angr 9.2.146__py3-none-win_amd64.whl → 9.2.148__py3-none-win_amd64.whl

angr/analyses/flirt/flirt_sig.py

@@ -0,0 +1,356 @@
+from __future__ import annotations
+import struct
+import zlib
+from io import BytesIO
+
+from angr.errors import AngrError
+from .consts import FlirtParseFlag, FlirtFeatureFlag, FlirtFunctionFlag
+from .flirt_utils import read_max_2_bytes, read_multiple_bytes
+from .flirt_function import FlirtFunction
+from .flirt_module import FlirtModule
+from .flirt_node import FlirtNode
+
+
+class FlirtSignatureError(AngrError):
+    """
+    Describes errors related to FLIRT signatures, especially parsing.
+    """
+
+
+class FlirtSignature:
+    """
+    This class describes a FLIRT signature without any internal data that is only available after parsing.
+    """
+
+    def __init__(
+        self,
+        arch: str,
+        platform: str,
+        sig_name: str,
+        sig_path: str,
+        unique_strings: set[str] | None = None,
+        compiler: str | None = None,
+        compiler_version: str | None = None,
+        os_name: str | None = None,
+        os_version: str | None = None,
+    ):
+        self.arch = arch
+        self.platform = platform
+        self.sig_name = sig_name
+        self.sig_path = sig_path
+        self.unique_strings = unique_strings
+        self.compiler = compiler
+        self.compiler_version = compiler_version
+        self.os_name = os_name
+        self.os_version = os_version
+
+    def __repr__(self):
+        if self.os_name:
+            if self.os_version:
+                return f"<{self.sig_name}@{self.arch}-{self.os_name}-{self.os_version}>"
+            return f"<{self.sig_name}@{self.arch}-{self.os_name}>"
+        return f"<{self.sig_name}@{self.arch}-{self.platform}>"
+
+
+class FlirtSignatureParsed:
+    """
+    Describes a FLIRT signature file after parsing.
+    """
+
+    __slots__ = (
+        "app_types",
+        "arch",
+        "crc",
+        "ctype",
+        "ctypes_crc",
+        "features",
+        "file_types",
+        "libname",
+        "nfuncs",
+        "os_types",
+        "pattern_size",
+        "root",
+        "version",
+    )
+
+    def __init__(
+        self,
+        version: int,
+        arch: int,
+        file_types: int,
+        os_types: int,
+        app_types: int,
+        features: int,
+        crc: int,
+        ctype: int,
+        ctypes_crc: int,
+        nfuncs: int | None,
+        pattern_size: int | None,
+        libname: str,
+        root: FlirtNode | None,
+    ):
+        self.version = version
+        self.arch = arch
+        self.file_types = file_types
+        self.os_types = os_types
+        self.app_types = app_types
+        self.features = features
+        self.crc = crc
+        self.ctype = ctype
+        self.ctypes_crc = ctypes_crc
+        self.nfuncs = nfuncs
+        self.pattern_size = pattern_size
+        self.libname = libname
+        self.root = root
+
+    def parse_tree(self, file_obj, root: bool = False) -> FlirtNode:
+        """
+        Parse a FLIRT function tree.
+        """
+
+        if not root:
+            length = file_obj.read(1)[0]
+            variant_mask = self.parse_variant_mask(file_obj, length)
+            pattern = self.parse_node(file_obj, length, variant_mask)
+        else:
+            length = 0
+            pattern = []
+
+        node_count = read_multiple_bytes(file_obj)
+        if node_count > 0:
+            # non-leaf; load its child nodes
+            nodes: list[FlirtNode] = [None] * node_count  # type: ignore
+            for i in range(node_count):
+                nn = self.parse_tree(file_obj)
+                nodes[i] = nn
+            return FlirtNode(nodes, [], length, pattern)
+        # leaf
+        modules = self.parse_modules(file_obj)
+        return FlirtNode([], modules, length, pattern)
+
+    def parse_public_function(self, file_obj, offset: int) -> tuple[FlirtFunction, int, int]:
