angr Documentation
Search…
README
Introductory Errata
Core Concepts
Built-in Analyses
Advanced Topics
Extending angr
Examples
Appendix
List of Claripy Operations
List of State Options
Changelog
Migrating to angr 9.1
Migrating to angr 8
Migrating to angr 7
Powered By GitBook
Migrating to angr 9.1
angr 9.1 is here!

Calling Conventions and Prototypes

The main change motivating angr 9.1 is this large refactor of SimCC. Here are the breaking changes:

SimCCs can no longer be customized

If you were using the sp_delta, args, or ret_val parameters to SimCC, you should use the new class SimCCUsercall, which lets (requires) you to be explicit about the locations of each argument.

Passing SimTypes is now mandatory

Every method call on SimCC which interacts with typed data now requires a SimType to be passed in. Previously, the use of is_fp and size was optional, but now these parameters will no longer be accepted and a SimType will be required.
This has some fairly non-intuitive consequences - in order to accommodate more esoteric calling conventions (think: passing large structs by value via an "invisible reference") you have to specify a function's return type before you can extract any of its arguments.
Additionally, some non-cc interfaces, such as call_state and callable and SimProcedure.call(), now require a prototype to be passed to them. You'd be surprised how many bugs we found in our own code from enforcing this requirement!

PointerWrapper has a new parameter

Imagine you're passing something into a function which has a parameter of type char*. Is this a pointer to a single char or a pointer to an array of chars? The answer changes how we typecheck the values you pass in. If you're passing a PointerWrapper wrapping a large value which should be treated as an array of chars, you should construct your pointerwrapper as PointerWrapper(foo, buffer=True). The buffer argument to PointerWrapper now instructs SimCC to treat the data to be serialized as an array of the child type instead of as a scalar.

func_ty -> prototype

Every usage of the name func_ty has been replaced with the name prototype. This was done for consistency between the static analysis code and the dynamic FFI.
Previous
Changelog
Next
Migrating to angr 8
Last modified 7mo ago
Export as PDF
Copy link
Outline
Calling Conventions and Prototypes
SimCCs can no longer be customized
Passing SimTypes is now mandatory
PointerWrapper has a new parameter
func_ty -> prototype