angr 9.2.132__py3-none-manylinux2014_x86_64.whl → 9.2.133__py3-none-manylinux2014_x86_64.whl

angr/analyses/cfg/indirect_jump_resolvers/jumptable.py

@@ -143,10 +143,10 @@ class ConstantValueManager:
     """
 
     __slots__ = (
-        "project",
-        "kb",
         "func",
+        "kb",
         "mapping",
+        "project",
     )
 
     def __init__(self, project: Project, kb, func: Function):
@@ -240,13 +240,13 @@ class JumpTableProcessorState:
     """
 
     __slots__ = (
-        "arch",
         "_registers",
         "_stack",
         "_tmpvar_source",
+        "arch",
         "is_jumptable",
-        "stmts_to_instrument",
         "regs_to_initialize",
+        "stmts_to_instrument",
     )
 
     def __init__(self, arch):
@@ -2175,10 +2175,12 @@ class JumpTableResolver(IndirectJumpResolver):
                 stmt_taken = i in stmt_ids
                 display = stmt_taken if in_slice_stmts_only else True
                 if display:
-                    s = "%s %x:%02d | " % ("+" if stmt_taken else " ", addr, i)
-                    s += f"{stmt.pp_str(arch=self.project.arch, tyenv=irsb.tyenv)} "
+                    s = (
+                        f"{'+' if stmt_taken else ' '} {addr:x}:{i:02d} | "
+                        f"{stmt.pp_str(arch=self.project.arch, tyenv=irsb.tyenv)} "
+                    )
                     if stmt_taken:
-                        s += "IN: %d" % blade.slice.in_degree((addr, i))
+                        s += f"IN: {blade.slice.in_degree((addr, i))}"
                     print(s)
 
             # the default exit

angr/analyses/data_dep/__init__.py

@@ -5,12 +5,12 @@ from .dep_nodes import DepNodeTypes, BaseDepNode, VarDepNode, MemDepNode, Consta
 
 
 __all__ = (
+    "BaseDepNode",
+    "ConstantDepNode",
     "DataDependencyGraphAnalysis",
     "DepNodeTypes",
-    "BaseDepNode",
-    "VarDepNode",
     "MemDepNode",
-    "ConstantDepNode",
-    "TmpDepNode",
     "RegDepNode",
+    "TmpDepNode",
+    "VarDepNode",
 )

angr/analyses/datagraph_meta.py

@@ -51,7 +51,7 @@ class DataGraphMeta:
         pp = []
         for stmt in e:
             # true case is a SimProcedure
-            s = "(0x%x, %d)" % (stmt[0], stmt[1]) if imarks is False or stmt[1] == -1 else f"[0x{self._imarks[stmt]:x}]"
+            s = f"(0x{stmt[0]:x}, {stmt[1]})" if imarks is False or stmt[1] == -1 else f"[0x{self._imarks[stmt]:x}]"
             pp.append(s)
 
         print(pp[0] + " -> " + pp[1] + " : " + str(data))

angr/analyses/ddg.py

@@ -95,7 +95,7 @@ class DDGJob:
         self.call_depth = call_depth
 
     def __repr__(self):
-        return "<DDGJob %s, call_depth %d>" % (self.cfg_node, self.call_depth)
+        return f"<DDGJob {self.cfg_node}, call_depth {self.call_depth}>"
 
 
 class LiveDefinitions:
@@ -342,11 +342,7 @@ class DDGViewItem:
         return None
 
     def __repr__(self):
-        return "[%s, %d dependents, depends on %d]" % (
-            self._variable,
-            len(self.dependents),
-            len(self.depends_on),
-        )
+        return f"[{self._variable}, {len(self.dependents)} dependents, depends on {len(self.depends_on)}]"
 
     def __eq__(self, other):
         return (

angr/analyses/decompiler/__init__.py

@@ -20,22 +20,22 @@ StructuredCodeGenerator = CStructuredCodeGenerator
 
 
 __all__ = (
-    "RegionIdentifier",
+    "DECOMPILATION_PRESETS",
+    "AILSimplifier",
+    "BlockSimplifier",
     "CStructuredCodeGenerator",
-    "ImportSourceCode",
+    "CallSiteMaker",
     "Clinic",
-    "RegionSimplifier",
     "Decompiler",
-    "options",
-    "options_by_category",
-    "BlockSimplifier",
-    "CallSiteMaker",
-    "AILSimplifier",
-    "Ssailification",
     "GraphDephication",
+    "ImportSourceCode",
+    "RegionIdentifier",
+    "RegionSimplifier",
     "SeqNodeDephication",
-    "DECOMPILATION_PRESETS",
-    "structuring",
-    "optimization_passes",
+    "Ssailification",
     "StructuredCodeGenerator",
+    "optimization_passes",
+    "options",
+    "options_by_category",
+    "structuring",
 )