+        off = read_multiple_bytes(file_obj) if self.version >= 9 else read_max_2_bytes(file_obj)
+        off += offset
+
+        local = False  # is it a local function?
+        collision = False  # is it an unresolved collision?
+
+        flags = file_obj.read(1)[0]
+        if flags < 0x20:
+            local = bool(flags & FlirtFunctionFlag.FUNCTION_LOCAL)
+            collision = bool(flags & FlirtFunctionFlag.FUNCTION_UNRESOLVED_COLLISION)
+            next_byte = file_obj.read(1)[0]
+        else:
+            next_byte = flags
+
+        name_lst = []
+        name_end = False  # in case the function name is too long...
+        for _ in range(1024):  # max length of a function name
+            if next_byte < 0x20:
+                name_end = True
+                break
+            name_lst.append(next_byte)
+            next_byte = file_obj.read(1)[0]
+
+        name = bytes(name_lst).decode("utf-8")
+        if not name_end:
+            name = name + "..."
+        return FlirtFunction(name, off, local, collision), off, next_byte
+
+    def parse_referenced_functions(self, file_obj) -> list[FlirtFunction]:
+        func_count = file_obj.read(1)[0] if self.version >= 8 else 1
+        lst = []
+        for _ in range(func_count):
+            off = read_multiple_bytes(file_obj) if self.version >= 9 else read_max_2_bytes(file_obj)
+            name_len = file_obj.read(1)[0]
+            if name_len == 0:
+                name_len = read_multiple_bytes(file_obj)
+            if name_len > 1024:
+                raise FlirtSignatureError(f"Function name too long: {name_len}")
+            name_bytes = file_obj.read(name_len)
+            if len(name_bytes) < name_len:
+                raise FlirtSignatureError("Unexpected EOF")
+            name = name_bytes.decode("utf-8").rstrip("\x00")
+            lst.append(FlirtFunction(name, off, False, False))
+        return lst
+
+    def parse_tail_bytes(self, file_obj) -> list[tuple[int, int]]:
+        bytes_count = file_obj.read(1)[0] if self.version >= 8 else 1
+        lst = []
+        for _ in range(bytes_count):
+            off = read_multiple_bytes(file_obj) if self.version >= 9 else read_max_2_bytes(file_obj)
+            value = file_obj.read(1)[0]
+            lst.append((off, value))
+        return lst
+
+    def parse_modules(self, file_obj) -> list[FlirtModule]:
+        modules = []
+        while True:
+            crc_len = file_obj.read(1)[0]
+            crc = struct.unpack(">H", file_obj.read(2))[0]
+
+            while True:
+                # parse all modules with the same CRC
+                module, flags = self.parse_module(file_obj)
+                module.crc_len = crc_len
+                module.crc = crc
+                modules.append(module)
+                if flags & FlirtParseFlag.PARSE_MORE_MODULES_WITH_SAME_CRC == 0:
+                    break
+
+            # same crc length but different crc
+            if flags & FlirtParseFlag.PARSE_MORE_MODULES == 0:
+                break
+        return modules
+
+    def parse_module(self, file_obj) -> tuple[FlirtModule, int]:
+        length = read_multiple_bytes(file_obj) if self.version >= 9 else read_max_2_bytes(file_obj)
+        pub_funcs = []
+        off = 0
+        while True:
+            func, off, flags = self.parse_public_function(file_obj, off)
+            pub_funcs.append(func)
+            if flags & FlirtParseFlag.PARSE_MORE_PUBLIC_NAMES == 0:
+                break
+
+        tail_bytes: list[tuple[int, int]] = []
+        if flags & FlirtParseFlag.PARSE_READ_TAIL_BYTES:
+            tail_bytes = self.parse_tail_bytes(file_obj)
+
+        ref_funcs = []
+        if flags & FlirtParseFlag.PARSE_READ_REFERENCED_FUNCTIONS:
+            ref_funcs = self.parse_referenced_functions(file_obj)
+
+        return (
+            FlirtModule(
+                length,
+                0,  # back-filled in its caller
