angr 9.2.150__py3-none-manylinux2014_aarch64.whl → 9.2.153__py3-none-manylinux2014_aarch64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.150"
+__version__ = "9.2.153"
 
 if bytes is str:
     raise Exception(

angr/analyses/calling_convention/calling_convention.py

@@ -21,6 +21,7 @@ from angr.calling_conventions import (
     default_cc,
     SimCCMicrosoftThiscall,
 )
+from angr.errors import SimTranslationError
 from angr.sim_type import (
     SimTypeCppFunction,
     SimTypeInt,
@@ -585,16 +586,23 @@ class CallingConventionAnalysis(Analysis):
             # include its successor.
 
             # Re-lift the target block
-            dst_bb = self.project.factory.block(dst.addr, func.get_block_size(dst.addr), opt_level=1)
+            dst_block_size = func.get_block_size(dst.addr)
+            if dst_block_size is not None and dst_block_size > 0:
+                dst_bb = self.project.factory.block(dst.addr, dst_block_size, opt_level=1)
+                try:
+                    vex_block = dst_bb.vex
+                except SimTranslationError:
+                    # failed to lift the block
+                    continue
 
-            # If there is only one 'IMark' statement in vex --> the target block contains only direct jump
-            if (
-                len(dst_bb.vex.statements) == 1
-                and dst_bb.vex.statements[0].tag == "Ist_IMark"
-                and func.graph.out_degree(dst) == 1
-            ):
-                for _, jmp_dst, jmp_data in func_graph.out_edges(dst, data=True):
-                    subgraph.add_edge(dst, jmp_dst, **jmp_data)
+                # If there is only one 'IMark' statement in vex --> the target block contains only direct jump
+                if (
+                    len(vex_block.statements) == 1
+                    and vex_block.statements[0].tag == "Ist_IMark"
+                    and func.graph.out_degree(dst) == 1
+                ):
+                    for _, jmp_dst, jmp_data in func_graph.out_edges(dst, data=True):
+                        subgraph.add_edge(dst, jmp_dst, **jmp_data)
 
         return subgraph
 

angr/analyses/cfg/cfg_base.py

@@ -1515,7 +1515,7 @@ class CFGBase(Analysis):
         Revisit the entire control flow graph, create Function instances accordingly, and correctly put blocks into
         each function.
 
-        Although Function objects are crated during the CFG recovery, they are neither sound nor accurate. With a
+        Although Function objects are created during the CFG recovery, they are neither sound nor accurate. With a
         pre-constructed CFG, this method rebuilds all functions bearing the following rules:
 
             - A block may only belong to one function.

angr/analyses/cfg/cfg_fast.py

@@ -1554,6 +1554,45 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
                 }:
                     func.info["is_alloca_probe"] = True
 
+            # determine if the function is _guard_xfg_dispatch_icall_nop or _guard_xfg_dispatch_icall_fptr
+            if func is not None and not func.is_simprocedure and len(func.block_addrs_set) in {1, 2}:
+                # _guard_xfg_dispatch_icall_nop jumps to _guard_xfg_dispatch_icall_fptr, but we may or may not identify
+                # _guard_xfg_dispatch_icall_fptr as a separate function.
+                # so, two possibilities:
+                # - _guard_xfg_dispatch_icall_nop is a function with one block and jumps to
+                #   _guard_xfg_dispatch_icall_fptr.
+                # - _guard_xfg_dispatch_icall_nop is a function with 2 blocks, and the second block is the body of
+                #   _guard_xfg_dispatch_icall_fptr.
+                try:
+                    block = func.get_block(func.addr)
+                except SimTranslationError:
+                    block = None
+                if block is not None and block.instructions == 1:
+                    insn = block.capstone.insns[0]
+                    if block.bytes == b"\xff\xe0":
+                        func.info["jmp_rax"] = True
+                    elif (
+                        insn.mnemonic == "jmp"
+                        and insn.operands[0].type == capstone.x86.X86_OP_MEM
+                        and insn.operands[0].mem.base == capstone.x86.X86_REG_RIP
+                        and insn.operands[0].mem.disp > 0
+                        and insn.operands[0].mem.index == 0
+                    ):
+                        # where is it jumping to?
+                        jumpout_targets = list(self.graph.successors(self.model.get_any_node(func.addr)))
+                        if len(jumpout_targets) == 1:
+                            jumpout_target = jumpout_targets[0].addr
+                            if len(func.block_addrs_set) == 1 and len(func.jumpout_sites) == 1:
+                                if (
+                                    self.kb.functions.contains_addr(jumpout_target)
+                                    and self.kb.functions.get_by_addr(jumpout_target).get_block(jumpout_target).bytes
+                                    == b"\xff\xe0"
+                                ):
+                                    func.info["jmp_rax"] = True
+                            elif len(func.block_addrs_set) == 2 and func.get_block(jumpout_target).bytes == b"\xff\xe0":
+                                # check the second block and ensure it's jmp rax
+                                func.info["jmp_rax"] = True
+
         elif self.project.arch.name == "X86":
             # determine if the function is __alloca_probe
             func = self.kb.functions.get_by_addr(func_addr) if self.kb.functions.contains_addr(func_addr) else None

