angr 9.2.122__py3-none-macosx_11_0_arm64.whl → 9.2.124__py3-none-macosx_11_0_arm64.whl

angr/__init__.py

@@ -2,7 +2,7 @@
 # pylint: disable=wrong-import-position
 from __future__ import annotations
 
-__version__ = "9.2.122"
+__version__ = "9.2.124"
 
 if bytes is str:
     raise Exception(

angr/analyses/calling_convention.py

@@ -356,9 +356,12 @@ class CallingConventionAnalysis(Analysis):
         caller_block_addr: int,
         call_insn_addr: int,
         include_preds: bool = False,
-    ) -> CallSiteFact:
+    ) -> CallSiteFact | None:
         func = self.kb.functions[caller_addr]
         subgraph = self._generate_callsite_subgraph(func, caller_block_addr, include_preds=include_preds)
+        if subgraph is None:
+            # failed to generate a subgraph when the caller block cannot be found in the function graph
+            return None
 
         observation_points: list = [("insn", call_insn_addr, OP_BEFORE), ("node", caller_block_addr, OP_AFTER)]
 
@@ -440,6 +443,8 @@ class CallingConventionAnalysis(Analysis):
                     call_insn_addr,
                     include_preds=include_callsite_preds,
                 )
+                if fact is None:
+                    continue
                 facts.append(fact)
 
                 ctr += 1

angr/analyses/cfg/indirect_jump_resolvers/mips_elf_fast.py

@@ -153,6 +153,11 @@ class MipsElfFastResolver(IndirectJumpResolver):
 
     def _resolve_case_1(self, addr: int, block: pyvex.IRSB, func_addr: int, gp_value: int, cfg) -> int | None:
         # lift the block again with the correct setting
+
+        inital_regs = [(self.project.arch.registers["t9"][0], self.project.arch.registers["t9"][1], func_addr)]
+        if gp_value is not None:
+            inital_regs.append((self.project.arch.registers["gp"][0], self.project.arch.registers["gp"][1], gp_value))
+
         first_irsb = self.project.factory.block(
             addr,
             size=block.size,
@@ -160,10 +165,7 @@ class MipsElfFastResolver(IndirectJumpResolver):
             const_prop=True,
             cross_insn_opt=False,
             load_from_ro_regions=True,
-            initial_regs=[
-                (self.project.arch.registers["t9"][0], self.project.arch.registers["t9"][1], func_addr),
-                (self.project.arch.registers["gp"][0], self.project.arch.registers["gp"][1], gp_value),
-            ],
+            initial_regs=inital_regs,
         ).vex_nostmt
 
         if not isinstance(first_irsb.next, pyvex.IRExpr.RdTmp):
@@ -193,6 +195,10 @@ class MipsElfFastResolver(IndirectJumpResolver):
             # the register (t9) is set in this block - we can resolve the jump target using only the current block
             return Case2Result.RESUME, None
 
+        inital_regs = [(self.project.arch.registers["t9"][0], self.project.arch.registers["t9"][1], func_addr)]
+        if gp_value is not None:
+            inital_regs.append((self.project.arch.registers["gp"][0], self.project.arch.registers["gp"][1], gp_value))
+
         # lift the first block again with the correct setting
         first_irsb = self.project.factory.block(
             first_block_addr,
@@ -200,10 +206,7 @@ class MipsElfFastResolver(IndirectJumpResolver):
             collect_data_refs=False,
             const_prop=True,
             load_from_ro_regions=True,
-            initial_regs=[
-                (self.project.arch.registers["t9"][0], self.project.arch.registers["t9"][1], func_addr),
-                (self.project.arch.registers["gp"][0], self.project.arch.registers["gp"][1], gp_value),
-            ],
+            initial_regs=inital_regs,
         ).vex_nostmt
 
         last_reg_setting_tmp = self._get_last_reg_setting_tmp(first_irsb, jump_target_reg)

angr/analyses/cfg/indirect_jump_resolvers/mips_elf_got.py

@@ -51,11 +51,11 @@ class MipsElfGotResolver(IndirectJumpResolver):
             return False, []
         dynsym_addr = self._find_and_cache_section_addr(obj, ".dynsym")
         if dynsym_addr is None:
-            return None
+            return False, []
 
         dynstr_addr = self._find_and_cache_section_addr(obj, ".dynstr")
         if dynstr_addr is None:
-            return None
+            return False, []
 
         if block.size != 16:
             return False, []

angr/analyses/decompiler/ail_simplifier.py

@@ -22,7 +22,6 @@ from ailment.expression import (
     Const,
     BinaryOp,
     VirtualVariable,
-    Phi,
 )
 
 from angr.analyses.s_reaching_definitions import SRDAModel
@@ -36,7 +35,7 @@ from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE
 from angr.errors import AngrRuntimeError
 from angr.analyses import Analysis, AnalysesHub
 from .ailgraph_walker import AILGraphWalker
-from .expression_narrower import ExpressionNarrowingWalker
+from .expression_narrower import ExprNarrowingInfo, NarrowingInfoExtractor, ExpressionNarrower
 from .block_simplifier import BlockSimplifier
 from .ccall_rewriters import CCALL_REWRITERS
 from .counters.expression_counters import SingleExpressionCounter
@@ -76,26 +75,6 @@ class AILBlockTempCollector(AILBlockWalker):
             self.temps.add(expr)
 
 
-class ExprNarrowingInfo:
-    """
-    Stores the analysis result of _narrowing_needed().
-    """
-
-    __slots__ = ("narrowable", "to_size", "use_exprs", "phi_vars")
-
-    def __init__(
-        self,
-        narrowable: bool,
-        to_size: int | None = None,
-        use_exprs: list[tuple[atoms.VirtualVariable, CodeLocation, tuple[str, tuple[Expression, ...]]]] | None = None,
-        phi_vars: set[atoms.VirtualVariable] | None = None,
-    ):
-        self.narrowable = narrowable
-        self.to_size = to_size
-        self.use_exprs = use_exprs
-        self.phi_vars = phi_vars
-
-
 class AILSimplifier(Analysis):
     """
     Perform function-level simplifications.
@@ -343,309 +322,26 @@ class AILSimplifier(Analysis):
             if not repeat:
                 break
 
