieldRef
+from .constants import SimSootValue_IntConstant
+from .strref import SimSootValue_StringRef
+
 
 def translate_value(value, state):
     value_name = value.__class__.__name__
-    if value_name.startswith("Soot"):
-        value_name = value_name[4:]
+    value_name = value_name.removeprefix("Soot")
     value_cls_name = "SimSootValue_" + value_name
 
     g = globals()
@@ -16,16 +24,6 @@ def translate_value(value, state):
     return value_cls.from_sootvalue(value, state)
 
 
-from .local import SimSootValue_Local
-from .paramref import SimSootValue_ParamRef
-from .arrayref import SimSootValue_ArrayRef, SimSootValue_ArrayBaseRef
-from .thisref import SimSootValue_ThisRef
-from .staticfieldref import SimSootValue_StaticFieldRef
-from .instancefieldref import SimSootValue_InstanceFieldRef
-from .constants import SimSootValue_IntConstant
-from .strref import SimSootValue_StringRef
-
-
 __all__ = (
     "SimSootValue_ArrayBaseRef",
     "SimSootValue_ArrayRef",

angr/engines/soot/values/arrayref.py

@@ -3,7 +3,7 @@ import logging
 
 import claripy
 
-from . import translate_value
+import angr
 from angr.errors import SimEngineError
 from .base import SimSootValue
 from .constants import SimSootValue_IntConstant
@@ -60,7 +60,7 @@ class SimSootValue_ArrayRef(SimSootValue):
 
     @classmethod
     def from_sootvalue(cls, soot_value, state):
-        base_local = translate_value(soot_value.base, state)
+        base_local = angr.engines.soot.values.translate_value(soot_value.base, state)
         base = state.memory.load(base_local)
         idx = cls.translate_array_index(soot_value.index, state)
         cls.check_array_bounds(idx, base, state)
@@ -68,7 +68,7 @@ class SimSootValue_ArrayRef(SimSootValue):
 
     @staticmethod
     def translate_array_index(idx, state):
-        idx_value = translate_value(idx, state)
+        idx_value = angr.engines.soot.values.translate_value(idx, state)
         if isinstance(idx_value, SimSootValue_IntConstant):
             # idx is a constant
             return idx_value.value

angr/engines/soot/values/instancefieldref.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
-from . import translate_value
+
+import angr
 from .base import SimSootValue
 from angr.engines.soot.field_dispatcher import resolve_field
 
@@ -25,7 +26,7 @@ class SimSootValue_InstanceFieldRef(SimSootValue):
         field_name, field_class_name = soot_value.field
         field_type = soot_value.type
         # get heap allocation id from base object
-        fixed_base = translate_value(soot_value.base, state)
+        fixed_base = angr.engines.soot.values.translate_value(soot_value.base, state)
         field_ref_base = state.memory.load(fixed_base)
         obj_alloc_id = field_ref_base.heap_alloc_id
         # return field reference

angr/engines/successors.py

@@ -6,6 +6,13 @@ import claripy
 
 from archinfo.arch_soot import ArchSoot, SootAddressDescriptor
 
+from angr import sim_options as o
+from angr.errors import SimSolverModeError, AngrUnsupportedSyscallError, AngrSyscallError, SimValueError, SimUnsatError
+from angr.storage import DUMMY_SYMBOLIC_READ_VALUE
+from angr.state_plugins.inspect import BP_BEFORE, BP_AFTER
+from angr.state_plugins.callstack import CallStack
+from angr.state_plugins.sim_action_object import _raw_ast
+
 
 if TYPE_CHECKING:
     from angr import SimState
@@ -262,11 +269,11 @@ class SimSuccessors:
         # categorize the state
         if o.APPROXIMATE_GUARDS in state.options and state.solver.is_false(state.scratch.guard, exact=False):
             if o.VALIDATE_APPROXIMATIONS in state.options and state.satisfiable():
-                raise Exception("WTF")
+                raise AssertionError("WTF")
             self.unsat_successors.append(state)
         elif o.APPROXIMATE_SATISFIABILITY in state.options and not state.solver.satisfiable(exact=False):
             if o.VALIDATE_APPROXIMATIONS in state.options and state.solver.satisfiable():
-                raise Exception("WTF")
+                raise AssertionError("WTF")
             self.unsat_successors.append(state)
         elif (not state.scratch.guard.symbolic and state.solver.is_false(state.scratch.guard)) or (
             o.LAZY_SOLVES not in state.options and not state.satisfiable()
@@ -288,10 +295,15 @@ class SimSuccessors:
             # syscall
             self.successors.append(state)
 
