angr 9.2.132__py3-none-macosx_11_0_arm64.whl → 9.2.133__py3-none-macosx_11_0_arm64.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of angr might be problematic. Click here for more details.
- angr/__init__.py +128 -128
- angr/analyses/__init__.py +38 -38
- angr/analyses/backward_slice.py +3 -4
- angr/analyses/binary_optimizer.py +5 -12
- angr/analyses/bindiff.py +3 -6
- angr/analyses/calling_convention.py +3 -4
- angr/analyses/cfg/__init__.py +3 -3
- angr/analyses/cfg/cfg_base.py +1 -1
- angr/analyses/cfg/cfg_fast.py +17 -15
- angr/analyses/cfg/indirect_jump_resolvers/__init__.py +5 -5
- angr/analyses/cfg/indirect_jump_resolvers/amd64_elf_got.py +1 -1
- angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +9 -7
- angr/analyses/data_dep/__init__.py +4 -4
- angr/analyses/datagraph_meta.py +1 -1
- angr/analyses/ddg.py +2 -6
- angr/analyses/decompiler/__init__.py +12 -12
- angr/analyses/decompiler/ail_simplifier.py +21 -10
- angr/analyses/decompiler/block_similarity.py +2 -4
- angr/analyses/decompiler/callsite_maker.py +1 -1
- angr/analyses/decompiler/ccall_rewriters/rewriter_base.py +1 -1
- angr/analyses/decompiler/clinic.py +14 -7
- angr/analyses/decompiler/condition_processor.py +45 -29
- angr/analyses/decompiler/counters/__init__.py +3 -3
- angr/analyses/decompiler/decompilation_cache.py +7 -7
- angr/analyses/decompiler/dephication/__init__.py +1 -1
- angr/analyses/decompiler/dephication/graph_vvar_mapping.py +11 -3
- angr/analyses/decompiler/expression_narrower.py +1 -1
- angr/analyses/decompiler/graph_region.py +8 -8
- angr/analyses/decompiler/optimization_passes/__init__.py +20 -20
- angr/analyses/decompiler/optimization_passes/deadblock_remover.py +1 -2
- angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +8 -7
- angr/analyses/decompiler/optimization_passes/duplication_reverter/utils.py +1 -3
- angr/analyses/decompiler/optimization_passes/engine_base.py +1 -1
- angr/analyses/decompiler/optimization_passes/inlined_string_transformation_simplifier.py +2 -4
- angr/analyses/decompiler/optimization_passes/ite_region_converter.py +2 -5
- angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +5 -5
- angr/analyses/decompiler/optimization_passes/mod_simplifier.py +9 -3
- angr/analyses/decompiler/optimization_passes/optimization_pass.py +3 -0
- angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +9 -5
- angr/analyses/decompiler/peephole_optimizations/__init__.py +1 -1
- angr/analyses/decompiler/peephole_optimizations/base.py +6 -6
- angr/analyses/decompiler/peephole_optimizations/rewrite_bit_extractions.py +1 -1
- angr/analyses/decompiler/presets/__init__.py +1 -1
- angr/analyses/decompiler/region_simplifiers/expr_folding.py +3 -3
- angr/analyses/decompiler/region_simplifiers/switch_cluster_simplifier.py +8 -12
- angr/analyses/decompiler/ssailification/rewriting_engine.py +1 -1
- angr/analyses/decompiler/structured_codegen/__init__.py +5 -5
- angr/analyses/decompiler/structured_codegen/base.py +3 -3
- angr/analyses/decompiler/structured_codegen/c.py +34 -37
- angr/analyses/decompiler/structuring/__init__.py +3 -3
- angr/analyses/decompiler/structuring/phoenix.py +19 -20
- angr/analyses/decompiler/structuring/structurer_base.py +2 -2
- angr/analyses/decompiler/structuring/structurer_nodes.py +14 -14
- angr/analyses/deobfuscator/__init__.py +3 -3
- angr/analyses/deobfuscator/string_obf_opt_passes.py +1 -1
- angr/analyses/disassembly.py +4 -4
- angr/analyses/forward_analysis/__init__.py +1 -1
