PyPI - angr - Versions diffs - 9.2.123__py3-none-manylinux2014_aarch64.whl → 9.2.124__py3-none-manylinux2014_aarch64.whl - Mend

angr 9.2.123__py3-none-manylinux2014_aarch64.whl → 9.2.124__py3-none-manylinux2014_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (83) hide show

angr/analyses/decompiler/ssailification/rewriting_engine.py CHANGED Viewed

@@ -1,9 +1,8 @@
 # pylint:disable=no-self-use,unused-argument
 from __future__ import annotations
-from typing import Any
 import logging
-from ailment.statement import Statement, Assignment, Store, Call, Return, ConditionalJump
+from ailment.statement import Statement, Assignment, Store, Call, Return, ConditionalJump, DirtyStatement
 from ailment.expression import (
     Expression,
     Register,
@@ -18,6 +17,8 @@ from ailment.expression import (
     StackBaseOffset,
     VEXCCallExpression,
     ITE,
+    Tmp,
+    DirtyExpression,
 )
 from angr.utils.ssa import get_reg_offset_base_and_size
@@ -51,6 +52,7 @@ class SimEngineSSARewriting(
         ail_manager=None,
         vvar_id_start: int = 0,
         bp_as_gpr: bool = False,
+        rewrite_tmps: bool = False,
     ):
         super().__init__()
@@ -58,10 +60,11 @@ class SimEngineSSARewriting(
         self.project = project
         self.sp_tracker = sp_tracker
         self.bp_as_gpr = bp_as_gpr
-        self.def_to_vvid: dict[Any, int] = {}
+        self.def_to_vvid: dict[tuple[int, int | None, int, Expression | Statement], int] = {}
         self.stackvar_locs = stackvar_locs
         self.udef_to_phiid = udef_to_phiid
         self.phiid_to_loc = phiid_to_loc
+        self.rewrite_tmps = rewrite_tmps
         self.ail_manager = ail_manager
         self._current_vvar_id = vvar_id_start
@@ -97,9 +100,11 @@ class SimEngineSSARewriting(
                 self.state.registers[stmt.dst.reg_offset][stmt.dst.size] = stmt.dst
             elif stmt.dst.category == VirtualVariableCategory.STACK:
                 self.state.stackvars[stmt.dst.stack_offset][stmt.dst.size] = stmt.dst
+            elif stmt.dst.category == VirtualVariableCategory.TMP:
+                self.state.tmps[stmt.dst.tmp_idx] = stmt.dst
             new_dst = None
         else:
-            new_dst = self._replace_def_expr(stmt.dst)
+            new_dst = self._replace_def_expr(self.block.addr, self.block.idx, self.stmt_idx, stmt.dst)
         stmt_base_reg = None
         if new_dst is not None:
@@ -124,7 +129,9 @@ class SimEngineSSARewriting(
                         **stmt.dst.tags,
                     )
                     existing_base_reg_vvar = self._replace_use_reg(base_reg_expr)
-                    base_reg_vvar = self._replace_def_expr(base_reg_expr)
+                    base_reg_vvar = self._replace_def_expr(
+                        self.block.addr, self.block.idx, self.stmt_idx, base_reg_expr
+                    )
                     stmt_base_reg = Assignment(
                         self.ail_manager.next_atom(),
                         base_reg_vvar,
@@ -134,6 +141,8 @@ class SimEngineSSARewriting(
                         **stmt.tags,
                     )
                     self.state.registers[base_offset][base_size] = base_reg_vvar
+            elif isinstance(stmt.dst, Tmp):
+                pass
             else:
                 raise NotImplementedError
@@ -151,7 +160,7 @@ class SimEngineSSARewriting(
     def _handle_Store(self, stmt: Store) -> Store | Assignment | None:
         new_data = self._expr(stmt.data)