-        replaced_vvar_ids = set()
-
         # let's narrow them (finally)
-        for def_, narrow_info in narrowables:
-
-            # does any uses involve a previously replaced expressions? if so, we have to skip this one because the use
-            # expression may no longer exist.
-            should_skip = False
-            for _, _, (use_type, use_expr_tpl) in narrow_info.use_exprs:
-                if use_type == "binop-convert" and self._exprs_contain_vvar(use_expr_tpl, replaced_vvar_ids):
-                    should_skip = True
-                    break
-            if should_skip:
-                continue
-
-            # replace the definition
-            if not isinstance(def_.codeloc, ExternalCodeLocation):
-                old_block = addr_and_idx_to_block.get((def_.codeloc.block_addr, def_.codeloc.block_idx))
-                if old_block is None:
-                    # this definition might be inside a callee function, which is why the block does not exist
-                    # ignore it
-                    continue
-
-                the_block = self.blocks.get(old_block, old_block)
-                stmt = the_block.statements[def_.codeloc.stmt_idx]
-                r, new_block = False, None
-                replaced_vvar: VirtualVariable | None = None
-                if is_phi_assignment(stmt):
-                    new_assignment_dst = VirtualVariable(
-                        stmt.dst.idx,
-                        stmt.dst.varid,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        category=def_.atom.category,
-                        oident=def_.atom.oident,
-                        **stmt.dst.tags,
-                    )
-                    new_src_and_vvars = []
-                    for src, vvar in stmt.src.src_and_vvars:
-                        if vvar is not None and vvar.varid == stmt.dst.varid:
-                            new_vvar = VirtualVariable(
-                                vvar.idx,
-                                vvar.varid,
-                                narrow_info.to_size * self.project.arch.byte_width,
-                                category=vvar.category,
-                                oident=vvar.oident,
-                                **vvar.tags,
-                            )
-                        else:
-                            new_vvar = vvar
-                        new_src_and_vvars.append((src, new_vvar))
-                    new_assignment_src = Phi(
-                        stmt.src.idx,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        new_src_and_vvars,
-                        **stmt.src.tags,
-                    )
-                    replaced_vvar = stmt.dst
-                    r, new_block = BlockSimplifier._replace_and_build(
-                        the_block,
-                        {
-                            def_.codeloc: {
-                                stmt.dst: new_assignment_dst,
-                                stmt.src: new_assignment_src,
-                            }
-                        },
-                        replace_assignment_dsts=True,
-                        replace_loads=True,
-                    )
-                elif isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable) and stmt.dst.was_reg:
-                    new_assignment_dst = VirtualVariable(
-                        stmt.dst.idx,
-                        stmt.dst.varid,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        category=def_.atom.category,
-                        oident=def_.atom.oident,
-                        **stmt.dst.tags,
-                    )
-                    new_assignment_src = Convert(
-                        stmt.src.idx,  # FIXME: This is a hack
-                        stmt.src.bits,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        False,
-                        stmt.src,
-                        **stmt.src.tags,
-                    )
-                    replaced_vvar = stmt.dst
-                    r, new_block = BlockSimplifier._replace_and_build(
-                        the_block,
-                        {
-                            def_.codeloc: {
-                                stmt.dst: new_assignment_dst,
-                                stmt.src: new_assignment_src,
-                            }
-                        },
-                        replace_assignment_dsts=True,
-                        replace_loads=True,
-                    )
-                elif isinstance(stmt, Call):
-                    if stmt.ret_expr is not None:
-                        tags = dict(stmt.ret_expr.tags)
-                        tags["reg_name"] = self.project.arch.translate_register_name(
-                            def_.atom.reg_offset, size=narrow_info.to_size
-                        )
-                        replaced_vvar = stmt.ret_expr
-                        new_retexpr = VirtualVariable(
-                            stmt.ret_expr.idx,
-                            stmt.ret_expr.varid,
-                            narrow_info.to_size * self.project.arch.byte_width,
