angr 9.2.87__py3-none-manylinux2014_x86_64.whl → 9.2.89__py3-none-manylinux2014_x86_64.whl

tests/sim/test_accuracy.py

@@ -1,137 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-arch_data = {  # (steps, [hit addrs], finished)
-    "x86_64": (330, (0x1021C20, 0x1021980, 0x1021BE0, 0x4004B0, 0x400440, 0x400570), True),
-    "i386": (
-        425,
-        (0x90198E0, 0x90195C0, 0x9019630, 0x90198A0, 0x8048370, 0x80482F8, 0x8048440, 0x804846D, 0x8048518),
-        True,
-    ),
-    "ppc": (381, (0x11022F50, 0x11022EB0, 0x10000340, 0x100002E8, 0x1000053C, 0x1000063C), True),
-    "ppc64": (372, (0x11047490, 0x100003FC, 0x10000368, 0x10000654, 0x10000770), True),
-    "mips": (363, (0x1016F20, 0x400500, 0x400470, 0x400640, 0x400750), True),
-    "mips64": (390, (0x12103B828, 0x120000870, 0x1200007E0, 0x120000A80, 0x120000B68), True),
-    "armel": (370, (0x10154B8, 0x1108244, 0x83A8, 0x8348, 0x84B0, 0x84E4, 0x85E8), True),
-    "aarch64": (370, (0x1020B04, 0x400430, 0x4003B8, 0x400538, 0x400570, 0x40062C), True),
-}
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestAccuracy(unittest.TestCase):
-    def _emulate(self, arch, binary, use_sim_procs, steps, hit_addrs, finished):
-        # auto_load_libs can't be disabled as the test takes longer time to execute
-        p = angr.Project(
-            os.path.join(test_location, arch, binary),
-            use_sim_procedures=use_sim_procs,
-            rebase_granularity=0x1000000,
-            load_debug_info=False,
-            auto_load_libs=True,
-        )
-        state = p.factory.full_init_state(
-            args=["./test_arrays"],
-            add_options={
-                angr.options.STRICT_PAGE_ACCESS,
-                angr.options.ENABLE_NX,
-                angr.options.ZERO_FILL_UNCONSTRAINED_MEMORY,
-                angr.options.USE_SYSTEM_TIMES,
-            },
-        )
-
-        pg = p.factory.simulation_manager(state, resilience=True)
-        pg2 = pg.run(until=lambda lpg: len(lpg.active) != 1)
-
-        is_finished = False
-        if len(pg2.active) > 0:
-            state = pg2.active[0]
-        elif len(pg2.deadended) > 0:
-            state = pg2.deadended[0]
-            is_finished = True
-        elif len(pg2.errored) > 0:
-            state = pg2.errored[0].state  # ErroredState object!
-        else:
-            raise ValueError("The result does not contain a state we can use for this test?")
-
-        assert state.history.depth >= steps
-
-        # this is some wonky control flow that asserts that the items in hit_addrs appear in the state in order.
-        trace = state.history.bbl_addrs.hardcopy
-        reqs = list(hit_addrs)
-        while len(reqs) > 0:
-            req = reqs.pop(0)
-            while True:
-                assert len(trace) > 0
-                trace_head = trace.pop(0)
-                if trace_head == req:
-                    break
-                assert trace_head not in reqs
-
-        if finished:
-            assert is_finished
-
-    def test_windows(self):
-        self._emulate(
-            "i386", "test_arrays.exe", True, 41, [], False
-        )  # blocked on GetLastError or possibly dynamic loading
-
-    def test_x86_64(self):
-        steps, hit_addrs, finished = arch_data["x86_64"]
-        self._emulate("x86_64", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_i386(self):
-        steps, hit_addrs, finished = arch_data["i386"]
-        self._emulate("i386", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_ppc(self):
-        steps, hit_addrs, finished = arch_data["ppc"]
-        self._emulate("ppc", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_ppc64(self):
-        steps, hit_addrs, finished = arch_data["ppc64"]
-        self._emulate("ppc64", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_mips(self):
-        steps, hit_addrs, finished = arch_data["mips"]
-        self._emulate("mips", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_mips64(self):
-        steps, hit_addrs, finished = arch_data["mips64"]
-        self._emulate("mips64", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_armel(self):
-        steps, hit_addrs, finished = arch_data["armel"]
-        self._emulate("armel", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_aarch64(self):
-        steps, hit_addrs, finished = arch_data["aarch64"]
-        self._emulate("aarch64", "test_arrays", False, steps, hit_addrs, finished)
-
-    def test_locale(self):
-        # auto_load_libs can't be disabled as the test takes longer time to execute
-        p = angr.Project(os.path.join(test_location, "i386", "isalnum"), use_sim_procedures=False, auto_load_libs=True)
-        state = p.factory.full_init_state(args=["./isalnum"], add_options={angr.options.STRICT_PAGE_ACCESS})
-        pg = p.factory.simulation_manager(state)
-        pg2 = pg.run(
-            until=lambda lpg: len(lpg.active) != 1, step_func=lambda lpg: lpg if len(lpg.active) == 1 else lpg.prune()
-        )
-        assert len(pg2.active) == 0
-        assert len(pg2.deadended) == 1
-        assert pg2.deadended[0].history.events[-1].type == "terminate"
-        assert pg2.deadended[0].history.events[-1].objects["exit_code"].concrete_value == 0
-
-
-if __name__ == "__main__":
-    # emulate('armel', 'test_arrays', False, *arch_data['armel'])
-    # import sys; sys.exit()
-    unittest.main()