-        vvar = self._replace_def_store(stmt)
+        vvar = self._replace_def_store(self.block.addr, self.block.idx, self.stmt_idx, stmt)
         if vvar is not None:
             return Assignment(stmt.idx, vvar, stmt.data if new_data is None else new_data, **stmt.tags)
@@ -189,9 +198,19 @@ class SimEngineSSARewriting(
         return None
     def _handle_Call(self, stmt: Call) -> Call | None:
-        new_target = self._replace_use_reg(stmt.target) if isinstance(stmt.target, Register) else None
-        new_ret_expr = self._replace_def_expr(stmt.ret_expr) if stmt.ret_expr is not None else None
-        new_fp_ret_expr = self._replace_def_expr(stmt.fp_ret_expr) if stmt.fp_ret_expr is not None else None
+        changed = False
+        new_target = self._replace_use_expr(stmt.target)
+        new_ret_expr = (
+            self._replace_def_expr(self.block.addr, self.block.idx, self.stmt_idx, stmt.ret_expr)
+            if stmt.ret_expr is not None
+            else None
+        )
+        new_fp_ret_expr = (
+            self._replace_def_expr(self.block.addr, self.block.idx, self.stmt_idx, stmt.fp_ret_expr)
+            if stmt.fp_ret_expr is not None
+            else None
+        )
         cc = stmt.calling_convention if stmt.calling_convention is not None else self.project.factory.cc()
         if cc is not None:
@@ -211,22 +230,50 @@ class SimEngineSSARewriting(
             self._clear_aliasing_regs(stmt.fp_ret_expr.reg_offset, stmt.fp_ret_expr.size)
             self.state.registers[stmt.fp_ret_expr.reg_offset][stmt.fp_ret_expr.size] = new_fp_ret_expr
+        new_args = None
+        if stmt.args is not None:
+            new_args = []
+            for arg in stmt.args:
+                new_arg = self._expr(arg)
+                if new_arg is not None:
+                    changed = True
+                    new_args.append(new_arg)
+                else:
+                    new_args.append(arg)
         if new_target is not None or new_ret_expr is not None or new_fp_ret_expr is not None:
+            changed = True
+        if changed:
             return Call(
                 stmt.idx,
                 stmt.target if new_target is None else new_target,
                 calling_convention=stmt.calling_convention,
                 prototype=stmt.prototype,
-                args=stmt.args,
+                args=new_args,
                 ret_expr=stmt.ret_expr if new_ret_expr is None else new_ret_expr,
                 fp_ret_expr=stmt.fp_ret_expr if new_fp_ret_expr is None else new_fp_ret_expr,
+                bits=stmt.bits,
                 **stmt.tags,
             )
         return None
+    _handle_CallExpr = _handle_Call
+    def _handle_DirtyStatement(self, stmt: DirtyStatement) -> DirtyStatement | None:
+        dirty = self._expr(stmt.dirty)
+        if dirty is None or dirty is stmt.dirty:
+            return None
+        return DirtyStatement(stmt.idx, dirty, **stmt.tags)
     def _handle_Register(self, expr: Register) -> VirtualVariable | None:
         return self._replace_use_reg(expr)
+    def _handle_Tmp(self, expr: Tmp) -> VirtualVariable | None:
+        return (
+            self._replace_use_tmp(self.block.addr, self.block.idx, self.stmt_idx, expr) if self.rewrite_tmps else None
+        )
     def _handle_Load(self, expr: Load) -> Load | VirtualVariable | None:
         if isinstance(expr.addr, StackBaseOffset) and isinstance(expr.addr.offset, int):
             new_expr = self._replace_use_load(expr)
