angr 9.2.101__py3-none-manylinux2014_x86_64.whl → 9.2.103__py3-none-manylinux2014_x86_64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +1 -1
- angr/analyses/analysis.py +7 -6
- angr/analyses/calling_convention.py +33 -35
- angr/analyses/cdg.py +2 -4
- angr/analyses/cfg/cfb.py +4 -3
- angr/analyses/cfg/cfg_base.py +14 -14
- angr/analyses/cfg/cfg_emulated.py +3 -4
- angr/analyses/cfg/cfg_fast.py +46 -46
- angr/analyses/cfg/cfg_fast_soot.py +1 -2
- angr/analyses/cfg/cfg_job_base.py +2 -2
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +14 -13
- angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py +5 -5
- angr/analyses/cfg_slice_to_sink/cfg_slice_to_sink.py +3 -3
- angr/analyses/complete_calling_conventions.py +13 -12
- angr/analyses/data_dep/data_dependency_analysis.py +24 -24
- angr/analyses/data_dep/dep_nodes.py +3 -3
- angr/analyses/ddg.py +1 -2
- angr/analyses/decompiler/ail_simplifier.py +35 -34
- angr/analyses/decompiler/block_io_finder.py +20 -20
- angr/analyses/decompiler/block_similarity.py +4 -6
- angr/analyses/decompiler/block_simplifier.py +17 -16
- angr/analyses/decompiler/callsite_maker.py +25 -10
- angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py +1 -3
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +2 -4
- angr/analyses/decompiler/clinic.py +250 -45
- angr/analyses/decompiler/condition_processor.py +15 -8
- angr/analyses/decompiler/decompilation_cache.py +7 -7
- angr/analyses/decompiler/decompilation_options.py +4 -4
- angr/analyses/decompiler/decompiler.py +19 -15
- angr/analyses/decompiler/expression_counters.py +10 -9
- angr/analyses/decompiler/goto_manager.py +2 -4
- angr/analyses/decompiler/graph_region.py +9 -9
- angr/analyses/decompiler/jump_target_collector.py +1 -2
- angr/analyses/decompiler/optimization_passes/__init__.py +4 -3
- angr/analyses/decompiler/optimization_passes/code_motion.py +5 -6
- angr/analyses/decompiler/optimization_passes/const_derefs.py +4 -4
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +73 -0
- angr/analyses/decompiler/optimization_passes/engine_base.py +25 -3
- angr/analyses/decompiler/optimization_passes/expr_op_swapper.py +6 -5
- angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +2 -2
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +3 -0
- angr/analyses/decompiler/optimization_passes/ite_expr_converter.py +2 -2
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +17 -17
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +12 -13
- angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +25 -21
- angr/analyses/decompiler/optimization_passes/ret_addr_save_simplifier.py +3 -3
- angr/analyses/decompiler/optimization_passes/ret_deduplicator.py +1 -2
- angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +7 -7
- angr/analyses/decompiler/optimization_passes/spilled_register_finder.py +18 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +2 -3
- angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +1 -2
- angr/analyses/decompiler/optimization_passes/x86_gcc_getpc_simplifier.py +2 -2
- angr/analyses/decompiler/peephole_optimizations/__init__.py +4 -3
- angr/analyses/decompiler/peephole_optimizations/base.py +13 -15
- angr/analyses/decompiler/peephole_optimizations/bswap.py +1 -3
- angr/analyses/decompiler/peephole_optimizations/cmpord_rewriter.py +72 -0
- angr/analyses/decompiler/peephole_optimizations/const_mull_a_shift.py +1 -2
- angr/analyses/decompiler/peephole_optimizations/eager_eval.py +1 -1
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy.py +5 -10
- angr/analyses/decompiler/peephole_optimizations/inlined_strcpy_consolidation.py +3 -4
- angr/analyses/decompiler/peephole_optimizations/inlined_wstrcpy.py +7 -10
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +2 -3
- angr/analyses/decompiler/peephole_optimizations/sar_to_signed_div.py +1 -2
- angr/analyses/decompiler/peephole_optimizations/tidy_stack_addr.py +4 -4
- angr/analyses/decompiler/redundant_label_remover.py +4 -5
- angr/analyses/decompiler/region_identifier.py +4 -5
- angr/analyses/decompiler/region_simplifiers/cascading_cond_transformer.py +1 -2
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +19 -20
- angr/analyses/decompiler/region_simplifiers/goto.py +2 -3
- angr/analyses/decompiler/region_simplifiers/loop.py +1 -2
- angr/analyses/decompiler/region_simplifiers/node_address_finder.py +1 -2
- angr/analyses/decompiler/region_simplifiers/region_simplifier.py +1 -3
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +19 -19
