angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl

angr/analyses/reaching_definitions/function_handler.py

@@ -86,7 +86,7 @@ class FunctionCallData:
 
     callsite_codeloc: CodeLocation
     function_codeloc: CodeLocation
-    address_multi: MultiValues | None
+    address_multi: MultiValues[claripy.ast.BV | claripy.ast.FP] | None
     address: int | None = None
     symbol: Symbol | None = None
     function: Function | None = None
@@ -94,12 +94,12 @@ class FunctionCallData:
     cc: SimCC | None = None
     prototype: SimTypeFunction | None = None
     args_atoms: list[set[Atom]] | None = None
-    args_values: list[MultiValues] | None = None
+    args_values: list[MultiValues[claripy.ast.BV | claripy.ast.FP]] | None = None
     ret_atoms: set[Atom] | None = None
     redefine_locals: bool = True
     visited_blocks: set[int] | None = None
     effects: list[FunctionEffect] = field(default_factory=list)
-    ret_values: MultiValues | None = None
+    ret_values: MultiValues[claripy.ast.BV | claripy.ast.FP] | None = None
     ret_values_deps: set[Definition] | None = None
     caller_will_handle_single_ret: bool = False
     guessed_cc: bool = False

angr/analyses/reaching_definitions/function_handler_library/__init__.py

@@ -9,4 +9,4 @@ class LibcHandlers(LibcStdlibHandlers, LibcStdioHandlers, LibcUnistdHandlers, Li
     pass
 
 
-__all__ = ["EnvironAtom", "SystemAtom", "ExecveAtom", "StdoutAtom", "StdinAtom", "LibcHandlers"]
+__all__ = ["EnvironAtom", "ExecveAtom", "LibcHandlers", "StdinAtom", "StdoutAtom", "SystemAtom"]

angr/analyses/reaching_definitions/rd_state.py

@@ -1,7 +1,8 @@
 from __future__ import annotations
-from typing import Any, TYPE_CHECKING, overload
+from typing import Any, TYPE_CHECKING, cast, overload
 from collections.abc import Iterable, Iterator
 import logging
+from typing_extensions import Self
 
 import archinfo
 import claripy
@@ -13,7 +14,7 @@ from angr.knowledge_plugins.key_definitions.heap_address import HeapAddress
 from angr.knowledge_plugins.key_definitions.definition import A
 from angr.engines.light import SpOffset
 from angr.code_location import CodeLocation
-from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues
+from angr.storage.memory_mixins.paged_memory.pages.multi_values import MVType, MultiValues
 from angr.storage.memory_mixins import MultiValuedMemory
 from angr.knowledge_plugins.key_definitions import LiveDefinitions, DerefSize, Definition
 from angr.knowledge_plugins.key_definitions.atoms import Atom, GuardUse, Register, MemoryLocation, ConstantSrc
@@ -55,21 +56,21 @@ class ReachingDefinitionsState:
     """
 
     __slots__ = (
-        "arch",
+        "_canonical_size",
+        "_element_limit",
+        "_environment",
+        "_sp_adjusted",
         "_subject",
+        "_track_consts",
         "_track_tmps",
+        "all_definitions",
         "analysis",
+        "arch",
         "codeloc",
         "codeloc_uses",
-        "live_definitions",
-        "all_definitions",
-        "_canonical_size",
-        "heap_allocator",
-        "_environment",
-        "_track_consts",
-        "_sp_adjusted",
         "exit_observed",
-        "_element_limit",
+        "heap_allocator",
+        "live_definitions",
     )
 
     def __init__(
@@ -77,14 +78,14 @@ class ReachingDefinitionsState:
         codeloc: CodeLocation,
         arch: archinfo.Arch,
         subject: Subject,
+        analysis: ReachingDefinitionsAnalysis,
         track_tmps: bool = False,
         track_consts: bool = False,
-        analysis: ReachingDefinitionsAnalysis | None = None,
         rtoc_value=None,
         live_definitions: LiveDefinitions | None = None,
         canonical_size: int = 8,
-        heap_allocator: HeapAllocator = None,
-        environment: Environment = None,
+        heap_allocator: HeapAllocator | None = None,
+        environment: Environment | None = None,
         sp_adjusted: bool = False,
         all_definitions: set[Definition[A]] | None = None,
         initializer: RDAStateInitializer | None = None,
@@ -102,12 +103,12 @@ class ReachingDefinitionsState:
         self._sp_adjusted: bool = sp_adjusted
         self._element_limit: int = element_limit
 
-        self.all_definitions: set[Definition[A]] = set() if all_definitions is None else all_definitions
+        self.all_definitions: set[Definition[Any]] = set() if all_definitions is None else all_definitions
 
         self.heap_allocator = heap_allocator or HeapAllocator(canonical_size)
         self._environment: Environment = environment or Environment()
 
-        self.codeloc_uses: set[Definition[A]] = set()
+        self.codeloc_uses: set[Definition[Any]] = set()
 
         # have we observed an exit statement or not during the analysis of the *last instruction* of a block? we should
         # not perform any sp updates if it is the case. this is for handling conditional returns in ARM binaries.
@@ -176,7 +177,7 @@ class ReachingDefinitionsState:
             return claripy.BVS("stack_base", 32, explicit_name=True)
         if self.arch.bits == 64:
             return claripy.BVS("stack_base", 64, explicit_name=True)
-        raise ValueError("Unsupported architecture word size %d" % self.arch.bits)
+        raise ValueError(f"Unsupported architecture word size {self.arch.bits}")
 
     def _to_signed(self, n):
         if n >= 2 ** (self.arch.bits - 1):
@@ -184,7 +185,7 @@ class ReachingDefinitionsState:
             return n - 2**self.arch.bits
         return n
 
-    def annotate_with_def(self, symvar: claripy.ast.Base, definition: Definition[A]) -> claripy.ast.Base:
+    def annotate_with_def(self, symvar: MVType, definition: Definition[Any]) -> MVType:
         """
 
         :param symvar:
@@ -193,14 +194,14 @@ class ReachingDefinitionsState:
         """
         return self.live_definitions.annotate_with_def(symvar, definition)
 
-    def annotate_mv_with_def(self, mv: MultiValues, definition: Definition[A]) -> MultiValues:
+    def annotate_mv_with_def(self, mv: MultiValues[MVType], definition: Definition[A]) -> MultiValues[MVType]:
         return MultiValues(
             offset_to_values={
                 offset: {self.annotate_with_def(value, definition) for value in values} for offset, values in mv.items()
             }
         )
 
-    def extract_defs(self, symvar: claripy.ast.Base) -> Iterator[Definition[A]]:
+    def extract_defs(self, symvar: claripy.ast.Base) -> Iterator[Definition[Any]]:
         yield from self.live_definitions.extract_defs(symvar)
 
     #
@@ -254,7 +255,7 @@ class ReachingDefinitionsState:
     def get_sp(self) -> int:
         return self.live_definitions.get_sp()
 
-    def get_stack_address(self, offset: claripy.ast.Base) -> int:
+    def get_stack_address(self, offset: claripy.ast.Base) -> int | None:
         return self.live_definitions.get_stack_address(offset)
 
     @property
@@ -300,8 +301,8 @@ class ReachingDefinitionsState:
 
         return self
 
-    def copy(self, discard_tmpdefs=False) -> ReachingDefinitionsState:
-        return ReachingDefinitionsState(
+    def copy(self, discard_tmpdefs=False) -> Self:
+        return type(self)(
             self.codeloc,
             self.arch,
             self._subject,
@@ -317,9 +318,8 @@ class ReachingDefinitionsState:
             element_limit=self._element_limit,
         )
 