angr/analyses/decompiler/ail_simplifier.py

@@ -203,7 +203,6 @@ class AILSimplifier(Analysis):
         AILGraphWalker(self.func_graph, _handler, replace_nodes=True).walk()
         self.blocks = {}
 
-    @timethis
     def _compute_reaching_definitions(self) -> SRDAModel:
         # Computing reaching definitions or return the cached one
         if self._reaching_definitions is not None:

angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py

@@ -412,6 +412,45 @@ class AMD64CCallRewriter(CCallRewriterBase):
                     )
                     return Expr.Convert(None, r.bits, ccall.bits, False, r, **ccall.tags)
 
+                elif (
+                    cond_v == AMD64_CondTypes["CondNS"]
+                    and op_v
+                    in {
+                        AMD64_OpTypes["G_CC_OP_LOGICB"],
+                        AMD64_OpTypes["G_CC_OP_LOGICW"],
+                        AMD64_OpTypes["G_CC_OP_LOGICL"],
+                        AMD64_OpTypes["G_CC_OP_LOGICQ"],
+                    }
+                    and isinstance(dep_2, Expr.Const)
+                    and dep_2.value == 0
+                ):
+                    # dep_1 >= 0
+                    dep_1 = self._fix_size(
+                        dep_1,
+                        op_v,
+                        AMD64_OpTypes["G_CC_OP_LOGICB"],
+                        AMD64_OpTypes["G_CC_OP_LOGICW"],
+                        AMD64_OpTypes["G_CC_OP_LOGICL"],
+                        ccall.tags,
+                    )
+                    dep_2 = self._fix_size(
+                        dep_2,
+                        op_v,
+                        AMD64_OpTypes["G_CC_OP_LOGICB"],
+                        AMD64_OpTypes["G_CC_OP_LOGICW"],
+                        AMD64_OpTypes["G_CC_OP_LOGICL"],
+                        ccall.tags,
+                    )
+
+                    r = Expr.BinaryOp(
+                        ccall.idx,
+                        "CmpGE",
+                        (dep_1, dep_2),
+                        True,
+                        **ccall.tags,
+                    )
+                    return Expr.Convert(None, r.bits, ccall.bits, False, r, **ccall.tags)
+
         elif ccall.callee == "amd64g_calculate_rflags_c":
             # calculate the carry flag
             op = ccall.operands[0]

angr/analyses/decompiler/clinic.py

@@ -483,6 +483,11 @@ class Clinic(Analysis):
         arg_vvars = self._create_function_argument_vvars(arg_list)
         func_args = {arg_vvar for arg_vvar, _ in arg_vvars.values()}
 
+        # duplicate orphaned conditional jump blocks
+        ail_graph = self._duplicate_orphaned_cond_jumps(ail_graph)
+        # rewrite jmp_rax function calls
+        ail_graph = self._rewrite_jump_rax_calls(ail_graph)
+
         # Transform the graph into partial SSA form
         self._update_progress(35.0, text="Transforming to partial-SSA form")
         ail_graph = self._transform_to_ssa_level0(ail_graph, func_args)
@@ -927,7 +932,7 @@ class Clinic(Analysis):
                     self.kb.callsite_prototypes.set_prototype(callsite.addr, cc.cc, cc.prototype, manual=False)
                     if func_graph is not None and cc.prototype.returnty is not None:
                         # patch the AIL call statement if we can find one
-                        callsite_ail_block: ailment.Block = next(
+                        callsite_ail_block: ailment.Block | None = next(
                             iter(bb for bb in func_graph if bb.addr == callsite.addr), None
                         )
                         if callsite_ail_block is not None and callsite_ail_block.statements:
@@ -1002,6 +1007,7 @@ class Clinic(Analysis):
         :return:    None
         """
         assert self._func_graph is not None
+        assert self._blocks_by_addr_and_size is not None
 
