angr 9.2.96__py3-none-manylinux2014_x86_64.whl → 9.2.97__py3-none-manylinux2014_x86_64.whl

angr/__init__.py

@@ -1,7 +1,7 @@
 # pylint: disable=wildcard-import
 # pylint: disable=wrong-import-position
 
-__version__ = "9.2.96"
+__version__ = "9.2.97"
 
 if bytes is str:
     raise Exception(

angr/analyses/complete_calling_conventions.py

@@ -1,3 +1,4 @@
+# pylint:disable=import-outside-toplevel
 from typing import Tuple, Optional, Callable, Iterable, Dict, Set, TYPE_CHECKING
 import queue
 import threading
@@ -10,6 +11,7 @@ import networkx
 import claripy
 
 from angr.utils.graph import GraphUtils
+from angr.simos import SimWindows
 from ..utils.mp import mp_context, Initializer
 from ..knowledge_plugins.cfg import CFGModel
 from . import Analysis, register_analysis, VariableRecoveryFast, CallingConventionAnalysis
@@ -88,11 +90,13 @@ class CompleteCallingConventionsAnalysis(Analysis):
         self._results = []
         if workers > 0:
             self._remaining_funcs = _mp_context.Value("i", 0)
-            self._func_queue = _mp_context.Queue()
             self._results = _mp_context.Queue()
+            self._results_lock = _mp_context.Lock()
+            self._func_queue = _mp_context.Queue()
             self._func_queue_lock = _mp_context.Lock()
         else:
             self._remaining_funcs = None  # not needed
+            self._results_lock = None  # not needed
             self._func_queue = None  # not needed
             self._func_queue_lock = threading.Lock()
 
@@ -205,9 +209,7 @@ class CompleteCallingConventionsAnalysis(Analysis):
                         dependents[callee].add(func_addr)
 
             # enqueue all leaf functions
-            for func_addr in list(
-                k for k in depends_on if not depends_on[k]
-            ):  # pylint:disable=consider-using-dict-items
+            for func_addr in [k for k in depends_on if not depends_on[k]]:  # pylint:disable=consider-using-dict-items
                 self._func_queue.put((func_addr, None))
                 del depends_on[func_addr]
 
@@ -215,11 +217,17 @@ class CompleteCallingConventionsAnalysis(Analysis):
             cc_callback = self._cc_callback
             self._cc_callback = None
 
+            if self.project.simos is not None and isinstance(self.project.simos, SimWindows):
+                # delayed import
+                from angr.procedures.definitions import load_win32api_definitions
+
+                Initializer.get().register(load_win32api_definitions)
+
             # spawn workers to perform the analysis
             with self._func_queue_lock:
                 procs = [
-                    _mp_context.Process(target=self._worker_routine, args=(Initializer.get(),), daemon=True)
-                    for _ in range(self._workers)
+                    _mp_context.Process(target=self._worker_routine, args=(worker_id, Initializer.get()), daemon=True)
+                    for worker_id in range(self._workers)
                 ]
                 for proc_idx, proc in enumerate(procs):
                     self._update_progress(0, text=f"Spawning worker {proc_idx}...")
@@ -231,7 +239,13 @@ class CompleteCallingConventionsAnalysis(Analysis):
             self._update_progress(0)
             idx = 0
             while idx < total_funcs:
-                func_addr, cc, proto, proto_libname, varman = self._results.get(True)
+                try:
+                    with self._results_lock:
+                        func_addr, cc, proto, proto_libname, varman = self._results.get(True, timeout=0.01)
+                except queue.Empty:
+                    time.sleep(0.1)
+                    continue
+
                 func = self.kb.functions.get_by_addr(func_addr)
                 if cc is not None or proto is not None:
                     func.calling_convention = cc
@@ -260,13 +274,14 @@ class CompleteCallingConventionsAnalysis(Analysis):
                         depends_on[dependent].discard(func_addr)
                         if not depends_on[dependent]:
                             callee_prototypes = self._get_callees_cc_prototypes(dependent)
-                            self._func_queue.put((dependent, callee_prototypes))
+                            with self._func_queue_lock:
+                                self._func_queue.put((dependent, callee_prototypes))
                             del depends_on[dependent]
 
             for proc in procs:
                 proc.join()
 
