PyPI - angr - Versions diffs - 9.2.130__py3-none-win_amd64.whl → 9.2.132__py3-none-win_amd64.whl - Mend

angr 9.2.130__py3-none-win_amd64.whl → 9.2.132__py3-none-win_amd64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (128) hide show

angr/__init__.py +1 -1
angr/analyses/analysis.py +6 -2
angr/analyses/cfg/cfg_emulated.py +5 -5
angr/analyses/cfg/cfg_fast.py +2 -2
angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +139 -94
angr/analyses/cfg/indirect_jump_resolvers/x86_elf_pic_plt.py +1 -1
angr/analyses/ddg.py +14 -11
angr/analyses/decompiler/ail_simplifier.py +3 -2
angr/analyses/decompiler/block_simplifier.py +10 -21
angr/analyses/decompiler/clinic.py +361 -8
angr/analyses/decompiler/condition_processor.py +12 -10
angr/analyses/decompiler/dephication/graph_rewriting.py +1 -1
angr/analyses/decompiler/dephication/rewriting_engine.py +169 -45
angr/analyses/decompiler/dephication/seqnode_dephication.py +5 -4
angr/analyses/decompiler/optimization_passes/__init__.py +0 -3
angr/analyses/decompiler/optimization_passes/const_derefs.py +1 -0
angr/analyses/decompiler/optimization_passes/div_simplifier.py +41 -16
angr/analyses/decompiler/optimization_passes/engine_base.py +261 -83
angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +173 -35
angr/analyses/decompiler/optimization_passes/mod_simplifier.py +5 -2
angr/analyses/decompiler/optimization_passes/optimization_pass.py +39 -19
angr/analyses/decompiler/peephole_optimizations/__init__.py +5 -1
angr/analyses/decompiler/peephole_optimizations/a_mul_const_sub_a.py +34 -0
angr/analyses/decompiler/peephole_optimizations/a_shl_const_sub_a.py +3 -1
angr/analyses/decompiler/peephole_optimizations/bswap.py +10 -6
angr/analyses/decompiler/peephole_optimizations/eager_eval.py +100 -19
angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py +17 -0
angr/analyses/decompiler/peephole_optimizations/remove_redundant_conversions.py +42 -3
angr/analyses/decompiler/peephole_optimizations/remove_redundant_shifts.py +4 -2
angr/analyses/decompiler/peephole_optimizations/rol_ror.py +37 -10
angr/analyses/decompiler/peephole_optimizations/shl_to_mul.py +25 -0
angr/analyses/decompiler/peephole_optimizations/utils.py +18 -0
angr/analyses/decompiler/presets/fast.py +0 -2
angr/analyses/decompiler/presets/full.py +0 -2
angr/analyses/decompiler/ssailification/rewriting.py +1 -2
angr/analyses/decompiler/ssailification/rewriting_engine.py +140 -57
angr/analyses/decompiler/ssailification/ssailification.py +2 -1
angr/analyses/decompiler/ssailification/traversal.py +4 -6
angr/analyses/decompiler/ssailification/traversal_engine.py +125 -42
angr/analyses/decompiler/structured_codegen/c.py +79 -16
angr/analyses/decompiler/structuring/phoenix.py +40 -14
angr/analyses/decompiler/structuring/structurer_nodes.py +9 -0
angr/analyses/deobfuscator/irsb_reg_collector.py +29 -60
angr/analyses/deobfuscator/string_obf_finder.py +2 -2
angr/analyses/init_finder.py +47 -22
angr/analyses/propagator/engine_base.py +21 -14
angr/analyses/propagator/engine_vex.py +149 -179
angr/analyses/propagator/propagator.py +10 -28
angr/analyses/propagator/top_checker_mixin.py +211 -5
angr/analyses/propagator/vex_vars.py +1 -1
angr/analyses/reaching_definitions/dep_graph.py +1 -1
angr/analyses/reaching_definitions/engine_ail.py +304 -329
angr/analyses/reaching_definitions/engine_vex.py +243 -229
angr/analyses/reaching_definitions/function_handler.py +3 -3
angr/analyses/reaching_definitions/rd_state.py +37 -32
angr/analyses/s_propagator.py +38 -5
angr/analyses/s_reaching_definitions/s_reaching_definitions.py +9 -5
angr/analyses/typehoon/simple_solver.py +16 -7
angr/analyses/typehoon/translator.py +8 -0
angr/analyses/typehoon/typeconsts.py +10 -2
angr/analyses/typehoon/typehoon.py +4 -1
angr/analyses/typehoon/typevars.py +9 -7
angr/analyses/variable_recovery/engine_ail.py +296 -256
angr/analyses/variable_recovery/engine_base.py +137 -116
angr/analyses/variable_recovery/engine_vex.py +175 -185
angr/analyses/variable_recovery/irsb_scanner.py +49 -38
angr/analyses/variable_recovery/variable_recovery.py +28 -5
angr/analyses/variable_recovery/variable_recovery_base.py +32 -33
angr/analyses/variable_recovery/variable_recovery_fast.py +2 -2
angr/analyses/xrefs.py +46 -19
angr/annocfg.py +19 -14
angr/block.py +4 -9
angr/calling_conventions.py +1 -1
angr/engines/engine.py +30 -14
angr/engines/light/__init__.py +11 -3
angr/engines/light/engine.py +1003 -1185
angr/engines/pcode/cc.py +2 -0
angr/engines/successors.py +13 -9
angr/engines/vex/claripy/datalayer.py +1 -1
angr/engines/vex/claripy/irop.py +14 -3
angr/engines/vex/light/slicing.py +2 -2
angr/exploration_techniques/__init__.py +1 -124
angr/exploration_techniques/base.py +126 -0
angr/exploration_techniques/bucketizer.py +1 -1
angr/exploration_techniques/dfs.py +3 -1
angr/exploration_techniques/director.py +2 -3
angr/exploration_techniques/driller_core.py +1 -1
angr/exploration_techniques/explorer.py +4 -2
angr/exploration_techniques/lengthlimiter.py +2 -1
angr/exploration_techniques/local_loop_seer.py +2 -1
angr/exploration_techniques/loop_seer.py +5 -5
angr/exploration_techniques/manual_mergepoint.py +2 -1
angr/exploration_techniques/memory_watcher.py +3 -1
angr/exploration_techniques/oppologist.py +4 -5
angr/exploration_techniques/slicecutor.py +4 -2
angr/exploration_techniques/spiller.py +1 -1
angr/exploration_techniques/stochastic.py +2 -1
angr/exploration_techniques/stub_stasher.py +2 -1
angr/exploration_techniques/suggestions.py +3 -1
angr/exploration_techniques/symbion.py +3 -1
angr/exploration_techniques/tech_builder.py +2 -1
angr/exploration_techniques/threading.py +4 -7
angr/exploration_techniques/timeout.py +4 -2
angr/exploration_techniques/tracer.py +4 -3
angr/exploration_techniques/unique.py +3 -2
angr/exploration_techniques/veritesting.py +1 -1
angr/knowledge_plugins/key_definitions/atoms.py +2 -2
angr/knowledge_plugins/key_definitions/live_definitions.py +16 -13
angr/knowledge_plugins/propagations/states.py +13 -8
angr/knowledge_plugins/variables/variable_manager.py +23 -9
angr/lib/angr_native.dll +0 -0
angr/sim_manager.py +1 -3
angr/sim_state.py +39 -41
angr/sim_type.py +5 -0
angr/sim_variable.py +29 -28
angr/utils/bits.py +17 -0
angr/utils/formatting.py +4 -1
angr/utils/orderedset.py +4 -1
angr/utils/ssa/__init__.py +21 -3
{angr-9.2.130.dist-info → angr-9.2.132.dist-info}/METADATA +6 -6
{angr-9.2.130.dist-info → angr-9.2.132.dist-info}/RECORD +125 -124
angr/analyses/decompiler/optimization_passes/multi_simplifier.py +0 -223
angr/analyses/propagator/engine_ail.py +0 -1562
angr/storage/memory_mixins/__init__.pyi +0 -48
{angr-9.2.130.dist-info → angr-9.2.132.dist-info}/LICENSE +0 -0
{angr-9.2.130.dist-info → angr-9.2.132.dist-info}/WHEEL +0 -0
{angr-9.2.130.dist-info → angr-9.2.132.dist-info}/entry_points.txt +0 -0
{angr-9.2.130.dist-info → angr-9.2.132.dist-info}/top_level.txt +0 -0

angr/analyses/propagator/top_checker_mixin.py CHANGED Viewed

@@ -1,12 +1,218 @@
 from __future__ import annotations
+from typing import Generic, TypeVar
+from collections.abc import Callable
 import claripy
+from pyvex.expr import IRExpr, Unop, get_op_retty, Binop
+from pyvex.const import get_type_size
-from angr.engines.light.engine import SimEngineLightMixin
+from angr.utils.bits import zeroextend_on_demand
+from angr.block import Block
+from angr.engines.engine import DataType_co
+from angr.engines.light.engine import SimEngineLight, SimEngineLightVEX, StateType, BlockType, ResultType, StmtDataType
+TOPS: dict[int, claripy.ast.BV] = {}
-class TopCheckerMixin(SimEngineLightMixin):
+T = TypeVar("T")
+class ClaripyDataEngineMixin(
+    Generic[StateType, DataType_co, BlockType, ResultType],
+    SimEngineLight[StateType, DataType_co | claripy.ast.BV, BlockType, ResultType],
+):
     def _is_top(self, expr) -> bool:
-        return bool(isinstance(expr, claripy.ast.Base) and "TOP" in expr.variables)
+        return "TOP" in expr.variables
+    def _top(self, bits: int) -> DataType_co | claripy.ast.BV:
+        if bits in TOPS:
+            return TOPS[bits]
+        r = claripy.BVS("TOP", bits, explicit_name=True)
+        TOPS[bits] = r
+        return r
+def _vex_make_comparison(
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.Bool]
+) -> Callable[[ClaripyDataEngineMixin, Binop], claripy.ast.BV]:
+    @SimEngineLightVEX.binop_handler
+    def inner(self, expr):
+        a, b = self._expr(expr.args[0]), self._expr(expr.args[1])
+        if self._is_top(a) or self._is_top(b):
+            return self._top(1)
+        return claripy.If(func(a, b), claripy.BVV(1, 1), claripy.BVV(0, 1))
+    return inner
+def _vex_make_vec_comparison(
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.Bool]
+) -> Callable[[ClaripyDataEngineMixin, int, int, Binop], claripy.ast.BV]:
+    @SimEngineLightVEX.binopv_handler
+    def inner(self, size, count, expr):
+        _, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
+        fullsize = get_type_size(get_op_retty(expr.op))
+        return self._top(fullsize)
+    return inner
+def _vex_make_operation(
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV]
+) -> Callable[[ClaripyDataEngineMixin, Binop], claripy.ast.BV]:
+    @SimEngineLightVEX.binop_handler
+    def inner(self, expr: Binop):
+        a, b = self._expr(expr.args[0]), self._expr(expr.args[1])
+        if self._is_top(a) or self._is_top(b):
+            fullsize = get_type_size(get_op_retty(expr.op))
+            return self._top(fullsize)
+        return func(a, b)
+    return inner
+def _vex_make_unary_operation(
+    func: Callable[[claripy.ast.BV], claripy.ast.BV]
+) -> Callable[[ClaripyDataEngineMixin, Unop], claripy.ast.BV]:
+    @SimEngineLightVEX.unop_handler
+    def inner(self, expr):
+        a = self._expr(expr.args[0])
+        if self._is_top(a):
+            fullsize = get_type_size(get_op_retty(expr.op))
+            return self._top(fullsize)
+        return func(a)
+    return inner
+def _vex_make_shift_operation(
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV]
+) -> Callable[[ClaripyDataEngineMixin, Binop], claripy.ast.BV]:
+    @_vex_make_operation
+    def inner(a, b):
+        if b.size() < a.size():
+            b = claripy.ZeroExt(a.size() - b.size(), b)
+        elif b.size() > a.size():
+            b = claripy.Extract(a.size() - 1, 0, b)
+        return func(a, b)
+    return inner
+def _vex_make_vec_operation(
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV]
+) -> Callable[[ClaripyDataEngineMixin, int, int, Binop], claripy.ast.BV]:
+    @SimEngineLightVEX.binopv_handler
+    def inner(self, size, count, expr):
+        _, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
+        fullsize = get_type_size(get_op_retty(expr.op))
+        return self._top(fullsize)
+    return inner
+class ClaripyDataVEXEngineMixin(
+    Generic[StateType, DataType_co, ResultType, StmtDataType],
+    ClaripyDataEngineMixin[StateType, DataType_co, Block, ResultType],
+    SimEngineLightVEX[StateType, DataType_co | claripy.ast.BV, ResultType, StmtDataType],
+):
+    def _expr_bv(self, expr: IRExpr) -> claripy.ast.BV:
+        result = self._expr(expr)
+        assert isinstance(result, claripy.ast.BV)
+        return result
+    def _expr_fp(self, expr: IRExpr) -> claripy.ast.FP:
+        result = self._expr(expr)
+        assert isinstance(result, claripy.ast.FP)
+        return result
+    _handle_binop_CmpEQ = _vex_make_comparison(lambda a, b: a == b)
+    _handle_binop_CmpNE = _vex_make_comparison(lambda a, b: a != b)
+    _handle_binop_CmpLT = _vex_make_comparison(lambda a, b: a < b)
+    _handle_binop_CmpGT = _vex_make_comparison(lambda a, b: a > b)
+    _handle_binop_CmpLE = _vex_make_comparison(lambda a, b: a <= b)
+    _handle_binop_CmpGE = _vex_make_comparison(lambda a, b: a >= b)
+    _handle_binopv_CmpEQ = _vex_make_vec_comparison(lambda a, b: a == b)
+    _handle_binopv_CmpNE = _vex_make_vec_comparison(lambda a, b: a != b)
+    _handle_binopv_CmpLT = _vex_make_vec_comparison(lambda a, b: a < b)
+    _handle_binopv_CmpGT = _vex_make_vec_comparison(lambda a, b: a > b)
+    _handle_binopv_CmpLE = _vex_make_vec_comparison(lambda a, b: a <= b)
+    _handle_binopv_CmpGE = _vex_make_vec_comparison(lambda a, b: a >= b)
+    _handle_unop_Neg = _vex_make_unary_operation(lambda a: -a)
+    _handle_unop_Not = _vex_make_unary_operation(lambda a: ~a)
+    _handle_binop_Add = _vex_make_operation(lambda a, b: a + b)
+    _handle_binop_Sub = _vex_make_operation(lambda a, b: a - b)
+    _handle_binop_Mul = _vex_make_operation(lambda a, b: a * b)
+    _handle_binop_MullS = _vex_make_operation(lambda a, b: a.sign_extend(a.size()) * b.sign_extend(b.size()))
+    _handle_binop_MullU = _vex_make_operation(lambda a, b: a.zero_extend(a.size()) * b.zero_extend(b.size()))
+    _handle_binop_And = _vex_make_operation(lambda a, b: a & b)
+    _handle_binop_Or = _vex_make_operation(lambda a, b: a | b)
+    _handle_binop_Xor = _vex_make_operation(lambda a, b: a ^ b)
+    _handle_binop_Shl = _vex_make_shift_operation(lambda a, b: a << zeroextend_on_demand(a, b))
+    _handle_binop_Sar = _vex_make_shift_operation(lambda a, b: a >> zeroextend_on_demand(a, b))
+    _handle_binop_Shr = _vex_make_shift_operation(lambda a, b: claripy.LShR(a, zeroextend_on_demand(a, b)))
+    @SimEngineLightVEX.binop_handler
+    def _handle_binop_Div(self, expr):
+        a, b = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
+        if self._is_top(a) or self._is_top(b) or (b == 0).is_true():
+            fullsize = get_type_size(get_op_retty(expr.op))
+            return self._top(fullsize)
+        return a // b
+    @SimEngineLightVEX.binop_handler
+    def _handle_binop_Mod(self, expr):
+        a, b = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
+        if self._is_top(a) or self._is_top(b) or (b == 0).is_true():
+            fullsize = get_type_size(get_op_retty(expr.op))
+            return self._top(fullsize)
+        return a % b
+    @SimEngineLightVEX.binop_handler
+    def _handle_binop_DivMod(self, expr):
+        a, b = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
+        if self._is_top(a) or self._is_top(b) or (b == 0).is_true():
+            fullsize = get_type_size(get_op_retty(expr.op))
+            return self._top(fullsize)
+        signed = "U" in expr.op  # Iop_DivModU64to32 vs Iop_DivMod
+        from_size = a.size()
+        to_size = b.size()
+        if signed:
+            quotient = a.SDiv(claripy.SignExt(from_size - to_size, b))
+            remainder = a.SMod(claripy.SignExt(from_size - to_size, b))
+            quotient_size = to_size
+            remainder_size = to_size
+            return claripy.Concat(
+                claripy.Extract(remainder_size - 1, 0, remainder), claripy.Extract(quotient_size - 1, 0, quotient)
+            )
+        quotient = a // claripy.ZeroExt(from_size - to_size, b)
+        remainder = a % claripy.ZeroExt(from_size - to_size, b)
+        quotient_size = to_size
+        remainder_size = to_size
+        return claripy.Concat(
+            claripy.Extract(remainder_size - 1, 0, remainder), claripy.Extract(quotient_size - 1, 0, quotient)
+        )
+    _handle_binop_64HLto128 = _vex_make_operation(claripy.Concat)
+    _handle_binop_32HLto64 = _vex_make_operation(claripy.Concat)
+    _handle_binop_16HLto32 = _vex_make_operation(claripy.Concat)
+    _handle_binop_8HLto16 = _vex_make_operation(claripy.Concat)
+    def _handle_conversion(self, from_size, to_size, signed, operand):
+        expr_ = self._expr_bv(operand)
+        assert from_size == operand.result_size(self.tyenv)
+        if self._is_top(expr_):
+            return self._top(to_size).annotate(*expr_.annotations)
-    def _top(self, size: int):
-        return self.state.top(size)
+        if expr_.size() > to_size:
+            # truncation
+            return expr_[to_size - 1 : 0]
+        if expr_.size() < to_size:
+            # extension
+            if signed:
+                return claripy.SignExt(to_size - expr_.size(), expr_)
+            return claripy.ZeroExt(to_size - expr_.size(), expr_)
+        return expr_

angr/analyses/propagator/vex_vars.py CHANGED Viewed

@@ -18,7 +18,7 @@ class VEXMemVar:
         "size",
     )
-    def __init__(self, addr, size):
+    def __init__(self, addr: int, size: int):
         self.addr = addr
         self.size = size

angr/analyses/reaching_definitions/dep_graph.py CHANGED Viewed

@@ -150,7 +150,7 @@ class DepGraph:
         return any(definition.atom == atom for definition in self.nodes())
     def add_dependencies_for_concrete_pointers_of(
-        self, values: Iterable[claripy.ast.Base | int], definition: Definition, cfg: CFGModel, loader: Loader
+        self, values: Iterable[claripy.ast.Base | int], definition: Definition, cfg: CFGModel | None, loader: Loader
     ):
         """
         When a given definition holds concrete pointers, make sure the <MemoryLocation>s they point to are present in