         for block_node in self._func_graph.nodes():
             ail_block = self._convert(block_node)
@@ -1892,6 +1898,19 @@ class Clinic(Analysis):
                 self._link_variables_on_expr(variable_manager, global_variables, block, stmt_idx, stmt, stmt.dst)
                 self._link_variables_on_expr(variable_manager, global_variables, block, stmt_idx, stmt, stmt.src)
 
+            elif stmt_type is ailment.Stmt.CAS:
+                for expr in [
+                    stmt.addr,
+                    stmt.data_lo,
+                    stmt.data_hi,
+                    stmt.expd_lo,
+                    stmt.expd_hi,
+                    stmt.old_lo,
+                    stmt.old_hi,
+                ]:
+                    if expr is not None:
+                        self._link_variables_on_expr(variable_manager, global_variables, block, stmt_idx, stmt, expr)
+
             elif stmt_type is ailment.Stmt.ConditionalJump:
                 self._link_variables_on_expr(variable_manager, global_variables, block, stmt_idx, stmt, stmt.condition)
 
@@ -2123,6 +2142,86 @@ class Clinic(Analysis):
 
         return graph
 
+    @staticmethod
+    def _duplicate_orphaned_cond_jumps(ail_graph) -> networkx.DiGraph:
+        """
+        Find conditional jumps that are orphaned (e.g., being the only instruction of the block). If these blocks have
+        multiple predecessors, duplicate them to all predecessors. This is a workaround for cases where these
+        conditional jumps rely on comparisons in more than one predecessor and we cannot resolve ccalls into
+        comparisons.
+
+        This pass runs before any SSA transformations.
+
+        # 140017162     jz      short 1400171e1
+        """
+
+        for block in list(ail_graph):
+            if len(block.statements) > 1 and block.statements[0].ins_addr == block.statements[-1].ins_addr:
+                preds = list(ail_graph.predecessors(block))
+                if len(preds) > 1 and block not in preds:
+                    has_ccall = any(
+                        isinstance(stmt, ailment.Stmt.Assignment)
+                        and isinstance(stmt.src, ailment.Expr.VEXCCallExpression)
+                        for stmt in block.statements
+                    )
+                    if has_ccall:
+                        # duplicate this block to its predecessors!
+                        preds = sorted(preds, key=lambda x: x.addr)
+                        succs = sorted(ail_graph.successors(block), key=lambda x: x.addr)
+                        # FIXME: We should track block IDs globally and ensure block IDs do not collide
+                        block_idx_start = block.idx + 1 if block.idx is not None else 1
+                        for pred in preds[1:]:
+                            ail_graph.remove_edge(pred, block)
+                            new_block = block.copy()
+                            new_block.idx = block_idx_start
+                            block_idx_start += 1
+                            ail_graph.add_edge(pred, new_block)
+                            for succ in succs:
+                                ail_graph.add_edge(new_block, succ if succ is not block else new_block)
+
+        return ail_graph
+
+    def _rewrite_jump_rax_calls(self, ail_graph: networkx.DiGraph) -> networkx.DiGraph:
+        """
+        Rewrite calls to special functions (e.g., guard_dispatch_icall_nop) into `call rax`.
+        """
+
+        if self.project.arch.name != "AMD64":
+            return ail_graph
+        if self._cfg is None:
+            return ail_graph
+
+        for block in ail_graph:
+            if not block.statements:
+                continue
+            assert block.addr is not None
+            last_stmt = block.statements[-1]
+            if isinstance(last_stmt, ailment.Stmt.Call):
+                # we can't examine the call target at this point because constant propagation hasn't run yet; we consult
+                # the CFG instead
+                callsite_node = self._cfg.get_any_node(block.addr, anyaddr=True)
+                if callsite_node is None:
+                    break
+                callees = self._cfg.get_successors(callsite_node, jumpkind="Ijk_Call")
+                if len(callees) != 1:
+                    break
+                callee = callees[0].addr
+                if self.kb.functions.contains_addr(callee):
+                    callee_func = self.kb.functions.get_by_addr(callee)
+                    if callee_func.info.get("jmp_rax", False) is True:
+                        # rewrite this statement into Call(rax)
+                        call_stmt = last_stmt.copy()
+                        call_stmt.target = ailment.Expr.Register(
+                            self._ail_manager.next_atom(),
+                            None,
+                            self.project.arch.registers["rax"][0],
+                            64,
+                            ins_addr=call_stmt.ins_addr,
+                        )
+                        block.statements[-1] = call_stmt
+
+        return ail_graph
+
     def _rewrite_ite_expressions(self, ail_graph):
         cfg = self._cfg
         for block in list(ail_graph):
@@ -2130,11 +2229,16 @@ class Clinic(Analysis):
                 continue
 
