angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl

angr/analyses/ddg.py

@@ -2,8 +2,10 @@ from __future__ import annotations
 import logging
 from collections import defaultdict
 
+import claripy
 import networkx
 import pyvex
+
 from . import Analysis
 
 from angr.code_location import CodeLocation
@@ -93,7 +95,7 @@ class DDGJob:
         self.call_depth = call_depth
 
     def __repr__(self):
-        return "<DDGJob %s, call_depth %d>" % (self.cfg_node, self.call_depth)
+        return f"<DDGJob {self.cfg_node}, call_depth {self.call_depth}>"
 
 
 class LiveDefinitions:
@@ -340,11 +342,7 @@ class DDGViewItem:
         return None
 
     def __repr__(self):
-        return "[%s, %d dependents, depends on %d]" % (
-            self._variable,
-            len(self.dependents),
-            len(self.depends_on),
-        )
+        return f"[{self._variable}, {len(self.dependents)} dependents, depends on {len(self.depends_on)}]"
 
     def __eq__(self, other):
         return (
@@ -1030,9 +1028,9 @@ class DDG(Analysis):
 
         if not action.data.reg_deps and not action.data.tmp_deps:
             # might be a constant assignment
-            v = action.data.ast
+            v: claripy.ast.BV = action.data.ast
             if not v.symbolic:
-                const_var = SimConstantVariable(v.concrete_value)
+                const_var = SimConstantVariable(value=v.concrete_value, size=v.size())
                 const_progvar = ProgramVariable(const_var, prog_var.location)
                 self._data_graph_add_edge(const_progvar, prog_var, type="mem_data")
 
@@ -1109,7 +1107,8 @@ class DDG(Analysis):
                 elif isinstance(statement.data, pyvex.IRExpr.Const):
                     # assignment
                     const = statement.data.con.value
-                    self._ast_graph.add_edge(ProgramVariable(SimConstantVariable(const), location), pv)
+                    size = statement.data.con.size
+                    self._ast_graph.add_edge(ProgramVariable(SimConstantVariable(value=const, size=size), location), pv)
 
     def _handle_reg_read(self, action, location, state, statement):  # pylint:disable=unused-argument
         reg_offset = action.offset
@@ -1140,7 +1139,7 @@ class DDG(Analysis):
         elif reg_offset == self.project.arch.bp_offset:
             self._custom_data_per_statement = ("bp", 0)
 
-    def _handle_reg_write(self, action, location, state, statement):  # pylint:disable=unused-argument
+    def _handle_reg_write(self, action, location, state, statement: pyvex.stmt.Put):  # pylint:disable=unused-argument
         reg_offset = action.offset
         variable = SimRegisterVariable(reg_offset, action.data.ast.size() // 8)
 
@@ -1157,9 +1156,9 @@ class DDG(Analysis):
         if not action.reg_deps and not action.tmp_deps:
             # moving a constant into the register
             # try to parse out the constant from statement
-            const_variable = SimConstantVariable()
+            const_variable = SimConstantVariable(size=1)
             if statement is not None and isinstance(statement.data, pyvex.IRExpr.Const):
-                const_variable = SimConstantVariable(value=statement.data.con.value)
+                const_variable = SimConstantVariable(value=statement.data.con.value, size=statement.data.con.size)
             const_pv = ProgramVariable(const_variable, location, arch=self.project.arch)
             self._data_graph_add_edge(const_pv, pv)
 
@@ -1187,7 +1186,7 @@ class DDG(Analysis):
         ast = None
 
         tmp = action.tmp
-        pv = ProgramVariable(SimTemporaryVariable(tmp), location, arch=self.project.arch)
+        pv = ProgramVariable(SimTemporaryVariable(tmp, len(action.data)), location, arch=self.project.arch)
 
         if ast is not None:
             for operand in ast.operands:
@@ -1230,12 +1229,12 @@ class DDG(Analysis):
         if not action.tmp_deps and not self._variables_per_statement and not ast:
             # read in a constant
             # try to parse out the constant from statement
-            const_variable = SimConstantVariable()
+            const_variable = SimConstantVariable(size=1)
             if statement is not None:
                 if isinstance(statement, pyvex.IRStmt.Dirty):
                     l.warning("Dirty statements are not supported in DDG for now.")
                 elif isinstance(statement.data, pyvex.IRExpr.Const):
-                    const_variable = SimConstantVariable(value=statement.data.con.value)
+                    const_variable = SimConstantVariable(value=statement.data.con.value, size=statement.data.con.size)
             const_pv = ProgramVariable(const_variable, location, arch=self.project.arch)
             self._data_graph_add_edge(const_pv, pv)
 