-                            category=def_.atom.category,
-                            oident=def_.atom.oident,
-                            **stmt.ret_expr.tags,
-                        )
-                        r, new_block = BlockSimplifier._replace_and_build(
-                            the_block, {def_.codeloc: {stmt.ret_expr: new_retexpr}}
-                        )
-                if not r:
-                    # couldn't replace the definition...
-                    continue
+        narrower = ExpressionNarrower(self.project, rd, narrowables, addr_and_idx_to_block, self.blocks)
+        for old_block in addr_and_idx_to_block.values():
+            new_block = self.blocks.get(old_block, old_block)
+            new_block = narrower.walk(new_block)
+            if narrower.narrowed_any:
+                narrowed = True
                 self.blocks[old_block] = new_block
-                if replaced_vvar is not None:
-                    replaced_vvar_ids.add(replaced_vvar.varid)
-
-            use_exprs = list(narrow_info.use_exprs)
-            if narrow_info.phi_vars:
-                for phi_var in narrow_info.phi_vars:
-                    loc = rd.all_vvar_definitions[phi_var]
-                    old_block = addr_and_idx_to_block.get((loc.block_addr, loc.block_idx))
-                    the_block = self.blocks.get(old_block, old_block)
-                    stmt = the_block.statements[loc.stmt_idx]
-                    assert is_phi_assignment(stmt)
-
-                    for _, vvar in stmt.src.src_and_vvars:
-                        if vvar is not None and vvar.varid == def_.atom.varid:
-                            use_exprs.append((vvar, loc, ("phi-src-expr", (vvar,))))
-
-            # replace all uses if necessary
-            for use_atom, use_loc, (use_type, use_expr_tpl) in use_exprs:
-                if (
-                    isinstance(use_expr_tpl[0], VirtualVariable)
-                    and use_expr_tpl[0].was_reg
-                    and narrow_info.to_size == use_expr_tpl[0].size
-                ):
-                    # don't replace registers to the same registers
-                    continue
-                if use_atom.varid != def_.atom.varid:
-                    # don't replace this use - it will be replaced later
-                    continue
-
-                old_block = addr_and_idx_to_block.get((use_loc.block_addr, use_loc.block_idx))
-                the_block = self.blocks.get(old_block, old_block)
-
-                if use_type in {"expr", "mask", "convert"}:
-                    # the first used expr
-                    use_expr_0 = use_expr_tpl[0]
-                    new_use_expr_0 = VirtualVariable(
-                        use_expr_0.idx,
-                        def_.atom.varid,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        category=def_.atom.category,
-                        oident=def_.atom.oident,
-                        **use_expr_0.tags,
-                    )
-                    new_use_expr = new_use_expr_0
-
-                    # the second used expr (if it exists)
-                    if len(use_expr_tpl) == 2:
-                        use_expr_1 = use_expr_tpl[1]
-                        assert isinstance(use_expr_1, BinaryOp)
-                        con = use_expr_1.operands[1]
-                        assert isinstance(con, Const)
-                        new_use_expr_1 = BinaryOp(
-                            use_expr_1.idx,
-                            use_expr_1.op,
-                            [
-                                new_use_expr_0,
-                                Const(con.idx, con.variable, con.value, new_use_expr_0.bits, **con.tags),
-                            ],
-                            use_expr_1.signed,
-                            floating_point=use_expr_1.floating_point,
-                            rounding_mode=use_expr_1.rounding_mode,
-                            **use_expr_1.tags,
-                        )
-
-                        if use_expr_1.size > new_use_expr_1.size:
-                            new_use_expr_1 = Convert(
-                                None,
-                                new_use_expr_1.bits,
-                                use_expr_1.bits,
-                                False,
-                                new_use_expr_1,
-                                **new_use_expr_1.tags,
-                            )
-
-                        r, new_block = BlockSimplifier._replace_and_build(
-                            the_block, {use_loc: {use_expr_1: new_use_expr_1}}
-                        )
-                    elif len(use_expr_tpl) == 1:
-                        if use_expr_0.size > new_use_expr_0.size:
-                            new_use_expr_0 = Convert(
-                                None,
-                                new_use_expr_0.bits,
-                                use_expr_0.bits,
-                                False,
-                                new_use_expr_0,
-                                **new_use_expr_0.tags,
-                            )
 
