Add regression tests for __and__ simplifier with If expressions#696
Add regression tests for __and__ simplifier with If expressions#696
Conversation
The fix in dd5b13b (#621) resolved a ClaripyOperationError crash when the __and__ simplifier encountered If expressions with non-1-bit values (e.g., 8-bit). The hardcoded BVV(1, 1) comparisons caused a length mismatch error. This adds regression tests covering: - If(...) & If(...) with arbitrary multi-bit concrete values - If(cond, 1, 0) & If(cond, 1, 0) optimization with 8-bit values - If(...) & BVV and BVV & If(...) - If expressions with bitwise OR and XOR operators Co-Authored-By: Claude Opus 4.6 <[email protected]>
for more information, see https://pre-commit.ci
|
This resulted from a scrape of issues from discord. Not really sure if we need these explicit tests. Can close or merge as we want. |
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive regression tests for a bug fix (from PR #621) where the bitwise AND simplifier would crash when processing If expressions with non-1-bit values. The fix already exists in the codebase, but these tests ensure the issue doesn't regress in the future.
Changes:
- Added
test_bitwise_and_if_multibyte()to test AND operations on multi-bit If expressions - Added
test_bitwise_or_xor_if()to test OR and XOR operations on If expressions - Tests validate both crash prevention and correct optimization behavior
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| expr = claripy.If(c, claripy.BVV(1, 8), claripy.BVV(2, 8)) & claripy.If(d, claripy.BVV(3, 8), claripy.BVV(4, 8)) | ||
| assert expr.size() == 8 | ||
|
|
||
| # If(cond, 1, 0) & If(cond, 1, 0) with 8-bit should still optimize |
There was a problem hiding this comment.
The comment says "If(cond, 1, 0) & If(cond, 1, 0)" but the test uses different conditions (c and d). Consider updating the comment to say "If(cond1, 1, 0) & If(cond2, 1, 0)" or similar to accurately reflect that different conditions are being used. This would make it clearer that the optimization applies even when the conditions differ.
| # If(cond, 1, 0) & If(cond, 1, 0) with 8-bit should still optimize | |
| # If(cond1, 1, 0) & If(cond2, 1, 0) with 8-bit should still optimize (here cond1=c, cond2=d) |
|
Corpus decompilation diffs can be found at angr/dec-snapshots@master...angr/claripy_696 |
2 participants
Summary
bitwise_and_simplifiercrash when If expressions have non-1-bit values (fixed in bitwise_and_simplifier: do not crash on non-bit-sized ASTs #621 / dd5b13b)If(BoolS('c'), BVV(1, 8), BVV(2, 8)) & If(BoolS('d'), BVV(3, 8), BVV(4, 8))raisedClaripyOperationError: args' length must all be equalbecause the simplifier hardcodedBVV(1, 1)comparisonsTest coverage added
If(...) & If(...)with arbitrary multi-bit concrete values (the reported crash case)If(cond, 1, 0) & If(cond, 1, 0)optimization with 8-bit values (verifies the optimization still works)If(...) & BVVandBVV & If(...)(mixed operand cases)If(...) | If(...)andIf(...) ^ If(...)(bitwise OR and XOR with If expressions)Test plan