angr 9.2.134__py3-none-win_amd64.whl → 9.2.136__py3-none-win_amd64.whl

{angr-9.2.134.dist-info → angr-9.2.136.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.6.0)
+Generator: setuptools (75.7.0)
 Root-Is-Purelib: true
 Tag: py3-none-win_amd64
 

angr/analyses/propagator/outdated_definition_walker.py

@@ -1,159 +0,0 @@
-# pylint:disable=consider-using-in
-from __future__ import annotations
-from typing import TYPE_CHECKING
-from collections.abc import Callable
-
-from ailment import Block, Stmt, Expr, AILBlockWalker
-
-from angr.code_location import CodeLocation
-from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE, OP_AFTER
-from angr.knowledge_plugins.key_definitions import atoms
-
-if TYPE_CHECKING:
-    from archinfo import Arch
-    from .propagator import PropagatorAILState
-    from angr.analyses.reaching_definitions import ReachingDefinitionsModel
-
-
-class OutdatedDefinitionWalker(AILBlockWalker):
-    """
-    Walks an AIL expression to find outdated definitions.
-    """
-
-    def __init__(
-        self,
-        expr,
-        expr_defat: CodeLocation,
-        current_loc: CodeLocation,
-        state: PropagatorAILState,
-        arch: Arch,
-        avoid: Expr.Expression | None = None,
-        extract_offset_to_sp: Callable | None = None,
-        rda: ReachingDefinitionsModel = None,
-    ):
-        super().__init__()
-        self.expr = expr
-        self.expr_defat = expr_defat
-        self.current_loc = current_loc
-        self.state = state
-        self.avoid = avoid
-        self.arch = arch
-        self.extract_offset_to_sp = extract_offset_to_sp
-        self.expr_handlers[Expr.Register] = self._handle_Register
-        self.expr_handlers[Expr.Load] = self._handle_Load
-        self.expr_handlers[Expr.Tmp] = self._handle_Tmp
-        self.expr_handlers[Expr.VEXCCallExpression] = self._handle_VEXCCallExpression
-        self.out_dated = False
-        self.has_avoid = False
-        self.rda = rda
-
-    # pylint:disable=unused-argument
-    def _handle_Tmp(self, expr_idx: int, expr: Expr.Tmp, stmt_idx: int, stmt: Stmt.Assignment, block: Block | None):
-        if self.avoid is not None and expr.likes(self.avoid):
-            self.has_avoid = True
-
-    # pylint:disable=unused-argument
-    def _handle_Register(
-        self, expr_idx: int, expr: Expr.Register, stmt_idx: int, stmt: Stmt.Assignment, block: Block | None
-    ):
-        if (
-            self.avoid is not None
-            and isinstance(self.avoid, Expr.Register)
-            and (expr.likes(self.avoid) or self._reg_overlap(expr, self.avoid))
-        ):
-            self.has_avoid = True
-
-        # is the used register still alive at this point?
-        defs_defat = self.rda.get_defs(atoms.Register(expr.reg_offset, expr.size), self.expr_defat, OP_AFTER)
-        defs_currentloc = self.rda.get_defs(atoms.Register(expr.reg_offset, expr.size), self.current_loc, OP_BEFORE)
-
-        codelocs_defat = {def_.codeloc for def_ in defs_defat}
-        codelocs_currentloc = {def_.codeloc for def_ in defs_currentloc}
-        if not (codelocs_defat and codelocs_currentloc and codelocs_defat == codelocs_currentloc):
-            self.out_dated = True
-
-    def _handle_Load(self, expr_idx: int, expr: Expr.Load, stmt_idx: int, stmt: Stmt.Statement, block: Block | None):
-        if self.avoid is not None and (expr == self.avoid or expr.addr == self.avoid):
-            self.has_avoid = True
-
-        if isinstance(expr.addr, Expr.StackBaseOffset):
-            sp_offset = self.extract_offset_to_sp(expr.addr)
-
-            if sp_offset is not None:
-                defs_defat = self.rda.get_defs(