- angr/analyses/forward_analysis/visitors/graph.py +6 -6
- angr/analyses/loop_analysis.py +1 -1
- angr/analyses/loopfinder.py +1 -1
- angr/analyses/propagator/outdated_definition_walker.py +12 -6
- angr/analyses/propagator/vex_vars.py +3 -3
- angr/analyses/reaching_definitions/__init__.py +9 -9
- angr/analyses/reaching_definitions/call_trace.py +2 -2
- angr/analyses/reaching_definitions/function_handler_library/__init__.py +1 -1
- angr/analyses/reaching_definitions/rd_state.py +10 -10
- angr/analyses/reassembler.py +26 -31
- angr/analyses/s_liveness.py +8 -0
- angr/analyses/s_reaching_definitions/s_rda_view.py +2 -5
- angr/analyses/stack_pointer_tracker.py +4 -4
- angr/analyses/typehoon/simple_solver.py +7 -9
- angr/analyses/typehoon/translator.py +2 -2
- angr/analyses/typehoon/typeconsts.py +1 -1
- angr/analyses/typehoon/typevars.py +17 -19
- angr/analyses/unpacker/__init__.py +1 -1
- angr/analyses/variable_recovery/engine_base.py +3 -4
- angr/analyses/variable_recovery/variable_recovery_base.py +1 -1
- angr/analyses/variable_recovery/variable_recovery_fast.py +2 -6
- angr/analyses/veritesting.py +2 -2
- angr/analyses/vfg.py +5 -5
- angr/angrdb/serializers/__init__.py +1 -1
- angr/annocfg.py +1 -1
- angr/blade.py +2 -2
- angr/block.py +16 -16
- angr/calling_conventions.py +11 -13
- angr/code_location.py +6 -10
- angr/codenode.py +3 -3
- angr/engines/__init__.py +12 -14
- angr/engines/engine.py +1 -54
- angr/engines/light/__init__.py +4 -4
- angr/engines/light/data.py +1 -1
- angr/engines/pcode/__init__.py +1 -1
- angr/engines/pcode/behavior.py +1 -1
- angr/engines/pcode/lifter.py +13 -15
- angr/engines/soot/expressions/__init__.py +12 -12
- angr/engines/soot/statements/__init__.py +6 -6
- angr/engines/soot/values/__init__.py +6 -6
- angr/engines/soot/values/arrayref.py +2 -2
- angr/engines/soot/values/constants.py +1 -1
- angr/engines/soot/values/instancefieldref.py +1 -1
- angr/engines/soot/values/paramref.py +1 -1
- angr/engines/soot/values/staticfieldref.py +1 -1
- angr/engines/successors.py +2 -5
- angr/engines/vex/__init__.py +5 -5
- angr/engines/vex/claripy/ccall.py +2 -2
- angr/engines/vex/claripy/irop.py +18 -18
- angr/engines/vex/heavy/__init__.py +2 -2
- angr/engines/vex/heavy/actions.py +1 -3
- angr/engines/vex/heavy/heavy.py +4 -6
- angr/engines/vex/lifter.py +2 -4
- angr/engines/vex/light/light.py +0 -2
- angr/engines/vex/light/slicing.py +3 -3
- angr/exploration_techniques/__init__.py +18 -18
- angr/exploration_techniques/threading.py +0 -6
- angr/factory.py +36 -6
- angr/keyed_region.py +4 -4
- angr/knowledge_base.py +1 -1
- angr/knowledge_plugins/__init__.py +11 -11
- angr/knowledge_plugins/cfg/__init__.py +5 -5
- angr/knowledge_plugins/cfg/cfg_manager.py +2 -2
- angr/knowledge_plugins/cfg/cfg_model.py +8 -8
- angr/knowledge_plugins/cfg/cfg_node.py +19 -19
- angr/knowledge_plugins/cfg/indirect_jump.py +6 -6
- angr/knowledge_plugins/cfg/memory_data.py +5 -7
- angr/knowledge_plugins/functions/function.py +48 -52
- angr/knowledge_plugins/functions/function_parser.py +4 -4
- angr/knowledge_plugins/key_definitions/__init__.py +3 -3
- angr/knowledge_plugins/key_definitions/atoms.py +6 -6
- angr/knowledge_plugins/key_definitions/definition.py +1 -1
- angr/knowledge_plugins/key_definitions/live_definitions.py +14 -14
- angr/knowledge_plugins/labels.py +1 -1
- angr/knowledge_plugins/propagations/__init__.py +1 -1
- angr/knowledge_plugins/propagations/prop_value.py +2 -2
- angr/knowledge_plugins/propagations/propagation_model.py +7 -8
