angr 9.2.129__py3-none-macosx_11_0_arm64.whl → 9.2.131__py3-none-macosx_11_0_arm64.whl

angr/analyses/decompiler/peephole_optimizations/eager_eval.py

@@ -3,6 +3,7 @@ from math import gcd
 
 from ailment.expression import BinaryOp, UnaryOp, Const, Convert, StackBaseOffset
 
+from angr.utils.bits import sign_extend
 from .base import PeepholeOptimizationExprBase
 
 
@@ -59,22 +60,50 @@ class EagerEvaluation(PeepholeOptimizationExprBase):
                         expr.signed,
                         **expr.tags,
                     )
-            if (
-                isinstance(expr.operands[0], BinaryOp)
-                and expr.operands[0].op == "Mul"
-                and isinstance(expr.operands[0].operands[1], Const)
-                and expr.operands[0].operands[0].likes(expr.operands[1])
-            ):
-                # A * x + x => (A + 1) * x
-                coeff_expr = expr.operands[0].operands[1]
-                new_coeff = coeff_expr.value + 1
-                return BinaryOp(
-                    expr.idx,
-                    "Mul",
-                    [Const(coeff_expr.idx, None, new_coeff, coeff_expr.bits), expr.operands[1]],
-                    expr.signed,
-                    **expr.tags,
-                )
+            op0, op1 = expr.operands
+            if op0.likes(op1):
+                # x + x => 2 * x
+                count = Const(expr.idx, None, 2, op0.bits, **expr.tags)
+                return BinaryOp(expr.idx, "Mul", [op0, count], expr.signed, **expr.tags)
+
+            op0_is_mulconst = (
+                isinstance(op0, BinaryOp)
+                and op0.op == "Mul"
+                and (isinstance(op0.operands[0], Const) or isinstance(op0.operands[1], Const))
+            )
+            op1_is_mulconst = (
+                isinstance(op1, BinaryOp)
+                and op1.op == "Mul"
+                and (isinstance(op1.operands[0], Const) or isinstance(op1.operands[1], Const))
+            )
+            const0, x0 = None, None
+            const1, x1 = None, None
+            if op0_is_mulconst:
+                if isinstance(op0.operands[0], Const):
+                    const0, x0 = op0.operands
+                elif isinstance(op0.operands[1], Const):
+                    x0, const0 = op0.operands
+            if op1_is_mulconst:
+                if isinstance(op1.operands[0], Const):
+                    const1, x1 = op1.operands
+                elif isinstance(op1.operands[1], Const):
+                    x1, const1 = op1.operands
+
+            if op0_is_mulconst ^ op1_is_mulconst:
+                if x0 is not None and const0 is not None and x0.likes(op1):
+                    # x * A + x => (A + 1) * x
+                    new_const = Const(const0.idx, None, const0.value + 1, const0.bits, **const0.tags)
+                    return BinaryOp(expr.idx, "Mul", [x0, new_const], expr.signed, **expr.tags)
+                if x1 is not None and const1 is not None and x1.likes(op0):
+                    # x + x * A => (A + 1) * x
+                    new_const = Const(const1.idx, None, const1.value + 1, const1.bits, **const1.tags)
+                    return BinaryOp(expr.idx, "Mul", [x1, new_const], expr.signed, **expr.tags)
+            elif op0_is_mulconst and op1_is_mulconst:
+                if x0.likes(x1):
+                    # x * A + x * B => (A + B) * x
+                    new_const = Const(const0.idx, None, const0.value + const1.value, const0.bits, **const0.tags)
+                    return BinaryOp(expr.idx, "Mul", [x0, new_const], expr.signed, **expr.tags)
+
         elif expr.op == "Sub":
             if isinstance(expr.operands[0], Const) and isinstance(expr.operands[1], Const):
                 mask = (1 << expr.bits) - 1
@@ -119,12 +148,25 @@ class EagerEvaluation(PeepholeOptimizationExprBase):
 
