angr 9.2.117__py3-none-win_amd64.whl → 9.2.119__py3-none-win_amd64.whl

angr/analyses/bindiff.py

@@ -1,3 +1,4 @@
+from __future__ import annotations
 import logging
 import math
 import types
@@ -188,8 +189,7 @@ def differing_constants(block_a, block_b):
         for d in differences:
             if d.type != DIFF_VALUE:
                 raise UnmatchedStatementsException("Instruction has changed")
-            else:
-                changes.append(ConstantChange(current_offset, d.value_a, d.value_b))
+            changes.append(ConstantChange(current_offset, d.value_a, d.value_b))
 
     return changes
 
@@ -207,12 +207,14 @@ def compare_statement_dict(statement_1, statement_2):
 
     # constants
     if isinstance(statement_1, (int, float, str, bytes)):
-        if isinstance(statement_1, float) and math.isnan(statement_1) and math.isnan(statement_2):
-            return []
-        elif statement_1 == statement_2:
+        if (
+            isinstance(statement_1, float)
+            and math.isnan(statement_1)
+            and math.isnan(statement_2)
+            or statement_1 == statement_2
+        ):
             return []
-        else:
-            return [Difference(None, statement_1, statement_2)]
+        return [Difference(None, statement_1, statement_2)]
 
     # tuples/lists
     if isinstance(statement_1, (tuple, list)):
@@ -286,7 +288,7 @@ class NormalizedBlock:
 
 class NormalizedFunction:
     # a more normalized function
-    def __init__(self, function: "Function"):
+    def __init__(self, function: Function):
         # start by copying the graph
         self.graph: networkx.DiGraph = function.graph.copy()
         self.project = function._function_manager._kb._project
@@ -314,7 +316,7 @@ class NormalizedFunction:
                     and successors[0].addr > node.addr
                 ):
                     # add edges to the successors of its successor, and delete the original successors
-                    succ = list(self.graph.successors(node))[0]
+                    succ = next(iter(self.graph.successors(node)))
                     for s in self.graph.successors(succ):
                         self.graph.add_edge(node, s)
                     self.graph.remove_node(succ)
@@ -349,7 +351,7 @@ class FunctionDiff:
     This class computes the a diff between two functions.
     """
 
-    def __init__(self, function_a: "Function", function_b: "Function", bindiff=None):
+    def __init__(self, function_a: Function, function_b: Function, bindiff=None):
         """
         :param function_a: The first angr Function object to diff.
         :param function_b: The second angr Function object.
@@ -377,10 +379,7 @@ class FunctionDiff:
         """
         if len(self._unmatched_blocks_from_a | self._unmatched_blocks_from_b) > 0:
             return False
-        for a, b in self._block_matches:
-            if not self.blocks_probably_identical(a, b):
-                return False
-        return True
+        return all(self.blocks_probably_identical(a, b) for a, b in self._block_matches)
 
     @property
     def identical_blocks(self):
@@ -451,8 +450,7 @@ class FunctionDiff:
         if self._project_a.is_hooked(block_a) and self._project_b.is_hooked(block_b):
             if self._project_a._sim_procedures[block_a] == self._project_b._sim_procedures[block_b]:
                 return 1.0
-            else:
-                return 0.0
+            return 0.0
 
         try:
             block_a = NormalizedBlock(block_a, self._function_a)
@@ -467,7 +465,7 @@ class FunctionDiff:
         # if both were None then they are assumed to be the same, if only one was the same they are assumed to differ
         if block_a is None and block_b is None:
             return 1.0
-        elif block_a is None or block_b is None:
+        if block_a is None or block_b is None:
             return 0.0
 
         # get all elements for computing similarity
@@ -494,9 +492,7 @@ class FunctionDiff:
         num_values += max(len(consts_a), len(consts_b))
         num_values += max(len(block_a.operations), len(block_b.operations))
         num_values += 1  # jumpkind
-        similarity = 1 - (float(total_dist) / num_values)
-
-        return similarity
+        return 1 - (float(total_dist) / num_values)
 
     def blocks_probably_identical(self, block_a, block_b, check_constants=False):
         """
@@ -522,7 +518,7 @@ class FunctionDiff:
         # if both were None then they are assumed to be the same, if only one was None they are assumed to differ
         if block_a is None and block_b is None:
             return True
-        elif block_a is None or block_b is None:
+        if block_a is None or block_b is None:
             return False
 