angr/analyses/decompiler/ail_simplifier.py

@@ -97,6 +97,7 @@ class AILSimplifier(Analysis):
         rewrite_ccalls=True,
         removed_vvar_ids: set[int] | None = None,
         arg_vvars: dict[int, tuple[VirtualVariable, SimVariable]] | None = None,
+        avoid_vvar_ids: set[int] | None = None,
     ):
         self.func = func
         self.func_graph = func_graph if func_graph is not None else func.graph
@@ -115,6 +116,7 @@ class AILSimplifier(Analysis):
         self._should_rewrite_ccalls = rewrite_ccalls
         self._removed_vvar_ids = removed_vvar_ids if removed_vvar_ids is not None else set()
         self._arg_vvars = arg_vvars
+        self._avoid_vvar_ids = avoid_vvar_ids
 
         self._calls_to_remove: set[CodeLocation] = set()
         self._assignments_to_remove: set[CodeLocation] = set()
@@ -552,7 +554,9 @@ class AILSimplifier(Analysis):
             if (
                 first_op.op == "And"
                 and isinstance(first_op.operands[1], Const)
-                and (second_op is None or isinstance(second_op, BinaryOp) and isinstance(second_op.operands[1], Const))
+                and (
+                    second_op is None or (isinstance(second_op, BinaryOp) and isinstance(second_op.operands[1], Const))
+                )
             ):
                 mask = first_op.operands[1].value
                 if mask == 0xFF:
@@ -615,6 +619,17 @@ class AILSimplifier(Analysis):
                 stmt.ins_addr for stmt in block.statements
             }.intersection(insn_addrs_using_stack_args)
 
+            # remove virtual variables in the avoid list
+            if self._avoid_vvar_ids:
+                filtered_reps = {}
+                for loc, rep_dict in reps.items():
+                    filtered_reps[loc] = {
+                        k: v
+                        for k, v in rep_dict.items()
+                        if not (isinstance(k, VirtualVariable) and k.varid in self._avoid_vvar_ids)
+                    }
+                reps = filtered_reps
+
             r, new_block = BlockSimplifier._replace_and_build(block, reps, gp=self._gp, replace_loads=replace_loads)
             replaced |= r
             self.blocks[block] = new_block
@@ -748,10 +763,8 @@ class AILSimplifier(Analysis):
                 # the definition is in a callee function
                 continue
 
-            if (
-                isinstance(the_def.codeloc, ExternalCodeLocation)
-                or isinstance(eq.atom1, VirtualVariable)
-                and eq.atom1.was_parameter
+            if isinstance(the_def.codeloc, ExternalCodeLocation) or (
+                isinstance(eq.atom1, VirtualVariable) and eq.atom1.was_parameter
             ):
                 # this is a function argument. we enter a slightly different logic and try to eliminate copies of this
                 # argument if
@@ -765,10 +778,8 @@ class AILSimplifier(Analysis):
 
                 if defs and len(defs) == 1:
                     arg_copy_def = defs[0]
-                    if (
-                        isinstance(arg_copy_def.atom, atoms.VirtualVariable)
-                        and arg_copy_def.atom.was_stack
-                        or (isinstance(arg_copy_def.atom, atoms.VirtualVariable) and arg_copy_def.atom.was_reg)
+                    if (isinstance(arg_copy_def.atom, atoms.VirtualVariable) and arg_copy_def.atom.was_stack) or (
+                        isinstance(arg_copy_def.atom, atoms.VirtualVariable) and arg_copy_def.atom.was_reg
                     ):
                         # found the copied definition (either a stack variable or a register variable)
 
