angr 9.2.139__py3-none-manylinux2014_x86_64.whl → 9.2.141__py3-none-manylinux2014_x86_64.whl

angr/engines/vex/heavy/heavy.py

@@ -3,7 +3,7 @@ import logging
 import claripy
 import pyvex
 
-from angr.engines.engine import SuccessorsMixin
+from angr.engines.successors import SuccessorsEngine
 from angr.engines.vex.light import VEXMixin
 from angr.engines.vex.lifter import VEXLifter
 from angr.engines.vex.claripy.datalayer import ClaripyDataMixin, symbol
@@ -57,7 +57,7 @@ class SimStateStorageMixin(VEXMixin):
 
 
 # pylint:disable=arguments-differ
-class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEXMixin, VEXLifter):
+class HeavyVEXMixin(SuccessorsEngine, ClaripyDataMixin, SimStateStorageMixin, VEXMixin, VEXLifter):
     """
     Execution engine based on VEX, Valgrind's IR.
 
@@ -83,7 +83,6 @@ class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEX
         self,
         successors,
         irsb=None,
-        insn_text=None,
         insn_bytes=None,
         thumb=False,
         size=None,
@@ -99,21 +98,10 @@ class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEX
                 extra_stop_points=extra_stop_points,
                 num_inst=num_inst,
                 size=size,
-                insn_text=insn_text,
                 insn_bytes=insn_bytes,
                 **kwargs,
             )
 
-        if insn_text is not None:
-            if insn_bytes is not None:
-                raise errors.SimEngineError("You cannot provide both 'insn_bytes' and 'insn_text'!")
-
-            insn_bytes = self.project.arch.asm(insn_text, addr=successors.addr, thumb=thumb)
-            if insn_bytes is None:
-                raise errors.AngrAssemblyError(
-                    "Assembling failed. Please make sure keystone is installed, and the assembly string is correct."
-                )
-
         successors.sort = "IRSB"
         successors.description = "IRSB"
         self.state.history.recent_block_count = 1
@@ -137,9 +125,9 @@ class HeavyVEXMixin(SuccessorsMixin, ClaripyDataMixin, SimStateStorageMixin, VEX
 
             if irsb is None:
                 irsb = self.lift_vex(
+                    insn_bytes=insn_bytes,
                     addr=addr,
                     state=self.state,
-                    insn_bytes=insn_bytes,
                     thumb=thumb,
                     size=size,
                     num_inst=num_inst,

angr/factory.py

@@ -7,10 +7,11 @@ from typing import overload, TYPE_CHECKING
 import archinfo
 from archinfo.arch_soot import ArchSoot, SootAddressDescriptor
 
+from .knowledge_plugins.functions import Function
 from .sim_state import SimState
 from .calling_conventions import default_cc, SimRegArg, SimStackArg, PointerWrapper, SimCCUnknown
 from .callable import Callable
-from .errors import AngrAssemblyError, AngrError
+from .errors import AngrError
 from .engines import UberEngine, ProcedureEngine
 from .sim_type import SimTypeFunction, SimTypeInt
 from .codenode import HookNode, SyscallNode
@@ -236,7 +237,7 @@ class AngrObjectFactory:
 
     def callable(
         self,
-        addr,
+        addr: int | Function,
         prototype=None,
         concrete_only=False,
         perform_merge=True,
@@ -245,22 +246,28 @@ class AngrObjectFactory:
         cc=None,
         add_options=None,
         remove_options=None,
+        step_limit: int | None = None,
     ):
         """
         A Callable is a representation of a function in the binary that can be interacted with like a native python
         function.
 
-        :param addr:            The address of the function to use
-        :param prototype:         The prototype of the call to use, as a string or a SimTypeFunction
+        :param addr:            The address of the function to use. If you pass in the function object, we will take
+                                its addr.
+        :param prototype:       The prototype of the call to use, as a string or a SimTypeFunction
         :param concrete_only:   Throw an exception if the execution splits into multiple states
         :param perform_merge:   Merge all result states into one at the end (only relevant if concrete_only=False)
         :param base_state:      The state from which to do these runs
         :param toc:             The address of the table of contents for ppc64
         :param cc:              The SimCC to use for a calling convention
+        :param step_limit:      The maximum number of blocks that Callable will execute before pruning the path.
         :returns:               A Callable object that can be used as a interface for executing guest code like a
                                 python function.
         :rtype:                 angr.callable.Callable
         """
+        if isinstance(addr, Function):
+            addr = addr.addr
+
         return Callable(
             self.project,
             addr=addr,
@@ -272,6 +279,7 @@ class AngrObjectFactory:
             cc=cc,
             add_options=add_options,
             remove_options=remove_options,
+            step_limit=step_limit,
         )
 
