PyPI - angr - Versions diffs - 9.2.96__py3-none-win_amd64.whl → 9.2.98__py3-none-win_amd64.whl - Mend

angr 9.2.96__py3-none-win_amd64.whl → 9.2.98__py3-none-win_amd64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (52) hide show

angr/__init__.py +1 -1
angr/analyses/cfg/cfg_base.py +14 -1
angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py +10 -6
angr/analyses/complete_calling_conventions.py +27 -11
angr/analyses/decompiler/ail_simplifier.py +20 -8
angr/analyses/decompiler/condition_processor.py +2 -0
angr/analyses/decompiler/optimization_passes/__init__.py +2 -0
angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +380 -0
angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +4 -1
angr/analyses/decompiler/peephole_optimizations/__init__.py +1 -0
angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +71 -3
angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +162 -0
angr/analyses/decompiler/structured_codegen/__init__.py +1 -1
angr/analyses/decompiler/structured_codegen/c.py +72 -99
angr/analyses/decompiler/utils.py +5 -1
angr/analyses/find_objects_static.py +15 -10
angr/analyses/forward_analysis/forward_analysis.py +15 -1
angr/analyses/propagator/engine_ail.py +2 -0
angr/analyses/propagator/engine_vex.py +15 -0
angr/analyses/propagator/propagator.py +6 -3
angr/analyses/reaching_definitions/engine_vex.py +6 -0
angr/analyses/reaching_definitions/rd_state.py +14 -1
angr/analyses/reaching_definitions/reaching_definitions.py +19 -2
angr/analyses/variable_recovery/engine_ail.py +6 -6
angr/analyses/variable_recovery/engine_vex.py +6 -0
angr/analyses/variable_recovery/irsb_scanner.py +12 -0
angr/analyses/variable_recovery/variable_recovery_base.py +4 -1
angr/engines/light/engine.py +134 -16
angr/knowledge_plugins/functions/function.py +4 -0
angr/knowledge_plugins/key_definitions/environment.py +11 -0
angr/knowledge_plugins/key_definitions/live_definitions.py +41 -8
angr/knowledge_plugins/key_definitions/uses.py +18 -4
angr/knowledge_plugins/propagations/states.py +22 -3
angr/knowledge_plugins/types.py +6 -0
angr/knowledge_plugins/variables/variable_manager.py +31 -5
angr/lib/angr_native.dll +0 -0
angr/simos/simos.py +2 -0
angr/storage/memory_mixins/__init__.py +3 -0
angr/storage/memory_mixins/multi_value_merger_mixin.py +22 -11
angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +20 -2
angr/storage/memory_mixins/paged_memory/pages/list_page.py +20 -5
angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +82 -44
angr/storage/memory_mixins/simple_interface_mixin.py +4 -0
angr/utils/cowdict.py +4 -2
angr/utils/funcid.py +6 -0
angr/utils/mp.py +1 -1
{angr-9.2.96.dist-info → angr-9.2.98.dist-info}/METADATA +6 -6
{angr-9.2.96.dist-info → angr-9.2.98.dist-info}/RECORD +52 -50
{angr-9.2.96.dist-info → angr-9.2.98.dist-info}/LICENSE +0 -0
{angr-9.2.96.dist-info → angr-9.2.98.dist-info}/WHEEL +0 -0
{angr-9.2.96.dist-info → angr-9.2.98.dist-info}/entry_points.txt +0 -0
{angr-9.2.96.dist-info → angr-9.2.98.dist-info}/top_level.txt +0 -0

