angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl

angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py

@@ -231,7 +231,7 @@ class StackCanarySimplifier(OptimizationPass):
                     negated = False
                     condition = stmt.condition
                 if isinstance(condition, ailment.Expr.BinaryOp) and (
-                    not negated and condition.op == "CmpEQ" or negated and condition.op == "CmpNE"
+                    (not negated and condition.op == "CmpEQ") or (negated and condition.op == "CmpNE")
                 ):
                     pass
                 else:
@@ -255,8 +255,10 @@ class StackCanarySimplifier(OptimizationPass):
                             op0 = op0_v
 
                     if not (
-                        self._is_stack_canary_load_expr(op0, self.project.arch.bits, canary_value_stack_offset)
-                        and self._is_random_number_load_expr(op1, self.project.arch.get_register_offset("fs"))
+                        (
+                            self._is_stack_canary_load_expr(op0, self.project.arch.bits, canary_value_stack_offset)
+                            and self._is_random_number_load_expr(op1, self.project.arch.get_register_offset("fs"))
+                        )
                         or (
                             self._is_stack_canary_load_expr(op1, self.project.arch.bits, canary_value_stack_offset)
                             and self._is_random_number_load_expr(op0, self.project.arch.get_register_offset("fs"))
@@ -270,8 +272,10 @@ class StackCanarySimplifier(OptimizationPass):
                 ):
                     # a == b
                     if not (
-                        self._is_stack_canary_load_expr(expr0, self.project.arch.bits, canary_value_stack_offset)
-                        and self._is_random_number_load_expr(expr1, self.project.arch.get_register_offset("fs"))
+                        (
+                            self._is_stack_canary_load_expr(expr0, self.project.arch.bits, canary_value_stack_offset)
+                            and self._is_random_number_load_expr(expr1, self.project.arch.get_register_offset("fs"))
+                        )
                         or (
                             self._is_stack_canary_load_expr(expr1, self.project.arch.bits, canary_value_stack_offset)
                             and self._is_random_number_load_expr(expr0, self.project.arch.get_register_offset("fs"))

angr/analyses/decompiler/peephole_optimizations/__init__.py

@@ -111,7 +111,7 @@ EXPR_OPTS: list[type[PeepholeOptimizationExprBase]] = [
 ]
 
 __all__ = (
+    "EXPR_OPTS",
     "MULTI_STMT_OPTS",
     "STMT_OPTS",
-    "EXPR_OPTS",
 )

angr/analyses/decompiler/peephole_optimizations/base.py

@@ -12,9 +12,9 @@ class PeepholeOptimizationStmtBase:
     """
 
     __slots__ = (
-        "project",
-        "kb",
         "func_addr",
+        "kb",
+        "project",
     )
     project: Project | None
     kb: KnowledgeBase | None
@@ -39,9 +39,9 @@ class PeepholeOptimizationMultiStmtBase:
     """
 
     __slots__ = (
-        "project",
-        "kb",
         "func_addr",
+        "kb",
+        "project",
     )
     project: Project | None
     kb: KnowledgeBase | None
@@ -66,9 +66,9 @@ class PeepholeOptimizationExprBase:
     """
 
     __slots__ = (
-        "project",
-        "kb",
         "func_addr",
+        "kb",
+        "project",
     )
     project: Project | None
     kb: KnowledgeBase | None

angr/analyses/decompiler/peephole_optimizations/remove_noop_conversions.py

@@ -22,6 +22,7 @@ class RemoveNoopConversions(PeepholeOptimizationExprBase):
                 and expr.to_bits < expr.from_bits
                 and expr.from_bits == inner.to_bits
                 and expr.is_signed == inner.is_signed
+                and expr.from_type == expr.to_type == inner.from_type == inner.to_type == Convert.TYPE_INT
             ):
                 # extension then truncation (e.g., 1->64->1) can be removed, but truncation then extension cannot be
                 # removed (e.g., the high 32 bits must be removed during 64->32->64)
@@ -31,6 +32,7 @@ class RemoveNoopConversions(PeepholeOptimizationExprBase):
                 and expr.from_bits == inner.to_bits
                 and inner.to_bits <= inner.from_bits
                 and expr.is_signed == inner.is_signed
+                and expr.from_type == expr.to_type == inner.from_type == inner.to_type == Convert.TYPE_INT
             ):
                 # merging two truncations into one
                 return Convert(

angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py

@@ -29,8 +29,8 @@ class RewriteBitExtractions(PeepholeOptimizationExprBase):
                 return ITE(
                     expr.idx,
                     bitoffset2exprs[bit_offset],
-                    Const(None, None, 1, expr.bits),
                     Const(None, None, 0, expr.bits),
+                    Const(None, None, 1, expr.bits),
                     **expr.tags,
                 )
 

angr/analyses/decompiler/presets/__init__.py

@@ -15,6 +15,6 @@ DECOMPILATION_PRESETS = {
 
 
 __all__ = (
-    "DecompilationPreset",
     "DECOMPILATION_PRESETS",
+    "DecompilationPreset",
 )

angr/analyses/decompiler/region_simplifiers/expr_folding.py

@@ -63,8 +63,8 @@ class ExpressionLocation(LocationBase):
     __slots__ = (
         "block_addr",
         "block_idx",
-        "stmt_idx",
         "expr_idx",
+        "stmt_idx",
     )
 
     def __init__(self, block_addr, block_idx, stmt_idx, expr_idx):
@@ -94,8 +94,8 @@ class ExpressionLocation(LocationBase):
 
 class ConditionLocation(LocationBase):
     __slots__ = (
-        "node_addr",
         "case_idx",
+        "node_addr",
     )
 
     def __init__(self, cond_node_addr, case_idx: int | None = None):
@@ -171,8 +171,8 @@ class ExpressionUseFinder(AILBlockWalker):
     """
 
     __slots__ = (
-        "uses",
         "has_load",
+        "uses",
     )
 
     def __init__(self):

angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py

@@ -39,11 +39,11 @@ class ConditionalRegion:
     """
 
     __slots__ = (
-        "variable",
-        "op",
-        "value",
         "node",
+        "op",
         "parent",
+        "value",
+        "variable",
     )
 
     def __init__(self, variable, op: CmpOp, value: int, node: ConditionNode | ailment.Block, parent=None):
@@ -63,9 +63,9 @@ class SwitchCaseRegion:
     """
 
     __slots__ = (
-        "variable",
         "node",
         "parent",
+        "variable",
     )
 
     def __init__(self, variable, node: SwitchCaseNode, parent=None):
@@ -195,18 +195,14 @@ def is_simple_jump_node(node, case_addrs, targets: set[int] | None = None) -> bo
                     targets.add(stmt.target.value)
             elif isinstance(stmt, ailment.Stmt.ConditionalJump):
                 ok = False
-                if (
-                    stmt.true_target is None
-                    or isinstance(stmt.true_target, ailment.Expr.Const)
-                    and stmt.true_target.value in case_addrs
+                if stmt.true_target is None or (
+                    isinstance(stmt.true_target, ailment.Expr.Const) and stmt.true_target.value in case_addrs
                 ):
                     ok = True
                     if stmt.true_target is not None and targets is not None:
                         targets.add(stmt.true_target.value)
-                if (
-                    stmt.false_target is None
-                    or isinstance(stmt.false_target, ailment.Expr.Const)
-                    and stmt.false_target.value in case_addrs
+                if stmt.false_target is None or (
+                    isinstance(stmt.false_target, ailment.Expr.Const) and stmt.false_target.value in case_addrs
                 ):
                     ok = True
                     if stmt.false_target is not None and targets is not None:

angr/analyses/decompiler/ssailification/rewriting.py

@@ -56,8 +56,7 @@ class RewritingAnalysis(ForwardAnalysis[RewritingState, NodeType, object, object
         self._rewrite_tmps = rewrite_tmps
         self._ail_manager = ail_manager
         self._engine_ail = SimEngineSSARewriting(
-            self.project.arch,
-            project=self.project,
+            self.project,
             sp_tracker=sp_tracker,
             bp_as_gpr=bp_as_gpr,
             udef_to_phiid=self._udef_to_phiid,

angr/analyses/decompiler/ssailification/rewriting_engine.py

@@ -2,6 +2,7 @@
 from __future__ import annotations
 import logging
 
+from ailment.manager import Manager
 from ailment.statement import Statement, Assignment, Store, Call, Return, ConditionalJump, DirtyStatement
 from ailment.expression import (
     Expression,
@@ -12,7 +13,6 @@ from ailment.expression import (
     VirtualVariableCategory,
     BinaryOp,
     UnaryOp,
-    Phi,
     Convert,
     StackBaseOffset,
     VEXCCallExpression,
@@ -21,8 +21,8 @@ from ailment.expression import (
     DirtyExpression,
 )
 