     def cc(self):
@@ -300,7 +308,6 @@ class AngrObjectFactory:
         size=None,
         max_size=None,
         byte_string=None,
-        vex=None,
         thumb=False,
         backup_state=None,
         extra_stop_points=None,
@@ -308,7 +315,6 @@ class AngrObjectFactory:
         num_inst=None,
         traceflags=0,
         insn_bytes=None,
-        insn_text=None,  # backward compatibility
         strict_block_end=None,
         collect_data_refs=False,
         cross_insn_opt=True,
@@ -326,7 +332,6 @@ class AngrObjectFactory:
         size=None,
         max_size=None,
         byte_string=None,
-        vex=None,
         thumb=False,
         backup_state=None,
         extra_stop_points=None,
@@ -334,7 +339,6 @@ class AngrObjectFactory:
         num_inst=None,
         traceflags=0,
         insn_bytes=None,
-        insn_text=None,  # backward compatibility
         strict_block_end=None,
         collect_data_refs=False,
         load_from_ro_regions=False,
@@ -349,7 +353,6 @@ class AngrObjectFactory:
         size=None,
         max_size=None,
         byte_string=None,
-        vex=None,
         thumb=False,
         backup_state=None,
         extra_stop_points=None,
@@ -357,7 +360,6 @@ class AngrObjectFactory:
         num_inst=None,
         traceflags=0,
         insn_bytes=None,
-        insn_text=None,  # backward compatibility
         strict_block_end=None,
         collect_data_refs=False,
         cross_insn_opt=True,
@@ -369,27 +371,15 @@ class AngrObjectFactory:
         if isinstance(self.project.arch, ArchSoot) and isinstance(addr, SootAddressDescriptor):
             return SootBlock(addr, arch=self.project.arch, project=self.project)
 
-        if insn_bytes is not None and insn_text is not None:
-            raise AngrError("You cannot provide both 'insn_bytes' and 'insn_text'!")
-
         if insn_bytes is not None:
             byte_string = insn_bytes
 
-        if insn_text is not None:
-            byte_string = self.project.arch.asm(insn_text, addr=addr, as_bytes=True, thumb=thumb)
-            if byte_string is None:
-                # assembly failed
-                raise AngrAssemblyError(
-                    "Assembling failed. Please make sure keystone is installed, and the assembly string is correct."
-                )
-
         return Block(
             addr,
             project=self.project,
             size=size,
             max_size=max_size,
             byte_string=byte_string,
-            vex=vex,
             extra_stop_points=extra_stop_points,
             thumb=thumb,
             backup_state=backup_state,

angr/knowledge_plugins/key_definitions/atoms.py

@@ -3,7 +3,7 @@ from enum import Enum, auto
 
 import claripy
 import ailment
-from archinfo import Arch, RegisterOffset
+from archinfo import Arch, Endness, RegisterOffset
 
 from angr.calling_conventions import SimFunctionArgument, SimRegArg, SimStackArg
 from angr.engines.light import SpOffset
@@ -123,7 +123,7 @@ class Atom:
     register = reg
 
     @staticmethod
-    def mem(addr: SpOffset | HeapAddress | int, size: int, endness: str | None = None) -> MemoryLocation:
+    def mem(addr: SpOffset | HeapAddress | int, size: int, endness: Endness | None = None) -> MemoryLocation:
         """
         Create a MemoryLocation atom,
 
@@ -251,7 +251,11 @@ class VirtualVariable(Atom):
     )
 
     def __init__(
-        self, varid: int, size: int, category: ailment.Expr.VirtualVariableCategory, oident: str | int | None = None
+        self,
+        varid: int,
+        size: int,
+        category: ailment.Expr.VirtualVariableCategory,
+        oident: str | int | tuple | None = None,
     ):
         super().__init__(size)
 
@@ -310,7 +314,7 @@ class MemoryLocation(Atom):
         "endness",
     )
 