-    def _worker_routine(self, initializer: Initializer):
+    def _worker_routine(self, worker_id: int, initializer: Initializer):
         initializer.initialize()
         idx = 0
         while self._remaining_funcs.value > 0:
@@ -293,9 +308,10 @@ class CompleteCallingConventionsAnalysis(Analysis):
             try:
                 cc, proto, proto_libname, varman = self._analyze_core(func_addr)
             except Exception:  # pylint:disable=broad-except
-                _l.error("Exception occurred during _analyze_core().", exc_info=True)
+                _l.error("Worker %d: Exception occurred during _analyze_core().", worker_id, exc_info=True)
                 cc, proto, proto_libname, varman = None, None, None, None
-            self._results.put((func_addr, cc, proto, proto_libname, varman))
+            with self._results_lock:
+                self._results.put((func_addr, cc, proto, proto_libname, varman))
 
     def _analyze_core(
         self, func_addr: int

angr/analyses/decompiler/ail_simplifier.py

@@ -1,3 +1,4 @@
+# pylint:disable=too-many-boolean-expressions
 from typing import Set, Dict, List, Tuple, Any, Optional, TYPE_CHECKING
 from collections import defaultdict
 import logging
@@ -183,6 +184,7 @@ class AILSimplifier(Analysis):
             observe_all=False,
             use_callee_saved_regs_at_return=self._use_callee_saved_regs_at_return,
             track_tmps=True,
+            element_limit=1,
         ).model
         self._reaching_definitions = rd
         return rd
@@ -504,7 +506,9 @@ class AILSimplifier(Analysis):
 
         first_op = walker.operations[0]
         if isinstance(first_op, Convert):
-            return first_op.to_bits // self.project.arch.byte_width, ("convert", (first_op,))
+            if first_op.to_bits >= self.project.arch.byte_width:
+                # we need at least one byte!
+                return first_op.to_bits // self.project.arch.byte_width, ("convert", (first_op,))
         if isinstance(first_op, BinaryOp):
             second_op = None
             if len(walker.operations) >= 2:
@@ -526,6 +530,7 @@ class AILSimplifier(Analysis):
                 and first_op.op not in {"Shr", "Sar"}
                 and isinstance(second_op, Convert)
                 and second_op.from_bits == expr.bits
+                and second_op.to_bits >= self.project.arch.byte_width  # we need at least one byte!
             ):
                 return min(expr.bits, second_op.to_bits) // self.project.arch.byte_width, (
                     "binop-convert",
@@ -721,13 +726,13 @@ class AILSimplifier(Analysis):
                             ):
                                 continue
 
-                            # Make sure the register is never updated across this function
-                            if any(
-                                (def_ != the_def and def_.atom == the_def.atom)
-                                for def_ in rd.all_definitions
-                                if isinstance(def_.atom, atoms.Register) and rd.all_uses.get_uses(def_)
-                            ):
-                                continue
+                        # Make sure the register is never updated across this function
+                        if any(
+                            (def_ != the_def and def_.atom == the_def.atom)
+                            for def_ in rd.all_definitions
+                            if isinstance(def_.atom, atoms.Register) and rd.all_uses.get_uses(def_)
+                        ):
+                            continue
 
                         # find all its uses
                         all_arg_copy_var_uses: Set[Tuple[CodeLocation, Any]] = set(
@@ -1214,6 +1219,13 @@ class AILSimplifier(Analysis):
                         continue
 
             uses = rd.all_uses.get_uses(def_)
+            if (
+                isinstance(def_.atom, atoms.Register)
+                and def_.atom.reg_offset in self.project.arch.artificial_registers_offsets
+            ):
+                if len(uses) == 1 and next(iter(uses)) == def_.codeloc:
+                    # cc_ndep = amd64g_calculate_condition(..., cc_ndep)
+                    uses = set()
 
             if not uses:
                 if not isinstance(def_.codeloc, ExternalCodeLocation):

angr/analyses/decompiler/condition_processor.py

@@ -766,6 +766,8 @@ class ConditionProcessor:
                 var = claripy.BoolV(condition.value)
             else:
                 var = claripy.BVV(condition.value, condition.bits)
+            if isinstance(var, claripy.Bits) and var.size() == 1:
+                var = claripy.true if var.concrete_value == 1 else claripy.false
             return var
         elif isinstance(condition, ailment.Expr.Tmp):
             l.warning("Left-over ailment.Tmp variable %s.", condition)

angr/analyses/find_objects_static.py

@@ -45,6 +45,7 @@ class NewFunctionHandler(FunctionHandler):
     """
 
     def __init__(self, max_addr=None, new_func_addr=None, project=None):
+        super().__init__()
         self.max_addr = max_addr
 
         # this is a map between an object addr outside the mapped binary and PossibleObject instance
@@ -104,16 +105,20 @@ class NewFunctionHandler(FunctionHandler):
             data.depends(memory_location, value=MultiValues(offset_to_values=offset_to_values))
             self.max_addr += size
 
-        elif "ctor" in self.project.kb.functions[function_address].demangled_name:
-            # check if rdi has a possible this pointer/ object address, if so then we can assign this object this class
-            # also if the func is a constructor(not stripped binaries)
-            for addr, possible_object in self.possible_objects_dict.items():
-                v1 = state.registers.load(72, state.arch.bits // state.arch.byte_width).one_value()
-                obj_addr = v1.concrete_value if v1 is not None and v1.concrete else None
-                if obj_addr is not None and addr == obj_addr:
-                    col_ind = self.project.kb.functions[function_address].demangled_name.rfind("::")
-                    class_name = self.project.kb.functions[function_address].demangled_name[:col_ind]
-                    possible_object.class_name = class_name
+        else:
+            if self.project.kb.functions.contains_addr(function_address):
+                func = self.project.kb.functions.get_by_addr(function_address)
+                if func is not None and "ctor" in func.demangled_name:
+                    # check if rdi has a possible this pointer/ object address, if so then we can assign this object
+                    # this class
+                    # also if the func is a constructor(not stripped binaries)
+                    for addr, possible_object in self.possible_objects_dict.items():
+                        v1 = state.registers.load(72, state.arch.bits // state.arch.byte_width).one_value()
+                        obj_addr = v1.concrete_value if v1 is not None and v1.concrete else None
+                        if obj_addr is not None and addr == obj_addr:
+                            col_ind = self.project.kb.functions[function_address].demangled_name.rfind("::")
+                            class_name = self.project.kb.functions[function_address].demangled_name[:col_ind]
+                            possible_object.class_name = class_name
 
 
 class StaticObjectFinder(Analysis):

angr/analyses/forward_analysis/forward_analysis.py

@@ -209,6 +209,20 @@ class ForwardAnalysis(Generic[AnalysisState, NodeType, JobType, JobKey]):
 
         raise NotImplementedError("_merge_states() is not implemented.")
 
+    def _compare_states(self, node: NodeType, old_state: AnalysisState, new_state: AnalysisState) -> bool:
+        """
+        Determine if the analysis has reached fixed point at `node`.
+
+        You can override this method to implement a faster _compare_states() method.
+
+        :param node:        The node that has been analyzed.
+        :param old_state:   The original output state out of node.
+        :param new_state:   The new output state out of node.
+        :return:            True if the analysis has reached fixed at node. False otherwise.
+        """
+        _, has_no_changes = self._merge_states(node, old_state, new_state)
+        return has_no_changes
+
     def _widen_states(self, *states: AnalysisState) -> AnalysisState:
         raise NotImplementedError("_widen_states() is not implemented.")
 
@@ -288,7 +302,7 @@ class ForwardAnalysis(Generic[AnalysisState, NodeType, JobType, JobKey]):
                     reached_fixedpoint = False
                 else:
                     # is the output state the same as the old one?
-                    _, reached_fixedpoint = self._merge_states(n, self._output_state[self._node_key(n)], output_state)
+                    reached_fixedpoint = self._compare_states(n, self._output_state[self._node_key(n)], output_state)
                 self._output_state[self._node_key(n)] = output_state
 
                 if not reached_fixedpoint:

angr/analyses/propagator/engine_ail.py

@@ -1221,6 +1221,8 @@ class SimEnginePropagatorAIL(
                 bits=expr.bits,
                 floating_point=expr.floating_point,
                 rounding_mode=expr.rounding_mode,
+                from_bits=expr.from_bits,
+                to_bits=expr.to_bits,
                 **expr.tags,
             )
         return PropValue.from_value_and_details(value, expr.size, new_expr, self._codeloc())

angr/analyses/propagator/propagator.py

@@ -53,7 +53,7 @@ class PropagatorAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-
         block=None,
         func_graph=None,
         base_state=None,
-        max_iterations=3,
+        max_iterations=30,
         load_callback=None,
         stack_pointer_tracker=None,
         only_consts=False,
@@ -79,7 +79,10 @@ class PropagatorAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-
         else:
             raise ValueError("Unsupported analysis target.")
 
