angr 9.2.139__py3-none-manylinux2014_x86_64.whl → 9.2.140__py3-none-manylinux2014_x86_64.whl

angr/factory.py

@@ -10,7 +10,7 @@ from archinfo.arch_soot import ArchSoot, SootAddressDescriptor
 from .sim_state import SimState
 from .calling_conventions import default_cc, SimRegArg, SimStackArg, PointerWrapper, SimCCUnknown
 from .callable import Callable
-from .errors import AngrAssemblyError, AngrError
+from .errors import AngrError
 from .engines import UberEngine, ProcedureEngine
 from .sim_type import SimTypeFunction, SimTypeInt
 from .codenode import HookNode, SyscallNode
@@ -245,6 +245,7 @@ class AngrObjectFactory:
         cc=None,
         add_options=None,
         remove_options=None,
+        step_limit: int | None = None,
     ):
         """
         A Callable is a representation of a function in the binary that can be interacted with like a native python
@@ -257,6 +258,7 @@ class AngrObjectFactory:
         :param base_state:      The state from which to do these runs
         :param toc:             The address of the table of contents for ppc64
         :param cc:              The SimCC to use for a calling convention
+        :param step_limit:      The maximum number of blocks that Callable will execute before pruning the path.
         :returns:               A Callable object that can be used as a interface for executing guest code like a
                                 python function.
         :rtype:                 angr.callable.Callable
@@ -272,6 +274,7 @@ class AngrObjectFactory:
             cc=cc,
             add_options=add_options,
             remove_options=remove_options,
+            step_limit=step_limit,
         )
 
     def cc(self):
@@ -300,7 +303,6 @@ class AngrObjectFactory:
         size=None,
         max_size=None,
         byte_string=None,
-        vex=None,
         thumb=False,
         backup_state=None,
         extra_stop_points=None,
@@ -308,7 +310,6 @@ class AngrObjectFactory:
         num_inst=None,
         traceflags=0,
         insn_bytes=None,
-        insn_text=None,  # backward compatibility
         strict_block_end=None,
         collect_data_refs=False,
         cross_insn_opt=True,
@@ -326,7 +327,6 @@ class AngrObjectFactory:
         size=None,
         max_size=None,
         byte_string=None,
-        vex=None,
         thumb=False,
         backup_state=None,
         extra_stop_points=None,
@@ -334,7 +334,6 @@ class AngrObjectFactory:
         num_inst=None,
         traceflags=0,
         insn_bytes=None,
-        insn_text=None,  # backward compatibility
         strict_block_end=None,
         collect_data_refs=False,
         load_from_ro_regions=False,
@@ -349,7 +348,6 @@ class AngrObjectFactory:
         size=None,
         max_size=None,
         byte_string=None,
-        vex=None,
         thumb=False,
         backup_state=None,
         extra_stop_points=None,
@@ -357,7 +355,6 @@ class AngrObjectFactory:
         num_inst=None,
         traceflags=0,
         insn_bytes=None,
-        insn_text=None,  # backward compatibility
         strict_block_end=None,
         collect_data_refs=False,
         cross_insn_opt=True,
@@ -369,27 +366,15 @@ class AngrObjectFactory:
         if isinstance(self.project.arch, ArchSoot) and isinstance(addr, SootAddressDescriptor):
             return SootBlock(addr, arch=self.project.arch, project=self.project)
 
-        if insn_bytes is not None and insn_text is not None:
-            raise AngrError("You cannot provide both 'insn_bytes' and 'insn_text'!")
-
         if insn_bytes is not None:
             byte_string = insn_bytes
 
-        if insn_text is not None:
-            byte_string = self.project.arch.asm(insn_text, addr=addr, as_bytes=True, thumb=thumb)
-            if byte_string is None:
-                # assembly failed
-                raise AngrAssemblyError(
-                    "Assembling failed. Please make sure keystone is installed, and the assembly string is correct."
-                )
-
         return Block(
             addr,
             project=self.project,
             size=size,
             max_size=max_size,
             byte_string=byte_string,
-            vex=vex,
             extra_stop_points=extra_stop_points,
             thumb=thumb,
             backup_state=backup_state,

angr/knowledge_plugins/key_definitions/atoms.py

@@ -3,7 +3,7 @@ from enum import Enum, auto
 
 import claripy
 import ailment
-from archinfo import Arch, RegisterOffset
+from archinfo import Arch, Endness, RegisterOffset
 
 from angr.calling_conventions import SimFunctionArgument, SimRegArg, SimStackArg
 from angr.engines.light import SpOffset
@@ -123,7 +123,7 @@ class Atom:
     register = reg
 
     @staticmethod
-    def mem(addr: SpOffset | HeapAddress | int, size: int, endness: str | None = None) -> MemoryLocation:
+    def mem(addr: SpOffset | HeapAddress | int, size: int, endness: Endness | None = None) -> MemoryLocation:
         """
         Create a MemoryLocation atom,
 
@@ -251,7 +251,11 @@ class VirtualVariable(Atom):
     )
 
     def __init__(
-        self, varid: int, size: int, category: ailment.Expr.VirtualVariableCategory, oident: str | int | None = None
+        self,
+        varid: int,
+        size: int,
+        category: ailment.Expr.VirtualVariableCategory,
+        oident: str | int | tuple | None = None,
     ):
         super().__init__(size)
 
@@ -310,7 +314,7 @@ class MemoryLocation(Atom):
         "endness",
     )
 
-    def __init__(self, addr: SpOffset | HeapAddress | int, size: int, endness: str | None = None):
+    def __init__(self, addr: SpOffset | HeapAddress | int, size: int, endness: Endness | None = None):
         """
         :param int addr: The address of the beginning memory location slice.
         :param int size: The size of the represented memory location, in bytes.

angr/knowledge_plugins/key_definitions/live_definitions.py

@@ -1,26 +1,26 @@
 from __future__ import annotations
 from typing import Any, TYPE_CHECKING, cast, overload
+from collections import defaultdict
 from collections.abc import Iterable, Generator
+from enum import Enum, auto
 import weakref
 import logging
-from enum import Enum, auto
-
-from collections import defaultdict
 
 import claripy
 from claripy.annotation import Annotation
 import archinfo
 
-from angr.misc.ux import deprecated
 from angr.errors import SimMemoryMissingError, SimMemoryError
 from angr.storage.memory_mixins import MultiValuedMemory
 from angr.storage.memory_mixins.paged_memory.pages.multi_values import MVType, MultiValues
 from angr.knowledge_plugins.key_definitions.definition import A
 from angr.engines.light import SpOffset
 from angr.code_location import CodeLocation, ExternalCodeLocation
+from angr.utils.constants import is_alignment_mask
 from .atoms import Atom, Register, MemoryLocation, Tmp, ConstantSrc
 from .definition import Definition, Tag
 from .heap_address import HeapAddress
+from .undefined import Undefined
 from .uses import Uses
 
 if TYPE_CHECKING:
@@ -207,26 +207,6 @@ class LiveDefinitions:
 
         self.uses_by_codeloc: dict[CodeLocation, set[Definition]] = defaultdict(set)
 
-    @property
-    @deprecated("registers")
-    def register_definitions(self) -> MultiValuedMemory:
-        return self.registers
-
-    @property
-    @deprecated("stack")
-    def stack_definitions(self) -> MultiValuedMemory:
-        return self.stack
-
-    @property
-    @deprecated("memory")
-    def memory_definitions(self) -> MultiValuedMemory:
-        return self.memory
-
-    @property
-    @deprecated("heap")
-    def heap_definitions(self) -> MultiValuedMemory:
-        return self.heap
-
     def __repr__(self):
         ctnt = "LiveDefs"
         if self.tmps:
@@ -359,6 +339,19 @@ class LiveDefinitions:
                     return off0 - off1
         return None
 