@@ -341,13 +388,42 @@ class SimEngineSSARewriting(
                 new_operands.append(operand)
         if updated:
-            return VEXCCallExpression(expr.idx, expr.cee_name, new_operands, bits=expr.bits, **expr.tags)
+            return VEXCCallExpression(expr.idx, expr.callee, new_operands, bits=expr.bits, **expr.tags)
         return None
-    def _handle_Dummy(self, expr) -> None:
+    def _handle_DirtyExpression(self, expr: DirtyExpression) -> DirtyExpression | None:
+        updated = False
+        new_operands = []
+        for operand in expr.operands:
+            new_operand = self._expr(operand)
+            if new_operand is not None:
+                updated = True
+                new_operands.append(new_operand)
+            else:
+                new_operands.append(operand)
+        new_guard = None
+        if expr.guard is not None:
+            new_guard = self._expr(expr.guard)
+            if new_guard is not None:
+                updated = True
+        if updated:
+            return DirtyExpression(
+                expr.idx,
+                expr.callee,
+                new_operands,
+                guard=new_guard,
+                mfx=expr.mfx,
+                maddr=expr.maddr,
+                msize=expr.msize,
+                bits=expr.bits,
+                **expr.tags,
+            )
         return None
-    _handle_DirtyExpression = _handle_Dummy
+    def _handle_Dummy(self, expr) -> None:
+        return None
     #
     # Expression replacement
@@ -417,23 +493,29 @@ class SimEngineSSARewriting(
             **new_base_expr.tags,
         )
-    def _replace_def_expr(self, thing: Expression | Statement) -> VirtualVariable | None:
+    def _replace_def_expr(
+        self, block_addr: int, block_idx: int | None, stmt_idx: int, thing: Expression | Statement
+    ) -> VirtualVariable | None:
         """
         Return a new virtual variable for the given defined expression.
         """
         if isinstance(thing, Register):
-            return self._replace_def_reg(thing)
+            return self._replace_def_reg(block_addr, block_idx, stmt_idx, thing)
         if isinstance(thing, Store):
-            return self._replace_def_store(thing)
+            return self._replace_def_store(block_addr, block_idx, stmt_idx, thing)
+        if isinstance(thing, Tmp) and self.rewrite_tmps:
+            return self._replace_def_tmp(block_addr, block_idx, stmt_idx, thing)
         return None
-    def _replace_def_reg(self, expr: Register) -> VirtualVariable:
+    def _replace_def_reg(
+        self, block_addr: int, block_idx: int | None, stmt_idx: int, expr: Register
+    ) -> VirtualVariable:
         """
         Return a new virtual variable for the given defined register.
         """
         # get the virtual variable ID
-        vvid = self.get_vvid_by_def(expr)
+        vvid = self.get_vvid_by_def(block_addr, block_idx, stmt_idx, expr)
         return VirtualVariable(
             expr.idx,
             vvid,
@@ -464,14 +546,16 @@ class SimEngineSSARewriting(
             return vvar
         return self.state.registers[base_off][base_size]
-    def _replace_def_store(self, stmt: Store) -> VirtualVariable | None:
+    def _replace_def_store(
+        self, block_addr: int, block_idx: int | None, stmt_idx: int, stmt: Store
+    ) -> VirtualVariable | None:
         if (
             isinstance(stmt.addr, StackBaseOffset)
             and isinstance(stmt.addr.offset, int)
