Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

auipc result is absent from CFGFast basic blocks under the PCode backend #5745

New issue
New issue
Open
Open
auipc result is absent from CFGFast basic blocks under the PCode backend#5745
Labels
bugSomething is brokenneeds-triageIssue has yet to be looked at by a maintainer
@esawady

Description

@esawady
esawady
opened on Oct 24, 2025

Description

Under the PCode backend, the instruction at the address returned from an auipc instruction is removed from basic blocks returned by CFGFast. Passing data_references=False to CFGFast fixes this. The codepath at fault is the data reference recovery using Clinic under CFGFast._function_completed.

Steps to reproduce the bug

In a directory with test.gz and test.py, with angr and pypcode installed:

$ gunzip test.gz
$ python test.py

The binary is test.s assembled with -march=rv32imc. Note the hole between 0x11074 and 0x11076, skipping the second nop in baz because the auipc in foo puts 0x11074 in ra.

The first and third instructions in baz aren't necessary, it's just easier to see the hole with an instruction on either side. The branching and lw in foo are in order to meet some heuristics that this codepath is gated behind, the important part is the auipc.

Environment

$ python -m angr.misc.bug_report | redact
[...]/ppc-venv/lib/python3.12/site-packages/unicorn/unicorn.py:8: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
  import pkg_resources
angr environment report
=============================
Date: 2025-10-24 11:36:24.164775
Running in virtual environment at [...]/ppc-venv
Platform: linux-x86_64
Python version: 3.12.3 (main, Aug 14 2025, 17:47:21) [GCC 13.3.0]
######## angr #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/angr/__init__.py
Pip version 9.2.181
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## archinfo #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/archinfo/__init__.py
Pip version 9.2.181
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## claripy #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/claripy/__init__.py
Pip version 9.2.181
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## cle #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/cle/__init__.py
Pip version 9.2.181
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## pypcode #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/pypcode/__init__.py
Pip version 3.3.1
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## pyvex #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/pyvex/__init__.py
Pip version 9.2.181
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## unicorn #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/unicorn/__init__.py
Pip version 2.0.1.post1
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######## z3 #########
Python found it in [...]/ppc-venv/lib/python3.12/site-packages/z3/__init__.py
Pip version 4.13.0.0
Git info:
	Current commit [commit hash from the repo the venv is within] from branch main
	Checked out from remote origin: [the repo the venv is within]
######### Native Module Info ##########
angr: <CDLL '[...]/ppc-venv/lib/python3.12/site-packages/angr/unicornlib.so', handle 1fd8b70 at 0x7fffef9815b0>
pyvex: <cffi.api._make_ffi_library.<locals>.FFILibrary object at 0x7ffff3e1e000>
unicorn: <CDLL '[...]/ppc-venv/lib/python3.12/site-packages/unicorn/lib/libunicorn.so.2', handle 19768c0 at 0x7ffff2f41d60>
z3: <CDLL '[...]/ppc-venv/lib/python3.12/site-packages/z3/lib/libz3.so', handle 14abf50 at 0x7ffff6012ff0>

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething is brokenneeds-triageIssue has yet to be looked at by a maintainer

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions