Migrating to angr 9.1#

angr 9.1 is here!

Calling Conventions and Prototypes#

The main change motivating angr 9.1 is this large refactor of SimCC. Here are the breaking changes:

SimCCs can no longer be customized#

If you were using the sp_delta, args, or ret_val parameters to SimCC, you should use the new class SimCCUsercall, which lets (requires) you to be explicit about the locations of each argument.

Passing SimTypes is now mandatory#

Every method call on SimCC which interacts with typed data now requires a SimType to be passed in. Previously, the use of is_fp and size was optional, but now these parameters will no longer be accepted and a SimType will be required.

This has some fairly non-intuitive consequences - in order to accommodate more esoteric calling conventions (think: passing large structs by value via an “invisible reference”) you have to specify a function’s return type before you can extract any of its arguments.

Additionally, some non-cc interfaces, such as call_state and callable and SimProcedure.call(), now require a prototype to be passed to them. You’d be surprised how many bugs we found in our own code from enforcing this requirement!

PointerWrapper has a new parameter#

Imagine you’re passing something into a function which has a parameter of type char*. Is this a pointer to a single char or a pointer to an array of chars? The answer changes how we typecheck the values you pass in. If you’re passing a PointerWrapper wrapping a large value which should be treated as an array of chars, you should construct your pointerwrapper as PointerWrapper(foo, buffer=True). The buffer argument to PointerWrapper now instructs SimCC to treat the data to be serialized as an array of the child type instead of as a scalar.

func_ty -> prototype#

Every usage of the name func_ty has been replaced with the name prototype. This was done for consistency between the static analysis code and the dynamic FFI.