angr/analyses/propagator/engine_vex.py CHANGED Viewed

@@ -163,6 +163,9 @@ class SimEnginePropagatorVEX(
             self.state.store_register(stmt.offset, size, data)
             self.state.add_replacement(self._codeloc(block_only=False), VEXReg(stmt.offset, size), data)
+    def _handle_PutI(self, stmt):
+        self._expr(stmt.data)
     def _store_data(self, addr, data, size, endness):
         # pylint: disable=unused-argument,no-self-use
         if isinstance(addr, claripy.ast.Base):
@@ -260,6 +263,9 @@ class SimEnginePropagatorVEX(
         size = expr.result_size(self.tyenv) // self.arch.byte_width
         return self.state.load_register(expr.offset, size)
+    def _handle_GetI(self, expr):
+        return self.state.top(expr.result_size(self.tyenv))
     def _handle_Load(self, expr):
         addr = self._expr(expr.addr)
         if addr is None or type(addr) in (Top, Bottom):
@@ -278,6 +284,13 @@ class SimEnginePropagatorVEX(
         # print(expr.op, r)
         return r
+    def _handle_Triop(self, expr: pyvex.IRExpr.Triop):
+        if not self.state.do_binops:
+            return self.state.top(expr.result_size(self.tyenv))
+        r = super()._handle_Triop(expr)
+        return r
     def _handle_Conversion(self, expr):
         expr_ = self._expr(expr.args[0])
         to_size = expr.result_size(self.tyenv)
@@ -311,3 +324,5 @@ class SimEnginePropagatorVEX(
                             self.state.block_initial_reg_values[self.block.addr, dst.concrete_value].append(v)
         super()._handle_Exit(stmt)
+    _handle_CmpF = _handle_CmpEQ

angr/analyses/propagator/propagator.py CHANGED Viewed

@@ -53,7 +53,7 @@ class PropagatorAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-
         block=None,
         func_graph=None,
         base_state=None,
-        max_iterations=3,
+        max_iterations=30,
         load_callback=None,
         stack_pointer_tracker=None,
         only_consts=False,
@@ -79,7 +79,10 @@ class PropagatorAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-
         else:
             raise ValueError("Unsupported analysis target.")
-        start = time.perf_counter_ns() / 1000000
+        if profiling:
+            start = time.perf_counter_ns() / 1000000
+        else:
+            start = 0
         self._base_state = base_state
         self._function = func
@@ -320,7 +323,7 @@ class PropagatorAnalysis(ForwardAnalysis, Analysis):  # pylint:disable=abstract-
         # TODO: Clear registers according to calling conventions
         if self.model.node_iterations[block_key] < self._max_iterations:
-            return True, state
+            return None, state
         else:
             return False, state

angr/analyses/reaching_definitions/engine_vex.py CHANGED Viewed

@@ -176,6 +176,9 @@ class SimEngineRDVEX(
             return
         self.state.kill_and_add_definition(reg, data)
+    def _handle_PutI(self, stmt):
+        pass
     # e.g. STle(t6) = t21, t6 and/or t21 might include multiple values
     def _handle_Store(self, stmt):
         addr = self._expr(stmt.addr)
@@ -404,6 +407,9 @@ class SimEngineRDVEX(
         return values
+    def _handle_GetI(self, expr: pyvex.IRExpr.GetI) -> MultiValues:
+        return MultiValues(self.state.top(expr.result_size(self.tyenv)))
     # e.g. t27 = LDle:I64(t9), t9 might include multiple values
     # caution: Is also called from StoreG
     def _handle_Load(self, expr) -> MultiValues:

angr/analyses/reaching_definitions/rd_state.py CHANGED Viewed

@@ -72,6 +72,7 @@ class ReachingDefinitionsState:
         "_track_consts",
         "_sp_adjusted",
         "exit_observed",
+        "_element_limit",
     )
     def __init__(
@@ -90,6 +91,7 @@ class ReachingDefinitionsState:
         sp_adjusted: bool = False,
         all_definitions: Optional[Set[Definition]] = None,
         initializer: Optional["RDAStateInitializer"] = None,
+        element_limit: int = 5,
     ):
         # handy short-hands
         self.codeloc = codeloc
@@ -100,6 +102,7 @@ class ReachingDefinitionsState:
         self.analysis = analysis
         self._canonical_size: int = canonical_size
         self._sp_adjusted: bool = sp_adjusted
+        self._element_limit: int = element_limit
         self.all_definitions: Set[Definition] = set() if all_definitions is None else all_definitions
@@ -122,7 +125,10 @@ class ReachingDefinitionsState:
         if live_definitions is None:
             # the first time this state is created. initialize it
             self.live_definitions = LiveDefinitions(
-                self.arch, track_tmps=self._track_tmps, canonical_size=canonical_size
+                self.arch,
+                track_tmps=self._track_tmps,
+                canonical_size=canonical_size,
+                element_limit=element_limit,
             )
             if self.analysis is not None:
                 self.live_definitions.project = self.analysis.project
@@ -310,6 +316,7 @@ class ReachingDefinitionsState:
             environment=self._environment,
             sp_adjusted=self._sp_adjusted,
             all_definitions=self.all_definitions.copy(),
+            element_limit=self._element_limit,
         )
         return rd
@@ -323,6 +330,12 @@ class ReachingDefinitionsState:
         return state, merged_0 or merged_1
+    def compare(self, other: "ReachingDefinitionsState") -> bool:
+        r0 = self.live_definitions.compare(other.live_definitions)
+        r1 = self.environment.compare(other.environment)
+        return r0 and r1
     def move_codelocs(self, new_codeloc: CodeLocation) -> None:
         if self.codeloc != new_codeloc:
             self.codeloc = new_codeloc