@@ -1296,7 +1295,7 @@ class DDG(Analysis):
                 const_value = expr_1.ast.args[0]
                 tmp = next(iter(expr_0.tmp_deps))
 
-                const_def = ProgramVariable(SimConstantVariable(const_value), location)
+                const_def = ProgramVariable(SimConstantVariable(value=const_value, size=len(expr_1.ast)), location)
                 tmp_def = self._temp_variables[tmp]
                 return AST("-", tmp_def, const_def)
 
@@ -1310,7 +1309,7 @@ class DDG(Analysis):
                 const_value = expr_1.ast.args[0]
                 tmp = next(iter(expr_0.tmp_deps))
 
-                const_def = ProgramVariable(SimConstantVariable(const_value), location)
+                const_def = ProgramVariable(SimConstantVariable(value=const_value, size=len(expr_1.ast)), location)
                 tmp_def = self._temp_variables[tmp]
                 return AST("+", tmp_def, const_def)
 

angr/analyses/decompiler/__init__.py

@@ -20,22 +20,22 @@ StructuredCodeGenerator = CStructuredCodeGenerator
 
 
 __all__ = (
-    "RegionIdentifier",
+    "DECOMPILATION_PRESETS",
+    "AILSimplifier",
+    "BlockSimplifier",
     "CStructuredCodeGenerator",
-    "ImportSourceCode",
+    "CallSiteMaker",
     "Clinic",
-    "RegionSimplifier",
     "Decompiler",
-    "options",
-    "options_by_category",
-    "BlockSimplifier",
-    "CallSiteMaker",
-    "AILSimplifier",
-    "Ssailification",
     "GraphDephication",
+    "ImportSourceCode",
+    "RegionIdentifier",
+    "RegionSimplifier",
     "SeqNodeDephication",
-    "DECOMPILATION_PRESETS",
-    "structuring",
-    "optimization_passes",
+    "Ssailification",
     "StructuredCodeGenerator",
+    "optimization_passes",
+    "options",
+    "options_by_category",
+    "structuring",
 )

angr/analyses/decompiler/ail_simplifier.py

@@ -24,6 +24,7 @@ from ailment.expression import (
     VirtualVariable,
 )
 
+from angr.analyses.s_propagator import SPropagatorAnalysis
 from angr.analyses.s_reaching_definitions import SRDAModel
 from angr.utils.ail import is_phi_assignment, HasExprWalker
 from angr.code_location import CodeLocation, ExternalCodeLocation
@@ -96,6 +97,7 @@ class AILSimplifier(Analysis):
         rewrite_ccalls=True,
         removed_vvar_ids: set[int] | None = None,
         arg_vvars: dict[int, tuple[VirtualVariable, SimVariable]] | None = None,
+        avoid_vvar_ids: set[int] | None = None,
     ):
         self.func = func
         self.func_graph = func_graph if func_graph is not None else func.graph
@@ -114,6 +116,7 @@ class AILSimplifier(Analysis):
         self._should_rewrite_ccalls = rewrite_ccalls
         self._removed_vvar_ids = removed_vvar_ids if removed_vvar_ids is not None else set()
         self._arg_vvars = arg_vvars
+        self._avoid_vvar_ids = avoid_vvar_ids
 
         self._calls_to_remove: set[CodeLocation] = set()
         self._assignments_to_remove: set[CodeLocation] = set()
@@ -213,11 +216,11 @@ class AILSimplifier(Analysis):
         self._reaching_definitions = rd
         return rd
 
-    def _compute_propagation(self, immediate_stmt_removal: bool = False):
+    def _compute_propagation(self, immediate_stmt_removal: bool = False) -> SPropagatorAnalysis:
         # Propagate expressions or return the existing result
         if self._propagator is not None:
             return self._propagator
-        prop = self.project.analyses.SPropagator(
+        prop = self.project.analyses[SPropagatorAnalysis].prep()(
             subject=self.func,
             func_graph=self.func_graph,
             # gp=self._gp,
@@ -551,7 +554,9 @@ class AILSimplifier(Analysis):
             if (
                 first_op.op == "And"
                 and isinstance(first_op.operands[1], Const)
-                and (second_op is None or isinstance(second_op, BinaryOp) and isinstance(second_op.operands[1], Const))
+                and (
+                    second_op is None or (isinstance(second_op, BinaryOp) and isinstance(second_op.operands[1], Const))
+                )
             ):
                 mask = first_op.operands[1].value
                 if mask == 0xFF:
@@ -614,6 +619,17 @@ class AILSimplifier(Analysis):
                 stmt.ins_addr for stmt in block.statements
             }.intersection(insn_addrs_using_stack_args)
 
+            # remove virtual variables in the avoid list
+            if self._avoid_vvar_ids:
+                filtered_reps = {}
+                for loc, rep_dict in reps.items():
+                    filtered_reps[loc] = {
+                        k: v
+                        for k, v in rep_dict.items()
+                        if not (isinstance(k, VirtualVariable) and k.varid in self._avoid_vvar_ids)
+                    }
+                reps = filtered_reps
+
             r, new_block = BlockSimplifier._replace_and_build(block, reps, gp=self._gp, replace_loads=replace_loads)
             replaced |= r
             self.blocks[block] = new_block
@@ -747,10 +763,8 @@ class AILSimplifier(Analysis):
                 # the definition is in a callee function
                 continue
 
-            if (
-                isinstance(the_def.codeloc, ExternalCodeLocation)
-                or isinstance(eq.atom1, VirtualVariable)
-                and eq.atom1.was_parameter
+            if isinstance(the_def.codeloc, ExternalCodeLocation) or (
+                isinstance(eq.atom1, VirtualVariable) and eq.atom1.was_parameter
             ):
                 # this is a function argument. we enter a slightly different logic and try to eliminate copies of this
                 # argument if
@@ -764,10 +778,8 @@ class AILSimplifier(Analysis):
 
                 if defs and len(defs) == 1:
                     arg_copy_def = defs[0]
-                    if (
-                        isinstance(arg_copy_def.atom, atoms.VirtualVariable)
-                        and arg_copy_def.atom.was_stack
-                        or (isinstance(arg_copy_def.atom, atoms.VirtualVariable) and arg_copy_def.atom.was_reg)
+                    if (isinstance(arg_copy_def.atom, atoms.VirtualVariable) and arg_copy_def.atom.was_stack) or (
+                        isinstance(arg_copy_def.atom, atoms.VirtualVariable) and arg_copy_def.atom.was_reg
                     ):
                         # found the copied definition (either a stack variable or a register variable)
 
@@ -918,7 +930,7 @@ class AILSimplifier(Analysis):
                             continue
                         block = addr_and_idx_to_block[(use_loc.block_addr, use_loc.block_idx)]
                         stmt = block.statements[use_loc.stmt_idx]
-                        if isinstance(stmt, Assignment) or isinstance(replace_with, Load) and isinstance(stmt, Store):
+                        if isinstance(stmt, Assignment) or (isinstance(replace_with, Load) and isinstance(stmt, Store)):
                             assignment_ctr += 1
                     if assignment_ctr > 1:
                         continue

angr/analyses/decompiler/block_similarity.py

@@ -127,10 +127,8 @@ def _kmp_search_ail_obj(search_pattern, stmt_seq, graph=None, partial=True):
     start_pos = 0
     match_len = 0
     for c in stmt_seq:
-        while (
-            match_len == len(search_pattern)
-            or match_len >= 0
-            and not is_similar(search_pattern[match_len], c, graph=graph, partial=partial)
+        while match_len == len(search_pattern) or (
+            match_len >= 0 and not is_similar(search_pattern[match_len], c, graph=graph, partial=partial)
         ):
             start_pos += shifts[match_len]
             match_len -= shifts[match_len]

angr/analyses/decompiler/block_simplifier.py

@@ -2,10 +2,10 @@
 from __future__ import annotations
 import logging
 from typing import TYPE_CHECKING
-from collections.abc import Iterable
+from collections.abc import Iterable, Mapping
 
 from ailment.statement import Statement, Assignment, Call, Store, Jump
-from ailment.expression import Tmp, Load, Const, Register, Convert
+from ailment.expression import Tmp, Load, Const, Register, Convert, Expression
 from ailment import AILBlockWalkerBase
 
 from angr.code_location import ExternalCodeLocation, CodeLocation
@@ -139,7 +139,7 @@ class BlockSimplifier(Analysis):
 
         self.result_block = block
 
-    def _compute_propagation(self, block):
+    def _compute_propagation(self, block) -> SPropagatorAnalysis:
         if self._propagator is None:
             self._propagator = self.project.analyses[SPropagatorAnalysis].prep()(
                 subject=block,
@@ -155,7 +155,6 @@ class BlockSimplifier(Analysis):
                 .prep()(
                     subject=block,
                     track_tmps=True,
-                    stack_pointer_tracker=self._stack_pointer_tracker,
                     func_addr=self.func_addr,
                 )
                 .model
@@ -201,8 +200,8 @@ class BlockSimplifier(Analysis):
 
     @staticmethod
     def _replace_and_build(
-        block,
-        replacements,
+        block: Block,
+        replacements: Mapping[CodeLocation, Mapping[Expression, Expression]],
         replace_assignment_dsts: bool = False,
         replace_loads: bool = False,
         gp: int | None = None,
@@ -211,14 +210,9 @@ class BlockSimplifier(Analysis):
         new_statements = block.statements[::]
         replaced = False
 
-        stmts_to_remove = set()
         for codeloc, repls in replacements.items():
             for old, new in repls.items():
-                stmt_to_remove = None
-                if isinstance(new, dict):
-                    stmt_to_remove = new["stmt_to_remove"]
-                    new = new["expr"]
-
+                assert codeloc.stmt_idx is not None
                 stmt = new_statements[codeloc.stmt_idx]
                 if (
                     not replace_loads
@@ -229,7 +223,9 @@ class BlockSimplifier(Analysis):
                     # skip memory-based replacement for non-Call and non-gp-loading statements
                     continue
                 if stmt == old:
-                    # replace this statement
+                    # the replacement must be a call, since replacements can only be expressions
+                    # and call is the only thing which is both a statement and an expression
+                    assert isinstance(new, Call)
                     r = True
                     new_stmt = new
                 else:
@@ -257,20 +253,13 @@ class BlockSimplifier(Analysis):
                         r, new_stmt = stmt.replace(old, new)
 
                 if r:
+                    assert new_stmt is not None
                     replaced = True
                     new_statements[codeloc.stmt_idx] = new_stmt
-                    if stmt_to_remove is not None:
-                        stmts_to_remove.add(stmt_to_remove)
 
         if not replaced:
             return False, block
 
-        if stmts_to_remove:
-            stmt_ids_to_remove = {a.stmt_idx for a in stmts_to_remove}
-            all_stmts = {idx: stmt for idx, stmt in enumerate(new_statements) if idx not in stmt_ids_to_remove}
-            filtered_stmts = sorted(all_stmts.items(), key=lambda x: x[0])
-            new_statements = [stmt for _, stmt in filtered_stmts]
-
         new_block = block.copy()
         new_block.statements = new_statements
         return True, new_block

angr/analyses/decompiler/callsite_maker.py

@@ -392,7 +392,7 @@ class CallSiteMaker(Analysis):
         return s
 
     def _determine_variadic_arguments(self, func: Function | None, cc: SimCC, call_stmt) -> int | None:
-        if func is not None and "printf" in func.name or "scanf" in func.name:
+        if (func is not None and "printf" in func.name) or "scanf" in func.name:
             return self._determine_variadic_arguments_for_format_strings(func, cc, call_stmt)
         return None
 

angr/analyses/decompiler/ccall_rewriters/rewriter_base.py

@@ -8,8 +8,8 @@ class CCallRewriterBase:
     """
 
     __slots__ = (
-        "result",
         "arch",
+        "result",
     )
 
     def __init__(self, ccall: ailment.Expr.VEXCCallExpression, arch):