angr 9.2.147__py3-none-manylinux2014_x86_64.whl → 9.2.148__py3-none-manylinux2014_x86_64.whl

angr/analyses/forward_analysis/visitors/graph.py

@@ -3,7 +3,6 @@ from typing import TypeVar, Generic
 from collections.abc import Collection, Iterator
 from collections import defaultdict
 
-from angr.misc.ux import deprecated
 from angr.utils.algo import binary_insert
 
 NodeType = TypeVar("NodeType")
@@ -94,13 +93,6 @@ class GraphVisitor(Generic[NodeType]):
 
         return iter(self.sort_nodes())
 
-    @deprecated(replacement="nodes")
-    def nodes_iter(self):
-        """
-        (Deprecated) Return an iterator of nodes following an optimal traversal order. Will be removed in the future.
-        """
-        return self.nodes()
-
     # Traversal
 
     def reset(self):

angr/analyses/identifier/runner.py

@@ -29,7 +29,7 @@ assert len(FLAG_DATA) == 0x1000
 class Runner:
     def __init__(self, project, cfg):
         # this is kind of fucked up
-        project.simos.syscall_library.update(SIM_LIBRARIES["cgcabi_tracer"])
+        project.simos.syscall_library.update(SIM_LIBRARIES["cgcabi_tracer"][0])
 
         self.project = project
         self.cfg = cfg

angr/analyses/reaching_definitions/function_handler.py

@@ -401,10 +401,10 @@ class FunctionHandler:
             )
             type_collections = []
             if prototype_libname is not None and prototype_libname in SIM_LIBRARIES:
-                prototype_lib = SIM_LIBRARIES[prototype_libname]
-                if prototype_lib.type_collection_names:
-                    for typelib_name in prototype_lib.type_collection_names:
-                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
+                    if prototype_lib.type_collection_names:
+                        for typelib_name in prototype_lib.type_collection_names:
+                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
             if type_collections:
                 prototype = dereference_simtype(data.prototype, type_collections).with_arch(state.arch)
                 data.prototype = cast(SimTypeFunction, prototype)

angr/analyses/reassembler.py

@@ -2410,7 +2410,7 @@ class Reassembler(Analysis):
 
         # collect address of all instructions
         l.debug("Collecting instruction addresses...")
-        for cfg_node in self.cfg.nodes():
+        for cfg_node in self.cfg.model.nodes():
             self.all_insn_addrs |= set(cfg_node.instruction_addrs)
 
         # Functions

angr/analyses/stack_pointer_tracker.py

@@ -520,7 +520,7 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
                 # Setting register values to fresh ones will cause problems down the line when merging with normal
                 # register values happen. therefore, we set their values to BOTTOM. these BOTTOMs will be replaced once
                 # a merge with normal blocks happen.
-                initial_regs = {r: BOTTOM for r in self.reg_offsets}
+                initial_regs = dict.fromkeys(self.reg_offsets, BOTTOM)
 
         return StackPointerTrackerState(
             regs=initial_regs, memory={}, is_tracking_memory=self.track_mem, resilient=self._resilient

angr/analyses/static_hooker.py

@@ -21,7 +21,7 @@ class StaticHooker(Analysis):
     def __init__(self, library, binary=None):
         self.results = {}
         try:
-            lib = SIM_LIBRARIES[library]
+            libs = SIM_LIBRARIES[library]
         except KeyError as err:
             raise AngrValueError(f"No such library {library}") from err
 
@@ -36,14 +36,16 @@ class StaticHooker(Analysis):
                 l.debug("Skipping %s at %#x, already hooked", func.name, func.rebased_addr)
                 continue
 
