crosshair-tool 0.0.56__cp39-cp39-macosx_11_0_arm64.whl → 0.0.100__cp39-cp39-macosx_11_0_arm64.whl

crosshair/libimpl/builtinslib.py

@@ -3,34 +3,37 @@ import collections
 import copy
 import enum
 import io
-import math
 import operator as ops
+import os
 import re
 import string
 import sys
 import typing
+import warnings
 from abc import ABCMeta
 from array import array
+from collections.abc import Mapping
 from dataclasses import dataclass
-from functools import wraps
 from itertools import zip_longest
+from math import inf, isfinite, isinf, isnan, nan
 from numbers import Integral, Number, Real
-from sys import maxunicode
+from sys import maxunicode, version_info
 from typing import (
     Any,
     BinaryIO,
-    ByteString,
     Callable,
     Dict,
     FrozenSet,
     Hashable,
     Iterable,
     List,
+    MutableMapping,
     NamedTuple,
     NoReturn,
     Optional,
     Sequence,
     Set,
+    Sized,
     SupportsAbs,
     SupportsBytes,
     SupportsComplex,
@@ -49,9 +52,16 @@ from typing import (
 import typing_inspect  # type: ignore
 import z3  # type: ignore
 
+try:
+    # For reasons unknown, different distributions of z3 4.13.0 use differnt names.
+    from z3 import fpEQ
+except ImportError:
+    from z3 import FfpEQ as fpEQ
+
+import sys
+
 from crosshair.abcstring import AbcString
 from crosshair.core import (
-    CrossHairValue,
     SymbolicFactory,
     deep_realize,
     iter_types,
@@ -61,14 +71,16 @@ from crosshair.core import (
     realize,
     register_patch,
     register_type,
+    with_checked_self,
     with_realized_args,
     with_symbolic_self,
     with_uniform_probabilities,
 )
 from crosshair.objectproxy import ObjectProxy
 from crosshair.simplestructs import (
+    FrozenSetBase,
+    LinearSet,
     SequenceConcatenation,
-    SetBase,
     ShellMutableMap,
     ShellMutableSequence,
     ShellMutableSet,
@@ -97,19 +109,30 @@ from crosshair.type_repo import PYTYPE_SORT, SymbolicTypeRepository
 from crosshair.unicode_categories import UnicodeMaskCache
 from crosshair.util import (
     ATOMIC_IMMUTABLE_TYPES,
-    CrosshairInternal,
+    CrossHairInternal,
     CrosshairUnsupported,
+    CrossHairValue,
+    IdKeyedDict,
     IgnoreAttempt,
+    UnknownSatisfiability,
+    assert_tracing,
+    ch_stack,
     debug,
+    is_bytes_like,
     is_hashable,
     is_iterable,
     memo,
     name_of_type,
     smtlib_typename,
-    test_stack,
     type_arg_of,
 )
-from crosshair.z3util import z3And, z3Eq, z3Ge, z3Gt, z3IntVal, z3Or
+from crosshair.z3util import z3And, z3Eq, z3Ge, z3Gt, z3IntVal, z3Not, z3Or
+
+if sys.version_info >= (3, 12):
+    from collections.abc import Buffer
+else:
+    from collections.abc import ByteString as Buffer
+
 
 _T = TypeVar("_T")
 _VT = TypeVar("_VT")
@@ -145,6 +168,18 @@ def smt_or(a: bool, b: bool) -> bool:
     return a or b
 
 
+def smt_xor(a: bool, b: bool) -> bool:
+    with NoTracing():
+        if isinstance(a, SymbolicBool) or isinstance(b, SymbolicBool):
+            if isinstance(a, SymbolicBool) and isinstance(b, SymbolicBool):
+                return SymbolicBool(z3.Xor(a.var, b.var))
+            elif isinstance(a, bool):
+                return SymbolicBool(z3Not(b.var)) if a else b
+            elif isinstance(b, bool):
+                return SymbolicBool(z3Not(a.var)) if b else a
+    return a ^ b
+
+
 def smt_not(x: object) -> Union[bool, "SymbolicBool"]:
     with NoTracing():
         if isinstance(x, SymbolicBool):
@@ -154,6 +189,7 @@ def smt_not(x: object) -> Union[bool, "SymbolicBool"]:
 
 _NONHEAP_PYTYPES = set([int, float, bool, NoneType, complex])
 
+
 # TODO: isn't this pretty close to isinstance(typ, AtomicSymbolicValue)?
 def pytype_uses_heap(typ: Type) -> bool:
     return not (typ in _NONHEAP_PYTYPES)
@@ -170,7 +206,6 @@ def typeable_value(val: object) -> object:
 
 _SMT_INT_SORT = z3.IntSort()
 _SMT_BOOL_SORT = z3.BoolSort()
-_SMT_FLOAT_SORT = z3.RealSort()  # difficulty getting the solver to use z3.Float64()
 
 
 @memo
@@ -193,31 +228,11 @@ SymbolicGenerator = Callable[[Union[str, z3.ExprRef], type], object]
 
 
 def origin_of(typ: Type) -> Type:
-    typ = _WRAPPER_TYPE_TO_PYTYPE.get(typ, typ)  # TODO is the still required?
     if hasattr(typ, "__origin__"):
         return typ.__origin__
     return typ
 
 
-# TODO: refactor away casting in SMT-sapce:
-def smt_int_to_float(a: z3.ExprRef) -> z3.ExprRef:
-    if _SMT_FLOAT_SORT == z3.Float64():
-        return z3.fpRealToFP(z3.RNE(), z3.ToReal(a), _SMT_FLOAT_SORT)
-    elif _SMT_FLOAT_SORT == z3.RealSort():
-        return z3.ToReal(a)
-    else:
-        raise CrosshairInternal()
-
-
-def smt_bool_to_float(a: z3.ExprRef) -> z3.ExprRef:
-    if _SMT_FLOAT_SORT == z3.Float64():
-        return z3.If(a, z3.FPVal(1.0, _SMT_FLOAT_SORT), z3.FPVal(0.0, _SMT_FLOAT_SORT))
-    elif _SMT_FLOAT_SORT == z3.RealSort():
-        return z3.If(a, z3.RealVal(1), z3.RealVal(0))
-    else:
-        raise CrosshairInternal()
-
-
 def smt_coerce(val: Any) -> z3.ExprRef:
     if isinstance(val, SymbolicValue):
         return val.var
@@ -249,17 +264,17 @@ def invoke_dunder(obj: object, method_name: str, *args, **kwargs):
 class SymbolicValue(CrossHairValue):
     def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type):
         if is_tracing():
-            raise CrosshairInternal
+            raise CrossHairInternal
         self.snapshot = SnapshotRef(-1)
         self.python_type = typ
         if type(smtvar) is str:
-            self.var = self.__init_var__(typ, smtvar)
+            self.var: Any = self.__init_var__(typ, smtvar)
         else:
             self.var = smtvar
             # TODO test that smtvar's sort matches expected?
 
     def __init_var__(self, typ, varname):
-        raise CrosshairInternal(f"__init_var__ not implemented in {type(self)}")
+        raise CrossHairInternal(f"__init_var__ not implemented in {type(self)}")
 
     def __deepcopy__(self, memo):
         result = copy.copy(self)
@@ -315,7 +330,7 @@ class SymbolicValue(CrossHairValue):
 class AtomicSymbolicValue(SymbolicValue):
     def __init_var__(self, typ, varname):
         if is_tracing():
-            raise CrosshairInternal("Tracing while creating symbolic")
+            raise CrossHairInternal("Tracing while creating symbolic")
         z3type = self.__class__._ch_smt_sort()
         return z3.Const(varname, z3type)
 
@@ -324,20 +339,20 @@ class AtomicSymbolicValue(SymbolicValue):
 
     @classmethod
     def _ch_smt_sort(cls) -> z3.SortRef:
-        raise CrosshairInternal(f"_ch_smt_sort not implemented in {cls}")
+        raise CrossHairInternal(f"_ch_smt_sort not implemented in {cls}")
 
     @classmethod
     def _pytype(cls) -> Type:
-        raise CrosshairInternal(f"_pytype not implemented in {cls}")
+        # TODO: unify this with __ch_pytype__()? (this is classmethod though)
+        raise CrossHairInternal(f"_pytype not implemented in {cls}")
 
     @classmethod
-    def _smt_promote_literal(cls, val: object) -> Optional[z3.SortRef]:
-        raise CrosshairInternal(f"_smt_promote_literal not implemented in {cls}")
+    def _smt_promote_literal(cls, literal: object) -> Optional[z3.ExprRef]:
+        raise CrossHairInternal(f"_smt_promote_literal not implemented in {cls}")
 
     @classmethod
+    @assert_tracing(False)
     def _coerce_to_smt_sort(cls, input_value: Any) -> Optional[z3.ExprRef]:
-        if is_tracing():
-            raise CrosshairInternal("_coerce_to_smt_sort called while tracing")
         input_value = typeable_value(input_value)
         target_pytype = cls._pytype()
 
@@ -376,17 +391,61 @@ class AtomicSymbolicValue(SymbolicValue):
 
 
 _PYTYPE_TO_WRAPPER_TYPE: Dict[
-    type, Tuple[Type[AtomicSymbolicValue], ...]
+    type, Tuple[Tuple[Type[AtomicSymbolicValue], float], ...]
 ] = {}  # to be populated later
-_WRAPPER_TYPE_TO_PYTYPE: Dict[SymbolicGenerator, type] = {}
 
 
-def crosshair_types_for_python_type(typ: Type) -> Tuple[Type[AtomicSymbolicValue], ...]:
+def crosshair_types_for_python_type(
+    typ: Type,
+) -> Tuple[Tuple[Type[AtomicSymbolicValue], float], ...]:
     typ = normalize_pytype(typ)
     origin = origin_of(typ)
     return _PYTYPE_TO_WRAPPER_TYPE.get(origin, ())
 
 
+def python_types_using_atomic_symbolics() -> Iterable[Type[AtomicSymbolicValue]]:
+    return _PYTYPE_TO_WRAPPER_TYPE.keys()
+
+
+class ModelingDirector:
+    def __init__(self, *a) -> None:
+        # Maps python type to the symbolic type we've chosen to represent it (on this iteration)
+        self.global_representations: MutableMapping[
+            type, Optional[Type[AtomicSymbolicValue]]
+        ] = IdKeyedDict()
+
+    def get(self, typ: Type) -> Optional[Type[AtomicSymbolicValue]]:
+        representation_type = self.global_representations.get(typ, _MISSING)
+        if representation_type is _MISSING:
+            ch_types = crosshair_types_for_python_type(typ)
+            if not ch_types:
+                representation_type = None
+            elif len(ch_types) == 1:
+                representation_type = ch_types[0][0]
+            else:
+                space = context_statespace()
+                for option, probability in ch_types[:-1]:
+                    # NOTE: fork_parallel() is closer to what we want than smt_fork();
+                    # however, exhausting an incomplete representation path
+                    # (e.g. RealBasedSymbolicFloat) should not exhaust the branch.
+                    if space.smt_fork(
+                        desc=f"use_{option.__name__}", probability_true=probability
+                    ):
+                        representation_type = option
+                        break
+                else:
+                    representation_type = ch_types[-1][0]
+            self.global_representations[typ] = representation_type
+        return representation_type
+
+    def choose(self, typ: Type) -> Type[AtomicSymbolicValue]:
+        chosen = self.get(typ)
+        if chosen is None:
+            raise CrossHairInternal(f"No symbolics for {typ}")
+        return chosen
+
+
+@assert_tracing(False)
 def smt_to_ch_value(
     space: StateSpace, snapshot: SnapshotRef, smt_val: z3.ExprRef, pytype: type
 ) -> object:
@@ -395,11 +454,13 @@ def smt_to_ch_value(
             typ, smtlib_typename(typ) + "_inheap" + space.uniq(), allow_subtypes=True
         )
 
+    if isinstance(pytype, SymbolicType):
+        pytype = realize(pytype)
+
     if smt_val.sort() == HeapRef:
         return space.find_key_in_heap(smt_val, pytype, proxy_generator, snapshot)
-    ch_type = crosshair_types_for_python_type(pytype)
-    assert ch_type
-    return ch_type[0](smt_val, pytype)
+    ch_type = space.extra(ModelingDirector).choose(pytype)
+    return ch_type(smt_val, pytype)
 
 
 def force_to_smt_sort(
@@ -448,12 +509,24 @@ class FiniteFloat(KindedFloat):
 
 
 class NonFiniteFloat(KindedFloat):
-    pass
+    def get_finite_comparable(self, other: Union[FiniteFloat, "SymbolicFloat"]):
+        # These three cases help cover operations like `a * -inf` which is either
+        # positive of negative infinity depending on the sign of `a`.
+        if isinstance(other, FiniteFloat):
+            comparable: Union[float, SymbolicFloat] = other.val
+        else:
+            comparable = other
+        if comparable > 0:  # type: ignore
+            return 1
+        elif comparable < 0:
+            return -1
+        else:
+            return 0
 
 
 def numeric_binop(op: BinFn, a: Number, b: Number):
     if not is_tracing():
-        raise CrosshairInternal("Numeric operation on symbolic while not tracing")
+        raise CrossHairInternal("Numeric operation on symbolic while not tracing")
     with NoTracing():
         return numeric_binop_internal(op, a, b)
 
@@ -563,15 +636,27 @@ _BITWISE_OPS: Set[BinFn] = {
     ops.rshift,
     ops.lshift,
 }
+_VALID_OPS_ON_COMPLEX_TYPES: Set[BinFn] = {
+    ops.eq,
+    ops.ne,
+    ops.add,
+    ops.sub,
+    ops.mul,
+    ops.truediv,
+    ops.pow,
+}
 
 
 def apply_smt(op: BinFn, x: z3.ExprRef, y: z3.ExprRef) -> z3.ExprRef:
     # Mostly, z3 overloads operators and things just work.
     # But some special cases need to be checked first.
+    # TODO: we should investigate using the op override mechanism to
+    # dispatch to the right SMT operations.
     space = context_statespace()
     if op in _ARITHMETIC_OPS:
         if op in (ops.truediv, ops.floordiv, ops.mod):
-            if space.smt_fork(y == 0):
+            iszero = (fpEQ(y, 0.0)) if isinstance(y, z3.FPRef) else (y == 0)
+            if space.smt_fork(iszero):
                 raise ZeroDivisionError
             if op == ops.floordiv:
                 if space.smt_fork(y >= 0):
@@ -585,15 +670,18 @@ def apply_smt(op: BinFn, x: z3.ExprRef, y: z3.ExprRef) -> z3.ExprRef:
                     else:
                         return -x / -y
             if op == ops.mod:
-                if space.smt_fork(y >= 0):
+                if space.smt_fork(z3.Or(y >= 0, x % y == 0)):
                     return x % y
-                elif space.smt_fork(x % y == 0):
-                    return z3IntVal(0)
                 else:
                     return (x % y) + y
         elif op == ops.pow:
             if space.smt_fork(z3.And(x == 0, y < 0)):
                 raise ZeroDivisionError("zero cannot be raised to a negative power")
+            if z3.is_fp(x) or z3.is_fp(y):
+                # Smtlib does not support exponentiation on true floats
+                raise UnknownSatisfiability("pow on floats is not supported by smtlib")
+            if x.is_int() and y.is_int():
+                return z3.ToInt(op(x, y))
     return op(x, y)
 
 
@@ -604,10 +692,10 @@ _ALL_OPS = _ARITHMETIC_AND_COMPARISON_OPS.union(_BITWISE_OPS)
 def setup_binops():
     # Lower entries take precendence when searching.
 
