angr 9.2.131__py3-none-manylinux2014_aarch64.whl → 9.2.133__py3-none-manylinux2014_aarch64.whl

angr/analyses/decompiler/dephication/rewriting_engine.py

@@ -5,29 +5,25 @@ import logging
 from ailment.block import Block
 from ailment.statement import Statement, Assignment, Store, Call, Return, ConditionalJump, DirtyStatement
 from ailment.expression import (
-    Register,
+    Expression,
     VirtualVariable,
     Load,
-    Const,
     BinaryOp,
+    UnaryOp,
     Phi,
     Convert,
-    StackBaseOffset,
     ITE,
     VEXCCallExpression,
     DirtyExpression,
 )
 
-from angr.engines.light import SimEngineLight, SimEngineLightAILMixin
+from angr.engines.light import SimEngineNostmtAIL
 
 
 _l = logging.getLogger(__name__)
 
 
-class SimEngineDephiRewriting(
-    SimEngineLightAILMixin,
-    SimEngineLight,
-):
+class SimEngineDephiRewriting(SimEngineNostmtAIL[None, Expression | None, Statement | tuple[Statement, ...], None]):
     """
     This engine rewrites every block to insert phi variables and replaces every used variable with their versioned
     copies at each use location.
@@ -37,15 +33,22 @@ class SimEngineDephiRewriting(
 
     def __init__(
         self,
-        arch,
+        project,
         vvar_to_vvar: dict[int, int],
     ):
-        super().__init__()
+        super().__init__(project)
 
-        self.arch = arch
         self.vvar_to_vvar = vvar_to_vvar
         self.out_block = None
 
+        self._stmt_handlers["IncompleteSwitchCaseHeadStatement"] = self._handle_stmt_IncompleteSwitchCaseHeadStatement
+
+    def _top(self, bits):
+        assert False, "Unreachable"
+
+    def _is_top(self, expr):
+        return False
+
     def append_statement(self, stmt: Statement) -> None:
         if self.out_block is None:
             self.out_block = Block(self.block.addr, self.block.original_size, statements=[], idx=self.block.idx)
@@ -55,18 +58,19 @@ class SimEngineDephiRewriting(
     # Handlers
     #
 
-    def _handle_Stmt(self, stmt: Statement):
-        new_stmt = super()._handle_Stmt(stmt)
-        if new_stmt is not None:
-            if type(new_stmt) is tuple:
-                for s in new_stmt:
-                    self.append_statement(s)
+    def _process_block_end(self, block, stmt_data, whitelist):
+        assert whitelist is None
+        for stmt_idx, new_stmt in enumerate(stmt_data):
+            if new_stmt is not None:
+                if isinstance(new_stmt, tuple):
+                    for stmt_ in new_stmt:
+                        self.append_statement(stmt_)
+                else:
+                    self.append_statement(new_stmt)
             else:
-                self.append_statement(new_stmt)
-        else:
-            self.append_statement(stmt)
+                self.append_statement(block.statements[stmt_idx])
 
-    def _handle_Assignment(self, stmt: Assignment) -> Assignment | tuple[Assignment, ...] | None:
+    def _handle_stmt_Assignment(self, stmt):
         new_src = self._expr(stmt.src)
         new_dst = None
 
@@ -92,7 +96,7 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    def _handle_Store(self, stmt: Store) -> Store | None:
+    def _handle_stmt_Store(self, stmt):
         new_addr = self._expr(stmt.addr)
         new_data = self._expr(stmt.data)
 
@@ -110,7 +114,7 @@ class SimEngineDephiRewriting(
 
         return None
 
-    def _handle_ConditionalJump(self, stmt: ConditionalJump) -> ConditionalJump | None:
+    def _handle_stmt_ConditionalJump(self, stmt):
         new_cond = self._expr(stmt.condition)
         new_true_target = self._expr(stmt.true_target) if stmt.true_target is not None else None
         new_false_target = self._expr(stmt.false_target) if stmt.false_target is not None else None
@@ -127,7 +131,7 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    def _handle_Call(self, stmt: Call) -> Call | None:
+    def _handle_stmt_Call(self, stmt):
         new_target = self._expr(stmt.target) if stmt.target is not None and not isinstance(stmt.target, str) else None
         new_ret_expr = self._expr(stmt.ret_expr) if stmt.ret_expr is not None else None
         new_fp_ret_expr = self._expr(stmt.fp_ret_expr) if stmt.fp_ret_expr is not None else None
@@ -146,24 +150,19 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    _handle_CallExpr = _handle_Call
-
-    def _handle_DirtyStatement(self, stmt: DirtyStatement) -> DirtyStatement | None:
+    def _handle_stmt_DirtyStatement(self, stmt: DirtyStatement) -> DirtyStatement | None:
         dirty = self._expr(stmt.dirty)
         if dirty is None or dirty is stmt.dirty:
             return None
         return DirtyStatement(stmt.idx, dirty, **stmt.tags)
 
-    def _handle_Register(self, expr: Register) -> None:
-        return None
-
-    def _handle_Load(self, expr: Load) -> Load | None:
+    def _handle_expr_Load(self, expr):
         new_addr = self._expr(expr.addr)
         if new_addr is not None:
             return Load(expr.idx, new_addr, expr.size, expr.endness, guard=expr.guard, alt=expr.alt, **expr.tags)
         return None
 
-    def _handle_Convert(self, expr: Convert) -> Convert | None:
+    def _handle_expr_Convert(self, expr):
         new_operand = self._expr(expr.operand)
         if new_operand is not None:
             return Convert(
@@ -179,13 +178,13 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    def _handle_Const(self, expr: Const) -> None:
+    def _handle_expr_Const(self, expr):
         return None
 
-    def _handle_Phi(self, expr: Phi) -> None:
+    def _handle_expr_Phi(self, expr: Phi) -> None:
         return None
 
-    def _handle_VirtualVariable(self, expr: VirtualVariable) -> VirtualVariable | None:
+    def _handle_expr_VirtualVariable(self, expr: VirtualVariable) -> VirtualVariable | None:
         if expr.varid in self.vvar_to_vvar:
             return VirtualVariable(
                 expr.idx,
@@ -199,13 +198,13 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    def _handle_Return(self, expr: Return) -> Return | None:
-        if expr.ret_exprs is None:
+    def _handle_stmt_Return(self, stmt):
+        if stmt.ret_exprs is None:
             new_ret_exprs = None
         else:
             updated = False
             new_ret_exprs = []
-            for r in expr.ret_exprs:
+            for r in stmt.ret_exprs:
                 new_r = self._expr(r)
                 if new_r is not None:
                     updated = True
@@ -214,10 +213,13 @@ class SimEngineDephiRewriting(
                 new_ret_exprs = None
 
         if new_ret_exprs:
-            return Return(expr.idx, new_ret_exprs, **expr.tags)
+            return Return(stmt.idx, new_ret_exprs, **stmt.tags)
+        return None
+
+    def _handle_stmt_IncompleteSwitchCaseHeadStatement(self, stmt):
         return None
 
-    def _handle_BinaryOp(self, expr: BinaryOp) -> BinaryOp | None:
+    def _handle_expr_BinaryOp(self, expr):
         new_op0 = self._expr(expr.operands[0])
         new_op1 = self._expr(expr.operands[1])
 
@@ -233,13 +235,24 @@ class SimEngineDephiRewriting(
                 bits=expr.bits,
                 floating_point=expr.floating_point,
                 rounding_mode=expr.rounding_mode,
-                from_bits=expr.from_bits,
-                to_bits=expr.to_bits,
                 **expr.tags,
             )
         return None
 
-    def _handle_ITE(self, expr: ITE) -> ITE | None:
+    def _handle_expr_UnaryOp(self, expr):
+        new_op0 = self._expr(expr.operands[0])
+
+        if new_op0 is not None:
+            return UnaryOp(
+                expr.idx,
+                expr.op,
+                expr.operands[0] if new_op0 is None else new_op0,
+                bits=expr.bits,
+                **expr.tags,
+            )
+        return None
+
+    def _handle_expr_ITE(self, expr):
         new_cond = self._expr(expr.cond)
         new_iftrue = self._expr(expr.iftrue)
         new_iffalse = self._expr(expr.iffalse)
@@ -275,7 +288,7 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    def _handle_DirtyExpression(self, expr: DirtyExpression) -> DirtyExpression | None:
+    def _handle_expr_DirtyExpression(self, expr: DirtyExpression) -> DirtyExpression | None:
         new_operands = []
         updated = False
         for o in expr.operands:
@@ -306,5 +319,116 @@ class SimEngineDephiRewriting(
             )
         return None
 