- angr/knowledge_plugins/propagations/states.py +31 -31
- angr/knowledge_plugins/variables/variable_access.py +2 -2
- angr/knowledge_plugins/variables/variable_manager.py +1 -1
- angr/knowledge_plugins/xrefs/xref.py +5 -8
- angr/lib/angr_native.dylib +0 -0
- angr/misc/__init__.py +4 -4
- angr/misc/hookset.py +4 -5
- angr/misc/loggers.py +2 -2
- angr/misc/telemetry.py +1 -1
- angr/procedures/__init__.py +1 -1
- angr/procedures/cgc/fdwait.py +2 -2
- angr/procedures/definitions/__init__.py +2 -2
- angr/procedures/definitions/linux_kernel.py +0 -1
- angr/procedures/definitions/parse_syscalls_from_local_system.py +1 -1
- angr/procedures/definitions/parse_win32json.py +0 -1
- angr/procedures/ntdll/exceptions.py +1 -1
- angr/procedures/stubs/format_parser.py +3 -3
- angr/procedures/win32/dynamic_loading.py +1 -1
- angr/protos/__init__.py +3 -3
- angr/sim_manager.py +2 -2
- angr/sim_state.py +1 -1
- angr/sim_state_options.py +3 -3
- angr/sim_type.py +10 -14
- angr/sim_variable.py +13 -17
- angr/simos/__init__.py +4 -4
- angr/simos/cgc.py +1 -1
- angr/simos/simos.py +1 -1
- angr/simos/userland.py +1 -1
- angr/slicer.py +4 -7
- angr/state_plugins/__init__.py +34 -34
- angr/state_plugins/callstack.py +5 -12
- angr/state_plugins/heap/__init__.py +2 -2
- angr/state_plugins/heap/heap_brk.py +2 -4
- angr/state_plugins/heap/heap_ptmalloc.py +1 -1
- angr/state_plugins/jni_references.py +3 -2
- angr/state_plugins/scratch.py +1 -1
- angr/state_plugins/sim_action.py +1 -4
- angr/state_plugins/sim_event.py +1 -1
- angr/state_plugins/solver.py +7 -9
- angr/state_plugins/uc_manager.py +1 -1
- angr/state_plugins/view.py +2 -2
- angr/storage/__init__.py +1 -1
- angr/storage/file.py +10 -10
- angr/storage/memory_mixins/__init__.py +46 -46
- angr/storage/memory_mixins/default_filler_mixin.py +1 -3
- angr/storage/memory_mixins/javavm_memory_mixin.py +2 -2
- angr/storage/memory_mixins/name_resolution_mixin.py +2 -2
- angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py +1 -3
- angr/storage/memory_mixins/paged_memory/pages/__init__.py +6 -6
- angr/storage/memory_mixins/paged_memory/pages/list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/multi_values.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py +1 -1
- angr/storage/memory_mixins/paged_memory/pages/ultra_page.py +2 -4
- angr/storage/memory_mixins/regioned_memory/__init__.py +3 -3
- angr/storage/memory_mixins/regioned_memory/region_data.py +5 -5
- angr/storage/memory_mixins/regioned_memory/region_meta_mixin.py +7 -9
- angr/storage/memory_mixins/regioned_memory/regioned_memory_mixin.py +4 -4
- angr/storage/memory_object.py +4 -4
- angr/utils/__init__.py +3 -3
- angr/utils/dynamic_dictlist.py +1 -1
- angr/utils/graph.py +1 -1
- angr/utils/segment_list.py +2 -2
- angr/utils/ssa/__init__.py +12 -5
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/METADATA +6 -6
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/RECORD +203 -203
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/LICENSE +0 -0
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/WHEEL +0 -0
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/entry_points.txt +0 -0
- {angr-9.2.132.dist-info → angr-9.2.133.dist-info}/top_level.txt +0 -0
|
@@ -107,37 +107,37 @@ def register_optimization_pass(opt_pass, *, presets: list[str | DecompilationPre
|
|
|
107
107
|
|
|
108
108
|
|
|
109
109
|
__all__ = (
|
|
110
|
-
"
|
|
111
|
-
"
|
|
110
|
+
"ALL_OPTIMIZATION_PASSES",
|
|
111
|
+