-    # We check NaN and infitity immediately; not all
-    # symbolic floats support these cases.
+    # We check NaN and infitity immediately;
+    # RealBasedSymbolicFloats don't support these cases.
     def _(a: Real, b: float):
-        if math.isfinite(b):
+        if isfinite(b):
             return (a, FiniteFloat(b))  # type: ignore
         return (a, NonFiniteFloat(b))
 
@@ -623,7 +711,7 @@ def setup_binops():
     # Implicitly upconvert symbolic ints to floats.
     def _(a: SymbolicInt, b: Union[float, FiniteFloat, SymbolicFloat, complex]):
         with NoTracing():
-            return (SymbolicFloat(z3.ToReal(a.var)), b)
+            return (a.__float__(), b)
 
     setup_promotion(_, _ARITHMETIC_AND_COMPARISON_OPS)
 
@@ -641,61 +729,66 @@ def setup_binops():
 
     # complex
     def _(op: BinFn, a: SymbolicNumberAble, b: complex):
+        if op not in _VALID_OPS_ON_COMPLEX_TYPES:
+            raise TypeError
         return op(complex(a), b)  # type: ignore
 
     setup_binop(_, _ALL_OPS)
 
     # float
-    def _(op: BinFn, a: SymbolicFloat, b: SymbolicFloat):
+    def _(op: BinFn, a: SymbolicFloat, b: KindedFloat):
         with NoTracing():
-            return SymbolicFloat(apply_smt(op, a.var, b.var))
+            symbolic_type = context_statespace().extra(ModelingDirector).choose(float)
+            bval = symbolic_type._smt_promote_literal(b.val)
+            return SymbolicBool(apply_smt(op, a.var, bval))
 
-    setup_binop(_, _ARITHMETIC_OPS)
+    setup_binop(_, _COMPARISON_OPS)
 
-    def _(op: BinFn, a: SymbolicFloat, b: SymbolicFloat):
+    def _(op: BinFn, a: SymbolicFloat, b: KindedFloat):
         with NoTracing():
-            return SymbolicBool(apply_smt(op, a.var, b.var))
+            symbolic_type = context_statespace().extra(ModelingDirector).choose(float)
+            bval = symbolic_type._smt_promote_literal(b.val)
+            return symbolic_type(apply_smt(op, a.var, bval), float)
 
-    setup_binop(_, _COMPARISON_OPS)
+    setup_binop(_, _ARITHMETIC_OPS)
 
-    def _(op: BinFn, a: SymbolicFloat, b: FiniteFloat):
+    def _(op: BinFn, a: KindedFloat, b: SymbolicFloat):
         with NoTracing():
-            return SymbolicFloat(apply_smt(op, a.var, z3.RealVal(b.val)))
+            symbolic_type = context_statespace().extra(ModelingDirector).choose(float)
+            aval = symbolic_type._smt_promote_literal(a.val)
+            return symbolic_type(apply_smt(op, aval, b.var), float)
 
     setup_binop(_, _ARITHMETIC_OPS)
 
-    def _(op: BinFn, a: FiniteFloat, b: SymbolicFloat):
+    def _(op: BinFn, a: SymbolicFloat, b: SymbolicFloat):
         with NoTracing():
-            return SymbolicFloat(apply_smt(op, z3.RealVal(a.val), b.var))
+            symbolic_type = context_statespace().extra(ModelingDirector).choose(float)
+            return symbolic_type(apply_smt(op, a.var, b.var), float)
 
     setup_binop(_, _ARITHMETIC_OPS)
 
-    def _(op: BinFn, a: Union[FiniteFloat, SymbolicFloat], b: NonFiniteFloat):
-        if isinstance(a, FiniteFloat):
-            comparable_a: Union[float, SymbolicFloat] = a.val
-        else:
-            comparable_a = a
-        # These three cases help cover operations like `a * -inf` which is either
-        # positive of negative infinity depending on the sign of `a`.
-        if comparable_a > 0:  # type: ignore
-            return op(1, b.val)  # type: ignore
-        elif comparable_a < 0:
-            return op(-1, b.val)  # type: ignore
-        else:
-            return op(0, b.val)  # type: ignore
+    def _(op: BinFn, a: SymbolicFloat, b: SymbolicFloat):
+        with NoTracing():
+            return SymbolicBool(apply_smt(op, a.var, b.var))
+
+    setup_binop(_, _COMPARISON_OPS)
+
+    def _(op: BinFn, a: Union[FiniteFloat, RealBasedSymbolicFloat], b: NonFiniteFloat):
+        return op(b.get_finite_comparable(a), b.val)
 
     setup_binop(_, _ARITHMETIC_AND_COMPARISON_OPS)
 
-    def _(op: BinFn, a: NonFiniteFloat, b: NonFiniteFloat):
-        return op(a.val, b.val)  # type: ignore
+    def _(op: BinFn, a: NonFiniteFloat, b: Union[FiniteFloat, RealBasedSymbolicFloat]):
+        return op(a.val, a.get_finite_comparable(b))
 
     setup_binop(_, _ARITHMETIC_AND_COMPARISON_OPS)
 
-    def _(op: BinFn, a: SymbolicFloat, b: FiniteFloat):
-        with NoTracing():
-            return SymbolicBool(apply_smt(op, a.var, z3.RealVal(b.val)))
+    # def _(
+    #     op: BinFn, a: NonFiniteFloat, b: NonFiniteFloat
+    # ):  # TODO: isn't this impossible (one must be symbolic)?
+    #     return op(a.val, b.val)  # type: ignore
 
-    setup_binop(_, _COMPARISON_OPS)
+    # setup_binop(_, _ARITHMETIC_AND_COMPARISON_OPS)
 
     # int
     def _(op: BinFn, a: SymbolicInt, b: SymbolicInt):
@@ -746,19 +839,6 @@ def setup_binops():
 
     setup_binop(_, {ops.lshift, ops.rshift})
 
-    _AND_MASKS_TO_MOD = {
-        # It's common to use & to mask low bits. We can avoid realization by converting
-        # these situations into mod operations.
-        0x01: 2,
-        0x03: 4,
-        0x07: 8,
-        0x0F: 16,
-        0x1F: 32,
-        0x3F: 64,
-        0x7F: 128,
-        0xFF: 256,
-    }
-
     def _(op: BinFn, a: Integral, b: Integral):
         with NoTracing():
             if isinstance(b, SymbolicInt):
@@ -769,9 +849,12 @@ def setup_binops():
             b = realize(b)
             if b == 0:
                 return 0
-            mask_mod = _AND_MASKS_TO_MOD.get(b)
-            if mask_mod and isinstance(a, SymbolicInt):
-                if context_statespace().smt_fork(a.var >= 0, probability_true=0.75):
+            # It's common to use & to mask low bits. We can avoid realization by converting
+            # these situations into mod operations.
+            mask_mod = b + 1
+            if b > 0 and mask_mod & b == 0 and isinstance(a, SymbolicInt):  # type: ignore
+                space = context_statespace()
+                if space.smt_fork(a.var >= 0, probability_true=0.75):
                     return SymbolicInt(a.var % mask_mod)
                 else:
                     return SymbolicInt(b - ((-a.var - 1) % mask_mod))
@@ -782,9 +865,8 @@ def setup_binops():
     setup_binop(_, {ops.and_})
 
     # TODO: is this necessary still?
-    def _(
-        op: BinFn, a: Integral, b: Integral
-    ):  # Floor division over ints requires realization, at present
+    # Floor division over ints requires realization, at present:
+    def _(op: BinFn, a: Integral, b: Integral):
         return op(a.__index__(), b.__index__())  # type: ignore
 
     setup_binop(_, {ops.truediv})
@@ -794,35 +876,74 @@ def setup_binops():
 
     setup_promotion(_, {ops.truediv})
 
-    def _float_divmod(a: Union[float, SymbolicFloat], b: Union[float, SymbolicFloat]):
+    # TODO : precise float divmod
+    def _float_divmod(
+        a: Union[NonFiniteFloat, FiniteFloat, RealBasedSymbolicFloat],
+        b: Union[NonFiniteFloat, FiniteFloat, RealBasedSymbolicFloat],
+    ):
         with NoTracing():
-            smt_a = SymbolicFloat._coerce_to_smt_sort(a)
-            smt_b = SymbolicFloat._coerce_to_smt_sort(b)
-            if smt_a is None or smt_b is None:
-                raise CrosshairInternal
             space = context_statespace()
+            bval = RealBasedSymbolicFloat._coerce_to_smt_sort(a)
+            # division by zero is checked first
+            if not isinstance(b, NonFiniteFloat):
+                smt_b = (
+                    RealBasedSymbolicFloat._smt_promote_literal(b.val)
+                    if isinstance(b, FiniteFloat)
+                    else b.var
+                )
+                if space.smt_fork(smt_b == 0):
+                    raise ZeroDivisionError
+            # then the non-finite cases:
+            if isinstance(a, NonFiniteFloat):
+                return (nan, nan)
+            smt_a = (
+                RealBasedSymbolicFloat._smt_promote_literal(a.val)
+                if isinstance(a, FiniteFloat)
+                else a.var
+            )
+            assert smt_a is not None
+            if isinstance(b, NonFiniteFloat):
+                if isnan(b.val):
+                    return (nan, nan)
+                # Deduced the rules for infinitiy based on experimentation!:
+                positive_a = space.smt_fork(smt_a >= 0)
+                positive_b = b.val == inf
+                if positive_a ^ positive_b:
+                    if space.smt_fork(smt_a == 0):
+                        return (0.0, 0.0) if positive_b else (-0.0, -0.0)
+                    return (-1.0, b.val)
+                else:
+                    return (0.0, a.val if isinstance(a, FiniteFloat) else a)
+            assert smt_b is not None
+
             remainder = z3.Real(f"remainder{space.uniq()}")
             modproduct = z3.Int(f"modproduct{space.uniq()}")
             # From https://docs.python.org/3.3/reference/expressions.html#binary-arithmetic-operations:
             # The modulo operator always yields a result with the same sign as its second operand (or zero).
             # absolute value of the result is strictly smaller than the absolute value of the second operand.
             space.add(smt_b * modproduct + remainder == smt_a)
-            if space.smt_fork(smt_b == 0):
-                raise ZeroDivisionError
-            elif space.smt_fork(smt_b > 0):
+            if space.smt_fork(smt_b > 0):
                 space.add(remainder >= 0)
                 space.add(remainder < smt_b)
             else:
                 space.add(remainder <= 0)
                 space.add(smt_b < remainder)
-            return (SymbolicInt(modproduct), SymbolicFloat(remainder))
+            return (SymbolicInt(modproduct), RealBasedSymbolicFloat(remainder))
 
-    def _(op: BinFn, a: Union[float, SymbolicFloat], b: Union[float, SymbolicFloat]):
+    def _(
+        op: BinFn,
+        a: Union[NonFiniteFloat, FiniteFloat, RealBasedSymbolicFloat],
+        b: Union[NonFiniteFloat, FiniteFloat, RealBasedSymbolicFloat],
+    ):
         return _float_divmod(a, b)[1]
 
     setup_binop(_, {ops.mod})
 
-    def _(op: BinFn, a: Union[float, SymbolicFloat], b: Union[float, SymbolicFloat]):
+    def _(
+        op: BinFn,
+        a: Union[NonFiniteFloat, FiniteFloat, RealBasedSymbolicFloat],
+        b: Union[NonFiniteFloat, FiniteFloat, RealBasedSymbolicFloat],
+    ):
         return _float_divmod(a, b)[0]
 
     setup_binop(_, {ops.floordiv})
@@ -865,6 +986,9 @@ class SymbolicNumberAble(SymbolicValue, Real):
     def __eq__(self, other):
         return numeric_binop(ops.eq, self, other)
 
+    def __ne__(self, other):
+        return numeric_binop(ops.ne, self, other)
+
     def __add__(self, other):
         return numeric_binop(ops.add, self, other)
 
@@ -885,7 +1009,7 @@ class SymbolicNumberAble(SymbolicValue, Real):
 
     def __pow__(self, other, mod=None):
         if mod is not None:
-            return pow(realize(self), pow, mod)
+            return pow(realize(self), realize(other), realize(mod))
         return numeric_binop(ops.pow, self, other)
 
     def __rpow__(self, other, mod=None):
@@ -989,6 +1113,7 @@ class SymbolicBool(SymbolicIntable, AtomicSymbolicValue):
     def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type = bool):
         assert typ == bool
         SymbolicValue.__init__(self, smtvar, typ)
+        self._ch_decision_triggers: List[Callable[[bool], None]] = []
 