-        start = time.perf_counter_ns() / 1000000
+        if profiling:
+            start = time.perf_counter_ns() / 1000000
+        else:
+            start = 0
 
         self._base_state = base_state
         self._function = func
@@ -320,7 +323,7 @@ class PropagatorAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-
         # TODO: Clear registers according to calling conventions
 
         if self.model.node_iterations[block_key] < self._max_iterations:
-            return True, state
+            return None, state
         else:
             return False, state
 

angr/analyses/reaching_definitions/rd_state.py

@@ -72,6 +72,7 @@ class ReachingDefinitionsState:
         "_track_consts",
         "_sp_adjusted",
         "exit_observed",
+        "_element_limit",
     )
 
     def __init__(
@@ -90,6 +91,7 @@ class ReachingDefinitionsState:
         sp_adjusted: bool = False,
         all_definitions: Optional[Set[Definition]] = None,
         initializer: Optional["RDAStateInitializer"] = None,
+        element_limit: int = 5,
     ):
         # handy short-hands
         self.codeloc = codeloc
@@ -100,6 +102,7 @@ class ReachingDefinitionsState:
         self.analysis = analysis
         self._canonical_size: int = canonical_size
         self._sp_adjusted: bool = sp_adjusted
+        self._element_limit: int = element_limit
 
         self.all_definitions: Set[Definition] = set() if all_definitions is None else all_definitions
 
@@ -122,7 +125,10 @@ class ReachingDefinitionsState:
         if live_definitions is None:
             # the first time this state is created. initialize it
             self.live_definitions = LiveDefinitions(
-                self.arch, track_tmps=self._track_tmps, canonical_size=canonical_size
+                self.arch,
+                track_tmps=self._track_tmps,
+                canonical_size=canonical_size,
+                element_limit=element_limit,
             )
             if self.analysis is not None:
                 self.live_definitions.project = self.analysis.project
@@ -310,6 +316,7 @@ class ReachingDefinitionsState:
             environment=self._environment,
             sp_adjusted=self._sp_adjusted,
             all_definitions=self.all_definitions.copy(),
+            element_limit=self._element_limit,
         )
 
         return rd
@@ -323,6 +330,12 @@ class ReachingDefinitionsState:
 
         return state, merged_0 or merged_1
 
+    def compare(self, other: "ReachingDefinitionsState") -> bool:
+        r0 = self.live_definitions.compare(other.live_definitions)
+        r1 = self.environment.compare(other.environment)
+
+        return r0 and r1
+
     def move_codelocs(self, new_codeloc: CodeLocation) -> None:
         if self.codeloc != new_codeloc:
             self.codeloc = new_codeloc

angr/analyses/reaching_definitions/reaching_definitions.py

@@ -55,7 +55,7 @@ class ReachingDefinitionsAnalysis(
         self,
         subject: Union[Subject, ailment.Block, Block, Function, str] = None,
         func_graph=None,
-        max_iterations=3,
+        max_iterations=30,
         track_tmps=False,
         track_consts=True,
         observation_points: "Iterable[ObservationPoint]" = None,
@@ -74,6 +74,7 @@ class ReachingDefinitionsAnalysis(
         interfunction_level: int = 0,
         track_liveness: bool = True,
         func_addr: Optional[int] = None,
+        element_limit: int = 5,
     ):
         """
         :param subject:                         The subject of the analysis: a function, or a single basic block
@@ -131,6 +132,7 @@ class ReachingDefinitionsAnalysis(
         self._canonical_size = canonical_size
         self._use_callee_saved_regs_at_return = use_callee_saved_regs_at_return
         self._func_addr = func_addr
+        self._element_limit = element_limit
 
         if dep_graph is None or dep_graph is False:
             self._dep_graph = None
@@ -469,13 +471,28 @@ class ReachingDefinitionsAnalysis(
                 analysis=self,
                 canonical_size=self._canonical_size,
                 initializer=self._state_initializer,
+                element_limit=self._element_limit,
             )
 
