angr 9.2.75__py3-none-win_amd64.whl → 9.2.77__py3-none-win_amd64.whl

angr/__init__.py

@@ -1,7 +1,7 @@
 # pylint: disable=wildcard-import
 # pylint: disable=wrong-import-position
 
-__version__ = "9.2.75"
+__version__ = "9.2.77"
 
 if bytes is str:
     raise Exception(

angr/analyses/cfg/cfg_fast.py

@@ -1017,6 +1017,40 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         # no string is found
         return 0
 
+    def _scan_for_printable_widestrings(self, start_addr: int):
+        addr = start_addr
+        sz = []
+        is_sz = True
+
+        # Get data until we meet two null bytes
+        while self._inside_regions(addr):
+            l.debug("Searching address %x", addr)
+            val0 = self._load_a_byte_as_int(addr)
+            if val0 is None:
+                break
+            val1 = self._load_a_byte_as_int(addr + 1)
+            if val1 is None:
+                break
+            if val0 == 0 and val1 == 0:
+                if len(sz) <= 10:
+                    is_sz = False
+                break
+            if val0 != 0 and val1 == 0 and val0 in self.PRINTABLES:
+                sz += [val0, val1]
+                addr += 2
+                continue
+
+            is_sz = False
+            break
+
+        if sz and is_sz:
+            l.debug("Got a wide-string of %d wide chars", len(sz))
+            string_length = len(sz) + 2
+            return string_length
+
+        # no wide string is found
+        return 0
+
     def _scan_for_repeating_bytes(self, start_addr, repeating_byte, threshold=2):
         """
         Scan from a given address and determine the occurrences of a given byte.
@@ -1061,6 +1095,9 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
 
         while True:
             string_length = self._scan_for_printable_strings(start_addr)
+            if string_length == 0:
+                string_length = self._scan_for_printable_widestrings(start_addr)
+
             if string_length:
                 self._seg_list.occupy(start_addr, string_length, "string")
                 start_addr += string_length

angr/analyses/cfg/indirect_jump_resolvers/amd64_pe_iat.py

@@ -22,7 +22,13 @@ class AMD64PeIatResolver(IndirectJumpResolver):
         if jumpkind not in {"Ijk_Call", "Ijk_Boring"}:
             return False
 
-        opnd = self.project.factory.block(addr).capstone.insns[-1].insn.operands[0]
+        insns = self.project.factory.block(addr).capstone.insns
+        if not insns:
+            return False
+        if not insns[-1].insn.operands:
+            return False
+
+        opnd = insns[-1].insn.operands[0]
         # Must be of the form: call qword ptr [0xABCD]
         if opnd.type == X86_OP_MEM and opnd.mem.disp and opnd.mem.base == X86_REG_RIP and opnd.mem.index == 0:
             return True

angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py

@@ -22,7 +22,13 @@ class X86PeIatResolver(IndirectJumpResolver):
         if jumpkind != "Ijk_Call":
             return False
 
-        opnd = self.project.factory.block(addr).capstone.insns[-1].insn.operands[0]
+        insns = self.project.factory.block(addr).capstone.insns
+        if not insns:
+            return False
+        if not insns[-1].insn.operands:
+            return False
+
+        opnd = insns[-1].insn.operands[0]
         # Must be of the form: call ds:0xABCD
         if opnd.type == X86_OP_MEM and opnd.mem.disp and not opnd.mem.base and not opnd.mem.index:
             return True

angr/analyses/decompiler/clinic.py

@@ -1399,7 +1399,10 @@ class Clinic(Analysis):
             )
             end_block_ail = ailment.IRSBConverter.convert(end_block.vex, self._ail_manager)
         else:
-            end_block_ail = next(iter(b for b in ail_graph if b.addr == end_block_addr))
+            try:
+                end_block_ail = next(iter(b for b in ail_graph if b.addr == end_block_addr))
+            except StopIteration:
+                return None
 