tests/sim/test_checkbyte.py

@@ -1,53 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-# TODO: arches += ( "armhf", )
-
-
-# pylint: disable=missing-class-docstring
-# pylint: disable=no-self-use
-class TestCheckbyte(unittest.TestCase):
-    def _run_checkbyte(self, arch):
-        p = angr.Project(os.path.join(test_location, arch, "checkbyte"), auto_load_libs=False)
-        results = p.factory.simulation_manager().run(n=100)  # , until=lambda lpg: len(lpg.active) > 1)
-
-        assert len(results.deadended) == 2
-        one = results.deadended[0].posix.dumps(1)
-        two = results.deadended[1].posix.dumps(1)
-        assert {one, two} == {b"First letter good\n", b"First letter bad\n"}
-
-    def test_checkbyte_armel(self):
-        self._run_checkbyte("armel")
-
-    def test_checkbyte_i386(self):
-        self._run_checkbyte("i386")
-
-    def test_checkbyte_mips(self):
-        self._run_checkbyte("mips")
-
-    def test_checkbyte_mipsel(self):
-        self._run_checkbyte("mipsel")
-
-    def test_checkbyte_ppc64(self):
-        self._run_checkbyte("ppc64")
-
-    def test_checkbyte_ppc(self):
-        self._run_checkbyte("ppc")
-
-    def test_checkbyte_x86_64(self):
-        self._run_checkbyte("x86_64")
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/sim/test_echo.py

@@ -1,36 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,disable=no-self-use
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestEcho(unittest.TestCase):
-    def _run_echo_haha(self, arch):
-        # auto_load_libs can't be disabled as the test fails
-        p = angr.Project(os.path.join(test_location, arch, "echo"), use_sim_procedures=False)
-        s = p.factory.full_init_state(
-            mode="symbolic_approximating", args=["echo", "haha"], add_options={angr.options.STRICT_PAGE_ACCESS}
-        )
-        pg = p.factory.simulation_manager(s)
-        pg.run(until=lambda lpg: len(lpg.active) != 1)
-
-        assert len(pg.deadended) == 1
-        assert len(pg.active) == 0
-        # Need to dump by path because the program closes stdout
-        assert pg.deadended[0].posix.stdout.concretize() == [b"haha\n"]
-
-    def test_echo_haha(self):
-        self._run_echo_haha("x86_64")
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/sim/test_fauxware.py