-    def __init__(self, addr: SpOffset | HeapAddress | int, size: int, endness: str | None = None):
+    def __init__(self, addr: SpOffset | HeapAddress | int, size: int, endness: Endness | None = None):
         """
         :param int addr: The address of the beginning memory location slice.
         :param int size: The size of the represented memory location, in bytes.

angr/knowledge_plugins/key_definitions/live_definitions.py

@@ -1,26 +1,26 @@
 from __future__ import annotations
 from typing import Any, TYPE_CHECKING, cast, overload
+from collections import defaultdict
 from collections.abc import Iterable, Generator
+from enum import Enum, auto
 import weakref
 import logging
-from enum import Enum, auto
-
-from collections import defaultdict
 
 import claripy
 from claripy.annotation import Annotation
 import archinfo
 
-from angr.misc.ux import deprecated
 from angr.errors import SimMemoryMissingError, SimMemoryError
 from angr.storage.memory_mixins import MultiValuedMemory
 from angr.storage.memory_mixins.paged_memory.pages.multi_values import MVType, MultiValues
 from angr.knowledge_plugins.key_definitions.definition import A
 from angr.engines.light import SpOffset
 from angr.code_location import CodeLocation, ExternalCodeLocation
+from angr.utils.constants import is_alignment_mask
 from .atoms import Atom, Register, MemoryLocation, Tmp, ConstantSrc
 from .definition import Definition, Tag
 from .heap_address import HeapAddress
+from .undefined import Undefined
 from .uses import Uses
 
 if TYPE_CHECKING:
@@ -207,26 +207,6 @@ class LiveDefinitions:
 
         self.uses_by_codeloc: dict[CodeLocation, set[Definition]] = defaultdict(set)
 
-    @property
-    @deprecated("registers")
-    def register_definitions(self) -> MultiValuedMemory:
-        return self.registers
-
-    @property
-    @deprecated("stack")
-    def stack_definitions(self) -> MultiValuedMemory:
-        return self.stack
-
-    @property
-    @deprecated("memory")
-    def memory_definitions(self) -> MultiValuedMemory:
-        return self.memory
-
-    @property
-    @deprecated("heap")
-    def heap_definitions(self) -> MultiValuedMemory:
-        return self.heap
-
     def __repr__(self):
         ctnt = "LiveDefs"
         if self.tmps:
@@ -359,6 +339,19 @@ class LiveDefinitions:
                     return off0 - off1
         return None
 
+    @staticmethod
+    def _simplify_sp_alignment(data: MultiValues) -> MultiValues:
+        """
+        Eliminate trivial stack pointer alignment, e.g.: {sp & ~0xf} -> {sp}
+        """
+        value = data.one_value()
+        if value is not None and "stack_base" in value.variables and value.op == "__and__" and len(value.args) == 2:
+            if value.args[1].concrete and is_alignment_mask(value.args[1].concrete_value):
+                return MultiValues(value.args[0])
+            if value.args[0].concrete and is_alignment_mask(value.args[0].concrete_value):
+                return MultiValues(value.args[1])
+        return data
+
     @staticmethod
     def annotate_with_def(symvar: MVType, definition: Definition) -> MVType:
         """
@@ -521,7 +514,8 @@ class LiveDefinitions:
                 else:
                     l.warning("Skip stack storing since the stack offset is None.")
             elif isinstance(atom.addr, HeapAddress):
-                self.heap.erase(atom.addr.value, size=atom.size)
+                if not isinstance(atom.addr.value, Undefined):
+                    self.heap.erase(atom.addr.value, size=atom.size)
             elif isinstance(atom.addr, int):
                 self.memory.erase(atom.addr, size=atom.size)
             elif isinstance(atom.addr, claripy.ast.Base):
@@ -571,6 +565,11 @@ class LiveDefinitions:
 
         # set_object() replaces kill (not implemented) and add (add) in one step
         if isinstance(atom, Register):
+
+            # Tolerate simple stack pointer alignments
+            if atom.reg_offset == self.arch.sp_offset:
+                d = self._simplify_sp_alignment(d)
+
             try:
                 self.registers.store(
                     atom.reg_offset,
@@ -611,7 +610,7 @@ class LiveDefinitions:
                 return None
         elif isinstance(atom, Tmp):
             if self.track_tmps:
-                self.tmps[atom.tmp_idx] = {definition}
+                self.tmps[atom.tmp_idx] = {Definition(atom, code_loc, dummy=dummy, tags=tags)}
             else:
                 self.tmps[atom.tmp_idx] = self.uses_by_codeloc[code_loc]
                 return None
@@ -686,6 +685,8 @@ class LiveDefinitions:
             if isinstance(thing.addr, SpOffset):
                 return self.get_stack_definitions(thing.addr.offset, thing.size)
             if isinstance(thing.addr, HeapAddress):
+                if isinstance(thing.addr.value, Undefined):
+                    return set()
                 return self.get_heap_definitions(thing.addr.value, size=thing.size)
             if isinstance(thing.addr, int):
                 return self.get_memory_definitions(thing.addr, thing.size)
@@ -747,72 +748,9 @@ class LiveDefinitions:
 