"CONDENSING_OPTS",
|
|
112
|
+
"DUPLICATING_OPTS",
|
|
112
113
|
"BasePointerSaveSimplifier",
|
|
114
|
+
"CallStatementRewriter",
|
|
115
|
+
"CodeMotionOptimization",
|
|
116
|
+
"ConstPropOptReverter",
|
|
117
|
+
"ConstantDereferencesSimplifier",
|
|
118
|
+
"CrossJumpReverter",
|
|
119
|
+
"DeadblockRemover",
|
|
120
|
+
"DivSimplifier",
|
|
121
|
+
"DuplicationReverter",
|
|
113
122
|
"ExprOpSwapper",
|
|
114
|
-
"
|
|
123
|
+
"FlipBooleanCmp",
|
|
115
124
|
"ITEExprConverter",
|
|
125
|
+
"ITERegionConverter",
|
|
126
|
+
"InlinedStringTransformationSimplifier",
|
|
116
127
|
"LoweredSwitchSimplifier",
|
|
117
|
-
"DivSimplifier",
|
|
118
128
|
"ModSimplifier",
|
|
119
|
-
"
|
|
120
|
-
"ReturnDuplicatorHigh",
|
|
121
|
-
"ConstantDereferencesSimplifier",
|
|
129
|
+
"OptimizationPassStage",
|
|
122
130
|
"RegisterSaveAreaSimplifier",
|
|
123
131
|
"RetAddrSaveSimplifier",
|
|
124
|
-
"X86GccGetPcSimplifier",
|
|
125
|
-
"FlipBooleanCmp",
|
|
126
132
|
"ReturnDeduplicator",
|
|
127
|
-
"
|
|
128
|
-
"
|
|
129
|
-
"
|
|
133
|
+
"ReturnDuplicatorHigh",
|
|
134
|
+
"ReturnDuplicatorLow",
|
|
135
|
+
"StackCanarySimplifier",
|
|
130
136
|
"SwitchDefaultCaseDuplicator",
|
|
131
137
|
"SwitchReusedEntryRewriter",
|
|
132
|
-
"DeadblockRemover",
|
|
133
|
-
"InlinedStringTransformationSimplifier",
|
|
134
|
-
"ConstPropOptReverter",
|
|
135
|
-
"CallStatementRewriter",
|
|
136
|
-
"DuplicationReverter",
|
|
137
138
|
"TagSlicer",
|
|
138
|
-
"
|
|
139
|
-
"
|
|
140
|
-
"CONDENSING_OPTS",
|
|
139
|
+
"WinStackCanarySimplifier",
|
|
140
|
+
"X86GccGetPcSimplifier",
|
|
141
141
|
"get_optimization_passes",
|
|
142
142
|
"register_optimization_pass",
|
|
143
143
|
)
|
|
@@ -50,8 +50,7 @@ class DeadblockRemover(OptimizationPass):
|
|
|
50
50
|
to_remove = {
|
|
51
51
|
blk
|
|
52
52
|
for blk in self._graph.nodes()
|
|
53
|
-
if blk.addr != self._func.addr
|
|
54
|
-
and self._graph.in_degree(blk) == 0
|
|
53
|
+
if (blk.addr != self._func.addr and self._graph.in_degree(blk) == 0)
|
|
55
54
|
or claripy.is_false(cond_proc.reaching_conditions[blk])
|
|
56
55
|
}
|
|
57
56
|
|
|
@@ -242,11 +242,8 @@ class DuplicationReverter(StructuringOptimizationPass):
|
|
|
242
242
|
target_candidates = []
|
|
243
243
|
for mblock, oblocks in ail_merge_graph.merge_blocks_to_originals.items():
|
|
244
244
|
for oblock in oblocks:
|
|
245
|
-
if (
|
|
246
|
-
isinstance(oblock,
|
|
247
|
-
and oblock.original.addr == target_addr
|
|
248
|
-
or isinstance(oblock, Block)
|
|
249
|
-
and oblock.addr == target_addr
|
|
245
|
+
if (isinstance(oblock, AILBlockSplit) and oblock.original.addr == target_addr) or (
|
|
246
|
+
isinstance(oblock, Block) and oblock.addr == target_addr
|
|
250
247
|
):
|
|
251
248
|
target_candidates.append(mblock)
|
|
252
249
|
|
|
@@ -287,7 +284,9 @@ class DuplicationReverter(StructuringOptimizationPass):
|
|
|
287
284
|
break
|
|
288
285
|
|
|
289
286
|
if new_target is None:
|
|
290
|
-
|
|
287
|
+
_l.debug("Unable to correct a predecessor, this is a bug!")
|
|
288
|
+
self.write_graph = self.read_graph.copy()
|
|
289
|
+
return False
|
|
291
290
|
|
|
292
291
|
replacement_map[target_addr] = new_target.addr
|
|
293
292
|
self.write_graph.add_edge(orig_pred, new_target)
|
|
@@ -316,7 +315,9 @@ class DuplicationReverter(StructuringOptimizationPass):
|
|
|
316
315
|
break
|
|
317
316
|
|
|
318
317
|
if new_succ is None:
|
|
319
|
-
|
|
318
|
+
_l.debug("Unable to find the successor for block with no jump or condition!")
|
|
319
|
+
self.write_graph = self.read_graph.copy()
|
|
320
|
+
return False
|
|
320
321
|
|
|
321
322
|
self.write_graph.add_edge(orig_pred, new_succ)
|
|
322
323
|
|
|
@@ -8,8 +8,8 @@ from ailment import Const
|
|
|
8
8
|
from ailment.block import Block
|
|
9
9
|
from ailment.statement import Statement, ConditionalJump, Jump
|
|
10
10
|
|
|
11
|
-
from .errors import UnsupportedAILNodeError
|
|
12
11
|
from angr.analyses.decompiler.structuring.structurer_nodes import IncompleteSwitchCaseHeadStatement
|
|
12
|
+
from .errors import UnsupportedAILNodeError
|
|
13
13
|
|
|
14
14
|
|
|
15
15
|
_l = logging.getLogger(name=__name__)
|
|
@@ -47,8 +47,6 @@ def replace_node_in_graph(graph: nx.DiGraph, node, replace_with):
|
|
|
47
47
|
else:
|
|
48
48
|
graph.add_edge(replace_with, dst)
|
|
49
49
|
|
|
50
|
-
assert node not in graph
|
|
51
|
-
|
|
52
50
|
|
|
53
51
|
def bfs_list_blocks(start_block: Block, graph: nx.DiGraph):
|
|
54
52
|
blocks = []
|
|
@@ -112,7 +112,7 @@ class SimplifierAILEngine(
|
|
|
112
112
|
return stmt
|
|
113
113
|
|
|
114
114
|
def _handle_stmt_Call(self, stmt):
|
|
115
|
-
target = self._expr(stmt.target)
|
|
115
|
+
target = self._expr(stmt.target) if isinstance(stmt.target, ailment.Expr.Expression) else stmt.target
|
|
116
116
|
|
|
117
117
|
new_args = None
|
|
118
118
|
|
|
@@ -548,10 +548,8 @@ class InlinedStringTransformationSimplifier(OptimizationPass):
|
|
|
548
548
|
if len(preds) == 2 and len(succs) == 2 and node in preds and node in succs:
|
|
549
549
|
pred = next(iter(nn for nn in preds if nn is not node))
|
|
550
550
|
succ = next(iter(nn for nn in succs if nn is not node))
|
|
551
|
-
if (
|
|
552
|
-
self._graph.out_degree[pred] ==
|
|
553
|
-
and self._graph.in_degree[succ] == 1
|
|
554
|
-
or self._graph.out_degree[pred] == 2
|
|
551
|
+
if (self._graph.out_degree[pred] == 1 and self._graph.in_degree[succ] == 1) or (
|
|
552
|
+
self._graph.out_degree[pred] == 2
|
|
555
553
|
and self._graph.in_degree[succ] == 2
|
|
556
554
|
and self._graph.has_edge(pred, succ)
|
|
557
555
|
):
|
|
@@ -314,9 +314,6 @@ class ITERegionConverter(OptimizationPass):
|
|
|
314
314
|
|
|
315
315
|
@staticmethod
|
|
316
316
|
def _is_assigning_to_vvar(stmt: Statement) -> bool:
|
|
317
|
-
return (
|
|
318
|
-
isinstance(stmt,
|
|
319
|
-
and isinstance(stmt.dst, VirtualVariable)
|
|
320
|
-
or isinstance(stmt, Call)
|
|
321
|
-
and isinstance(stmt.ret_expr, VirtualVariable)
|
|
317
|
+
return (isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable)) or (
|
|
318
|
+
isinstance(stmt, Call) and isinstance(stmt.ret_expr, VirtualVariable)
|
|
322
319
|
)
|
|
@@ -31,14 +31,14 @@ class Case:
|
|
|
31
31
|
"""
|
|
32
32
|
|
|
33
33
|
__slots__ = (
|
|
34
|
-
"original_node",
|
|
35
|
-
"node_type",
|
|
36
|
-
"variable_hash",
|
|
37
34
|
"expr",
|
|
38
|
-
"
|
|
35
|
+
"next_addr",
|
|
36
|
+
"node_type",
|
|
37
|
+
"original_node",
|
|
39
38
|
"target",
|
|
40
39
|
"target_idx",
|
|
41
|
-
"
|
|
40
|
+
"value",
|
|
41
|
+
"variable_hash",
|
|
42
42
|
)
|
|
43
43
|
|
|
44
44
|
def __init__(
|
|