-            if lib.has_implementation(func.name):
-                proc = lib.get(func.name, self.project.arch)
-                self.results[func.rebased_addr] = proc
-                if self.project.is_hooked(func.rebased_addr):
-                    l.debug("Skipping %s at %#x, already hooked", func.name, func.rebased_addr)
-                else:
-                    self.project.hook(func.rebased_addr, proc)
-                    l.info("Hooked %s at %#x", func.name, func.rebased_addr)
+            for lib in libs:
+                if lib.has_implementation(func.name):
+                    proc = lib.get(func.name, self.project.arch)
+                    self.results[func.rebased_addr] = proc
+                    if self.project.is_hooked(func.rebased_addr):
+                        l.debug("Skipping %s at %#x, already hooked", func.name, func.rebased_addr)
+                    else:
+                        self.project.hook(func.rebased_addr, proc)
+                        l.info("Hooked %s at %#x", func.name, func.rebased_addr)
+                    break
             else:
                 l.debug("Failed to hook %s at %#x", func.name, func.rebased_addr)
 

angr/analyses/variable_recovery/engine_ail.py

@@ -169,10 +169,10 @@ class SimEngineVRAIL(
 
             type_collections = []
             if prototype_libname is not None:
-                prototype_lib = SIM_LIBRARIES[prototype_libname]
-                if prototype_lib.type_collection_names:
-                    for typelib_name in prototype_lib.type_collection_names:
-                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
+                    if prototype_lib.type_collection_names:
+                        for typelib_name in prototype_lib.type_collection_names:
+                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
 
             for arg, arg_type in zip(args, prototype.args):
                 if arg.typevar is not None:
@@ -262,10 +262,10 @@ class SimEngineVRAIL(
 
             type_collections = []
             if prototype_libname is not None:
-                prototype_lib = SIM_LIBRARIES[prototype_libname]
-                if prototype_lib.type_collection_names:
-                    for typelib_name in prototype_lib.type_collection_names:
-                        type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
+                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
+                    if prototype_lib.type_collection_names:
+                        for typelib_name in prototype_lib.type_collection_names:
+                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
 
             for arg, arg_type in zip(args, prototype.args):
                 if arg.typevar is not None:

angr/analyses/variable_recovery/engine_base.py

@@ -417,6 +417,7 @@ class SimEngineVRBase(
                     vvar.size,
                     ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
                     region=self.func_addr,
+                    base="bp",
                 )
                 self.state.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)
             elif vvar.was_parameter:
@@ -1079,6 +1080,7 @@ class SimEngineVRBase(
                         vvar.size,
                         ident=self.state.variable_manager[self.func_addr].next_variable_ident("stack"),
                         region=self.func_addr,
+                        base="bp",
                     )
                     value = self.state.annotate_with_variables(value, [(0, variable)])
                     self.state.variable_manager[self.func_addr].add_variable("stack", vvar.stack_offset, variable)

angr/calling_conventions.py

@@ -1,9 +1,9 @@
 # pylint:disable=line-too-long,missing-class-docstring,no-self-use
 from __future__ import annotations
 import logging
-from typing import cast
+from typing import Generic, cast, TypeVar
 
-from collections.abc import Iterable, Sequence
+from collections.abc import Iterable
 from collections import defaultdict
 import contextlib
 
@@ -39,6 +39,8 @@ from .state_plugins.sim_action_object import SimActionObject
 l = logging.getLogger(name=__name__)
 l.addFilter(UniqueLogFilter())
 
+T = TypeVar("T", bound="SimFunctionArgument")
+
 
 class PointerWrapper:
     def __init__(self, value, buffer=False):
@@ -386,12 +388,12 @@ class SimStackArg(SimFunctionArgument):
         return SimStackArg(self.stack_offset + offset, size, is_fp)
 
 
-class SimComboArg(SimFunctionArgument):
+class SimComboArg(SimFunctionArgument, Generic[T]):
     """
     An argument which spans multiple storage locations. Locations should be given least-significant first.
     """
 
-    def __init__(self, locations, is_fp=False):
+    def __init__(self, locations: list[T], is_fp=False):
         super().__init__(sum(x.size for x in locations), is_fp=is_fp)
         self.locations = locations
 