+    @staticmethod
+    def _simplify_sp_alignment(data: MultiValues) -> MultiValues:
+        """
+        Eliminate trivial stack pointer alignment, e.g.: {sp & ~0xf} -> {sp}
+        """
+        value = data.one_value()
+        if value is not None and "stack_base" in value.variables and value.op == "__and__" and len(value.args) == 2:
+            if value.args[1].concrete and is_alignment_mask(value.args[1].concrete_value):
+                return MultiValues(value.args[0])
+            if value.args[0].concrete and is_alignment_mask(value.args[0].concrete_value):
+                return MultiValues(value.args[1])
+        return data
+
     @staticmethod
     def annotate_with_def(symvar: MVType, definition: Definition) -> MVType:
         """
@@ -521,7 +514,8 @@ class LiveDefinitions:
                 else:
                     l.warning("Skip stack storing since the stack offset is None.")
             elif isinstance(atom.addr, HeapAddress):
-                self.heap.erase(atom.addr.value, size=atom.size)
+                if not isinstance(atom.addr.value, Undefined):
+                    self.heap.erase(atom.addr.value, size=atom.size)
             elif isinstance(atom.addr, int):
                 self.memory.erase(atom.addr, size=atom.size)
             elif isinstance(atom.addr, claripy.ast.Base):
@@ -571,6 +565,11 @@ class LiveDefinitions:
 
         # set_object() replaces kill (not implemented) and add (add) in one step
         if isinstance(atom, Register):
+
+            # Tolerate simple stack pointer alignments
+            if atom.reg_offset == self.arch.sp_offset:
+                d = self._simplify_sp_alignment(d)
+
             try:
                 self.registers.store(
                     atom.reg_offset,
@@ -611,7 +610,7 @@ class LiveDefinitions:
                 return None
         elif isinstance(atom, Tmp):
             if self.track_tmps:
-                self.tmps[atom.tmp_idx] = {definition}
+                self.tmps[atom.tmp_idx] = {Definition(atom, code_loc, dummy=dummy, tags=tags)}
             else:
                 self.tmps[atom.tmp_idx] = self.uses_by_codeloc[code_loc]
                 return None
@@ -686,6 +685,8 @@ class LiveDefinitions:
             if isinstance(thing.addr, SpOffset):
                 return self.get_stack_definitions(thing.addr.offset, thing.size)
             if isinstance(thing.addr, HeapAddress):
+                if isinstance(thing.addr.value, Undefined):
+                    return set()
                 return self.get_heap_definitions(thing.addr.value, size=thing.size)
             if isinstance(thing.addr, int):
                 return self.get_memory_definitions(thing.addr, thing.size)
@@ -747,72 +748,9 @@ class LiveDefinitions:
 
         return LiveDefinitions.extract_defs_from_annotations(annotations)
 