             and stmt.addr.offset in self.stackvar_locs
             and stmt.size == self.stackvar_locs[stmt.addr.offset]
         ):
-            vvar_id = self.get_vvid_by_def(stmt)
+            vvar_id = self.get_vvid_by_def(block_addr, block_idx, stmt_idx, stmt)
             vvar = VirtualVariable(
                 self.ail_manager.next_atom(),
                 vvar_id,
@@ -484,6 +568,31 @@ class SimEngineSSARewriting(
             return vvar
         return None
+    def _replace_def_tmp(self, block_addr: int, block_idx: int | None, stmt_idx: int, expr: Tmp) -> VirtualVariable:
+        vvid = self.get_vvid_by_def(block_addr, block_idx, stmt_idx, expr)
+        vvar = VirtualVariable(
+            expr.idx,
+            vvid,
+            expr.bits,
+            VirtualVariableCategory.TMP,
+            oident=expr.tmp_idx,
+            **expr.tags,
+        )
+        self.state.tmps[expr.tmp_idx] = vvar
+        return vvar
+    def _replace_use_expr(self, thing: Expression | Statement) -> VirtualVariable | None:
+        """
+        Return a new virtual variable for the given defined expression.
+        """
+        if isinstance(thing, Register):
+            return self._replace_use_reg(thing)
+        if isinstance(thing, Store):
+            raise NotImplementedError("Store expressions are not supported in _replace_use_expr.")
+        if isinstance(thing, Tmp) and self.rewrite_tmps:
+            return self._replace_use_tmp(self.block.addr, self.block.idx, self.stmt_idx, thing)
+        return None
     def _replace_use_reg(self, reg_expr: Register) -> VirtualVariable | Expression:
         if reg_expr.reg_offset in self.state.registers:
@@ -556,7 +665,8 @@ class SimEngineSSARewriting(
             and expr.size == self.stackvar_locs[expr.addr.offset]
         ):
             if expr.size not in self.state.stackvars[expr.addr.offset]:
-                vvar_id = self.get_vvid_by_def(expr)
+                # create it on the fly
+                vvar_id = self.get_vvid_by_def(self.block.addr, self.block.idx, self.stmt_idx, expr)
                 return VirtualVariable(
                     self.ail_manager.next_atom(),
                     vvar_id,
@@ -579,15 +689,31 @@ class SimEngineSSARewriting(
             )
         return None
+    def _replace_use_tmp(self, block_addr: int, block_idx: int | None, stmt_idx: int, expr: Tmp) -> VirtualVariable:
+        vvar = self.state.tmps.get(expr.tmp_idx)
+        if vvar is None:
+            return self._replace_def_tmp(block_addr, block_idx, stmt_idx, expr)
+        return VirtualVariable(
+            expr.idx,
+            vvar.varid,
+            vvar.bits,
+            VirtualVariableCategory.TMP,
+            oident=expr.tmp_idx,
+            **expr.tags,
+        )
     #
     # Utils
     #
-    def get_vvid_by_def(self, thing: Expression | Statement) -> int:
-        if thing in self.def_to_vvid:
-            return self.def_to_vvid[thing]
+    def get_vvid_by_def(
+        self, block_addr: int, block_idx: int | None, stmt_idx: int, thing: Expression | Statement
+    ) -> int:
+        key = block_addr, block_idx, stmt_idx, thing
+        if key in self.def_to_vvid:
+            return self.def_to_vvid[key]
         vvid = self.next_vvar_id()
-        self.def_to_vvid[thing] = vvid
+        self.def_to_vvid[key] = vvid
         return vvid
     def _clear_aliasing_regs(self, reg_offset: int, size: int, remove_base_reg: bool = True) -> None:

