angr 9.2.152__py3-none-manylinux2014_x86_64.whl → 9.2.154__py3-none-manylinux2014_x86_64.whl

angr/analyses/decompiler/region_identifier.py

@@ -1,4 +1,5 @@
 from __future__ import annotations
+from typing import Any
 from itertools import count
 from collections import defaultdict
 import logging
@@ -70,6 +71,9 @@ class RegionIdentifier(Analysis):
         self._largest_successor_tree_outside_loop = largest_successor_tree_outside_loop
         self._force_loop_single_exit = force_loop_single_exit
         self._complete_successors = complete_successors
+        # we keep a dictionary of node and their traversal order in a quasi-topological traversal and update this
+        # dictionary as we update the graph
+        self._node_order: dict[Any, tuple[int, int]] = {}
 
         self._analyze()
 
@@ -102,11 +106,30 @@ class RegionIdentifier(Analysis):
 
         self._start_node = self._get_start_node(graph)
 
+        self._node_order = self._compute_node_order(graph)
+
         self.region = self._make_regions(graph)
 
         # make regions into block address lists
         self.regions_by_block_addrs = self._make_regions_by_block_addrs()
 
+    @staticmethod
+    def _compute_node_order(graph: networkx.DiGraph) -> dict[Any, tuple[int, int]]:
+        sorted_nodes = GraphUtils.quasi_topological_sort_nodes(graph)
+        node_order = {}
+        for i, n in enumerate(sorted_nodes):
+            node_order[n] = i, 0
+        return node_order
+
+    def _sort_nodes(self, nodes: list | set) -> list:
+        """
+        Sorts the nodes in the order specified in self._node_order.
+
+        :param nodes:   A list or set of nodes to be sorted.
+        :return:        A sorted list of nodes.
+        """
+        return sorted(nodes, key=lambda n: self._node_order[n])
+
     def _make_regions_by_block_addrs(self) -> list[list[tuple[int, int | None]]]:
         """
         Creates a list of addr lists representing each region without recursion. A single region is defined
@@ -182,30 +205,6 @@ class RegionIdentifier(Analysis):
             None,
         )
 
-    def _test_reducibility(self):
-        # make a copy of the graph
-        graph = networkx.DiGraph(self._graph)
-
-        # preprocess: make it a super graph
-        self._make_supergraph(graph)
-
-        while True:
-            changed = False
-
-            # find a node with a back-edge, remove the edge (deleting the loop), and replace it with a MultiNode
-            changed |= self._remove_self_loop(graph)
-
-            # find a node that has only one predecessor, and merge it with its predecessor (replace them with a
-            # MultiNode)
-            changed |= self._merge_single_entry_node(graph)
-
-            if not changed:
-                # a fixed-point is reached
-                break
-
-        # Flow graph reducibility, Hecht and Ullman
-        return len(graph.nodes) == 1
-
     def _make_supergraph(self, graph: networkx.DiGraph):
 
         entry_node = None
@@ -236,7 +235,7 @@ class RegionIdentifier(Analysis):
 
     def _find_loop_headers(self, graph: networkx.DiGraph) -> list:
         heads = list({t for _, t in dfs_back_edges(graph, self._start_node)})
-        return GraphUtils.quasi_topological_sort_nodes(graph, heads)
+        return self._sort_nodes(heads)
 
     def _find_initial_loop_nodes(self, graph: networkx.DiGraph, head):
         # TODO optimize
@@ -290,7 +289,7 @@ class RegionIdentifier(Analysis):
         # node.
         subgraph = networkx.DiGraph()
 