@@ -919,7 +930,7 @@ class AILSimplifier(Analysis):
                             continue
                         block = addr_and_idx_to_block[(use_loc.block_addr, use_loc.block_idx)]
                         stmt = block.statements[use_loc.stmt_idx]
-                        if isinstance(stmt, Assignment) or isinstance(replace_with, Load) and isinstance(stmt, Store):
+                        if isinstance(stmt, Assignment) or (isinstance(replace_with, Load) and isinstance(stmt, Store)):
                             assignment_ctr += 1
                     if assignment_ctr > 1:
                         continue

angr/analyses/decompiler/block_similarity.py

@@ -127,10 +127,8 @@ def _kmp_search_ail_obj(search_pattern, stmt_seq, graph=None, partial=True):
     start_pos = 0
     match_len = 0
     for c in stmt_seq:
-        while (
-            match_len == len(search_pattern)
-            or match_len >= 0
-            and not is_similar(search_pattern[match_len], c, graph=graph, partial=partial)
+        while match_len == len(search_pattern) or (
+            match_len >= 0 and not is_similar(search_pattern[match_len], c, graph=graph, partial=partial)
         ):
             start_pos += shifts[match_len]
             match_len -= shifts[match_len]

angr/analyses/decompiler/callsite_maker.py

@@ -392,7 +392,7 @@ class CallSiteMaker(Analysis):
         return s
 
     def _determine_variadic_arguments(self, func: Function | None, cc: SimCC, call_stmt) -> int | None:
-        if func is not None and "printf" in func.name or "scanf" in func.name:
+        if (func is not None and "printf" in func.name) or "scanf" in func.name:
             return self._determine_variadic_arguments_for_format_strings(func, cc, call_stmt)
         return None
 

angr/analyses/decompiler/ccall_rewriters/rewriter_base.py

@@ -8,8 +8,8 @@ class CCallRewriterBase:
     """
 
     __slots__ = (
-        "result",
         "arch",
+        "result",
     )
 
     def __init__(self, ccall: ailment.Expr.VEXCCallExpression, arch):

angr/analyses/decompiler/clinic.py

@@ -600,7 +600,7 @@ class Clinic(Analysis):
             arg_list.append(arg_vvars[idx][1])
 
         # Get virtual variable mapping that can de-phi the SSA representation
-        vvar2vvar = self._collect_dephi_vvar_mapping_and_rewrite_blocks(ail_graph)
+        vvar2vvar, copied_vvar_ids = self._collect_dephi_vvar_mapping_and_rewrite_blocks(ail_graph, arg_vvars)
 
         # Recover variables on AIL blocks
         self._update_progress(80.0, text="Recovering variables")
@@ -608,7 +608,11 @@ class Clinic(Analysis):
 
         # Run simplification passes
         self._update_progress(85.0, text="Running simplifications 4")
-        ail_graph = self._run_simplification_passes(ail_graph, stage=OptimizationPassStage.AFTER_VARIABLE_RECOVERY)
+        ail_graph = self._run_simplification_passes(
+            ail_graph,
+            stage=OptimizationPassStage.AFTER_VARIABLE_RECOVERY,
+            avoid_vvar_ids=copied_vvar_ids,
+        )
 
         # Make function prototype
         self._update_progress(90.0, text="Making function prototype")
@@ -1389,16 +1393,19 @@ class Clinic(Analysis):
         return ssailification.out_graph
 
     @timethis
-    def _collect_dephi_vvar_mapping_and_rewrite_blocks(self, ail_graph: networkx.DiGraph) -> dict[int, int]:
+    def _collect_dephi_vvar_mapping_and_rewrite_blocks(
+        self, ail_graph: networkx.DiGraph, arg_vvars: dict[int, tuple[ailment.Expr.VirtualVariable, SimVariable]]
+    ) -> tuple[dict[int, int], set[int]]:
         dephication = self.project.analyses.GraphDephicationVVarMapping(
             self.function,
             ail_graph,
             fail_fast=self._fail_fast,
             entry=next(iter(bb for bb in ail_graph if (bb.addr, bb.idx) == self.entry_node_addr)),
             vvar_id_start=self.vvar_id_start,
+            arg_vvars=[arg_vvar for arg_vvar, _ in arg_vvars.values()],
         )
         self.vvar_id_start = dephication.vvar_id_start + 1
-        return dephication.vvar_to_vvar_mapping
+        return dephication.vvar_to_vvar_mapping, dephication.copied_vvar_ids
 