     @classmethod
     def _ch_smt_sort(cls) -> z3.SortRef:
@@ -999,14 +1124,21 @@ class SymbolicBool(SymbolicIntable, AtomicSymbolicValue):
         return bool
 
     @classmethod
-    def _smt_promote_literal(cls, literal) -> Optional[z3.SortRef]:
+    def _smt_promote_literal(cls, literal) -> Optional[z3.ExprRef]:
         if isinstance(literal, bool):
             return z3.BoolVal(literal)
         return None
 
-    def __ch_realize__(self) -> object:
+    def __ch_realize__(self) -> bool:
         with NoTracing():
-            return context_statespace().choose_possible(self.var)
+            realized = context_statespace().choose_possible(self.var)
+            for trigger in self._ch_decision_triggers:
+                trigger(realized)
+            return realized
+
+    def __abs__(self):
+        with NoTracing():
+            return SymbolicInt(z3.If(self.var, 1, 0))
 
     def __neg__(self):
         with NoTracing():
@@ -1022,9 +1154,8 @@ class SymbolicBool(SymbolicIntable, AtomicSymbolicValue):
         with NoTracing():
             return SymbolicInt(z3.If(self.var, 1, 0))
 
-    def __bool__(self):
-        with NoTracing():
-            return context_statespace().choose_possible(self.var)
+    def __bool__(self) -> bool:
+        return self.__ch_realize__()
 
     def __int__(self):
         with NoTracing():
@@ -1032,7 +1163,10 @@ class SymbolicBool(SymbolicIntable, AtomicSymbolicValue):
 
     def __float__(self):
         with NoTracing():
-            return SymbolicFloat(smt_bool_to_float(self.var))
+            symbolic_type = context_statespace().extra(ModelingDirector).choose(float)
+            smt_false = symbolic_type._coerce_to_smt_sort(0)
+            smt_true = symbolic_type._coerce_to_smt_sort(1)
+            return symbolic_type(z3.If(self.var, smt_true, smt_false))
 
     def __complex__(self):
         with NoTracing():
@@ -1046,6 +1180,10 @@ class SymbolicBool(SymbolicIntable, AtomicSymbolicValue):
 class SymbolicInt(SymbolicIntable, AtomicSymbolicValue):
     def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type = int):
         assert typ == int
+        if (not isinstance(smtvar, str)) and (not smtvar.is_int()):
+            raise CrossHairInternal(
+                f"non-integer SMT value given to SymbolicInt ({smtvar})"
+            )
         SymbolicIntable.__init__(self, smtvar, typ)
 
     @classmethod
@@ -1057,7 +1195,7 @@ class SymbolicInt(SymbolicIntable, AtomicSymbolicValue):
         return int
 
     @classmethod
-    def _smt_promote_literal(cls, literal) -> Optional[z3.SortRef]:
+    def _smt_promote_literal(cls, literal) -> Optional[z3.ExprRef]:
         if isinstance(literal, int):
             return z3IntVal(literal)
         return None
@@ -1071,12 +1209,18 @@ class SymbolicInt(SymbolicIntable, AtomicSymbolicValue):
 
     def __repr__(self):
         if self < 0:
-            return "-" + abs(self).__repr__()
-        codepoints = []
-        while self >= 10:
-            codepoints.append(48 + (self % 10))
-            self = self // 10
-        codepoints.append(48 + self)
+            return "-" + (-self).__repr__()
+        if self < 10:
+            return LazyIntSymbolicStr([48 + self])
+        codepoints = [48 + (self % 10)]
+        cur_divisor = 10
+        while True:
+            leftover = self // cur_divisor
+            if leftover != 0:
+                codepoints.append(48 + (leftover % 10))
+                cur_divisor *= 10
+            else:
+                break
         with NoTracing():
             codepoints.reverse()
             return LazyIntSymbolicStr(codepoints)
@@ -1102,7 +1246,18 @@ class SymbolicInt(SymbolicIntable, AtomicSymbolicValue):
 
     def __float__(self):
         with NoTracing():
-            return SymbolicFloat(smt_int_to_float(self.var))
+            symbolic_type = context_statespace().extra(ModelingDirector).choose(float)
+            if symbolic_type is RealBasedSymbolicFloat:
+                return RealBasedSymbolicFloat(z3.ToReal(self.var))
+            elif symbolic_type is PreciseIeeeSymbolicFloat:
+                # TODO: We can likely do better with: int -> bit vector -> float
+                return PreciseIeeeSymbolicFloat(
+                    z3.fpRealToFP(
+                        z3.RNE(), z3.ToReal(self.var), _PRECISE_IEEE_FLOAT_SORT
+                    )
+                )
+            else:
+                raise CrossHairInternal
 
     def __complex__(self):
         return complex(self.__float__())
@@ -1165,7 +1320,7 @@ class SymbolicInt(SymbolicIntable, AtomicSymbolicValue):
                 z3.If(val < 128, 7, 8)))))))))
             # fmt: on
 
-    if sys.version_info >= (3, 12):
+    if version_info >= (3, 12):
 
         def is_integer(self):
             return True
@@ -1199,41 +1354,123 @@ class SymbolicInt(SymbolicIntable, AtomicSymbolicValue):
         return (self, 1)
 
 
-def make_bounded_int(
-    varname: str, minimum: Optional[int] = None, maximum: Optional[int] = None
-) -> SymbolicInt:
-    space = context_statespace()
-    symbolic = SymbolicInt(varname)
-    if minimum is not None:
-        space.add(symbolic.var >= minimum)
-    if maximum is not None:
-        space.add(symbolic.var <= maximum)
-    return symbolic
+class SymbolicBoundedInt(SymbolicInt):
+    def __init__(
+        self,
+        smtvar: Union[str, z3.ExprRef],
+        typ: Type,
+        minimum: Optional[int] = None,
+        maximum: Optional[int] = None,
+    ):
+        SymbolicInt.__init__(self, smtvar, typ)
+        space = context_statespace()
+        self._ch_minimum = minimum
+        self._ch_maximum = maximum
+        if minimum is not None:
+            space.add(self.var >= minimum)
+        if maximum is not None:
+            space.add(self.var <= maximum)
+
+    def __lt__(self, other):
+        with NoTracing():
+            if isinstance(other, int):
+                if self._ch_minimum is not None and other < self._ch_minimum:
+                    return False
+                if self._ch_maximum is not None and other > self._ch_maximum:
+                    return True
+            with ResumedTracing():
+                ret = super().__lt__(other)
+            if isinstance(other, int):
+                if isinstance(ret, SymbolicBool):
+                    ret._ch_decision_triggers.append(
+                        lambda islt: (
+                            self._ch_intersect_bounds(None, other - 1)
+                            if islt
+                            else self._ch_intersect_bounds(other, None)
+                        )
+                    )
+        return ret
 
+    def __gt__(self, other):
+        with NoTracing():
+            if isinstance(other, int):
+                if self._ch_maximum is not None and other > self._ch_maximum:
+                    return False
+                if self._ch_minimum is not None and other < self._ch_minimum:
+                    return True
+            with ResumedTracing():
+                ret = super().__gt__(other)
+            if isinstance(other, int):
+                if isinstance(ret, SymbolicBool):
+                    ret._ch_decision_triggers.append(
+                        lambda isgt: (
+                            self._ch_intersect_bounds(other + 1, None)
+                            if isgt
+                            else self._ch_intersect_bounds(None, other)
+                        )
+                    )
+        return ret
 
-_Z3_ONE_HALF = z3.RealVal("1/2")
+    def _ch_intersect_bounds(
+        self, new_min: Optional[int], new_max: Optional[int]
+    ) -> None:
+        space = context_statespace()
+        if new_min is not None:
+            if self._ch_minimum is None or new_min > self._ch_minimum:
+                self._ch_minimum = new_min
+                space.add(
+                    self.var >= int(new_min)
+                )  # cast b/c z3 isn't tolerant of enum ints
+        if new_max is not None:
+            if self._ch_maximum is None or new_max < self._ch_maximum:
+                self._ch_maximum = new_max
+                space.add(
+                    self.var <= int(new_max)
+                )  # cast b/c z3 isn't tolerant of enum ints
 
+    def _unary_op(self, op):
+        with NoTracing():
+            if op is ops.neg:
+                new_min = -self._ch_maximum if self._ch_maximum is not None else None
+                new_max = -self._ch_minimum if self._ch_minimum is not None else None
+                return SymbolicBoundedInt(op(self.var), int, new_min, new_max)
+            elif op is ops.abs:
+                if self._ch_minimum is not None and self._ch_minimum >= 0:
+                    return self
+                if self._ch_maximum is not None and self._ch_maximum <= 0:
+                    return SymbolicBoundedInt(
+                        -self.var,
+                        int,
+                        -self._ch_maximum,
+                        -self._ch_minimum if self._ch_minimum is not None else None,
+                    )
+                if self._ch_maximum is not None or self._ch_minimum is not None:
+                    # range includes zero; compute max abs value
+                    max_abs = max(
+                        abs(self._ch_minimum or 0),
+                        abs(self._ch_maximum or 0),
+                    )
+                    return SymbolicInt(op(self.var), int, 0, max_abs)
+                return SymbolicInt(op(self.var), int, 0, None)
+            elif op is ops.pos:
+                return self
+            elif op is ops.invert:
+                pass  # TODO: we could do something for bitwise negation
+            # Default to unbounded:
+            return SymbolicInt(op(self.var), int)
 
-class SymbolicFloat(SymbolicNumberAble, AtomicSymbolicValue):
-    def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type = float):
-        assert typ is float, f"SymbolicFloat with unexpected python type ({type(typ)})"
-        context_statespace().cap_result_at_unknown()
-        SymbolicValue.__init__(self, smtvar, typ)
 
-    @classmethod
-    def _ch_smt_sort(cls) -> z3.SortRef:
-        return z3.RealSort()
+def make_bounded_int(
+    varname: str, minimum: Optional[int] = None, maximum: Optional[int] = None
+) -> SymbolicInt:
+    return SymbolicBoundedInt(varname, int, minimum, maximum)
+
 
+class SymbolicFloat(SymbolicNumberAble, AtomicSymbolicValue):
     @classmethod
     def _pytype(cls) -> Type:
         return float
 
-    @classmethod
-    def _smt_promote_literal(cls, literal) -> Optional[z3.SortRef]:
-        if isinstance(literal, float):
-            return z3.RealVal(literal)
-        return None
-
     def __ch_realize__(self) -> object:
         return context_statespace().find_model_value(self.var).__float__()  # type: ignore
 
@@ -1247,11 +1484,6 @@ class SymbolicFloat(SymbolicNumberAble, AtomicSymbolicValue):
         with NoTracing():
             return SymbolicBool(self.var != 0).__bool__()
 
-    def __int__(self):
-        with NoTracing():
-            var = self.var
-            return SymbolicInt(z3.If(var >= 0, z3.ToInt(var), -z3.ToInt(-var)))
-
     def __float__(self):
         with NoTracing():
             return self.__ch_realize__()
@@ -1260,6 +1492,163 @@ class SymbolicFloat(SymbolicNumberAble, AtomicSymbolicValue):
         with NoTracing():
             return complex(self.__float__())
 