@@ -449,6 +451,45 @@ class SimStructArg(SimFunctionArgument):
 
         return others
 
+    def get_single_footprint(self) -> SimStackArg | SimRegArg | SimComboArg:
+        if self.struct._arch is None:
+            raise TypeError("Can't tell the size of a struct without an arch")
+        stack_min = None
+        stack_max = None
+        regs = []
+        for field in self.struct.fields:
+            loc = self.locs[field]
+            if isinstance(loc, SimStackArg):
+                if stack_min is None or stack_max is None:
+                    stack_min = loc.stack_offset
+                    stack_max = loc.stack_offset
+                else:
+                    # sanity check that arguments are laid out in order...
+                    assert loc.stack_offset >= stack_max
+                    stack_max = loc.stack_offset + loc.size
+            elif isinstance(loc, SimRegArg):
+                regs.append(loc)
+            else:
+                assert False, "Why would a struct have layout elements other than stack and reg?"
+
+        # things to consider...
+        # what happens if we return the concat of two registers but there's slack space missing?
+        # an example of this would be big-endian struct { long a; int b; }
+        # do any CCs do this??
+        # for now assume no
+
+        if stack_min is not None:
+            if regs:
+                assert (
+                    False
+                ), "Unknown CC argument passing structure - why are we passing both regs and stack at the same time?"
+            return SimStackArg(stack_min, self.struct.size // self.struct._arch.byte_width)
+        if not regs:
+            assert False, "huh??????"
+        if len(regs) == 1:
+            return regs[0]
+        return SimComboArg(regs)
+
     def get_value(self, state, **kwargs):
         return SimStructValue(
             self.struct, {field: getter.get_value(state, **kwargs) for field, getter in self.locs.items()}
@@ -486,7 +527,7 @@ class SimReferenceArgument(SimFunctionArgument):
                         zero on the stack. It will be passed ``stack_base=ptr_loc.get_value(state)``
     """
 
-    def __init__(self, ptr_loc, main_loc):
+    def __init__(self, ptr_loc: SimFunctionArgument, main_loc: SimFunctionArgument):
         super().__init__(ptr_loc.size)  # ???
         self.ptr_loc = ptr_loc
         self.main_loc = main_loc
@@ -700,6 +741,7 @@ class SimCC:
             )
         if self.return_in_implicit_outparam(ty):
             if perspective_returned:
+                assert self.RETURN_VAL is not None
                 ptr_loc = self.RETURN_VAL
             else:
                 ptr_loc = self.next_arg(self.ArgSession(self), SimTypePointer(SimTypeBottom()))
@@ -713,6 +755,7 @@ class SimCC:
         if self.RETURN_VAL is None or isinstance(ty, SimTypeBottom):
             return None
         if ty.size > self.RETURN_VAL.size * self.arch.byte_width:
+            assert self.OVERFLOW_RETURN_VAL is not None
             return SimComboArg([self.RETURN_VAL, self.OVERFLOW_RETURN_VAL])
         return self.RETURN_VAL.refine(size=ty.size // self.arch.byte_width, arch=self.arch, is_fp=False)
 
@@ -991,7 +1034,8 @@ class SimCC:
                 else:
                     raise TypeError("PointerWrapper(buffer=True) can only be used with a bitvector or a bytestring")
             else:
-                child_type = SimTypeArray(ty.pts_to) if type(arg.value) in (str, bytes, list) else ty.pts_to
+                sub = ty.pts_to if isinstance(ty, SimTypePointer) else ty.refs
+                child_type = SimTypeArray(sub) if isinstance(arg.value, (str, bytes, list)) else sub
                 try:
                     real_value = SimCC._standardize_value(arg.value, child_type, state, alloc)
                 except TypeError as e:  # this is a dangerous catch...
@@ -1003,32 +1047,34 @@ class SimCC:
 