@@ -40,10 +40,16 @@ class ModSimplifierAILEngine(SimplifierAILEngine):
|
|
|
40
40
|
x_1 = operand_0
|
|
41
41
|
c_0 = operand_1.operands[1]
|
|
42
42
|
c_1 = operand_1.operands[0].operand.operands[1]
|
|
43
|
-
else:
|
|
44
|
-
assert False, "Unreachable"
|
|
45
43
|
|
|
46
|
-
|
|
44
|
+
# pylint: disable=too-many-boolean-expressions
|
|
45
|
+
if (
|
|
46
|
+
x_0 is not None
|
|
47
|
+
and x_1 is not None
|
|
48
|
+
and c_0 is not None
|
|
49
|
+
and c_1 is not None
|
|
50
|
+
and x_0.likes(x_1)
|
|
51
|
+
and c_0.value == c_1.value
|
|
52
|
+
):
|
|
47
53
|
return Expr.BinaryOp(expr.idx, "Mod", [x_0, c_0], expr.signed, **expr.tags)
|
|
48
54
|
|
|
49
55
|
if (operand_0, operand_1) != (expr.operands[0], expr.operands[1]):
|
|
@@ -125,6 +125,7 @@ class OptimizationPass(BaseOptimizationPass):
|
|
|
125
125
|
scratch: dict[str, Any] | None = None,
|
|
126
126
|
force_loop_single_exit: bool = True,
|
|
127
127
|
complete_successors: bool = False,
|
|
128
|
+
avoid_vvar_ids: set[int] | None = None,
|
|
128
129
|
**kwargs,
|
|
129
130
|
):
|
|
130
131
|
super().__init__(func)
|
|
@@ -143,6 +144,7 @@ class OptimizationPass(BaseOptimizationPass):
|
|
|
143
144
|
)
|
|
144
145
|
self._force_loop_single_exit = force_loop_single_exit
|
|
145
146
|
self._complete_successors = complete_successors
|
|
147
|
+
self._avoid_vvar_ids = avoid_vvar_ids or set()
|
|
146
148
|
|
|
147
149
|
# output
|
|
148
150
|
self.out_graph: networkx.DiGraph | None = None
|
|
@@ -268,6 +270,7 @@ class OptimizationPass(BaseOptimizationPass):
|
|
|
268
270
|
func_graph=graph,
|
|
269
271
|
use_callee_saved_regs_at_return=False,
|
|
270
272
|
gp=self._func.info.get("gp", None) if self.project.arch.name in {"MIPS32", "MIPS64"} else None,
|
|
273
|
+
avoid_vvar_ids=self._avoid_vvar_ids,
|
|
271
274
|
)
|
|
272
275
|
if simp.simplified:
|
|
273
276
|
graph = simp.func_graph
|
|
@@ -231,7 +231,7 @@ class StackCanarySimplifier(OptimizationPass):
|
|
|
231
231
|
negated = False
|
|
232
232
|
condition = stmt.condition
|
|
233
233
|
if isinstance(condition, ailment.Expr.BinaryOp) and (
|
|
234
|
-
not negated and condition.op == "CmpEQ" or negated and condition.op == "CmpNE"
|
|
234
|
+
(not negated and condition.op == "CmpEQ") or (negated and condition.op == "CmpNE")
|
|
235
235
|
):
|
|
236
236
|
pass
|
|
237
237
|
else:
|
|
@@ -255,8 +255,10 @@ class StackCanarySimplifier(OptimizationPass):
|
|
|
255
255
|
op0 = op0_v
|
|
256
256
|
|
|
257
257
|
if not (
|
|
258
|
-
|
|
259
|
-
|
|
258
|
+
(
|
|
259
|
+
self._is_stack_canary_load_expr(op0, self.project.arch.bits, canary_value_stack_offset)
|
|
260
|
+
and self._is_random_number_load_expr(op1, self.project.arch.get_register_offset("fs"))
|
|
261
|
+
)
|
|
260
262
|
or (
|
|
261
263
|
self._is_stack_canary_load_expr(op1, self.project.arch.bits, canary_value_stack_offset)
|
|
262
264
|
and self._is_random_number_load_expr(op0, self.project.arch.get_register_offset("fs"))
|
|
@@ -270,8 +272,10 @@ class StackCanarySimplifier(OptimizationPass):
|
|
|
270
272
|
):
|
|
271
273
|
# a == b
|
|
272
274
|
if not (