-            # Misuse the ip_at_syscall register to save the return address for this syscall
-            # state.ip *might be* changed to be the real address of syscall SimProcedures by syscall handling code in
-            # angr
-            state.regs.ip_at_syscall = state.ip
+            if "ip_at_syscall" in state.arch.registers:
+                # Misuse the ip_at_syscall register to save the return address for this syscall
+                # state.ip *might be* changed to be the real address
+                # of syscall SimProcedures by syscall handling code in angr
+                state.regs.ip_at_syscall = state.ip
+            else:
+                # The architecture doesn't have an ip_at_syscall register.
+                # Nothing to do but hope vigorously.
+                l.warning(f"Handling syscall on arch {state.arch.name:s} without ip_at_syscall register")
 
             try:
                 symbolic_syscall_num, concrete_syscall_nums = self._resolve_syscall(state)
@@ -533,10 +545,4 @@ class SimSuccessors:
 
 
 # pylint: disable=wrong-import-position
-from angr.state_plugins.inspect import BP_BEFORE, BP_AFTER
-from angr.errors import SimSolverModeError, AngrUnsupportedSyscallError, AngrSyscallError, SimValueError, SimUnsatError
 from angr.calling_conventions import SYSCALL_CC
-from angr.state_plugins.sim_action_object import _raw_ast
-from angr.state_plugins.callstack import CallStack
-from angr.storage import DUMMY_SYMBOLIC_READ_VALUE
-from angr import sim_options as o

angr/engines/syscall.py

@@ -1,12 +1,13 @@
 from __future__ import annotations
-import angr
 import logging
 
-l = logging.getLogger(name=__name__)
-
+import angr
+from angr.errors import AngrUnsupportedSyscallError
 from .engine import SuccessorsMixin
 from .procedure import ProcedureMixin
 
+l = logging.getLogger(name=__name__)
+
 
 # pylint:disable=abstract-method,arguments-differ
 class SimEngineSyscall(SuccessorsMixin, ProcedureMixin):
@@ -48,6 +49,3 @@ class SimEngineSyscall(SuccessorsMixin, ProcedureMixin):
             sys_procedure = angr.SIM_PROCEDURES["stubs"]["syscall"](cc=cc)
 
         return self.process_procedure(state, successors, sys_procedure, **kwargs)
-
-
-from angr.errors import AngrUnsupportedSyscallError

angr/engines/unicorn.py

@@ -6,6 +6,7 @@ import logging
 import archinfo
 import claripy
 
+import angr
 from angr.errors import SimIRSBError, SimIRSBNoDecodeError, SimValueError
 from .engine import SuccessorsMixin
 from .vex.heavy.heavy import VEXEarlyExit
@@ -30,8 +31,8 @@ class SimEngineUnicorn(SuccessorsMixin):
     - extra_stop_points:   A collection of addresses at which execution should halt
     """
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
+    def __init__(self, project: angr.Project):
+        super().__init__(project)
         # Cache of details of basic blocks containing statements that need to re-executed
         self._block_details_cache = {}
         # Addresses of basic blocks which native interface will not execute

angr/engines/vex/claripy/ccall.py

@@ -3,8 +3,11 @@ import logging
 
 import claripy
 from archinfo.arch_arm import is_arm_arch
-from angr.state_plugins.sim_action_object import _raw_ast, SimActionObject
+
 from angr import errors
+from angr.errors import SimError, SimCCallError
+from angr.sim_options import USE_SIMPLIFIED_CCALLS
+from angr.state_plugins.sim_action_object import _raw_ast, SimActionObject
 
 l = logging.getLogger(name=__name__)
 