-                        r, new_block = BlockSimplifier._replace_and_build(
-                            the_block, {use_loc: {use_expr_0: new_use_expr_0}}
-                        )
-                    else:
-                        _l.warning("Nothing to replace at %s.", use_loc)
-                        r = False
-                        new_block = None
-
-                elif use_type == "phi-src-expr":
-                    # the size of the replaced variable will be different from its original size, and it's expected
-                    use_expr = use_expr_tpl[0]
-                    new_use_expr = VirtualVariable(
-                        use_expr.idx,
-                        def_.atom.varid,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        category=def_.atom.category,
-                        oident=def_.atom.oident,
-                        **use_expr.tags,
-                    )
-                    r, new_block = BlockSimplifier._replace_and_build(the_block, {use_loc: {use_expr: new_use_expr}})
-
-                elif use_type == "binop-convert":
-                    use_expr_0 = use_expr_tpl[0]
-                    new_use_expr_0 = VirtualVariable(
-                        use_expr_0.idx,
-                        def_.atom.varid,
-                        narrow_info.to_size * self.project.arch.byte_width,
-                        category=def_.atom.category,
-                        oident=def_.atom.oident,
-                        **use_expr_0.tags,
-                    )
-                    new_use_expr = new_use_expr_0
-
-                    use_expr_1: BinaryOp = use_expr_tpl[1]
-                    # build the new use_expr_1
-                    new_use_expr_1_operands = {}
-                    if use_expr_1.operands[0] is use_expr_0:
-                        new_use_expr_1_operands[0] = new_use_expr_0
-                        other_operand = use_expr_1.operands[1]
-                    else:
-                        new_use_expr_1_operands[1] = new_use_expr_0
-                        other_operand = use_expr_1.operands[0]
-                    use_expr_2: Convert = use_expr_tpl[2]
-                    if other_operand.bits == use_expr_2.from_bits:
-                        new_other_operand = Convert(
-                            None, use_expr_2.from_bits, use_expr_2.to_bits, False, other_operand
-                        )
-                    else:
-                        # Some operations, like Sar and Shl, have operands with different sizes
-                        new_other_operand = other_operand
-
-                    if 0 in new_use_expr_1_operands:
-                        new_use_expr_1_operands[1] = new_other_operand
-                    else:
-                        new_use_expr_1_operands[0] = new_other_operand
-
-                    # build new use_expr_1
-                    new_use_expr_1 = BinaryOp(
-                        use_expr_1.idx,
-                        use_expr_1.op,
-                        [new_use_expr_1_operands[0], new_use_expr_1_operands[1]],
-                        use_expr_1.signed,
-                        bits=narrow_info.to_size * 8,
-                        floating_point=use_expr_1.floating_point,
-                        rounding_mode=use_expr_1.rounding_mode,
-                        **use_expr_1.tags,
-                    )
-
-                    # first remove the old conversion
-                    r, new_block = BlockSimplifier._replace_and_build(
-                        the_block, {use_loc: {use_expr_2: use_expr_2.operand}}
-                    )
-                    # then replace use_expr_1
-                    if r:
-                        r, new_block = BlockSimplifier._replace_and_build(
-                            new_block, {use_loc: {use_expr_1: new_use_expr_1}}
-                        )
-                else:
-                    raise TypeError(f'Unsupported use_type value "{use_type}"')
-
-                if not r:
-                    _l.warning("Failed to replace use-expr at %s.", use_loc)
-                else:
-                    # update self._arg_vvars if necessary
-                    if new_use_expr is not None and new_use_expr.was_parameter and self._arg_vvars:
-                        for func_arg_idx in list(self._arg_vvars):
-                            vvar, simvar = self._arg_vvars[func_arg_idx]
-                            if vvar.varid == new_use_expr.varid:
-                                simvar_new = simvar.copy()
-                                simvar_new._hash = None
-                                simvar_new.size = new_use_expr.size
-                                self._arg_vvars[func_arg_idx] = new_use_expr, simvar_new
-
-                    self.blocks[old_block] = new_block
-
-            narrowed = True
+        # update self._arg_vvars if necessary
+        for new_vvars in narrower.replacement_core_vvars.values():
+            for new_vvar in new_vvars:
+                if new_vvar.was_parameter and self._arg_vvars:
+                    for func_arg_idx in list(self._arg_vvars):
+                        vvar, simvar = self._arg_vvars[func_arg_idx]
+                        if vvar.varid == new_vvar.varid:
+                            simvar_new = simvar.copy()
+                            simvar_new._hash = None
+                            simvar_new.size = new_vvar.size
+                            self._arg_vvars[func_arg_idx] = new_vvar, simvar_new
 