angr/analyses/decompiler/ssailification/rewriting_state.py CHANGED Viewed

@@ -32,6 +32,7 @@ class RewritingState:
         self.stackvars: defaultdict[int, dict[int, VirtualVariable]] = (
             stackvars if stackvars is not None else defaultdict(dict)
         )
+        self.tmps: dict[int, VirtualVariable] = {}
         self.original_block = original_block
         self.out_block = None

angr/analyses/decompiler/ssailification/ssailification.py CHANGED Viewed

@@ -5,8 +5,8 @@ from collections import defaultdict
 from itertools import count
 from bisect import bisect_left
-from ailment.expression import Register, StackBaseOffset
-from ailment.statement import Store
+from ailment.expression import Expression, Register, StackBaseOffset, Tmp
+from ailment.statement import Statement, Store
 from angr.knowledge_plugins.functions import Function
 from angr.code_location import CodeLocation
@@ -33,6 +33,7 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
         func_addr: int | None = None,
         ail_manager=None,
         ssa_stackvars: bool = False,
+        ssa_tmps: bool = False,
         vvar_id_start: int = 0,
     ):
         """
@@ -51,6 +52,7 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
         self._func_addr = func_addr
         self._ail_manager = ail_manager
         self._ssa_stackvars = ssa_stackvars
+        self._ssa_tmps = ssa_tmps
         self._entry = (
             entry
             if entry is not None
@@ -68,6 +70,7 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
             stack_pointer_tracker,
             bp_as_gpr,
             ssa_stackvars,
+            ssa_tmps,
         )
         # calculate virtual variables and phi nodes
@@ -86,13 +89,19 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
             self._udef_to_phiid,
             self._phiid_to_loc,
             self._stackvar_locs,
+            self._ssa_tmps,
             self._ail_manager,
             vvar_id_start=vvar_id_start,
         )
         self.out_graph = rewriter.out_graph
         self.max_vvar_id = rewriter.max_vvar_id
-    def _calculate_virtual_variables(self, ail_graph, def_to_loc: dict, loc_to_defs: dict[CodeLocation, Any]):
+    def _calculate_virtual_variables(
+        self,
+        ail_graph,
+        def_to_loc: list[tuple[Expression | Statement, CodeLocation]],
+        loc_to_defs: dict[CodeLocation, Any],
+    ):
         """
         Calculate the mapping from defs to virtual variables as well as where to insert phi nodes.
         """
@@ -112,7 +121,7 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
         if self._ssa_stackvars:
             # for stack variables, we collect all definitions and identify stack variable locations using heuristics
-            stackvar_locs = self._synthesize_stackvar_locs([def_ for def_ in def_to_loc if isinstance(def_, Store)])
+            stackvar_locs = self._synthesize_stackvar_locs([def_ for def_, _ in def_to_loc if isinstance(def_, Store)])
             sorted_stackvar_offs = sorted(stackvar_locs)
         else:
             stackvar_locs = {}
@@ -121,10 +130,8 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
         # computer phi node locations for each unified definition
         udef_to_defs = defaultdict(set)
         udef_to_blockkeys = defaultdict(set)
-        for def_ in def_to_loc:
+        for def_, loc in def_to_loc:
             if isinstance(def_, Register):
-                loc = def_to_loc[def_]
                 base_off, base_size = get_reg_offset_base_and_size(def_.reg_offset, self.project.arch, size=def_.size)
                 base_reg_bits = base_size * self.project.arch.byte_width
                 udef_to_defs[("reg", base_off, base_reg_bits)].add(def_)
@@ -135,8 +142,6 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
                     udef_to_defs[("reg", def_.reg_offset, reg_bits)].add((loc.block_addr, loc.block_idx))
             elif isinstance(def_, Store):
                 if isinstance(def_.addr, StackBaseOffset) and isinstance(def_.addr.offset, int):
-                    loc = def_to_loc[def_]
                     idx_begin = bisect_left(sorted_stackvar_offs, def_.addr.offset)
                     for i in range(idx_begin, len(sorted_stackvar_offs)):
                         off = sorted_stackvar_offs[i]
@@ -144,6 +149,9 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
                             break
                         udef_to_defs[("stack", off, stackvar_locs[off])].add(def_)
                         udef_to_blockkeys[("stack", off, stackvar_locs[off])].add((loc.block_addr, loc.block_idx))
+            elif isinstance(def_, Tmp):
+                # Tmps are local to each block and do not need phi nodes
+                pass
             else:
                 raise NotImplementedError
                 # other types are not supported yet

angr/analyses/decompiler/ssailification/traversal.py CHANGED Viewed

@@ -19,10 +19,11 @@ class TraversalAnalysis(ForwardAnalysis[None, NodeType, object, object]):
     TraversalAnalysis traverses the AIL graph and collects definitions.
     """
-    def __init__(self, project, func, ail_graph, sp_tracker, bp_as_gpr: bool, stackvars: bool):
+    def __init__(self, project, func, ail_graph, sp_tracker, bp_as_gpr: bool, stackvars: bool, tmps: bool):
         self.project = project
         self._stackvars = stackvars
+        self._tmps = tmps
         self._function = func
         self._graph_visitor = FunctionGraphVisitor(self._function, ail_graph)
@@ -34,6 +35,7 @@ class TraversalAnalysis(ForwardAnalysis[None, NodeType, object, object]):
             sp_tracker=sp_tracker,
             bp_as_gpr=bp_as_gpr,
             stackvars=self._stackvars,
+            tmps=self._tmps,
         )
         self._visited_blocks: set[Any] = set()