-                    atoms.MemoryLocation(atoms.SpOffset(expr.bits, sp_offset), expr.size), self.expr_defat, OP_AFTER
-                )
-                defs_currentloc = self.rda.get_defs(
-                    atoms.MemoryLocation(atoms.SpOffset(expr.bits, sp_offset), expr.size), self.current_loc, OP_BEFORE
-                )
-
-                codelocs_defat = {def_.codeloc for def_ in defs_defat}
-                codelocs_currentloc = {def_.codeloc for def_ in defs_currentloc}
-
-                if not codelocs_defat and not codelocs_currentloc:
-                    # fallback
-                    if not self._check_store_precedes_load(self.expr_defat, self.current_loc):
-                        self.out_dated = True
-                elif not (codelocs_defat and codelocs_currentloc and codelocs_defat == codelocs_currentloc):
-                    self.out_dated = True
-
-            else:
-                # in cases where expr.addr cannot be resolved to a concrete stack offset, we play safe and assume
-                # it's outdated
-                self.out_dated = True
-
-        elif isinstance(expr.addr, Expr.Const):
-            mem_addr = expr.addr.value
-
-            defs_defat = self.rda.get_defs(atoms.MemoryLocation(mem_addr, expr.size), self.expr_defat, OP_AFTER)
-            defs_currentloc = self.rda.get_defs(atoms.MemoryLocation(mem_addr, expr.size), self.current_loc, OP_BEFORE)
-
-            codelocs_defat = {def_.codeloc for def_ in defs_defat}
-            codelocs_currentloc = {def_.codeloc for def_ in defs_currentloc}
-
-            if codelocs_defat != codelocs_currentloc:
-                self.out_dated = True
-
-        else:
-            # the address is not concrete - we check the address first
-            super()._handle_Load(expr_idx, expr, stmt_idx, stmt, block)
-            # then if the address expression is up-to-date, we check the global store
-            if not self.out_dated and (
-                (
-                    self.state.global_stores
-                    and not all(
-                        self._check_store_precedes_load(CodeLocation(store_block_addr, store_stmt_idx), self.expr_defat)
-                        for store_block_addr, store_stmt_idx, addr, store in self.state.global_stores
-                    )
-                )
-                or (
-                    self.state.last_stack_store is not None
-                    and not self._check_store_precedes_load(
-                        CodeLocation(*self.state.last_stack_store[:2]), self.expr_defat
-                    )
-                )
-            ):
-                self.out_dated = True
-
-    def _handle_VEXCCallExpression(
-        self, expr_idx: int, expr: Expr.VEXCCallExpression, stmt_idx: int, stmt: Stmt.Statement, block: Block | None
-    ):
-        if self.avoid is not None and any(op == self.avoid for op in expr.operands):
-            self.has_avoid = True
-
-        super()._handle_VEXCCallExpression(expr_idx, expr, stmt_idx, stmt, block)
-
-    @staticmethod
-    def _reg_overlap(reg0: Expr.Register, reg1: Expr.Register) -> bool:
-        if reg0.reg_offset <= reg1.reg_offset < reg0.reg_offset + reg0.size:
-            return True
-        return reg1.reg_offset <= reg0.reg_offset < reg1.reg_offset + reg1.size
-
-    @staticmethod
-    def _check_store_precedes_load(store_defat: CodeLocation | None, load_defat: CodeLocation | None) -> bool:
-        """
-        Check if store precedes load based on their AIL statement IDs.
-        """
-        if store_defat is None or load_defat is None:
-            return True
-        return store_defat.block_addr == load_defat.block_addr and store_defat.stmt_idx <= load_defat.stmt_idx