- angr/analyses/decompiler/return_maker.py +1 -2
- angr/analyses/decompiler/structured_codegen/base.py +5 -6
- angr/analyses/decompiler/structured_codegen/c.py +39 -38
- angr/analyses/decompiler/structuring/__init__.py +1 -1
- angr/analyses/decompiler/structuring/dream.py +17 -16
- angr/analyses/decompiler/structuring/phoenix.py +45 -46
- angr/analyses/decompiler/structuring/recursive_structurer.py +4 -4
- angr/analyses/decompiler/structuring/structurer_base.py +16 -15
- angr/analyses/decompiler/structuring/structurer_nodes.py +10 -9
- angr/analyses/decompiler/utils.py +17 -16
- angr/analyses/disassembly.py +7 -6
- angr/analyses/flirt.py +9 -9
- angr/analyses/forward_analysis/forward_analysis.py +15 -14
- angr/analyses/forward_analysis/visitors/function_graph.py +1 -2
- angr/analyses/forward_analysis/visitors/graph.py +16 -15
- angr/analyses/propagator/engine_ail.py +30 -26
- angr/analyses/propagator/outdated_definition_walker.py +8 -7
- angr/analyses/propagator/propagator.py +11 -13
- angr/analyses/proximity_graph.py +21 -21
- angr/analyses/reaching_definitions/__init__.py +3 -3
- angr/analyses/reaching_definitions/call_trace.py +3 -6
- angr/analyses/reaching_definitions/dep_graph.py +41 -48
- angr/analyses/reaching_definitions/engine_ail.py +11 -5
- angr/analyses/reaching_definitions/engine_vex.py +9 -8
- angr/analyses/reaching_definitions/function_handler.py +51 -34
- angr/analyses/reaching_definitions/heap_allocator.py +3 -4
- angr/analyses/reaching_definitions/rd_initializer.py +8 -8
- angr/analyses/reaching_definitions/rd_state.py +57 -58
- angr/analyses/reaching_definitions/reaching_definitions.py +18 -17
- angr/analyses/reaching_definitions/subject.py +2 -3
- angr/analyses/stack_pointer_tracker.py +15 -6
- angr/analyses/typehoon/dfa.py +4 -4
- angr/analyses/typehoon/simple_solver.py +48 -52
- angr/analyses/typehoon/translator.py +3 -6
- angr/analyses/typehoon/typeconsts.py +13 -14
- angr/analyses/typehoon/typehoon.py +9 -9
- angr/analyses/typehoon/typevars.py +18 -17
- angr/analyses/variable_recovery/engine_ail.py +5 -5
- angr/analyses/variable_recovery/engine_base.py +25 -21
- angr/analyses/variable_recovery/irsb_scanner.py +8 -9
- angr/analyses/variable_recovery/variable_recovery.py +1 -2
- angr/analyses/variable_recovery/variable_recovery_base.py +14 -13
- angr/analyses/variable_recovery/variable_recovery_fast.py +8 -8
- angr/analyses/veritesting.py +1 -2
- angr/analyses/vfg.py +57 -56
- angr/analyses/xrefs.py +1 -2
- angr/angrdb/db.py +7 -7
- angr/angrdb/serializers/kb.py +16 -13
- angr/angrdb/serializers/loader.py +1 -2
- angr/angrdb/serializers/structured_code.py +2 -2
- angr/annocfg.py +1 -2
- angr/block.py +16 -6
- angr/calling_conventions.py +27 -27
- angr/code_location.py +8 -8
- angr/codenode.py +1 -2
- angr/concretization_strategies/max.py +1 -3
- angr/distributed/server.py +1 -3
- angr/distributed/worker.py +1 -2
- angr/engines/engine.py +2 -3
- angr/engines/light/engine.py +4 -4
- angr/engines/pcode/behavior.py +20 -2
- angr/engines/pcode/emulate.py +1 -1
- angr/engines/pcode/engine.py +7 -7
- angr/engines/pcode/lifter.py +78 -77
- angr/engines/vex/claripy/ccall.py +1 -2
- angr/engines/vex/claripy/datalayer.py +1 -2
- angr/engines/vex/light/light.py +1 -2
- angr/exploration_techniques/tracer.py +4 -4
- angr/factory.py +12 -15
- angr/flirt/__init__.py +8 -8
- angr/flirt/build_sig.py +2 -3
- angr/keyed_region.py +2 -2
- angr/knowledge_base/knowledge_base.py +3 -3
- angr/knowledge_plugins/callsite_prototypes.py +4 -6
- angr/knowledge_plugins/cfg/cfg_manager.py +19 -6
- angr/knowledge_plugins/cfg/cfg_model.py +26 -27
- angr/knowledge_plugins/cfg/cfg_node.py +2 -2
- angr/knowledge_plugins/cfg/indirect_jump.py +6 -8
- angr/knowledge_plugins/cfg/memory_data.py +8 -9
- angr/knowledge_plugins/custom_strings.py +1 -3
- angr/knowledge_plugins/debug_variables.py +2 -2
- angr/knowledge_plugins/functions/function.py +21 -22
- angr/knowledge_plugins/functions/function_manager.py +5 -5
- angr/knowledge_plugins/indirect_jumps.py +1 -3
- angr/knowledge_plugins/key_definitions/atoms.py +7 -7
- angr/knowledge_plugins/key_definitions/definition.py +14 -14
- angr/knowledge_plugins/key_definitions/environment.py +5 -7
- angr/knowledge_plugins/key_definitions/heap_address.py +1 -3
- angr/knowledge_plugins/key_definitions/key_definition_manager.py +3 -2
- angr/knowledge_plugins/key_definitions/live_definitions.py +60 -59
- angr/knowledge_plugins/key_definitions/liveness.py +16 -16
- angr/knowledge_plugins/key_definitions/rd_model.py +15 -15