+    def hex(self) -> str:
+        return realize(self).hex()
+
+
+_PRECISE_IEEE_FLOAT_SORT = {
+    11: z3.Float16(),
+    24: z3.Float32(),
+    53: z3.Float64(),
+}[sys.float_info.mant_dig]
+
+
+class PreciseIeeeSymbolicFloat(SymbolicFloat):
+    def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type = float):
+        if not isinstance(smtvar, str) and not z3.is_fp(smtvar):
+            raise CrossHairInternal(
+                f"non-float SMT value ({name_of_type(type(smtvar))}) given to PreciseIeeeSymbolicFloat"
+            )
+        SymbolicValue.__init__(self, smtvar, typ)
+
+    @classmethod
+    def _ch_smt_sort(cls) -> z3.SortRef:
+        return _PRECISE_IEEE_FLOAT_SORT
+
+    @classmethod
+    def _smt_promote_literal(cls, literal) -> Optional[z3.ExprRef]:
+        if isinstance(literal, float):
+            return z3.FPVal(literal, cls._ch_smt_sort())
+        return None
+
+    def __eq__(self, other):
+        with NoTracing():
+            coerced = type(self)._coerce_to_smt_sort(other)
+            if coerced is None:
+                return False
+            return SymbolicBool(fpEQ(self.var, coerced))
+
+    # __hash__ has to be explicitly reassigned because we define __eq__
+    __hash__ = SymbolicFloat.__hash__
+
+    def __bool__(self):
+        with NoTracing():
+            return not SymbolicBool(z3.fpIsZero(self.var))
+
+    def __ne__(self, other):
+        with NoTracing():
+            coerced = type(self)._coerce_to_smt_sort(other)
+            if coerced is None:
+                return True
+            return SymbolicBool(z3.Not(fpEQ(self.var, coerced)))
+
+    def __int__(self):
+        with NoTracing():
+            self._check_finite_convert_to("integer")
+            return SymbolicInt(
+                z3.ToInt(z3.fpToReal(z3.fpRoundToIntegral(z3.RTZ(), self.var)))
+            )
+
+    def __round__(self, ndigits=None):
+        self_is_finite = isfinite(self)
+        if ndigits is None:
+            if not self_is_finite:
+                # CPython only errors like this when ndigits is None (for ... reasons)
+                if isinf(self):
+                    raise OverflowError("cannot convert float infinity to integer")
+                else:
+                    raise ValueError("cannot convert float NaN to integer")
+        elif ndigits != 0:
+            if not isinstance(ndigits, int):
+                raise TypeError(
+                    f"'{name_of_type(type(ndigits))}' object cannot be interpreted as an integer"
+                )
+            factor = 10**ndigits
+            return round(self * factor, 0) / factor
+        with NoTracing():
+            if self_is_finite:
+                smt_rounded_real = z3.fpRoundToIntegral(z3.RNE(), self.var)
+                if ndigits is None:
+                    return SymbolicInt(z3.ToInt(z3.fpToReal(smt_rounded_real)))
+                else:
+                    return PreciseIeeeSymbolicFloat(smt_rounded_real)
+            # Non-finites returns themselves if you supply ndigits:
+            return self
+
+    def _check_finite_convert_to(self, target: str) -> None:
+        if isfinite(self):
+            return
+        elif isinf(self):
+            raise OverflowError("cannot convert Infinity to " + target)
+        else:
+            raise ValueError("cannot convert NaN to " + target)
+
+    def __floor__(self):
+        with NoTracing():
+            self._check_finite_convert_to("integer")
+            return PreciseIeeeSymbolicFloat(z3.fpRoundToIntegral(z3.RTN(), self.var))
+
+    def __floordiv__(self, other):
+        r = self / other
+        with NoTracing():
+            return PreciseIeeeSymbolicFloat(z3.fpRoundToIntegral(z3.RTN(), r.var))
+
+    def __rfloordiv__(self, other):
+        r = other / self
+        with NoTracing():
+            return PreciseIeeeSymbolicFloat(z3.fpRoundToIntegral(z3.RTN(), r.var))
+
+    def __ceil__(self):
+        with NoTracing():
+            self._check_finite_convert_to("integer")
+            return PreciseIeeeSymbolicFloat(z3.fpRoundToIntegral(z3.RTP(), self.var))
+
+    def __pow__(self, other, mod=None):
+        # TODO: consider losen-ing a little
+        return pow(realize(self), realize(other), realize(mod))
+
+    def __trunc__(self):
+        with NoTracing():
+            self._check_finite_convert_to("integer")
+            return PreciseIeeeSymbolicFloat(z3.fpRoundToIntegral(z3.RTZ(), self.var))
+
+    def as_integer_ratio(self) -> Tuple[Integral, Integral]:
+        with NoTracing():
+            self._check_finite_convert_to("integer ratio")
+            return RealBasedSymbolicFloat(z3.fpToReal(self.var)).as_integer_ratio()
+
+    def is_integer(self) -> SymbolicBool:
+        return self == self.__int__()
+        # with NoTracing():
+        #     return SymbolicBool(z3.IsInt(self.var))
+
+
+_Z3_ONE_HALF = z3.RealVal("1/2")
+
+
+class RealBasedSymbolicFloat(SymbolicFloat):
+    def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type = float):
+        assert (
+            typ is float
+        ), f"RealBasedSymbolicFloat with unexpected python type ({type(typ)})"
+        context_statespace().cap_result_at_unknown()
+        SymbolicValue.__init__(self, smtvar, typ)
+
+    @classmethod
+    def _ch_smt_sort(cls) -> z3.SortRef:
+        return z3.RealSort()
+
+    @classmethod
+    def _smt_promote_literal(cls, literal) -> Optional[z3.ExprRef]:
+        if isinstance(literal, float) and isfinite(literal):
+            return z3.RealVal(literal)
+        return None
+
+    def __int__(self):
+        with NoTracing():
+            var = self.var
+            return SymbolicInt(z3.If(var >= 0, z3.ToInt(var), -z3.ToInt(-var)))
+
     def __round__(self, ndigits=None):
         if ndigits is not None:
             factor = 10 ** realize(
@@ -1308,6 +1697,7 @@ class SymbolicFloat(SymbolicNumberAble, AtomicSymbolicValue):
             denominator = SymbolicInt("denominator" + space.uniq())
             space.add(denominator.var > 0)
             space.add(numerator.var == denominator.var * self.var)
+
         # There are many valid integer ratios to return. Experimentally, both
         # z3 and CPython tend to pick the same ones. But verify this, while
         # deferring materialization:
@@ -1323,9 +1713,6 @@ class SymbolicFloat(SymbolicNumberAble, AtomicSymbolicValue):
         with NoTracing():
             return SymbolicBool(z3.IsInt(self.var))
 
-    def hex(self) -> str:
-        return realize(self).hex()
-
 
 class SymbolicDictOrSet(SymbolicValue):
     """
@@ -1335,15 +1722,16 @@ class SymbolicDictOrSet(SymbolicValue):
 
     def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type):
         self.key_pytype = normalize_pytype(type_arg_of(typ, 0))
-        ch_types = crosshair_types_for_python_type(self.key_pytype)
-        if ch_types:
-            self.ch_key_type: Optional[Type[AtomicSymbolicValue]] = ch_types[0]
+        space = context_statespace()
+        ch_type = space.extra(ModelingDirector).get(self.key_pytype)
+        if ch_type:
+            self.ch_key_type: Optional[Type[AtomicSymbolicValue]] = ch_type
             self.smt_key_sort = self.ch_key_type._ch_smt_sort()
         else:
             self.ch_key_type = None
             self.smt_key_sort = HeapRef
         SymbolicValue.__init__(self, smtvar, typ)
-        context_statespace().add(self._len() >= 0)
+        space.add(self._len() >= 0)
 
     def __ch_realize__(self):
         return origin_of(self.python_type)(self)
@@ -1370,9 +1758,9 @@ class SymbolicDict(SymbolicDictOrSet, collections.abc.Mapping):
     def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type):
         space = context_statespace()
         self.val_pytype = normalize_pytype(type_arg_of(typ, 1))
-        val_ch_types = crosshair_types_for_python_type(self.val_pytype)
-        if val_ch_types:
-            self.ch_val_type: Optional[Type[AtomicSymbolicValue]] = val_ch_types[0]
+        val_ch_type = space.extra(ModelingDirector).get(self.val_pytype)
+        if val_ch_type:
+            self.ch_val_type: Optional[Type[AtomicSymbolicValue]] = val_ch_type
             self.smt_val_sort = self.ch_val_type._ch_smt_sort()
         else:
             self.ch_val_type = None
@@ -1385,7 +1773,7 @@ class SymbolicDict(SymbolicDictOrSet, collections.abc.Mapping):
         self.val_constructor = arr_var.sort().range().constructor(1)
         self.val_accessor = arr_var.sort().range().accessor(1, 0)
         self.empty = z3.K(arr_var.sort().domain(), self.val_missing_constructor())
-        self._iter_cache: List[z3.Const] = []
+        self._iter_cache: List[z3.Const] = []  # TODO: is this used?
         space.add((arr_var == self.empty) == (len_var == 0))
 
         def dict_can_be_iterated():
@@ -1431,6 +1819,10 @@ class SymbolicDict(SymbolicDictOrSet, collections.abc.Mapping):
 
     def __repr__(self):
         return str(dict(self.items()))
+        # TODO: symbolic repr; something like this?:
+        # itemiter = self.items()
+        # with NoTracing():
+        #     return "{" + ", ".join(f"{repr(deep_realize(k))}: {repr(deep_realize(v))}" for k, v in tracing_iter(itemiter)) + "}"
 
     # TODO: __contains__ could be implemented without any path forks
 
@@ -1484,7 +1876,7 @@ class SymbolicDict(SymbolicDictOrSet, collections.abc.Mapping):
                 space.add(is_missing(z3.Select(remaining, k)))
 
                 if idx > len(iter_cache):
-                    raise CrosshairInternal()
+                    raise CrossHairInternal()
                 if idx == len(iter_cache):
                     iter_cache.append(k)
                 else:
@@ -1504,26 +1896,69 @@ class SymbolicDict(SymbolicDictOrSet, collections.abc.Mapping):
             return SymbolicDict(self.var, self.python_type)
 
 
-class SymbolicSet(SymbolicDictOrSet, SetBase, collections.abc.Set):
+class SymbolicFrozenSet(SymbolicDictOrSet, FrozenSetBase):
     def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type):
+        if origin_of(typ) != frozenset:
+            raise CrossHairInternal
         SymbolicDictOrSet.__init__(self, smtvar, typ)
         self._iter_cache: List[z3.Const] = []
         self.empty = z3.K(self._arr().sort().domain(), False)
-        context_statespace().add((self._arr() == self.empty) == (self._len() == 0))
+        space = context_statespace()
+        space.add((self._arr() == self.empty) == (self._len() == 0))
+        space.defer_assumption("symbolic set is consistent", self._is_consistent)
+
+    @assert_tracing(True)
+    def _is_consistent(self) -> SymbolicBool:
+        """
+        Checks whether the set size is consistent with the SMT array size
+
+        Realizes the size. (but not the values)
+        """
+        my_len = len(self)
+        with NoTracing():
+            target_len = 0
+            space = context_statespace()
+            comparison_smt_array = self.empty
+            items = []
+            while True:
+                with ResumedTracing():
+                    if target_len == my_len:
+                        break
+                item = z3.Const(f"set_{target_len}_{space.uniq()}", self.smt_key_sort)
+                items.append(item)
+                comparison_smt_array = z3.Store(comparison_smt_array, item, True)
+                target_len += 1
+            if len(items) >= 2:
+                space.add(z3.Distinct(*items))
+            return SymbolicBool(comparison_smt_array == self._arr())
+
+    def __ch_is_deeply_immutable__(self) -> bool:
+        return True
 
     def __ch_realize__(self):
         return python_type(self)(map(realize, self))
 
+    def __repr__(self):
+        if self:
+            return "frozenset({" + ", ".join(map(repr, self)) + "})"
+        else:
+            return "frozenset()"
+
+    def __hash__(self):
+        return deep_realize(self).__hash__()
+
     def __eq__(self, other):
         (self_arr, self_len) = self.var
-        if isinstance(other, SymbolicSet):
+        if isinstance(other, SymbolicFrozenSet):
             (other_arr, other_len) = other.var
             if other_arr.sort() == self_arr.sort():
                 # TODO: this is wrong for HeapRef sets (which could customize __eq__)
                 return SymbolicBool(
                     z3.And(self_len == other_len, self_arr == other_arr)
                 )
-        if not isinstance(other, (set, frozenset, SymbolicSet, collections.abc.Set)):
+        if not isinstance(
+            other, (set, frozenset, SymbolicFrozenSet, collections.abc.Set)
+        ):
             return False
         # Manually check equality. Drive size from the (likely) concrete value 'other':
         if len(self) != len(other):
@@ -1578,16 +2013,24 @@ class SymbolicSet(SymbolicDictOrSet, SetBase, collections.abc.Set):
             arr_sort = self._arr().sort()
             keys_on_heap = is_heapref_sort(arr_sort.domain())
             already_yielded = []
-            while SymbolicBool(idx < len_var).__bool__():
-                if space.choose_possible(arr_var == self.empty, probability_true=0.0):
-                    raise IgnoreAttempt("SymbolicSet in inconsistent state")
-                k = z3.Const("k" + str(idx) + space.uniq(), arr_sort.domain())
+            while True:
+                if idx < len(iter_cache):
+                    k = iter_cache[idx]
+                elif SymbolicBool(idx < len_var).__bool__():
+                    if space.choose_possible(
+                        arr_var == self.empty, probability_true=0.0
+                    ):
+                        raise IgnoreAttempt("SymbolicFrozenSet in inconsistent state")
+                    k = z3.Const("k" + str(idx) + space.uniq(), arr_sort.domain())
+                else:
+                    break
                 remaining = z3.Const("remaining" + str(idx) + space.uniq(), arr_sort)
                 space.add(arr_var == z3.Store(remaining, k, True))
+                # TODO: this seems like it won't work the same for heaprefs which can be distinct but equal:
                 space.add(z3.Not(z3.Select(remaining, k)))
 
                 if idx > len(iter_cache):
-                    raise CrosshairInternal()
+                    raise CrossHairInternal()
                 if idx == len(iter_cache):
                     iter_cache.append(k)
                 else:
@@ -1613,7 +2056,7 @@ class SymbolicSet(SymbolicDictOrSet, SetBase, collections.abc.Set):
             # In this conditional, we reconcile the parallel symbolic variables for length
             # and contents:
             if space.choose_possible(arr_var != self.empty, probability_true=0.0):
-                raise IgnoreAttempt("SymbolicSet in inconsistent state")
+                raise IgnoreAttempt("SymbolicFrozenSet in inconsistent state")
 
     def _set_op(self, attr, other):
         # We need to check the type of other here, because builtin sets
@@ -1657,40 +2100,15 @@ class SymbolicSet(SymbolicDictOrSet, SetBase, collections.abc.Set):
         return self._set_op("__sub__", other)
 
 
-class SymbolicFrozenSet(SymbolicSet):
-    def __repr__(self):
-        return deep_realize(self).__repr__()
-
-    def __hash__(self):
-        return deep_realize(self).__hash__()
-
-    @classmethod
-    def _from_iterable(cls, it):
-        # overrides collections.abc.Set's version
-        return frozenset(it)
-
-
-def flip_slice_vs_symbolic_len(
-    space: StateSpace,
+def flip_slice_vs_bounded_len(
     i: Union[int, slice],
-    smt_len: z3.ExprRef,
-) -> Union[z3.ExprRef, Tuple[z3.ExprRef, z3.ExprRef]]:
-    if is_tracing():
-        raise CrosshairInternal("index math while tracing")
-
-    def normalize_symbolic_index(idx) -> z3.ExprRef:
-        if type(idx) is int:
-            return z3IntVal(idx) if idx >= 0 else (smt_len + z3IntVal(idx))
-        else:
-            smt_idx = SymbolicInt._coerce_to_smt_sort(idx)
-            if space.smt_fork(smt_idx >= 0):  # type: ignore
-                return smt_idx
-            else:
-                return smt_len + smt_idx
+    bounded_len: SymbolicBoundedInt,
+) -> Union[int, Tuple[int, int]]:
+    def normalize_symbolic_index(idx: int) -> int:
+        return idx if idx >= 0 else (bounded_len + idx)
 
     if isinstance(i, Integral):
-        smt_i = SymbolicInt._coerce_to_smt_sort(i)
-        if space.smt_fork(z3.Or(smt_i >= smt_len, smt_i < -smt_len)):
+        if any([i >= bounded_len, i < -bounded_len]):
             raise IndexError
         return normalize_symbolic_index(i)
     elif isinstance(i, slice):
@@ -1700,17 +2118,12 @@ def flip_slice_vs_symbolic_len(
                 raise TypeError(
                     "slice indices must be integers or None or have an __index__ method"
                 )
-        if step is not None:
-            with ResumedTracing():  # Resume tracing for symbolic equality comparison:
-                if step != 1:
-                    # TODO: do more with slices and steps
-                    raise CrosshairUnsupported("slice steps not handled")
         if i.start is None:
-            start = z3IntVal(0)
+            start = 0
         else:
             start = normalize_symbolic_index(start)
         if i.stop is None:
-            stop = smt_len
+            stop = bounded_len
         else:
             stop = normalize_symbolic_index(stop)
         return (start, stop)
@@ -1718,32 +2131,30 @@ def flip_slice_vs_symbolic_len(
         raise TypeError("indices must be integers or slices, not " + str(type(i)))
 