         # if they represent a different number of blocks they are not the same
@@ -585,13 +581,10 @@ class FunctionDiff:
 
         attributes = {}
         for block in function.graph.nodes():
-            if block in call_sites:
-                number_of_subfunction_calls = len(call_sites[block])
-            else:
-                number_of_subfunction_calls = 0
+            number_of_subfunction_calls = len(call_sites[block]) if block in call_sites else 0
             # there really shouldn't be blocks that can't be reached from the start, but there are for now
-            dist_start = distances_from_start[block] if block in distances_from_start else 10000
-            dist_exit = distances_from_exit[block] if block in distances_from_exit else 10000
+            dist_start = distances_from_start.get(block, 10000)
+            dist_exit = distances_from_exit.get(block, 10000)
 
             attributes[block] = (dist_start, dist_exit, number_of_subfunction_calls)
 
@@ -644,8 +637,8 @@ class FunctionDiff:
         # get the attributes for all blocks
         l.debug(
             "Computing diff of functions: %s, %s",
-            ("%#x" % self._function_a.startpoint.addr) if self._function_a.startpoint is not None else "None",
-            ("%#x" % self._function_b.startpoint.addr) if self._function_b.startpoint is not None else "None",
+            (f"{self._function_a.startpoint.addr:#x}") if self._function_a.startpoint is not None else "None",
+            (f"{self._function_b.startpoint.addr:#x}") if self._function_b.startpoint is not None else "None",
         )
         self.attributes_a = self._compute_block_attributes(self._function_a)
         self.attributes_b = self._compute_block_attributes(self._function_b)
@@ -659,7 +652,7 @@ class FunctionDiff:
         to_process = deque(initial_matches)
 
         # Keep track of which matches we've already added to the queue
-        processed_matches = {(x, y) for (x, y) in initial_matches}
+        processed_matches = set(initial_matches)
 
         # Keep a dict of current matches, which will be updated if better matches are found
         matched_a = {}
@@ -727,7 +720,7 @@ class FunctionDiff:
                         to_process.appendleft((x, y))
 
         # reformat matches into a set of pairs
-        self._block_matches = {(x, y) for (x, y) in matched_a.items()}
+        self._block_matches = set(matched_a.items())
 
         # get the unmatched blocks
         self._unmatched_blocks_from_a = {x for x in self._function_a.graph.nodes() if x not in matched_a}
@@ -774,12 +767,12 @@ class FunctionDiff:
         """
         # get the attributes that are in the sets
         if filter_set_a is None:
-            filtered_attributes_a = {k: v for k, v in attributes_a.items()}
+            filtered_attributes_a = dict(attributes_a.items())
         else:
             filtered_attributes_a = {k: v for k, v in attributes_a.items() if k in filter_set_a}
 
         if filter_set_b is None:
-            filtered_attributes_b = {k: v for k, v in attributes_b.items()}
+            filtered_attributes_b = dict(attributes_b.items())
         else:
             filtered_attributes_b = {k: v for k, v in attributes_b.items() if k in filter_set_b}
 
@@ -1021,9 +1014,9 @@ class BinDiff(Analysis):
             if cfg.kb.functions.function(function_addr) is None or cfg.kb.functions.function(function_addr).is_syscall:
                 continue
             if cfg.kb.functions.function(function_addr) is not None:
-                normalized_funtion = NormalizedFunction(cfg.kb.functions.function(function_addr))
-                number_of_basic_blocks = len(normalized_funtion.graph.nodes())
-                number_of_edges = len(normalized_funtion.graph.edges())
+                normalized_function = NormalizedFunction(cfg.kb.functions.function(function_addr))
+                number_of_basic_blocks = len(normalized_function.graph.nodes())
+                number_of_edges = len(normalized_function.graph.edges())
             else:
                 number_of_basic_blocks = 0
                 number_of_edges = 0
@@ -1084,9 +1077,7 @@ class BinDiff(Analysis):
         # remove ones that aren't in the interfunction graph, because these seem to not be consistent
         all_funcs_a = set(self.cfg_a.kb.callgraph.nodes())
         all_funcs_b = set(self.cfg_b.kb.callgraph.nodes())
-        plt_matches = [x for x in plt_matches if x[0] in all_funcs_a and x[1] in all_funcs_b]
-
-        return plt_matches
+        return [x for x in plt_matches if x[0] in all_funcs_a and x[1] in all_funcs_b]
 
     def _get_name_matches(self):
         names_to_addrs_a = defaultdict(list)
@@ -1125,7 +1116,7 @@ class BinDiff(Analysis):
         to_process = deque(initial_matches)
 