-        sorted_refined_exit_nodes = GraphUtils.quasi_topological_sort_nodes(graph, refined_exit_nodes)
+        sorted_refined_exit_nodes = self._sort_nodes(refined_exit_nodes)
         while len(sorted_refined_exit_nodes) > 1 and new_exit_nodes:
             # visit each node in refined_exit_nodes once and determine which nodes to consider as loop nodes
             candidate_nodes = {}
@@ -324,7 +323,7 @@ class RegionIdentifier(Analysis):
 
             sorted_refined_exit_nodes += list(new_exit_nodes)
             sorted_refined_exit_nodes = list(set(sorted_refined_exit_nodes))
-            sorted_refined_exit_nodes = GraphUtils.quasi_topological_sort_nodes(graph, sorted_refined_exit_nodes)
+            sorted_refined_exit_nodes = self._sort_nodes(sorted_refined_exit_nodes)
 
         refined_exit_nodes = set(sorted_refined_exit_nodes)
         refined_loop_nodes = refined_loop_nodes - refined_exit_nodes
@@ -373,37 +372,6 @@ class RegionIdentifier(Analysis):
 
         return refined_loop_nodes, refined_exit_nodes
 
-    def _remove_self_loop(self, graph: networkx.DiGraph):
-        r = False
-
-        while True:
-            for node in graph.nodes():
-                if node in graph[node]:
-                    # found a self loop
-                    self._remove_node(graph, node)
-                    r = True
-                    break
-            else:
-                break
-
-        return r
-
-    def _merge_single_entry_node(self, graph: networkx.DiGraph):
-        r = False
-
-        while True:
-            for node in networkx.dfs_postorder_nodes(graph):
-                preds = list(graph.predecessors(node))
-                if len(preds) == 1:
-                    # merge the two nodes
-                    self._absorb_node(graph, preds[0], node)
-                    r = True
-                    break
-            else:
-                break
-
-        return r
-
     def _make_regions(self, graph: networkx.DiGraph):
         structured_loop_headers = set()
         new_regions = []
@@ -535,7 +503,14 @@ class RegionIdentifier(Analysis):
             abnormal_exit_nodes = set()
 
         region = self._abstract_cyclic_region(
-            graph, refined_loop_nodes, head, normal_entries, abnormal_entries, normal_exit_node, abnormal_exit_nodes
+            graph,
+            refined_loop_nodes,
+            head,
+            normal_entries,
+            abnormal_entries,
+            normal_exit_node,
+            abnormal_exit_nodes,
+            self._node_order,
         )
         if region.successors is not None and len(region.successors) > 1 and self._force_loop_single_exit:
             # multi-successor region. refinement is required
@@ -661,6 +636,10 @@ class RegionIdentifier(Analysis):
             graph.remove_edge(region, succ)
             graph.add_edge(cond, succ, **edge_data)
 
+        # compute the node order of newly created nodes
+        self._node_order[region] = region_node_order = min(self._node_order[node_] for node_ in region.graph)
+        self._node_order[cond] = region_node_order[0], region_node_order[1] + 1
+
     #
     # Acyclic regions
     #
@@ -733,6 +712,7 @@ class RegionIdentifier(Analysis):
                         graph,
                         GraphRegion(node, subgraph, None, None, False, None, cyclic_ancestor=cyclic),
                         [],
+                        self._node_order,
                         secondary_graph=secondary_graph,
                     )
                 continue
@@ -780,7 +760,12 @@ class RegionIdentifier(Analysis):
                         l.debug("Node %r, frontier %r.", node, frontier)
                         # l.debug("Identified an acyclic region %s.", self._dbg_block_list(region.graph.nodes()))
                         self._abstract_acyclic_region(
-                            graph, region, frontier, dummy_endnode=dummy_endnode, secondary_graph=secondary_graph
+                            graph,
+                            region,
+                            frontier,
+                            self._node_order,
+                            dummy_endnode=dummy_endnode,
+                            secondary_graph=secondary_graph,
                         )
                         # assert dummy_endnode not in graph
                         region_created = True
@@ -909,11 +894,17 @@ class RegionIdentifier(Analysis):
             )
         return None
 