             ite_ins_addrs = []
+            cas_ins_addrs = set()
             for stmt in block.statements:
-                if (
+                if isinstance(stmt, ailment.Stmt.CAS):
+                    # we do not rewrite ITE statements that are caused by CAS statements
+                    cas_ins_addrs.add(stmt.ins_addr)
+                elif (
                     isinstance(stmt, ailment.Stmt.Assignment)
                     and isinstance(stmt.src, ailment.Expr.ITE)
                     and stmt.ins_addr not in ite_ins_addrs
+                    and stmt.ins_addr not in cas_ins_addrs
                 ):
                     ite_ins_addrs.append(stmt.ins_addr)
 
@@ -2998,6 +3102,12 @@ class Clinic(Analysis):
                             and last_stmt.addr.offset < 0
                             and isinstance(last_stmt.data, ailment.Expr.Const)
                             and last_stmt.data.value == succ.addr
+                        ) or (
+                            isinstance(last_stmt, ailment.Stmt.Assignment)
+                            and last_stmt.dst.was_stack
+                            and last_stmt.dst.stack_offset < 0
+                            and isinstance(last_stmt.src, ailment.Expr.Const)
+                            and last_stmt.src.value == succ.addr
                         ):
                             # remove the statement that pushes the return address
                             node.statements = node.statements[:-1]
@@ -3031,6 +3141,12 @@ class Clinic(Analysis):
                             and last_stmt.addr.offset < 0
                             and isinstance(last_stmt.data, ailment.Expr.Const)
                             and last_stmt.data.value == succ.addr
+                        ) or (
+                            isinstance(last_stmt, ailment.Stmt.Assignment)
+                            and last_stmt.dst.was_stack
+                            and last_stmt.dst.stack_offset < 0
+                            and isinstance(last_stmt.src, ailment.Expr.Const)
+                            and last_stmt.src.value == succ.addr
                         ):
                             # remove the statement that pushes the return address
                             node.statements = node.statements[:-1]

angr/analyses/decompiler/dephication/rewriting_engine.py

@@ -1,4 +1,4 @@
-# pylint:disable=unused-argument,no-self-use
+# pylint:disable=unused-argument,no-self-use,too-many-boolean-expressions
 from __future__ import annotations
 import logging
 
@@ -8,12 +8,14 @@ from ailment.statement import (
     Assignment,
     Store,
     Call,
+    CAS,
     Return,
     ConditionalJump,
     DirtyStatement,
     WeakAssignment,
 )
 from ailment.expression import (
+    Atom,
     Expression,
     VirtualVariable,
     Load,
@@ -121,6 +123,40 @@ class SimEngineDephiRewriting(SimEngineNostmtAIL[None, Expression | None, Statem
             )
         return None
 