         if isinstance(arg, (str, bytes)):
             # sanitize the argument and request standardization again with SimTypeArray
-            if type(arg) is str:
+            if isinstance(arg, str):
                 arg = arg.encode()
             arg += b"\0"
             if isinstance(ty, SimTypePointer) and isinstance(ty.pts_to, SimTypeChar):
                 pass
-            elif isinstance(ty, SimTypeFixedSizeArray) and isinstance(ty.elem_type, SimTypeChar):
-                if len(arg) > ty.length:
-                    raise TypeError(f"String {arg!r} is too long for {ty}")
-                arg = arg.ljust(ty.length, b"\0")
-            elif isinstance(ty, SimTypeArray) and isinstance(ty.elem_type, SimTypeChar):
+            elif (isinstance(ty, SimTypeFixedSizeArray) and isinstance(ty.elem_type, SimTypeChar)) or (
+                isinstance(ty, SimTypeArray) and isinstance(ty.elem_type, SimTypeChar)
+            ):
                 if ty.length is not None:
                     if len(arg) > ty.length:
                         raise TypeError(f"String {arg!r} is too long for {ty}")
                     arg = arg.ljust(ty.length, b"\0")
             elif isinstance(ty, SimTypeString):
-                if len(arg) > ty.length + 1:
-                    raise TypeError(f"String {arg!r} is too long for {ty}")
-                arg = arg.ljust(ty.length + 1, b"\0")
+                if ty.length is not None:
+                    if len(arg) > ty.length + 1:
+                        raise TypeError(f"String {arg!r} is too long for {ty}")
+                    arg = arg.ljust(ty.length + 1, b"\0")
             else:
                 raise TypeError(f"Type mismatch: Expected {ty}, got char*")
             return SimCC._standardize_value(list(arg), SimTypeArray(SimTypeChar(), len(arg)), state, alloc)
 
         if isinstance(arg, list):
-            if isinstance(ty, (SimTypePointer, SimTypeReference)):
+            if isinstance(ty, SimTypePointer):
                 ref = True
                 subty = ty.pts_to
+            elif isinstance(ty, SimTypeReference):
+                ref = True
+                subty = ty.refs
             elif isinstance(ty, SimTypeArray):
                 ref = True
                 subty = ty.elem_type
@@ -1045,7 +1091,7 @@ class SimCC:
         if isinstance(arg, (tuple, dict, SimStructValue)):
             if not isinstance(ty, SimStruct):
                 raise TypeError(f"Type mismatch: Expected {ty}, got {type(arg)} (i.e. struct)")
-            if type(arg) is not SimStructValue:
+            if not isinstance(arg, SimStructValue):
                 if len(arg) != len(ty.fields):
                     raise TypeError(f"Wrong number of fields in struct, expected {len(ty.fields)} got {len(arg)}")
                 arg = SimStructValue(ty, arg)
@@ -1075,14 +1121,16 @@ class SimCC:
                     raise TypeError(f"Type mismatch: expected {ty}, got {arg.sort}")
                 return arg
             if isinstance(ty, (SimTypeReg, SimTypeNum)):
-                return arg.val_to_bv(ty.size, ty.signed)
+                return arg.val_to_bv(ty.size, ty.signed if isinstance(ty, SimTypeNum) else False)
             raise TypeError(f"Type mismatch: expected {ty}, got {arg.sort}")
 
         if isinstance(arg, claripy.ast.BV):
             if isinstance(ty, (SimTypeReg, SimTypeNum)):
                 if len(arg) != ty.size:
                     if arg.concrete:
-                        return claripy.BVV(arg.concrete_value, ty.size)
+                        size = ty.size
+                        assert size is not None
+                        return claripy.BVV(arg.concrete_value, size)
                     raise TypeError(f"Type mismatch of symbolic data: expected {ty}, got {len(arg)} bits")
                 return arg
             if isinstance(ty, (SimTypeFloat)):
@@ -1101,7 +1149,7 @@ class SimCC:
         return isinstance(other, self.__class__)
 
     @classmethod
-    def _match(cls, arch, args: list, sp_delta):
+    def _match(cls, arch, args: list[SimRegArg | SimStackArg], sp_delta):
         if (
             cls.arches() is not None and ":" not in arch.name and not isinstance(arch, cls.arches())
         ):  # pylint:disable=isinstance-second-argument-not-valid-type
@@ -1139,13 +1187,16 @@ class SimCC:
     @classmethod
     def _guess_arg_count(cls, args, limit: int = 64) -> int:
         # pylint:disable=not-callable
+        assert cls.ARCH is not None
         stack_args = [a for a in args if isinstance(a, SimStackArg)]
-        stack_arg_count = (max(a.stack_offset for a in stack_args) // cls.ARCH().bytes + 1) if stack_args else 0
+        stack_arg_count = (
+            (max(a.stack_offset for a in stack_args) // cls.ARCH(archinfo.Endness.LE).bytes + 1) if stack_args else 0
+        )
         return min(limit, max(len(args), stack_arg_count))
 
     @staticmethod
     def find_cc(
-        arch: archinfo.Arch, args: Sequence[SimFunctionArgument], sp_delta: int, platform: str = "Linux"
+        arch: archinfo.Arch, args: list[SimRegArg | SimStackArg], sp_delta: int, platform: str = "Linux"
     ) -> SimCC | None:
         """
         Pinpoint the best-fit calling convention and return the corresponding SimCC instance, or None if no fit is
@@ -1229,7 +1280,7 @@ class SimCCUsercall(SimCC):
     def next_arg(self, session, arg_type):
         return next(session.real_args)
 
-    def return_val(self, ty, **kwargs):
+    def return_val(self, ty, **kwargs):  # pylint: disable=unused-argument
         return self.ret_loc
 
 

angr/exploration_techniques/director.py

@@ -71,7 +71,7 @@ class BaseGoal:
 
         block_id = cfg._generate_block_id(call_stack_suffix, state.addr, is_syscall)
 
-        return cfg.get_node(block_id)
+        return cfg.model.get_node(block_id)
 
     @staticmethod
     def _dfs_edges(graph, source, max_steps=None):

angr/knowledge_plugins/functions/function.py

@@ -23,7 +23,6 @@ from angr.procedures import SIM_LIBRARIES
 from angr.procedures.definitions import SimSyscallLibrary
 from angr.protos import function_pb2
 from angr.calling_conventions import DEFAULT_CC, default_cc
-from angr.misc.ux import deprecated
 from angr.sim_type import SimTypeFunction, parse_defns
 from angr.calling_conventions import SimCC
 from angr.project import Project
@@ -92,6 +91,10 @@ class Function(Serializable):
         is_plt: bool | None = None,
         returning=None,
         alignment=False,
+        calling_convention: SimCC | None = None,
+        prototype: SimTypeFunction | None = None,
+        prototype_libname: str | None = None,
+        is_prototype_guessed: bool = True,
     ):
         """
         Function constructor. If the optional parameters are not provided, they will be automatically determined upon
@@ -139,11 +142,11 @@ class Function(Serializable):
         self.retaddr_on_stack = False
         self.sp_delta = 0
         # Calling convention
-        self.calling_convention: SimCC | None = None
+        self.calling_convention = calling_convention
         # Function prototype
-        self.prototype: SimTypeFunction | None = None
-        self.prototype_libname: str | None = None
-        self.is_prototype_guessed: bool = True
+        self.prototype = prototype
+        self.prototype_libname = prototype_libname
+        self.is_prototype_guessed = is_prototype_guessed
         # Whether this function returns or not. `None` means it's not determined yet
         self._returning = None
 
@@ -239,15 +242,6 @@ class Function(Serializable):
 
         self._init_prototype_and_calling_convention()
 
-    @property
-    @deprecated(".is_alignment")
-    def alignment(self):
-        return self.is_alignment
-
-    @alignment.setter
-    def alignment(self, value):
-        self.is_alignment = value
-
     @property
     def name(self):
         return self._name
@@ -357,7 +351,8 @@ class Function(Serializable):
             # we know the size
             size = self._block_sizes[addr]
 
-        block = self._project.factory.block(addr, size=size, byte_string=byte_string)
+        assert self.project is not None
+        block = self.project.factory.block(addr, size=size, byte_string=byte_string)
         if size is None:
             # update block_size dict
             self._block_sizes[addr] = block.size
@@ -460,18 +455,19 @@ class Function(Serializable):
         """
         constants = set()
 
-        if not self._project.loader.main_object.contains_addr(self.addr):
+        assert self.project is not None
+        if not self.project.loader.main_object.contains_addr(self.addr):
             return constants
 