+    @staticmethod
     def _abstract_acyclic_region(
-        self, graph: networkx.DiGraph, region, frontier, dummy_endnode=None, secondary_graph=None
+        graph: networkx.DiGraph,
+        region,
+        frontier,
+        node_order: dict[Any, tuple[int, int]],
+        dummy_endnode=None,
+        secondary_graph=None,
     ):
-        in_edges = self._region_in_edges(graph, region, data=True)
-        out_edges = self._region_out_edges(graph, region, data=True)
+        in_edges = RegionIdentifier._region_in_edges(graph, region, data=True)
+        out_edges = RegionIdentifier._region_out_edges(graph, region, data=True)
 
         nodes_set = set()
         for node_ in list(region.graph.nodes()):
@@ -922,6 +913,7 @@ class RegionIdentifier(Analysis):
                 graph.remove_node(node_)
 
         graph.add_node(region)
+        node_order[region] = min(node_order[node_] for node_ in nodes_set)
 
         for src, _, data in in_edges:
             if src not in nodes_set:
@@ -937,7 +929,7 @@ class RegionIdentifier(Analysis):
                     graph.add_edge(region, frontier_node)
 
         if secondary_graph is not None:
-            self._abstract_acyclic_region(secondary_graph, region, {})
+            RegionIdentifier._abstract_acyclic_region(secondary_graph, region, {}, node_order)
 
     @staticmethod
     def _abstract_cyclic_region(
@@ -948,6 +940,7 @@ class RegionIdentifier(Analysis):
         abnormal_entries,
         normal_exit_node,
         abnormal_exit_nodes,
+        node_order: dict[Any, tuple[int, int]],
     ):
         region = GraphRegion(head, None, None, None, True, None)
 
@@ -1019,6 +1012,8 @@ class RegionIdentifier(Analysis):
         graph.add_node(region)
         for src, dst, data in delayed_edges:
             graph.add_edge(src, dst, **data)
+        # update node order
+        node_order[region] = node_order[head]
 
         region.full_graph = full_graph
 
@@ -1039,25 +1034,8 @@ class RegionIdentifier(Analysis):
                 out_edges.append((region, dst, data_))
         return out_edges
 
-    def _remove_node(self, graph: networkx.DiGraph, node):  # pylint:disable=no-self-use
-        in_edges = [(src, dst, data) for (src, dst, data) in graph.in_edges(node, data=True) if src is not node]
-        out_edges = [(src, dst, data) for (src, dst, data) in graph.out_edges(node, data=True) if dst is not node]
-
-        # true case: it forms a region by itself :-)
-        new_node = None if len(in_edges) <= 1 and len(out_edges) <= 1 else MultiNode([node])
-
-        graph.remove_node(node)
-
-        if new_node is not None:
-            for src, _, data in in_edges:
-                graph.add_edge(src, new_node, **data)
-
-            for _, dst, data in out_edges:
-                graph.add_edge(new_node, dst, **data)
-
-    def _merge_nodes(
-        self, graph: networkx.DiGraph, node_a, node_b, force_multinode=False
-    ):  # pylint:disable=no-self-use
+    @staticmethod
+    def _merge_nodes(graph: networkx.DiGraph, node_a, node_b, force_multinode=False):
         in_edges = list(graph.in_edges(node_a, data=True))
         out_edges = list(graph.out_edges(node_b, data=True))
 
@@ -1089,9 +1067,116 @@ class RegionIdentifier(Analysis):
 