         return LiveDefinitions.extract_defs_from_annotations(annotations)
 
-    @deprecated("get_definitions")
-    def get_definitions_from_atoms(self, atoms: Iterable[A]) -> Iterable[Definition]:
-        result = set()
-        for atom in atoms:
-            result |= self.get_definitions(atom)
-        return result
-
-    @deprecated("get_values")
-    def get_value_from_definition(self, definition: Definition) -> MultiValues | None:
-        return self.get_value_from_atom(definition.atom)
-
-    @deprecated("get_one_value")
-    def get_one_value_from_definition(self, definition: Definition) -> claripy.ast.bv.BV | None:
-        return self.get_one_value_from_atom(definition.atom)
-
-    @deprecated("get_concrete_value")
-    def get_concrete_value_from_definition(self, definition: Definition) -> int | None:
-        return self.get_concrete_value_from_atom(definition.atom)
-
-    @deprecated("get_values")
-    def get_value_from_atom(self, atom: Atom) -> MultiValues | None:
-        if isinstance(atom, Register):
-            try:
-                return self.registers.load(atom.reg_offset, size=atom.size)
-            except SimMemoryMissingError:
-                return None
-        elif isinstance(atom, MemoryLocation):
-            if isinstance(atom.addr, SpOffset):
-                stack_addr = self.stack_offset_to_stack_addr(atom.addr.offset)
-                try:
-                    return self.stack.load(stack_addr, size=atom.size, endness=atom.endness)
-                except SimMemoryMissingError:
-                    return None
-            elif isinstance(atom.addr, HeapAddress):
-                try:
-                    return self.heap.load(atom.addr.value, size=atom.size, endness=atom.endness)
-                except SimMemoryMissingError:
-                    return None
-            elif isinstance(atom.addr, int):
-                try:
-                    return self.memory.load(atom.addr, size=atom.size, endness=atom.endness)
-                except SimMemoryMissingError:
-                    return None
-            else:
-                # ignore RegisterOffset
-                return None
-        else:
-            return None
-
-    @deprecated("get_one_value")
-    def get_one_value_from_atom(self, atom: Atom) -> claripy.ast.bv.BV | None:
-        r = self.get_value_from_atom(atom)
-        if r is None:
-            return None
-        return r.one_value()
-
-    @deprecated("get_concrete_value")
-    def get_concrete_value_from_atom(self, atom: Atom) -> int | None:
-        r = self.get_one_value_from_atom(atom)
-        if r is None:
-            return None
-        if r.symbolic:
-            return None
-        return r.concrete_value
-
-    def get_values(self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]]) -> MultiValues | None:
+    def get_values(
+        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], endness: archinfo.Endness | None = None
+    ) -> MultiValues | None:
         if isinstance(spec, Definition):
             atom = spec.atom
         elif isinstance(spec, Atom):
@@ -820,7 +758,7 @@ class LiveDefinitions:
         else:
             result = None
             for atom in spec:
-                r = self.get_values(atom)
+                r = self.get_values(atom, endness)
                 if r is None:
                     continue
                 result = r if result is None else result.merge(r)
@@ -831,27 +769,29 @@ class LiveDefinitions:
                 return self.registers.load(atom.reg_offset, size=atom.size)
             except SimMemoryMissingError:
                 return None
-        elif isinstance(atom, MemoryLocation):
+
+        if isinstance(atom, MemoryLocation):
+            endness = endness or atom.endness
             if isinstance(atom.addr, SpOffset):
                 stack_addr = self.stack_offset_to_stack_addr(atom.addr.offset)
                 try:
-                    return self.stack.load(stack_addr, size=atom.size, endness=atom.endness)
+                    return self.stack.load(stack_addr, size=atom.size, endness=endness)
                 except SimMemoryMissingError:
                     return None
             elif isinstance(atom.addr, HeapAddress):
                 try:
-                    return self.heap.load(atom.addr.value, size=atom.size, endness=atom.endness)
+                    return self.heap.load(atom.addr.value, size=atom.size, endness=endness)
                 except SimMemoryMissingError:
                     return None
             elif isinstance(atom.addr, int):
                 try:
-                    return self.memory.load(atom.addr, size=atom.size, endness=atom.endness)
+                    return self.memory.load(atom.addr, size=atom.size, endness=endness)
                 except SimMemoryMissingError:
                     pass
                 if self.project is not None:
                     try:
                         bytestring = self.project.loader.memory.load(atom.addr, atom.size)
-                        if atom.endness == archinfo.Endness.LE:
+                        if endness == archinfo.Endness.LE:
                             bytestring = bytes(reversed(bytestring))
                         return MultiValues(
                             self.annotate_with_def(claripy.BVV(bytestring), Definition(atom, ExternalCodeLocation()))
@@ -877,14 +817,12 @@ class LiveDefinitions:
 