     # pylint: disable=no-self-use,arguments-differ
     def _merge_states(self, _node, *states: ReachingDefinitionsState):
+        assert len(states) >= 2
         merged_state, merge_occurred = states[0].merge(*states[1:])
         return merged_state, not merge_occurred
 
+    def _compare_states(self, node, old_state: ReachingDefinitionsState, new_state: ReachingDefinitionsState) -> bool:
+        """
+        Return True if new_state >= old_state in the lattice.
+
+        :param node:
+        :param old_state:
+        :param new_state:
+        :return:
+        """
+
+        reached_fixedpoint = new_state.compare(old_state)
+        return reached_fixedpoint
+
     def _run_on_node(self, node, state: ReachingDefinitionsState):
         """
 
@@ -550,7 +567,7 @@ class ReachingDefinitionsAnalysis(
         state.downsize()
 
         if self._node_iterations[block_key] < self._max_iterations:
-            return True, state
+            return None, state
         else:
             return False, state
 

angr/analyses/variable_recovery/engine_ail.py

@@ -469,20 +469,20 @@ class SimEngineVRAIL(
 
         r0 = self._expr(arg0)
         r1 = self._expr(arg1)
-        from_size = r1.bits
-        to_size = r0.bits
+        from_size = expr.from_bits
+        to_size = expr.to_bits
 
         if expr.signed:
-            quotient = r0.data.SDiv(claripy.SignExt(to_size - from_size, r1.data))
-            remainder = r0.data.SMod(claripy.SignExt(to_size - from_size, r1.data))
+            quotient = r0.data.SDiv(claripy.SignExt(from_size - to_size, r1.data))
+            remainder = r0.data.SMod(claripy.SignExt(from_size - to_size, r1.data))
             quotient_size = to_size
             remainder_size = to_size
             r = claripy.Concat(
                 claripy.Extract(remainder_size - 1, 0, remainder), claripy.Extract(quotient_size - 1, 0, quotient)
             )
         else:
-            quotient = r0.data // claripy.ZeroExt(to_size - from_size, r1.data)
-            remainder = r0.data % claripy.ZeroExt(to_size - from_size, r1.data)
+            quotient = r0.data // claripy.ZeroExt(from_size - to_size, r1.data)
+            remainder = r0.data % claripy.ZeroExt(from_size - to_size, r1.data)
             quotient_size = to_size
             remainder_size = to_size
             r = claripy.Concat(

angr/analyses/variable_recovery/variable_recovery_base.py

@@ -175,6 +175,7 @@ class VariableRecoveryStateBase:
             self.stack_region: MultiValuedMemory = MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 phi_maker=self._make_phi_variable,
                 skip_missing_values_during_merging=True,
                 page_kwargs={"mo_cmp": self._mo_cmp},
@@ -188,6 +189,7 @@ class VariableRecoveryStateBase:
             self.register_region: MultiValuedMemory = MultiValuedMemory(
                 memory_id="reg",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 phi_maker=self._make_phi_variable,
                 skip_missing_values_during_merging=True,
                 page_kwargs={"mo_cmp": self._mo_cmp},
@@ -201,6 +203,7 @@ class VariableRecoveryStateBase:
             self.global_region: MultiValuedMemory = MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 phi_maker=self._make_phi_variable,
                 skip_missing_values_during_merging=True,
                 page_kwargs={"mo_cmp": self._mo_cmp},
@@ -215,7 +218,7 @@ class VariableRecoveryStateBase:
         self.type_constraints = defaultdict(set) if type_constraints is None else type_constraints
         self.func_typevar = func_typevar
         self.delayed_type_constraints = (
-            DefaultChainMapCOW(set, collapse_threshold=25)
+            DefaultChainMapCOW(default_factory=set, collapse_threshold=25)
             if delayed_type_constraints is None
             else delayed_type_constraints
         )

angr/engines/light/engine.py

@@ -1078,7 +1078,14 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
             expr_1 = arg1
 
         return ailment.Expr.BinaryOp(
-            expr.idx, "DivMod", [expr_0, expr_1], expr.signed, bits=expr_0.bits * 2, **expr.tags
+            expr.idx,
+            "DivMod",
+            [expr_0, expr_1],
+            expr.signed,
+            bits=expr.bits,
+            from_bits=expr.from_bits,
+            to_bits=expr.to_bits,
+            **expr.tags,
         )
 
     def _ail_handle_Mod(self, expr):

angr/knowledge_plugins/key_definitions/environment.py

@@ -14,6 +14,8 @@ class Environment:
     **Note**: The <Environment> object does not store the values associated with variables themselves.
     """
 