+                0,  # back-filled in its caller
+                pub_funcs,
+                ref_funcs,
+                tail_bytes,
+            ),
+            flags,
+        )
+
+    @staticmethod
+    def parse_variant_mask(file_obj, length: int) -> int:
+        if length < 0x10:
+            return read_max_2_bytes(file_obj)
+        if length <= 0x20:
+            return read_multiple_bytes(file_obj)
+        if length <= 0x40:
+            return (read_multiple_bytes(file_obj) << 32) | read_multiple_bytes(file_obj)
+        raise FlirtSignatureError(f"Unexpected variant mask length: {length}")
+
+    @staticmethod
+    def is_bit_set_be(mask: int, mask_len: int, bit_offset: int) -> bool:
+        assert mask_len > bit_offset
+        return mask & (1 << (mask_len - bit_offset - 1)) != 0
+
+    @staticmethod
+    def parse_node(file_obj, length: int, variant_mask: int) -> list[int]:
+        pattern = [-1] * length
+        for i in range(length):
+            if not FlirtSignatureParsed.is_bit_set_be(variant_mask, length, i):
+                pattern[i] = file_obj.read(1)[0]
+        return pattern
+
+    @classmethod
+    def parse(cls, file_obj) -> FlirtSignatureParsed:
+        """
+        Parse a FLIRT signature file.
+
+        The following struct definitions come from radare2
+
+        // FLIRT v5+
+        ut8 magic[6];
+        ut8 version;
+        ut8 arch;
+        ut32 file_types;
+        ut16 os_types;
+        ut16 app_types;
+        ut16 features;
+        ut16 old_n_functions;
+        ut16 crc16;
+        ut8 ctype[12];
+        ut8 library_name_len;
+        ut16 ctypes_crc16;
+
+        // FLIRT v6+
+        ut32 nfuncs;
+
+        // FLIRT v8+
+        ut16 pattern_size;
+
+        // FLIRT v10
+        ut16 unknown;
+        """
+
+        struct_str = "<6s B B I H H H H H 12s B H".replace(" ", "")
+        sz = struct.calcsize(struct_str)
+        header_bytes = file_obj.read(sz)
+        if len(header_bytes) != sz:
+            raise FlirtSignatureError
+        unpacked = struct.unpack(struct_str, header_bytes)
+
+        # sanity check
+        if unpacked[0] != b"IDASGN":
+            raise FlirtSignatureError("Unexpected magic bytes")
+
+        version = unpacked[1]
+        if version < 5:
+            raise FlirtSignatureError("Unsupported FLIRT signature version")
+
+        if version >= 6:
+            # nfuncs
+            data = file_obj.read(4)
+            if len(data) != 4:
+                raise FlirtSignatureError("Unexpected EOF")
+            nfuncs = struct.unpack("<I", data)[0]
+        else:
+            nfuncs = None
+        if version >= 8:
+            # pattern_size
+            data = file_obj.read(2)
+            if len(data) != 2:
+                raise FlirtSignatureError("Unexpected EOF")
+            pattern_size = struct.unpack("<H", data)[0]
+        else:
+            pattern_size = None
+
+        if version >= 10:
+            # unknown
+            data = file_obj.read(2)
+            if len(data) != 2:
+                raise FlirtSignatureError("Unexpected EOF")
+
+        libname_len = unpacked[10]
+        libname = file_obj.read(libname_len).decode("utf-8")
+
+        obj = cls(
+            version=version,
+            arch=unpacked[2],
+            file_types=unpacked[3],
+            os_types=unpacked[4],
+            app_types=unpacked[5],
+            features=unpacked[6],
+            crc=unpacked[7],
+            ctype=unpacked[8],
+            ctypes_crc=unpacked[11],
+            nfuncs=nfuncs,
+            pattern_size=pattern_size,
+            libname=libname,
+            root=None,
+        )
+
+        # is it compressed?
+        if obj.features & FlirtFeatureFlag.FEATURE_COMPRESSED:
+            data = file_obj.read()
+            decompressed = BytesIO(zlib.decompress(data))
+            file_obj = decompressed
+
+        root = obj.parse_tree(file_obj, root=True)
+
+        obj.root = root
+        return obj