-    @deprecated("get_definitions")
-    def get_definitions_from_atoms(self, atoms: Iterable[A]) -> Iterable[Definition]:
-        result = set()
-        for atom in atoms:
-            result |= self.get_definitions(atom)
-        return result
-
-    @deprecated("get_values")
-    def get_value_from_definition(self, definition: Definition) -> MultiValues | None:
-        return self.get_value_from_atom(definition.atom)
-
-    @deprecated("get_one_value")
-    def get_one_value_from_definition(self, definition: Definition) -> claripy.ast.bv.BV | None:
-        return self.get_one_value_from_atom(definition.atom)
-
-    @deprecated("get_concrete_value")
-    def get_concrete_value_from_definition(self, definition: Definition) -> int | None:
-        return self.get_concrete_value_from_atom(definition.atom)
-
-    @deprecated("get_values")
-    def get_value_from_atom(self, atom: Atom) -> MultiValues | None:
-        if isinstance(atom, Register):
-            try:
-                return self.registers.load(atom.reg_offset, size=atom.size)
-            except SimMemoryMissingError:
-                return None
-        elif isinstance(atom, MemoryLocation):
-            if isinstance(atom.addr, SpOffset):
-                stack_addr = self.stack_offset_to_stack_addr(atom.addr.offset)
-                try:
-                    return self.stack.load(stack_addr, size=atom.size, endness=atom.endness)
-                except SimMemoryMissingError:
-                    return None
-            elif isinstance(atom.addr, HeapAddress):
-                try:
-                    return self.heap.load(atom.addr.value, size=atom.size, endness=atom.endness)
-                except SimMemoryMissingError:
-                    return None
-            elif isinstance(atom.addr, int):
-                try:
-                    return self.memory.load(atom.addr, size=atom.size, endness=atom.endness)
-                except SimMemoryMissingError:
-                    return None
-            else:
-                # ignore RegisterOffset
-                return None
-        else:
-            return None
-
-    @deprecated("get_one_value")
-    def get_one_value_from_atom(self, atom: Atom) -> claripy.ast.bv.BV | None:
-        r = self.get_value_from_atom(atom)
-        if r is None:
-            return None
-        return r.one_value()
-
-    @deprecated("get_concrete_value")
-    def get_concrete_value_from_atom(self, atom: Atom) -> int | None:
-        r = self.get_one_value_from_atom(atom)
-        if r is None:
-            return None
-        if r.symbolic:
-            return None
-        return r.concrete_value
-
-    def get_values(self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]]) -> MultiValues | None:
+    def get_values(
+        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], endness: archinfo.Endness | None = None
+    ) -> MultiValues | None:
         if isinstance(spec, Definition):
             atom = spec.atom
         elif isinstance(spec, Atom):
@@ -820,7 +758,7 @@ class LiveDefinitions:
         else:
             result = None
             for atom in spec:
-                r = self.get_values(atom)
+                r = self.get_values(atom, endness)
                 if r is None:
                     continue
                 result = r if result is None else result.merge(r)
@@ -831,27 +769,29 @@ class LiveDefinitions:
                 return self.registers.load(atom.reg_offset, size=atom.size)
             except SimMemoryMissingError:
                 return None
-        elif isinstance(atom, MemoryLocation):
+
+        if isinstance(atom, MemoryLocation):
+            endness = endness or atom.endness
             if isinstance(atom.addr, SpOffset):
                 stack_addr = self.stack_offset_to_stack_addr(atom.addr.offset)
                 try:
-                    return self.stack.load(stack_addr, size=atom.size, endness=atom.endness)
+                    return self.stack.load(stack_addr, size=atom.size, endness=endness)
                 except SimMemoryMissingError:
                     return None
             elif isinstance(atom.addr, HeapAddress):
                 try:
-                    return self.heap.load(atom.addr.value, size=atom.size, endness=atom.endness)
+                    return self.heap.load(atom.addr.value, size=atom.size, endness=endness)
                 except SimMemoryMissingError:
                     return None
             elif isinstance(atom.addr, int):
                 try:
-                    return self.memory.load(atom.addr, size=atom.size, endness=atom.endness)
+                    return self.memory.load(atom.addr, size=atom.size, endness=endness)
                 except SimMemoryMissingError:
                     pass
                 if self.project is not None:
                     try:
                         bytestring = self.project.loader.memory.load(atom.addr, atom.size)
-                        if atom.endness == archinfo.Endness.LE:
+                        if endness == archinfo.Endness.LE:
                             bytestring = bytes(reversed(bytestring))
                         return MultiValues(
                             self.annotate_with_def(claripy.BVV(bytestring), Definition(atom, ExternalCodeLocation()))
@@ -877,14 +817,12 @@ class LiveDefinitions:
 
     @overload
     def get_concrete_value(
-        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], cast_to: type[int] = ...
+        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], cast_to: type[int]
     ) -> int | None: ...
 
     @overload
     def get_concrete_value(
-        self,
-        spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]],
-        cast_to: type[bytes] = ...,
+        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], cast_to: type[bytes]
     ) -> bytes | None: ...
 
     def get_concrete_value(
@@ -991,7 +929,7 @@ class LiveDefinitions:
 
     def deref(self, pointer, size, endness=archinfo.Endness.BE):
         if isinstance(pointer, (Atom, Definition)):
-            pointer = self.get_values(pointer)
+            pointer = self.get_values(pointer, self.arch.memory_endness)
             if pointer is None:
                 return set()
 

angr/sim_type.py

@@ -20,10 +20,8 @@ from .misc.ux import deprecated
 
 if TYPE_CHECKING:
     from angr.procedures.definitions import SimTypeCollection
-    from angr.storage.memory_mixins import _Coerce
-
-    StoreType = _Coerce
 
+StoreType = int | claripy.ast.BV
 
 l = logging.getLogger(name=__name__)
 