         # FIXME the old way was better for architectures like mips, but we need the initial irsb
         # reanalyze function with a new initial state (use persistent registers)
         # initial_state = self._function_manager._cfg.get_any_irsb(self.addr).initial_state
-        # fresh_state = self._project.factory.blank_state(mode="fastpath")
+        # fresh_state = self.project.factory.blank_state(mode="fastpath")
         # for reg in initial_state.arch.persistent_regs + ['ip']:
         #     fresh_state.registers.store(reg, initial_state.registers.load(reg))
 
         # reanalyze function with a new initial state
-        fresh_state = self._project.factory.blank_state(mode="fastpath")
+        fresh_state = self.project.factory.blank_state(mode="fastpath")
         fresh_state.regs.ip = self.addr
 
         graph_addrs = {x.addr for x in self.graph.nodes() if isinstance(x, BlockNode)}
@@ -486,10 +482,10 @@ class Function(Serializable):
             if state.solver.eval(state.ip) not in graph_addrs:
                 continue
             # don't trace into simprocedures
-            if self._project.is_hooked(state.solver.eval(state.ip)):
+            if self.project.is_hooked(state.solver.eval(state.ip)):
                 continue
             # don't trace outside of the binary
-            if not self._project.loader.main_object.contains_addr(state.solver.eval(state.ip)):
+            if not self.project.loader.main_object.contains_addr(state.solver.eval(state.ip)):
                 continue
             # don't trace unreachable blocks
             if state.history.jumpkind in {
@@ -506,7 +502,7 @@ class Function(Serializable):
             curr_ip = state.solver.eval(state.ip)
 
             # get runtime values from logs of successors
-            successors = self._project.factory.successors(state)
+            successors = self.project.factory.successors(state)
             for succ in successors.flat_successors + successors.unsat_successors:
                 for a in succ.history.recent_actions:
                     for ao in a.all_objects:
@@ -562,7 +558,7 @@ class Function(Serializable):
             f"  SP difference: {self.sp_delta}\n"
             f"  Has return: {self.has_return}\n"
             f"  Returning: {'Unknown' if self.returning is None else self.returning}\n"
-            f"  Alignment: {self.alignment}\n"
+            f"  Alignment: {self.is_alignment}\n"
             f"  Arguments: reg: {self._argument_registers}, stack: {self._argument_stack_variables}\n"
             f"  Blocks: [{', '.join(f'{i:#x}' for i in self.block_addrs)}]\n"
             f"  Cyclomatic Complexity: {self.cyclomatic_complexity}\n"
@@ -612,7 +608,7 @@ class Function(Serializable):
 
     @property
     def size(self):
-        return sum(self._block_sizes.values())
+        return sum(self._block_sizes[addr] for addr in self._local_blocks)
 
     @property
     def binary(self):
@@ -620,8 +616,8 @@ class Function(Serializable):
         Get the object this function belongs to.
         :return: The object this function belongs to.
         """
-
-        return self._project.loader.find_object_containing(self.addr, membership_check=False)
+        assert self.project is not None
+        return self.project.loader.find_object_containing(self.addr, membership_check=False)
 
     @property
     def offset(self) -> int:
@@ -698,10 +694,12 @@ class Function(Serializable):
             project = self.project
             if project.is_hooked(addr):
                 hooker = project.hooked_by(addr)
-                name = hooker.display_name
+                if hooker is not None:
+                    name = hooker.display_name
             elif project.simos.is_syscall_addr(addr):
                 syscall_inst = project.simos.syscall_from_addr(addr)
-                name = syscall_inst.display_name
+                if syscall_inst is not None:
+                    name = syscall_inst.display_name
 
         # generate an IDA-style sub_X name
         if name is None:
@@ -1338,7 +1336,8 @@ class Function(Serializable):
 
     @property
     def callable(self):
-        return self._project.factory.callable(self.addr)
+        assert self.project is not None
+        return self.project.factory.callable(self.addr)
 
     def normalize(self):
         """
@@ -1349,6 +1348,7 @@ class Function(Serializable):
 