- angr/knowledge_plugins/key_definitions/uses.py +11 -11
- angr/knowledge_plugins/patches.py +4 -8
- angr/knowledge_plugins/propagations/prop_value.py +10 -9
- angr/knowledge_plugins/propagations/propagation_manager.py +3 -5
- angr/knowledge_plugins/propagations/propagation_model.py +9 -9
- angr/knowledge_plugins/propagations/states.py +52 -22
- angr/knowledge_plugins/structured_code/manager.py +2 -2
- angr/knowledge_plugins/sync/sync_controller.py +3 -3
- angr/knowledge_plugins/variables/variable_access.py +4 -4
- angr/knowledge_plugins/variables/variable_manager.py +56 -39
- angr/knowledge_plugins/xrefs/xref.py +9 -11
- angr/knowledge_plugins/xrefs/xref_manager.py +3 -4
- angr/misc/ansi.py +1 -2
- angr/misc/autoimport.py +3 -3
- angr/misc/plugins.py +9 -9
- angr/procedures/definitions/__init__.py +16 -16
- angr/procedures/definitions/linux_kernel.py +1 -1
- angr/procedures/definitions/parse_win32json.py +1 -1
- angr/procedures/java_jni/__init__.py +1 -1
- angr/procedures/java_jni/array_operations.py +1 -2
- angr/procedures/java_jni/method_calls.py +1 -2
- angr/procedures/posix/inet_ntoa.py +1 -2
- angr/procedures/stubs/format_parser.py +3 -3
- angr/project.py +13 -11
- angr/sim_manager.py +12 -12
- angr/sim_procedure.py +7 -3
- angr/sim_state.py +2 -2
- angr/sim_type.py +60 -45
- angr/sim_variable.py +5 -5
- angr/simos/simos.py +1 -2
- angr/simos/userland.py +1 -2
- angr/state_plugins/callstack.py +3 -2
- angr/state_plugins/history.py +1 -2
- angr/state_plugins/solver.py +34 -34
- angr/storage/memory_mixins/__init__.py +4 -3
- angr/storage/memory_mixins/actions_mixin.py +1 -3
- angr/storage/memory_mixins/address_concretization_mixin.py +1 -3
- angr/storage/memory_mixins/convenient_mappings_mixin.py +3 -4
- angr/storage/memory_mixins/default_filler_mixin.py +1 -1
- angr/storage/memory_mixins/label_merger_mixin.py +2 -2
- angr/storage/memory_mixins/multi_value_merger_mixin.py +4 -3
- angr/storage/memory_mixins/paged_memory/page_backer_mixins.py +9 -8
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +12 -11
- angr/storage/memory_mixins/paged_memory/pages/cooperation.py +8 -8
- angr/storage/memory_mixins/paged_memory/pages/history_tracking_mixin.py +2 -3
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +10 -11
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +11 -10
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +18 -17
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +12 -11
- angr/storage/memory_mixins/regioned_memory/abstract_address_descriptor.py +3 -3
- angr/storage/memory_mixins/regioned_memory/abstract_merger_mixin.py +3 -2
- angr/storage/memory_mixins/regioned_memory/region_data.py +1 -2
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +2 -2
- angr/storage/memory_mixins/regioned_memory/regioned_address_concretization_mixin.py +3 -3
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +18 -21
- angr/storage/memory_mixins/size_resolution_mixin.py +1 -2
- angr/storage/memory_mixins/symbolic_merger_mixin.py +3 -2
- angr/storage/memory_mixins/top_merger_mixin.py +3 -2
- angr/storage/memory_object.py +2 -4
- angr/utils/algo.py +3 -2
- angr/utils/dynamic_dictlist.py +5 -5
- angr/utils/formatting.py +4 -4
- angr/utils/funcid.py +1 -2
- angr/utils/graph.py +5 -6
- angr/utils/library.py +5 -5
- angr/utils/mp.py +5 -4
- angr/utils/segment_list.py +3 -4
- angr/utils/typing.py +3 -2
- {angr-9.2.101.dist-info → angr-9.2.103.dist-info}/METADATA +9 -11
- {angr-9.2.101.dist-info → angr-9.2.103.dist-info}/RECORD +239 -236
- {angr-9.2.101.dist-info → angr-9.2.103.dist-info}/LICENSE +0 -0
- {angr-9.2.101.dist-info → angr-9.2.103.dist-info}/WHEEL +0 -0
- {angr-9.2.101.dist-info → angr-9.2.103.dist-info}/entry_points.txt +0 -0
- {angr-9.2.101.dist-info → angr-9.2.103.dist-info}/top_level.txt +0 -0
angr/analyses/proximity_graph.py
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
from typing import Optional,
|
|
1
|
+
from typing import Optional, TYPE_CHECKING
|
|
2
2
|
import logging
|
|
3
3
|
|
|
4
4
|
import networkx
|
|
@@ -38,7 +38,7 @@ class BaseProxiNode:
|
|
|
38
38
|
Base class for all nodes in a proximity graph.
|
|
39
39
|
"""
|
|
40
40
|
|
|
41
|
-
def __init__(self, type_: int, ref_at:
|
|
41
|
+
def __init__(self, type_: int, ref_at: set[int] | None = None):
|
|
42
42
|
self.type_ = type_
|
|
43
43
|
self.ref_at = ref_at
|
|
44
44
|
|
|
@@ -54,7 +54,7 @@ class FunctionProxiNode(BaseProxiNode):
|
|
|
54
54
|
Proximity node showing current and expanded function calls in graph.