 
-def clip_range_to_symbolic_len(
-    space: StateSpace,
-    start: z3.ExprRef,
-    stop: z3.ExprRef,
-    smt_len: z3.ExprRef,
-) -> Tuple[z3.ExprRef, z3.ExprRef]:
-    if space.smt_fork(start < 0):
-        start = z3IntVal(0)
-    elif space.smt_fork(smt_len < start):
-        start = smt_len
-    if space.smt_fork(stop < 0):
-        stop = z3IntVal(0)
-    elif space.smt_fork(smt_len < stop):
-        stop = smt_len
+def clip_range_to_bounded_len(
+    start: int,
+    stop: int,
+    bounded_len: SymbolicBoundedInt,
+) -> Tuple[int, int]:
+    if start < 0:
+        start = 0
+    elif bounded_len < start:
+        start = bounded_len  # type: ignore
+    if stop < 0:
+        stop = 0
+    elif bounded_len < stop:
+        stop = bounded_len  # type: ignore
     return (start, stop)
 
 
-def process_slice_vs_symbolic_len(
-    space: StateSpace,
+def process_slice_vs_bounded_len(
     i: Union[int, slice],
-    smt_len: z3.ExprRef,
-) -> Union[z3.ExprRef, Tuple[z3.ExprRef, z3.ExprRef]]:
-    ret = flip_slice_vs_symbolic_len(space, i, smt_len)
+    bounded_len: SymbolicBoundedInt,
+) -> Union[int, Tuple[int, int]]:
+    ret = flip_slice_vs_bounded_len(i, bounded_len)
     if isinstance(ret, tuple):
         (start, stop) = ret
-        return clip_range_to_symbolic_len(space, start, stop, smt_len)
+        return clip_range_to_bounded_len(start, stop, bounded_len)
     return ret
 
 
@@ -1788,17 +2199,17 @@ class SymbolicArrayBasedUniformTuple(SymbolicSequence):
             assert len(smtvar) == 2
 
         self.val_pytype = normalize_pytype(type_arg_of(typ, 0))
-        ch_types = crosshair_types_for_python_type(self.val_pytype)
-        if ch_types:
-            self.ch_item_type: Optional[Type[AtomicSymbolicValue]] = ch_types[0]
+        space = context_statespace()
+        val_ch_type = space.extra(ModelingDirector).get(self.val_pytype)
+        if val_ch_type:
+            self.ch_item_type: Optional[Type[AtomicSymbolicValue]] = val_ch_type
             self.item_smt_sort = self.ch_item_type._ch_smt_sort()
         else:
             self.ch_item_type = None
             self.item_smt_sort = HeapRef
 
         SymbolicValue.__init__(self, smtvar, typ)
-        len_var = self._len()
-        context_statespace().add(len_var >= 0)
+        self._len_int = SymbolicBoundedInt(self._len(), int, minimum=0)
 
     def __init_var__(self, typ, varname):
         assert typ == self.python_type
@@ -1816,12 +2227,10 @@ class SymbolicArrayBasedUniformTuple(SymbolicSequence):
         return self.var[1]
 
     def __len__(self):
-        with NoTracing():
-            return SymbolicInt(self._len())
+        return self._len_int
 
     def __bool__(self) -> bool:
-        with NoTracing():
-            return SymbolicBool(self._len() != 0).__bool__()
+        return self._len_int > 0
 
     def __eq__(self, other):
         with NoTracing():
@@ -1851,9 +2260,10 @@ class SymbolicArrayBasedUniformTuple(SymbolicSequence):
     def __iter__(self):
         with NoTracing():
             space = context_statespace()
-            arr_var, len_var = self.var
+            arr_var, _ = self.var
+            len_int = self._len_int
             idx = 0
-            while space.smt_fork(idx < len_var):
+            while idx < len_int:
                 val = smt_to_ch_value(
                     space, self.snapshot, z3.Select(arr_var, idx), self.val_pytype
                 )
@@ -1904,16 +2314,14 @@ class SymbolicArrayBasedUniformTuple(SymbolicSequence):
                 and i.step is None
             ):
                 return self
-            idx_or_pair = process_slice_vs_symbolic_len(space, i, self._len())
+            with ResumedTracing():
+                idx_or_pair = process_slice_vs_bounded_len(i, self._len_int)
             if isinstance(idx_or_pair, tuple):
                 (start, stop) = idx_or_pair
-                (myarr, mylen) = self.var
-                start = SymbolicInt(start)
-                stop = SymbolicInt(smt_min(mylen, smt_coerce(stop)))
                 with ResumedTracing():
                     return SliceView.slice(self, start, stop)
             else:
-                smt_result = z3.Select(self._arr(), idx_or_pair)
+                smt_result = z3.Select(self._arr(), smt_coerce(idx_or_pair))
                 return smt_to_ch_value(
                     space, self.snapshot, smt_result, self.val_pytype
                 )
@@ -2007,7 +2415,7 @@ class SymbolicRange:
             return False
         if len(self) != len(other):
             return False
-        for (v1, v2) in zip(self, other):
+        for v1, v2 in zip(self, other):
             if v1 != v2:
                 return False
         return True
@@ -2072,6 +2480,11 @@ class SymbolicList(
     def _spawn(self, items: Sequence) -> "ShellMutableSequence":
         return SymbolicList(items)
 
+    def __eq__(self, other):
+        if not isinstance(other, list):
+            return False
+        return ShellMutableSequence.__eq__(self, other)
+
     def __lt__(self, other):
         if not isinstance(other, (list, SymbolicList)):
             raise TypeError
@@ -2097,6 +2510,10 @@ class SymbolicType(AtomicSymbolicValue, SymbolicValue, Untracable):
             # no paramaterized types allowed, e.g. SymbolicType("t", Type[List[int]])
             assert not hasattr(captype, "__args__")
             self.pytype_cap = origin_of(captype)
+            if isinstance(self.pytype_cap, CrossHairValue):
+                raise CrossHairInternal(
+                    "Cannot create symbolic type capped at a symbolic type"
+                )
         assert isinstance(self.pytype_cap, (type, ABCMeta))
         type_repo = space.extra(SymbolicTypeRepository)
         smt_cap = type_repo.get_type(self.pytype_cap)
@@ -2115,13 +2532,13 @@ class SymbolicType(AtomicSymbolicValue, SymbolicValue, Untracable):
         return type
 
     @classmethod
-    def _smt_promote_literal(cls, literal) -> Optional[z3.SortRef]:
+    def _smt_promote_literal(cls, literal) -> Optional[z3.ExprRef]:
         if isinstance(literal, type):
             return context_statespace().extra(SymbolicTypeRepository).get_type(literal)
         return None
 
+    @assert_tracing(False)
     def _is_superclass_of_(self, other):
-        assert not is_tracing()
         if self is SymbolicType:
             return False
         if type(other) is SymbolicType:
@@ -2224,23 +2641,24 @@ class SymbolicType(AtomicSymbolicValue, SymbolicValue, Untracable):
         return hash(self._realized())
 
 
+@assert_tracing(True)
 def symbolic_obj_binop(symbolic_obj: "SymbolicObject", other, op):
     other_type = type(other)
     with NoTracing():
         mytype = symbolic_obj._typ
-
-        # This just encourages a useful type realization; we discard the result:
-        other_smt_type = SymbolicType._coerce_to_smt_sort(other_type)
-        if other_smt_type is not None:
-            space = context_statespace()
-            space.smt_fork(z3Eq(mytype.var, other_smt_type), probability_true=0.9)
-
-        # The following call then lowers the type cap.
-        # TODO: This does more work than is really needed. But it might be good for
-        # subclass realizations. We want the equality check above mostly because
-        # `object`` realizes to int|str and we don't want to spend lots of time
-        # considering (usually enum-based) int and str subclasses.
-        mytype._is_subclass_of_(other_type)
+        if isinstance(mytype, SymbolicType):
+            # This just encourages a useful type realization; we discard the result:
+            other_smt_type = SymbolicType._coerce_to_smt_sort(other_type)
+            if other_smt_type is not None:
+                space = context_statespace()
+                space.smt_fork(z3Eq(mytype.var, other_smt_type), probability_true=0.9)
+
+            # The following call then lowers the type cap.
+            # TODO: This does more work than is really needed. But it might be good for
+            # subclass realizations. We want the equality check above mostly because
+            # `object`` realizes to int|str and we don't want to spend lots of time
+            # considering (usually enum-based) int and str subclasses.
+            mytype._is_subclass_of_(other_type)
         obj_with_known_type = symbolic_obj._wrapped()
     return op(obj_with_known_type, other)
 
@@ -2254,31 +2672,30 @@ class SymbolicObject(ObjectProxy, CrossHairValue, Untracable):
     members can be.
     """
 
+    @assert_tracing(False)
     def __init__(self, smtvar: str, typ: Type):
+        if not isinstance(typ, type):
+            raise CrossHairInternal(f"Creating SymbolicObject with non-type {typ}")
+        if isinstance(typ, CrossHairValue):
+            raise CrossHairInternal(f"Creating SymbolicObject with symbolic type {typ}")
         object.__setattr__(self, "_typ", SymbolicType(smtvar + "_type", Type[typ]))
         object.__setattr__(self, "_space", context_statespace())
         object.__setattr__(self, "_varname", smtvar)
 
+    @assert_tracing(False)
     def _realize(self):
         object.__getattribute__(self, "_space")
         varname = object.__getattribute__(self, "_varname")
 
-        typ = object.__getattribute__(self, "_typ")
-        pytype = realize(typ)
-        debug("materializing the type of symbolic", varname, "to be", pytype)
+        pytype = realize(object.__getattribute__(self, "_typ"))
+        debug(
+            "materializing the type of symbolic", varname, "to be", pytype, ch_stack()
+        )
+        object.__setattr__(self, "_typ", pytype)
         if pytype is object:
             return object()
         return proxy_for_type(pytype, varname, allow_subtypes=False)
 
-    def _wrapped(self):
-        with NoTracing():
-            try:
-                inner = object.__getattribute__(self, "_inner")
-            except AttributeError:
-                inner = self._realize()
-                object.__setattr__(self, "_inner", inner)
-            return inner
-
     def __ch_realize__(self):
         return realize(self._wrapped())
 
@@ -2290,6 +2707,8 @@ class SymbolicObject(ObjectProxy, CrossHairValue, Untracable):
             # That's usually bad for LazyObjects, which want to defer their
             # realization, so we simply don't do mutation checking for these
             # kinds of values right now.
+            # TODO: we should do something else here; realizing the type doesn't
+            # seem THAT terrible?
             result = self
         else:
             result = copy.deepcopy(inner)
@@ -2334,10 +2753,25 @@ class SymbolicCallable:
     __annotations__: dict = {}
 
     def __init__(self, values: list):
+        """
+        A function that will ignore its arguments and produce return values
+        from the list given.
+        If the given list is exhausted, the function will just repeatedly
+        return the final value in the list.
+
+        If `values` is concrete, it must be non-mepty.
+        If `values` is a symbolic list, it will be forced to be non-empty
+        (the caller must enure that's possible).
+        """
         assert not is_tracing()
         with ResumedTracing():
-            if not values:
-                raise IgnoreAttempt
+            has_values = len(values) > 0
+        if isinstance(values, CrossHairValue):
+            space = context_statespace()
+            assert space.is_possible(has_values)
+            space.add(has_values)
+        else:
+            assert has_values
         self.values = values
         self.idx = 0
 
@@ -2361,6 +2795,7 @@ class SymbolicCallable:
         if idx >= len(values):
             return values[-1]
         else:
+            self.idx += 1
             return values[idx]
 
     def __bool__(self):
@@ -2383,33 +2818,49 @@ class SymbolicUniformTuple(
     def __hash__(self):
         return tuple(self).__hash__()
 
-
-_SMTSTR_Z3_SORT = z3.SeqSort(z3.IntSort())
+    def __eq__(self, other):
+        if not isinstance(other, tuple):
+            return False
+        return SymbolicArrayBasedUniformTuple.__eq__(self, other)
 
 
 class SymbolicBoundedIntTuple(collections.abc.Sequence):
     def __init__(self, ranges: List[Tuple[int, int]], varname: str):
         assert not is_tracing()
+        assert ranges
         self._ranges = ranges
-        space = context_statespace()
-        smtlen = z3.Int(varname + "len" + space.uniq())
-        space.add(smtlen >= 0)
         self._varname = varname
-        self._len = SymbolicInt(smtlen)
+        self._len = SymbolicBoundedInt(varname + "len", int, 0, None)
         self._created_vars: List[SymbolicInt] = []
 
+    def __ch_deep_realize__(self, memo):
+        # Right now, SymbolicBoundedIntTuple falls short of being a CrossHairValue,
+        # but it happens to be handy to have it realize like one would.
+        concrete_size = realize(self._len)
+        self._create_up_to(concrete_size)
+        return tuple(realize(v) for v in self._created_vars[:concrete_size])
+
     def _create_up_to(self, size: int) -> None:
         space = context_statespace()
         created_vars = self._created_vars
+        ranges = self._ranges
         for idx in range(len(created_vars), size):
             assert idx == len(created_vars)
-            smtval = z3.Int(self._varname + "@" + str(idx))
-            constraints = [
-                z3And(minval <= smtval, smtval <= maxval)
-                for minval, maxval in self._ranges
-            ]
-            space.add(constraints[0] if len(constraints) == 1 else z3Or(*constraints))
-            created_vars.append(SymbolicInt(smtval))
+            varname = self._varname + "@" + str(idx)
+            if len(ranges) <= 1:
+                created_vars.append(SymbolicBoundedInt(varname, int, *ranges[0]))
+            else:
+                smtval = z3.Int(varname)
+                constraints = [
+                    z3And(minval <= smtval, smtval <= maxval)
+                    for minval, maxval in ranges
+                ]
+                space.add(z3Or(*constraints))
+                global_min = min(start for start, _ in ranges)
+                global_max = max(end for _, end in ranges)
+                created_vars.append(
+                    SymbolicBoundedInt(smtval, int, global_min, global_max)
+                )
             if idx % 1_000 == 999:
                 space.check_timeout()
 