|
|
273
|
-
|
|
274
|
-
|
|
275
|
+
(
|
|
276
|
+
self._is_stack_canary_load_expr(expr0, self.project.arch.bits, canary_value_stack_offset)
|
|
277
|
+
and self._is_random_number_load_expr(expr1, self.project.arch.get_register_offset("fs"))
|
|
278
|
+
)
|
|
275
279
|
or (
|
|
276
280
|
self._is_stack_canary_load_expr(expr1, self.project.arch.bits, canary_value_stack_offset)
|
|
277
281
|
and self._is_random_number_load_expr(expr0, self.project.arch.get_register_offset("fs"))
|
|
@@ -12,9 +12,9 @@ class PeepholeOptimizationStmtBase:
|
|
|
12
12
|
"""
|
|
13
13
|
|
|
14
14
|
__slots__ = (
|
|
15
|
-
"project",
|
|
16
|
-
"kb",
|
|
17
15
|
"func_addr",
|
|
16
|
+
"kb",
|
|
17
|
+
"project",
|
|
18
18
|
)
|
|
19
19
|
project: Project | None
|
|
20
20
|
kb: KnowledgeBase | None
|
|
@@ -39,9 +39,9 @@ class PeepholeOptimizationMultiStmtBase:
|
|
|
39
39
|
"""
|
|
40
40
|
|
|
41
41
|
__slots__ = (
|
|
42
|
-
"project",
|
|
43
|
-
"kb",
|
|
44
42
|
"func_addr",
|
|
43
|
+
"kb",
|
|
44
|
+
"project",
|
|
45
45
|
)
|
|
46
46
|
project: Project | None
|
|
47
47
|
kb: KnowledgeBase | None
|
|
@@ -66,9 +66,9 @@ class PeepholeOptimizationExprBase:
|
|
|
66
66
|
"""
|
|
67
67
|
|
|
68
68
|
__slots__ = (
|
|
69
|
-
"project",
|
|
70
|
-
"kb",
|
|
71
69
|
"func_addr",
|
|
70
|
+
"kb",
|
|
71
|
+
"project",
|
|
72
72
|
)
|
|
73
73
|
project: Project | None
|
|
74
74
|
kb: KnowledgeBase | None
|
|
@@ -63,8 +63,8 @@ class ExpressionLocation(LocationBase):
|
|
|
63
63
|
__slots__ = (
|
|
64
64
|
"block_addr",
|
|
65
65
|
"block_idx",
|
|
66
|
-
"stmt_idx",
|
|
67
66
|
"expr_idx",
|
|
67
|
+
"stmt_idx",
|
|
68
68
|
)
|
|
69
69
|
|
|
70
70
|
def __init__(self, block_addr, block_idx, stmt_idx, expr_idx):
|
|
@@ -94,8 +94,8 @@ class ExpressionLocation(LocationBase):
|
|
|
94
94
|
|
|
95
95
|
class ConditionLocation(LocationBase):
|
|
96
96
|
__slots__ = (
|
|
97
|
-
"node_addr",
|
|
98
97
|
"case_idx",
|
|
98
|
+
"node_addr",
|
|
99
99
|
)
|
|
100
100
|
|
|
101
101
|
def __init__(self, cond_node_addr, case_idx: int | None = None):
|
|
@@ -171,8 +171,8 @@ class ExpressionUseFinder(AILBlockWalker):
|
|
|
171
171
|
"""
|
|
172
172
|
|
|
173
173
|
__slots__ = (
|
|
174
|
-
"uses",
|
|
175
174
|
"has_load",
|
|
175
|
+
"uses",
|
|
176
176
|
)
|
|
177
177
|
|
|
178
178
|
def __init__(self):
|
|
@@ -39,11 +39,11 @@ class ConditionalRegion:
|
|
|
39
39
|
"""
|
|
40
40
|
|
|
41
41
|
__slots__ = (
|
|
42
|
-
"variable",
|
|
43
|
-
"op",
|
|
44
|
-
"value",
|
|
45
42
|
"node",
|
|
43
|
+
"op",
|
|
46
44
|
"parent",
|
|
45
|
+
"value",
|
|
46
|
+
"variable",
|
|
47
47
|
)
|
|
48
48
|
|
|
49
49
|
def __init__(self, variable, op: CmpOp, value: int, node: ConditionNode | ailment.Block, parent=None):
|
|
@@ -63,9 +63,9 @@ class SwitchCaseRegion:
|
|
|
63
63
|
"""
|
|
64
64
|
|
|
65
65
|
__slots__ = (
|
|
66
|
-
"variable",
|
|
67
66
|
"node",
|
|
68
67
|
"parent",
|
|
68
|
+
"variable",
|
|
69
69
|
)
|
|
70
70
|
|
|
71
71
|
def __init__(self, variable, node: SwitchCaseNode, parent=None):
|
|
@@ -195,18 +195,14 @@ def is_simple_jump_node(node, case_addrs, targets: set[int] | None = None) -> bo