     @overload
     def get_concrete_value(
-        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], cast_to: type[int] = ...
+        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], cast_to: type[int]
     ) -> int | None: ...
 
     @overload
     def get_concrete_value(
-        self,
-        spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]],
-        cast_to: type[bytes] = ...,
+        self, spec: A | Definition[A] | Iterable[A] | Iterable[Definition[A]], cast_to: type[bytes]
     ) -> bytes | None: ...
 
     def get_concrete_value(
@@ -991,7 +929,7 @@ class LiveDefinitions:
 
     def deref(self, pointer, size, endness=archinfo.Endness.BE):
         if isinstance(pointer, (Atom, Definition)):
-            pointer = self.get_values(pointer)
+            pointer = self.get_values(pointer, self.arch.memory_endness)
             if pointer is None:
                 return set()
 

angr/knowledge_plugins/variables/variable_manager.py

@@ -12,6 +12,7 @@ from cle.backends.elf.variable import Variable
 
 from angr.utils.orderedset import OrderedSet
 from angr.utils.ail import is_phi_assignment
+from angr.utils.types import unpack_pointer, replace_pointer_pts_to
 from angr.protos import variables_pb2
 from angr.serializable import Serializable
 from angr.sim_variable import SimVariable, SimStackVariable, SimMemoryVariable, SimRegisterVariable
@@ -19,7 +20,6 @@ from angr.sim_type import (
     TypeRef,
     SimType,
     SimStruct,
-    SimTypePointer,
     SimTypeBottom,
     SimTypeChar,
     SimTypeShort,
@@ -985,10 +985,12 @@ class VariableManagerInternal(Serializable):
             if name not in self.types:
                 self.types[name] = TypeRef(name, ty).with_arch(self.manager._kb._project.arch)
             ty = self.types[name]
-        elif isinstance(ty, SimTypePointer) and isinstance(ty.pts_to, SimStruct):
-            typeref = self._register_struct_type(ty.pts_to)
-            ty = ty.copy().with_arch(self.manager._kb._project.arch)
-            ty.pts_to = typeref
+        elif (inner_ty := unpack_pointer(ty, iterative=True)) and isinstance(inner_ty, SimStruct):
+            typeref = self._register_struct_type(inner_ty)
+            # rebuild the multi-layer pointer type
+            replaced_ty = replace_pointer_pts_to(ty, inner_ty, typeref)
+            assert replaced_ty is not None
+            ty = replaced_ty.with_arch(self.manager._kb._project.arch)
         elif isinstance(ty, SimStruct):
             ty = self._register_struct_type(ty, name=name)
 

angr/sim_type.py

@@ -20,10 +20,8 @@ from .misc.ux import deprecated
 
 if TYPE_CHECKING:
     from angr.procedures.definitions import SimTypeCollection
-    from angr.storage.memory_mixins import _Coerce
-
-    StoreType = _Coerce
 
+StoreType = int | claripy.ast.BV
 
 l = logging.getLogger(name=__name__)
 