angr/analyses/reaching_definitions/reaching_definitions.py CHANGED Viewed

@@ -55,7 +55,7 @@ class ReachingDefinitionsAnalysis(
         self,
         subject: Union[Subject, ailment.Block, Block, Function, str] = None,
         func_graph=None,
-        max_iterations=3,
+        max_iterations=30,
         track_tmps=False,
         track_consts=True,
         observation_points: "Iterable[ObservationPoint]" = None,
@@ -74,6 +74,7 @@ class ReachingDefinitionsAnalysis(
         interfunction_level: int = 0,
         track_liveness: bool = True,
         func_addr: Optional[int] = None,
+        element_limit: int = 5,
     ):
         """
         :param subject:                         The subject of the analysis: a function, or a single basic block
@@ -131,6 +132,7 @@ class ReachingDefinitionsAnalysis(
         self._canonical_size = canonical_size
         self._use_callee_saved_regs_at_return = use_callee_saved_regs_at_return
         self._func_addr = func_addr
+        self._element_limit = element_limit
         if dep_graph is None or dep_graph is False:
             self._dep_graph = None
@@ -469,13 +471,28 @@ class ReachingDefinitionsAnalysis(
                 analysis=self,
                 canonical_size=self._canonical_size,
                 initializer=self._state_initializer,
+                element_limit=self._element_limit,
             )
     # pylint: disable=no-self-use,arguments-differ
     def _merge_states(self, _node, *states: ReachingDefinitionsState):
+        assert len(states) >= 2
         merged_state, merge_occurred = states[0].merge(*states[1:])
         return merged_state, not merge_occurred
+    def _compare_states(self, node, old_state: ReachingDefinitionsState, new_state: ReachingDefinitionsState) -> bool:
+        """
+        Return True if new_state >= old_state in the lattice.
+        :param node:
+        :param old_state:
+        :param new_state:
+        :return:
+        """
+        reached_fixedpoint = new_state.compare(old_state)
+        return reached_fixedpoint
     def _run_on_node(self, node, state: ReachingDefinitionsState):
         """
@@ -550,7 +567,7 @@ class ReachingDefinitionsAnalysis(
         state.downsize()
         if self._node_iterations[block_key] < self._max_iterations:
-            return True, state
+            return None, state
         else:
             return False, state

angr/analyses/variable_recovery/engine_ail.py CHANGED Viewed

@@ -469,20 +469,20 @@ class SimEngineVRAIL(
         r0 = self._expr(arg0)
         r1 = self._expr(arg1)
-        from_size = r1.bits
-        to_size = r0.bits
+        from_size = expr.from_bits
+        to_size = expr.to_bits
         if expr.signed:
-            quotient = r0.data.SDiv(claripy.SignExt(to_size - from_size, r1.data))
-            remainder = r0.data.SMod(claripy.SignExt(to_size - from_size, r1.data))
+            quotient = r0.data.SDiv(claripy.SignExt(from_size - to_size, r1.data))
+            remainder = r0.data.SMod(claripy.SignExt(from_size - to_size, r1.data))
             quotient_size = to_size
             remainder_size = to_size
             r = claripy.Concat(
                 claripy.Extract(remainder_size - 1, 0, remainder), claripy.Extract(quotient_size - 1, 0, quotient)
             )
         else:
-            quotient = r0.data // claripy.ZeroExt(to_size - from_size, r1.data)
-            remainder = r0.data % claripy.ZeroExt(to_size - from_size, r1.data)
+            quotient = r0.data // claripy.ZeroExt(from_size - to_size, r1.data)
+            remainder = r0.data % claripy.ZeroExt(from_size - to_size, r1.data)
             quotient_size = to_size
             remainder_size = to_size
             r = claripy.Concat(