+    __slots__ = ("_environment",)
+
     def __init__(self, environment: Dict[Union[str, Undefined], Set[claripy.ast.Base]] = None):
         self._environment: Dict[Union[str, Undefined], Set[claripy.ast.Base]] = environment or {}
 
@@ -81,3 +83,12 @@ class Environment:
 
         merge_occurred = new_env != self._environment
         return Environment(environment=new_env), merge_occurred
+
+    def compare(self, other: "Environment") -> bool:
+        for k in set(self._environment.keys()).union(set(other._environment.keys())):
+            if k not in self._environment:
+                return False
+            if k in self._environment and k in other._environment:
+                if not self._environment[k].issuperset(other._environment[k]):
+                    return False
+        return True

angr/knowledge_plugins/key_definitions/live_definitions.py

@@ -49,11 +49,12 @@ class DefinitionAnnotation(Annotation):
     An annotation that attaches a `Definition` to an AST.
     """
 
-    __slots__ = ("definition",)
+    __slots__ = ("definition", "_hash")
 
     def __init__(self, definition):
         super().__init__()
         self.definition = definition
+        self._hash = hash((DefinitionAnnotation, self.definition))
 
     @property
     def relocatable(self):
@@ -64,15 +65,11 @@ class DefinitionAnnotation(Annotation):
         return False
 
     def __hash__(self):
-        return hash((self.definition, self.relocatable, self.eliminatable))
+        return self._hash
 
     def __eq__(self, other: "object"):
-        if isinstance(other, DefinitionAnnotation):
-            return (
-                self.definition == other.definition
-                and self.relocatable == other.relocatable
-                and self.eliminatable == other.eliminatable
-            )
+        if type(other) is DefinitionAnnotation:
+            return self.definition == other.definition
         else:
             return False
 
@@ -129,6 +126,7 @@ class LiveDefinitions:
         memory_uses=None,
         tmp_uses=None,
         other_uses=None,
+        element_limit=5,
     ):
         self.project: Optional["Project"] = None
         self.arch = arch
@@ -139,9 +137,11 @@ class LiveDefinitions:
             MultiValuedMemory(
                 memory_id="reg",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 skip_missing_values_during_merging=False,
                 page_kwargs={"mo_cmp": self._mo_cmp},
                 endness=self.arch.register_endness,
+                element_limit=element_limit,
             )
             if registers is None
             else registers
@@ -150,8 +150,10 @@ class LiveDefinitions:
             MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 skip_missing_values_during_merging=False,
                 page_kwargs={"mo_cmp": self._mo_cmp},
+                element_limit=element_limit,
             )
             if stack is None
             else stack
@@ -160,8 +162,10 @@ class LiveDefinitions:
             MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 skip_missing_values_during_merging=False,
                 page_kwargs={"mo_cmp": self._mo_cmp},
+                element_limit=element_limit,
             )
             if memory is None
             else memory
@@ -170,8 +174,10 @@ class LiveDefinitions:
             MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 skip_missing_values_during_merging=False,
                 page_kwargs={"mo_cmp": self._mo_cmp},
+                element_limit=element_limit,
             )
             if heap is None
             else heap
@@ -464,6 +470,33 @@ class LiveDefinitions:
 
         return state, merge_occurred
 
+    def compare(self, other: "LiveDefinitions") -> bool:
+        r0 = self.registers.compare(other.registers)
+        if r0 is False:
+            return False
+        r1 = self.heap.compare(other.heap)
+        if r1 is False:
+            return False
+        r2 = self.memory.compare(other.memory)
+        if r2 is False:
+            return False
+        r3 = self.stack.compare(other.stack)
+        if r3 is False:
+            return False
+
+        r4 = True
+        for k in other.others:
+            if k in self.others:
+                thing = self.others[k].merge(other.others[k])
+                if thing != self.others[k]:
+                    r4 = False
+                    break
+            else:
+                r4 = False
+                break
+
+        return r0 and r1 and r2 and r3 and r4
+
     def kill_definitions(self, atom: Atom) -> None:
         """
         Overwrite existing definitions w.r.t 'atom' with a dummy definition instance. A dummy definition will not be