-    def merge(self, *others) -> tuple[ReachingDefinitionsState, bool]:
+    def merge(self, *others: Self) -> tuple[Self, bool]:
         state = self.copy()
-        others: Iterable[ReachingDefinitionsState]
 
         state.live_definitions, merged_0 = state.live_definitions.merge(*[other.live_definitions for other in others])
         state._environment, merged_1 = state.environment.merge(*[other.environment for other in others])
@@ -419,10 +419,12 @@ class ReachingDefinitionsState:
                         for def_ in defs:
                             if not def_.dummy:
                                 self._dep_graph.add_edge(used, def_)
+
+                        cfg = self.analysis.project.kb.cfgs.get_most_accurate()
                         self._dep_graph.add_dependencies_for_concrete_pointers_of(
                             values,
                             used,
-                            self.analysis.project.kb.cfgs.get_most_accurate(),
+                            cfg,
                             self.analysis.project.loader,
                         )
         else:
@@ -491,7 +493,9 @@ class ReachingDefinitionsState:
             self.codeloc_uses.add(definition)
             self.live_definitions.add_memory_use_by_def(definition, self.codeloc, expr=expr)
 
-    def get_definitions(self, atom: A | Definition[A] | Iterable[A] | Iterable[Definition[A]]) -> set[Definition[A]]:
+    def get_definitions(
+        self, atom: Atom | Definition[Atom] | Iterable[Atom] | Iterable[Definition[Atom]]
+    ) -> set[Definition[Atom]]:
         return self.live_definitions.get_definitions(atom)
 
     def get_values(self, spec: A | Definition[A] | Iterable[A]) -> MultiValues | None:
@@ -503,13 +507,15 @@ class ReachingDefinitionsState:
         return self.live_definitions.get_one_value(spec, strip_annotations=strip_annotations)
 
     @overload
-    def get_concrete_value(self, spec: A | Definition[A] | Iterable[A], cast_to: type[int] = ...) -> int | None: ...
+    def get_concrete_value(self, spec: Atom | Definition[Atom] | Iterable[Atom], cast_to: type[int]) -> int | None: ...
 
     @overload
-    def get_concrete_value(self, spec: A | Definition[A] | Iterable[A], cast_to: type[bytes] = ...) -> bytes | None: ...
+    def get_concrete_value(
+        self, spec: Atom | Definition[Atom] | Iterable[Atom], cast_to: type[bytes]
+    ) -> bytes | None: ...
 
     def get_concrete_value(
-        self, spec: A | Definition[A] | Iterable[A], cast_to: type[int] | type[bytes] = int
+        self, spec: Atom | Definition[Atom] | Iterable[Atom], cast_to: type[int] | type[bytes] = int
     ) -> int | bytes | None:
         return self.live_definitions.get_concrete_value(spec, cast_to)
 
@@ -551,11 +557,10 @@ class ReachingDefinitionsState:
         return result
 
     @deprecated("deref")
-    def pointer_to_atom(self, value: claripy.ast.base.Base, size: int, endness: str) -> MemoryLocation | None:
+    def pointer_to_atom(self, value: claripy.ast.BV, size: int, endness: str) -> MemoryLocation | None:
         if self.is_top(value):
             return None
 
-        # TODO this can be simplified with the walrus operator
         stack_offset = self.get_stack_offset(value)
         if stack_offset is not None:
             addr = SpOffset(len(value), stack_offset)
@@ -564,7 +569,7 @@ class ReachingDefinitionsState:
             if heap_offset is not None:
                 addr = HeapAddress(heap_offset)
             elif value.op == "BVV":
-                addr = value.args[0]
+                addr = cast(int, value.args[0])
             else:
                 # cannot resolve
                 return None
@@ -574,9 +579,9 @@ class ReachingDefinitionsState:
     @overload
     def deref(
         self,
-        pointer: int | claripy.ast.bv.BV | HeapAddress | SpOffset,
+        pointer: int | claripy.ast.BV | HeapAddress | SpOffset,
         size: int | DerefSize,
-        endness: str = ...,
+        endness: archinfo.Endness = ...,
     ) -> MemoryLocation | None: ...
 