|
|
55
55
|
"""
|
|
56
56
|
|
|
57
|
-
def __init__(self, func, ref_at:
|
|
57
|
+
def __init__(self, func, ref_at: set[int] | None = None):
|
|
58
58
|
super().__init__(ProxiNodeTypes.Function, ref_at=ref_at)
|
|
59
59
|
self.func = func
|
|
60
60
|
|
|
@@ -70,7 +70,7 @@ class VariableProxiNode(BaseProxiNode):
|
|
|
70
70
|
Variable arg node
|
|
71
71
|
"""
|
|
72
72
|
|
|
73
|
-
def __init__(self, addr, name, ref_at:
|
|
73
|
+
def __init__(self, addr, name, ref_at: set[int] | None = None):
|
|
74
74
|
super().__init__(ProxiNodeTypes.Variable, ref_at=ref_at)
|
|
75
75
|
self.addr = addr
|
|
76
76
|
self.name = name
|
|
@@ -87,7 +87,7 @@ class StringProxiNode(BaseProxiNode):
|
|
|
87
87
|
String arg node
|
|
88
88
|
"""
|
|
89
89
|
|
|
90
|
-
def __init__(self, addr, content, ref_at:
|
|
90
|
+
def __init__(self, addr, content, ref_at: set[int] | None = None):
|
|
91
91
|
super().__init__(ProxiNodeTypes.String, ref_at=ref_at)
|
|
92
92
|
self.addr = addr
|
|
93
93
|
self.content = content
|
|
@@ -104,7 +104,7 @@ class CallProxiNode(BaseProxiNode):
|
|
|
104
104
|
Call node
|
|
105
105
|
"""
|
|
106
106
|
|
|
107
|
-
def __init__(self, callee, ref_at:
|
|
107
|
+
def __init__(self, callee, ref_at: set[int] | None = None, args: tuple[BaseProxiNode] | None = None):
|
|
108
108
|
super().__init__(ProxiNodeTypes.FunctionCall, ref_at=ref_at)
|
|
109
109
|
self.callee = callee
|
|
110
110
|
self.args = args
|
|
@@ -127,7 +127,7 @@ class IntegerProxiNode(BaseProxiNode):
|
|
|
127
127
|
Int arg node
|
|
128
128
|
"""
|
|
129
129
|
|
|
130
|
-
def __init__(self, value: int, ref_at:
|
|
130
|
+
def __init__(self, value: int, ref_at: set[int] | None = None):
|
|
131
131
|
super().__init__(ProxiNodeTypes.Integer, ref_at=ref_at)
|
|
132
132
|
self.value = value
|
|
133
133
|
|
|
@@ -167,7 +167,7 @@ class ProximityGraphAnalysis(Analysis):
|
|
|
167
167
|
cfg_model: "CFGModel",
|
|
168
168
|
xrefs: "XRefManager",
|
|
169
169
|
decompilation: Optional["Decompiler"] = None,
|
|
170
|
-
expand_funcs:
|
|
170
|
+
expand_funcs: set[int] | None = None,
|
|
171
171
|
):
|
|
172
172
|
self._function = func
|
|
173
173
|
self._cfg_model = cfg_model
|
|
@@ -175,14 +175,14 @@ class ProximityGraphAnalysis(Analysis):
|
|
|
175
175
|
self._decompilation = decompilation
|
|
176
176
|
self._expand_funcs = expand_funcs.copy() if expand_funcs else None
|
|
177
177
|
|
|
178
|
-
self.graph:
|
|
178
|
+
self.graph: networkx.DiGraph | None = None
|
|
179
179
|
self.handled_stmts = []
|
|
180
180
|
|
|
181
181
|
self._work()
|
|
182
182
|
|
|
183
183
|
def _condense_blank_nodes(self, graph: networkx.DiGraph) -> None:
|
|
184
184
|
nodes = list(graph.nodes)
|
|
185
|
-
blank_nodes:
|
|
185
|
+
blank_nodes: list[BaseProxiNode] = []
|
|
186
186
|
|
|
187
187
|
for node in nodes:
|
|
188
188
|
if isinstance(node, BaseProxiNode) and node.type_ == ProxiNodeTypes.Empty:
|
|
@@ -195,7 +195,7 @@ class ProximityGraphAnalysis(Analysis):
|
|
|
195
195
|
if blank_nodes:
|
|
196
196
|
self._merge_nodes(graph, blank_nodes)
|
|
197
197
|
|
|
198
|
-
def _merge_nodes(self, graph: networkx.DiGraph, nodes:
|
|
198
|
+
def _merge_nodes(self, graph: networkx.DiGraph, nodes: list[BaseProxiNode]) -> None:
|
|
199
199
|
for node in nodes:
|
|
200
200
|
predecessors = set(graph.predecessors(node))
|
|
201
201
|
successors = set(graph.successors(node))
|
|
@@ -268,10 +268,10 @@ class ProximityGraphAnalysis(Analysis):
|
|
|
268
268
|
subgraph.add_edge(end_node, succ)
|
|
269
269
|
|
|
270
270
|
def _process_function(
|
|
271
|
-
self, func: "Function", graph: networkx.DiGraph, func_proxi_node:
|
|
272
|
-
) ->
|
|
273
|
-
to_expand:
|
|
274
|
-
found_blocks:
|
|
271
|
+
self, func: "Function", graph: networkx.DiGraph, func_proxi_node: FunctionProxiNode | None = None
|
|
272
|
+
) -> list[FunctionProxiNode]:
|
|
273
|
+
to_expand: list[FunctionProxiNode] = []
|
|
274
|
+
found_blocks: dict[BlockNode:BaseProxiNode] = {}
|
|
275
275
|
|
|
276
276
|
# function calls
|
|
277
277
|
for n_ in func.nodes:
|
|
@@ -346,18 +346,18 @@ class ProximityGraphAnalysis(Analysis):
|
|
|
346
346
|
args.append(UnknownProxiNode("_"))
|
|
347
347
|
|
|
348
348
|
def _process_decompilation(
|
|
349
|
-
self, graph: networkx.DiGraph, decompilation: "Decompiler", func_proxi_node:
|
|
350
|
-
) ->
|
|
351
|
-
to_expand:
|
|
349
|
+
self, graph: networkx.DiGraph, decompilation: "Decompiler", func_proxi_node: FunctionProxiNode | None = None