angr/analyses/propagator/tmpvar_finder.py

@@ -1,18 +0,0 @@
-from __future__ import annotations
-from ailment.expression import Expression, Tmp
-from ailment import AILBlockWalkerBase
-
-
-class TmpvarFinder(AILBlockWalkerBase):
-    """
-    Walks an AIL expression to find Tmp expressions.
-    """
-
-    def __init__(self, expr: Expression):
-        super().__init__()
-        self.has_tmp = False
-
-        self.walk_expression(expr)
-
-    def _handle_Tmp(self, expr_idx: int, expr: Tmp, stmt_idx: int, stmt, block):
-        self.has_tmp = True

angr/engines/concrete.py

@@ -1,180 +0,0 @@
-from __future__ import annotations
-import logging
-import threading
-
-import claripy
-
-from angr.errors import AngrError
-from .engine import SuccessorsMixin
-from angr.errors import SimConcreteRegisterError
-
-l = logging.getLogger("angr.engines.concrete")
-
-try:
-    from angr_targets.concrete import ConcreteTarget
-except ImportError:
-    ConcreteTarget = None
-
-
-class SimEngineConcrete(SuccessorsMixin):
-    """
-    Concrete execution using a concrete target provided by the user.
-    """
-
-    def __init__(self, project):
-        if not ConcreteTarget:
-            l.critical("Error, can't find angr_target project")
-            raise AngrError
-
-        l.info("Initializing SimEngineConcrete with ConcreteTarget provided.")
-        super().__init__()
-        self.project = project
-        if isinstance(self.project.concrete_target, ConcreteTarget) and self.check_concrete_target_methods(
-            self.project.concrete_target
-        ):
-            self.target = self.project.concrete_target
-        else:
-            l.warning("Error, you must provide an instance of a ConcreteTarget to initialize a SimEngineConcrete.")
-            self.target = None
-            raise NotImplementedError
-
-        self.segment_registers_already_init = False
-
-    def process_successors(
-        self,
-        successors,
-        extra_stop_points=None,
-        memory_concretize=None,
-        register_concretize=None,
-        timeout=0,
-        *args,
-        **kwargs,
-    ):
-        new_state = self.state
-        # setup the concrete process and resume the execution
-        self.to_engine(new_state, extra_stop_points, memory_concretize, register_concretize, timeout)
-
-        # sync angr with the current state of the concrete process using
-        # the state plugin
-        new_state.concrete.sync()
-
-        successors.engine = "SimEngineConcrete"
-        successors.sort = "SimEngineConcrete"
-        successors.add_successor(new_state, new_state.ip, claripy.true(), new_state.unicorn.jumpkind)
-        successors.description = "Concrete Successors"
-        successors.processed = True
-
-    def to_engine(self, state, extra_stop_points, memory_concretize, register_concretize, timeout):
-        """
-        Handle the concrete execution of the process
-        This method takes care of:
-        1- Set the breakpoints on the addresses provided by the user
-        2- Concretize the symbolic variables and perform the write inside the concrete process
-        3- Continue the program execution.
-
-        :param state:               The state with which to execute
-        :param extra_stop_points:   list of a addresses where to stop the concrete execution and return to the
-                                    simulated one
-        :param memory_concretize:   list of tuples (address, symbolic variable) that are going to be written
-                                    in the concrete process memory.
-        :param register_concretize:  list of tuples (reg_name, symbolic variable) that are going to be written
-        :param timeout:             how long we should wait the concrete target to reach the breakpoint
-        :return: None
-        """
-
-        state.globals["symbion_timeout"] = False
-        extra_stop_points = [] if extra_stop_points is None else extra_stop_points
-
-        l.debug(
-            "Entering in SimEngineConcrete: simulated address %#x concrete address %#x stop points %s",
-            state.addr,
-            self.target.read_register("pc"),
-            map(hex, extra_stop_points),
-        )
-
-        if memory_concretize:
-            l.debug("SimEngineConcrete is concretizing memory variables before resuming the concrete process")
-
-            for sym_var in memory_concretize:
-                sym_var_address = state.solver.eval(sym_var[0])
-                sym_var_value = state.solver.eval(sym_var[1], cast_to=bytes)