     @overload
@@ -584,23 +589,23 @@ class ReachingDefinitionsState:
         self,
         pointer: MultiValues | A | Definition | Iterable[A] | Iterable[Definition[A]],
         size: int | DerefSize,
-        endness: str = ...,
+        endness: archinfo.Endness = ...,
     ) -> set[MemoryLocation]: ...
 
     def deref(
         self,
         pointer: (
-            MultiValues
-            | A
-            | Definition
-            | Iterable[A]
-            | Iterable[Definition[A]]
+            MultiValues[claripy.ast.BV]
+            | Atom
+            | Definition[Atom]
+            | Iterable[Atom]
+            | Iterable[Definition[Atom]]
             | int
             | claripy.ast.BV
             | HeapAddress
             | SpOffset
         ),
         size: int | DerefSize,
-        endness: str = archinfo.Endness.BE,
+        endness: archinfo.Endness = archinfo.Endness.BE,
     ):
         return self.live_definitions.deref(pointer, size, endness)

angr/analyses/reassembler.py

@@ -152,7 +152,7 @@ class Label:
         self.var_size = None
 
         if self.name is None:
-            self.name = "label_%d" % next(Label.g_label_ctr)
+            self.name = f"label_{next(Label.g_label_ctr)}"
 
         self.original_addr = original_addr
         self.base_addr = None
@@ -189,7 +189,7 @@ class Label:
         offset = self.offset
         sign = "+" if offset >= 0 else "-"
         offset = abs(offset)
-        return ".%s%s%d" % (self.name, sign, offset)
+        return f".{self.name}{sign}{offset}"
 
     @property
     def offset(self):
@@ -318,7 +318,7 @@ class SymbolManager:
 
         i = 0
         while True:
-            name = "%s_%d" % (symbol_name, i)
+            name = f"{symbol_name}_{i}"
             if name not in self.symbol_names:
                 self.symbol_names.add(name)
                 return name
@@ -473,9 +473,9 @@ class Operand:
     def assembly(self):
         if self.type == OP_TYPE_IMM and self.label:
             if self.label_offset > 0:
-                return "%s + %d" % (self.label.operand_str, self.label_offset)
+                return f"{self.label.operand_str} + {self.label_offset}"
             if self.label_offset < 0:
-                return "%s - %d" % (self.label.operand_str, abs(self.label_offset))
+                return f"{self.label.operand_str} - {abs(self.label_offset)}"
             return self.label.operand_str
 
         if self.type == OP_TYPE_MEM:
@@ -483,13 +483,13 @@ class Operand:
             if self.disp:
                 if self.disp_label:
                     if self.disp_label_offset > 0:
-                        disp = "%s + %d" % (self.disp_label.operand_str, self.disp_label_offset)
+                        disp = f"{self.disp_label.operand_str} + {self.disp_label_offset}"
                     elif self.disp_label_offset < 0:
-                        disp = "%s - %d" % (self.disp_label.operand_str, abs(self.disp_label_offset))
+                        disp = f"{self.disp_label.operand_str} - {abs(self.disp_label_offset)}"
                     else:
                         disp = self.disp_label.operand_str
                 else:
-                    disp = "%d" % self.disp
+                    disp = f"{self.disp}"
 
             base = ""
             if self.base:
@@ -504,12 +504,7 @@ class Operand:
                     disp = "*" + disp
 
                 if self.index:
-                    s = "%s(%s, %%%s, %d)" % (
-                        disp,
-                        base,
-                        CAPSTONE_REG_MAP[self.project.arch.name][self.index],
-                        self.scale,
-                    )
+                    s = f"{disp}({base}, %{CAPSTONE_REG_MAP[self.project.arch.name][self.index]}, {self.scale})"
                 elif self.base:  # not self.index
                     s = f"{disp}({base})"
                 else:
@@ -524,7 +519,7 @@ class Operand:
             if self.index and self.scale:
                 if s:
                     s.append("+")
-                s.append("(%s * %d)" % (CAPSTONE_REG_MAP[self.project.arch.name][self.index], self.scale))
+                s.append(f"({CAPSTONE_REG_MAP[self.project.arch.name][self.index]} * {self.scale})")
 
             if disp:
                 if disp.startswith("-"):
@@ -807,7 +802,7 @@ class Instruction:
                     if op.type in (OP_TYPE_IMM, OP_TYPE_MEM, OP_TYPE_RAW):
                         all_operands[i] = op_asm
                     else:
-                        raise BinaryError("Unsupported operand type %d." % op.type)
+                        raise BinaryError(f"Unsupported operand type {op.type}.")
 