         return new_node
 
-    def _absorb_node(
-        self, graph: networkx.DiGraph, node_mommy, node_kiddie, force_multinode=False
-    ):  # pylint:disable=no-self-use
+    def _ensure_jump_at_loop_exit_ends(self, node: Block | MultiNode) -> None:
+        if isinstance(node, Block):
+            if not node.statements:
+                node.statements.append(
+                    Jump(
+                        None,
+                        Const(None, None, node.addr + node.original_size, self.project.arch.bits),
+                        ins_addr=node.addr,
+                    )
+                )
+            else:
+                if not isinstance(first_nonlabel_nonphi_statement(node), ConditionalJump) and not isinstance(
+                    node.statements[-1],
+                    (
+                        Jump,
+                        ConditionalJump,
+                        IncompleteSwitchCaseHeadStatement,
+                    ),
+                ):
+                    node.statements.append(
+                        Jump(
+                            None,
+                            Const(None, None, node.addr + node.original_size, self.project.arch.bits),
+                            ins_addr=node.addr,
+                        )
+                    )
+        elif isinstance(node, MultiNode) and node.nodes:
+            self._ensure_jump_at_loop_exit_ends(node.nodes[-1])
+
+    @staticmethod
+    def _dbg_block_list(blocks):
+        return [(hex(b.addr) if hasattr(b, "addr") else repr(b)) for b in blocks]
+
+    #
+    # Reducibility
+    #
+
+    def test_reducibility(self) -> bool:
+        # make a copy of the graph
+        graph = networkx.DiGraph(self._graph)
+
+        # preprocess: make it a super graph
+        self._make_supergraph(graph)
+
+        while True:
+            changed = False
+
+            # find a node with a back-edge, remove the edge (deleting the loop), and replace it with a MultiNode
+            changed |= self._remove_self_loop(graph)
+
+            # find a node that has only one predecessor, and merge it with its predecessor (replace them with a
+            # MultiNode)
+            changed |= self._merge_single_entry_node(graph)
+
+            if not changed:
+                # a fixed-point is reached
+                break
+
+        # Flow graph reducibility, Hecht and Ullman
+        return len(graph.nodes) == 1
+
+    def _remove_self_loop(self, graph: networkx.DiGraph) -> bool:
+        r = False
+
+        while True:
+            for node in graph.nodes():
+                if node in graph[node]:
+                    # found a self loop
+                    self._remove_node(graph, node)
+                    r = True
+                    break
+            else:
+                break
+
+        return r
+
+    def _merge_single_entry_node(self, graph: networkx.DiGraph) -> bool:
+        r = False
+
+        while True:
+            for node in networkx.dfs_postorder_nodes(graph):
+                preds = list(graph.predecessors(node))
+                if len(preds) == 1:
+                    # merge the two nodes
+                    self._absorb_node(graph, preds[0], node)
+                    r = True
+                    break
+            else:
+                break
+
+        return r
+
+    def _remove_node(self, graph: networkx.DiGraph, node):  # pylint:disable=no-self-use
+        in_edges = [(src, dst, data) for (src, dst, data) in graph.in_edges(node, data=True) if src is not node]
+        out_edges = [(src, dst, data) for (src, dst, data) in graph.out_edges(node, data=True) if dst is not node]
+
+        # true case: it forms a region by itself :-)
+        new_node = None if len(in_edges) <= 1 and len(out_edges) <= 1 else MultiNode([node])
+
+        graph.remove_node(node)
+
+        if new_node is not None:
+            for src, _, data in in_edges:
+                graph.add_edge(src, new_node, **data)
+
+            for _, dst, data in out_edges:
+                graph.add_edge(new_node, dst, **data)
+
+    @staticmethod
+    def _absorb_node(graph: networkx.DiGraph, node_mommy, node_kiddie, force_multinode=False):
         in_edges_mommy = graph.in_edges(node_mommy, data=True)
         out_edges_mommy = graph.out_edges(node_mommy, data=True)
         out_edges_kiddie = graph.out_edges(node_kiddie, data=True)
@@ -1129,38 +1214,5 @@ class RegionIdentifier(Analysis):
         assert node_mommy not in graph
         assert node_kiddie not in graph
 
-    def _ensure_jump_at_loop_exit_ends(self, node: Block | MultiNode) -> None:
-        if isinstance(node, Block):
-            if not node.statements:
-                node.statements.append(
-                    Jump(
-                        None,
-                        Const(None, None, node.addr + node.original_size, self.project.arch.bits),
-                        ins_addr=node.addr,
-                    )
-                )
-            else:
-                if not isinstance(first_nonlabel_nonphi_statement(node), ConditionalJump) and not isinstance(
-                    node.statements[-1],
-                    (
-                        Jump,
-                        ConditionalJump,
-                        IncompleteSwitchCaseHeadStatement,
-                    ),
-                ):
-                    node.statements.append(
-                        Jump(
-                            None,
-                            Const(None, None, node.addr + node.original_size, self.project.arch.bits),
-                            ins_addr=node.addr,
-                        )
-                    )
-        elif isinstance(node, MultiNode) and node.nodes:
-            self._ensure_jump_at_loop_exit_ends(node.nodes[-1])
-
-    @staticmethod
-    def _dbg_block_list(blocks):
-        return [(hex(b.addr) if hasattr(b, "addr") else repr(b)) for b in blocks]
-
 
 register_analysis(RegionIdentifier, "RegionIdentifier")