angr/analyses/variable_recovery/engine_vex.py CHANGED Viewed

@@ -61,6 +61,9 @@ class SimEngineVRVEX(
             return
         self._assign_to_register(offset, r, size)
+    def _handle_PutI(self, stmt):
+        pass
     def _handle_Store(self, stmt):
         addr_r = self._expr(stmt.addr)
         size = stmt.data.result_size(self.tyenv) // 8
@@ -159,6 +162,9 @@ class SimEngineVRVEX(
             create_variable=self.stmt_idx not in self.reg_read_stmts_to_ignore,
         )
+    def _handle_GetI(self, expr: pyvex.IRExpr.GetI):
+        return RichR(self.state.top(expr.result_size(self.tyenv)))
     def _handle_Load(self, expr: pyvex.IRExpr.Load) -> RichR:
         addr = self._expr(expr.addr)
         size = expr.result_size(self.tyenv) // 8

angr/analyses/variable_recovery/irsb_scanner.py CHANGED Viewed

@@ -33,6 +33,12 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
         self.reg_read_stmt_id: Dict[int, int] = {}
         self.reg_read_stmts_to_ignore: Set[int] = set()
+    def _top(self, size: int):
+        return None
+    def _is_top(self, expr) -> bool:
+        return True
     def _process_Stmt(self, whitelist=None):
         self.tmps_with_64bit_regs = set()
         self.tmps_assignment_stmtidx = {}
@@ -55,6 +61,9 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
                 self.reg_read_stmts_to_ignore.add(self.reg_read_stmt_id[old_reg_offset])
             self.reg_with_reg_as_value[stmt.offset] = self.tmp_with_reg_as_value[stmt.data.tmp]
+    def _handle_PutI(self, stmt):
+        pass
     def _handle_Load(self, expr):
         pass
@@ -85,6 +94,9 @@ class VEXIRSBScanner(SimEngineLightVEXMixin):
         if expr.offset in self.reg_with_reg_as_value:
             del self.reg_with_reg_as_value[expr.offset]
+    def _handle_GetI(self, expr):
+        pass
     def _handle_RdTmp(self, expr):
         if expr.tmp in self.tmps_converted_to_32bit:
             self.tmps_converted_to_32bit.remove(expr.tmp)

angr/analyses/variable_recovery/variable_recovery_base.py CHANGED Viewed

@@ -175,6 +175,7 @@ class VariableRecoveryStateBase:
             self.stack_region: MultiValuedMemory = MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 phi_maker=self._make_phi_variable,
                 skip_missing_values_during_merging=True,
                 page_kwargs={"mo_cmp": self._mo_cmp},
@@ -188,6 +189,7 @@ class VariableRecoveryStateBase:
             self.register_region: MultiValuedMemory = MultiValuedMemory(
                 memory_id="reg",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 phi_maker=self._make_phi_variable,
                 skip_missing_values_during_merging=True,
                 page_kwargs={"mo_cmp": self._mo_cmp},
@@ -201,6 +203,7 @@ class VariableRecoveryStateBase:
             self.global_region: MultiValuedMemory = MultiValuedMemory(
                 memory_id="mem",
                 top_func=self.top,
+                is_top_func=self.is_top,
                 phi_maker=self._make_phi_variable,
                 skip_missing_values_during_merging=True,
                 page_kwargs={"mo_cmp": self._mo_cmp},
@@ -215,7 +218,7 @@ class VariableRecoveryStateBase:
         self.type_constraints = defaultdict(set) if type_constraints is None else type_constraints
         self.func_typevar = func_typevar
         self.delayed_type_constraints = (
-            DefaultChainMapCOW(set, collapse_threshold=25)
+            DefaultChainMapCOW(default_factory=set, collapse_threshold=25)
             if delayed_type_constraints is None
             else delayed_type_constraints
         )