|
|
350
|
+
) -> list[FunctionProxiNode]:
|
|
351
|
+
to_expand: list[FunctionProxiNode] = []
|
|
352
352
|
|
|
353
353
|
# dedup
|
|
354
|
-
string_refs:
|
|
354
|
+
string_refs: set[int] = set()
|
|
355
355
|
|
|
356
356
|
# Walk the clinic structure to dump string references and function calls
|
|
357
357
|
ail_graph = decompilation.clinic.cc_graph
|
|
358
358
|
|
|
359
359
|
def _handle_Call(
|
|
360
|
-
stmt_idx: int, stmt: ailment.Stmt.Call, block:
|
|
360
|
+
stmt_idx: int, stmt: ailment.Stmt.Call, block: ailment.Block | None # pylint:disable=unused-argument
|
|
361
361
|
): # pylint:disable=unused-argument
|
|
362
362
|
func_node = self.kb.functions[stmt.target.value]
|
|
363
363
|
ref_at = {stmt.ins_addr}
|
|
@@ -386,7 +386,7 @@ class ProximityGraphAnalysis(Analysis):
|
|
|
386
386
|
expr: ailment.Stmt.Call,
|
|
387
387
|
stmt_idx: int, # pylint:disable=unused-argument
|
|
388
388
|
stmt: ailment.Stmt.Statement, # pylint:disable=unused-argument
|
|
389
|
-
block:
|
|
389
|
+
block: ailment.Block | None,
|
|
390
390
|
): # pylint:disable=unused-argument
|
|
391
391
|
_handle_Call(stmt_idx, expr, block)
|
|
392
392
|
|
|
@@ -42,15 +42,15 @@ __all__ = (
|
|
|
42
42
|
)
|
|
43
43
|
|
|
44
44
|
|
|
45
|
-
def get_all_definitions(region: "MultiValuedMemory") ->
|
|
46
|
-
all_defs:
|
|
45
|
+
def get_all_definitions(region: "MultiValuedMemory") -> set["Definition"]:
|
|
46
|
+
all_defs: set["Definition"] = set()
|
|
47
47
|
|
|
48
48
|
# MultiValuedMemory only uses ListPage internally
|
|
49
49
|
for page in region._pages.values():
|
|
50
50
|
page: "MVListPage"
|
|
51
51
|
|
|
52
52
|
for idx in page.stored_offset:
|
|
53
|
-
cnt_set:
|
|
53
|
+
cnt_set: Union["SimMemoryObject", set["SimMemoryObject"]] | None = page.content[idx]
|
|
54
54
|
if cnt_set is None:
|
|
55
55
|
continue
|
|
56
56
|
if type(cnt_set) is not set:
|
|
@@ -1,6 +1,3 @@
|
|
|
1
|
-
from typing import List, Optional
|
|
2
|
-
|
|
3
|
-
|
|
4
1
|
class CallSite:
|
|
5
2
|
"""
|
|
6
3
|
Describes a call site on a CFG.
|
|
@@ -12,7 +9,7 @@ class CallSite:
|
|
|
12
9
|
"callee_func_addr",
|
|
13
10
|
)
|
|
14
11
|
|
|
15
|
-
def __init__(self, caller_func_addr: int, block_addr:
|
|
12
|
+
def __init__(self, caller_func_addr: int, block_addr: int | None, callee_func_addr: int):
|
|
16
13
|
self.caller_func_addr = caller_func_addr
|
|
17
14
|
self.callee_func_addr = callee_func_addr
|
|
18
15
|
self.block_addr = block_addr
|
|
@@ -45,7 +42,7 @@ class CallTrace:
|
|
|
45
42
|
|
|
46
43
|
def __init__(self, target: int):
|
|
47
44
|
self.target = target
|
|
48
|
-
self.callsites:
|
|
45
|
+
self.callsites: list[CallSite] = []
|
|
49
46
|
|
|
50
47
|
def __repr__(self):
|
|
51
48
|
return "<Trace with %d callsites>" % len(self.callsites)
|
|
@@ -55,7 +52,7 @@ class CallTrace:
|
|
|
55
52
|
return self.target
|
|
56
53
|
return self.callsites[-1].caller_func_addr
|
|
57
54
|
|
|
58
|
-
def step_back(self, caller_func_addr: int, block_addr:
|
|
55
|
+
def step_back(self, caller_func_addr: int, block_addr: int | None, callee_func_addr) -> "CallTrace":
|
|
59
56
|
# create a new CallSite object
|
|
60
57
|
site = CallSite(caller_func_addr, block_addr, callee_func_addr)
|
|
61
58
|
t = self.copy()
|
|
@@ -1,18 +1,11 @@
|
|
|
1
1
|
from typing import (
|
|
2
2
|
Optional,
|
|
3
|
-
Dict,
|
|
4
|
-
Set,
|
|
5
|
-
Iterable,
|
|
6
|
-
Type,
|
|
7
|
-
Union,
|
|
8
|
-
List,
|
|
9
3
|
TYPE_CHECKING,
|
|
10
|
-
Tuple,
|
|
11
4
|
overload,
|
|
12
5
|
Literal,
|
|
13
6
|
Any,
|
|
14
|
-
Iterator,
|
|
15
7
|
)
|
|
8
|
+
from collections.abc import Iterable, Iterator
|
|
16
9
|
from dataclasses import dataclass
|
|
17
10
|
|
|
18
11
|
import networkx
|
|
@@ -45,11 +38,11 @@ def _is_definition(node):
|
|
|
45
38
|
@dataclass
|
|
46
39
|
class FunctionCallRelationships: # TODO this doesn't belong in this file anymore
|
|
47
40
|
callsite: CodeLocation
|
|
48
|
-
target:
|
|
49
|
-
args_defns:
|
|
50
|
-
other_input_defns:
|
|
51
|
-
ret_defns:
|
|
52
|
-
other_output_defns:
|
|
41
|
+
target: int | None
|
|
42
|
+
args_defns: list[set[Definition]]
|
|
43
|
+
other_input_defns: set[Definition]
|
|
44
|
+
ret_defns: set[Definition]
|
|
45
|
+
other_output_defns: set[Definition]
|
|
53
46
|
|
|
54
47
|
|
|
55
48
|
class DepGraph:
|
|
@@ -64,7 +57,7 @@ class DepGraph:
|
|
|
64
57
|
:param graph: A graph where nodes are definitions, and edges represent uses.
|
|
65
58
|
"""
|
|
66
59
|
# Used for memoization of the `transitive_closure` method.
|
|
67
|
-
self._transitive_closures:
|
|
60
|
+
self._transitive_closures: dict = {}
|
|
68
61
|
|
|
69
62
|
if graph and not all(map(_is_definition, graph.nodes)):
|
|
70
63
|
raise TypeError("In a DepGraph, nodes need to be <%s>s." % Definition.__name__)
|
|
@@ -115,7 +108,7 @@ class DepGraph:
|
|
|
115
108
|
def_: Definition[Atom],
|
|
116
109
|
graph: "networkx.DiGraph[Definition[Atom]]",
|
|
117
110
|
result: "networkx.DiGraph[Definition[Atom]]",
|
|
118
|
-
visited:
|
|
111
|
+
visited: set[Definition[Atom]] | None = None,
|
|
119
112
|
):
|
|
120
113
|
"""
|
|
121
114
|
Returns a joint graph that comprises the transitive closure of all defs that `def_` depends on and the
|
|
@@ -157,7 +150,7 @@ class DepGraph:
|
|
|
157
150
|
return any(map(lambda definition: definition.atom == atom, self.nodes()))
|
|
158
151
|
|
|
159
152
|
def add_dependencies_for_concrete_pointers_of(
|
|
160
|
-
self, values: Iterable[
|
|
153
|
+
self, values: Iterable[claripy.ast.Base | int], definition: Definition, cfg: CFGModel, loader: Loader
|
|
161
154
|
):
|
|
162
155
|
"""
|
|
163
156
|
When a given definition holds concrete pointers, make sure the <MemoryLocation>s they point to are present in
|
|
@@ -170,7 +163,7 @@ class DepGraph:
|
|
|
170
163
|
"""
|
|
171
164
|
assert definition in self.nodes(), "The given Definition must be present in the given graph."
|
|
172
165
|
|
|
173
|
-
known_predecessor_addresses:
|
|
166
|
+
known_predecessor_addresses: list[int | claripy.ast.Base] = list(
|
|
174
167
|
# Needs https://github.com/python/mypy/issues/6847
|
|
175
168
|
map(
|
|
176
169
|
lambda definition: definition.atom.addr, # type: ignore
|
|
@@ -187,7 +180,7 @@ class DepGraph:
|
|
|
187
180
|
else:
|
|
188
181
|
concrete_known_pred_addresses.append(address)
|
|
189
182
|
|
|
190
|
-
unknown_concrete_addresses:
|
|
183
|
+
unknown_concrete_addresses: set[int] = set()
|
|
191
184
|
for v in values:
|
|
192
185
|
if isinstance(v, claripy.ast.Base) and v.concrete:
|
|
193
186
|
v = v.concrete_value
|
|
@@ -220,7 +213,7 @@ class DepGraph:
|
|
|
220
213
|
|
|
221
214
|
self.graph.add_edge(memory_location_definition, definition)
|
|
222
215
|
|
|
223
|
-
def find_definitions(self, **kwargs) ->
|
|
216
|
+
def find_definitions(self, **kwargs) -> list[Definition]:
|
|
224
217
|
"""
|
|
225
218
|
Filter the definitions present in the graph based on various criteria.
|
|
226
219
|
Parameters can be any valid keyword args to `DefinitionMatchPredicate`
|
|
@@ -236,80 +229,80 @@ class DepGraph:
|
|
|
236
229
|
@overload
|
|
237
230
|
def find_all_predecessors(
|
|
238
231
|
self,
|
|
239
|
-
starts:
|
|
232
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
240
233
|
*,
|
|
241
|
-
kind:
|
|
234
|
+
kind: type[A],
|
|
242
235
|
**kwargs: Any,
|
|
243
|
-
) ->
|
|
236
|
+
) -> list[Definition[A]]: ...
|
|
244
237
|
|
|
245
238
|
@overload
|
|
246
239
|
def find_all_predecessors(
|
|
247
240
|
self,
|
|
248
|
-
starts:
|
|
241
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
249
242
|
*,
|
|
250
243
|
kind: Literal[AtomKind.REGISTER] = AtomKind.REGISTER,
|
|
251
244
|
**kwargs: Any,
|
|
252
|
-
) ->
|
|
245
|
+
) -> list[Definition[Register]]: ...
|
|
253
246
|
|
|
254
247
|
@overload
|
|
255
248
|
def find_all_predecessors(
|
|
256
249
|
self,
|
|
257
|
-
starts:
|
|
250
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
258
251
|
*,
|
|
259
252
|
kind: Literal[AtomKind.MEMORY] = AtomKind.MEMORY,
|
|
260
253
|
**kwargs: Any,
|
|
261
|
-
) ->
|
|
254
|
+
) -> list[Definition[MemoryLocation]]: ...
|
|
262
255
|
|
|
263
256
|
@overload
|
|
264
257
|
def find_all_predecessors(
|
|
265
258
|
self,
|
|
266
|
-
starts:
|
|
259
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
267
260
|
*,
|
|
268
261
|
kind: Literal[AtomKind.TMP] = AtomKind.TMP,
|
|
269
262
|
**kwargs: Any,
|
|
270
|
-
) ->
|
|
263
|
+
) -> list[Definition[Tmp]]: ...
|
|
271
264
|
|
|
272
265
|
@overload
|
|
273
266
|
def find_all_predecessors(
|
|
274
267
|
self,
|
|
275
|
-
starts:
|
|
268
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
276
269
|
*,
|
|
277
270
|
kind: Literal[AtomKind.CONSTANT] = AtomKind.CONSTANT,
|
|
278
271
|
**kwargs: Any,
|
|
279
|
-
) ->
|
|
272
|
+
) -> list[Definition[ConstantSrc]]: ...
|
|
280
273
|
|
|
281
274
|
@overload
|
|
282
275
|
def find_all_predecessors(
|
|
283
276
|
self,
|
|
284
|
-
starts:
|
|
277
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
285
278
|
*,
|
|
286
279
|
kind: Literal[AtomKind.GUARD] = AtomKind.GUARD,
|
|
287
280
|
**kwargs: Any,
|
|
288
|
-
) ->
|
|
281
|
+
) -> list[Definition[GuardUse]]: ...
|
|
289
282
|
|
|
290
283
|
@overload
|
|
291
284
|
def find_all_predecessors(
|
|
292
285
|
self,
|
|
293
|
-
starts:
|
|
286
|
+
starts: Definition[Atom] | Iterable[Definition[Atom]],
|
|
294
287
|
*,
|
|
295
|
-
reg_name:
|
|
288
|
+
reg_name: int | str = ...,
|
|
296
289
|
**kwargs: Any,
|
|
297
|
-
) ->
|
|
290
|
+
) -> list[Definition[Register]]: ...
|
|
298
291
|
|
|
299
292
|
@overload
|
|
300
293
|
def find_all_predecessors(
|
|
301
|
-
self, starts:
|
|
302
|
-
) ->
|
|
294
|
+
self, starts: Definition[Atom] | Iterable[Definition[Atom]], *, stack_offset: int = ..., **kwargs: Any
|
|
295
|
+
) -> list[Definition[MemoryLocation]]: ...
|
|
303
296
|
|
|
304
297
|
@overload
|
|
305
298
|
def find_all_predecessors(
|
|
306
|
-
self, starts:
|
|
307
|
-
) ->
|
|
299
|
+
self, starts: Definition[Atom] | Iterable[Definition[Atom]], *, const_val: int = ..., **kwargs: Any
|
|
300
|
+
) -> list[Definition[ConstantSrc]]: ...
|
|
308
301
|
|
|
309
302
|
@overload
|
|
310
303
|
def find_all_predecessors(
|
|
311
|
-
self, starts:
|
|
312
|
-
) ->
|
|
304
|
+
self, starts: Definition[Atom] | Iterable[Definition[Atom]], **kwargs: Any
|
|
305
|
+
) -> list[Definition[Atom]]: ...
|
|
313
306
|
|
|
314
307
|
def find_all_predecessors(self, starts, **kwargs):
|
|
315
308
|
"""
|
|
@@ -335,7 +328,7 @@ class DepGraph:
|
|
|
335
328
|
result.append(pred)
|
|
336
329
|
return result
|
|
337
330
|
|
|
338
|
-
def find_all_successors(self, starts:
|
|
331
|
+
def find_all_successors(self, starts: Definition | Iterable[Definition], **kwargs) -> list[Definition]:
|
|
339
332
|
"""
|
|
340
333
|
Filter the descendents of the given start node or nodes that match various criteria.
|
|
341
334
|
Parameters can be any valid keyword args to `DefinitionMatchPredicate`
|
|
@@ -356,8 +349,8 @@ class DepGraph:
|
|
|
356
349
|
return result
|
|
357
350
|
|
|
358
351
|
def find_path(
|
|
359
|
-
self, starts:
|
|
360
|
-
) ->
|
|
352
|
+
self, starts: Definition | Iterable[Definition], ends: Definition | Iterable[Definition], **kwargs
|
|
353
|
+
) -> tuple[Definition, ...] | None:
|
|
361
354
|
"""
|
|
362
355
|
Find a path between the given start node or nodes and the given end node or nodes.
|
|
363
356
|
All the intermediate steps in the path must match the criteria given in kwargs.
|
|
@@ -369,8 +362,8 @@ class DepGraph:
|
|
|
369
362
|
return next(self.find_paths(starts, ends, **kwargs), None)
|
|
370
363
|
|
|
371
364
|
def find_paths(
|
|
372
|
-
self, starts:
|
|
373
|
-
) -> Iterator[
|
|
365
|
+
self, starts: Definition | Iterable[Definition], ends: Definition | Iterable[Definition], **kwargs
|
|
366
|
+
) -> Iterator[tuple[Definition, ...]]:
|
|
374
367
|
"""
|
|
375
368
|
Find all non-overlapping simple paths between the given start node or nodes and the given end node or nodes.
|
|
376
369
|
All the intermediate steps in the path must match the criteria given in kwargs.
|
|
@@ -381,10 +374,10 @@ class DepGraph:
|
|
|
381
374
|
"""
|
|
382
375
|
predicate = DefinitionMatchPredicate.construct(**kwargs)
|
|
383
376
|
ends = {ends} if isinstance(ends, Definition) else set(ends)
|
|
384
|
-
queue:
|
|
377
|
+
queue: list[tuple[Definition, ...]] = (
|
|
385
378
|
[(starts,)] if isinstance(starts, Definition) else [(start,) for start in starts]
|
|
386
379
|
)
|
|
387
|
-
seen:
|
|
380
|
+
seen: set[Definition] = {starts} if isinstance(starts, Definition) else set(starts)
|
|
388
381
|
while queue:
|
|
389
382
|
path = queue.pop()
|
|
390
383
|
for succ in self.graph.succ[path[-1]]:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# pylint:disable=missing-class-docstring,too-many-boolean-expressions
|
|
2
2
|
from itertools import chain
|
|
3
|
-
from
|
|
3
|
+
from collections.abc import Iterable
|
|
4
4
|
import logging
|
|
5
5
|
|
|
6
6
|
import archinfo
|
|
@@ -34,7 +34,7 @@ class SimEngineRDAIL(
|
|
|
34
34
|
def __init__(
|
|
35
35
|
self,
|
|
36
36
|
project,
|
|
37
|
-
function_handler:
|
|
37
|
+
function_handler: FunctionHandler | None = None,
|
|
38
38
|
stack_pointer_tracker=None,
|
|
39
39
|
use_callee_saved_regs_at_return=True,
|
|
40
40
|
bp_as_gpr: bool = False,
|
|
@@ -463,7 +463,7 @@ class SimEngineRDAIL(
|
|
|
463
463
|