|
|
|
195
195
|
targets.add(stmt.target.value)
|
|
196
196
|
elif isinstance(stmt, ailment.Stmt.ConditionalJump):
|
|
197
197
|
ok = False
|
|
198
|
-
if (
|
|
199
|
-
stmt.true_target
|
|
200
|
-
or isinstance(stmt.true_target, ailment.Expr.Const)
|
|
201
|
-
and stmt.true_target.value in case_addrs
|
|
198
|
+
if stmt.true_target is None or (
|
|
199
|
+
isinstance(stmt.true_target, ailment.Expr.Const) and stmt.true_target.value in case_addrs
|
|
202
200
|
):
|
|
203
201
|
ok = True
|
|
204
202
|
if stmt.true_target is not None and targets is not None:
|
|
205
203
|
targets.add(stmt.true_target.value)
|
|
206
|
-
if (
|
|
207
|
-
stmt.false_target
|
|
208
|
-
or isinstance(stmt.false_target, ailment.Expr.Const)
|
|
209
|
-
and stmt.false_target.value in case_addrs
|
|
204
|
+
if stmt.false_target is None or (
|
|
205
|
+
isinstance(stmt.false_target, ailment.Expr.Const) and stmt.false_target.value in case_addrs
|
|
210
206
|
):
|
|
211
207
|
ok = True
|
|
212
208
|
if stmt.false_target is not None and targets is not None:
|
|
@@ -362,8 +362,8 @@ class SimEngineSSARewriting(
|
|
|
362
362
|
return ITE(
|
|
363
363
|
expr.idx,
|
|
364
364
|
expr.cond if new_cond is None else new_cond,
|
|
365
|
-
expr.iftrue if new_iftrue is None else new_iftrue,
|
|
366
365
|
expr.iffalse if new_iffalse is None else new_iffalse,
|
|
366
|
+
expr.iftrue if new_iftrue is None else new_iftrue,
|
|
367
367
|
**expr.tags,
|
|
368
368
|
)
|
|
369
369
|
return None
|
|
@@ -14,12 +14,12 @@ from .dummy import DummyStructuredCodeGenerator
|
|
|
14
14
|
|
|
15
15
|
__all__ = (
|
|
16
16
|
"BaseStructuredCodeGenerator",
|
|
17
|
-
"InstructionMapping",
|
|
18
|
-
"InstructionMappingElement",
|
|
19
|
-
"PositionMappingElement",
|
|
20
|
-
"PositionMapping",
|
|
21
17
|
"CStructuredCodeGenerator",
|
|
22
18
|
"CStructuredCodeWalker",
|
|
23
|
-
"ImportSourceCode",
|
|
24
19
|
"DummyStructuredCodeGenerator",
|
|
20
|
+
"ImportSourceCode",
|
|
21
|
+
"InstructionMapping",
|
|
22
|
+
"InstructionMappingElement",
|
|
23
|
+
"PositionMapping",
|
|
24
|
+
"PositionMappingElement",
|
|
25
25
|
)
|
|
@@ -9,7 +9,7 @@ from angr.sim_variable import SimVariable
|
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
class PositionMappingElement:
|
|
12
|
-
__slots__ = ("
|
|
12
|
+
__slots__ = ("length", "obj", "start")
|
|
13
13
|
|
|
14
14
|
def __init__(self, start, length, obj):
|
|
15
15
|
self.start: int = start
|
|
@@ -20,7 +20,7 @@ class PositionMappingElement:
|
|
|
20
20
|
return self.start <= offset < self.start + self.length
|
|
21
21
|
|
|
22
22
|
def __repr__(self):
|
|
23
|
-
return "
|
|
23
|
+
return f"<{self.start}-{self.start + self.length}: {self.obj}>"
|
|
24
24
|
|
|
25
25
|
|
|
26
26
|
class PositionMapping:
|
|
@@ -79,7 +79,7 @@ class InstructionMappingElement:
|
|
|
79
79
|
return self.ins_addr == offset
|
|
80
80
|
|
|
81
81
|
def __repr__(self):
|
|
82
|
-
return "
|
|
82
|
+
return f"<{self.ins_addr}: {self.posmap_pos}>"
|
|
83
83
|
|
|
84
84
|
|
|
85
85
|
class InstructionMapping:
|