angr/analyses/decompiler/ssailification/ssailification.py

@@ -107,7 +107,7 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
         )
         self.secondary_stackvars = rewriter.secondary_stackvars
         self.out_graph = rewriter.out_graph
-        self.max_vvar_id = rewriter.max_vvar_id
+        self.max_vvar_id: int = rewriter.max_vvar_id if rewriter.max_vvar_id is not None else 0
 
     def _calculate_virtual_variables(
         self,

angr/analyses/decompiler/structured_codegen/c.py

@@ -1,6 +1,6 @@
 # pylint:disable=missing-class-docstring,too-many-boolean-expressions,unused-argument,no-self-use
 from __future__ import annotations
-from typing import Any, TYPE_CHECKING
+from typing import cast, Any, TYPE_CHECKING
 from collections.abc import Callable
 from collections import defaultdict, Counter
 import logging
@@ -12,7 +12,6 @@ from ailment.constant import UNDETERMINED_SIZE
 from ailment.expression import StackBaseOffset, BinaryOp
 from unique_log_filter import UniqueLogFilter
 
-from angr.procedures import SIM_LIBRARIES, SIM_TYPE_COLLECTIONS
 from angr.sim_type import (
     SimTypeLongLong,
     SimTypeInt,
@@ -32,7 +31,6 @@ from angr.sim_type import (
     SimTypeFixedSizeArray,
     SimTypeLength,
     SimTypeReg,
-    dereference_simtype,
     SimTypeInt128,
     SimTypeInt256,
     SimTypeInt512,
@@ -43,7 +41,7 @@ from angr.sim_variable import SimVariable, SimTemporaryVariable, SimStackVariabl
 from angr.utils.constants import is_alignment_mask
 from angr.utils.library import get_cpp_function_name
 from angr.utils.loader import is_in_readonly_segment, is_in_readonly_section
-from angr.utils.types import unpack_typeref, unpack_pointer_and_array
+from angr.utils.types import unpack_typeref, unpack_pointer_and_array, dereference_simtype_by_lib
 from angr.analyses.decompiler.utils import structured_node_is_simple_return
 from angr.errors import UnsupportedNodeTypeError, AngrRuntimeError
 from angr.knowledge_plugins.cfg.memory_data import MemoryData, MemoryDataSort
@@ -1301,12 +1299,7 @@ class CFunctionCall(CStatement, CExpression):
             proto = self.callee_func.prototype
             if self.callee_func.prototype_libname is not None:
                 # we need to deref the prototype in case it uses SimTypeRef internally
-                type_collections = []
-                for prototype_lib in SIM_LIBRARIES[self.callee_func.prototype_libname]:
-                    if prototype_lib.type_collection_names:
-                        for typelib_name in prototype_lib.type_collection_names:
-                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
-                proto = dereference_simtype(proto, type_collections)
+                proto = cast(SimTypeFunction, dereference_simtype_by_lib(proto, self.callee_func.prototype_libname))
             return proto
         returnty = SimTypeInt(signed=False)
         return SimTypeFunction([arg.type for arg in self.args], returnty).with_arch(self.codegen.project.arch)
@@ -1314,7 +1307,9 @@ class CFunctionCall(CStatement, CExpression):
     @property
     def type(self):
         if self.is_expr:
-            return self.prototype.returnty or SimTypeInt(signed=False).with_arch(self.codegen.project.arch)
+            return (self.prototype.returnty if self.prototype is not None else None) or SimTypeInt(
+                signed=False
+            ).with_arch(self.codegen.project.arch)
         raise AngrRuntimeError("CFunctionCall.type should not be accessed if the function call is used as a statement.")
 
     def _is_target_ambiguous(self, func_name: str) -> bool:
@@ -1323,6 +1318,8 @@ class CFunctionCall(CStatement, CExpression):
         """
         caller, callee = self.codegen._func, self.callee_func
 