angr/engines/light/engine.py CHANGED Viewed

@@ -239,10 +239,55 @@ class SimEngineLightVEXMixin(SimEngineLightMixin):
         return None
     def _handle_Triop(self, expr: pyvex.IRExpr.Triop):  # pylint: disable=useless-return
-        if self.l is not None:
+        handler = None
+        if expr.op.startswith("Iop_AddF"):
+            handler = "_handle_AddF"
+        elif expr.op.startswith("Iop_SubF"):
+            handler = "_handle_AddF"
+        elif expr.op.startswith("Iop_MulF"):
+            handler = "_handle_MulF"
+        elif expr.op.startswith("Iop_DivF"):
+            handler = "_handle_DivF"
+        elif expr.op.startswith("Iop_SinF"):
+            handler = "_handle_SinF"
+        elif expr.op.startswith("Iop_ScaleF"):
+            handler = "_handle_ScaleF"
+        if handler is not None and hasattr(self, handler):
+            return getattr(self, handler)(expr)
+        if once(expr.op) and self.l is not None:
             self.l.error("Unsupported Triop %s.", expr.op)
         return None
+    def _handle_AddF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_SubF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_MulF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_DivF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_NegF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_AbsF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_SinF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_CosF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
+    def _handle_ScaleF(self, expr):
+        return self._top(expr.result_size(self.tyenv))
     def _handle_RdTmp(self, expr):
         tmp = expr.tmp
@@ -294,6 +339,10 @@ class SimEngineLightVEXMixin(SimEngineLightMixin):
             handler = "_handle_Clz"
         elif expr.op.startswith("Iop_Ctz"):
             handler = "_handle_Ctz"
+        elif expr.op.startswith("Iop_NegF"):
+            handler = "_handle_NegF"
+        elif expr.op.startswith("Iop_AbsF"):
+            handler = "_handle_AbsF"
         if handler is not None and hasattr(self, handler):
             return getattr(self, handler)(expr)
@@ -361,6 +410,10 @@ class SimEngineLightVEXMixin(SimEngineLightMixin):
             handler = "_handle_16HLto32"
         elif expr.op.startswith("Iop_ExpCmpNE64"):
             handler = "_handle_ExpCmpNE64"
+        elif expr.op.startswith("Iop_SinF"):
+            handler = "_handle_SinF"
+        elif expr.op.startswith("Iop_CosF"):
+            handler = "_handle_CosF"
         vector_size, vector_count = None, None
         if handler is not None:
@@ -539,6 +592,10 @@ class SimEngineLightVEXMixin(SimEngineLightMixin):
         return expr_0 * expr_1
+    def _handle_Mull(self, expr):
+        self._binop_get_args(expr)
+        return self._top(expr.result_size(self.tyenv))
     def _handle_DivMod(self, expr):
         args, r = self._binop_get_args(expr)
         if args is None:
@@ -938,35 +995,47 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
         return expr
     def _ail_handle_UnaryOp(self, expr):
-        handler_name = "_ail_handle_%s" % expr.op
+        handler_name = f"_handle_{expr.op}"
         try:
             handler = getattr(self, handler_name)
         except AttributeError:
-            if self.l is not None:
-                self.l.warning("Unsupported UnaryOp %s.", expr.op)
-            return None
+            handler_name = "_ail_handle_%s" % expr.op
+            try:
+                handler = getattr(self, handler_name)
+            except AttributeError:
+                if self.l is not None:
+                    self.l.warning("Unsupported UnaryOp %s.", expr.op)
+                return None
         return handler(expr)
     def _ail_handle_BinaryOp(self, expr):
-        handler_name = "_ail_handle_%s" % expr.op
+        handler_name = f"_handle_{expr.op}"
         try:
             handler = getattr(self, handler_name)
         except AttributeError:
-            if self.l is not None:
-                self.l.warning("Unsupported BinaryOp %s.", expr.op)
-            return None
+            handler_name = "_ail_handle_%s" % expr.op
+            try:
+                handler = getattr(self, handler_name)
+            except AttributeError:
+                if self.l is not None:
+                    self.l.warning("Unsupported BinaryOp %s.", expr.op)
+                return None
         return handler(expr)
     def _ail_handle_TernaryOp(self, expr):
-        handler_name = "_ail_handle_%s" % expr.op
+        handler_name = f"_handle_{expr.op}"
         try:
             handler = getattr(self, handler_name)
         except AttributeError:
-            if self.l is not None:
-                self.l.warning("Unsupported Ternary %s.", expr.op)
-            return None
+            handler_name = "_ail_handle_%s" % expr.op
+            try:
+                handler = getattr(self, handler_name)
+            except AttributeError:
+                if self.l is not None:
+                    self.l.warning("Unsupported Ternary %s.", expr.op)
+                return None
         return handler(expr)
@@ -974,6 +1043,44 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
     # Binary operation handlers
     #
+    def _ail_handle_CmpEQ(self, expr):
+        arg0, arg1 = expr.operands
+        expr_0 = self._expr(arg0)
+        expr_1 = self._expr(arg1)
+        if expr_0 is None:
+            expr_0 = arg0
+        if expr_1 is None:
+            expr_1 = arg1
+        try:
+            if isinstance(expr_0, ailment.Expr.Const) and isinstance(expr_1, ailment.Expr.Const):
+                if expr_0.value == expr_1.value:
+                    return ailment.Expr.Const(None, None, 1, 1)
+                return ailment.Expr.Const(None, None, 0, 1)
+        except TypeError:
+            pass
+        return ailment.Expr.BinaryOp(expr.idx, "CmpEQ", [expr_0, expr_1], expr.signed, **expr.tags)
+    def _ail_handle_CmpNE(self, expr):
+        arg0, arg1 = expr.operands
+        expr_0 = self._expr(arg0)
+        expr_1 = self._expr(arg1)
+        if expr_0 is None:
+            expr_0 = arg0
+        if expr_1 is None:
+            expr_1 = arg1
+        try:
+            if isinstance(expr_0, ailment.Expr.Const) and isinstance(expr_1, ailment.Expr.Const):
+                if expr_0.value != expr_1.value:
+                    return ailment.Expr.Const(None, None, 1, 1)
+                return ailment.Expr.Const(None, None, 0, 1)
+        except TypeError:
+            pass
+        return ailment.Expr.BinaryOp(expr.idx, "CmpNE", [expr_0, expr_1], expr.signed, **expr.tags)
     def _ail_handle_CmpLT(self, expr):
         arg0, arg1 = expr.operands
@@ -985,9 +1092,13 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
             expr_1 = arg1
         try:
-            return expr_0 <= expr_1
+            if isinstance(expr_0, ailment.Expr.Const) and isinstance(expr_1, ailment.Expr.Const):
+                if expr_0.value < expr_1.value:
+                    return ailment.Expr.Const(None, None, 1, 1)
+                return ailment.Expr.Const(None, None, 0, 1)
         except TypeError:
-            return ailment.Expr.BinaryOp(expr.idx, "CmpLT", [expr_0, expr_1], expr.signed, **expr.tags)
+            pass
+        return ailment.Expr.BinaryOp(expr.idx, "CmpLT", [expr_0, expr_1], expr.signed, **expr.tags)
     def _ail_handle_Add(self, expr):
         arg0, arg1 = expr.operands
@@ -1078,7 +1189,14 @@ class SimEngineLightAILMixin(SimEngineLightMixin):
             expr_1 = arg1
         return ailment.Expr.BinaryOp(
-            expr.idx, "DivMod", [expr_0, expr_1], expr.signed, bits=expr_0.bits * 2, **expr.tags
+            expr.idx,
+            "DivMod",
+            [expr_0, expr_1],
+            expr.signed,
+            bits=expr.bits,
+            from_bits=expr.from_bits,
+            to_bits=expr.to_bits,
+            **expr.tags,
         )
     def _ail_handle_Mod(self, expr):