         return narrowed
 
@@ -669,6 +365,9 @@ class AILSimplifier(Analysis):
                 if len(narrowing_sizes) == 1 and None not in narrowing_sizes:
                     # we can narrow this phi vvar!
                     narrowable_phivarids.add(def_vvarid)
+                else:
+                    # blacklist it for now
+                    blacklist_varids.add(def_vvarid)
 
         # now determine what to narrow!
         narrowables = []
@@ -834,7 +533,7 @@ class AILSimplifier(Analysis):
         Determine the effective size of an expression when it's used.
         """
 
-        walker = ExpressionNarrowingWalker(expr)
+        walker = NarrowingInfoExtractor(expr)
         walker.walk_statement(statement)
         if not walker.operations:
             if expr is None:
@@ -1617,18 +1316,7 @@ class AILSimplifier(Analysis):
                             continue
                     uses = rd.get_vvar_uses(def_.atom)
 
-                elif def_.atom.was_reg:
-                    uses = rd.get_vvar_uses(def_.atom)
-                    if (
-                        def_.atom.reg_offset in self.project.arch.artificial_registers_offsets
-                        and len(uses) == 1
-                        and next(iter(uses)) == def_.codeloc
-                    ):
-                        # TODO: Verify if we still need this hack after moving to SSA
-                        # cc_ndep = amd64g_calculate_condition(..., cc_ndep)
-                        uses = set()
-
-                elif def_.atom.was_parameter:
+                elif def_.atom.was_reg or def_.atom.was_parameter:
                     uses = rd.get_vvar_uses(def_.atom)
 
                 else:
@@ -1726,9 +1414,17 @@ class AILSimplifier(Analysis):
                                 simplified = True
                                 continue
                             if isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable):
-                                # no one is using the returned virtual variable. replace this assignment statement with
-                                # a call statement
-                                stmt = stmt.src
+                                # no one is using the returned virtual variable.
+                                # now the things are a bit tricky here
+                                if isinstance(stmt.src, Call):
+                                    # replace this assignment statement with a call statement
+                                    stmt = stmt.src
+                                elif isinstance(stmt.src, Convert) and isinstance(stmt.src.operand, Call):
+                                    # the convert is useless now
+                                    stmt = stmt.src.operand
+                                else:
+                                    # we can't change this stmt at all because it has an expression with Calls inside
+                                    pass
                         else:
                             # no calls. remove it
                             simplified = True
@@ -1761,7 +1457,7 @@ class AILSimplifier(Analysis):
     def _find_cyclic_dependent_phis_and_dirty_vvars(self, rd: SRDAModel) -> set[int]:
         blocks_dict = {(bb.addr, bb.idx): bb for bb in self.func_graph}
 
-        # find dirty vvars
+        # find dirty vvars and vexccall vvars
         dirty_vvar_ids = set()
         for bb in self.func_graph:
             for stmt in bb.statements:
@@ -1769,7 +1465,7 @@ class AILSimplifier(Analysis):
                     isinstance(stmt, Assignment)
                     and isinstance(stmt.dst, VirtualVariable)
                     and stmt.dst.was_reg
-                    and isinstance(stmt.src, DirtyExpression)
+                    and isinstance(stmt.src, (DirtyExpression, VEXCCallExpression))
                 ):
                     dirty_vvar_ids.add(stmt.dst.varid)
 
@@ -1845,8 +1541,8 @@ class AILSimplifier(Analysis):
             v = False
 
         def _handle_expr(expr_idx: int, expr: Expression, stmt_idx: int, stmt: Statement, block) -> Expression | None:
-            if isinstance(expr, DirtyExpression) and isinstance(expr.dirty_expr, VEXCCallExpression):
-                rewriter = rewriter_cls(expr.dirty_expr, self.project.arch)
+            if isinstance(expr, VEXCCallExpression):
+                rewriter = rewriter_cls(expr, self.project.arch)
                 if rewriter.result is not None:
                     _any_update.v = True
                     return rewriter.result

angr/analyses/decompiler/callsite_maker.py

@@ -143,7 +143,7 @@ class CallSiteMaker(Analysis):
                 if isinstance(arg_loc, SimRegArg):
                     size = arg_loc.size
                     offset = arg_loc.check_offset(cc.arch)
-                    value_and_def = self._resolve_register_argument(call_stmt, arg_loc)
+                    value_and_def = self._resolve_register_argument(arg_loc)
                     if value_and_def is not None:
                         vvar_def = value_and_def[1]
                         arg_vvars.append(vvar_def)
@@ -283,14 +283,15 @@ class CallSiteMaker(Analysis):
         l.warning("TODO: Unsupported statement type %s for definitions.", type(stmt))
         return None
 