self.state.kill_and_add_definition(reg_atom, value, override_codeloc=extloc)
|
|
464
464
|
|
|
465
465
|
# extract Definitions
|
|
466
|
-
defs:
|
|
466
|
+
defs: Iterable[Definition] | None = None
|
|
467
467
|
for vs in value.values():
|
|
468
468
|
for v in vs:
|
|
469
469
|
if defs is None:
|
|
@@ -502,7 +502,7 @@ class SimEngineRDAIL(
|
|
|
502
502
|
self.state.add_memory_use_by_def(def_, expr=expr)
|
|
503
503
|
return MultiValues(top)
|
|
504
504
|
|
|
505
|
-
result:
|
|
505
|
+
result: MultiValues | None = None
|
|
506
506
|
for addr in addrs_v:
|
|
507
507
|
if not isinstance(addr, claripy.ast.Base):
|
|
508
508
|
continue
|
|
@@ -546,7 +546,12 @@ class SimEngineRDAIL(
|
|
|
546
546
|
bits = expr.to_bits
|
|
547
547
|
size = bits // self.arch.byte_width
|
|
548
548
|
|
|
549
|
-
if
|
|
549
|
+
if (
|
|
550
|
+
to_conv.count() == 1
|
|
551
|
+
and 0 in to_conv
|
|
552
|
+
and expr.from_type == ailment.Expr.Convert.TYPE_INT
|
|
553
|
+
and expr.to_type == ailment.Expr.Convert.TYPE_INT
|
|
554
|
+
):
|
|
550
555
|
values = to_conv[0]
|
|
551
556
|
else:
|
|
552
557
|
top = self.state.top(expr.to_bits)
|
|
@@ -1113,6 +1118,7 @@ class SimEngineRDAIL(
|
|
|
1113
1118
|
_ail_handle_CmpGEs = _ail_handle_Cmp
|
|
1114
1119
|
_ail_handle_CmpGT = _ail_handle_Cmp
|
|
1115
1120
|
_ail_handle_CmpGTs = _ail_handle_Cmp
|
|
1121
|
+
_ail_handle_CmpORD = _ail_handle_Cmp
|
|
1116
1122
|
|
|
1117
1123
|
def _ail_handle_TernaryOp(self, expr) -> MultiValues:
|
|
1118
1124
|
_ = self._expr(expr.operands[0])
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
from itertools import chain
|
|
2
|
-
from typing import Optional,
|
|
2
|
+
from typing import Optional, TYPE_CHECKING
|
|
3
|
+
from collections.abc import Iterable
|
|
3
4
|
import logging
|
|
4
5
|
|
|
5
6
|
import pyvex
|
|
@@ -216,10 +217,10 @@ class SimEngineRDVEX(
|
|
|
216
217
|
|
|
217
218
|
def _store_core(
|
|
218
219
|
self,
|
|
219
|
-
addr: Iterable[
|
|
220
|
+
addr: Iterable[int | claripy.ast.bv.BV],
|
|
220
221
|
size: int,
|
|
221
222
|
data: MultiValues,
|
|
222
|
-
data_old:
|
|
223
|
+
data_old: MultiValues | None = None,
|
|
223
224
|
endness=None,
|
|
224
225
|
):
|
|
225
226
|
if data_old is not None:
|
|
@@ -229,7 +230,7 @@ class SimEngineRDVEX(
|
|
|
229
230
|
if self.state.is_top(a):
|
|
230
231
|
l.debug("Memory address undefined, ins_addr = %#x.", self.ins_addr)
|
|
231
232
|
else:
|
|
232
|
-
tags:
|
|
233
|
+
tags: set[Tag] | None
|
|
233
234
|
if isinstance(a, int):
|
|
234
235
|
atom = MemoryLocation(a, size)
|
|
235
236
|
tags = None
|
|
@@ -361,7 +362,7 @@ class SimEngineRDVEX(
|
|
|
361
362
|
data = MultiValues(top)
|
|
362
363
|
return data
|
|
363
364
|
|
|
364
|
-
def _handle_RdTmp(self, expr: pyvex.IRExpr.RdTmp) ->
|
|
365
|
+
def _handle_RdTmp(self, expr: pyvex.IRExpr.RdTmp) -> MultiValues | None:
|
|
365
366
|
tmp: int = expr.tmp
|
|
366
367
|
|
|
367
368
|
self.state.add_tmp_use(tmp)
|
|
@@ -387,7 +388,7 @@ class SimEngineRDVEX(
|
|
|
387
388
|
# write it to registers
|
|
388
389
|
self.state.kill_and_add_definition(reg_atom, values, override_codeloc=self._external_codeloc())
|
|
389
390
|
|
|
390
|
-
current_defs:
|
|
391
|
+
current_defs: Iterable[Definition] | None = None
|
|
391
392
|
for vs in values.values():
|
|
392
393
|
for v in vs:
|
|
393
394
|
if current_defs is None:
|
|
@@ -432,7 +433,7 @@ class SimEngineRDVEX(
|
|
|
432
433
|
return MultiValues(top)
|
|
433
434
|
|
|
434
435
|
def _load_core(self, addrs: Iterable[claripy.ast.Base], size: int, endness: str) -> MultiValues:
|
|
435
|
-
result:
|
|
436
|
+
result: MultiValues | None = None
|
|
436
437
|
# we may get more than one stack addrs with the same value but different annotations (because they are defined
|
|
437
438
|
# at different locations). only load them once.
|
|
438
439
|
loaded_stack_offsets = set()
|
|
@@ -1080,7 +1081,7 @@ class SimEngineRDVEX(
|
|
|
1080
1081
|
# User defined high level statement handlers
|
|
1081
1082
|
#
|
|
1082
1083
|
|
|
1083
|
-
def _handle_function(self, func_addr:
|
|
1084
|
+
def _handle_function(self, func_addr: MultiValues | None):
|
|
1084
1085
|
if func_addr is None:
|
|
1085
1086
|
func_addr = self.state.top(self.state.arch.bits)
|
|
1086
1087
|
|