+from angr.engines.light.engine import SimEngineNostmtAIL
 from angr.utils.ssa import get_reg_offset_base_and_size
-from angr.engines.light import SimEngineLight, SimEngineLightAILMixin
 from .rewriting_state import RewritingState
 
 
@@ -30,34 +30,28 @@ _l = logging.getLogger(__name__)
 
 
 class SimEngineSSARewriting(
-    SimEngineLightAILMixin,
-    SimEngineLight,
+    SimEngineNostmtAIL[RewritingState, Expression | None, Statement | tuple[Statement, ...], None]
 ):
     """
     This engine rewrites every block to insert phi variables and replaces every used variable with their versioned
     copies at each use location.
     """
 
-    state: RewritingState
-
     def __init__(
         self,
-        arch,
-        *,
         project,
+        *,
         sp_tracker,
         udef_to_phiid: dict[tuple, set[int]],
         phiid_to_loc: dict[int, tuple[int, int | None]],
         stackvar_locs: dict[int, int],
-        ail_manager=None,
+        ail_manager: Manager,
         vvar_id_start: int = 0,
         bp_as_gpr: bool = False,
         rewrite_tmps: bool = False,
     ):
-        super().__init__()
+        super().__init__(project)
 
-        self.arch = arch
-        self.project = project
         self.sp_tracker = sp_tracker
         self.bp_as_gpr = bp_as_gpr
         self.def_to_vvid: dict[tuple[int, int | None, int, Expression | Statement], int] = {}
@@ -81,18 +75,25 @@ class SimEngineSSARewriting(
     # Handlers
     #
 
-    def _handle_Stmt(self, stmt: Statement):
-        new_stmt = super()._handle_Stmt(stmt)
-        if new_stmt is not None:
-            if type(new_stmt) is tuple:
-                for stmt_ in new_stmt:
-                    self.state.append_statement(stmt_)
+    def _top(self, bits):
+        assert False, "Unreachable"
+
+    def _is_top(self, expr):
+        assert False, "Unreachable"
+
+    def _process_block_end(self, block, stmt_data, whitelist):
+        assert whitelist is None
+        for stmt_idx, new_stmt in enumerate(stmt_data):
+            if new_stmt is not None:
+                if isinstance(new_stmt, tuple):
+                    for stmt_ in new_stmt:
+                        self.state.append_statement(stmt_)
+                else:
+                    self.state.append_statement(new_stmt)
             else:
-                self.state.append_statement(new_stmt)
-        else:
-            self.state.append_statement(stmt)
+                self.state.append_statement(block.statements[stmt_idx])
 
-    def _handle_Assignment(self, stmt: Assignment) -> Assignment | tuple[Assignment, ...] | None:
+    def _handle_stmt_Assignment(self, stmt):
         new_src = self._expr(stmt.src)
 
         if isinstance(stmt.dst, VirtualVariable):
@@ -158,7 +159,7 @@ class SimEngineSSARewriting(
             return new_stmt
         return None
 
-    def _handle_Store(self, stmt: Store) -> Store | Assignment | None:
+    def _handle_stmt_Store(self, stmt: Store) -> Store | Assignment | None:
         new_data = self._expr(stmt.data)
         if stmt.guard is None:
             vvar = self._replace_def_store(self.block.addr, self.block.idx, self.stmt_idx, stmt)
@@ -182,7 +183,7 @@ class SimEngineSSARewriting(
 
         return None
 
-    def _handle_ConditionalJump(self, stmt: ConditionalJump) -> ConditionalJump | None:
+    def _handle_stmt_ConditionalJump(self, stmt: ConditionalJump) -> ConditionalJump | None:
         new_cond = self._expr(stmt.condition)
         new_true_target = self._expr(stmt.true_target) if stmt.true_target is not None else None
         new_false_target = self._expr(stmt.false_target) if stmt.false_target is not None else None
@@ -199,7 +200,7 @@ class SimEngineSSARewriting(
             )
         return None
 
-    def _handle_Call(self, stmt: Call) -> Call | None:
+    def _handle_stmt_Call(self, stmt: Call) -> Call | None:
         changed = False
 
         new_target = self._replace_use_expr(stmt.target)
@@ -260,23 +261,22 @@ class SimEngineSSARewriting(
             )
         return None
 