@@ -1,202 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import gc
-import os
-import pickle
-import unittest
-
-import angr
-from angr.state_plugins.history import HistoryIter
-
-from ..common import bin_location, slow_test
-
-
-test_location = os.path.join(bin_location, "tests")
-
-target_addrs = {
-    "i386": [0x080485C9],
-    "x86_64": [0x4006ED],
-    "ppc": [0x1000060C],
-    "armel": [0x85F0],
-    "android/arm": [0x4004CC],
-    "mips": [0x4009FC],
-}
-
-avoid_addrs = {
-    "i386": [0x080485DD, 0x08048564],
-    "x86_64": [0x4006AA, 0x4006FD],
-    "ppc": [0x10000644, 0x1000059C],
-    "armel": [0x86F8, 0x857C],
-    "android/arm": [0x4004F0, 0x400470],
-    "mips": [0x400A10, 0x400774],
-}
-
-corrupt_addrs = {
-    "i386": [0x80486B6, b"bO\xcc", lambda s: s.memory.store(s.regs.esp, s.regs.eax)],
-    "x86_64": [0x400742, b"\x0f\x0b\xb0[\x41", lambda s: s.registers.store("rdx", 8)],
-    "ppc": [0x100006B8, b"\x05\xad\xc2\xea", lambda s: s.registers.store("r5", 8)],
-    "armel": [0x8678, b"\xbdM\xec3", lambda s: s.registers.store("r2", 8)],
-    "mips": [0x400918, b"[\xf8\x96@"[::-1], lambda s: s.registers.store("a2", 8)],
-}
-
-divergences = {
-    "ppc": 0x10000588,
-    "x86_64": 0x40068E,
-    "i386": 0x8048559,
-    "armel": 0x8568,
-    "android/arm": 0x40045C,
-    "mips": 0x40075C,
-}
-
-
-class TestFauxware(unittest.TestCase):
-    def _run_fauxware(self, arch):
-        p = angr.Project(os.path.join(test_location, arch, "fauxware"), auto_load_libs=False)
-        results = p.factory.simulation_manager().explore(find=target_addrs[arch], avoid=avoid_addrs[arch])
-        stdin = results.found[0].posix.dumps(0)
-        assert b"\x00\x00\x00\x00\x00\x00\x00\x00\x00SOSNEAKY\x00" == stdin
-
-        # test the divergence detection
-        ancestor = results.found[0].history.closest_common_ancestor((results.avoid + results.active)[0].history)
-        divergent_point = list(HistoryIter(results.found[0].history, end=ancestor))[0]
-        # p.factory.block(divergent_point.addr).pp()
-        assert divergent_point.recent_bbl_addrs[0] == divergences[arch]
-
-    def _run_pickling(self, arch):
-        p = angr.Project(os.path.join(test_location, arch, "fauxware"), auto_load_libs=False)
-        pg = p.factory.simulation_manager().run(n=10)
-        pickled = pickle.dumps(pg, pickle.HIGHEST_PROTOCOL)
-        del p
-        del pg
-        gc.collect()
-        pg = pickle.loads(pickled)
-
-        pg.explore(find=target_addrs[arch], avoid=avoid_addrs[arch])
-        stdin = pg.found[0].posix.dumps(0)
-        assert b"\x00\x00\x00\x00\x00\x00\x00\x00\x00SOSNEAKY\x00" == stdin
-
-    @slow_test
-    def _run_fastmem(self, arch):
-        p = angr.Project(os.path.join(test_location, arch, "fauxware"), auto_load_libs=False)
-        p.analyses.CongruencyCheck(throw=True).set_state_options(right_add_options={"FAST_REGISTERS"}).run()
-
-    def _run_nodecode(self, arch):
-        p = angr.Project(os.path.join(test_location, arch, "fauxware"), auto_load_libs=False)
-
-        # screw up the instructions and make sure the test fails with nodecode
-        for i, c in enumerate(corrupt_addrs[arch][1]):
-            p.loader.memory[corrupt_addrs[arch][0] + i] = c
-        boned = p.factory.simulation_manager().explore(find=target_addrs[arch], avoid=avoid_addrs[arch])
-        assert len(boned.errored) >= 1
-        assert isinstance(boned.errored[0].error, angr.SimIRSBNoDecodeError)