-    def _handle_StackBaseOffset(self, expr: StackBaseOffset) -> None:
+    def _handle_expr_BasePointerOffset(self, expr):
+        return None
+
+    def _handle_expr_StackBaseOffset(self, expr):
+        return None
+
+    def _handle_expr_Call(self, expr: Call):
+        new_target = self._expr(expr.target) if expr.target is not None and not isinstance(expr.target, str) else None
+        new_ret_expr = self._expr(expr.ret_expr) if expr.ret_expr is not None else None
+        new_fp_ret_expr = self._expr(expr.fp_ret_expr) if expr.fp_ret_expr is not None else None
+
+        if new_target is not None or new_ret_expr is not None or new_fp_ret_expr is not None:
+            return Call(
+                expr.idx,
+                expr.target if new_target is None else new_target,
+                calling_convention=expr.calling_convention,
+                prototype=expr.prototype,
+                args=expr.args,
+                ret_expr=expr.ret_expr if new_ret_expr is None else new_ret_expr,
+                fp_ret_expr=expr.fp_ret_expr if new_fp_ret_expr is None else new_fp_ret_expr,
+                bits=expr.bits,
+                **expr.tags,
+            )
+        return None
+
+    def _handle_expr_DirtyExpression(self, expr):
         return None
+
+    def _handle_expr_MultiStatementExpression(self, expr):
+        return None
+
+    def _handle_expr_Register(self, expr):
+        return None
+
+    def _handle_expr_Reinterpret(self, expr):
+        return None
+
+    def _handle_expr_Tmp(self, expr):
+        return None
+
+    def _handle_expr_VEXCCallExpression(self, expr):
+        return None
+
+    def _unreachable(self, *args, **kwargs):
+        assert False
+
+    _handle_binop_Add = _unreachable
+    _handle_binop_AddF = _unreachable
+    _handle_binop_AddV = _unreachable
+    _handle_binop_And = _unreachable
+    _handle_binop_Carry = _unreachable
+    _handle_binop_CmpEQ = _unreachable
+    _handle_binop_CmpF = _unreachable
+    _handle_binop_CmpGE = _unreachable
+    _handle_binop_CmpGT = _unreachable
+    _handle_binop_CmpLE = _unreachable
+    _handle_binop_CmpLT = _unreachable
+    _handle_binop_CmpNE = _unreachable
+    _handle_binop_Concat = _unreachable
+    _handle_binop_Div = _unreachable
+    _handle_binop_DivF = _unreachable
+    _handle_binop_DivV = _unreachable
+    _handle_binop_LogicalAnd = _unreachable
+    _handle_binop_LogicalOr = _unreachable
+    _handle_binop_Mod = _unreachable
+    _handle_binop_Mul = _unreachable
+    _handle_binop_Mull = _unreachable
+    _handle_binop_MulF = _unreachable
+    _handle_binop_MulV = _unreachable
+    _handle_binop_MulHiV = _unreachable
+    _handle_binop_Or = _unreachable
+    _handle_binop_Rol = _unreachable
+    _handle_binop_Ror = _unreachable
+    _handle_binop_SBorrow = _unreachable
+    _handle_binop_SCarry = _unreachable
+    _handle_binop_Sar = _unreachable
+    _handle_binop_Shl = _unreachable
+    _handle_binop_Shr = _unreachable
+    _handle_binop_Sub = _unreachable
+    _handle_binop_SubF = _unreachable
+    _handle_binop_SubV = _unreachable
+    _handle_binop_Xor = _unreachable
+    _handle_binop_InterleaveLOV = _unreachable
+    _handle_binop_InterleaveHIV = _unreachable
+    _handle_binop_CasCmpEQ = _unreachable
+    _handle_binop_CasCmpNE = _unreachable
+    _handle_binop_ExpCmpNE = _unreachable
+    _handle_binop_SarNV = _unreachable
+    _handle_binop_ShrNV = _unreachable
+    _handle_binop_ShlNV = _unreachable
+    _handle_binop_CmpEQV = _unreachable
+    _handle_binop_CmpNEV = _unreachable
+    _handle_binop_CmpGEV = _unreachable
+    _handle_binop_CmpGTV = _unreachable
+    _handle_binop_CmpLEV = _unreachable
+    _handle_binop_CmpLTV = _unreachable
+    _handle_binop_MinV = _unreachable
+    _handle_binop_MaxV = _unreachable
+    _handle_binop_QAddV = _unreachable
+    _handle_binop_QNarrowBinV = _unreachable
+    _handle_binop_PermV = _unreachable
+    _handle_binop_Set = _unreachable
+    _handle_unop_BitwiseNeg = _unreachable
+    _handle_unop_Dereference = _unreachable
+    _handle_unop_Neg = _unreachable
+    _handle_unop_Not = _unreachable
+    _handle_unop_Reference = _unreachable
+    _handle_unop_Clz = _unreachable
+    _handle_unop_Ctz = _unreachable
+    _handle_unop_GetMSBs = _unreachable
+    _handle_unop_unpack = _unreachable
+    _handle_unop_Sqrt = _unreachable
+    _handle_unop_RSqrtEst = _unreachable