+        assert self.codegen._variables_in_use is not None
+
         for var in self.codegen._variables_in_use.values():
             if func_name == var.name:
                 return True
@@ -1461,7 +1458,7 @@ class CGoto(CStatement):
     def c_repr_chunks(self, indent=0, asexpr=False):
         indent_str = self.indent_str(indent=indent)
         lbl = None
-        if self.codegen is not None:
+        if self.codegen is not None and isinstance(self.target, int):
             lbl = self.codegen.map_addr_to_label.get((self.target, self.target_idx))
 
         yield indent_str, None
@@ -1609,7 +1606,9 @@ class CVariable(CExpression):
 
         self.variable: SimVariable = variable
         self.unified_variable: SimVariable | None = unified_variable
-        self.variable_type: SimType = variable_type.with_arch(self.codegen.project.arch)
+        self.variable_type: SimType | None = (
+            variable_type.with_arch(self.codegen.project.arch) if variable_type is not None else None
+        )
         self.vvar_id = vvar_id
 
     @property
@@ -3970,7 +3969,8 @@ class MakeTypecastsImplicit(CStructuredCodeWalker):
         return super().handle_CAssignment(obj)
 
     def handle_CFunctionCall(self, obj: CFunctionCall):
-        for i, (c_arg, arg_ty) in enumerate(zip(obj.args, obj.prototype.args)):
+        prototype_args = [] if obj.prototype is None else obj.prototype.args
+        for i, (c_arg, arg_ty) in enumerate(zip(obj.args, prototype_args)):
             obj.args[i] = self.collapse(arg_ty, c_arg)
         return super().handle_CFunctionCall(obj)
 
@@ -4033,7 +4033,7 @@ class PointerArithmeticFixer(CStructuredCodeWalker):
     a_ptr = a_ptr + 1.
     """
 
-    def handle_CBinaryOp(self, obj):
+    def handle_CBinaryOp(self, obj: CBinaryOp):  # type: ignore
         obj: CBinaryOp = super().handle_CBinaryOp(obj)
         if (
             obj.op in ("Add", "Sub")

angr/analyses/decompiler/structuring/phoenix.py

@@ -1261,6 +1261,10 @@ class PhoenixStructurer(StructurerBase):
             # update node_a
             node_a = next(iter(nn for nn in graph.nodes if nn.addr == target))
 
+        better_node_a = node_a
+        if isinstance(node_a, SequenceNode) and is_empty_or_label_only_node(node_a.nodes[0]) and len(node_a.nodes) == 2:
+            better_node_a = node_a.nodes[1]
+
         case_and_entry_addrs = self._find_case_and_entry_addrs(node_a, graph, cmp_lb, jump_table)
 
         cases, node_default, to_remove = self._switch_build_cases(
@@ -1272,6 +1276,30 @@ class PhoenixStructurer(StructurerBase):
             full_graph,
         )
 
+        if isinstance(better_node_a, SwitchCaseNode) and better_node_a.default_node is None:
+            # we found a different head for an otherwise complete edge case.
+            # recreate the switch with it.
+            newsc = SwitchCaseNode(better_node_a.switch_expr, better_node_a.cases, node_default, addr=node.addr)
+
+            if node_default is not None and set(graph.succ[node_a]) != set(graph.succ[node_default]):
+                # if node_a and default_node have different successors we need to bail
+                return False
+
+            for pgraph in (graph, full_graph):
+                all_preds = set(pgraph.pred[node])
+                all_succs = set(pgraph.succ[node_a])
+                if node_default is not None:
+                    pgraph.remove_node(node_default)
+                pgraph.remove_node(node)
+                pgraph.remove_node(node_a)
+                pgraph.add_node(newsc)
+                for pred in all_preds:
+                    pgraph.add_edge(pred, newsc)
+                for succ in all_succs:
+                    pgraph.add_edge(newsc, succ)
+
+            return True
+
         if node_default is None:
             switch_end_addr = node_b_addr
         else:

angr/analyses/decompiler/structuring/structurer_nodes.py

@@ -368,6 +368,17 @@ class SwitchCaseNode(BaseNode):
         self.default_node = default_node
         self.addr = addr
 