-        assert boned.errored[0].state.addr == corrupt_addrs[arch][0]
-
-        # hook the instructions with the emulated stuff
-        p.hook(
-            corrupt_addrs[arch][0],
-            corrupt_addrs[arch][2],
-            length=len(corrupt_addrs[arch][1]),
-        )
-        results = p.factory.simulation_manager().explore(find=target_addrs[arch], avoid=avoid_addrs[arch])
-        stdin = results.found[0].posix.dumps(0)
-        assert b"\x00\x00\x00\x00\x00\x00\x00\x00\x00SOSNEAKY\x00" == stdin
-
-    def _run_merge(self, arch):
-        p = angr.Project(os.path.join(test_location, arch, "fauxware"), auto_load_libs=False)
-        pg = p.factory.simulation_manager()
-        pg.explore()
-
-        # release the unmergable data
-        for s in pg.deadended:
-            s.release_plugin("fs")
-            if 3 in s.posix.fd:
-                s.posix.close(3)
-
-        pg.merge(stash="deadended", merge_key=lambda s: s.addr)
-
-        path = pg.deadended[[b"Welcome" in s for s in pg.mp_deadended.posix.dumps(1).mp_items].index(True)]
-        yes, no = path.history.merge_conditions
-        inp = path.posix.stdin.content[2][0]  # content of second packet
-        try:
-            assert b"SOSNEAKY" in path.solver.eval(inp, cast_to=bytes, extra_constraints=(yes,))
-            assert b"SOSNEAKY" not in path.solver.eval(inp, cast_to=bytes, extra_constraints=(no,))
-        except AssertionError:
-            yes, no = no, yes
-            assert b"SOSNEAKY" in path.solver.eval(inp, cast_to=bytes, extra_constraints=(yes,))
-            assert b"SOSNEAKY" not in path.solver.eval(inp, cast_to=bytes, extra_constraints=(no,))
-
-    def test_merge_i386(self):
-        self._run_merge("i386")
-
-    def test_merge_x86_64(self):
-        self._run_merge("x86_64")
-
-    def test_merge_ppc(self):
-        self._run_merge("ppc")
-
-    def test_merge_armel(self):
-        self._run_merge("armel")
-
-    def test_merge_android(self):
-        self._run_merge("android/arm")
-
-    def test_merge_mips(self):
-        self._run_merge("mips")
-
-    def test_fauxware_i386(self):
-        self._run_fauxware("i386")
-
-    def test_fauxware_x86_64(self):
-        self._run_fauxware("x86_64")
-
-    def test_fauxware_ppc(self):
-        self._run_fauxware("ppc")
-
-    def test_fauxware_armel(self):
-        self._run_fauxware("armel")
-
-    def test_fauxware_android(self):
-        self._run_fauxware("android/arm")
-
-    def test_fauxware_mips(self):
-        self._run_fauxware("mips")
-
-    def test_pickling_i386(self):
-        self._run_pickling("i386")
-
-    def test_pickling_x86_64(self):
-        self._run_pickling("x86_64")
-
-    def test_pickling_ppc(self):
-        self._run_pickling("ppc")
-
-    def test_pickling_armel(self):
-        self._run_pickling("armel")
-
-    def test_pickling_mips(self):
-        self._run_pickling("mips")
-
-    @slow_test
-    def test_fastmen(self):
-        self._run_fastmem("x86_64")
-
-    def test_nodecode_i386(self):
-        self._run_nodecode("i386")
-
-    def test_nodecode_x86_64(self):
-        self._run_nodecode("x86_64")
-
-    def test_nodecode_ppc(self):
-        self._run_nodecode("ppc")
-
-    def test_nodecode_armel(self):
-        self._run_nodecode("armel")
-
-    def test_nodecode_mips(self):
-        self._run_nodecode("mips")
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/sim/test_self_modifying_code.py