+    def _handle_stmt_CAS(self, stmt: CAS) -> CAS | None:
+        new_addr = self._expr(stmt.addr)
+        new_data_lo = self._expr(stmt.data_lo)
+        new_data_hi = self._expr(stmt.data_hi) if stmt.data_hi is not None else None
+        new_expd_lo = self._expr(stmt.expd_lo)
+        new_expd_hi = self._expr(stmt.expd_hi) if stmt.expd_hi is not None else None
+        new_old_lo = self._expr(stmt.old_lo)
+        new_old_hi = self._expr(stmt.old_hi) if stmt.old_hi is not None else None
+        assert new_old_lo is None or isinstance(new_old_lo, Atom)
+        assert new_old_hi is None or isinstance(new_old_hi, Atom)
+
+        if (
+            new_addr is not None
+            or new_old_lo is not None
+            or new_old_hi is not None
+            or new_data_lo is not None
+            or new_data_hi is not None
+            or new_expd_lo is not None
+            or new_expd_hi is not None
+        ):
+            return CAS(
+                stmt.idx,
+                stmt.addr if new_addr is None else new_addr,
+                stmt.data_lo if new_data_lo is None else new_data_lo,
+                stmt.data_hi if new_data_hi is None else new_data_hi,
+                stmt.expd_lo if new_expd_lo is None else new_expd_lo,
+                stmt.expd_hi if new_expd_hi is None else new_expd_hi,
+                stmt.old_lo if new_old_lo is None else new_old_lo,
+                stmt.old_hi if new_old_hi is None else new_old_hi,
+                stmt.endness,
+                **stmt.tags,
+            )
+        return None
+
     def _handle_stmt_Store(self, stmt):
         new_addr = self._expr(stmt.addr)
         new_data = self._expr(stmt.data)
@@ -179,6 +215,7 @@ class SimEngineDephiRewriting(SimEngineNostmtAIL[None, Expression | None, Statem
         dirty = self._expr(stmt.dirty)
         if dirty is None or dirty is stmt.dirty:
             return None
+        assert isinstance(dirty, DirtyExpression)
         return DirtyStatement(stmt.idx, dirty, **stmt.tags)
 
     def _handle_expr_Load(self, expr):

angr/analyses/decompiler/optimization_passes/condition_constprop.py

@@ -107,6 +107,12 @@ class ConditionConstantPropagation(OptimizationPass):
                 cconds_by_src[src] = []
             cconds_by_src[src].append(ccond)
 
+        # eliminate sources with more than one in-edges; this is because the condition may not hold on all in-edges!
+        for src in list(cconds_by_src):
+            block = self._get_block(src[0], idx=src[1])
+            if block is not None and block in self._graph and self._graph.in_degree[block] > 1:
+                del cconds_by_src[src]
+
         # eliminate conflicting conditions
         for src in list(cconds_by_src):
             cconds = cconds_by_src[src]

angr/analyses/decompiler/optimization_passes/engine_base.py

@@ -86,6 +86,11 @@ class SimplifierAILEngine(
 
         return stmt
 
+    def _handle_stmt_CAS(self, stmt: ailment.statement.CAS) -> ailment.statement.CAS:
+        # we assume that we never have to deal with CAS statements at this point; they should have been rewritten to
+        # intrinsics
+        return stmt
+
     def _handle_stmt_Store(self, stmt):
         addr = self._expr(stmt.addr)
         data = self._expr(stmt.data)

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -8,6 +8,7 @@ from .a_sub_a_div_const_mul_const import ASubADivConstMulConst
 from .a_sub_a_shr_const_shr_const import ASubAShrConstShrConst
 from .arm_cmpf import ARMCmpF
 from .bswap import Bswap
+from .cas_intrinsics import CASIntrinsics
 from .coalesce_same_cascading_ifs import CoalesceSameCascadingIfs
 from .constant_derefs import ConstantDereferences
 from .const_mull_a_shift import ConstMullAShift
@@ -64,6 +65,7 @@ ALL_PEEPHOLE_OPTS: list[type[PeepholeOptimizationExprBase]] = [
     ASubAShrConstShrConst,
     ARMCmpF,
     Bswap,
+    CASIntrinsics,
     CoalesceSameCascadingIfs,
     ConstantDereferences,
     ConstMullAShift,

angr/analyses/decompiler/peephole_optimizations/cas_intrinsics.py

@@ -0,0 +1,115 @@
+# pylint:disable=arguments-differ,too-many-boolean-expressions
+from __future__ import annotations
+
+from ailment.expression import BinaryOp, Load
+from ailment.statement import CAS, ConditionalJump, Statement, Assignment, Call
+
+from .base import PeepholeOptimizationMultiStmtBase
+
+
+_INTRINSICS_NAMES = {
+    "xchg": {"Win32": "InterlockedExchange", "Linux": "atomic_exchange"},
+    "cmpxchg": {"Win32": "InterlockedCompareExchange", "Linux": "atomic_compare_exchange"},
+}
+
+
+class CASIntrinsics(PeepholeOptimizationMultiStmtBase):
+    """
+    Rewrite lock-prefixed instructions (or rather, their VEX/AIL forms) into intrinsic calls.
+
+    Case 1.
+
+                 mov eax, r12d
+    0x140014b57: xchg eax, [0x14000365f8]
+
+    LABEL_0x140014b57:
+    CAS(0x1400365f8<64>, Conv(64->32, vvar_365{reg 112}), Load(addr=0x1400365f8<64>, size=4, endness=Iend_LE),
+        vvar_27756)
+    if (CasCmpNE(vvar_27756, g_1400365f8))
+        goto LABEL_0x140014b57;
+
+    => vvar_27756 = _InterlockedExchange(0x1400365f8, vvar_365{reg 112})
+
+
+    Case 2.
+
+    lock cmpxchg cs:g_WarbirdSecureFunctionsLock, r14d
+
+    CAS(0x1400365f8<64>, 0x1<32>, 0x0<32>, vvar_27751)
+
+    => var_27751 = _InterlockedCompareExchange(0x1400365f8, 0x1<32>, 0x0<32>)
+    """
+
+    __slots__ = ()
+
+    NAME = "Rewrite compare-and-swap instructions into intrinsics."
+    stmt_classes = ((CAS, ConditionalJump), (CAS, Statement))
+
+    def optimize(self, stmts: list[Statement], stmt_idx: int | None = None, block=None, **kwargs):
+        assert len(stmts) == 2
+        cas_stmt = stmts[0]
+        next_stmt = stmts[1]
+        assert isinstance(cas_stmt, CAS)
+
+        # TODO: We ignored endianness. Are there cases where the endianness is different from the host's?
+
+        if (
+            isinstance(next_stmt, ConditionalJump)
+            and isinstance(next_stmt.condition, BinaryOp)
+            and next_stmt.condition.op == "CasCmpNE"
+            and next_stmt.ins_addr == cas_stmt.ins_addr
+        ):
+            addr = cas_stmt.addr
+            if (
+                isinstance(cas_stmt.expd_lo, Load)
+                and cas_stmt.expd_lo.addr.likes(addr)
+                and isinstance(next_stmt.condition.operands[1], Load)
+                and next_stmt.condition.operands[1].addr.likes(addr)
+                and cas_stmt.old_lo.likes(next_stmt.condition.operands[0])
+                and cas_stmt.old_hi is None
+            ):
+                # TODO: Support cases where cas_stmt.old_hi is not None
+                # Case 1
+                call_expr = Call(
+                    cas_stmt.idx,
+                    self._get_instrincs_name("xchg"),
+                    args=[addr, cas_stmt.data_lo],
+                    bits=cas_stmt.bits,
+                    ins_addr=cas_stmt.ins_addr,
+                )
+                stmt = Assignment(cas_stmt.idx, cas_stmt.old_lo, call_expr, **cas_stmt.tags)
+                return [stmt]
+
+        if next_stmt.ins_addr <= cas_stmt.ins_addr:
+            # avoid matching against statements prematurely
+            return None
+
+        if cas_stmt.old_hi is None:
+            # TODO: Support cases where cas_stmt.old_hi is not None
+            call_expr = Call(
+                cas_stmt.idx,
+                self._get_instrincs_name("cmpxchg"),
+                args=[
+                    cas_stmt.addr,
+                    cas_stmt.data_lo,
+                    cas_stmt.expd_lo,
+                ],
+                bits=cas_stmt.bits,
+                ins_addr=cas_stmt.ins_addr,
+            )
+            stmt = Assignment(cas_stmt.idx, cas_stmt.old_lo, call_expr, **cas_stmt.tags)
+            return [stmt, next_stmt]
+
+        return None
+
+    def _get_instrincs_name(self, mnemonic: str) -> str:
+        if mnemonic in _INTRINSICS_NAMES:
+            os = (
+                self.project.simos.name
+                if self.project is not None and self.project.simos is not None and self.project.simos.name is not None
+                else "Linux"
+            )
+            if os not in _INTRINSICS_NAMES[mnemonic]:
+                os = "Linux"
+            return _INTRINSICS_NAMES[mnemonic][os]
+        return mnemonic