@@ -318,6 +316,8 @@ class SimTypeReg(SimType):
         return f"reg{self.size}_t"
 
     def store(self, state, addr, value: StoreType):
+        if self.size is None:
+            raise TypeError("Need a size to store")
         store_endness = state.arch.memory_endness
         with contextlib.suppress(AttributeError):
             value = value.ast  # type: ignore
@@ -366,7 +366,7 @@ class SimTypeNum(SimType):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         out = state.memory.load(addr, self.size // state.arch.byte_width, endness=state.arch.memory_endness)
@@ -445,7 +445,7 @@ class SimTypeInt(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         out = state.memory.load(addr, self.size // state.arch.byte_width, endness=state.arch.memory_endness)
@@ -575,7 +575,7 @@ class SimTypeChar(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> bytes: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> bytes: ...
 
     def extract(self, state, addr, concrete: bool = False) -> claripy.ast.BV | bytes:
         # FIXME: This is a hack.
@@ -665,7 +665,7 @@ class SimTypeBool(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.Bool: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> bool: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> bool: ...
 
     def extract(self, state, addr, concrete=False):
         ver = super().extract(state, addr, concrete)
@@ -715,7 +715,7 @@ class SimTypeFd(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         # TODO: EDG says this looks dangerously closed-minded. Just in case...
@@ -788,7 +788,7 @@ class SimTypePointer(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         # TODO: EDG says this looks dangerously closed-minded. Just in case...
@@ -848,7 +848,7 @@ class SimTypeReference(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         # TODO: EDG says this looks dangerously closed-minded. Just in case...
@@ -984,7 +984,7 @@ class SimTypeString(NamedTypeMixin, SimType):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> bytes: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> bytes: ...
 
     def extract(self, state: SimState, addr, concrete=False):
         if self.length is None:
@@ -1585,7 +1585,7 @@ class SimStructValue:
         for name in self._struct.fields:
             value = self._values[name]
             try:
-                f = value.__indented_repr__
+                f = value.__indented_repr__  # type: ignore[reportAttributeAccessIssue]
                 s = f(indent=indent + 2)
             except AttributeError:
                 s = repr(value)
@@ -1620,7 +1620,7 @@ class SimStructValue:
 class SimUnion(NamedTypeMixin, SimType):
     fields = ("members", "name")
 
-    def __init__(self, members, name=None, label=None):
+    def __init__(self, members: dict[str, SimType], name=None, label=None):
         """
         :param members:     The members of the union, as a mapping name -> type
         :param name:        The name of the union
@@ -1630,6 +1630,8 @@ class SimUnion(NamedTypeMixin, SimType):
 
     @property
     def size(self):
+        if self._arch is None:
+            raise ValueError("Can't tell my size without an arch!")
         member_sizes = [ty.size for ty in self.members.values() if not isinstance(ty, SimTypeBottom)]
         # fall back to word size in case all members are SimTypeBottom
         return max(member_sizes) if member_sizes else self._arch.bytes
@@ -1722,7 +1724,7 @@ class SimUnionValue:
         fields = []
         for name, value in self._values.items():
             try:
-                f = value.__indented_repr__
+                f = value.__indented_repr__  # type: ignore[reportAttributeAccessIssue]
                 s = f(indent=indent + 2)
             except AttributeError:
                 s = repr(value)
@@ -1820,7 +1822,7 @@ class SimCppClassValue(SimStructValue):
         for name in self._class.fields:
             value = self._values[name]
             try:
-                f = value.__indented_repr__
+                f = value.__indented_repr__  # type: ignore[reportAttributeAccessIssue]
                 s = f(indent=indent + 2)
             except AttributeError:
                 s = repr(value)
@@ -1864,10 +1866,10 @@ class SimTypeNumOffset(SimTypeNum):
         self.offset = offset
 
     @overload
-    def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
+    def extract(self, state: SimState, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state: SimState, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state: SimState, addr, concrete=False):
         if state.arch.memory_endness != Endness.LE:

angr/state_plugins/plugin.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
-from typing import cast
+from typing import Any, Generic, cast, TypeVar, Protocol
+from collections.abc import Callable
 
 import logging
 
@@ -9,6 +10,18 @@ from angr.misc.ux import once
 
 l = logging.getLogger(name=__name__)
 
+T = TypeVar("T")
+S_co = TypeVar("S_co", covariant=True)
+
+
+class _CopyFunc(Protocol, Generic[S_co]):
+    """
+    Function wrapping copy method for memo tracking.
+    """
+
+    @staticmethod
+    def __call__(memo: dict[int, Any] | None = None) -> S_co: ...
+
 
 class SimStatePlugin:
     """
@@ -55,12 +68,12 @@ class SimStatePlugin:
         return o
 