         # Keep track of which matches we've already added to the queue
-        processed_matches = {(x, y) for (x, y) in initial_matches}
+        processed_matches = set(initial_matches)
 
         # Keep a dict of current matches, which will be updated if better matches are found
         matched_a = {}
@@ -1200,8 +1191,8 @@ class BinDiff(Analysis):
                 self.function_matches.add((x, y))
 
         # get the unmatched functions
-        self._unmatched_functions_from_a = {x for x in self.attributes_a.keys() if x not in matched_a}
-        self._unmatched_functions_from_b = {x for x in self.attributes_b.keys() if x not in matched_b}
+        self._unmatched_functions_from_a = {x for x in self.attributes_a if x not in matched_a}
+        self._unmatched_functions_from_b = {x for x in self.attributes_b if x not in matched_b}
 
         # remove unneeded function diffs
         for x, y in dict(self._function_diffs):
@@ -1222,12 +1213,12 @@ class BinDiff(Analysis):
         """
         # get the attributes that are in the sets
         if filter_set_a is None:
-            filtered_attributes_a = {k: v for k, v in attributes_a.items()}
+            filtered_attributes_a = dict(attributes_a.items())
         else:
             filtered_attributes_a = {k: v for k, v in attributes_a.items() if k in filter_set_a}
 
         if filter_set_b is None:
-            filtered_attributes_b = {k: v for k, v in attributes_b.items()}
+            filtered_attributes_b = dict(attributes_b.items())
         else:
             filtered_attributes_b = {k: v for k, v in attributes_b.items() if k in filter_set_b}
 

angr/analyses/boyscout.py

@@ -1,3 +1,4 @@
+from __future__ import annotations
 import logging
 import re
 from collections import defaultdict

angr/analyses/callee_cleanup_finder.py

@@ -1,3 +1,4 @@
+from __future__ import annotations
 from . import Analysis
 from .. import SIM_PROCEDURES
 
@@ -57,10 +58,8 @@ class CalleeCleanupFinder(Analysis):
                     if stmt.tag == "Ist_IMark":
                         l.error("VERY strange return instruction at %#x...", addr)
                         break
-                    if stmt.tag == "Ist_WrTmp":
-                        if stmt.data.tag == "Iex_Binop":
-                            if stmt.data.op.startswith("Iop_Add"):
-                                return stmt.data.args[1].con.value - self.project.arch.bytes
+                    if stmt.tag == "Ist_WrTmp" and stmt.data.tag == "Iex_Binop" and stmt.data.op.startswith("Iop_Add"):
+                        return stmt.data.args[1].con.value - self.project.arch.bytes
             elif irsb.jumpkind == "Ijk_Call":
                 if addr + irsb.size not in seen:
                     todo.append(addr + irsb.size)

angr/analyses/calling_convention.py

@@ -1,6 +1,7 @@
 # pylint:disable=no-self-use
+from __future__ import annotations
 from collections import defaultdict
-from typing import Optional, Union, TYPE_CHECKING
+from typing import TYPE_CHECKING
 import logging
 
 import networkx
@@ -87,8 +88,8 @@ class CallingConventionAnalysis(Analysis):
 