@@ -1,65 +0,0 @@
-#!/usr/bin/env python3
-# pylint:disable=no-self-use,missing-class-docstring
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import os
-from unittest import TestCase, main
-
-import claripy
-
-import angr
-from angr import options as o
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-
-class TestSelfModifyingCOde(TestCase):
-    def test_self_modifying_code(self):
-        p = angr.Project(os.path.join(test_location, "cgc", "stuff"), auto_load_libs=False, selfmodifying_code=True)
-        pg = p.factory.simulation_manager(p.factory.entry_state(add_options={o.STRICT_PAGE_ACCESS}))
-
-        # small issue: the program is bugged and uses illegal stack allocation patterns, bypassing the red page
-        # hack around this here
-        for offs in range(0, 0x6000, 0x1000):
-            pg.one_active.memory.load(pg.one_active.regs.sp - offs, size=1)
-
-        pg.run(until=lambda lpg: len(lpg.active) != 1)
-        retval = pg.one_deadended.regs.ebx
-        assert claripy.is_true(retval == 65)
-
-        pgu = p.factory.simulation_manager(p.factory.entry_state(add_options={o.STRICT_PAGE_ACCESS} | o.unicorn))
-        for offs in range(0, 0x6000, 0x1000):
-            pgu.one_active.memory.load(pgu.one_active.regs.sp - offs, size=1)
-        pgu.run(until=lambda lpg: len(lpg.active) != 1)
-        retval = pgu.one_deadended.regs.ebx
-        assert claripy.is_true(retval == 65)
-
-        # the two histories are not the same because angr does not add relifted block addresses (caused by raising
-        # SimReliftExceptions during execution) to the history. whether this is a good design decision or not is a
-        # question for another day. for now, we resort to a weaker check.
-        #
-        # assert pg.one_deadended.history.bbl_addrs.hardcopy == pgu.one_deadended.history.bbl_addrs.hardcopy
-        i, j = 0, 0
-        pg_bbl_addrs = pg.one_deadended.history.bbl_addrs.hardcopy
-        u_bbl_addrs = pgu.one_deadended.history.bbl_addrs.hardcopy
-        while i < len(pg_bbl_addrs) and j < len(u_bbl_addrs):
-            if pg_bbl_addrs[i] == u_bbl_addrs[j]:
-                i += 1
-                j += 1
-            elif pg_bbl_addrs[i] != u_bbl_addrs[j] and pg_bbl_addrs[i - 1] < u_bbl_addrs[j] < pg_bbl_addrs[i]:
-                # this is the missing relifted block address in angr's history. skip it
-                j += 1
-            else:
-                raise Exception("History mismatch")
-        assert i == len(pg_bbl_addrs)
-        assert j == len(u_bbl_addrs)
-
-        # also ensure that block.pp() does not raise any exceptions
-        p.factory.block(0xBAAA7B42, backup_state=pg.one_deadended).pp()
-
-
-if __name__ == "__main__":
-    main()