+    def dbg_repr(self, indent=0) -> str:
+        return (
+            f"SwitchCaseNode(switch_expr={self.switch_expr}, cases=["
+            + ", ".join(
+                hex(case) if isinstance(case, int) else f"({', '.join(hex(ccase) for ccase in case)})"
+                for case in self.cases
+            )
+            + "\n"
+            + f"], default_node={self.default_node})"
+        )
+
 
 class IncompleteSwitchCaseNode(BaseNode):
     """

angr/analyses/reaching_definitions/function_handler.py

@@ -9,7 +9,7 @@ from cle.backends import ELF
 import claripy
 
 from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues
-from angr.sim_type import SimTypeBottom, dereference_simtype
+from angr.sim_type import SimTypeBottom
 from angr.knowledge_plugins.key_definitions.atoms import Atom, Register, MemoryLocation, SpOffset
 from angr.knowledge_plugins.key_definitions.tag import Tag
 from angr.calling_conventions import SimCC
@@ -18,7 +18,7 @@ from angr.knowledge_plugins.key_definitions.definition import Definition
 from angr.knowledge_plugins.functions import Function
 from angr.code_location import CodeLocation, ExternalCodeLocation
 from angr.knowledge_plugins.key_definitions.constants import ObservationPointType
-from angr import SIM_LIBRARIES, SIM_TYPE_COLLECTIONS
+from angr.utils.types import dereference_simtype_by_lib
 
 
 if TYPE_CHECKING:
@@ -221,16 +221,16 @@ class FunctionCallDataUnwrapped(FunctionCallData):
     Typechecks be gone!
     """
 
-    address_multi: MultiValues
-    address: int
+    address_multi: MultiValues  # type: ignore[reportIncompatibleVariableOverride]
+    address: int  # type: ignore[reportIncompatibleVariableOverride]
     symbol: Symbol
-    function: Function
-    name: str
-    cc: SimCC
-    prototype: SimTypeFunction
-    args_atoms: list[set[Atom]]
-    args_values: list[MultiValues]
-    ret_atoms: set[Atom]
+    function: Function  # type: ignore[reportIncompatibleVariableOverride]
+    name: str  # type: ignore[reportIncompatibleVariableOverride]
+    cc: SimCC  # type: ignore[reportIncompatibleVariableOverride]
+    prototype: SimTypeFunction  # type: ignore[reportIncompatibleVariableOverride]
+    args_atoms: list[set[Atom]]  # type: ignore[reportIncompatibleVariableOverride]
+    args_values: list[MultiValues]  # type: ignore[reportIncompatibleVariableOverride]
+    ret_atoms: set[Atom]  # type: ignore[reportIncompatibleVariableOverride]
 
     def __init__(self, inner: FunctionCallData):
         d = dict(inner.__dict__)
@@ -399,14 +399,8 @@ class FunctionHandler:
                 if data.function is not None and data.function.prototype_libname
                 else hook_libname
             )
-            type_collections = []
-            if prototype_libname is not None and prototype_libname in SIM_LIBRARIES:
-                for prototype_lib in SIM_LIBRARIES[prototype_libname]:
-                    if prototype_lib.type_collection_names:
-                        for typelib_name in prototype_lib.type_collection_names:
-                            type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
-            if type_collections:
-                prototype = dereference_simtype(data.prototype, type_collections).with_arch(state.arch)
+            if prototype_libname is not None:
+                prototype = dereference_simtype_by_lib(data.prototype, prototype_libname)
                 data.prototype = cast(SimTypeFunction, prototype)
 
         if isinstance(data.prototype, SimTypeFunction):

angr/analyses/smc.py

@@ -42,6 +42,8 @@ class TraceClassifier:
         """
         addr = state.solver.eval(state.inspect.mem_write_address)
         length = state.inspect.mem_write_length
+        if length is None:
+            length = len(state.inspect.mem_write_expr) // state.arch.byte_width
         if not isinstance(length, int):
             length = state.solver.eval(length)
         self.map.add(addr, length, TraceActions.WRITE)
@@ -103,7 +105,7 @@ class SelfModifyingCodeAnalysis(Analysis):
         """
         :param subject: Subject of analysis
         :param max_bytes: Maximum number of bytes from subject address. 0 for no limit (default).
-        :param state: State to begin executing from from.
+        :param state: State to begin executing from.
         """
         assert self.project.selfmodifying_code