     def __init__(
         self,
-        func: Union["Function", int, str] | None,
-        cfg: Optional["CFGModel"] = None,
+        func: Function | int | str | None,
+        cfg: CFGModel | None = None,
         analyze_callsites: bool = False,
         caller_func_addr: int | None = None,
         callsite_block_addr: int | None = None,
@@ -174,10 +175,7 @@ class CallingConventionAnalysis(Analysis):
                             else None
                         ),
                     )
-                    if cc_cls is not None:
-                        cc = cc_cls(self.project.arch)
-                    else:
-                        cc = None
+                    cc = cc_cls(self.project.arch) if cc_cls is not None else None
                     prototype = None
                     if callsite_facts:
                         if self.prototype is None:
@@ -232,10 +230,7 @@ class CallingConventionAnalysis(Analysis):
                     self.project.simos.name if self.project is not None and self.project.simos is not None else None
                 ),
             )
-            if cc_cls is not None:
-                cc = cc_cls(self.project.arch)
-            else:
-                cc = None
+            cc = cc_cls(self.project.arch) if cc_cls is not None else None
             prototype = SimTypeFunction([], None)
             prototype = self._adjust_prototype(
                 prototype, callsite_facts, update_arguments=UpdateArgumentsOption.AlwaysUpdate
@@ -281,9 +276,10 @@ class CallingConventionAnalysis(Analysis):
                 if self.project.is_hooked(real_func.addr):
                     # prioritize the hooker
                     hooker = self.project.hooked_by(real_func.addr)
-                    if hooker is not None:
-                        if not hooker.is_stub or hooker.is_function and not hooker.guessed_prototype:
-                            return real_func.calling_convention, hooker.prototype
+                    if hooker is not None and (
+                        not hooker.is_stub or hooker.is_function and not hooker.guessed_prototype
+                    ):
+                        return real_func.calling_convention, hooker.prototype
                 if real_func.calling_convention and real_func.prototype:
                     return real_func.calling_convention, real_func.prototype
             else:
@@ -293,10 +289,7 @@ class CallingConventionAnalysis(Analysis):
             # determine the calling convention by analyzing its callsites
             callsite_facts = self._extract_and_analyze_callsites(max_analyzing_callsites=1)
             cc_cls = default_cc(self.project.arch.name)
-            if cc_cls is not None:
-                cc = cc_cls(self.project.arch)
-            else:
-                cc = None
+            cc = cc_cls(self.project.arch) if cc_cls is not None else None
             prototype = SimTypeFunction([], None)
             prototype = self._adjust_prototype(
                 prototype, callsite_facts, update_arguments=UpdateArgumentsOption.AlwaysUpdate
@@ -343,18 +336,17 @@ class CallingConventionAnalysis(Analysis):
                 self._function,
             )
             return None
-        else:
-            # reorder args
-            args = self._reorder_args(input_args, cc)
-            if fixed_args is not None:
-                args = args[:fixed_args]
-
-            # guess the type of the return value -- it's going to be a wild guess...
-            ret_type = self._guess_retval_type(cc, vm.ret_val_size)
-            if self._function.name == "main" and self.project.arch.bits == 64 and isinstance(ret_type, SimTypeLongLong):
-                # hack - main must return an int even in 64-bit binaries
-                ret_type = SimTypeInt()
-            prototype = SimTypeFunction([self._guess_arg_type(arg, cc) for arg in args], ret_type, variadic=is_variadic)
+        # reorder args
+        args = self._reorder_args(input_args, cc)
+        if fixed_args is not None:
+            args = args[:fixed_args]
+
+        # guess the type of the return value -- it's going to be a wild guess...
+        ret_type = self._guess_retval_type(cc, vm.ret_val_size)
+        if self._function.name == "main" and self.project.arch.bits == 64 and isinstance(ret_type, SimTypeLongLong):
+            # hack - main must return an int even in 64-bit binaries
+            ret_type = SimTypeInt()
+        prototype = SimTypeFunction([self._guess_arg_type(arg, cc) for arg in args], ret_type, variadic=is_variadic)
 
         return cc, prototype
 
@@ -382,8 +374,7 @@ class CallingConventionAnalysis(Analysis):
             observation_points=observation_points,
         )
         # rda_model: Optional[ReachingDefinitionsModel] = self.kb.defs.get_model(caller.addr)
-        fact = self._collect_callsite_fact(caller_block, call_insn_addr, rda.model)
-        return fact
+        return self._collect_callsite_fact(caller_block, call_insn_addr, rda.model)
 
     def _extract_and_analyze_callsites(
         self,
@@ -406,16 +397,27 @@ class CallingConventionAnalysis(Analysis):
         facts = []
         in_edges = self._cfg.graph.in_edges(node, data=True)
 
-        call_sites_by_function: dict["Function", list[tuple[int, int]]] = defaultdict(list)
+        call_sites_by_function: dict[Function, list[tuple[int, int]]] = defaultdict(list)
+
+        if len(in_edges) == 1:
+            src, _, data = next(iter(in_edges))
+            if (
+                data.get("jumpkind", "Ijk_Call") == "Ijk_Boring"
+                and self.kb.functions.contains_addr(src.function_address)
+                and self.kb.functions[src.function_address].is_plt
+            ):
+                # find callers to the PLT stub instead
+                in_edges = self._cfg.graph.in_edges(src, data=True)
+
         for src, _, data in sorted(in_edges, key=lambda x: x[0].addr):
             edge_type = data.get("jumpkind", "Ijk_Call")
-            if edge_type != "Ijk_Call":
+            if not (edge_type == "Ijk_Call" or edge_type == "Ijk_Boring" and self._cfg.graph.out_degree[src] == 1):
                 continue
             if not self.kb.functions.contains_addr(src.function_address):
                 continue
             caller = self.kb.functions[src.function_address]
-            if caller.is_simprocedure:
-                # do not analyze SimProcedures
+            if caller.is_simprocedure or caller.is_alignment:
+                # do not analyze SimProcedures or alignment stubs
                 continue
             call_sites_by_function[caller].append((src.addr, src.instruction_addrs[-1]))
 