tests/sim/test_simple_api.py

@@ -1,36 +0,0 @@
-#!/usr/bin/env python3
-# pylint: disable=missing-class-docstring,no-self-use,line-too-long
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-def _bin(*s):
-    return os.path.join(bin_location, "tests", *s)
-
-
-class TestSimpleApi(unittest.TestCase):
-    def test_fauxware(self):
-        project = angr.Project(_bin("i386", "fauxware"), auto_load_libs=False)
-
-        result = [0, 0]
-
-        @project.hook(0x80485DB)
-        def check_backdoor(state):  # pylint:disable=unused-variable
-            result[0] += 1
-            if b"SOSNEAKY" in state.posix.dumps(0):
-                result[1] = True
-                project.terminate_execution()
-
-        pg = project.execute()
-        assert len(pg.deadended) != 3  # should terminate early
-        assert result[1]
-
-
-if __name__ == "__main__":
-    unittest.main()

tests/sim/test_simulation_manager.py

@@ -1,147 +0,0 @@
-#!/usr/bin/env python3
-__package__ = __package__ or "tests.sim"  # pylint:disable=redefined-builtin
-
-import os
-import unittest
-
-import angr
-
-from ..common import bin_location
-
-
-test_location = os.path.join(bin_location, "tests")
-
-addresses_fauxware = {
-    "armel": 0x8524,
-    "armhf": 0x104C9,  # addr+1 to force thumb
-    #'i386': 0x8048524, # commenting out because of the freaking stack check
-    "mips": 0x400710,
-    "mipsel": 0x4006D0,
-    "ppc": 0x1000054C,
-    "ppc64": 0x10000698,
-    "x86_64": 0x400664,
-}
-
-
-class TestSimulationManager(unittest.TestCase):
-    def _run_fauxware(self, arch, threads):
-        p = angr.Project(os.path.join(test_location, arch, "fauxware"), load_options={"auto_load_libs": False})
-
-        pg = p.factory.simulation_manager(threads=threads)
-        assert len(pg.active) == 1
-        assert pg.active[0].history.depth == 0
-
-        # step until the backdoor split occurs
-        pg2 = pg.step(until=lambda lpg: len(lpg.active) > 1, step_func=lambda lpg: lpg.prune())
-        assert len(pg2.active) == 2
-        assert any(b"SOSNEAKY" in s for s in pg2.mp_active.posix.dumps(0).mp_items)
-        assert not all(b"SOSNEAKY" in s for s in pg2.mp_active.posix.dumps(0).mp_items)
-
-        # separate out the backdoor and normal paths
-        pg3 = pg2.stash(lambda path: b"SOSNEAKY" in path.posix.dumps(0), to_stash="backdoor").move("active", "auth")
-        assert len(pg3.active) == 0
-        assert len(pg3.backdoor) == 1
-        assert len(pg3.auth) == 1
-
-        # step the backdoor path until it returns to main
-        pg4 = pg3.step(until=lambda lpg: lpg.backdoor[0].history.jumpkinds[-1] == "Ijk_Ret", stash="backdoor")
-        main_addr = pg4.backdoor[0].addr
-
-        assert len(pg4.active) == 0
-        assert len(pg4.backdoor) == 1
-        assert len(pg4.auth) == 1
-
-        # now step the real path until the real authentication paths return to the same place
-        pg5 = pg4.explore(find=main_addr, num_find=2, stash="auth").move("found", "auth")
-
-        assert len(pg5.active) == 0
-        assert len(pg5.backdoor) == 1
-        assert len(pg5.auth) == 2
-
-        # now unstash everything
-        pg6 = pg5.unstash(from_stash="backdoor").unstash(from_stash="auth")
-        assert len(pg6.active) == 3
-        assert len(pg6.backdoor) == 0
-        assert len(pg6.auth) == 0
-
-        assert len(set(pg6.mp_active.addr.mp_items)) == 1
-
-        # now merge them!
-        pg7 = pg6.merge()
-        assert len(pg7.active) == 2
-        assert len(pg7.backdoor) == 0
-        assert len(pg7.auth) == 0
-
-        # test selecting paths to step
-        pg8 = p.factory.simulation_manager()
-        pg8.step(until=lambda lpg: len(lpg.active) > 1, step_func=lambda lpg: lpg.prune().drop(stash="pruned"))
-        st1, st2 = pg8.active
-        pg8.step(selector_func=lambda p: p is st1, step_func=lambda lpg: lpg.prune().drop(stash="pruned"))
-        assert st2 is pg8.active[1]
-        assert st1 is not pg8.active[0]
-
-        total_active = len(pg8.active)
-
-        # test special stashes
-        assert len(pg8.stashes["stashed"]) == 0
-        pg8.stash(filter_func=lambda p: p is pg8.active[1], to_stash="asdf")
-        assert len(pg8.stashes["stashed"]) == 0
-        assert len(pg8.asdf) == 1
-        assert len(pg8.active) == total_active - 1
-        pg8.stash(from_stash=pg8.ALL, to_stash="fdsa")
-        assert len(pg8.asdf) == 0
-        assert len(pg8.active) == 0
-        assert len(pg8.fdsa) == total_active
-        pg8.stash(from_stash=pg8.ALL, to_stash=pg8.DROP)
-        assert all(len(s) == 0 for s in pg8.stashes.values())
-
-    def test_fauxware_armel(self):
-        self._run_fauxware("armel", None)
-
-    def test_fauxware_armhf(self):
-        self._run_fauxware("armhf", None)
-
-    def test_fauxware_mips(self):
-        self._run_fauxware("mips", None)
-
-    def test_fauxware_mipsel(self):
-        self._run_fauxware("mipsel", None)
-
-    def test_fauxware_ppc(self):
-        self._run_fauxware("ppc", None)
-
-    def test_fauxware_ppc64(self):
-        self._run_fauxware("ppc64", None)
-
-    def test_fauxware_x86_64(self):
-        self._run_fauxware("x86_64", None)
-
-    def test_find_to_middle(self):
-        # Test the ability of PathGroup to execute until an instruction in the middle of a basic block
-        p = angr.Project(os.path.join(test_location, "x86_64", "fauxware"), load_options={"auto_load_libs": False})
-
-        pg = p.factory.simulation_manager()
-        pg.explore(find=(0x4006EE,))
-
-        assert len(pg.found) == 1
-        assert pg.found[0].addr == 0x4006EE
-
-    def test_explore_with_cfg(self):
-        p = angr.Project(os.path.join(test_location, "x86_64", "fauxware"), load_options={"auto_load_libs": False})
-
-        cfg = p.analyses.CFGEmulated()
-
-        pg = p.factory.simulation_manager()
-        pg.use_technique(angr.exploration_techniques.Explorer(find=0x4006ED, cfg=cfg, num_find=3))
-        pg.run()
-
-        assert len(pg.active) == 0
-        assert len(pg.avoid) == 1
-        assert len(pg.found) == 2
-        assert pg.found[0].addr == 0x4006ED
-        assert pg.found[1].addr == 0x4006ED
-        assert pg.avoid[0].addr == 0x4007C9
-
-
-if __name__ == "__main__":
-    unittest.main()