angr/analyses/flirt/flirt_utils.py

@@ -0,0 +1,31 @@
+# Util functions that are mostly rewrite of the original code in redare2
+from __future__ import annotations
+import struct
+
+
+def read_short(file_obj) -> int:
+    return struct.unpack(">H", file_obj.read(2))[0]
+
+
+def read_word(file_obj) -> int:
+    return struct.unpack(">I", file_obj.read(4))[0]
+
+
+def read_max_2_bytes(file_obj) -> int:
+    b = file_obj.read(1)[0]
+    if b & 0x80 != 0x80:
+        return b
+    return ((b & 0x7F) << 8) + file_obj.read(1)[0]
+
+
+def read_multiple_bytes(file_obj) -> int:
+    b = file_obj.read(1)[0]
+    if b & 0x80 != 0x80:
+        return b
+    if b & 0xC0 != 0xC0:
+        return ((b & 0x7F) << 8) + file_obj.read(1)[0]
+    if b & 0xE0 != 0xE0:
+        b = ((b & 0x3F) << 24) + (file_obj.read(1)[0] << 16)
+        b += read_short(file_obj)
+        return b
+    return read_word(file_obj)

angr/analyses/forward_analysis/visitors/graph.py

@@ -3,7 +3,6 @@ from typing import TypeVar, Generic
 from collections.abc import Collection, Iterator
 from collections import defaultdict
 
-from angr.misc.ux import deprecated
 from angr.utils.algo import binary_insert
 
 NodeType = TypeVar("NodeType")
@@ -94,13 +93,6 @@ class GraphVisitor(Generic[NodeType]):
 
         return iter(self.sort_nodes())
 
-    @deprecated(replacement="nodes")
-    def nodes_iter(self):
-        """
-        (Deprecated) Return an iterator of nodes following an optimal traversal order. Will be removed in the future.
-        """
-        return self.nodes()
-
     # Traversal
 
     def reset(self):

angr/analyses/identifier/runner.py

@@ -29,7 +29,7 @@ assert len(FLAG_DATA) == 0x1000
 class Runner:
     def __init__(self, project, cfg):
         # this is kind of fucked up
-        project.simos.syscall_library.update(SIM_LIBRARIES["cgcabi_tracer"])
+        project.simos.syscall_library.update(SIM_LIBRARIES["cgcabi_tracer"][0])
 
         self.project = project
         self.cfg = cfg

angr/analyses/reaching_definitions/function_handler.py

@@ -401,10 +401,10 @@ class FunctionHandler:
             )
             type_collections = []
             if prototype_libname is not None and prototype_libname in SIM_LIBRARIES:
-                prototype_lib = SIM_LIBRARIES[prototype_libname]
-                if prototype_lib.type_collection_names:
-                    for typelib_name in prototype_lib.type_collection_names:
-                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
+                    if prototype_lib.type_collection_names:
+                        for typelib_name in prototype_lib.type_collection_names:
+                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
             if type_collections:
                 prototype = dereference_simtype(data.prototype, type_collections).with_arch(state.arch)
                 data.prototype = cast(SimTypeFunction, prototype)

angr/analyses/reassembler.py

@@ -2410,7 +2410,7 @@ class Reassembler(Analysis):
 
         # collect address of all instructions
         l.debug("Collecting instruction addresses...")
-        for cfg_node in self.cfg.nodes():
+        for cfg_node in self.cfg.model.nodes():
             self.all_insn_addrs |= set(cfg_node.instruction_addrs)
 
         # Functions

angr/analyses/stack_pointer_tracker.py

@@ -7,6 +7,7 @@ import re
 import logging
 from collections import defaultdict
 
+from archinfo.arch_arm import is_arm_arch
 import pyvex
 
 from angr.analyses import ForwardAnalysis, visitors
@@ -16,6 +17,7 @@ from angr.knowledge_plugins import Function
 from angr.block import BlockNode
 from angr.errors import SimTranslationError
 from angr.calling_conventions import SimStackArg
+
 from .analysis import Analysis
 
 try:
@@ -381,6 +383,10 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
             block_start_addr = func.addr if func is not None else block.addr  # type: ignore
             self._reg_value_at_block_start[block_start_addr] = initial_reg_values
 