angr/analyses/decompiler/ssailification/traversal_engine.py CHANGED Viewed

@@ -2,7 +2,7 @@ from __future__ import annotations
 from collections import OrderedDict
 from ailment.statement import Assignment, Call, Store, ConditionalJump
-from ailment.expression import Register, BinaryOp, StackBaseOffset, ITE, VEXCCallExpression
+from ailment.expression import Register, BinaryOp, StackBaseOffset, ITE, VEXCCallExpression, Tmp, DirtyExpression
 from angr.engines.light import SimEngineLight, SimEngineLightAILMixin
 from angr.utils.ssa import get_reg_offset_base
@@ -21,7 +21,14 @@ class SimEngineSSATraversal(
     state: TraversalState
     def __init__(
-        self, arch, sp_tracker=None, bp_as_gpr: bool = False, def_to_loc=None, loc_to_defs=None, stackvars: bool = False
+        self,
+        arch,
+        sp_tracker=None,
+        bp_as_gpr: bool = False,
+        def_to_loc=None,
+        loc_to_defs=None,
+        stackvars: bool = False,
+        tmps: bool = False,
     ):
         super().__init__()
@@ -29,14 +36,15 @@ class SimEngineSSATraversal(
         self.sp_tracker = sp_tracker
         self.bp_as_gpr = bp_as_gpr
         self.stackvars = stackvars
+        self.tmps = tmps
-        self.def_to_loc = def_to_loc if def_to_loc is not None else OrderedDict()
+        self.def_to_loc = def_to_loc if def_to_loc is not None else []
         self.loc_to_defs = loc_to_defs if loc_to_defs is not None else OrderedDict()
     def _handle_Assignment(self, stmt: Assignment):
         if isinstance(stmt.dst, Register):
             codeloc = self._codeloc()
-            self.def_to_loc[stmt.dst] = codeloc
+            self.def_to_loc.append((stmt.dst, codeloc))
             if codeloc not in self.loc_to_defs:
                 self.loc_to_defs[codeloc] = OrderedSet()
             self.loc_to_defs[codeloc].add(stmt.dst)
@@ -52,7 +60,7 @@ class SimEngineSSATraversal(
         if self.stackvars and isinstance(stmt.addr, StackBaseOffset) and isinstance(stmt.addr.offset, int):
             codeloc = self._codeloc()
-            self.def_to_loc[stmt] = codeloc
+            self.def_to_loc.append((stmt, codeloc))
             if codeloc not in self.loc_to_defs:
                 self.loc_to_defs[codeloc] = OrderedSet()
             self.loc_to_defs[codeloc].add(stmt)
@@ -69,7 +77,7 @@ class SimEngineSSATraversal(
     def _handle_Call(self, stmt: Call):
         if stmt.ret_expr is not None and isinstance(stmt.ret_expr, Register):
             codeloc = self._codeloc()
-            self.def_to_loc[stmt.ret_expr] = codeloc
+            self.def_to_loc.append((stmt.ret_expr, codeloc))
             if codeloc not in self.loc_to_defs:
                 self.loc_to_defs[codeloc] = OrderedSet()
             self.loc_to_defs[codeloc].add(stmt.ret_expr)
@@ -79,18 +87,30 @@ class SimEngineSSATraversal(
         super()._ail_handle_Call(stmt)
+    _handle_CallExpr = _handle_Call
     def _handle_Register(self, expr: Register):
         base_offset = get_reg_offset_base(expr.reg_offset, self.arch)
         if base_offset not in self.state.live_registers:
             codeloc = self._codeloc()
-            self.def_to_loc[expr] = codeloc
+            self.def_to_loc.append((expr, codeloc))
             if codeloc not in self.loc_to_defs:
                 self.loc_to_defs[codeloc] = OrderedSet()
             self.loc_to_defs[codeloc].add(expr)
             self.state.live_registers.add(base_offset)
+    def _handle_Tmp(self, expr: Tmp):
+        if self.tmps:
+            codeloc = self._codeloc()
+            self.def_to_loc.append((expr, codeloc))
+            if codeloc not in self.loc_to_defs:
+                self.loc_to_defs[codeloc] = OrderedSet()
+            self.loc_to_defs[codeloc].add(expr)
+            self.state.live_tmps.add(expr.tmp_idx)
     def _handle_Cmp(self, expr: BinaryOp):
         self._expr(expr.operands[0])
         self._expr(expr.operands[1])
@@ -123,9 +143,16 @@ class SimEngineSSATraversal(
         for operand in expr.operands:
             self._expr(operand)
+    def _handle_DirtyExpression(self, expr: DirtyExpression):
+        for operand in expr.operands:
+            self._expr(operand)
+        if expr.guard is not None:
+            self._expr(expr.guard)
+        if expr.maddr is not None:
+            self._expr(expr.maddr)
     def _handle_Dummy(self, expr):
         pass
     _handle_VirtualVariable = _handle_Dummy
     _handle_Phi = _handle_Dummy
-    _handle_DirtyExpression = _handle_Dummy