         # last check: if the first instruction of the end block has Sar, then we bail (due to the peephole optimization
         # SarToSignedDiv)

angr/analyses/decompiler/condition_processor.py

@@ -102,6 +102,7 @@ _ail2claripy_op_mapping = {
     "Shr": lambda expr, conv, _: _op_with_unified_size(claripy.LShR, conv, expr.operands[0], expr.operands[1]),
     "Shl": lambda expr, conv, _: _op_with_unified_size(operator.lshift, conv, expr.operands[0], expr.operands[1]),
     "Sar": lambda expr, conv, _: _op_with_unified_size(operator.rshift, conv, expr.operands[0], expr.operands[1]),
+    "Concat": lambda expr, conv, _: claripy.Concat(*[conv(operand) for operand in expr.operands]),
     # There are no corresponding claripy operations for the following operations
     "DivMod": lambda expr, _, m: _dummy_bvs(expr, m),
     "CmpF": lambda expr, _, m: _dummy_bvs(expr, m),
@@ -686,6 +687,9 @@ class ConditionProcessor:
             if cond_.args[0] is True
             else ailment.Expr.Const(None, None, False, 1, **tags),
             "Extract": lambda cond_, tags: self._convert_extract(*cond_.args, tags, memo=memo),
+            "ZeroExt": lambda cond_, tags: _binary_op_reduce(
+                "Concat", [claripy.BVV(0, cond_.args[0]), cond_.args[1]], tags
+            ),
         }
 
         if cond.op in _mapping:

angr/analyses/decompiler/decompiler.py

@@ -90,6 +90,7 @@ class Decompiler(Analysis):
         self.cache: Optional[DecompilationCache] = None
         self.options_by_class = None
         self.seq_node = None
+        self.unmodified_clinic_graph = None
 
         if decompile:
             self._decompile()
@@ -183,6 +184,9 @@ class Decompiler(Analysis):
             # the function is empty
             return
 
+        # expose a copy of the graph before structuring optimizations happen
+        # use this graph if you need a reference of exact mapping of instructions to AIL statements
+        self.unmodified_clinic_graph = clinic.copy_graph()
         cond_proc = ConditionProcessor(self.project.arch)
 
         clinic.graph = self._run_graph_simplification_passes(

angr/analyses/decompiler/optimization_passes/ite_region_converter.py

@@ -146,14 +146,15 @@ class ITERegionConverter(OptimizationPass):
         #
 
         new_region_head = region_head.copy()
+        addr_obj = true_stmt.src if "ins_addr" in true_stmt.src.tags else true_stmt
         ternary_expr = ITE(
             None,
             region_head.statements[-1].condition,
             true_stmt.src,
             false_stmt.src,
-            ins_addr=true_stmt.src.ins_addr,
-            vex_block_addr=true_stmt.src.vex_block_addr,
-            vex_stmt_idx=true_stmt.src.vex_stmt_idx,
+            ins_addr=addr_obj.ins_addr,
+            vex_block_addr=addr_obj.vex_block_addr,
+            vex_stmt_idx=addr_obj.vex_stmt_idx,
         )
         new_assignment = true_stmt.copy()
         new_assignment.src = ternary_expr

angr/analyses/decompiler/optimization_passes/multi_simplifier.py

@@ -21,7 +21,7 @@ class MultiSimplifierAILEngine(SimplifierAILEngine):
         if type(operand_0) in [Expr.Convert, Expr.Register]:
             if isinstance(operand_1, (Expr.Convert, Expr.Register)):
                 if operand_0 == operand_1:
-                    count = Expr.Const(expr.idx, None, 2, 8)
+                    count = Expr.Const(expr.idx, None, 2, operand_1.bits)
                     return Expr.BinaryOp(expr.idx, "Mul", [operand_1, count], expr.signed, **expr.tags)
         # 2*x + x = 3*x
         if Expr.BinaryOp in [type(operand_0), type(operand_1)]:

angr/analyses/decompiler/structured_codegen/c.py

@@ -12,6 +12,7 @@ from ....sim_type import (
     SimTypeInt,
     SimTypeShort,
     SimTypeChar,
+    SimTypeWideChar,
     SimTypePointer,
     SimStruct,
     SimType,
@@ -273,9 +274,6 @@ class CConstruct:
 
             last_insn_addr = None
 
-            # track all Function Calls for highlighting
-            used_func_calls = set()
-
             # track all variables so we can tell if this is a declaration or not
             used_vars = set()
 