@@ -318,6 +316,8 @@ class SimTypeReg(SimType):
         return f"reg{self.size}_t"
 
     def store(self, state, addr, value: StoreType):
+        if self.size is None:
+            raise TypeError("Need a size to store")
         store_endness = state.arch.memory_endness
         with contextlib.suppress(AttributeError):
             value = value.ast  # type: ignore
@@ -366,7 +366,7 @@ class SimTypeNum(SimType):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         out = state.memory.load(addr, self.size // state.arch.byte_width, endness=state.arch.memory_endness)
@@ -445,7 +445,7 @@ class SimTypeInt(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         out = state.memory.load(addr, self.size // state.arch.byte_width, endness=state.arch.memory_endness)
@@ -575,7 +575,7 @@ class SimTypeChar(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> bytes: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> bytes: ...
 
     def extract(self, state, addr, concrete: bool = False) -> claripy.ast.BV | bytes:
         # FIXME: This is a hack.
@@ -665,7 +665,7 @@ class SimTypeBool(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.Bool: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> bool: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> bool: ...
 
     def extract(self, state, addr, concrete=False):
         ver = super().extract(state, addr, concrete)
@@ -715,7 +715,7 @@ class SimTypeFd(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         # TODO: EDG says this looks dangerously closed-minded. Just in case...
@@ -788,7 +788,7 @@ class SimTypePointer(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         # TODO: EDG says this looks dangerously closed-minded. Just in case...
@@ -848,7 +848,7 @@ class SimTypeReference(SimTypeReg):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state, addr, concrete=False):
         # TODO: EDG says this looks dangerously closed-minded. Just in case...
@@ -984,7 +984,7 @@ class SimTypeString(NamedTypeMixin, SimType):
     def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> bytes: ...
+    def extract(self, state, addr, concrete: Literal[True]) -> bytes: ...
 
     def extract(self, state: SimState, addr, concrete=False):
         if self.length is None:
@@ -1585,7 +1585,7 @@ class SimStructValue:
         for name in self._struct.fields:
             value = self._values[name]
             try:
-                f = value.__indented_repr__
+                f = value.__indented_repr__  # type: ignore[reportAttributeAccessIssue]
                 s = f(indent=indent + 2)
             except AttributeError:
                 s = repr(value)
@@ -1620,7 +1620,7 @@ class SimStructValue:
 class SimUnion(NamedTypeMixin, SimType):
     fields = ("members", "name")
 
-    def __init__(self, members, name=None, label=None):
+    def __init__(self, members: dict[str, SimType], name=None, label=None):
         """
         :param members:     The members of the union, as a mapping name -> type
         :param name:        The name of the union
@@ -1630,6 +1630,8 @@ class SimUnion(NamedTypeMixin, SimType):
 
     @property
     def size(self):
+        if self._arch is None:
+            raise ValueError("Can't tell my size without an arch!")
         member_sizes = [ty.size for ty in self.members.values() if not isinstance(ty, SimTypeBottom)]
         # fall back to word size in case all members are SimTypeBottom
         return max(member_sizes) if member_sizes else self._arch.bytes
@@ -1722,7 +1724,7 @@ class SimUnionValue:
         fields = []
         for name, value in self._values.items():
             try:
-                f = value.__indented_repr__
+                f = value.__indented_repr__  # type: ignore[reportAttributeAccessIssue]
                 s = f(indent=indent + 2)
             except AttributeError:
                 s = repr(value)
@@ -1820,7 +1822,7 @@ class SimCppClassValue(SimStructValue):
         for name in self._class.fields:
             value = self._values[name]
             try:
-                f = value.__indented_repr__
+                f = value.__indented_repr__  # type: ignore[reportAttributeAccessIssue]
                 s = f(indent=indent + 2)
             except AttributeError:
                 s = repr(value)
@@ -1864,10 +1866,10 @@ class SimTypeNumOffset(SimTypeNum):
         self.offset = offset
 
     @overload
-    def extract(self, state, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
+    def extract(self, state: SimState, addr, concrete: Literal[False] = ...) -> claripy.ast.BV: ...
 
     @overload
-    def extract(self, state, addr, concrete: Literal[True] = ...) -> int: ...
+    def extract(self, state: SimState, addr, concrete: Literal[True]) -> int: ...
 
     def extract(self, state: SimState, addr, concrete=False):
         if state.arch.memory_endness != Endness.LE:

angr/simos/simos.py

@@ -23,7 +23,9 @@ class SimOS:
     A class describing OS/arch-level configuration.
     """
 
-    def __init__(self, project: angr.Project, name=None):
+    name: str | None
+
+    def __init__(self, project: angr.Project, name: str | None = None):
         self.arch = project.arch
         self.project = project
         self.name = name