         elif expr.op == "Mul":
             if isinstance(expr.operands[1], Const) and expr.operands[1].value == 1:
+                # x * 1 => x
                 return expr.operands[0]
             if isinstance(expr.operands[0], Const) and isinstance(expr.operands[1], Const):
+                # constant multiplication
                 mask = (1 << expr.bits) - 1
                 return Const(
                     expr.idx, None, (expr.operands[0].value * expr.operands[1].value) & mask, expr.bits, **expr.tags
                 )
+            if {type(expr.operands[0]), type(expr.operands[1])} == {BinaryOp, Const}:
+                op0, op1 = expr.operands
+                const_, x0 = (op0, op1) if isinstance(op0, Const) else (op1, op0)
+                if x0.op == "Mul" and (isinstance(x0.operands[0], Const) or isinstance(x0.operands[1], Const)):
+                    # (A * x) * C => (A * C) * x
+                    if isinstance(x0.operands[0], Const):
+                        const_x0, x = x0.operands[0], x0.operands[1]
+                    else:
+                        const_x0, x = x0.operands[1], x0.operands[0]
+                    new_const = Const(const_.idx, None, const_.value * const_x0.value, const_.bits, **const_x0.tags)
+                    return BinaryOp(expr.idx, "Mul", [x, new_const], expr.signed, bits=expr.bits, **expr.tags)
 
         elif (
             expr.op == "Div"
@@ -197,6 +239,42 @@ class EagerEvaluation(PeepholeOptimizationExprBase):
             if expr.operands[0].likes(expr.operands[1]):
                 return expr.operands[0]
 
+        elif expr.op in {"CmpEQ", "CmpLE", "CmpGE"}:
+            if expr.operands[0].likes(expr.operands[1]):
+                # x == x => 1
+                return Const(expr.idx, None, 1, 1, **expr.tags)
+            if isinstance(expr.operands[0], Const) and isinstance(expr.operands[1], Const):
+                if expr.op == "CmpEQ":
+                    return Const(
+                        expr.idx, None, 1 if expr.operands[0].value == expr.operands[1].value else 0, 1, **expr.tags
+                    )
+                if expr.op == "CmpLE":
+                    return Const(
+                        expr.idx, None, 1 if expr.operands[0].value <= expr.operands[1].value else 0, 1, **expr.tags
+                    )
+                if expr.op == "CmpGE":
+                    return Const(
+                        expr.idx, None, 1 if expr.operands[0].value >= expr.operands[1].value else 0, 1, **expr.tags
+                    )
+
+        elif expr.op in {"CmpNE", "CmpLT", "CmpGT"}:
+            if expr.operands[0].likes(expr.operands[1]):
+                # x != x => 0
+                return Const(expr.idx, None, 0, 1, **expr.tags)
+            if isinstance(expr.operands[0], Const) and isinstance(expr.operands[1], Const):
+                if expr.op == "CmpNE":
+                    return Const(
+                        expr.idx, None, 1 if expr.operands[0].value != expr.operands[1].value else 0, 1, **expr.tags
+                    )
+                if expr.op == "CmpLT":
+                    return Const(
+                        expr.idx, None, 1 if expr.operands[0].value < expr.operands[1].value else 0, 1, **expr.tags
+                    )
+                if expr.op == "CmpGT":
+                    return Const(
+                        expr.idx, None, 1 if expr.operands[0].value > expr.operands[1].value else 0, 1, **expr.tags
+                    )
+
         return None
 
     @staticmethod
@@ -225,8 +303,11 @@ class EagerEvaluation(PeepholeOptimizationExprBase):
             and expr.from_type == Convert.TYPE_INT
             and expr.to_type == Convert.TYPE_INT
             and expr.from_bits <= expr.to_bits
-            and expr.is_signed is False
         ):
-            # unsigned extension
-            return Const(expr.idx, expr.operand.variable, expr.operand.value, expr.to_bits, **expr.operand.tags)
+            if expr.is_signed is False:
+                # unsigned extension
+                return Const(expr.idx, expr.operand.variable, expr.operand.value, expr.to_bits, **expr.operand.tags)
+            # signed extension
+            v = sign_extend(expr.operand.value, expr.to_bits)
+            return Const(expr.idx, expr.operand.variable, v, expr.to_bits, **expr.operand.tags)
         return None

angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py

@@ -26,5 +26,20 @@ class RemoveNoopConversions(PeepholeOptimizationExprBase):
                 # extension then truncation (e.g., 1->64->1) can be removed, but truncation then extension cannot be
                 # removed (e.g., the high 32 bits must be removed during 64->32->64)
                 return inner.operand
+            if (
+                expr.to_bits < expr.from_bits
+                and expr.from_bits == inner.to_bits
+                and inner.to_bits <= inner.from_bits
+                and expr.is_signed == inner.is_signed
+            ):
+                # merging two truncations into one
+                return Convert(
+                    expr.idx,
+                    inner.from_bits,
+                    expr.to_bits,
+                    expr.is_signed,
+                    inner.operand,
+                    **expr.tags,
+                )
 
         return None

angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py

@@ -1,4 +1,4 @@
-# pylint: disable=missing-class-docstring
+# pylint: disable=missing-class-docstring,too-many-boolean-expressions
 from __future__ import annotations
 from ailment.expression import BinaryOp, Convert, Const
 
@@ -9,9 +9,18 @@ class RemoveRedundantConversions(PeepholeOptimizationExprBase):
     __slots__ = ()
 
     NAME = "Remove redundant conversions around binary operators"
-    expr_classes = (BinaryOp,)
+    expr_classes = (BinaryOp, Convert)
 
-    def optimize(self, expr: BinaryOp, **kwargs):
+    def optimize(self, expr: BinaryOp | Convert, **kwargs):
+
+        if isinstance(expr, BinaryOp):
+            return self._optimize_BinaryOp(expr)
+        if isinstance(expr, Convert):
+            return self._optimize_Convert(expr)
+        return None
+
+    @staticmethod
+    def _optimize_BinaryOp(expr: BinaryOp):
         # TODO make this lhs/rhs agnostic
         if isinstance(expr.operands[0], Convert):
             # check: is the lhs convert an up-cast and is rhs a const?
@@ -156,3 +165,33 @@ class RemoveRedundantConversions(PeepholeOptimizationExprBase):
                             )
 
         return None
+
+    @staticmethod
+    def _optimize_Convert(expr: Convert):
+        operand_expr = expr.operand
+        if isinstance(operand_expr, BinaryOp) and operand_expr.op in {
+            "Mul",
+            "Shl",
+            "Div",
+            "DivMod",
+            "Mod",
+            "Add",
+            "Sub",
+        }:
+            op0, op1 = operand_expr.operands
+            if (
+                isinstance(op0, Convert)
+                and isinstance(op1, Convert)
+                and op0.from_bits == op1.from_bits
+                and op0.to_bits == op1.to_bits
+                and expr.from_bits == op0.to_bits
+                and expr.to_bits == op1.from_bits
+            ):
+                return BinaryOp(
+                    operand_expr.idx,
+                    operand_expr.op,
+                    [op0.operand, op1.operand],
+                    expr.is_signed,
+                    **operand_expr.tags,
+                )
+        return None

angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py

@@ -1,7 +1,9 @@
+# pylint:disable=no-self-use,missing-class-docstring
 from __future__ import annotations
 from ailment.expression import BinaryOp, Const, Convert
 
 from .base import PeepholeOptimizationExprBase
+from .utils import get_expr_shift_left_amount
 
 
 class RemoveRedundantShifts(PeepholeOptimizationExprBase):
@@ -15,8 +17,8 @@ class RemoveRedundantShifts(PeepholeOptimizationExprBase):
         if expr.op in ("Shr", "Sar") and isinstance(expr.operands[1], Const):
             expr_a = expr.operands[0]
             n0 = expr.operands[1].value
-            if isinstance(expr_a, BinaryOp) and expr_a.op == "Shl" and isinstance(expr_a.operands[1], Const):
-                n1 = expr_a.operands[1].value
+            if isinstance(expr_a, BinaryOp) and expr_a.op in {"Shl", "Mul"} and isinstance(expr_a.operands[1], Const):
+                n1 = get_expr_shift_left_amount(expr_a)
                 if n0 == n1:
                     inner_expr = expr_a.operands[0]
                     conv_inner_expr = Convert(

angr/analyses/decompiler/peephole_optimizations/rol_ror.py

@@ -3,6 +3,7 @@ from ailment.statement import Assignment
 from ailment.expression import BinaryOp, Const, Tmp
 
 from .base import PeepholeOptimizationStmtBase
+from .utils import get_expr_shift_left_amount
 
 
 class RolRorRewriter(PeepholeOptimizationStmtBase):
@@ -61,38 +62,64 @@ class RolRorRewriter(PeepholeOptimizationStmtBase):
             if not (isinstance(stmt1_op1, Const) and isinstance(stmt2_op1, Const)):
                 return None
 
-            if stmt_1.src.op == "Shl" and stmt_2.src.op == "Shr" and stmt1_op1.value + stmt2_op1.value == stmt.dst.bits:
+            if (
+                stmt_1.src.op in {"Shl", "Mul"}
+                and stmt_2.src.op == "Shr"
+                and (shiftleft_amount := get_expr_shift_left_amount(stmt_1.src)) is not None
+                and shiftleft_amount + stmt2_op1.value == stmt.dst.bits
+            ):
+                rol_amount = Const(None, None, shiftleft_amount, 8, **stmt1_op1.tags)
                 return Assignment(
                     stmt.idx,
                     stmt.dst,
-                    BinaryOp(None, "Rol", [stmt1_op0, stmt1_op1], False, bits=stmt.dst.bits, **stmt_1.src.tags),
+                    BinaryOp(None, "Rol", [stmt1_op0, rol_amount], False, bits=stmt.dst.bits, **stmt_1.src.tags),
                     **stmt.tags,
                 )
-            if stmt_1.src.op == "Shr" and stmt_2.src.op == "Shl" and stmt1_op1.value + stmt2_op1.value == stmt.dst.bits:
+            if (
+                stmt_1.src.op == "Shr"
+                and stmt_2.src.op in {"Shl", "Mul"}
+                and (shiftleft_amount := get_expr_shift_left_amount(stmt_2.src)) is not None
+                and stmt1_op1.value + shiftleft_amount == stmt.dst.bits
+            ):
                 return Assignment(
                     stmt.idx,
                     stmt.dst,
                     BinaryOp(None, "Ror", [stmt1_op0, stmt1_op1], False, bits=stmt.dst.bits, **stmt_1.src.tags),
                     **stmt.tags,
                 )
-        elif isinstance(op0, BinaryOp) and isinstance(op1, BinaryOp) and {op0.op, op1.op} == {"Shl", "Shr"}:
+        elif (
+            isinstance(op0, BinaryOp)
+            and isinstance(op1, BinaryOp)
+            and {op0.op, op1.op} in [{"Shl", "Shr"}, {"Mul", "Shr"}]
+        ):
             if not op0.operands[0].likes(op1.operands[0]):
                 return None
 
             if not isinstance(op0.operands[1], Const) or not isinstance(op1.operands[1], Const):
                 return None
-            shiftamount = op0.operands[1]
-            op0_shiftamount = op0.operands[1].value
-            op1_shiftamount = op1.operands[1].value
-
-            if op0.op == "Shl" and op1.op == "Shr" and op0_shiftamount + op1_shiftamount == stmt.dst.bits:
+            op0_v = op0.operands[1].value
+            op1_v = op1.operands[1].value
+
+            if (
+                op0.op in {"Shl", "Mul"}
+                and op1.op == "Shr"
+                and (op0_shiftamount := get_expr_shift_left_amount(op0)) is not None
+                and op0_shiftamount + op1_v == stmt.dst.bits
+            ):
+                shiftamount = Const(None, None, op0_shiftamount, 8, **op0.operands[1].tags)
                 return Assignment(
                     stmt.idx,
                     stmt.dst,
                     BinaryOp(None, "Rol", [op0.operands[0], shiftamount], False, bits=stmt.dst.bits, **op0.tags),
                     **stmt.tags,
                 )
-            if op0.op == "Shr" and op1.op == "Shl" and op0_shiftamount + op1_shiftamount == stmt.dst.bits:
+            if (
+                op0.op == "Shr"
+                and op1.op in {"Shl", "Mul"}
+                and (op1_shiftamount := get_expr_shift_left_amount(op1)) is not None
+                and op0_v + op1_shiftamount == stmt.dst.bits
+            ):
+                shiftamount = op0.operands[1]
                 return Assignment(
                     stmt.idx,
                     stmt.dst,

angr/analyses/decompiler/peephole_optimizations/shl_to_mul.py

@@ -0,0 +1,25 @@
+# pylint:disable=missing-class-docstring,no-self-use
+from __future__ import annotations
+from ailment.expression import BinaryOp, Const
+
+from .base import PeepholeOptimizationExprBase
+
+
+class ShlToMul(PeepholeOptimizationExprBase):
+    __slots__ = ()
+
+    NAME = "a << A => a * (2 ** A)"
+    expr_classes = (BinaryOp,)  # all expressions are allowed
+
+    def optimize(self, expr: BinaryOp, **kwargs):
+        if expr.op == "Shl" and isinstance(expr.operands[1], Const):
+            mul_amount = Const(None, None, 2 ** expr.operands[1].value, expr.operands[0].bits)
+            return BinaryOp(
+                expr.idx,
+                "Mul",
+                [expr.operands[0], mul_amount],
+                expr.signed,
+                **expr.tags,
+            )
+
+        return None

angr/analyses/decompiler/peephole_optimizations/utils.py

@@ -0,0 +1,18 @@
+from __future__ import annotations
+from ailment.expression import BinaryOp, Const
+
+
+def get_expr_shift_left_amount(expr: BinaryOp) -> int | None:
+    """
+    Get the shift amount of a shift-left or multiplication operation if the shift amount is a constant.
+
+    :param expr:    The shift-left or multiplication expression (must be a BinaryOp).
+    :return:        The shift amount if it is a constant, or None if it is not.
+    """
+    if expr.op == "Shl" and isinstance(expr.operands[1], Const):
+        return expr.operands[1].value
+    if expr.op == "Mul" and isinstance(expr.operands[1], Const):
+        v = expr.operands[1].value
+        if v & (v - 1) == 0:
+            return v.bit_length() - 1
+    return None

angr/analyses/decompiler/presets/fast.py

@@ -19,7 +19,6 @@ from angr.analyses.decompiler.optimization_passes import (
     FlipBooleanCmp,
     InlinedStringTransformationSimplifier,
     CallStatementRewriter,
-    MultiSimplifier,
     DeadblockRemover,
     SwitchReusedEntryRewriter,
 )
@@ -32,7 +31,6 @@ preset_fast = DecompilationPreset(
         StackCanarySimplifier,
         WinStackCanarySimplifier,
         BasePointerSaveSimplifier,
-        MultiSimplifier,  # TODO: MultiSimplifier should be replaced by a peephole optimization
         ConstantDereferencesSimplifier,
         RetAddrSaveSimplifier,
         X86GccGetPcSimplifier,

angr/analyses/decompiler/presets/full.py

@@ -6,7 +6,6 @@ from angr.analyses.decompiler.optimization_passes import (
     WinStackCanarySimplifier,
     BasePointerSaveSimplifier,
     DivSimplifier,
-    MultiSimplifier,
     ModSimplifier,
     ConstantDereferencesSimplifier,
     RetAddrSaveSimplifier,
@@ -38,7 +37,6 @@ preset_full = DecompilationPreset(
         WinStackCanarySimplifier,
         BasePointerSaveSimplifier,
         DivSimplifier,
-        MultiSimplifier,
         ModSimplifier,
         ConstantDereferencesSimplifier,
         RetAddrSaveSimplifier,

angr/analyses/decompiler/region_identifier.py

@@ -220,7 +220,10 @@ class RegionIdentifier(Analysis):
                 type_ = data.get("type", None)
                 if type_ == "fake_return":
                     if len(list(graph.successors(src))) == 1 and len(list(graph.predecessors(dst))) == 1:
-                        self._merge_nodes(graph, src, dst, force_multinode=True)
+                        merged_node = self._merge_nodes(graph, src, dst, force_multinode=True)
+                        # update the entry_node if necessary
+                        if entry_node is not None and entry_node is src:
+                            entry_node = merged_node
                         break
                 elif type_ == "call":
                     graph.remove_node(dst)
@@ -1059,6 +1062,8 @@ class RegionIdentifier(Analysis):
         assert node_a not in graph
         assert node_b not in graph
 
+        return new_node
+
     def _absorb_node(
         self, graph: networkx.DiGraph, node_mommy, node_kiddie, force_multinode=False
     ):  # pylint:disable=no-self-use

angr/analyses/decompiler/ssailification/rewriting_engine.py

@@ -160,21 +160,23 @@ class SimEngineSSARewriting(
 
     def _handle_Store(self, stmt: Store) -> Store | Assignment | None:
         new_data = self._expr(stmt.data)
-        vvar = self._replace_def_store(self.block.addr, self.block.idx, self.stmt_idx, stmt)
-        if vvar is not None:
-            return Assignment(stmt.idx, vvar, stmt.data if new_data is None else new_data, **stmt.tags)
+        if stmt.guard is None:
+            vvar = self._replace_def_store(self.block.addr, self.block.idx, self.stmt_idx, stmt)
+            if vvar is not None:
+                return Assignment(stmt.idx, vvar, stmt.data if new_data is None else new_data, **stmt.tags)
 
         # fall back to Store
         new_addr = self._expr(stmt.addr)
+        new_guard = self._expr(stmt.guard) if stmt.guard is not None else None
 
-        if new_addr is not None or new_data is not None:
+        if new_addr is not None or new_data is not None or new_guard is not None:
             return Store(
                 stmt.idx,
                 stmt.addr if new_addr is None else new_addr,
                 stmt.data if new_data is None else new_data,
                 stmt.size,
                 stmt.endness,
-                guard=stmt.guard,
+                guard=stmt.guard if new_guard is None else new_guard,
                 **stmt.tags,
             )
 

angr/analyses/decompiler/ssailification/traversal_engine.py

@@ -60,6 +60,8 @@ class SimEngineSSATraversal(
     def _handle_Store(self, stmt: Store):
         self._expr(stmt.addr)
         self._expr(stmt.data)
+        if stmt.guard is not None:
+            self._expr(stmt.guard)
 
         if self.stackvars and isinstance(stmt.addr, StackBaseOffset) and isinstance(stmt.addr.offset, int):
             codeloc = self._codeloc()

angr/analyses/decompiler/structured_codegen/c.py

@@ -52,6 +52,7 @@ from angr.analyses.decompiler.structuring.structurer_nodes import (
     LoopNode,
     BreakNode,
     SwitchCaseNode,
+    IncompleteSwitchCaseNode,
     ContinueNode,
     CascadingConditionNode,
 )
@@ -1136,6 +1137,53 @@ class CSwitchCase(CStatement):
         yield "\n", None
 
 
+class CIncompleteSwitchCase(CStatement):
+    """
+    Represents an incomplete switch-case construct; this only appear in the decompilation output when switch-case
+    structuring fails (for whatever reason).
+    """
+
+    __slots__ = ("head", "cases", "tags")
+
+    def __init__(self, head, cases, tags=None, **kwargs):
+        super().__init__(**kwargs)
+
+        self.head = head
+        self.cases: list[tuple[int, CStatements]] = cases
+        self.tags = tags
+
+    def c_repr_chunks(self, indent=0, asexpr=False):
+        indent_str = self.indent_str(indent=indent)
+        paren = CClosingObject("(")
+        brace = CClosingObject("{")
+
+        yield from self.head.c_repr_chunks(indent=indent)
+        yield "\n", None
+        yield indent_str, None
+        yield "switch ", self
+        yield "(", paren
+        yield "/* incomplete */", None
+        yield ")", paren
+        if self.codegen.braces_on_own_lines:
+            yield "\n", None
+            yield indent_str, None
+        else:
+            yield " ", None
+        yield "{", brace
+        yield "\n", None
+
+        # cases
+        for case_addr, case in self.cases:
+            yield indent_str, None
+            yield f"case {case_addr:#x}", self
+            yield ":\n", None
+            yield from case.c_repr_chunks(indent=indent + INDENT_DELTA)
+
+        yield indent_str, None
+        yield "}", brace
+        yield "\n", None
+
+
 class CAssignment(CStatement):
     """
     a = b
@@ -1299,6 +1347,8 @@ class CFunctionCall(CStatement, CExpression):
             if self.show_disambiguated_name and self._is_target_ambiguous(func_name):
                 func_name = self.callee_func.get_unambiguous_name(display_name=func_name)
             yield func_name, self
+        elif isinstance(self.callee_target, str):
+            yield self.callee_target, self
         else:
             yield from CExpression._try_c_repr_chunks(self.callee_target)
 
@@ -2443,6 +2493,7 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
             Block: self._handle_AILBlock,
             BreakNode: self._handle_Break,
             SwitchCaseNode: self._handle_SwitchCase,
+            IncompleteSwitchCaseNode: self._handle_IncompleteSwitchCase,
             ContinueNode: self._handle_Continue,
             # AIL statements
             Stmt.Store: self._handle_Stmt_Store,
@@ -2671,16 +2722,16 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
     # Util methods
     #
 
-    def default_simtype_from_size(self, n: int, signed: bool = True) -> SimType:
+    def default_simtype_from_bits(self, n: int, signed: bool = True) -> SimType:
         _mapping = {
-            8: SimTypeLongLong,
-            4: SimTypeInt,
-            2: SimTypeShort,
-            1: SimTypeChar,
+            64: SimTypeLongLong,
+            32: SimTypeInt,
+            16: SimTypeShort,
+            8: SimTypeChar,
         }
         if n in _mapping:
             return _mapping.get(n)(signed=signed).with_arch(self.project.arch)
-        return SimTypeNum(n * self.project.arch.byte_width, signed=signed).with_arch(self.project.arch)
+        return SimTypeNum(n, signed=signed).with_arch(self.project.arch)
 
     def _variable(self, variable: SimVariable, fallback_type_size: int | None) -> CVariable:
         # TODO: we need to fucking make sure that variable recovery and type inference actually generates a size
@@ -2690,7 +2741,9 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
             variable, is_global=isinstance(variable, SimMemoryVariable) and not isinstance(variable, SimStackVariable)
         )
         if variable_type is None:
-            variable_type = self.default_simtype_from_size(fallback_type_size or self.project.arch.bytes)
+            variable_type = self.default_simtype_from_bits(
+                (fallback_type_size or self.project.arch.bytes) * self.project.arch.byte_width
+            )
         cvar = CVariable(variable, unified_variable=unified, variable_type=variable_type, codegen=self)
         self._variables_in_use[variable] = cvar
         return cvar
@@ -3172,6 +3225,12 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         tags = {"ins_addr": node.addr}
         return CSwitchCase(switch_expr, cases, default=default, tags=tags, codegen=self)
 
+    def _handle_IncompleteSwitchCase(self, node: IncompleteSwitchCaseNode, **kwargs):
+        head = self._handle(node.head, is_expr=False)
+        cases = [(case.addr, self._handle(case, is_expr=False)) for case in node.cases]
+        tags = {"ins_addr": node.addr}
+        return CIncompleteSwitchCase(head, cases, tags=tags, codegen=self)
+
     def _handle_Continue(self, node, **kwargs):
         tags = {"ins_addr": node.addr}
 
@@ -3313,7 +3372,9 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         if result.is_expr and result.type.size != stmt.size * self.project.arch.byte_width:
             result = CTypeCast(
                 result.type,
-                self.default_simtype_from_size(stmt.size, signed=getattr(result.type, "signed", False)),
+                self.default_simtype_from_bits(
+                    stmt.size * self.project.arch.byte_width, signed=getattr(result.type, "signed", False)
+                ),
                 result,
                 codegen=self,
             )
@@ -3376,12 +3437,12 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
                 return cvar
             offset = 0 if expr.variable_offset is None else expr.variable_offset
             # FIXME: The type should be associated to the register expression itself
-            type_ = self.default_simtype_from_size(expr.size, signed=False)
+            type_ = self.default_simtype_from_bits(expr.bits, signed=False)
             return self._access_constant_offset(self._get_variable_reference(cvar), offset, type_, lvalue, negotiate)
         return CRegister(expr, tags=expr.tags, codegen=self)
 
     def _handle_Expr_Load(self, expr: Expr.Load, **kwargs):
-        ty = self.default_simtype_from_size(expr.size)
+        ty = self.default_simtype_from_bits(expr.bits)
 
         def negotiate(old_ty: SimType, proposed_ty: SimType) -> SimType:
             # we do not allow returning a struct for a primitive type
@@ -3406,7 +3467,7 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         l.warning("FIXME: Leftover Tmp expressions are found.")
         return self._variable(SimTemporaryVariable(expr.tmp_idx), expr.size)
 
-    def _handle_Expr_Const(self, expr, type_=None, reference_values=None, variable=None, **kwargs):
+    def _handle_Expr_Const(self, expr: Expr.Const, type_=None, reference_values=None, variable=None, **kwargs):
         inline_string = False
         function_pointer = False
 
@@ -3483,7 +3544,7 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
 
         if type_ is None:
             # default to int
-            type_ = self.default_simtype_from_size(expr.size)
+            type_ = self.default_simtype_from_bits(expr.bits)
 
         if variable is None and hasattr(expr, "reference_variable") and expr.reference_variable is not None:
             variable = expr.reference_variable
@@ -3561,7 +3622,7 @@ class CStructuredCodeGenerator(BaseStructuredCodeGenerator, Analysis):
         # do we need an intermediate cast?
         if orig_child_signed != expr.is_signed and expr.to_bits > expr.from_bits:
             # this is a problem. sign-extension only happens when the SOURCE of the cast is signed
-            child_ty = self.default_simtype_from_size(child.type.size // self.project.arch.byte_width, expr.is_signed)
+            child_ty = self.default_simtype_from_bits(child.type.size, expr.is_signed)
             child = CTypeCast(None, child_ty, child, codegen=self)
 
         return CTypeCast(None, dst_type.with_arch(self.project.arch), child, tags=expr.tags, codegen=self)