@@ -310,15 +308,11 @@ class CConstruct:
                             CBinaryOp,
                             CUnaryOp,
                             CAssignment,
+                            CFunctionCall,
                         ),
                     ):
                         if pos_to_node is not None:
                             pos_to_node.add_mapping(pos, len(s), obj)
-                    elif isinstance(obj, CFunctionCall):
-                        if obj not in used_func_calls:
-                            used_func_calls.add(obj)
-                            if pos_to_node is not None:
-                                pos_to_node.add_mapping(pos, len(s), obj)
 
                 # add (), {}, [], and [20] to mapping for highlighting as well as the full functions name
                 elif isinstance(obj, (CClosingObject, CFunction, CArrayTypeLength, CStructFieldNameDef)):
@@ -1247,15 +1241,15 @@ class CFunctionCall(CStatement, CExpression):
 
         for i, arg in enumerate(self.args):
             if i:
-                yield ", ", self
+                yield ", ", None
             yield from CExpression._try_c_repr_chunks(arg)
 
         yield ")", paren
 
         if not self.is_expr and not asexpr:
-            yield ";", self
+            yield ";", None
             if not self.returning:
-                yield " /* do not return */", self
+                yield " /* do not return */", None
             yield "\n", None
 
 
@@ -2012,14 +2006,14 @@ class CConstant(CExpression):
         return self._type
 
     @staticmethod
-    def str_to_c_str(_str):
+    def str_to_c_str(_str, prefix: str = ""):
         repr_str = repr(_str)
         base_str = repr_str[1:-1]
         if repr_str[0] == "'":
             # check if there's double quotes in the body
             if '"' in base_str:
                 base_str = base_str.replace('"', '\\"')
-        return f'"{base_str}"'
+        return f'{prefix}"{base_str}"'
 
     def c_repr_chunks(self, indent=0, asexpr=False):
         if self.collapsed:
@@ -2045,6 +2039,9 @@ class CConstant(CExpression):
             elif isinstance(self._type, SimTypePointer) and isinstance(self._type.pts_to, SimTypeChar):
                 refval = self.reference_values[self._type]  # angr.knowledge_plugin.cfg.MemoryData
                 yield CConstant.str_to_c_str(refval.content.decode("utf-8")), self
+            elif isinstance(self._type, SimTypePointer) and isinstance(self._type.pts_to, SimTypeWideChar):
+                refval = self.reference_values[self._type]  # angr.knowledge_plugin.cfg.MemoryData
+                yield CConstant.str_to_c_str(refval.content.decode("utf_16_le"), prefix="L"), self
             else:
                 if isinstance(self.reference_values[self._type], int):
                     yield self.fmt_int(self.reference_values[self._type]), self
@@ -2724,6 +2721,9 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         o_constant, o_terms = extract_terms(expr)
 
         def bail_out():
+            if len(o_terms) == 0:
+                # probably a plain integer, return as is
+                return expr
             result = reduce(
                 lambda a1, a2: CBinaryOp("Add", a1, a2, codegen=self),
                 (
@@ -3234,15 +3234,26 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
                     and expr.bits == self.project.arch.bits
                     and expr.value > 0x10000
                     and expr.value in self._cfg.memory_data
-                    and self._cfg.memory_data[expr.value].sort == MemoryDataSort.String
                 ):
-                    type_ = SimTypePointer(SimTypeChar()).with_arch(self.project.arch)
-                    reference_values[type_] = self._cfg.memory_data[expr.value]
-                    # is it a constant string?
-                    if is_in_readonly_segment(self.project, expr.value) or is_in_readonly_section(
-                        self.project, expr.value
-                    ):
-                        inline_string = True
+                    md = self._cfg.memory_data[expr.value]
+                    if md.sort == MemoryDataSort.String:
+                        type_ = SimTypePointer(SimTypeChar().with_arch(self.project.arch)).with_arch(self.project.arch)
+                        reference_values[type_] = self._cfg.memory_data[expr.value]
+                        # is it a constant string?
+                        if is_in_readonly_segment(self.project, expr.value) or is_in_readonly_section(
+                            self.project, expr.value
+                        ):
+                            inline_string = True
+                    elif md.sort == MemoryDataSort.UnicodeString:
+                        type_ = SimTypePointer(SimTypeWideChar().with_arch(self.project.arch)).with_arch(
+                            self.project.arch
+                        )
+                        reference_values[type_] = self._cfg.memory_data[expr.value]
+                        # is it a constant string?
+                        if is_in_readonly_segment(self.project, expr.value) or is_in_readonly_section(
+                            self.project, expr.value
+                        ):
+                            inline_string = True
 
         if type_ is None:
             # default to int

angr/analyses/propagator/engine_ail.py

@@ -1204,7 +1204,7 @@ class SimEnginePropagatorAIL(
                     o1_expr if o1_expr is not None else expr.operands[1],
                 ],
                 expr.signed,
-                bits=o0_expr.bits * 2,
+                bits=expr.bits,
                 floating_point=expr.floating_point,
                 rounding_mode=expr.rounding_mode,
                 **expr.tags,

angr/analyses/reaching_definitions/engine_ail.py

@@ -118,9 +118,6 @@ class SimEngineRDAIL(
     def _process_Stmt(self, whitelist=None):
         super()._process_Stmt(whitelist=whitelist)
 
-        if self.state.analysis:
-            self.state.analysis.model.complete_loc()
-
     def _handle_Stmt(self, stmt):
         if self.state.analysis:
             self.state.analysis.stmt_observe(self.stmt_idx, stmt, self.block, self.state, OP_BEFORE)
@@ -801,7 +798,7 @@ class SimEngineRDAIL(
         elif expr0_v is None and expr1_v is not None:
             # each value in expr0 >> expr1_v
             if expr0.count() == 1 and 0 in expr0:
-                if all(v.concrete for v in expr0[0]):
+                if all(v.concrete for v in expr0[0]) and expr1_v.concrete:
                     vs = {
                         (claripy.LShR(v, expr1_v.concrete_value) if v.concrete else self.state.top(bits))
                         for v in expr0[0]
@@ -839,7 +836,7 @@ class SimEngineRDAIL(
         elif expr0_v is None and expr1_v is not None:
             # each value in expr0 >> expr1_v
             if expr0.count() == 1 and 0 in expr0:
-                if all(v.concrete for v in expr0[0]):
+                if all(v.concrete for v in expr0[0]) and expr1_v.concrete:
                     vs = {
                         (claripy.LShR(v, expr1_v.concrete_value) if v.concrete else self.state.top(bits))
                         for v in expr0[0]
@@ -877,7 +874,7 @@ class SimEngineRDAIL(
         elif expr0_v is None and expr1_v is not None:
             # each value in expr0 << expr1_v
             if expr0.count() == 1 and 0 in expr0:
-                if all(v.concrete for v in expr0[0]):
+                if all(v.concrete for v in expr0[0]) and expr1_v.concrete:
                     vs = {((v << expr1_v.concrete_value) if v.concrete else self.state.top(bits)) for v in expr0[0]}
                     r = MultiValues(offset_to_values={0: vs})
         elif expr0_v is not None and expr1_v is None:

angr/analyses/reaching_definitions/engine_vex.py

@@ -147,11 +147,11 @@ class SimEngineRDVEX(
                 if self.state.is_heap_address(d):
                     heap_offset = self.state.get_heap_offset(d)
                     if heap_offset is not None:
-                        self.state.add_heap_use(heap_offset, 1, "Iend_BE")
+                        self.state.add_heap_use(heap_offset, 1)
                 elif self.state.is_stack_address(d):
                     stack_offset = self.state.get_stack_offset(d)
                     if stack_offset is not None:
-                        self.state.add_stack_use(stack_offset, 1, "Iend_BE")
+                        self.state.add_stack_use(stack_offset, 1)
 
         if self.state.exit_observed and reg_offset == self.arch.sp_offset:
             return
@@ -989,6 +989,34 @@ class SimEngineRDVEX(
                 return MultiValues(claripy.BVV(0, 1))
         return MultiValues(self.state.top(1))
 