@@ -448,7 +450,7 @@ class CallingConventionAnalysis(Analysis):
 
     def _generate_callsite_subgraph(
         self,
-        func: "Function",
+        func: Function,
         callsite_block_addr: int,
         include_preds: bool = False,
     ) -> networkx.DiGraph | None:
@@ -512,16 +514,16 @@ class CallingConventionAnalysis(Analysis):
     def _analyze_callsite_return_value_uses(
         self, cc: SimCC, caller_block_addr: int, rda: ReachingDefinitionsModel, fact: CallSiteFact
     ) -> None:
-        all_defs: set["Definition"] = {
+        all_defs: set[Definition] = {
             def_
-            for def_ in rda.all_uses._uses_by_definition.keys()
+            for def_ in rda.all_uses._uses_by_definition
             if (
                 def_.codeloc.block_addr == caller_block_addr
                 and def_.codeloc.stmt_idx == DEFAULT_STATEMENT
                 or any(isinstance(tag, ReturnValueTag) for tag in def_.tags)
             )
         }
-        all_uses: "Uses" = rda.all_uses
+        all_uses: Uses = rda.all_uses
 
         # determine if the return value is used
         return_val = cc.RETURN_VAL
@@ -556,9 +558,9 @@ class CallingConventionAnalysis(Analysis):
     ) -> None:
         # determine if potential register and stack arguments are set
         state = rda.observed_results[("insn", call_insn_addr, OP_BEFORE)]
-        defs_by_reg_offset: dict[int, list["Definition"]] = defaultdict(list)
-        all_reg_defs: set["Definition"] = get_all_definitions(state.registers)
-        all_stack_defs: set["Definition"] = get_all_definitions(state.stack)
+        defs_by_reg_offset: dict[int, list[Definition]] = defaultdict(list)
+        all_reg_defs: set[Definition] = get_all_definitions(state.registers)
+        all_stack_defs: set[Definition] = get_all_definitions(state.stack)
         for d in all_reg_defs:
             if (
                 isinstance(d.atom, Register)
@@ -593,8 +595,10 @@ class CallingConventionAnalysis(Analysis):
         default_type_cls = SimTypeInt if self.project.arch.bits == 32 else SimTypeLongLong
         arg_session = cc.arg_session(default_type_cls().with_arch(self.project.arch))
         temp_args: list[SimFunctionArgument | None] = []
+        expected_args: list[SimFunctionArgument] = []
         for _ in range(30):  # at most 30 arguments
             arg_loc = cc.next_arg(arg_session, default_type_cls().with_arch(self.project.arch))
+            expected_args.append(arg_loc)
             if isinstance(arg_loc, SimRegArg):
                 reg_offset = self.project.arch.registers[arg_loc.reg_name][0]
                 # is it initialized?
@@ -612,6 +616,12 @@ class CallingConventionAnalysis(Analysis):
             else:
                 break
 
+        if None in temp_args:
+            first_none_idx = temp_args.index(None)
+            # test if there is at least one argument set after None; if so, we ignore the first None
+            if any(arg is not None for arg in temp_args[first_none_idx:]):
+                temp_args[first_none_idx] = expected_args[first_none_idx]
+
         if None in temp_args:
             # we be very conservative here and ignore all arguments starting from the first missing one
             first_none_idx = temp_args.index(None)
@@ -635,15 +645,15 @@ class CallingConventionAnalysis(Analysis):
             else:
                 proto.returnty = SimTypeInt().with_arch(self.project.arch)
 
-        if update_arguments == UpdateArgumentsOption.AlwaysUpdate or (
-            update_arguments == UpdateArgumentsOption.UpdateWhenCCHasNoArgs and not proto.args
-        ):
-            if len({len(fact.args) for fact in facts}) == 1:
-                fact = next(iter(facts))
-                proto.args = [
-                    self._guess_arg_type(arg) if arg is not None else SimTypeInt().with_arch(self.project.arch)
-                    for arg in fact.args
-                ]
+        if (
+            update_arguments == UpdateArgumentsOption.AlwaysUpdate
+            or (update_arguments == UpdateArgumentsOption.UpdateWhenCCHasNoArgs and not proto.args)
+        ) and len({len(fact.args) for fact in facts}) == 1:
+            fact = next(iter(facts))
+            proto.args = [
+                self._guess_arg_type(arg) if arg is not None else SimTypeInt().with_arch(self.project.arch)
+                for arg in fact.args
+            ]
 
         return proto
 
@@ -657,10 +667,7 @@ class CallingConventionAnalysis(Analysis):
         """
 
         args = set()
-        if not self.project.arch.call_pushes_ret:
-            ret_addr_offset = 0
-        else:
-            ret_addr_offset = self.project.arch.bytes
+        ret_addr_offset = 0 if not self.project.arch.call_pushes_ret else self.project.arch.bytes
 
         reg_vars_with_single_access: list[SimRegisterVariable] = []
 
@@ -754,31 +761,29 @@ class CallingConventionAnalysis(Analysis):
         if arch_name == "AARCH64":
             return 16 <= variable.reg < 80  # x0-x7
 
-        elif arch_name == "AMD64":
+        if arch_name == "AMD64":
             return 24 <= variable.reg < 40 or 64 <= variable.reg < 104  # rcx, rdx  # rsi, rdi, r8, r9, r10
             # 224 <= variable.reg < 480)  # xmm0-xmm7
 
-        elif is_arm_arch(arch):
+        if is_arm_arch(arch):
             if isinstance(arch, ArchARMHF):
                 return 8 <= variable.reg < 24 or 128 <= variable.reg < 160  # r0 - 32  # s0 - s7, or d0 - d4
-            else:
-                return 8 <= variable.reg < 24  # r0-r3
+            return 8 <= variable.reg < 24  # r0-r3
 
-        elif arch_name == "MIPS32":
+        if arch_name == "MIPS32":
             return 24 <= variable.reg < 40  # a0-a3
 
-        elif arch_name == "MIPS64":
+        if arch_name == "MIPS64":
             return 48 <= variable.reg < 80 or 112 <= variable.reg < 208  # a0-a3 or t4-t7
 
-        elif arch_name == "PPC32":
+        if arch_name == "PPC32":
             return 28 <= variable.reg < 60  # r3-r10
 
-        elif arch_name == "X86":
+        if arch_name == "X86":
             return 8 <= variable.reg < 24 or 160 <= variable.reg < 288  # eax, ebx, ecx, edx  # xmm0-xmm7
 
-        else:
-            l.critical("Unsupported architecture %s.", arch.name)
-            return True
+        l.critical("Unsupported architecture %s.", arch.name)
+        return True
 
     def _reorder_args(self, args: list[SimRegArg | SimStackArg], cc: SimCC) -> list[SimRegArg | SimStackArg]:
         """
@@ -838,55 +843,51 @@ class CallingConventionAnalysis(Analysis):
         return reg_args + int_args + fp_args + stack_args
 
     def _guess_arg_type(self, arg: SimFunctionArgument, cc: SimCC | None = None) -> SimType:
-        if cc is not None:
-            if cc.FP_ARG_REGS and isinstance(arg, SimRegArg) and arg.reg_name in cc.FP_ARG_REGS:
-                if arg.size == 4:
-                    return SimTypeFloat()
-                elif arg.size == 8:
-                    return SimTypeDouble()
+        if cc is not None and cc.FP_ARG_REGS and isinstance(arg, SimRegArg) and arg.reg_name in cc.FP_ARG_REGS:
+            if arg.size == 4:
+                return SimTypeFloat()
+            if arg.size == 8:
+                return SimTypeDouble()
 
         if arg.size == 4:
             return SimTypeInt()
-        elif arg.size == 8:
+        if arg.size == 8:
             return SimTypeLongLong()
-        elif arg.size == 2:
+        if arg.size == 2:
             return SimTypeShort()
-        elif arg.size == 1:
+        if arg.size == 1:
             return SimTypeChar()
-        else:
-            # Unsupported for now
-            return SimTypeBottom()
+        # Unsupported for now
+        return SimTypeBottom()
 
     def _guess_retval_type(self, cc: SimCC, ret_val_size: int | None) -> SimType:
-        if cc.FP_RETURN_VAL:
+        if cc.FP_RETURN_VAL and self._function.ret_sites:
             # examine the last block of the function and see which registers are assigned to
-            if self._function.ret_sites:
-                for ret_block in self._function.ret_sites:
-                    irsb = self.project.factory.block(ret_block.addr, size=ret_block.size).vex
-                    for stmt in irsb.statements:
-                        if isinstance(stmt, Put):
-                            if isinstance(stmt.data, RdTmp):
-                                reg_size = irsb.tyenv.sizeof(stmt.data.tmp) // self.project.arch.byte_width
-                                reg_name = self.project.arch.translate_register_name(stmt.offset, size=reg_size)
-                                if reg_name == cc.FP_RETURN_VAL.reg_name:
-                                    # possibly float
-                                    return SimTypeFloat() if reg_size == 4 else SimTypeDouble()
+            for ret_block in self._function.ret_sites:
+                irsb = self.project.factory.block(ret_block.addr, size=ret_block.size).vex
+                for stmt in irsb.statements:
+                    if isinstance(stmt, Put) and isinstance(stmt.data, RdTmp):
+                        reg_size = irsb.tyenv.sizeof(stmt.data.tmp) // self.project.arch.byte_width
+                        reg_name = self.project.arch.translate_register_name(stmt.offset, size=reg_size)
+                        if reg_name == cc.FP_RETURN_VAL.reg_name:
+                            # possibly float
+                            return SimTypeFloat() if reg_size == 4 else SimTypeDouble()
 
         if ret_val_size is not None:
             if ret_val_size == 1:
                 return SimTypeChar()
-            elif ret_val_size == 2:
+            if ret_val_size == 2:
                 return SimTypeShort()
-            elif 3 <= ret_val_size <= 4:
+            if 3 <= ret_val_size <= 4:
                 return SimTypeInt()
-            elif 5 <= ret_val_size <= 8:
+            if 5 <= ret_val_size <= 8:
                 return SimTypeLongLong()
 
         # fallback
         return SimTypeInt() if cc.arch.bits == 32 else SimTypeLongLong()
 
     @staticmethod
-    def _likely_saving_temp_reg(ail_block: ailment.Block, d: "Definition", all_reg_defs: set["Definition"]) -> bool:
+    def _likely_saving_temp_reg(ail_block: ailment.Block, d: Definition, all_reg_defs: set[Definition]) -> bool:
         if d.codeloc.block_addr == ail_block.addr and d.codeloc.stmt_idx < len(ail_block.statements):
             stmt = ail_block.statements[d.codeloc.stmt_idx]
             if isinstance(stmt, ailment.Stmt.Assignment) and isinstance(stmt.src, ailment.Expr.Register):
@@ -897,9 +898,8 @@ class CallingConventionAnalysis(Analysis):
                     ),
                     None,
                 )
-                if src_reg_def is not None:
-                    if isinstance(src_reg_def.codeloc, ExternalCodeLocation):
-                        return True
+                if src_reg_def is not None and isinstance(src_reg_def.codeloc, ExternalCodeLocation):
+                    return True
         return False
 
     def is_va_start_amd64(self, func: Function) -> tuple[bool, int | None]:

angr/analyses/cdg.py

@@ -1,3 +1,4 @@
+from __future__ import annotations
 import logging
 
 import networkx
@@ -68,8 +69,7 @@ class CDG(Analysis):
         """
         if run in self._graph.nodes():
             return list(self._graph.successors(run))
-        else:
-            return []
+        return []
 
     def get_guardians(self, run):
         """
@@ -77,8 +77,7 @@ class CDG(Analysis):
         """
         if run in self._graph.nodes():
             return list(self._graph.predecessors(run))
-        else:
-            return []
+        return []
 
     #
     # Private methods
@@ -163,14 +162,8 @@ class CDG(Analysis):
 
     @staticmethod
     def _pd_graph_successors(graph, node):
-        if type(node) is TemporaryNode:
-            # This is for testing
-            successors = graph.graph.successors(node)
-        else:
-            # Real CFGNode!
-            successors = graph.model.get_successors(node)
-
-        return successors
+        # The true condition is for testing
+        return graph.graph.successors(node) if type(node) is TemporaryNode else graph.model.get_successors(node)
 
     def _pd_post_process(self, cfg):
         """