+        self._itstate_regoffset = None
+        if is_arm_arch(self.project.arch):
+            self._itstate_regoffset = self.project.arch.registers["itstate"][0]
+
         _l.debug("Running on function %r", self._func)
         self._analyze()
 
@@ -514,7 +520,7 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
                 # Setting register values to fresh ones will cause problems down the line when merging with normal
                 # register values happen. therefore, we set their values to BOTTOM. these BOTTOMs will be replaced once
                 # a merge with normal blocks happen.
-                initial_regs = {r: BOTTOM for r in self.reg_offsets}
+                initial_regs = dict.fromkeys(self.reg_offsets, BOTTOM)
 
         return StackPointerTrackerState(
             regs=initial_regs, memory={}, is_tracking_memory=self.track_mem, resilient=self._resilient
@@ -617,18 +623,43 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
                         and is_alignment_mask(arg1_expr.val)
                     ):
                         return arg0_expr
+                    # also handle bitwise-and between constants
+                    if isinstance(arg0_expr, Constant) and isinstance(arg1_expr, Constant):
+                        return Constant(arg0_expr.val & arg1_expr.val)
+                elif expr.op.startswith("Iop_Xor"):
+                    # handle bitwise-xor between constants
+                    arg0_expr = _resolve_expr(arg0)
+                    arg1_expr = _resolve_expr(arg1)
+                    if isinstance(arg0_expr, Constant) and isinstance(arg1_expr, Constant):
+                        return Constant(arg0_expr.val ^ arg1_expr.val)
                 elif expr.op.startswith("Iop_CmpEQ"):
                     arg0_expr = _resolve_expr(arg0)
                     arg1_expr = _resolve_expr(arg1)
                     if isinstance(arg0_expr, (Register, OffsetVal)) and isinstance(arg1_expr, (Register, OffsetVal)):
                         return Eq(arg0_expr, arg1_expr)
+                elif expr.op.startswith("Iop_CmpNE"):
+                    arg0_expr = _resolve_expr(arg0)
+                    arg1_expr = _resolve_expr(arg1)
+                    if isinstance(arg0_expr, Constant) and isinstance(arg1_expr, Constant):
+                        return Constant(1 if arg0_expr.val == arg1_expr.val else 0)
+                elif expr.op.startswith("Iop_Shr"):
+                    arg0_expr = _resolve_expr(arg0)
+                    arg1_expr = _resolve_expr(arg1)
+                    if isinstance(arg0_expr, Constant) and isinstance(arg1_expr, Constant):
+                        return Constant(arg0_expr.val >> arg1_expr.val)
                 raise CouldNotResolveException
             if type(expr) is pyvex.IRExpr.RdTmp and expr.tmp in tmps and tmps[expr.tmp] is not None:
                 return tmps[expr.tmp]
             if type(expr) is pyvex.IRExpr.Const:
                 return Constant(expr.con.value)
             if type(expr) is pyvex.IRExpr.Get:
+                if self._itstate_regoffset is not None and expr.offset == self._itstate_regoffset:
+                    return Constant(0)
                 return state.get(expr.offset)
+            if type(expr) is pyvex.IRExpr.ITE:
+                cond = _resolve_expr(expr.cond)
+                if isinstance(cond, Constant):
+                    return _resolve_expr(expr.iftrue) if cond.val == 1 else _resolve_expr(expr.iffalse)
             if type(expr) is pyvex.IRExpr.Unop:
                 m = IROP_CONVERT_REGEX.match(expr.op)
                 if m is not None:
@@ -646,6 +677,9 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
                     if isinstance(v, Eq):
                         return v
                     return TOP
+            elif type(expr) is pyvex.IRExpr.CCall and expr.callee.name == "armg_calculate_condition":
+                # this is a hack for handling ARM THUMB conditional instructions and may not always work...
+                return Constant(0)
             elif self.track_mem and type(expr) is pyvex.IRExpr.Load:
                 return state.load(_resolve_expr(expr.addr))
             raise CouldNotResolveException

angr/analyses/static_hooker.py

@@ -21,7 +21,7 @@ class StaticHooker(Analysis):
     def __init__(self, library, binary=None):
         self.results = {}
         try:
-            lib = SIM_LIBRARIES[library]
+            libs = SIM_LIBRARIES[library]
         except KeyError as err:
             raise AngrValueError(f"No such library {library}") from err
 