+    def _handle_CmpGT(self, expr):
+        arg0, arg1 = expr.args
+        expr_0 = self._expr(arg0)
+        expr_1 = self._expr(arg1)
+
+        e0 = expr_0.one_value()
+        e1 = expr_1.one_value()
+        if e0 is not None and e1 is not None:
+            if not e0.symbolic and not e1.symbolic:
+                return MultiValues(claripy.BVV(1, 1) if e0.concrete_value > e1.concrete_value else claripy.BVV(0, 1))
+            elif e0 is e1:
+                return MultiValues(claripy.BVV(0, 1))
+        return MultiValues(self.state.top(1))
+
+    def _handle_CmpGE(self, expr):
+        arg0, arg1 = expr.args
+        expr_0 = self._expr(arg0)
+        expr_1 = self._expr(arg1)
+
+        e0 = expr_0.one_value()
+        e1 = expr_1.one_value()
+        if e0 is not None and e1 is not None:
+            if not e0.symbolic and not e1.symbolic:
+                return MultiValues(claripy.BVV(1, 1) if e0.concrete_value >= e1.concrete_value else claripy.BVV(0, 1))
+            elif e0 is e1:
+                return MultiValues(claripy.BVV(0, 1))
+        return MultiValues(self.state.top(1))
+
     # ppc only
     def _handle_CmpORD(self, expr):
         arg0, arg1 = expr.args
@@ -1001,6 +1029,8 @@ class SimEngineRDVEX(
 
         if e0 is not None and e1 is not None:
             if not e0.symbolic and not e1.symbolic:
+                e0 = e0.concrete_value
+                e1 = e1.concrete_value
                 if e0 < e1:
                     return MultiValues(claripy.BVV(0x8, bits))
                 elif e0 > e1:

angr/analyses/reaching_definitions/function_handler.py

@@ -409,7 +409,7 @@ class FunctionHandler:
         # translate all the dep atoms into dep defns
         for effect in data.effects:
             if effect.sources_defns is None and effect.sources:
-                effect.sources_defns = set().union(*(set(state.get_definitions(atom)) for atom in effect.sources))
+                effect.sources_defns = set().union(*(state.get_definitions(atom) for atom in effect.sources))
                 if not effect.sources_defns:
                     effect.sources_defns = {Definition(atom, ExternalCodeLocation()) for atom in effect.sources}
                 other_input_defns |= effect.sources_defns - all_args_defns

angr/analyses/reaching_definitions/rd_initializer.py

@@ -63,7 +63,7 @@ class RDAStateInitializer:
         self.initialize_architectural_state(state, func_addr, ex_loc, rtoc_value)
 
         if state.analysis is not None:
-            state.analysis.model.complete_loc()
+            state.analysis.model.make_liveness_snapshot()
 
     def initialize_all_function_arguments(
         self,
@@ -147,7 +147,7 @@ class RDAStateInitializer:
             rtoc_def = Definition(rtoc_atom, ex_loc, tags={InitialValueTag()})
             state.all_definitions.add(rtoc_def)
             if state.analysis is not None:
-                state.analysis.model.add_def(rtoc_def, ex_loc)
+                state.analysis.model.add_def(rtoc_def)
             rtoc = state.annotate_with_def(claripy.BVV(rtoc_value, self.arch.bits), rtoc_def)
             state.registers.store(offset, rtoc)
         elif self.arch.name.startswith("MIPS64"):
@@ -156,7 +156,7 @@ class RDAStateInitializer:
             t9_def = Definition(t9_atom, ex_loc, tags={InitialValueTag()})
             state.all_definitions.add(t9_def)
             if state.analysis is not None:
-                state.analysis.model.add_def(t9_def, ex_loc)
+                state.analysis.model.add_def(t9_def)
             t9 = state.annotate_with_def(claripy.BVV(func_addr, self.arch.bits), t9_def)
             state.registers.store(offset, t9)
         elif self.arch.name.startswith("MIPS"):
@@ -167,7 +167,7 @@ class RDAStateInitializer:
             t9_def = Definition(t9_atom, ex_loc, tags={InitialValueTag()})
             state.all_definitions.add(t9_def)
             if state.analysis is not None:
-                state.analysis.model.add_def(t9_def, ex_loc)
+                state.analysis.model.add_def(t9_def)
             t9 = state.annotate_with_def(claripy.BVV(func_addr, self.arch.bits), t9_def)
             state.registers.store(t9_offset, t9)
 
@@ -185,7 +185,7 @@ class RDAStateInitializer:
         reg_def = Definition(reg_atom, ex_loc, tags={ParameterTag(function=func_addr)})
         state.all_definitions.add(reg_def)
         if state.analysis is not None:
-            state.analysis.model.add_def(reg_def, ex_loc)
+            state.analysis.model.add_def(reg_def)
         if value is None:
             value = state.top(self.arch.bits)
         reg = state.annotate_with_def(value, reg_def)
@@ -198,7 +198,7 @@ class RDAStateInitializer:
         ml_def = Definition(ml_atom, ex_loc, tags={ParameterTag(function=func_addr)})
         state.all_definitions.add(ml_def)
         if state.analysis is not None:
-            state.analysis.model.add_def(ml_def, ex_loc)
+            state.analysis.model.add_def(ml_def)
         ml = state.annotate_with_def(state.top(self.arch.bits), ml_def)
         stack_address = state.get_stack_address(state.stack_address(arg.stack_offset))
         state.stack.store(stack_address, ml, endness=self.arch.memory_endness)

angr/analyses/reaching_definitions/rd_state.py

@@ -328,7 +328,7 @@ class ReachingDefinitionsState:
         Overwrite existing definitions w.r.t 'atom' with a dummy definition instance. A dummy definition will not be
         removed during simplification.
         """
-        existing_defs = set(self.live_definitions.get_definitions(atom))
+        existing_defs = self.live_definitions.get_definitions(atom)
 
         self.live_definitions.kill_definitions(atom)
 
@@ -347,7 +347,7 @@ class ReachingDefinitionsState:
         override_codeloc: Optional[CodeLocation] = None,
     ) -> Tuple[Optional[MultiValues], Set[Definition]]:
         codeloc = override_codeloc or self.codeloc
-        existing_defs = set(self.live_definitions.get_definitions(atom))
+        existing_defs = self.live_definitions.get_definitions(atom)
         mv = self.live_definitions.kill_and_add_definition(
             atom, codeloc, data, dummy=dummy, tags=tags, endness=endness, annotated=annotated
         )
@@ -417,7 +417,7 @@ class ReachingDefinitionsState:
         for def_ in existing_defs:
             self.analysis.model.kill_def(def_)
         for def_ in defs:
-            self.analysis.model.add_def(def_, codeloc)
+            self.analysis.model.add_def(def_)
 
         return mv, defs
 
@@ -450,8 +450,8 @@ class ReachingDefinitionsState:
             self.codeloc_uses.add(definition)
             self.live_definitions.add_register_use_by_def(definition, self.codeloc, expr=expr)
 
-    def add_stack_use(self, stack_offset: int, size: int, endness, expr: Optional[Any] = None) -> None:
-        defs = self.live_definitions.get_stack_definitions(stack_offset, size, endness)
+    def add_stack_use(self, stack_offset: int, size: int, expr: Optional[Any] = None) -> None:
+        defs = self.live_definitions.get_stack_definitions(stack_offset, size)
         self.add_stack_use_by_defs(defs, expr=expr)
 
     def add_stack_use_by_defs(self, defs: Iterable[Definition], expr: Optional[Any] = None):
@@ -459,8 +459,8 @@ class ReachingDefinitionsState:
             self.codeloc_uses.add(definition)
             self.live_definitions.add_stack_use_by_def(definition, self.codeloc, expr=expr)
 
-    def add_heap_use(self, heap_offset: int, size: int, endness, expr: Optional[Any] = None) -> None:
-        defs = self.live_definitions.get_heap_definitions(heap_offset, size, endness)
+    def add_heap_use(self, heap_offset: int, size: int, expr: Optional[Any] = None) -> None:
+        defs = self.live_definitions.get_heap_definitions(heap_offset, size)
         self.add_heap_use_by_defs(defs, expr=expr)
 
     def add_heap_use_by_defs(self, defs: Iterable[Definition], expr: Optional[Any] = None):
@@ -477,10 +477,8 @@ class ReachingDefinitionsState:
             self.codeloc_uses.add(definition)
             self.live_definitions.add_memory_use_by_def(definition, self.codeloc, expr=expr)
 
-    def get_definitions(
-        self, atom: Union[Atom, Definition, Iterable[Atom], Iterable[Definition]]
-    ) -> Iterable[Definition]:
-        yield from self.live_definitions.get_definitions(atom)
+    def get_definitions(self, atom: Union[Atom, Definition, Iterable[Atom], Iterable[Definition]]) -> Set[Definition]:
+        return self.live_definitions.get_definitions(atom)
 
     def get_values(self, spec: Union[Atom, Definition, Iterable[Atom]]) -> Optional[MultiValues]:
         return self.live_definitions.get_values(spec)

angr/analyses/typehoon/typevars.py

@@ -1,9 +1,7 @@
 # pylint:disable=missing-class-docstring
-from typing import Dict, Any, Optional, TYPE_CHECKING
+from typing import Dict, Any, Optional, Set, TYPE_CHECKING
 from itertools import count
 
-from ...utils.cowdict import ChainMapCOW
-
 if TYPE_CHECKING:
     from angr.sim_variable import SimVariable
 
@@ -340,25 +338,20 @@ class DerivedTypeVariable(TypeVariable):
 
 
 class TypeVariables:
-    __slots__ = ("_typevars",)
+    __slots__ = (
+        "_typevars",
+        "_last_typevars",
+    )
 
     def __init__(self):
-        self._typevars: Dict["SimVariable", TypeVariable] = ChainMapCOW(collapse_threshold=25)
-
-    def merge(self, tvs):
-        merged = TypeVariables()
-
-        # TODO: Replace this with a real lattice-based merging
-        merged._typevars = self._typevars.copy()
-        if tvs._typevars:
-            merged._typevars = merged._typevars.clean()
-            merged._typevars.update(tvs._typevars)
-
-        return merged
+        self._typevars: Dict["SimVariable", Set[TypeVariable]] = {}
+        self._last_typevars: Dict[SimVariable, TypeVariable] = {}
 
     def copy(self):
         copied = TypeVariables()
-        copied._typevars = self._typevars.copy()
+        for var, typevars in self._typevars.items():
+            copied._typevars[var] = typevars.copy()
+        copied._last_typevars = self._last_typevars.copy()
         return copied
 
     def __repr__(self):
@@ -369,27 +362,24 @@ class TypeVariables:
         return "{TypeVars: %d items}" % len(self._typevars)
 
     def add_type_variable(self, var: "SimVariable", codeloc, typevar: TypeVariable):  # pylint:disable=unused-argument
-        # if var not in self._typevars:
-        #    self._typevars[var] = { }
-
-        # assert codeloc not in self._typevars[var]
-        # self._typevars[var][codeloc] = typevar
-        self._typevars = self._typevars.clean()
-        self._typevars[var] = typevar
+        if var not in self._typevars:
+            self._typevars[var] = set()
+        elif typevar in self._typevars[var]:
+            return
+        self._typevars[var].add(typevar)
+        self._last_typevars[var] = typevar
 
     def get_type_variable(self, var, codeloc):  # pylint:disable=unused-argument
-        return self._typevars[var]  # [codeloc]
+        return self._last_typevars[var]
 
     def has_type_variable_for(self, var: "SimVariable", codeloc):  # pylint:disable=unused-argument
-        if var not in self._typevars:
-            return False
-        return True
+        return var in self._typevars
         # if codeloc not in self._typevars[var]:
         #     return False
         # return True
 
     def __getitem__(self, var):
-        return self._typevars[var]
+        return self._last_typevars[var]
 
     def __contains__(self, var):
         return var in self._typevars

angr/analyses/variable_recovery/irsb_scanner.py

@@ -97,6 +97,22 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
             if tmp_src in self.tmps_with_64bit_regs:
                 self.tmps_converted_to_32bit.add(tmp_src)
 
+    def _handle_16HLto32(self, expr):
+        pass
+
+    def _handle_Cmp_v(self, expr, _vector_size, _vector_count):
+        pass
+
+    _handle_CmpEQ_v = _handle_Cmp_v
+    _handle_CmpNE_v = _handle_Cmp_v
+    _handle_CmpLE_v = _handle_Cmp_v
+    _handle_CmpLT_v = _handle_Cmp_v
+    _handle_CmpGE_v = _handle_Cmp_v
+    _handle_CmpGT_v = _handle_Cmp_v
+
+    def _handle_ExpCmpNE64(self, expr):
+        pass
+
     def _handle_CCall(self, expr):
         pass