         :return: None
         """
+        assert self.project is not None
 
         # let's put a check here
         if self.startpoint is None:
@@ -1377,8 +1377,8 @@ class Function(Serializable):
 
             # Break other nodes
             for n in other_nodes:
-                new_size = get_real_address_if_arm(self._project.arch, smallest_node.addr) - get_real_address_if_arm(
-                    self._project.arch, n.addr
+                new_size = get_real_address_if_arm(self.project.arch, smallest_node.addr) - get_real_address_if_arm(
+                    self.project.arch, n.addr
                 )
                 if new_size == 0:
                     # This is the node that has the same size as the smallest one
@@ -1511,20 +1511,21 @@ class Function(Serializable):
             lib = SIM_LIBRARIES.get(binary_name, None)
             libraries = set()
             if lib is not None:
-                libraries.add(lib)
+                libraries.update(lib)
 
         else:
             # try all libraries or all libraries that match the given library name hint
             libraries = set()
-            for lib_name, lib in SIM_LIBRARIES.items():
+            for lib_name, libs in SIM_LIBRARIES.items():
                 # TODO: Add support for syscall libraries. Note that syscall libraries have different function
                 #  prototypes for .has_prototype() and .get_prototype()...
-                if not isinstance(lib, SimSyscallLibrary):
-                    if binary_name_hint:
-                        if binary_name_hint.lower() in lib_name.lower():
+                for lib in libs:
+                    if not isinstance(lib, SimSyscallLibrary):
+                        if binary_name_hint:
+                            if binary_name_hint.lower() in lib_name.lower():
+                                libraries.add(lib)
+                        else:
                             libraries.add(lib)
-                    else:
-                        libraries.add(lib)
 
         if not libraries:
             return False
@@ -1597,6 +1598,7 @@ class Function(Serializable):
             ::<addr>::<name>   when the function binary is an unnamed non-main object, or when multiple functions with
                                the same name are defined in the function binary.
         """
+        assert self.project is not None
         must_disambiguate_by_addr = self.binary is not self.project.loader.main_object and self.binary_name is None
 
         # If there are multiple functions with the same name in the same object, disambiguate by address
@@ -1615,6 +1617,7 @@ class Function(Serializable):
         return n + (display_name or self.name)
 
     def apply_definition(self, definition: str, calling_convention: SimCC | type[SimCC] | None = None) -> None:
+        assert self.project is not None
         if not definition.endswith(";"):
             definition += ";"
         func_def = parse_defns(definition, arch=self.project.arch)
@@ -1677,7 +1680,7 @@ class Function(Serializable):
         func.calling_convention = self.calling_convention
         func.prototype = self.prototype
         func._returning = self._returning
-        func.alignment = self.is_alignment
+        func.is_alignment = self.is_alignment
         func.startpoint = self.startpoint
         func._addr_to_block_node = self._addr_to_block_node.copy()
         func._block_sizes = self._block_sizes.copy()

angr/knowledge_plugins/functions/function_manager.py

@@ -505,6 +505,7 @@ class FunctionManager(KnowledgeBasePlugin, collections.abc.Mapping):
 
     def rebuild_callgraph(self):
         self.callgraph = networkx.MultiDiGraph()
+        cfg = self._kb.cfgs.get_most_accurate()
         for func_addr in self._function_map:
             self.callgraph.add_node(func_addr)
         for func in self._function_map.values():
@@ -512,6 +513,14 @@ class FunctionManager(KnowledgeBasePlugin, collections.abc.Mapping):
                 for node in func.transition_graph.nodes():
                     if isinstance(node, Function):
                         self.callgraph.add_edge(func.addr, node.addr)
+                    else:
+                        cfgnode = cfg.get_any_node(node.addr)
+                        if (
+                            cfgnode is not None
+                            and cfgnode.function_address is not None
+                            and cfgnode.function_address != func.addr
+                        ):
+                            self.callgraph.add_edge(func.addr, cfgnode.function_address)
 
 
 KnowledgeBasePlugin.register_default("functions", FunctionManager)