-    def _resolve_register_argument(self, call_stmt, arg_loc) -> tuple[int | None, Expr.VirtualVariable] | None:
+    def _resolve_register_argument(self, arg_loc) -> tuple[int | None, Expr.VirtualVariable] | None:
         offset = arg_loc.check_offset(self.project.arch)
 
         if self._reaching_definitions is not None:
             # Find its definition
-            ins_addr = call_stmt.tags["ins_addr"]
             view = SRDAView(self._reaching_definitions.model)
-            vvar = view.get_reg_vvar_by_insn(offset, ins_addr, OP_BEFORE, block_idx=self.block.idx)
+            vvar = view.get_reg_vvar_by_stmt(
+                offset, self.block.addr, self.block.idx, len(self.block.statements) - 1, OP_BEFORE
+            )
 
             if vvar is not None:
                 vvar_value = view.get_vvar_value(vvar)
@@ -318,8 +319,8 @@ class CallSiteMaker(Analysis):
             if self._reaching_definitions is not None:
                 # find its definition
                 view = SRDAView(self._reaching_definitions.model)
-                vvar = view.get_stack_vvar_by_insn(
-                    sp_offset, size, call_stmt.ins_addr, OP_BEFORE, block_idx=self.block.idx
+                vvar = view.get_stack_vvar_by_stmt(
+                    sp_offset, size, self.block.addr, self.block.idx, len(self.block.statements) - 1, OP_BEFORE
                 )
                 if vvar is not None:
                     value = view.get_vvar_value(vvar)
@@ -416,7 +417,7 @@ class CallSiteMaker(Analysis):
 
             value = None
             if isinstance(arg_loc, SimRegArg):
-                value_and_def = self._resolve_register_argument(call_stmt, arg_loc)
+                value_and_def = self._resolve_register_argument(arg_loc)
                 if value_and_def is not None:
                     value = value_and_def[0]
 

angr/analyses/decompiler/ccall_rewriters/amd64_ccalls.py

@@ -20,7 +20,7 @@ class AMD64CCallRewriter(CCallRewriterBase):
     __slots__ = ()
 
     def _rewrite(self, ccall: Expr.VEXCCallExpression) -> Expr.Expression | None:
-        if ccall.cee_name == "amd64g_calculate_condition":
+        if ccall.callee == "amd64g_calculate_condition":
             cond = ccall.operands[0]
             op = ccall.operands[1]
             dep_1 = ccall.operands[2]
@@ -288,6 +288,28 @@ class AMD64CCallRewriter(CCallRewriterBase):
 
                         r = Expr.BinaryOp(ccall.idx, "CmpLT", (dep_1, dep_2), True, **ccall.tags)
                         return Expr.Convert(None, r.bits, ccall.bits, False, r, **ccall.tags)
+
+                    if op_v in {
+                        AMD64_OpTypes["G_CC_OP_LOGICB"],
+                        AMD64_OpTypes["G_CC_OP_LOGICW"],
+                        AMD64_OpTypes["G_CC_OP_LOGICL"],
+                        AMD64_OpTypes["G_CC_OP_LOGICQ"],
+                    }:
+                        # dep_1 is the result, dep_2 is always zero
+                        # dep_1 <s 0
+
+                        dep_1 = self._fix_size(
+                            dep_1,
+                            op_v,
+                            AMD64_OpTypes["G_CC_OP_LOGICB"],
+                            AMD64_OpTypes["G_CC_OP_LOGICW"],
+                            AMD64_OpTypes["G_CC_OP_LOGICL"],
+                            ccall.tags,
+                        )
+                        zero = Expr.Const(None, None, 0, dep_1.bits)
+                        r = Expr.BinaryOp(ccall.idx, "CmpLT", (dep_1, zero), True, **ccall.tags)
+                        return Expr.Convert(None, r.bits, ccall.bits, False, r, **ccall.tags)
+
                 elif cond_v == AMD64_CondTypes["CondNBE"]:
                     if op_v in {
                         AMD64_OpTypes["G_CC_OP_SUBB"],
@@ -390,7 +412,7 @@ class AMD64CCallRewriter(CCallRewriterBase):
                     )
                     return Expr.Convert(None, r.bits, ccall.bits, False, r, **ccall.tags)
 
-        elif ccall.cee_name == "amd64g_calculate_rflags_c":
+        elif ccall.callee == "amd64g_calculate_rflags_c":
             # calculate the carry flag
             op = ccall.operands[0]
             dep_1 = ccall.operands[1]