-    _handle_CallExpr = _handle_Call
-
-    def _handle_DirtyStatement(self, stmt: DirtyStatement) -> DirtyStatement | None:
+    def _handle_stmt_DirtyStatement(self, stmt: DirtyStatement) -> DirtyStatement | None:
         dirty = self._expr(stmt.dirty)
         if dirty is None or dirty is stmt.dirty:
             return None
+        assert isinstance(dirty, DirtyExpression)
         return DirtyStatement(stmt.idx, dirty, **stmt.tags)
 
-    def _handle_Register(self, expr: Register) -> VirtualVariable | None:
+    def _handle_expr_Register(self, expr: Register) -> VirtualVariable | None:
         return self._replace_use_reg(expr)
 
-    def _handle_Tmp(self, expr: Tmp) -> VirtualVariable | None:
+    def _handle_expr_Tmp(self, expr: Tmp) -> VirtualVariable | None:
         return (
             self._replace_use_tmp(self.block.addr, self.block.idx, self.stmt_idx, expr) if self.rewrite_tmps else None
         )
 
-    def _handle_Load(self, expr: Load) -> Load | VirtualVariable | None:
+    def _handle_expr_Load(self, expr: Load) -> Load | VirtualVariable | None:
         if isinstance(expr.addr, StackBaseOffset) and isinstance(expr.addr.offset, int):
             new_expr = self._replace_use_load(expr)
             if new_expr is not None:
@@ -287,7 +287,7 @@ class SimEngineSSARewriting(
             return Load(expr.idx, new_addr, expr.size, expr.endness, guard=expr.guard, alt=expr.alt, **expr.tags)
         return None
 
-    def _handle_Convert(self, expr: Convert) -> Convert | None:
+    def _handle_expr_Convert(self, expr: Convert) -> Convert | None:
         new_operand = self._expr(expr.operand)
         if new_operand is not None:
             return Convert(
@@ -303,22 +303,13 @@ class SimEngineSSARewriting(
             )
         return None
 
-    def _handle_Const(self, expr: Const) -> None:
-        return None
-
-    def _handle_Phi(self, expr: Phi) -> None:
-        return None
-
-    def _handle_VirtualVariable(self, expr: VirtualVariable) -> None:
-        return None
-
-    def _handle_Return(self, expr: Return) -> Return | None:
-        if expr.ret_exprs is None:
+    def _handle_stmt_Return(self, stmt: Return) -> Return | None:
+        if stmt.ret_exprs is None:
             new_ret_exprs = None
         else:
             updated = False
             new_ret_exprs = []
-            for r in expr.ret_exprs:
+            for r in stmt.ret_exprs:
                 new_r = self._expr(r)
                 if new_r is not None:
                     updated = True
@@ -327,10 +318,10 @@ class SimEngineSSARewriting(
                 new_ret_exprs = None
 
         if new_ret_exprs:
-            return Return(expr.idx, new_ret_exprs, **expr.tags)
+            return Return(stmt.idx, new_ret_exprs, **stmt.tags)
         return None
 
-    def _handle_BinaryOp(self, expr: BinaryOp) -> BinaryOp | None:
+    def _handle_expr_BinaryOp(self, expr: BinaryOp) -> BinaryOp | None:
         new_op0 = self._expr(expr.operands[0])
         new_op1 = self._expr(expr.operands[1])
 
@@ -346,24 +337,23 @@ class SimEngineSSARewriting(
                 bits=expr.bits,
                 floating_point=expr.floating_point,
                 rounding_mode=expr.rounding_mode,
-                from_bits=expr.from_bits,
-                to_bits=expr.to_bits,
                 **expr.tags,
             )
         return None
 
-    def _handle_UnaryOp(self, expr) -> UnaryOp | None:
+    def _handle_expr_UnaryOp(self, expr) -> UnaryOp | None:
         new_op = self._expr(expr.operand)
         if new_op is not None:
             return UnaryOp(
                 expr.idx,
                 expr.op,
                 new_op,
+                bits=expr.bits,
                 **expr.tags,
             )
         return None
 
-    def _handle_ITE(self, expr: ITE) -> ITE | None:
+    def _handle_expr_ITE(self, expr: ITE) -> ITE | None:
         new_cond = self._expr(expr.cond)
         new_iftrue = self._expr(expr.iftrue)
         new_iffalse = self._expr(expr.iffalse)
@@ -372,13 +362,13 @@ class SimEngineSSARewriting(
             return ITE(
                 expr.idx,
                 expr.cond if new_cond is None else new_cond,
-                expr.iftrue if new_iftrue is None else new_iftrue,
                 expr.iffalse if new_iffalse is None else new_iffalse,
+                expr.iftrue if new_iftrue is None else new_iftrue,
                 **expr.tags,
             )
         return None
 
-    def _handle_VEXCCallExpression(self, expr: VEXCCallExpression) -> VEXCCallExpression | None:
+    def _handle_expr_VEXCCallExpression(self, expr: VEXCCallExpression) -> VEXCCallExpression | None:
         updated = False
         new_operands = []
         for operand in expr.operands:
@@ -390,10 +380,19 @@ class SimEngineSSARewriting(
                 new_operands.append(operand)
 
         if updated:
-            return VEXCCallExpression(expr.idx, expr.callee, new_operands, bits=expr.bits, **expr.tags)
+            return VEXCCallExpression(expr.idx, expr.callee, tuple(new_operands), bits=expr.bits, **expr.tags)
+        return None
+
+    def _handle_expr_BasePointerOffset(self, expr):
+        return None
+
+    def _handle_expr_Call(self, expr):
+        return self._handle_stmt_Call(expr)
+
+    def _handle_expr_Const(self, expr):
         return None
 
-    def _handle_DirtyExpression(self, expr: DirtyExpression) -> DirtyExpression | None:
+    def _handle_expr_DirtyExpression(self, expr: DirtyExpression) -> DirtyExpression | None:
         updated = False
         new_operands = []
         for operand in expr.operands:
@@ -424,7 +423,19 @@ class SimEngineSSARewriting(
             )
         return None
 
-    def _handle_Dummy(self, expr) -> None:
+    def _handle_expr_MultiStatementExpression(self, expr):
+        return None
+
+    def _handle_expr_Phi(self, expr):
+        return None
+
+    def _handle_expr_Reinterpret(self, expr):
+        return None
+
+    def _handle_expr_StackBaseOffset(self, expr):
+        return None
+
+    def _handle_expr_VirtualVariable(self, expr):
         return None
 