@@ -2020,11 +2023,10 @@ def _get_flags(state) -> claripy.ast.bv.BV:
     except CCallMultivaluedException as e:
         cases, to_replace = e.args
         args = [cc_op, cc_dep1, cc_dep2, cc_ndep]
-        for i, arg in enumerate(args):
-            if arg is to_replace:
-                break
-        else:
-            raise errors.UnsupportedCCallError("Trying to concretize a value which is not an argument")
+        try:
+            i = args.index(to_replace)
+        except ValueError as ve:
+            raise errors.UnsupportedCCallError("Trying to concretize a value which is not an argument") from ve
         return claripy.ite_cases([(case, func(state, *args[:i], value_, *args[i + 1 :])) for case, value_ in cases], 0)
 
 
@@ -2064,7 +2066,3 @@ def _get_nbits(cc_str):
     elif cc_str.endswith("64"):
         nbits = 64
     return nbits
-
-
-from angr.errors import SimError, SimCCallError
-from angr.sim_options import USE_SIMPLIFIED_CCALLS

angr/engines/vex/claripy/datalayer.py

@@ -130,11 +130,10 @@ class ClaripyDataMixin(VEXMixin):
         except ccall.CCallMultivaluedException as e:
             cases, to_replace = e.args
             # pylint: disable=undefined-loop-variable
-            for i, arg in enumerate(args):
-                if arg is to_replace:
-                    break
-            else:
-                raise errors.UnsupportedCCallError("Trying to concretize a value which is not an argument")
+            try:
+                i = args.index(to_replace)
+            except ValueError as ve:
+                raise errors.UnsupportedCCallError("Trying to concretize a value which is not an argument") from ve
             evaluated_cases = [(case, func(self.state, *args[:i], value_, *args[i + 1 :])) for case, value_ in cases]
             try:
                 return claripy.ite_cases(evaluated_cases, value(ty, 0))

angr/engines/vex/lifter.py

@@ -57,7 +57,7 @@ class VEXLifter(SimEngineBase):
                 self.selfmodifying_code = False
 
         # block cache
-        self._block_cache = None
+        self._block_cache: LRUCache = None
         self._block_cache_hits = 0
         self._block_cache_misses = 0
 
@@ -78,8 +78,8 @@ class VEXLifter(SimEngineBase):
         self,
         addr=None,
         state=None,
-        clemory=None,
-        insn_bytes=None,
+        clemory: cle.Clemory | cle.ClemoryReadOnlyView | None = None,
+        insn_bytes: bytes | None = None,
         offset=None,
         arch=None,
         size=None,
@@ -94,7 +94,7 @@ class VEXLifter(SimEngineBase):
         cross_insn_opt=None,
         load_from_ro_regions=False,
         const_prop=False,
-    ):
+    ) -> pyvex.IRSB:
         """
         Lift an IRSB.
 
@@ -245,6 +245,7 @@ class VEXLifter(SimEngineBase):
             raise SimEngineError(f"No bytes in memory for block starting at {addr:#x}.")
 
         # phase 5: call into pyvex
+        buff: bytes | claripy.ast.BV
         l.debug("Creating IRSB of %s at %#x", arch, addr)
         try:
             for subphase in range(2):
@@ -287,7 +288,9 @@ class VEXLifter(SimEngineBase):
                 l.debug("Using bytes: %r", pyvex.ffi.buffer(buff, size))
             raise SimTranslationError("Unable to translate bytecode") from e
 
-    def _load_bytes(self, addr, max_size, state=None, clemory=None):
+    def _load_bytes(
+        self, addr, max_size, state=None, clemory: cle.Clemory | cle.ClemoryReadOnlyView | None = None
+    ) -> tuple[bytes, int, int]:
         if clemory is None and state is None:
             raise SimEngineError("state and clemory cannot both be None in _load_bytes().")
 
@@ -308,7 +311,7 @@ class VEXLifter(SimEngineBase):
 
         # Load from the clemory if we can
         if not load_from_state or not state:
-            if isinstance(clemory, cle.Clemory):
+            if isinstance(clemory, (cle.Clemory, cle.ClemoryReadOnlyView)):
                 try:
                     start, backer = next(clemory.backers(addr))
                 except StopIteration: