angr 9.2.119__py3-none-manylinux2014_aarch64.whl → 9.2.121__py3-none-manylinux2014_aarch64.whl

angr/analyses/s_reaching_definitions/s_rda_view.py

@@ -0,0 +1,213 @@
+from __future__ import annotations
+
+import logging
+from collections import defaultdict
+
+from ailment.statement import Assignment, Call, Label
+from ailment.expression import VirtualVariable, Expression
+
+from angr.utils.ail import is_phi_assignment
+from angr.utils.graph import GraphUtils
+from angr.knowledge_plugins.key_definitions.constants import ObservationPointType, ObservationPoint
+from angr.utils.ssa import get_reg_offset_base
+from angr.calling_conventions import SimRegArg, default_cc
+
+from .s_rda_model import SRDAModel
+
+log = logging.getLogger(__name__)
+
+
+class SRDAView:
+    """
+    A view of SRDA model that provides various functionalities for querying the model.
+    """
+
+    def __init__(self, model: SRDAModel):
+        self.model = model
+
+    def _get_call_clobbered_regs(self, stmt: Call) -> set[int]:
+        cc = stmt.calling_convention
+        if cc is None:
+            # get the default calling convention
+            cc = default_cc(self.model.arch.name)  # TODO: platform and language
+        if cc is not None:
+            reg_list = cc.CALLER_SAVED_REGS
+            if isinstance(cc.RETURN_VAL, SimRegArg):
+                reg_list.append(cc.RETURN_VAL.reg_name)
+            return {self.model.arch.registers[reg_name][0] for reg_name in reg_list}
+        log.warning("Cannot determine registers that are clobbered by call statement %r.", stmt)
+        return set()
+
+    def _get_vvar_by_insn(self, addr: int, op_type: ObservationPointType, predicate, block_idx: int | None = None):
+        # find the starting block
+        for block in self.model.func_graph:
+            if block.idx == block_idx and block.addr <= addr < block.addr + block.original_size:
+                the_block = block
+                break
+        else:
+            return
+
+        starting_stmt_idx = len(the_block.statements) if op_type == ObservationPointType.OP_AFTER else 0
+        for stmt_idx, stmt in enumerate(the_block.statements):
+            # skip all labels and phi assignments
+            if isinstance(stmt, Label) or is_phi_assignment(stmt):
+                if op_type == ObservationPointType.OP_BEFORE:
+                    # ensure that we tick starting_stmt_idx forward
+                    starting_stmt_idx = stmt_idx
+                continue
+
+            if (
+                op_type == ObservationPointType.OP_BEFORE
+                and stmt.ins_addr == addr
+                or op_type == ObservationPointType.OP_AFTER
+                and stmt.ins_addr > addr
+            ):
+                starting_stmt_idx = stmt_idx
+                break
+
+        traversed = set()
+        queue = [(the_block, starting_stmt_idx)]
+        while queue:
+            block, start_stmt_idx = queue.pop(0)
+            traversed.add(block)
+
+            stmts = block.statements[:start_stmt_idx] if start_stmt_idx is not None else block.statements
+
+            for stmt in reversed(stmts):
+                should_break = predicate(stmt)
+                if should_break:
+                    break
+            else:
+                # not found
+                for pred in self.model.func_graph.predecessors(block):
+                    if pred not in traversed:
+                        traversed.add(pred)
+                        queue.append((pred, None))
+
+    def get_reg_vvar_by_insn(
+        self, reg_offset: int, addr: int, op_type: ObservationPointType, block_idx: int | None = None
+    ) -> VirtualVariable | None:
+        reg_offset = get_reg_offset_base(reg_offset, self.model.arch)
+        vvars = set()
+
+        def _predicate(stmt) -> bool:
+            if (
+                isinstance(stmt, Assignment)
+                and isinstance(stmt.dst, VirtualVariable)
+                and stmt.dst.was_reg
+                and stmt.dst.reg_offset == reg_offset
+            ):
+                vvars.add(stmt.dst)
+                return True
+            if isinstance(stmt, Call):
+                if (
+                    isinstance(stmt.ret_expr, VirtualVariable)
+                    and stmt.ret_expr.was_reg
+                    and stmt.ret_expr.reg_offset == reg_offset
+                ):
+                    vvars.add(stmt.ret_expr)
+                    return True
+                # is it clobbered maybe?
+                clobbered_regs = self._get_call_clobbered_regs(stmt)
+                if reg_offset in clobbered_regs:
+                    return True
+            return False
+
+        self._get_vvar_by_insn(addr, op_type, _predicate, block_idx=block_idx)
+
+        assert len(vvars) <= 1
+        return next(iter(vvars), None)
+
+    def get_stack_vvar_by_insn(  # pylint: disable=too-many-positional-arguments
+        self, stack_offset: int, size: int, addr: int, op_type: ObservationPointType, block_idx: int | None = None
+    ) -> VirtualVariable | None:
+        vvars = set()
+
+        def _predicate(stmt) -> bool:
+            if (
+                isinstance(stmt, Assignment)
+                and isinstance(stmt.dst, VirtualVariable)
+                and stmt.dst.was_stack
+                and stmt.dst.stack_offset == stack_offset
+                and stmt.dst.size == size
+            ):
+                vvars.add(stmt.dst)
+                return True
+            return False
+
+        self._get_vvar_by_insn(addr, op_type, _predicate, block_idx=block_idx)
+
+        assert len(vvars) <= 1
+        return next(iter(vvars), None)
+
+    def get_vvar_value(self, vvar: VirtualVariable) -> Expression | None:
+        if vvar not in self.model.all_vvar_definitions:
+            return None
+        codeloc = self.model.all_vvar_definitions[vvar]
+
+        for block in self.model.func_graph:
+            if block.addr == codeloc.block_addr and block.idx == codeloc.block_idx:
+                if codeloc.stmt_idx < len(block.statements):
+                    stmt = block.statements[codeloc.stmt_idx]
+                    if isinstance(stmt, Assignment) and stmt.dst.likes(vvar):
+                        return stmt.src
+                break
+        return None
+
+    def observe(self, observation_points: list[ObservationPoint]):
+        insn_ops: dict[int, ObservationPointType] = {op[1]: op[2] for op in observation_points if op[0] == "insn"}
+        stmt_ops: dict[tuple[tuple[int, int | None], int], ObservationPointType] = {
+            op[1]: op[2] for op in observation_points if op[0] == "stmt"
+        }
+        node_ops: dict[tuple[int, int | None], ObservationPointType] = {
+            op[1]: op[2] for op in observation_points if op[0] == "node"
+        }
+        # TODO: Other types
+
+        traversal_order = GraphUtils.quasi_topological_sort_nodes(self.model.func_graph)
+        all_reg2vvarid: defaultdict[tuple[int, int | None], dict[int, int]] = defaultdict(dict)
+
+        observations = {}
+        for block in traversal_order:
+            reg2vvarid = all_reg2vvarid[block.addr, block.idx]
+
+            if (block.addr, block.idx) in node_ops and node_ops[
+                (block.addr, block.idx)
+            ] == ObservationPointType.OP_BEFORE:
+                observations[("block", (block.addr, block.idx), ObservationPointType.OP_BEFORE)] = reg2vvarid.copy()
+
+            last_insn_addr = None
+            for stmt_idx, stmt in enumerate(block.statements):
+                if last_insn_addr != stmt.ins_addr:
+                    # observe
+                    if last_insn_addr in insn_ops and insn_ops[last_insn_addr] == ObservationPointType.OP_AFTER:
+                        observations[("insn", last_insn_addr, ObservationPointType.OP_AFTER)] = reg2vvarid.copy()
+                    if stmt.ins_addr in insn_ops and insn_ops[stmt.ins_addr] == ObservationPointType.OP_BEFORE:
+                        observations[("insn", last_insn_addr, ObservationPointType.OP_BEFORE)] = reg2vvarid.copy()
+                    last_insn_addr = stmt.ins_addr
+
+                stmt_key = (block.addr, block.idx), stmt_idx
+                if stmt_key in stmt_ops and stmt_ops[stmt_key] == ObservationPointType.OP_BEFORE:
+                    observations[("stmt", stmt_key, ObservationPointType.OP_BEFORE)] = reg2vvarid.copy()
+
+                if isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable) and stmt.dst.was_reg:
+                    base_offset = get_reg_offset_base(stmt.dst.reg_offset, self.model.arch)
+                    reg2vvarid[base_offset] = stmt.dst.varid
+                elif isinstance(stmt, Call) and isinstance(stmt.ret_expr, VirtualVariable) and stmt.ret_expr.was_reg:
+                    base_offset = get_reg_offset_base(stmt.ret_expr.reg_offset, self.model.arch)
+                    reg2vvarid[base_offset] = stmt.ret_expr.varid
+
+                if stmt_key in stmt_ops and stmt_ops[stmt_key] == ObservationPointType.OP_AFTER:
+                    observations[("stmt", stmt_key, ObservationPointType.OP_AFTER)] = reg2vvarid.copy()
+
+            if (block.addr, block.idx) in node_ops and node_ops[
+                (block.addr, block.idx)
+            ] == ObservationPointType.OP_AFTER:
+                observations[("block", (block.addr, block.idx), ObservationPointType.OP_AFTER)] = reg2vvarid.copy()
+
+            for succ in self.model.func_graph.successors(block):
+                if succ is block:
+                    continue
+                all_reg2vvarid[succ.addr, succ.idx] = reg2vvarid.copy()
+
+        return observations

angr/analyses/s_reaching_definitions/s_reaching_definitions.py

@@ -0,0 +1,159 @@
+from __future__ import annotations
+
+from ailment.block import Block
+from ailment.statement import Assignment, Call, Return
+
+from angr.knowledge_plugins.functions import Function
+from angr.knowledge_plugins.key_definitions.constants import ObservationPointType
+from angr.code_location import CodeLocation, ExternalCodeLocation
+from angr.analyses import Analysis, register_analysis
+from angr.utils.ssa import get_vvar_uselocs, get_vvar_deflocs, get_tmp_deflocs, get_tmp_uselocs
+from angr.calling_conventions import default_cc
+from .s_rda_model import SRDAModel
+from .s_rda_view import SRDAView
+
+
+class SReachingDefinitionsAnalysis(Analysis):
+    """
+    Constant and expression propagation that only supports SSA AIL graphs.
+    """
+
+    def __init__(  # pylint: disable=too-many-positional-arguments
+        self,
+        subject,
+        func_addr: int | None = None,
+        func_graph=None,
+        track_tmps: bool = False,
+        stack_pointer_tracker=None,
+    ):
+        if isinstance(subject, Block):
+            self.block = subject
+            self.func = None
+            self.mode = "block"
+        elif isinstance(subject, Function):
+            self.block = None
+            self.func = subject
+            self.mode = "function"
+        else:
+            raise TypeError(f"Unsupported subject type {type(subject)}")
+
+        self.func_graph = func_graph
+        self.func_addr = func_addr if func_addr is not None else self.func.addr if self.func is not None else None
+        self._track_tmps = track_tmps
+        self._sp_tracker = stack_pointer_tracker  # FIXME: Is it still used?
+
+        self._bp_as_gpr = False
+        if self.func is not None:
+            self._bp_as_gpr = self.func.info.get("bp_as_gpr", False)
+
+        self.model = SRDAModel(func_graph, self.project.arch)
+
+        self._analyze()
+
+    def _analyze(self):
+        match self.mode:
+            case "block":
+                blocks = {(self.block.addr, self.block.idx): self.block}
+            case "function":
+                blocks = {(block.addr, block.idx): block for block in self.func_graph}
+            case _:
+                raise NotImplementedError
+
+        phi_vvars = {}
+        # find all vvar definitions
+        vvar_deflocs = get_vvar_deflocs(blocks.values(), phi_vvars=phi_vvars)
+        # find all explicit vvar uses
+        vvar_uselocs = get_vvar_uselocs(blocks.values())
+
+        # update model
+        for vvar, defloc in vvar_deflocs.items():
+            self.model.varid_to_vvar[vvar.varid] = vvar
+            self.model.all_vvar_definitions[vvar] = defloc
+
+            for vvar_at_use, useloc in vvar_uselocs[vvar.varid]:
+                self.model.all_vvar_uses[vvar].add((vvar_at_use, useloc))
+
+        self.model.phi_vvar_ids = {vvar.varid for vvar in phi_vvars}
+        self.model.phivarid_to_varids = {}
+        for vvar, src_vvars in phi_vvars.items():
+            self.model.phivarid_to_varids[vvar.varid] = {
+                src_vvar.varid for src_vvar in src_vvars if src_vvar is not None
+            }
+
+        if self.mode == "function":
+            # fix register definitions for arguments
+            defined_vvarids = {vvar.varid for vvar in vvar_deflocs}
+            undefined_vvarids = set(vvar_uselocs.keys()).difference(defined_vvarids)
+            for vvar_id in undefined_vvarids:
+                used_vvar = next(iter(vvar_uselocs[vvar_id]))[0]
+                self.model.varid_to_vvar[used_vvar.varid] = used_vvar
+                self.model.all_vvar_definitions[used_vvar] = ExternalCodeLocation()
+                self.model.all_vvar_uses[used_vvar] |= vvar_uselocs[vvar_id]
+
+            srda_view = SRDAView(self.model)
+
+            # fix register uses at call sites
+
+            # find all implicit vvar uses
+            call_stmt_ids = []
+            for block in blocks.values():
+                for stmt_idx, stmt in enumerate(block.statements):
+                    if (  # pylint:disable=too-many-boolean-expressions
+                        (isinstance(stmt, Call) and stmt.args is None)
+                        or (isinstance(stmt, Assignment) and isinstance(stmt.src, Call) and stmt.src.args is None)
+                        or (isinstance(stmt, Return) and stmt.ret_exprs and isinstance(stmt.ret_exprs[0], Call))
+                    ):
+                        call_stmt_ids.append(((block.addr, block.idx), stmt_idx))
+
+            observations = srda_view.observe(
+                [("stmt", insn_stmt_id, ObservationPointType.OP_BEFORE) for insn_stmt_id in call_stmt_ids]
+            )
+            for key, reg_to_vvarids in observations.items():
+                _, ((block_addr, block_idx), stmt_idx), _ = key
+
+                block = blocks[(block_addr, block_idx)]
+                stmt = block.statements[stmt_idx]
+                assert isinstance(stmt, (Call, Assignment, Return))
+
+                call: Call = (
+                    stmt if isinstance(stmt, Call) else stmt.src if isinstance(stmt, Assignment) else stmt.ret_exprs[0]
+                )
+                if call.prototype is None:
+                    # without knowing the prototype, we must conservatively add uses to all registers that are
+                    # potentially used here
+                    if call.calling_convention is not None:
+                        cc = call.calling_convention
+                    else:
+                        # just use all registers in the default calling convention because we don't know anything about
+                        # the calling convention yet
+                        cc = default_cc(self.project.arch.name)(self.project.arch)
+
+                    codeloc = CodeLocation(block_addr, stmt_idx, block_idx=block_idx, ins_addr=stmt.ins_addr)
+                    arg_locs = cc.ARG_REGS
+
+                    for arg_reg_name in arg_locs:
+                        reg_offset = self.project.arch.registers[arg_reg_name][0]
+                        if reg_offset in reg_to_vvarids:
+                            vvarid = reg_to_vvarids[reg_offset]
+                            vvar = self.model.varid_to_vvar[vvarid]
+                            self.model.all_vvar_uses[vvar].add((None, codeloc))
+
+        if self._track_tmps:
+            # track tmps
+            tmp_deflocs = get_tmp_deflocs(blocks.values())
+            # find all vvar uses
+            tmp_uselocs = get_tmp_uselocs(blocks.values())
+
+            # update model
+            for block_loc, d in tmp_deflocs.items():
+                for tmp_atom, stmt_idx in d.items():
+                    self.model.all_tmp_definitions[block_loc][tmp_atom] = stmt_idx
+
+                    if tmp_atom in tmp_uselocs[block_loc]:
+                        for tmp_at_use, use_stmt_idx in tmp_uselocs[block_loc][tmp_atom]:
+                            if tmp_atom not in self.model.all_tmp_uses[block_loc]:
+                                self.model.all_tmp_uses[block_loc][tmp_atom] = set()
+                            self.model.all_tmp_uses[block_loc][tmp_atom].add((tmp_at_use, use_stmt_idx))
+
+
+register_analysis(SReachingDefinitionsAnalysis, "SReachingDefinitions")

angr/analyses/stack_pointer_tracker.py

@@ -9,11 +9,11 @@ from collections import defaultdict
 import pyvex
 
 from angr.analyses import ForwardAnalysis, visitors
-from ..utils.constants import is_alignment_mask
-from ..analyses import AnalysesHub
-from ..knowledge_plugins import Function
-from ..block import BlockNode
-from ..errors import SimTranslationError
+from angr.utils.constants import is_alignment_mask
+from angr.analyses import AnalysesHub
+from angr.knowledge_plugins import Function
+from angr.block import BlockNode
+from angr.errors import SimTranslationError
 from .analysis import Analysis
 import contextlib
 

angr/analyses/static_hooker.py

@@ -3,8 +3,8 @@ import logging
 
 from . import Analysis
 
-from .. import SIM_LIBRARIES
-from ..errors import AngrValueError
+from angr import SIM_LIBRARIES
+from angr.errors import AngrValueError
 
 l = logging.getLogger(name=__name__)
 

angr/analyses/typehoon/__init__.py

@@ -1,2 +1,5 @@
 from __future__ import annotations
+
 from .typehoon import Typehoon
+
+__all__ = ("Typehoon",)

angr/analyses/typehoon/lifter.py

@@ -1,7 +1,7 @@
 from __future__ import annotations
 from typing import TYPE_CHECKING
 
-from ...sim_type import (
+from angr.sim_type import (
     SimType,
     SimTypeChar,
     SimTypeShort,

angr/analyses/typehoon/translator.py

@@ -2,8 +2,8 @@
 from __future__ import annotations
 from itertools import count
 
-from ... import sim_type
-from ...sim_type import SimType
+from angr import sim_type
+from angr.sim_type import SimType
 from . import typeconsts
 from .typeconsts import TypeConstant
 

angr/analyses/typehoon/typehoon.py

@@ -2,9 +2,9 @@
 from __future__ import annotations
 from typing import TYPE_CHECKING
 
-from ...sim_type import SimStruct, SimTypePointer, SimTypeArray
-from ...errors import AngrRuntimeError
-from ..analysis import Analysis, AnalysesHub
+from angr.sim_type import SimStruct, SimTypePointer, SimTypeArray
+from angr.errors import AngrRuntimeError
+from angr.analyses.analysis import Analysis, AnalysesHub
 from .simple_solver import SimpleSolver
 from .translator import TypeTranslator
 from .typeconsts import Struct, Pointer, TypeConstant, Array, TopType

angr/analyses/typehoon/typevars.py

@@ -28,11 +28,13 @@ class Equivalence(TypeConstraint):
     __slots__ = (
         "type_a",
         "type_b",
+        "_cached_hash",
     )
 
     def __init__(self, type_a, type_b):
         self.type_a = type_a
         self.type_b = type_b
+        self._cached_hash = hash((Equivalence, self.type_a, self.type_b))
 
     def pp_str(self, mapping: dict[TypeVariable, Any]) -> str:
         return f"{self.type_a.pp_str(mapping)} == {self.type_b.pp_str(mapping)}"
@@ -49,14 +51,15 @@ class Equivalence(TypeConstraint):
         )
 
     def __hash__(self):
-        return hash((Equivalence, tuple(sorted((hash(self.type_a), hash(self.type_b))))))
+        return self._cached_hash
 
 
 class Existence(TypeConstraint):
-    __slots__ = ("type_",)
+    __slots__ = ("type_", "_cached_hash")
 
     def __init__(self, type_):
         self.type_ = type_
+        self._cached_hash = hash((Existence, self.type_))
 
     def pp_str(self, mapping: dict[TypeVariable, Any]) -> str:
         return f"V {self.type_.pp_str(mapping)}"
@@ -68,7 +71,7 @@ class Existence(TypeConstraint):
         return type(other) is Existence and self.type_ == other.type_
 
     def __hash__(self):
-        return hash((Existence, self.type_))
+        return self._cached_hash
 
     def replace(self, replacements):
         if self.type_ in replacements:
@@ -84,11 +87,13 @@ class Subtype(TypeConstraint):
     __slots__ = (
         "super_type",
         "sub_type",
+        "_cached_hash",
     )
 
     def __init__(self, sub_type: TypeType, super_type: TypeType):
         self.super_type = super_type
         self.sub_type = sub_type
+        self._cached_hash = hash((Subtype, self.sub_type, self.super_type))
 
     def pp_str(self, mapping: dict[TypeVariable, Any]) -> str:
         return f"{self.sub_type.pp_str(mapping)} <: {self.super_type.pp_str(mapping)}"
@@ -100,7 +105,7 @@ class Subtype(TypeConstraint):
         return type(other) is Subtype and self.sub_type == other.sub_type and self.super_type == other.super_type
 
     def __hash__(self):
-        return hash((Subtype, hash(self.sub_type), hash(self.super_type)))
+        return self._cached_hash
 
     def replace(self, replacements):
         subtype, supertype = None, None
@@ -139,12 +144,14 @@ class Add(TypeConstraint):
         "type_0",
         "type_1",
         "type_r",
+        "_cached_hash",
     )
 
     def __init__(self, type_0, type_1, type_r):
         self.type_0 = type_0
         self.type_1 = type_1
         self.type_r = type_r
+        self._cached_hash = hash((Add, self.type_0, self.type_1, self.type_r))
 
     def pp_str(self, mapping: dict[TypeVariable, Any]) -> str:
         return f"{self.type_r.pp_str(mapping)} == {self.type_0.pp_str(mapping)} + {self.type_1.pp_str(mapping)}"
@@ -161,7 +168,7 @@ class Add(TypeConstraint):
         )
 
     def __hash__(self):
-        return hash((Add, self.type_0, self.type_1, self.type_r))
+        return self._cached_hash
 
     def replace(self, replacements):
         t0, t1, tr = None, None, None
@@ -206,12 +213,14 @@ class Sub(TypeConstraint):
         "type_0",
         "type_1",
         "type_r",
+        "_cached_hash",
     )
 
     def __init__(self, type_0, type_1, type_r):
         self.type_0 = type_0
         self.type_1 = type_1
         self.type_r = type_r
+        self._cached_hash = hash((Sub, self.type_0, self.type_1, self.type_r))
 
     def pp_str(self, mapping: dict[TypeVariable, Any]) -> str:
         return f"{self.type_r.pp_str(mapping)} == {self.type_0.pp_str(mapping)} - {self.type_1.pp_str(mapping)}"
@@ -228,7 +237,7 @@ class Sub(TypeConstraint):
         )
 
     def __hash__(self):
-        return hash((Sub, self.type_0, self.type_1, self.type_r))
+        return self._cached_hash
 
     def replace(self, replacements):
         t0, t1, tr = None, None, None
@@ -268,7 +277,7 @@ _typevariable_counter = count()
 
 
 class TypeVariable:
-    __slots__ = ("idx", "name")
+    __slots__ = ("idx", "name", "_cached_hash")
 
     def __init__(self, idx: int | None = None, name: str | None = None):
         if idx is None:
@@ -277,6 +286,8 @@ class TypeVariable:
             self.idx: int = idx
         self.name = name
 