angr/knowledge_plugins/functions/function.py CHANGED Viewed

@@ -1535,6 +1535,10 @@ class Function(Serializable):
         for library in libraries:
             for name in name_variants:
+                if isinstance(library, SimSyscallLibrary):
+                    # FIXME: we don't support getting declaration from a syscall library yet. we don't have the concept
+                    # of abi at this point.
+                    continue
                 if not library.has_prototype(name):
                     continue

angr/knowledge_plugins/key_definitions/environment.py CHANGED Viewed

@@ -14,6 +14,8 @@ class Environment:
     **Note**: The <Environment> object does not store the values associated with variables themselves.
     """
+    __slots__ = ("_environment",)
     def __init__(self, environment: Dict[Union[str, Undefined], Set[claripy.ast.Base]] = None):
         self._environment: Dict[Union[str, Undefined], Set[claripy.ast.Base]] = environment or {}
@@ -81,3 +83,12 @@ class Environment:
         merge_occurred = new_env != self._environment
         return Environment(environment=new_env), merge_occurred
+    def compare(self, other: "Environment") -> bool:
+        for k in set(self._environment.keys()).union(set(other._environment.keys())):
+            if k not in self._environment:
+                return False
+            if k in self._environment and k in other._environment:
+                if not self._environment[k].issuperset(other._environment[k]):
+                    return False
+        return True