     @timethis
     def _make_argument_list(self) -> list[SimVariable]:
@@ -1412,7 +1419,7 @@ class Clinic(Analysis):
                         argvar = SimRegisterVariable(
                             self.project.arch.registers[arg.reg_name][0],
                             arg.size,
-                            ident="arg_%d" % idx,
+                            ident=f"arg_{idx}",
                             name=arg_names[idx],
                             region=self.function.addr,
                         )
@@ -1421,13 +1428,13 @@ class Clinic(Analysis):
                             arg.stack_offset,
                             arg.size,
                             base="bp",
-                            ident="arg_%d" % idx,
+                            ident=f"arg_{idx}",
                             name=arg_names[idx],
                             region=self.function.addr,
                         )
                     else:
                         argvar = SimVariable(
-                            ident="arg_%d" % idx,
+                            ident=f"arg_{idx}",
                             name=arg_names[idx],
                             region=self.function.addr,
                             size=arg.size,

angr/analyses/decompiler/condition_processor.py

@@ -113,41 +113,53 @@ _ail2claripy_op_mapping = {
     "LogicalOr": lambda expr, conv, _, ia: claripy.Or(
         conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
     ),
-    "CmpEQ": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) == conv(expr.operands[1], ins_addr=ia),
-    "CmpNE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) != conv(expr.operands[1], ins_addr=ia),
-    "CmpLE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) <= conv(expr.operands[1], ins_addr=ia),
+    "CmpEQ": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    == conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "CmpNE": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    != conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "CmpLE": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    <= conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CmpLE (signed)": lambda expr, conv, _, ia: claripy.SLE(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CmpLT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) < conv(expr.operands[1], ins_addr=ia),
+    "CmpLT": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    < conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CmpLT (signed)": lambda expr, conv, _, ia: claripy.SLT(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CmpGE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) >= conv(expr.operands[1], ins_addr=ia),
+    "CmpGE": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    >= conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CmpGE (signed)": lambda expr, conv, _, ia: claripy.SGE(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CmpGT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) > conv(expr.operands[1], ins_addr=ia),
+    "CmpGT": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    > conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CmpGT (signed)": lambda expr, conv, _, ia: claripy.SGT(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CasCmpEQ": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) == conv(expr.operands[1], ins_addr=ia),
-    "CasCmpNE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) != conv(expr.operands[1], ins_addr=ia),
-    "CasCmpLE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) <= conv(expr.operands[1], ins_addr=ia),
+    "CasCmpEQ": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    == conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "CasCmpNE": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    != conv(expr.operands[1], nobool=True, ins_addr=ia),
+    "CasCmpLE": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    <= conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CasCmpLE (signed)": lambda expr, conv, _, ia: claripy.SLE(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CasCmpLT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) < conv(expr.operands[1], ins_addr=ia),
+    "CasCmpLT": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    < conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CasCmpLT (signed)": lambda expr, conv, _, ia: claripy.SLT(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CasCmpGE": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) >= conv(expr.operands[1], ins_addr=ia),
+    "CasCmpGE": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    >= conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CasCmpGE (signed)": lambda expr, conv, _, ia: claripy.SGE(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
-    "CasCmpGT": lambda expr, conv, _, ia: conv(expr.operands[0], ins_addr=ia) > conv(expr.operands[1], ins_addr=ia),
+    "CasCmpGT": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
+    > conv(expr.operands[1], nobool=True, ins_addr=ia),
     "CasCmpGT (signed)": lambda expr, conv, _, ia: claripy.SGT(
-        conv(expr.operands[0], ins_addr=ia), conv(expr.operands[1], ins_addr=ia)
+        conv(expr.operands[0], nobool=True, ins_addr=ia), conv(expr.operands[1], nobool=True, ins_addr=ia)
     ),
     "Add": lambda expr, conv, _, ia: conv(expr.operands[0], nobool=True, ins_addr=ia)
     + conv(expr.operands[1], nobool=True, ins_addr=ia),
@@ -802,9 +814,13 @@ class ConditionProcessor:
             f"Condition variable {cond} has an unsupported operator {cond.op}. Consider implementing."
         )
 
-    def claripy_ast_from_ail_condition(self, condition, nobool: bool = False, *, ins_addr: int = 0) -> claripy.ast.Bool:
+    def claripy_ast_from_ail_condition(
+        self, condition, nobool: bool = False, *, ins_addr: int = 0
+    ) -> claripy.ast.Bool | claripy.ast.Bits:
         # Unpack a condition all the way to the leaves
-        if isinstance(condition, claripy.ast.Base):  # pylint:disable=isinstance-second-argument-not-valid-type
+        if isinstance(
+            condition, (claripy.ast.Bits, claripy.ast.Bool)
+        ):  # pylint:disable=isinstance-second-argument-not-valid-type
             return condition
 
         if isinstance(
@@ -832,11 +848,11 @@ class ConditionProcessor:
             # convert is special. if it generates a 1-bit variable, it should be treated as a BoolS
             if condition.to_bits == 1:
                 var_ = self.claripy_ast_from_ail_condition(condition.operands[0], ins_addr=ins_addr)
-                name = "ailcond_Conv(%d->%d, %d)" % (condition.from_bits, condition.to_bits, hash(var_))
+                name = f"ailcond_Conv({condition.from_bits}->{condition.to_bits}, {hash(var_)})"
                 var = claripy.BoolS(name, explicit_name=True)
             else:
                 var_ = self.claripy_ast_from_ail_condition(condition.operands[0], ins_addr=ins_addr)
-                name = "ailexpr_Conv(%d->%d, %d)" % (condition.from_bits, condition.to_bits, hash(var_))
+                name = f"ailexpr_Conv({condition.from_bits}->{condition.to_bits}, {hash(var_)})"
                 var = claripy.BVS(name, condition.to_bits, explicit_name=True)
             self._condition_mapping[var.args[0]] = condition
             return var
@@ -851,17 +867,17 @@ class ConditionProcessor:
         if isinstance(condition, ailment.Expr.Tmp):
             l.warning("Left-over ailment.Tmp variable %s.", condition)
             if condition.bits == 1:
-                var = claripy.BoolS("ailtmp_%d" % condition.tmp_idx, explicit_name=True)
+                var = claripy.BoolS(f"ailtmp_{condition.tmp_idx}", explicit_name=True)
             else:
-                var = claripy.BVS("ailtmp_%d" % condition.tmp_idx, condition.bits, explicit_name=True)
+                var = claripy.BVS(f"ailtmp_{condition.tmp_idx}", condition.bits, explicit_name=True)
             self._condition_mapping[var.args[0]] = condition
             return var
         if isinstance(condition, ailment.Expr.MultiStatementExpression):
             # just cache it
             if condition.bits == 1:
-                var = claripy.BoolS("mstmtexpr_%d" % hash(condition), explicit_name=True)
+                var = claripy.BoolS(f"mstmtexpr_{hash(condition)}", explicit_name=True)
             else:
-                var = claripy.BVS("mstmtexpr_%d" % hash(condition), condition.bits, explicit_name=True)
+                var = claripy.BVS(f"mstmtexpr_{hash(condition)}", condition.bits, explicit_name=True)
             self._condition_mapping[var.args[0]] = condition
             return var
 
@@ -885,7 +901,7 @@ class ConditionProcessor:
             self._condition_mapping[r.args[0]] = condition
 
         if r is NotImplemented:
-            if condition.bits == 1:
+            if condition.bits == 1 and not nobool:
                 r = claripy.BoolS(f"ailexpr_{condition!r}", explicit_name=True)
             else:
                 r = claripy.BVS(f"ailexpr_{condition!r}", condition.bits, explicit_name=True)

angr/analyses/decompiler/counters/__init__.py

@@ -7,10 +7,10 @@ from .expression_counters import SingleExpressionCounter, RegisterExpressionCoun
 
 
 __all__ = (
-    "BooleanCounter",
     "AILBlockCallCounter",
+    "BooleanCounter",
     "ControlFlowStructureCounter",
-    "SingleExpressionCounter",
-    "RegisterExpressionCounter",
     "OperatorCounter",
+    "RegisterExpressionCounter",
+    "SingleExpressionCounter",
 )

angr/analyses/decompiler/decompilation_cache.py

@@ -14,16 +14,16 @@ class DecompilationCache:
     """
 
     __slots__ = (
-        "parameters",
         "addr",
-        "type_constraints",
-        "func_typevar",
-        "var_to_typevar",
-        "codegen",
-        "clinic",
-        "ite_exprs",
         "binop_operators",
+        "clinic",
+        "codegen",
         "errors",
+        "func_typevar",
+        "ite_exprs",
+        "parameters",
+        "type_constraints",
+        "var_to_typevar",
     )
 
     def __init__(self, addr):

angr/analyses/decompiler/dephication/__init__.py

@@ -3,4 +3,4 @@ from .graph_vvar_mapping import GraphDephicationVVarMapping
 from .graph_dephication import GraphDephication
 from .seqnode_dephication import SeqNodeDephication
 