@@ -2417,8 +2868,7 @@ class SymbolicBoundedIntTuple(collections.abc.Sequence):
         return self._len
 
     def __bool__(self) -> bool:
-        with NoTracing():
-            return SymbolicBool(self._len.var == 0).__bool__()
+        return self._len.var > 0
 
     def __eq__(self, other):
         if self is other:
@@ -2431,7 +2881,7 @@ class SymbolicBoundedIntTuple(collections.abc.Sequence):
         with NoTracing():
             self._create_up_to(realize(otherlen))
             constraints = []
-            for (int1, int2) in zip(self._created_vars, tracing_iter(other)):
+            for int1, int2 in zip(self._created_vars, tracing_iter(other)):
                 smtint2 = force_to_smt_sort(int2, SymbolicInt)
                 constraints.append(int1.var == smtint2)
             return SymbolicBool(z3.And(*constraints))
@@ -2441,17 +2891,18 @@ class SymbolicBoundedIntTuple(collections.abc.Sequence):
 
     def __iter__(self):
         with NoTracing():
-            my_smt_len = self._len.var
+            my_len = self._len
             created_vars = self._created_vars
-            space = context_statespace()
-            idx = -1
-        while True:
-            with NoTracing():
+            idx = 0
+            while True:
+                needed_size = idx + 1
+                with ResumedTracing():
+                    if not (idx < my_len):
+                        return
+                self._create_up_to(needed_size)
+                with ResumedTracing():
+                    yield created_vars[idx]
                 idx += 1
-                if not space.smt_fork(idx < my_smt_len):
-                    return
-                self._create_up_to(idx + 1)
-            yield created_vars[idx]
 
     def __add__(self, other: object):
         if isinstance(other, collections.abc.Sequence):
@@ -2558,7 +3009,7 @@ class AnySymbolicStr(AbcString):
             raise TypeError
         if self == other:
             return True if op in (ops.le, ops.ge) else False
-        for (mych, otherch) in zip_longest(iter(self), iter(other)):
+        for mych, otherch in zip_longest(iter(self), iter(other)):
             if mych == otherch:
                 continue
             if mych is None:
@@ -2588,7 +3039,7 @@ class AnySymbolicStr(AbcString):
     def capitalize(self):
         if self.__len__() == 0:
             return ""
-        if sys.version_info >= (3, 8):
+        if version_info >= (3, 8):
             firstchar = self[0].title()
         else:
             firstchar = self[0].upper()
@@ -2820,19 +3271,19 @@ class AnySymbolicStr(AbcString):
 
         else:
             raise TypeError
-        for (idx, ch) in enumerate(self):
+        for idx, ch in enumerate(self):
             if not filter(ch):
                 return self[idx:]
         return ""
 
     def splitlines(self, keepends=False):
-        if sys.version_info < (3, 12):
+        if version_info < (3, 12):
             if not isinstance(keepends, int):
                 raise TypeError
         mylen = self.__len__()
         if mylen == 0:
             return []
-        for (idx, ch) in enumerate(self):
+        for idx, ch in enumerate(self):
             codepoint = ord(ch)
             with NoTracing():
                 space = context_statespace()
@@ -3070,6 +3521,26 @@ class AnySymbolicStr(AbcString):
             return "0" * fill_length + self
 
 
+def _unfindable_range(start: Optional[int], end: Optional[int], mylen: int) -> bool:
+    """
+    Emulates some preliminary checks that CPython makes before searching
+    for substrings within some bounds. (in e.g. str.find, str.startswith, etc)
+    """
+    if start is None or start == 0 or start <= -mylen:
+        return False
+
+    # At this point, we know that `start` is defined and points to an index after 0
+    if end is None or end >= mylen:
+        return start > mylen
+
+    # At this point, we know that `end` is defined and points to an index before the end of the string
+    if start < 0:
+        start += mylen
+    if end < 0:
+        end += mylen
+    return end < start
+
+
 class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
     """
     A symbolic string that lazily generates SymbolicInt-based characters as needed.
@@ -3091,25 +3562,24 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
                 SymbolicBoundedIntTuple,
                 SliceView,
                 SequenceConcatenation,
-                list,
-                SymbolicList,
+                list,  # TODO: are we sharing mutable state here?
+                tuple,
             ),
         ):
             self._codepoints = smtvar
+        elif isinstance(smtvar, SymbolicList):
+            self._codepoints = smtvar.inner  # use the (immutable) contents
         else:
-            raise CrosshairInternal(
+            raise CrossHairInternal(
                 f"Unexpected LazyIntSymbolicStr initializer of type {type(smtvar)}"
             )
 
     def __ch_realize__(self) -> object:
-        with ResumedTracing():
-            codepoints = tuple(self._codepoints)
-        return "".join(chr(realize(x)) for x in codepoints)
+        codepoints = deep_realize(self._codepoints)
+        return "".join(map(chr, codepoints))
 
-    # This is normally an AtomicSymbolicValue method, but sometimes it's used in a
-    # duck-typing way.
     @classmethod
-    def _smt_promote_literal(cls, val: object) -> Optional[z3.SortRef]:
+    def _ch_create_from_literal(cls, val: object) -> Optional[CrossHairValue]:
         if isinstance(val, str):
             return LazyIntSymbolicStr(list(map(ord, val)))
         return None
@@ -3136,10 +3606,6 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
                 otherpoints = [ord(ch) for ch in other]
                 with ResumedTracing():
                     return mypoints.__eq__(otherpoints)
-            elif isinstance(other, SeqBasedSymbolicStr):
-                with ResumedTracing():
-                    otherpoints = [ord(ch) for ch in other]
-                    return mypoints.__eq__(otherpoints)
             else:
                 return NotImplemented
 
@@ -3147,6 +3613,10 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
         with NoTracing():
             if not isinstance(i, (Integral, slice)):
                 raise TypeError(type(i))
+            # This could/should? be symbolic by naming all the possibilities.
+            # Note the slice case still must realize the return length.
+            # Especially because we no longer explore realization trees except
+            # as a last resort.
             i = deep_realize(i)
             with ResumedTracing():
                 newcontents = self._codepoints[i]
@@ -3227,11 +3697,15 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
             return any(self.endswith(s, start, end) for s in substr)
         if not isinstance(substr, str):
             raise TypeError
+        substrlen = len(substr)
         if start is None and end is None:
             matchable = self
         else:
             matchable = self[start:end]
-        return matchable[-len(substr) :] == substr
+        if substrlen == 0:
+            return not _unfindable_range(start, end, len(self))
+        else:
+            return matchable[-substrlen:] == substr
 
     def startswith(self, substr, start=None, end=None):
         if isinstance(substr, tuple):
@@ -3241,6 +3715,10 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
         if start is None and end is None:
             matchable = self
         else:
+            # Wacky special case: the empty string is findable off the left
+            # side but not the right!
+            if _unfindable_range(start, end, len(self)):
+                return False
             matchable = self[start:end]
         return matchable[: len(substr)] == substr
 
@@ -3281,7 +3759,7 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
             end += mylen
         matchstr = self[start:end] if start != 0 or end is not mylen else self
         if len(substr) == 0:
-            # Add oddity of CPython. We can find the empty string when over-slicing
+            # An oddity of CPython. We can find the empty string when over-slicing
             # off the left side of the string, but not off the right:
             # ''.find('', 3, 4) == -1
             # ''.find('', -4, -3) == 0
@@ -3308,257 +3786,6 @@ class LazyIntSymbolicStr(AnySymbolicStr, CrossHairValue):
         return self._find(substr, start, end, from_right=True)
 
 
-class SeqBasedSymbolicStr(AtomicSymbolicValue, SymbolicSequence, AnySymbolicStr):
-    def __init__(self, smtvar: Union[str, z3.ExprRef], typ: Type = str):
-        assert typ == str
-        SymbolicValue.__init__(self, smtvar, typ)
-        self.item_pytype = str
-        if isinstance(smtvar, str):
-            # Constrain fresh strings to valid codepoints
-            space = context_statespace()
-            idxvar = z3.Int("idxvar" + space.uniq())
-            z3seq = self.var
-            space.add(
-                z3.ForAll(
-                    [idxvar], z3.And(0 <= z3seq[idxvar], z3seq[idxvar] <= maxunicode)
-                )
-            )
-
-    @classmethod
-    def _ch_smt_sort(cls) -> z3.SortRef:
-        return _SMTSTR_Z3_SORT
-
-    @classmethod
-    def _pytype(cls) -> Type:
-        return str
-
-    @classmethod
-    def _smt_promote_literal(cls, literal) -> Optional[z3.SortRef]:
-        if isinstance(literal, str):
-            if len(literal) <= 1:
-                if len(literal) == 0:
-                    return z3.Empty(_SMTSTR_Z3_SORT)
-                return z3.Unit(z3IntVal(ord(literal)))
-            return z3.Concat([z3.Unit(z3IntVal(ord(ch))) for ch in literal])
-        return None
-
-    def __ch_realize__(self) -> object:
-        codepoints = context_statespace().find_model_value(self.var)
-        return "".join(chr(x) for x in codepoints)
-
-    def __copy__(self):
-        return SeqBasedSymbolicStr(self.var)
-
-    def __hash__(self):
-        return hash(self.__str__())
-
-    @staticmethod
-    def _concat_strings(
-        a: Union[str, "SeqBasedSymbolicStr"], b: Union[str, "SeqBasedSymbolicStr"]
-    ) -> Union[str, "SeqBasedSymbolicStr"]:
-        assert not is_tracing()
-        # Assumes at least one argument is symbolic and not tracing
-        if isinstance(a, SeqBasedSymbolicStr) and isinstance(b, SeqBasedSymbolicStr):
-            return SeqBasedSymbolicStr(a.var + b.var)
-        elif isinstance(a, str) and isinstance(b, SeqBasedSymbolicStr):
-            return SeqBasedSymbolicStr(
-                SeqBasedSymbolicStr._coerce_to_smt_sort(a) + b.var
-            )
-        else:
-            assert isinstance(a, SeqBasedSymbolicStr)
-            assert isinstance(b, str)
-            return SeqBasedSymbolicStr(
-                a.var + SeqBasedSymbolicStr._coerce_to_smt_sort(b)
-            )
-
-    def __add__(self, other):
-        with NoTracing():
-            if isinstance(other, (SeqBasedSymbolicStr, str)):
-                return SeqBasedSymbolicStr._concat_strings(self, other)
-            if isinstance(other, AnySymbolicStr):
-                return NotImplemented
-            raise TypeError
-
-    def __radd__(self, other):
-        with NoTracing():
-            if isinstance(other, (SeqBasedSymbolicStr, str)):
-                return SeqBasedSymbolicStr._concat_strings(other, self)
-            if isinstance(other, AnySymbolicStr):
-                return NotImplemented
-            raise TypeError
-
-    def __mul__(self, other):
-        if isinstance(other, Integral):
-            if other <= 1:
-                return self if other == 1 else ""
-            # Note that in SymbolicInt, we attempt string multiplication via regex.
-            # Z3 cannot do much with a symbolic regex, so we case-split on
-            # the repetition count.
-            return SeqBasedSymbolicStr(z3.Concat(*[self.var for _ in range(other)]))
-        return NotImplemented
-
-    __rmul__ = __mul__
-
-    def __mod__(self, other):
-        return self.__str__() % realize(other)
-
-    def __contains__(self, other):
-        with NoTracing():
-            forced = force_to_smt_sort(other, SeqBasedSymbolicStr)
-            return SymbolicBool(z3.Contains(self.var, forced))
-
-    def __getitem__(self, i: Union[int, slice]):
-        with NoTracing():
-            idx_or_pair = process_slice_vs_symbolic_len(
-                context_statespace(), i, z3.Length(self.var)
-            )
-            if isinstance(idx_or_pair, tuple):
-                (start, stop) = idx_or_pair
-                smt_result = z3.Extract(self.var, start, stop - start)
-            else:
-                smt_result = z3.Unit(self.var[idx_or_pair])
-            return SeqBasedSymbolicStr(smt_result)
-
-    def endswith(self, substr):
-        with NoTracing():
-            smt_substr = force_to_smt_sort(substr, SeqBasedSymbolicStr)
-            return SymbolicBool(z3.SuffixOf(smt_substr, self.var))
-
-    def find(self, substr, start=None, end=None):
-        if not isinstance(substr, str):
-            raise TypeError
-        with NoTracing():
-            space = context_statespace()
-            smt_my_len = z3.Length(self.var)
-            if start is None and end is None:
-                smt_start = z3IntVal(0)
-                smt_end = smt_my_len
-                smt_str = self.var
-                if len(substr) == 0:
-                    return 0
-            else:
-                (smt_start, smt_end) = flip_slice_vs_symbolic_len(
-                    space, slice(start, end, None), smt_my_len
-                )
-                if len(substr) == 0:
-                    # Add oddity of CPython. We can find the empty string when over-slicing
-                    # off the left side of the string, but not off the right:
-                    # ''.find('', 3, 4) == -1
-                    # ''.find('', -4, -3) == 0
-                    if space.smt_fork(smt_start > smt_my_len):
-                        return -1
-                    elif space.smt_fork(smt_start > 0):
-                        return SymbolicInt(smt_start)
-                    else:
-                        return 0
-                (smt_start, smt_end) = clip_range_to_symbolic_len(
-                    space, smt_start, smt_end, smt_my_len
-                )
-                smt_str = z3.SubString(self.var, smt_start, smt_end - smt_start)
-
-            smt_sub = force_to_smt_sort(substr, SeqBasedSymbolicStr)
-            if space.smt_fork(z3.Contains(smt_str, smt_sub)):
-                return SymbolicInt(z3.IndexOf(smt_str, smt_sub, 0) + smt_start)
-            else:
-                return -1
-
-    def partition(self, sep: str):
-        if not isinstance(sep, str):
-            raise TypeError
-        if len(sep) == 0:
-            raise ValueError
-        with NoTracing():
-            space = context_statespace()
-            smt_str = self.var
-            smt_sep = force_to_smt_sort(sep, SeqBasedSymbolicStr)
-            if space.smt_fork(z3.Contains(smt_str, smt_sep)):
-                uniq = space.uniq()
-                # Divide my contents into 4 concatenated parts:
-                prefix = SeqBasedSymbolicStr(f"prefix{uniq}")
-                match1 = SeqBasedSymbolicStr(
-                    f"match1{uniq}"
-                )  # the first character of the match
-                match_tail = SeqBasedSymbolicStr(f"match_tail{uniq}")
-                suffix = SeqBasedSymbolicStr(f"suffix{uniq}")
-                space.add(z3.Length(match1.var) == 1)
-                space.add(smt_sep == z3.Concat(match1.var, match_tail.var))
-                space.add(smt_str == z3.Concat(prefix.var, smt_sep, suffix.var))
-                space.add(
-                    z3.Not(z3.Contains(z3.Concat(match_tail.var, suffix.var), smt_sep))
-                )
-                return (prefix, sep, suffix)
-            else:
-                return (self, "", "")
-
-    def rfind(self, substr, start=None, end=None) -> Union[int, SymbolicInt]:
-        if not isinstance(substr, str):
-            raise TypeError
-        with NoTracing():
-            space = context_statespace()
-            smt_my_len = z3.Length(self.var)
-            if start is None and end is None:
-                smt_start = z3IntVal(0)
-                smt_end = smt_my_len
-                smt_str = self.var
-                if len(substr) == 0:
-                    return SymbolicInt(smt_my_len)
-            else:
-                (smt_start, smt_end) = flip_slice_vs_symbolic_len(
-                    space, slice(start, end, None), smt_my_len
-                )
-                if len(substr) == 0:
-                    # Add oddity of CPython. We can find the empty string when over-slicing
-                    # off the left side of the string, but not off the right:
-                    # ''.find('', 3, 4) == -1
-                    # ''.find('', -4, -3) == 0
-                    if space.smt_fork(smt_start > smt_my_len):
-                        return -1
-                    elif space.smt_fork(smt_end < 0):
-                        return 0
-                    elif space.smt_fork(smt_end < smt_my_len):
-                        return SymbolicInt(smt_end)
-                    else:
-                        return SymbolicInt(smt_my_len)
-                (smt_start, smt_end) = clip_range_to_symbolic_len(
-                    space, smt_start, smt_end, smt_my_len
-                )
-                smt_str = z3.SubString(self.var, smt_start, smt_end - smt_start)
-            smt_sub = force_to_smt_sort(substr, SeqBasedSymbolicStr)
-            if space.smt_fork(z3.Contains(smt_str, smt_sub)):
-                uniq = space.uniq()
-                # Divide my contents into 4 concatenated parts:
-                prefix = SeqBasedSymbolicStr(f"prefix{uniq}")
-                match1 = SeqBasedSymbolicStr(f"match1{uniq}")
-                match_tail = SeqBasedSymbolicStr(f"match_tail{uniq}")
-                suffix = SeqBasedSymbolicStr(f"suffix{uniq}")
-                space.add(z3.Length(match1.var) == 1)
-                space.add(smt_sub == z3.Concat(match1.var, match_tail.var))
-                space.add(smt_str == z3.Concat(prefix.var, smt_sub, suffix.var))
-                space.add(
-                    z3.Not(z3.Contains(z3.Concat(match_tail.var, suffix.var), smt_sub))
-                )
-                return SymbolicInt(smt_start + z3.Length(prefix.var))
-            else:
-                return -1
-
-    def rpartition(self, sep: str):
-        result = self.rsplit(sep, maxsplit=1)
-        if len(result) == 1:
-            return ("", "", self)
-        elif len(result) == 2:
-            return (result[0], sep, result[1])
-
-    def startswith(self, substr, start=None, end=None):
-        if isinstance(substr, tuple):
-            return any(self.startswith(s, start, end) for s in substr)
-        smt_substr = force_to_smt_sort(substr, SeqBasedSymbolicStr)
-        if start is not None or end is not None:
-            # TODO: "".startswith("", 1) should be False, not True
-            return self[start:end].startswith(substr)
-        with NoTracing():
-            return SymbolicBool(z3.PrefixOf(smt_substr, self.var))
-
-
 def buffer_to_byte_seq(obj: object) -> Optional[Sequence[int]]:
     if isinstance(obj, (bytes, bytearray)):
         return list(obj)
@@ -3620,9 +3847,7 @@ def is_ascii_space_ord(char_ord: int):
     )
 