                     if op.type != OP_TYPE_RAW and self.capstone_operand_types[i] == capstone.CS_OP_IMM:
                         if mnemonic.startswith(("j", "call", "loop")):
@@ -1247,7 +1242,7 @@ class Data:
         self._initialize()
 
     def __repr__(self):
-        return "<DataItem %s@%#08x, %d bytes>" % (self.sort, self.addr, self.size)
+        return f"<DataItem {self.sort}@{self.addr:#08x}, {self.size} bytes>"
 
     @property
     def content(self):
@@ -1399,7 +1394,7 @@ class Data:
                     i += self.project.arch.bytes
 
                     if isinstance(symbolized_label, int):
-                        s += "\t%s %d\n" % (directive, symbolized_label)
+                        s += f"\t{directive} {symbolized_label}\n"
                     else:
                         s += f"\t{directive} {symbolized_label.operand_str}\n"
 
@@ -1442,11 +1437,12 @@ class Data:
 
                 show_integer = False
                 if len(addr_to_labels) == 0 or (
-                    len(addr_to_labels) == 1
-                    and self.addr is not None
-                    and next(iter(addr_to_labels.keys())) == self.addr
-                    or self.addr is None
-                    and next(iter(addr_to_labels.keys())) == 0
+                    (
+                        len(addr_to_labels) == 1
+                        and self.addr is not None
+                        and next(iter(addr_to_labels.keys())) == self.addr
+                    )
+                    or (self.addr is None and next(iter(addr_to_labels.keys())) == 0)
                 ):
                     show_integer = True
 
@@ -1474,7 +1470,7 @@ class Data:
                                     content += [f"{label!s}"]
                             addr += 1
 
-                            content += ["\t.byte %d" % c]
+                            content += [f"\t.byte {c}"]
 
             else:
                 integer = struct.unpack(fmt_str, self.content[0])[0]
@@ -1508,10 +1504,10 @@ class Data:
                                 content += [f"{label!s}"]
                         addr += 1
 
-                        content += ["\t.byte %d" % c]
+                        content += [f"\t.byte {c}"]
             else:
                 for piece in self.content:
-                    content += ["\t.byte %d" % c for c in piece]
+                    content += [f"\t.byte {c}" for c in piece]
 
             s += "\n".join(content)
             s += "\n"
@@ -1534,10 +1530,10 @@ class Data:
                                 content += [f"{label!s}"]
                         addr += 1
 
-                        content += ["\t.byte %d" % c]
+                        content += [f"\t.byte {c}"]
             else:
                 for piece in self.content:
-                    content += ["\t.byte %d" % c for c in piece]
+                    content += [f"\t.byte {c}" for c in piece]
 
             s += "\n".join(content)
             s += "\n"
@@ -1554,7 +1550,7 @@ class Data:
 
     def _initialize(self):
         if self.memory_data is None:
-            if self.size is None or self._initial_content is None and self.sort is None:
+            if self.size is None or (self._initial_content is None and self.sort is None):
                 raise BinaryError("You must at least specify size, initial_content, and sort.")
 
             if self.sort == MemoryDataSort.PointerArray:
@@ -2647,8 +2643,7 @@ class Reassembler(Analysis):
         return bool(
             cfg.project.loader.find_section_containing(ptr) is not None
             or cfg.project.loader.find_segment_containing(ptr) is not None
-            or self._extra_memory_regions
-            and next((a < ptr < b for a, b in self._extra_memory_regions), None)
+            or (self._extra_memory_regions and next((a < ptr < b for a, b in self._extra_memory_regions), None))
         )
 
     def _sequence_handler(self, cfg, irsb, irsb_addr, stmt_idx, data_addr, max_size):  # pylint:disable=unused-argument

angr/analyses/s_liveness.py

@@ -29,6 +29,7 @@ class SLivenessAnalysis(Analysis):
         func_graph=None,
         entry=None,
         func_addr: int | None = None,
+        arg_vvars: list[VirtualVariable] | None = None,
     ):
         self.func = func
         self.func_addr = func_addr if func_addr is not None else func.addr
@@ -38,6 +39,7 @@ class SLivenessAnalysis(Analysis):
             if entry is not None
             else next(iter(bb for bb in self.func_graph if bb.addr == self.func_addr and bb.idx is None))
         )
+        self.arg_vvars = arg_vvars or []
 
         self.model = SLivenessModel()
 