-__all__ = ["GraphDephicationVVarMapping", "GraphDephication", "SeqNodeDephication"]
+__all__ = ["GraphDephication", "GraphDephicationVVarMapping", "SeqNodeDephication"]

angr/analyses/decompiler/dephication/graph_vvar_mapping.py

@@ -10,7 +10,7 @@ from angr.analyses import Analysis
 from angr.analyses.s_reaching_definitions import SRDAModel
 from angr.knowledge_plugins.functions import Function
 from angr.analyses import register_analysis
-from angr.utils.ssa import is_phi_assignment
+from angr.utils.ssa import is_phi_assignment, DEPHI_VVAR_REG_OFFSET
 
 l = logging.getLogger(name=__name__)
 
@@ -30,6 +30,7 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
         ail_graph,
         entry=None,
         vvar_id_start: int = 0,
+        arg_vvars: list[VirtualVariable] | None = None,
     ):
         """
         :param func:                            The subject of the analysis: a function, or a single basic block
@@ -49,8 +50,10 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
         self._vvar_defloc = {}
         self.vvar_id_start = vvar_id_start
         self._stmts_to_prepend = defaultdict(list)
+        self._arg_vvars = arg_vvars or []
 
         self.vvar_to_vvar_mapping = None
+        self.copied_vvar_ids: set[int] = set()
         self._rd: SRDAModel = self.project.analyses.SReachingDefinitions(
             subject=self._function, func_graph=self._graph
         ).model
@@ -74,7 +77,9 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
                 phi_congruence_class[varid] = {varid}
 
         # compute liveness
-        liveness = self.project.analyses.SLiveness(self._function, func_graph=self._graph, entry=self._entry)
+        liveness = self.project.analyses.SLiveness(
+            self._function, func_graph=self._graph, entry=self._entry, arg_vvars=self._arg_vvars
+        )
 
         live_ins = liveness.model.live_ins
         live_outs = liveness.model.live_outs
@@ -136,6 +141,8 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
 
                 if insertion_type == 0:
                     for src, old_vvar_id, new_vvar_id in new_vvar_ids:
+                        self.copied_vvar_ids.add(new_vvar_id)
+
                         phi_congruence_class[new_vvar_id] = {new_vvar_id}
                         live_outs[src].add(new_vvar_id)
 
@@ -153,6 +160,7 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
 
                 else:  # insertion_type == 1
                     phi_block_loc, old_phi_varid, new_phi_varid = next(iter(new_vvar_ids))
+                    self.copied_vvar_ids.add(new_phi_varid)
 
                     phi_congruence_class[new_phi_varid] = {new_phi_varid}
 
@@ -217,7 +225,7 @@ class GraphDephicationVVarMapping(Analysis):  # pylint:disable=abstract-method
                     # it's a parameter, so we copy the variable into a dummy register vvar
                     # a parameter vvar should never be assigned to
                     new_category = VirtualVariableCategory.REGISTER
-                    new_oident = 4096
+                    new_oident = DEPHI_VVAR_REG_OFFSET
                 else:
                     new_category = vvar.category
                     new_oident = vvar.oident

angr/analyses/decompiler/expression_narrower.py

@@ -31,7 +31,7 @@ class ExprNarrowingInfo:
     Stores the analysis result of _narrowing_needed().
     """
 
-    __slots__ = ("narrowable", "to_size", "use_exprs", "phi_vars")
+    __slots__ = ("narrowable", "phi_vars", "to_size", "use_exprs")
 
     def __init__(
         self,

angr/analyses/decompiler/graph_region.py

@@ -23,15 +23,15 @@ class GraphRegion:
     """
 
     __slots__ = (
-        "head",
-        "graph",
-        "successors",
-        "graph_with_successors",
-        "cyclic",
-        "full_graph",
-        "cyclic_ancestor",
         "_node_to_replaced_regions",
         "_replaced_regions",
+        "cyclic",
+        "cyclic_ancestor",
+        "full_graph",
+        "graph",
+        "graph_with_successors",
+        "head",
+        "successors",
     )
 
     def __init__(
@@ -74,7 +74,7 @@ class GraphRegion:
         if addrs:
             s = f": {min(addrs):#x}-{max(addrs):#x}"
 
-        return "<GraphRegion %r of %d nodes%s>" % (self.head, self.graph.number_of_nodes(), s)
+        return f"<GraphRegion {self.head!r} of {self.graph.number_of_nodes()} nodes{s}>"
 
     def copy(self) -> GraphRegion:
         return GraphRegion(