angr/analyses/decompiler/dephication/seqnode_dephication.py

@@ -7,6 +7,7 @@ from ailment.block import Block
 from ailment.statement import Assignment
 from ailment.expression import VirtualVariable, Phi
 
+import angr
 from angr.utils.ail import is_phi_assignment
 from angr.knowledge_plugins.functions import Function
 from angr.analyses import register_analysis
@@ -53,7 +54,7 @@ class SeqNodeRewriter(SequenceWalker):
     variables.
     """
 
-    def __init__(self, seq_node: SequenceNode, vvar_to_vvar: dict[int, int], arch):
+    def __init__(self, seq_node: SequenceNode, vvar_to_vvar: dict[int, int], project: angr.Project):
         super().__init__(
             handlers={
                 Block: self._handle_Block,
@@ -63,7 +64,7 @@ class SeqNodeRewriter(SequenceWalker):
         )
 
         self.vvar_to_vvar = vvar_to_vvar
-        self.engine = SimEngineDephiRewriting(arch, self.vvar_to_vvar)
+        self.engine = SimEngineDephiRewriting(project, self.vvar_to_vvar)
 
         self.output = self.walk(seq_node)
         if self.output is None:
@@ -71,7 +72,7 @@ class SeqNodeRewriter(SequenceWalker):
             self.output = seq_node
 
     def _handle_Assignment(self, stmt: Assignment, **kwargs) -> Assignment:  # pylint:disable=unused-argument
-        return self.engine._handle_Assignment(stmt)
+        return self.engine._handle_stmt_Assignment(stmt)
 
     def _handle_Block(self, block: Block, **kwargs) -> Block | None:  # pylint:disable=unused-argument
         self.engine.out_block = None
@@ -117,7 +118,7 @@ class SeqNodeDephication(DephicationBase):
         return collector.phi_to_src
 
     def _rewrite_container(self) -> Any:
-        rewriter = SeqNodeRewriter(self._seq_node, self.vvar_to_vvar_mapping, self.project.arch)
+        rewriter = SeqNodeRewriter(self._seq_node, self.vvar_to_vvar_mapping, self.project)
         return rewriter.output
 
 

angr/analyses/decompiler/expression_narrower.py

@@ -31,7 +31,7 @@ class ExprNarrowingInfo:
     Stores the analysis result of _narrowing_needed().
     """
 
-    __slots__ = ("narrowable", "to_size", "use_exprs", "phi_vars")
+    __slots__ = ("narrowable", "phi_vars", "to_size", "use_exprs")
 
     def __init__(
         self,

angr/analyses/decompiler/graph_region.py

@@ -23,15 +23,15 @@ class GraphRegion:
     """
 