     @staticmethod
-    def memo(f):
+    def memo(f: Callable[[T, dict[int, Any]], S_co]) -> _CopyFunc[S_co]:
         """
         A decorator function you should apply to ``copy``
         """
 
-        def inner(self, memo=None, **kwargs):
+        def inner(self, memo: dict[int, Any] | None = None, **kwargs: Any) -> S_co:
             if memo is None:
                 memo = {}
             if id(self) in memo:
@@ -69,7 +82,9 @@ class SimStatePlugin:
             memo[id(self)] = c
             return c
 
-        return inner
+        # Type-checking fails here because we can't express the `self` partial-application with a Protocol
+        # and we can't express the optional `memo` parameter without a Protocol
+        return inner  # type: ignore
 
     def merge(self, others, merge_conditions, common_ancestor=None):  # pylint:disable=unused-argument
         """

angr/storage/memory_mixins/memory_mixin.py

@@ -80,7 +80,7 @@ class MemoryMixin(Generic[InData, OutData, Addr], SimStatePlugin):
     def store(self, addr: Addr, data: InData, size: InData | None = None, **kwargs) -> None: ...
 
     def merge(
-        self, others: list[Self], merge_conditions: list[claripy.ast.Bool], common_ancestor: Self | None = None
+        self, others: list[Self], merge_conditions: list[claripy.ast.Bool] | None, common_ancestor: Self | None = None
     ) -> bool: ...
 
     def compare(self, other: Self) -> bool: ...

angr/storage/memory_mixins/paged_memory/pages/multi_values.py

@@ -5,7 +5,6 @@ import archinfo
 
 import claripy
 
-from angr.errors import AngrTypeError
 from angr.storage.memory_object import bv_slice
 
 MVType = TypeVar("MVType", bound=claripy.ast.BV | claripy.ast.FP)
@@ -91,8 +90,10 @@ class MultiValues(Generic[MVType]):
             value_end = offset + value.size() // 8
             if value_end > succ_offset:
                 if isinstance(value, claripy.ast.FP):
-                    raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                    # no precise floating point support; it directly goes to TOP
+                    value = cast(MVType, claripy.BVS("top", value.size()))
                 # value is too long. we need to break value into two
+                assert isinstance(value, claripy.ast.BV)
                 mid_value_size = succ_offset - offset
                 remaining_value = cast(MVType, value[value.size() - mid_value_size * 8 - 1 : 0])
                 # update value
@@ -107,7 +108,8 @@ class MultiValues(Generic[MVType]):
                 remaining_values = set()
                 for v in self._values[offset]:
                     if isinstance(v, claripy.ast.FP):
-                        raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                        # no precise floating point support; it directly goes to TOP
+                        v = claripy.BVS("top", v.size())
 
                     new_curr_values.add(v[v.size() - 1 : v.size() - value.size()])
                     remaining_values.add(v[v.size() - value.size() - 1 : 0])
@@ -116,9 +118,11 @@ class MultiValues(Generic[MVType]):
                     self.add_value(offset + value.size() // 8, v)
             elif curr_value_size < value.size() // 8:
                 if isinstance(value, claripy.ast.FP):
-                    raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                    # no precise floating point support; it directly goes to TOP
+                    value = cast(MVType, claripy.BVS("top", value.size()))
 
                 # value is too long. we need to break value into two
+                assert isinstance(value, claripy.ast.BV)
                 remaining_value = cast(MVType, value[value.size() - curr_value_size * 8 - 1 : 0])
                 # update value
                 value = cast(MVType, value[value.size() - 1 : value.size() - curr_value_size * 8])
@@ -137,7 +141,8 @@ class MultiValues(Generic[MVType]):
                 remaining_values = set()
                 for v in pre_values:
                     if isinstance(v, claripy.ast.FP):
-                        raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                        # no precise floating point support; it directly goes to TOP
+                        v = claripy.BVS("top", v.size())
                     new_pre_values.add(v[v.size() - 1 : v.size() - new_pre_value_size * 8])
                     remaining_values.add(v[v.size() - new_pre_value_size * 8 - 1 : 0])
                 self._values[pre_offset] = new_pre_values