 
-# TODO: in python >= 3.12, use collections.abc.Buffer instead
-# of collections.abc.ByteString (here and elsewhere)
-class BytesLike(collections.abc.ByteString, AbcString, CrossHairValue):
+class BytesLike(Buffer, AbcString, CrossHairValue):
     def __eq__(self, other) -> bool:
         if not isinstance(other, _ALL_BYTES_TYPES):
             return False
@@ -3630,6 +3855,12 @@ class BytesLike(collections.abc.ByteString, AbcString, CrossHairValue):
             return False
         return list(self) == list(other)
 
+    if version_info >= (3, 12):
+
+        def __buffer__(self, flags: int):
+            with NoTracing():
+                return memoryview(realize(self))
+
     def _cmp_op(self, other, op) -> bool:
         # Surprisingly, none of (bytes, memoryview, array) are ordered-comparable with
         # the other types.
@@ -3703,7 +3934,6 @@ class BytesLike(collections.abc.ByteString, AbcString, CrossHairValue):
                 chars.append(sep)
             low = make_hex_digit(byt)
             high = make_hex_digit(byt // 16)
-            debug("loiw", low, "high", high)
             chars.append(chr(high))
             chars.append(chr(low))
         # TODO: optimize by creating a LazyIntSymbolicStr directly
@@ -3732,6 +3962,9 @@ class SymbolicBytes(BytesLike):
     def __ch_pytype__(self):
         return bytes
 
+    def __hash__(self):
+        return deep_realize(self).__hash__()
+
     def __repr__(self):
         # TODO: implement this preserving symbolics. These are the cases:
         # [9]: "\t"
@@ -3782,7 +4015,10 @@ class SymbolicBytes(BytesLike):
         accumulated = []
         high = None
         if not isinstance(hexstr, str):
-            raise TypeError
+            if is_bytes_like(hexstr) and version_info >= (3, 14):
+                hexstr = LazyIntSymbolicStr(tuple(hexstr))
+            else:
+                raise TypeError
         for idx, ch in enumerate(hexstr):
             if not ch.isascii():
                 raise ValueError(
@@ -3870,7 +4106,7 @@ class SymbolicByteArray(BytesLike, ShellMutableSequence):  # type: ignore
 
 
 class SymbolicMemoryView(BytesLike):
-    format = "B"
+    format = "B"  # type: ignore
     itemsize = 1
     ndim = 1
     strides = (1,)
@@ -3883,11 +4119,12 @@ class SymbolicMemoryView(BytesLike):
         assert not is_tracing()
         if not isinstance(obj, (_ALL_BYTES_TYPES, BytesLike)):
             raise TypeError
-        objlen = obj.__len__()
+        with ResumedTracing():
+            objlen = len(obj)
+            self.readonly = isinstance(obj, bytes)
         self.obj = obj
         self.nbytes = objlen
         self.shape = (objlen,)
-        self.readonly = isinstance(obj, bytes)
         self._sliced = SliceView(obj, 0, objlen)
 
     def __ch_realize__(self):
@@ -3896,6 +4133,12 @@ class SymbolicMemoryView(BytesLike):
         self.obj = obj
         return memoryview(realize(obj))[realize(start) : realize(stop)]
 
+    def __ch_deep_realize__(self, memo):
+        sliced = self._sliced
+        obj, start, stop = self.obj, sliced.start, sliced.stop
+        self.obj = obj
+        return memoryview(deep_realize(obj, memo))[realize(start) : realize(stop)]
+
     def __ch_pytype__(self):
         return memoryview
 
@@ -3972,22 +4215,15 @@ class SymbolicMemoryView(BytesLike):
         return realize(self).cast(*map(realize, a))
 
 
-_CACHED_TYPE_ENUMS: Dict[FrozenSet[type], z3.SortRef] = {}
-
-
 _PYTYPE_TO_WRAPPER_TYPE = {
     # These are mappings for AtomicSymbolic values - values that we directly represent
     # as single z3 values.
-    bool: (SymbolicBool,),
-    int: (SymbolicInt,),
-    float: (SymbolicFloat,),
-    type: (SymbolicType,),
+    bool: ((SymbolicBool, 1.0),),
+    int: ((SymbolicInt, 1.0),),
+    float: ((RealBasedSymbolicFloat, 0.98), (PreciseIeeeSymbolicFloat, 0.02)),
+    type: ((SymbolicType, 1.0),),
 }
 
-_WRAPPER_TYPE_TO_PYTYPE = dict(
-    (v, k) for (k, vs) in _PYTYPE_TO_WRAPPER_TYPE.items() for v in vs
-)
-
 
 #
 # Symbolic-making helpers
@@ -4004,11 +4240,12 @@ def make_union_choice(creator: SymbolicFactory, *pytypes):
     return creator(pytypes[-1])
 
 
-def make_optional_smt(smt_type):
+def make_concrete_or_symbolic(typ: type):
     def make(creator: SymbolicFactory, *type_args):
+        nonlocal typ
         space = context_statespace()
         varname, pytype = creator.varname, creator.pytype
-        ret = smt_type(creator.varname, pytype)
+        ret = typ(creator.varname, pytype)
 
         premature_stats, symbolic_stats = space.stats_lookahead()
         bad_iters = (
@@ -4052,11 +4289,36 @@ def make_dictionary(creator: SymbolicFactory, key_type=Any, value_type=Any):
     return ShellMutableMap(SymbolicDict(varname, creator.pytype))
 
 
+@assert_tracing(False)
+def make_float(varname: str, pytype: Type):
+    if os.environ.get("CROSSHAIR_ONLY_FINITE_FLOATS") == "1":
+        warnings.warn(
+            "Support for CROSSHAIR_ONLY_FINITE_FLOATS will be removed in CrossHair v0.0.75",
+            FutureWarning,
+        )
+        return RealBasedSymbolicFloat(varname, pytype)
+    space = context_statespace()
+    chosen_typ = space.extra(ModelingDirector).choose(float)
+    if chosen_typ is RealBasedSymbolicFloat:
+        if space.smt_fork(desc=f"{varname}_isfinite", probability_true=0.8):
+            return RealBasedSymbolicFloat(varname, pytype)
+        if space.smt_fork(desc=f"{varname}_isnan", probability_true=0.5):
+            return nan
+        if space.smt_fork(desc=f"{varname}_neginf", probability_true=0.25):
+            return -inf
+        return inf
+    else:
+        return chosen_typ(varname, pytype)
+
+
 def make_tuple(creator: SymbolicFactory, *type_args):
     if not type_args:
         type_args = (object, ...)  # type: ignore
     if len(type_args) == 2 and type_args[1] == ...:
         return SymbolicUniformTuple(creator.varname, creator.pytype)
+    elif len(type_args) == 1 and type_args[0] == ():
+        # In python, the type for the empty tuple is written like Tuple[()]
+        return ()
     else:
         return tuple(
             proxy_for_type(t, creator.varname + "_at_" + str(idx), allow_subtypes=True)
@@ -4197,36 +4459,38 @@ def _chr(i: int) -> Union[str, LazyIntSymbolicStr]:
     return chr(realize(i))
 
 
-def _dict(arg=_MISSING) -> Union[dict, ShellMutableMap]:
-    if optional_context_statespace():
-        if isinstance(arg, dict):
-            return ShellMutableMap(arg)
-        elif arg is _MISSING:
-            return ShellMutableMap(SimpleDict([]))
-        elif not is_iterable(arg):
-            raise TypeError
-        else:
-            keys: List = []
-            key_compares: List = []
-            all_items: List = []
-            for pair in arg:  # NOTE: `arg` can be an iterator; scan only once
-                if len(pair) != 2:
-                    raise ValueError
-                (key, val) = pair
-                if not is_hashable(key):
-                    raise ValueError
-                all_items.append(pair)
-                key_compares.extend(key == k for k in keys)
-                keys.append(key)
-            if not any(key_compares):
-                simpledict = SimpleDict(all_items)
-            else:  # we have one or more key conflicts:
-                simpledict = SimpleDict([])
-                for key, val in reversed(all_items):
-                    if key not in simpledict:
-                        simpledict[key] = val
-            return ShellMutableMap(simpledict)
-    return dict() if arg is _MISSING else dict(arg)
+def _dict(arg=_MISSING, **kwargs) -> Union[dict, ShellMutableMap]:
+    if not optional_context_statespace():
+        newdict: Union[dict, ShellMutableMap] = dict() if arg is _MISSING else dict(arg)
+    if isinstance(arg, Mapping):
+        newdict = ShellMutableMap(SimpleDict(list(arg.items())))
+    elif arg is _MISSING:
+        newdict = ShellMutableMap(SimpleDict([]))
+    elif is_iterable(arg):
+        keys: List = []
+        key_compares: List = []
+        all_items: List = []
+        for pair in arg:  # NOTE: `arg` can be an iterator; scan only once
+            if len(pair) != 2:
+                raise ValueError
+            (key, val) = pair
+            if not is_hashable(key):
+                raise ValueError
+            all_items.append(pair)
+            key_compares.extend(key == k for k in keys)
+            keys.append(key)
+        if not any(key_compares):
+            simpledict = SimpleDict(all_items)
+        else:  # we have one or more key conflicts:
+            simpledict = SimpleDict([])
+            for key, val in reversed(all_items):
+                if key not in simpledict:
+                    simpledict[key] = val
+        newdict = ShellMutableMap(simpledict)
+    else:
+        raise TypeError
+    newdict.update(kwargs)
+    return newdict
 
 
 def _eval(expr: str, _globals=None, _locals=None) -> object:
@@ -4281,26 +4545,39 @@ def _hash(obj: Hashable) -> int:
     return invoke_dunder(obj, "__hash__")
 