     __slots__ = (
-        "head",
-        "graph",
-        "successors",
-        "graph_with_successors",
-        "cyclic",
-        "full_graph",
-        "cyclic_ancestor",
         "_node_to_replaced_regions",
         "_replaced_regions",
+        "cyclic",
+        "cyclic_ancestor",
+        "full_graph",
+        "graph",
+        "graph_with_successors",
+        "head",
+        "successors",
     )
 
     def __init__(
@@ -74,7 +74,7 @@ class GraphRegion:
         if addrs:
             s = f": {min(addrs):#x}-{max(addrs):#x}"
 
-        return "<GraphRegion %r of %d nodes%s>" % (self.head, self.graph.number_of_nodes(), s)
+        return f"<GraphRegion {self.head!r} of {self.graph.number_of_nodes()} nodes{s}>"
 
     def copy(self) -> GraphRegion:
         return GraphRegion(

angr/analyses/decompiler/optimization_passes/__init__.py

@@ -107,37 +107,37 @@ def register_optimization_pass(opt_pass, *, presets: list[str | DecompilationPre
 
 
 __all__ = (
-    "OptimizationPassStage",
-    "StackCanarySimplifier",
+    "ALL_OPTIMIZATION_PASSES",
+    "CONDENSING_OPTS",
+    "DUPLICATING_OPTS",
     "BasePointerSaveSimplifier",
+    "CallStatementRewriter",
+    "CodeMotionOptimization",
+    "ConstPropOptReverter",
+    "ConstantDereferencesSimplifier",
+    "CrossJumpReverter",
+    "DeadblockRemover",
+    "DivSimplifier",
+    "DuplicationReverter",
     "ExprOpSwapper",
-    "ITERegionConverter",
+    "FlipBooleanCmp",
     "ITEExprConverter",
+    "ITERegionConverter",
+    "InlinedStringTransformationSimplifier",
     "LoweredSwitchSimplifier",
-    "DivSimplifier",
     "ModSimplifier",
-    "ReturnDuplicatorLow",
-    "ReturnDuplicatorHigh",
-    "ConstantDereferencesSimplifier",
+    "OptimizationPassStage",
     "RegisterSaveAreaSimplifier",
     "RetAddrSaveSimplifier",
-    "X86GccGetPcSimplifier",
-    "FlipBooleanCmp",
     "ReturnDeduplicator",
-    "WinStackCanarySimplifier",
-    "CrossJumpReverter",
-    "CodeMotionOptimization",
+    "ReturnDuplicatorHigh",
+    "ReturnDuplicatorLow",
+    "StackCanarySimplifier",
     "SwitchDefaultCaseDuplicator",
     "SwitchReusedEntryRewriter",
-    "DeadblockRemover",
-    "InlinedStringTransformationSimplifier",
-    "ConstPropOptReverter",
-    "CallStatementRewriter",
-    "DuplicationReverter",
     "TagSlicer",
-    "ALL_OPTIMIZATION_PASSES",
-    "DUPLICATING_OPTS",
-    "CONDENSING_OPTS",
+    "WinStackCanarySimplifier",
+    "X86GccGetPcSimplifier",
     "get_optimization_passes",
     "register_optimization_pass",
 )

angr/analyses/decompiler/optimization_passes/const_derefs.py

@@ -212,6 +212,7 @@ class BlockWalker(AILBlockWalker):
                 expr.signed,
                 variable=expr.variable,
                 variable_offset=expr.variable_offset,
+                bits=expr.bits,
                 **expr.tags,
             )
         return None

angr/analyses/decompiler/optimization_passes/deadblock_remover.py

@@ -50,8 +50,7 @@ class DeadblockRemover(OptimizationPass):
         to_remove = {
             blk
             for blk in self._graph.nodes()
-            if blk.addr != self._func.addr
-            and self._graph.in_degree(blk) == 0
+            if (blk.addr != self._func.addr and self._graph.in_degree(blk) == 0)
             or claripy.is_false(cond_proc.reaching_conditions[blk])
         }