@@ -147,6 +149,12 @@ class SLivenessAnalysis(Analysis):
                     live.discard(def_vvar)
                 live |= vvar_use_collector.vvars
 
+            if block.addr == self.func_addr:
+                # deal with function arguments
+                for arg_vvar in self.arg_vvars:
+                    for live_vvar in live:
+                        graph.add_edge(arg_vvar.varid, live_vvar)
+
         return graph
 
 

angr/analyses/s_propagator.py

@@ -1,10 +1,19 @@
 from __future__ import annotations
 
 import contextlib
+from collections.abc import Mapping
 from collections import defaultdict
 
 from ailment.block import Block
-from ailment.expression import Const, VirtualVariable, VirtualVariableCategory, StackBaseOffset, Load, Convert
+from ailment.expression import (
+    Const,
+    VirtualVariable,
+    VirtualVariableCategory,
+    StackBaseOffset,
+    Load,
+    Convert,
+    Expression,
+)
 from ailment.statement import Assignment, Store, Return, Jump
 
 from angr.knowledge_plugins.functions import Function
@@ -31,7 +40,7 @@ class SPropagatorModel:
     """
 
     def __init__(self):
-        self.replacements = {}
+        self.replacements: Mapping[CodeLocation, Mapping[Expression, Expression]] = {}
 
 
 class SPropagatorAnalysis(Analysis):
@@ -41,7 +50,7 @@ class SPropagatorAnalysis(Analysis):
 
     def __init__(  # pylint: disable=too-many-positional-arguments
         self,
-        subject,
+        subject: Block | Function,
         func_graph=None,
         only_consts: bool = True,
         immediate_stmt_removal: bool = False,
@@ -86,10 +95,13 @@ class SPropagatorAnalysis(Analysis):
         return self.model.replacements
 
     def _analyze(self):
+        blocks: dict[tuple[int, int | None], Block]
         match self.mode:
             case "block":
+                assert self.block is not None
                 blocks = {(self.block.addr, self.block.idx): self.block}
             case "function":
+                assert self.func_graph is not None
                 blocks = {(block.addr, block.idx): block for block in self.func_graph}
             case _:
                 raise NotImplementedError
@@ -120,11 +132,14 @@ class SPropagatorAnalysis(Analysis):
 
             vvarid_to_vvar[vvar.varid] = vvar
             defloc = vvar_deflocs[vvar]
+            assert defloc.block_addr is not None
+            assert defloc.stmt_idx is not None
             block = blocks[(defloc.block_addr, defloc.block_idx)]
             stmt = block.statements[defloc.stmt_idx]
             r, v = is_const_assignment(stmt)
             if r:
                 # replace wherever it's used
+                assert v is not None
                 const_vvars[vvar.varid] = v
                 for vvar_at_use, useloc in vvar_uselocs[vvar.varid]:
                     replacements[useloc][vvar_at_use] = v

angr/analyses/s_reaching_definitions/s_rda_view.py

@@ -171,11 +171,8 @@ class SRDAView:
                     starting_stmt_idx = stmt_idx
                 continue
 