 
-def _int(val: object = 0, *a):
+def _int(val: Any = 0, base=_MISSING):
     with NoTracing():
         if isinstance(val, SymbolicInt):
+            if base is not _MISSING:
+                raise TypeError("int() can't convert non-string with explicit base")
             return val
-        if isinstance(val, AnySymbolicStr) and a == ():
+        if isinstance(val, AnySymbolicStr):
             with ResumedTracing():
-                if not val:
-                    return int(realize(val))
+                if base is _MISSING:
+                    base = 10
+                elif not hasattr(base, "__index__"):
+                    raise TypeError(
+                        f"{name_of_type(type(base))} object cannot be interpreted as an integer"
+                    )
+                if any([base < 2, base > 10, not val]):
+                    # TODO: bses 11-36 are allowed, but require parsing the a-z and A-Z ranges.
+                    # TODO: base can be 0, which means to interpret the string as a literal e.g. '0b100'
+                    return int(realize(val), base=realize(base))
                 ret = 0
                 for ch in val:
                     ch_num = ord(ch) - _ORD_OF_ZERO
                     # Use `any()` to collapse symbolc conditions
-                    if any((ch_num < 0, ch_num > 9)):
+                    if any((ch_num < 0, ch_num >= base)):
                         # TODO parse other digits with data from unicodedata.decimal()
                         return int(realize(val))
                     else:
-                        ret = (ret * 10) + ch_num
+                        ret = (ret * base) + ch_num
                 return ret
-        # TODO: add symbolic handling when val is float (if possible)
-        return int(realize(val), *realize(a))
+        elif isinstance(val, CrossHairValue):
+            val = deep_realize(val)
+            base = deep_realize(base)
+
+    return int(val) if base is _MISSING else int(val, base=base)
 
 
 _FLOAT_REGEX = re.compile(
@@ -4347,11 +4624,17 @@ def _float(val=0.0):
                 ret = -ret
             return ret
     elif is_symbolic_int:
-        with NoTracing():
-            return SymbolicFloat(z3.ToReal(val.var))
+        return val.__float__()
     return float(realize(val))
 
 
+def _frozenset(itr=()) -> Union[set, LinearSet]:
+    if isinstance(itr, set):
+        return LinearSet(itr)
+    else:
+        return LinearSet.check_unique_and_create(itr)
+
+
 # Trick the system into believing that symbolic values are
 # native types.
 def _issubclass(subclass, superclass):
@@ -4399,7 +4682,7 @@ def _len(ls):
 def _map(fn, *iters):
     # Wrap the `map` callback in a pure Python lambda.
     # This de-optimization ensures that the callback can be intercepted.
-    return map(lambda x: fn(x), *iters)
+    return map(lambda *a: fn(*a), *iters)
 
 
 def _memoryview(source):
@@ -4415,15 +4698,12 @@ def _ord(c: str) -> int:
     with NoTracing():
         if isinstance(c, LazyIntSymbolicStr):
             return c._codepoints[0]
-        elif isinstance(c, SeqBasedSymbolicStr):
-            space = context_statespace()
-            ret = SymbolicInt("ord" + space.uniq())
-            space.add(c.var == z3.Unit(ret.var))
-            return ret
     return ord(realize(c))
 
 
 def _pow(base, exp, mod=None):
+    # TODO: we should be able to loosen this up a little.
+    # TODO: move this into the __pow__ definitions. (different smt vars will have different needs)
     return pow(realize(base), realize(exp), realize(mod))
 
 
@@ -4445,9 +4725,8 @@ def _repr(obj: object) -> str:
 
 
 def _set(itr=_MISSING) -> Union[set, ShellMutableSet]:
-    if optional_context_statespace():
+    with NoTracing():
         return ShellMutableSet() if itr is _MISSING else ShellMutableSet(itr)
-    return set() if itr is _MISSING else set(itr)
 
 
 def _setattr(obj: object, name: str, value: object) -> None:
@@ -4494,7 +4773,7 @@ def _int_from_bytes(
 ) -> int:
     if byteorder is _MISSING:
         # byteorder defaults to "big" as of 3.11
-        if sys.version_info >= (3, 11):
+        if version_info >= (3, 11):
             byteorder = "big"
         else:
             raise TypeError
@@ -4506,8 +4785,12 @@ def _int_from_bytes(
         little = True
     else:
         raise ValueError
-    if not is_iterable(b):
-        raise TypeError
+    if not isinstance(b, Sized):
+        if is_iterable(b):
+            b = list(b)
+        else:
+            raise TypeError
+
     byteitr: Iterable[int] = reversed(b) if little else b
     val = 0
     invert = None
@@ -4621,12 +4904,23 @@ def _str_join(self, itr) -> str:
     return _join(self, itr, self_type=str, item_type=str)
 
 
-def _bytes_join(self, itr) -> str:
-    return _join(self, itr, self_type=bytes, item_type=collections.abc.ByteString)
+def _str_percent_format(self, other):
+    # Almost nobody uses percent formatting anymore, so it's
+    # probably OK to realize here.
+    # TODO: However, collections.namedtuple still uses percent formatting to
+    # do reprs, so we should consider handling the special case when there
+    # are only "%r" substitutions.
+    if not isinstance(self, str):
+        raise TypeError
+    return self.__mod__(deep_realize(other))
+
+
+def _bytes_join(self, itr) -> bytes:
+    return _join(self, itr, self_type=bytes, item_type=Buffer)
 
 
-def _bytearray_join(self, itr) -> str:
-    return _join(self, itr, self_type=bytearray, item_type=collections.abc.ByteString)
+def _bytearray_join(self, itr) -> bytes:
+    return _join(self, itr, self_type=bytearray, item_type=Buffer)
 
 
 def _str_format(self, *a, **kw) -> Union[AnySymbolicStr, str]:
@@ -4640,14 +4934,17 @@ def _str_format_map(self, map) -> Union[AnySymbolicStr, str]:
 
 
 def _str_startswith(self, substr, start=None, end=None) -> bool:
-    if not isinstance(self, str):
-        raise TypeError
     with NoTracing():
+        if isinstance(self, LazyIntSymbolicStr):
+            with ResumedTracing():
+                return self.startswith(substr, start, end)
+        elif not isinstance(self, str):
+            raise TypeError
         # Handle native values with native implementation:
         if type(substr) is str:
             return self.startswith(substr, start, end)
         if type(substr) is tuple:
-            if all(type(i) is str for i in substr):
+            if all(type(s) is str for s in substr):
                 return self.startswith(substr, start, end)
         symbolic_self = LazyIntSymbolicStr([ord(c) for c in self])
     return symbolic_self.startswith(substr, start, end)
@@ -4693,7 +4990,7 @@ def make_registrations():
 
     register_type(Union, make_union_choice)
 
-    if sys.version_info >= (3, 8):
+    if version_info >= (3, 8):
         from typing import Final
 
         register_type(Final, lambda p, t: p(t))
@@ -4701,17 +4998,18 @@ def make_registrations():
     # Types modeled in the SMT solver:
 
     register_type(NoneType, lambda *a: None)
-    register_type(bool, make_optional_smt(SymbolicBool))
-    register_type(int, make_optional_smt(SymbolicInt))
-    register_type(float, make_optional_smt(SymbolicFloat))
-    register_type(str, make_optional_smt(LazyIntSymbolicStr))
-    register_type(list, make_optional_smt(SymbolicList))
+    register_type(bool, make_concrete_or_symbolic(SymbolicBool))
+    # register_type(int, make_concrete_or_symbolic(SymbolicInt))
+    register_type(int, make_concrete_or_symbolic(SymbolicBoundedInt))
+    register_type(float, make_concrete_or_symbolic(make_float))
+    register_type(str, make_concrete_or_symbolic(LazyIntSymbolicStr))
+    register_type(list, make_concrete_or_symbolic(SymbolicList))
     register_type(dict, make_dictionary)
     register_type(range, make_range)
     register_type(tuple, make_tuple)
     register_type(set, make_set)
-    register_type(frozenset, make_optional_smt(SymbolicFrozenSet))
-    register_type(type, make_optional_smt(SymbolicType))
+    register_type(frozenset, make_concrete_or_symbolic(SymbolicFrozenSet))
+    register_type(type, make_concrete_or_symbolic(SymbolicType))
     register_type(
         collections.abc.Callable,
         lambda p, *t: SymbolicCallable(p(List.__getitem__(t[1] if t else object))),
@@ -4743,8 +5041,8 @@ def make_registrations():
 
     register_type(NamedTuple, lambda p, *t: p(Tuple.__getitem__(tuple(t))))
 
-    register_type(re.Pattern, lambda p, t=None: p(re.compile))  # type: ignore
-    register_type(re.Match, lambda p, t=None: p(re.match))  # type: ignore
+    register_type(re.Pattern, lambda p, t=None: re.compile(realize(p(str))))
+    register_type(re.Match, make_raiser(CrosshairUnsupported))
 
     # Text: (elsewhere - identical to str)
     register_type(bytes, make_byte_string)
@@ -4762,7 +5060,7 @@ def make_registrations():
     register_type(SupportsFloat, lambda p: p(float))
     register_type(SupportsInt, lambda p: p(int))
     register_type(SupportsRound, lambda p: p(float))
-    register_type(SupportsBytes, lambda p: p(ByteString))
+    register_type(SupportsBytes, lambda p: p(Buffer))
     register_type(SupportsComplex, lambda p: p(complex))
 
     # Patches
@@ -4797,6 +5095,7 @@ def make_registrations():
     register_patch(bytes, _bytes)
     register_patch(dict, _dict)
     register_patch(float, _float)
+    register_patch(frozenset, _frozenset)
     register_patch(int, _int)
     register_patch(memoryview, _memoryview)
     register_patch(range, _range)
@@ -4850,7 +5149,7 @@ def make_registrations():
         "upper",
         "zfill",
     ]
-    if sys.version_info >= (3, 9):
+    if version_info >= (3, 9):
         names_to_str_patch.append("removeprefix")
         names_to_str_patch.append("removesuffix")
     for name in names_to_str_patch:
@@ -4869,6 +5168,7 @@ def make_registrations():
     register_patch(str.__contains__, _str_contains)
     register_patch(str.join, _str_join)
     register_patch(str.__repr__, with_symbolic_self(LazyIntSymbolicStr, str.__repr__))
+    register_patch(str.__mod__, _str_percent_format)
 
     # Patches on bytes
     register_patch(bytes.join, _bytes_join)
@@ -4879,28 +5179,48 @@ def make_registrations():
     register_patch(bytearray.fromhex, SymbolicByteArray.fromhex)
 
     # Patches on list
-    register_patch(list.index, _list_index)
+    register_patch(list.__len__, with_checked_self(list, "__len__"))
     register_patch(list.__repr__, _list_repr)
+    register_patch(list.copy, with_checked_self(list, "copy"))
+    register_patch(list.index, _list_index)
+    register_patch(list.pop, with_checked_self(list, "pop"))
 
     # Patches on dict
-    register_patch(dict.get, _dict_get)
+    register_patch(dict.__len__, with_checked_self(dict, "__len__"))
     register_patch(dict.__repr__, _dict_repr)
+    register_patch(dict.copy, with_checked_self(dict, "copy"))
+    register_patch(dict.items, with_checked_self(dict, "items"))
+    register_patch(dict.keys, with_checked_self(dict, "keys"))
     # TODO: dict.update (concrete w/ symbolic argument), __getitem__, & more?
+    register_patch(dict.get, _dict_get)
+    register_patch(dict.values, with_checked_self(dict, "values"))
 
     # Patches on set/frozenset
     register_patch(set.__repr__, _set_repr)
     register_patch(frozenset.__repr__, _frozenset_repr)
+    register_patch(set.copy, with_checked_self(set, "copy"))
+    register_patch(frozenset.copy, with_checked_self(frozenset, "copy"))
+    register_patch(set.pop, with_checked_self(set, "pop"))
 
     # Patches on int
+    register_patch(int.__repr__, with_checked_self(int, "__repr__"))
+    register_patch(int.as_integer_ratio, with_checked_self(int, "as_integer_ratio"))
+    if version_info >= (3, 10):
+        register_patch(int.bit_count, with_checked_self(int, "bit_count"))
+    register_patch(int.bit_length, with_checked_self(int, "bit_length"))
+    register_patch(int.conjugate, with_checked_self(int, "conjugate"))
     register_patch(int.from_bytes, _int_from_bytes)
-    # We register int.__repr__ because the JSON serializer can call `int.__repr__(symbolic_int)`.
-    # In theory ALL special and regular methods of builtins should be overridden, but this would
-    # be costly. For now, we're just intercepting the important methods.
-    register_patch(int.__repr__, with_symbolic_self(SymbolicInt, int.__repr__))
+    if version_info >= (3, 12):
+        register_patch(int.is_integer, with_checked_self(int, "is_integer"))
+    register_patch(int.to_bytes, with_checked_self(int, "to_bytes"))
 
     # Patches on float
+    register_patch(float.__repr__, with_checked_self(float, "__repr__"))
     register_patch(float.fromhex, with_realized_args(float.fromhex))
-    register_patch(float.__repr__, with_symbolic_self(SymbolicFloat, float.__repr__))
+    register_patch(float.as_integer_ratio, with_checked_self(float, "as_integer_ratio"))
+    register_patch(float.conjugate, with_checked_self(float, "conjugate"))
+    register_patch(float.hex, with_checked_self(float, "hex"))
+    register_patch(float.is_integer, with_checked_self(float, "is_integer"))
 
     # Patches on tuples
     register_patch(tuple.__repr__, _tuple_repr)