+        self._cached_hash = hash((TypeVariable, self.name if self.name else self.idx))
+
     def pp_str(self, mapping: dict[TypeVariable, Any]) -> str:
         varname = mapping.get(self, self.name)
         if varname is None:
@@ -291,12 +302,10 @@ class TypeVariable:
         return self.idx == other.idx
 
     def _hash(self, visited=None):  # pylint:disable=unused-argument
-        if self.name:
-            return hash((TypeVariable, self.name))
-        return hash((TypeVariable, self.idx))
+        return self._cached_hash
 
     def __hash__(self):
-        return self._hash()
+        return self._cached_hash
 
     def __repr__(self):
         if self.name:
@@ -336,6 +345,8 @@ class DerivedTypeVariable(TypeVariable):
         if not self.labels:
             raise ValueError("A DerivedTypeVariable must have at least one label")
 
+        self._cached_hash = hash((DerivedTypeVariable, self.type_var, self.labels))
+
     def one_label(self) -> BaseLabel | None:
         return self.labels[0] if len(self.labels) == 1 else None
 
@@ -358,10 +369,10 @@ class DerivedTypeVariable(TypeVariable):
         )
 
     def _hash(self, visited=None):
-        return hash((DerivedTypeVariable, self.type_var, self.labels))
+        return self._cached_hash
 
     def __hash__(self):
-        return self._hash()
+        return self._cached_hash
 
     def __repr__(self):
         return ".".join([repr(self.type_var)] + [repr(lbl) for lbl in self.labels])
@@ -437,13 +448,16 @@ class TypeVariables:
 
 
 class BaseLabel:
-    __slots__ = ()
+    __slots__ = ("_cached_hash",)
+
+    def __init__(self):
+        self._cached_hash = hash((type(self), *tuple(getattr(self, k) for k in self.__slots__ if k != "_cached_hash")))
 
     def __eq__(self, other):
-        return type(self) is type(other) and hash(self) == hash(other)
+        return type(self) is type(other) and self._cached_hash == other._cached_hash
 
     def __hash__(self):
-        return hash((type(self), *tuple(getattr(self, k) for k in self.__slots__)))
+        return self._cached_hash
 
     @property
     def variance(self) -> Variance:
@@ -455,6 +469,7 @@ class FuncIn(BaseLabel):
 
     def __init__(self, loc):
         self.loc = loc
+        super().__init__()
 
     def __repr__(self):
         return f"in<{self.loc}>"
@@ -465,6 +480,7 @@ class FuncOut(BaseLabel):
 
     def __init__(self, loc):
         self.loc = loc
+        super().__init__()
 
     def __repr__(self):
         return f"out<{self.loc}>"
@@ -493,6 +509,7 @@ class AddN(BaseLabel):
 
     def __init__(self, n):
         self.n = n
+        super().__init__()
 
     def __repr__(self):
         return "+%d" % self.n
@@ -503,6 +520,7 @@ class SubN(BaseLabel):
 
     def __init__(self, n):
         self.n = n
+        super().__init__()
 
     def __repr__(self):
         return "-%d" % self.n
@@ -513,6 +531,7 @@ class ConvertTo(BaseLabel):
 
     def __init__(self, to_bits):
         self.to_bits = to_bits
+        super().__init__()
 
     def __repr__(self):
         return "conv(%d)" % self.to_bits
@@ -527,6 +546,7 @@ class ReinterpretAs(BaseLabel):
     def __init__(self, to_type, to_bits):
         self.to_type = to_type
         self.to_bits = to_bits
+        super().__init__()
 
     def __repr__(self):
         return f"reinterpret({self.to_type}{self.to_bits})"
@@ -541,6 +561,7 @@ class HasField(BaseLabel):
     def __init__(self, bits, offset):
         self.bits = bits
         self.offset = offset
+        super().__init__()
 
     def __repr__(self):
         if self.bits == MAX_POINTSTO_BITS:

angr/analyses/variable_recovery/__init__.py

@@ -1,3 +1,9 @@
 from __future__ import annotations
+
 from .variable_recovery import VariableRecovery
 from .variable_recovery_fast import VariableRecoveryFast
+
+__all__ = (
+    "VariableRecovery",
+    "VariableRecoveryFast",
+)