-            if (
-                op_type == ObservationPointType.OP_BEFORE
-                and stmt.ins_addr == addr
-                or op_type == ObservationPointType.OP_AFTER
-                and stmt.ins_addr > addr
+            if (op_type == ObservationPointType.OP_BEFORE and stmt.ins_addr == addr) or (
+                op_type == ObservationPointType.OP_AFTER and stmt.ins_addr > addr
             ):
                 starting_stmt_idx = stmt_idx
                 break

angr/analyses/s_reaching_definitions/s_reaching_definitions.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 from ailment.block import Block
 from ailment.statement import Assignment, Call, Return
+import networkx
 
 from angr.knowledge_plugins.functions import Function
 from angr.knowledge_plugins.key_definitions.constants import ObservationPointType
@@ -22,9 +23,8 @@ class SReachingDefinitionsAnalysis(Analysis):
         self,
         subject,
         func_addr: int | None = None,
-        func_graph=None,
+        func_graph: networkx.DiGraph[Block] | None = None,
         track_tmps: bool = False,
-        stack_pointer_tracker=None,
     ):
         if isinstance(subject, Block):
             self.block = subject
@@ -40,7 +40,6 @@ class SReachingDefinitionsAnalysis(Analysis):
         self.func_graph = func_graph
         self.func_addr = func_addr if func_addr is not None else self.func.addr if self.func is not None else None
         self._track_tmps = track_tmps
-        self._sp_tracker = stack_pointer_tracker  # FIXME: Is it still used?
 
         self._bp_as_gpr = False
         if self.func is not None:
@@ -53,8 +52,10 @@ class SReachingDefinitionsAnalysis(Analysis):
     def _analyze(self):
         match self.mode:
             case "block":
+                assert self.block is not None
                 blocks = {(self.block.addr, self.block.idx): self.block}
             case "function":
+                assert self.func_graph is not None
                 blocks = {(block.addr, block.idx): block for block in self.func_graph}
             case _:
                 raise NotImplementedError
@@ -115,9 +116,10 @@ class SReachingDefinitionsAnalysis(Analysis):
                 stmt = block.statements[stmt_idx]
                 assert isinstance(stmt, (Call, Assignment, Return))
 
-                call: Call = (
+                call = (
                     stmt if isinstance(stmt, Call) else stmt.src if isinstance(stmt, Assignment) else stmt.ret_exprs[0]
                 )
+                assert isinstance(call, Call)
                 if call.prototype is None:
                     # without knowing the prototype, we must conservatively add uses to all registers that are
                     # potentially used here
@@ -126,7 +128,9 @@ class SReachingDefinitionsAnalysis(Analysis):
                     else:
                         # just use all registers in the default calling convention because we don't know anything about
                         # the calling convention yet
-                        cc = default_cc(self.project.arch.name)(self.project.arch)
+                        cc_cls = default_cc(self.project.arch.name)
+                        assert cc_cls is not None
+                        cc = cc_cls(self.project.arch)
 
                     codeloc = CodeLocation(block_addr, stmt_idx, block_idx=block_idx, ins_addr=stmt.ins_addr)
                     arg_locs = cc.ARG_REGS

angr/analyses/stack_pointer_tracker.py

@@ -79,7 +79,7 @@ class Register:
     Represent a register.
     """
 
-    __slots__ = ("offset", "bitlen")
+    __slots__ = ("bitlen", "offset")
 
     def __init__(self, offset, bitlen):
         self.offset = offset
@@ -103,8 +103,8 @@ class OffsetVal:
     """
 
     __slots__ = (
-        "_reg",
         "_offset",
+        "_reg",
     )
 
     def __init__(self, reg, offset):
@@ -177,7 +177,7 @@ class FrozenStackPointerTrackerState:
     Abstract state for StackPointerTracker analysis with registers and memory values being in frozensets.
     """
 
-    __slots__ = "regs", "memory", "is_tracking_memory", "resilient"
+    __slots__ = "is_tracking_memory", "memory", "regs", "resilient"
 
     def __init__(
         self,
@@ -218,7 +218,7 @@ class StackPointerTrackerState:
     Abstract state for StackPointerTracker analysis.
     """
 
-    __slots__ = "regs", "memory", "is_tracking_memory", "resilient"
+    __slots__ = "is_tracking_memory", "memory", "regs", "resilient"
 
     def __init__(self, regs, memory, is_tracking_memory, resilient: bool):
         self.regs = regs