angr/analyses/decompiler/ssailification/traversal_state.py CHANGED Viewed

@@ -18,6 +18,7 @@ class TraversalState:
         self.live_registers: set[int] = set() if live_registers is None else live_registers
         self.live_stackvars: set[tuple[int, int]] = set() if live_stackvars is None else live_stackvars
+        self.live_tmps: set[int] = set()  # tmps are internal to a block only and never propagated from another state
     def copy(self) -> TraversalState:
         return TraversalState(

angr/analyses/decompiler/structured_codegen/c.py CHANGED Viewed

@@ -1408,7 +1408,7 @@ class CUnsupportedStatement(CStatement):
 class CDirtyStatement(CExpression):
     __slots__ = ("dirty",)
-    def __init__(self, dirty, **kwargs):
+    def __init__(self, dirty: CDirtyExpression, **kwargs):
         super().__init__(**kwargs)
         self.dirty = dirty
@@ -1420,7 +1420,7 @@ class CDirtyStatement(CExpression):
         indent_str = self.indent_str(indent=indent)
         yield indent_str, None
-        yield str(self.dirty), None
+        yield from self.dirty.c_repr_chunks()
         yield "\n", None
@@ -2303,6 +2303,38 @@ class CMultiStatementExpression(CExpression):
         yield ")", paren
+class CVEXCCallExpression(CExpression):
+    """
+    ccall_name(arg0, arg1, ...)
+    """
+    __slots__ = (
+        "callee",
+        "operands",
+        "tags",
+    )
+    def __init__(self, callee: str, operands: list[CExpression], tags=None, **kwargs):
+        super().__init__(**kwargs)
+        self.callee = callee
+        self.operands = operands
+        self.tags = tags
+    @property
+    def type(self):
+        return SimTypeInt().with_arch(self.codegen.project.arch)
+    def c_repr_chunks(self, indent=0, asexpr=False):
+        paren = CClosingObject("(")
+        yield f"{self.callee}", self
+        yield "(", paren
+        for idx, operand in enumerate(self.operands):
+            if idx != 0:
+                yield ", ", None
+            yield from operand.c_repr_chunks()
+        yield ")", paren
 class CDirtyExpression(CExpression):
     """
     Ideally all dirty expressions should be handled and converted to proper conversions during conversion from VEX to
@@ -2424,6 +2456,7 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
             Expr.BinaryOp: self._handle_Expr_BinaryOp,
             Expr.Convert: self._handle_Expr_Convert,
             Expr.StackBaseOffset: self._handle_Expr_StackBaseOffset,
+            Expr.VEXCCallExpression: self._handle_Expr_VEXCCallExpression,
             Expr.DirtyExpression: self._handle_Expr_Dirty,
             Expr.ITE: self._handle_Expr_ITE,
             Expr.Reinterpret: self._handle_Reinterpret,
@@ -3318,7 +3351,8 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         return clabel
     def _handle_Stmt_Dirty(self, stmt: Stmt.DirtyStatement, **kwargs):
-        return CDirtyStatement(stmt, codegen=self)
+        dirty = self._handle(stmt.dirty)
+        return CDirtyStatement(dirty, codegen=self)
     #
     # AIL expression handlers
@@ -3519,7 +3553,11 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         return CTypeCast(None, dst_type.with_arch(self.project.arch), child, tags=expr.tags, codegen=self)
-    def _handle_Expr_Dirty(self, expr, **kwargs):
+    def _handle_Expr_VEXCCallExpression(self, expr: Expr.VEXCCallExpression, **kwargs):
+        operands = [self._handle(arg) for arg in expr.operands]
+        return CVEXCCallExpression(expr.callee, operands, tags=expr.tags, codegen=self)
+    def _handle_Expr_Dirty(self, expr: Expr.DirtyExpression, **kwargs):
         return CDirtyExpression(expr, codegen=self)
     def _handle_Expr_ITE(self, expr: Expr.ITE, **kwargs):

angr/analyses/decompiler/structuring/phoenix.py CHANGED Viewed

@@ -566,6 +566,9 @@ class PhoenixStructurer(StructurerBase):
             if next_node is node:
                 break
+            if next_node is head:
+                # we don't want a loop with region head not as the first node of the body!
+                return False, None
             if next_node is not node and next_node in seen_nodes:
                 return False, None