@@ -36,14 +36,16 @@ class StaticHooker(Analysis):
                 l.debug("Skipping %s at %#x, already hooked", func.name, func.rebased_addr)
                 continue
 
-            if lib.has_implementation(func.name):
-                proc = lib.get(func.name, self.project.arch)
-                self.results[func.rebased_addr] = proc
-                if self.project.is_hooked(func.rebased_addr):
-                    l.debug("Skipping %s at %#x, already hooked", func.name, func.rebased_addr)
-                else:
-                    self.project.hook(func.rebased_addr, proc)
-                    l.info("Hooked %s at %#x", func.name, func.rebased_addr)
+            for lib in libs:
+                if lib.has_implementation(func.name):
+                    proc = lib.get(func.name, self.project.arch)
+                    self.results[func.rebased_addr] = proc
+                    if self.project.is_hooked(func.rebased_addr):
+                        l.debug("Skipping %s at %#x, already hooked", func.name, func.rebased_addr)
+                    else:
+                        self.project.hook(func.rebased_addr, proc)
+                        l.info("Hooked %s at %#x", func.name, func.rebased_addr)
+                    break
             else:
                 l.debug("Failed to hook %s at %#x", func.name, func.rebased_addr)
 

angr/analyses/variable_recovery/engine_ail.py

@@ -169,10 +169,10 @@ class SimEngineVRAIL(
 
             type_collections = []
             if prototype_libname is not None:
-                prototype_lib = SIM_LIBRARIES[prototype_libname]
-                if prototype_lib.type_collection_names:
-                    for typelib_name in prototype_lib.type_collection_names:
-                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
+                    if prototype_lib.type_collection_names:
+                        for typelib_name in prototype_lib.type_collection_names:
+                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
 
             for arg, arg_type in zip(args, prototype.args):
                 if arg.typevar is not None:
@@ -262,10 +262,10 @@ class SimEngineVRAIL(
 
             type_collections = []
             if prototype_libname is not None:
-                prototype_lib = SIM_LIBRARIES[prototype_libname]
-                if prototype_lib.type_collection_names:
-                    for typelib_name in prototype_lib.type_collection_names:
-                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
+                    if prototype_lib.type_collection_names:
+                        for typelib_name in prototype_lib.type_collection_names:
+                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
 
             for arg, arg_type in zip(args, prototype.args):
                 if arg.typevar is not None:

angr/analyses/variable_recovery/engine_base.py

@@ -417,6 +417,7 @@ class SimEngineVRBase(
                     vvar.size,
                     ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
                     region=self.func_addr,
+                    base="bp",
                 )
                 self.state.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)
             elif vvar.was_parameter:
@@ -1079,6 +1080,7 @@ class SimEngineVRBase(
                         vvar.size,
                         ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
                         region=self.func_addr,
+                        base="bp",
                     )
                     value = self.state.annotate_with_variables(value, [(0, variable)])
                     self.state.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)

angr/block.py

@@ -433,9 +433,9 @@ class Block(Serializable):
 
     @property
     def instructions(self) -> int:
-        if not self._instructions and self._vex is None:
-            # initialize from VEX
-            _ = self.vex
+        if not self._instructions and self._vex is None and self._vex_nostmt is None:
+            # initialize from VEX, but we do not need statements to know instructions
+            _ = self.vex_nostmt
 
         assert self._instructions is not None
         return self._instructions
@@ -446,9 +446,9 @@ class Block(Serializable):
             # hooks and other pseudo-functions
             return []
 
-        if not self._instruction_addrs and self._vex is None:
-            # initialize instruction addrs
-            _ = self.vex
+        if not self._instruction_addrs and self._vex is None and self._vex_nostmt is None:
+            # initialize instruction addrs, but we do not need statements
+            _ = self.vex_nostmt
 
         return self._instruction_addrs