     #
@@ -477,7 +488,7 @@ class SimEngineSSARewriting(
                     extended_vvar,
                     shift_amount,
                 ],
-                extended_vvar.bits,
+                bits=extended_vvar.bits,
                 **extended_vvar.tags,
             )
         else:
@@ -606,6 +617,7 @@ class SimEngineSSARewriting(
                 and self.state.registers[reg_expr.reg_offset][reg_expr.size] is not None
             ):
                 vvar = self.state.registers[reg_expr.reg_offset][reg_expr.size]
+                assert vvar is not None
                 return VirtualVariable(
                     reg_expr.idx,
                     vvar.varid,
@@ -734,3 +746,74 @@ class SimEngineSSARewriting(
                         self.state.registers[off] = {base_size: self.state.registers[off][base_size]}
                 else:
                     del self.state.registers[off]
+
+    def _unreachable(self, *args, **kwargs):
+        assert False
+
+    _handle_binop_Add = _unreachable
+    _handle_binop_AddF = _unreachable
+    _handle_binop_AddV = _unreachable
+    _handle_binop_And = _unreachable
+    _handle_binop_Carry = _unreachable
+    _handle_binop_CmpEQ = _unreachable
+    _handle_binop_CmpF = _unreachable
+    _handle_binop_CmpGE = _unreachable
+    _handle_binop_CmpGT = _unreachable
+    _handle_binop_CmpLE = _unreachable
+    _handle_binop_CmpLT = _unreachable
+    _handle_binop_CmpNE = _unreachable
+    _handle_binop_Concat = _unreachable
+    _handle_binop_Div = _unreachable
+    _handle_binop_DivF = _unreachable
+    _handle_binop_DivV = _unreachable
+    _handle_binop_LogicalAnd = _unreachable
+    _handle_binop_LogicalOr = _unreachable
+    _handle_binop_Mod = _unreachable
+    _handle_binop_Mul = _unreachable
+    _handle_binop_Mull = _unreachable
+    _handle_binop_MulF = _unreachable
+    _handle_binop_MulV = _unreachable
+    _handle_binop_MulHiV = _unreachable
+    _handle_binop_Or = _unreachable
+    _handle_binop_Rol = _unreachable
+    _handle_binop_Ror = _unreachable
+    _handle_binop_SBorrow = _unreachable
+    _handle_binop_SCarry = _unreachable
+    _handle_binop_Sar = _unreachable
+    _handle_binop_Shl = _unreachable
+    _handle_binop_Shr = _unreachable
+    _handle_binop_Sub = _unreachable
+    _handle_binop_SubF = _unreachable
+    _handle_binop_SubV = _unreachable
+    _handle_binop_Xor = _unreachable
+    _handle_binop_InterleaveLOV = _unreachable
+    _handle_binop_InterleaveHIV = _unreachable
+    _handle_binop_CasCmpEQ = _unreachable
+    _handle_binop_CasCmpNE = _unreachable
+    _handle_binop_ExpCmpNE = _unreachable
+    _handle_binop_SarNV = _unreachable
+    _handle_binop_ShrNV = _unreachable
+    _handle_binop_ShlNV = _unreachable
+    _handle_binop_CmpEQV = _unreachable
+    _handle_binop_CmpNEV = _unreachable
+    _handle_binop_CmpGEV = _unreachable
+    _handle_binop_CmpGTV = _unreachable
+    _handle_binop_CmpLEV = _unreachable
+    _handle_binop_CmpLTV = _unreachable
+    _handle_binop_MinV = _unreachable
+    _handle_binop_MaxV = _unreachable
+    _handle_binop_QAddV = _unreachable
+    _handle_binop_QNarrowBinV = _unreachable
+    _handle_binop_PermV = _unreachable
+    _handle_binop_Set = _unreachable
+    _handle_unop_BitwiseNeg = _unreachable
+    _handle_unop_Dereference = _unreachable
+    _handle_unop_Neg = _unreachable
+    _handle_unop_Not = _unreachable
+    _handle_unop_Reference = _unreachable
+    _handle_unop_Clz = _unreachable
+    _handle_unop_Ctz = _unreachable
+    _handle_unop_GetMSBs = _unreachable
+    _handle_unop_unpack = _unreachable
+    _handle_unop_Sqrt = _unreachable
+    _handle_unop_RSqrtEst = _unreachable

angr/analyses/decompiler/ssailification/ssailification.py

@@ -178,7 +178,8 @@ class Ssailification(Analysis):  # pylint:disable=abstract-method
         while True:
             frontier = set()
             for b in blocks:
-                frontier |= frontiers[b]
+                if b in frontiers:
+                    frontier |= frontiers[b]
             if last_frontier is not None and last_frontier == frontier:
                 break
             last_frontier = frontier

angr/analyses/decompiler/ssailification/traversal.py

@@ -1,11 +1,9 @@
 from __future__ import annotations
-from typing import Any
 import logging
 
 import ailment
 
 from angr.analyses import ForwardAnalysis
-from angr.analyses.forward_analysis.visitors.graph import NodeType
 from angr.analyses.forward_analysis import FunctionGraphVisitor
 from .traversal_engine import SimEngineSSATraversal
 from .traversal_state import TraversalState
@@ -14,7 +12,7 @@ from .traversal_state import TraversalState
 l = logging.getLogger(__name__)
 
 
-class TraversalAnalysis(ForwardAnalysis[None, NodeType, object, object]):
+class TraversalAnalysis(ForwardAnalysis[TraversalState, ailment.Block, object, tuple[int, int]]):
     """
     TraversalAnalysis traverses the AIL graph and collects definitions.
     """
@@ -31,15 +29,15 @@ class TraversalAnalysis(ForwardAnalysis[None, NodeType, object, object]):
             self, order_jobs=True, allow_merging=True, allow_widening=False, graph_visitor=self._graph_visitor
         )
         self._engine_ail = SimEngineSSATraversal(
-            self.project.arch,
+            self.project,
             self.project.simos,
             sp_tracker=sp_tracker,
             bp_as_gpr=bp_as_gpr,
             stackvars=self._stackvars,
-            tmps=self._tmps,
+            use_tmps=self._tmps,
         )
 
-        self._visited_blocks: set[Any] = set()
+        self._visited_blocks: set[tuple[int, int]] = set()
 
         self._analyze()