-                l.debug("Concretize memory at address %#x with value %s", sym_var_address, str(sym_var_value))
-                self.target.write_memory(sym_var_address, sym_var_value, raw=True)
-
-        if register_concretize:
-            l.debug("SimEngineConcrete is concretizing registers variables before resuming the concrete process")
-            for reg in register_concretize:
-                register_name = reg[0]
-                register_value = state.solver.eval(reg[1])
-                l.debug("Concretize register %s with value %s", register_name, str(register_value))
-                self.target.write_register(register_name, register_value)
-
-        # Set breakpoint on remote target
-        for stop_point in extra_stop_points:
-            l.debug("Setting breakpoints at %#x", stop_point)
-            self.target.set_breakpoint(stop_point, hardware=True, temporary=True)
-
-        if timeout > 0:
-            l.debug("Found timeout as option, setting it up!")
-
-            def timeout_handler():
-                self.target.stop()  # stop the concrete target now!
-                state.globals["symbion_timeout"] = True  # this will end up in the timeout stash
-
-            execution_timer = threading.Timer(timeout, timeout_handler)
-            execution_timer.start()  # start the timer!
-
-        # resuming of the concrete process, if the target won't reach the
-        # breakpoint specified by the user the timeout will abort angr execution.
-        l.debug("SimEngineConcrete is resuming the concrete process")
-        self.target.run()
-        l.debug("SimEngineConcrete has successfully resumed the process")
-
-        if state.globals["symbion_timeout"]:
-            l.critical("Timeout has been reached during resuming of concrete process")
-            l.critical(
-                "This can be a bad thing ( the ConcreteTarget didn't hit your breakpoint ) or"
-                "just it will take a while."
-            )
-
-        # reset the alarm
-        if timeout > 0:
-            execution_timer.cancel()
-
-        # removing all breakpoints set by the concrete target
-        for stop_point in extra_stop_points:
-            self.target.remove_breakpoint(stop_point)
-
-        # handling the case in which the program stops at a point different than the breakpoints set
-        # by the user.
-        current_pc = self.target.read_register("pc")
-        if current_pc not in extra_stop_points and not state.globals["symbion_timeout"]:
-            l.critical("Stopped at unexpected location inside the concrete process: %#x", current_pc)
-            raise AngrError
-
-    @staticmethod
-    def check_concrete_target_methods(concrete_target):
-        """
-        Check if the concrete target methods return the correct type of data
-        :return: True if the concrete target is compliant
-        """
-        entry_point = concrete_target.read_register("pc")
-        if type(entry_point) is not int:
-            l.error("read_register result type is %s, should be <type 'int'>", (type(entry_point)))
-            return False
-
-        mem_read = concrete_target.read_memory(entry_point, 0x4)
-
-        if type(mem_read) is not bytes:
-            l.error("read_memory result type is %s, should be <type 'bytes'>", (type(mem_read)))
-            return False
-
-        try:
-            concrete_target.read_register("not_existent_reg")
-            l.error("read_register should raise a SimConcreteRegisterError when accessing non existent registers")
-            return False
-
-        except SimConcreteRegisterError:
-            l.debug("read_register raise a SimConcreteRegisterError, ok!")
-
-        return True

angr/exploration_techniques/symbion.py

@@ -1,80 +0,0 @@
-from __future__ import annotations
-
-import logging
-
-from .base import ExplorationTechnique
-from .common import condition_to_lambda
-
-l = logging.getLogger("angr.exploration_techniques.symbion")
-
-
-class Symbion(ExplorationTechnique):
-    """
-    The Symbion exploration technique uses the SimEngineConcrete available to step a SimState.
-
-    :param find: address or list of addresses that we want to reach, these will be translated into breakpoints
-        inside the concrete process using the ConcreteTarget interface provided by the user
-        inside the SimEngineConcrete.
-    :param memory_concretize: list of tuples (address, symbolic variable) that are going to be written
-        in the concrete process memory.
-    :param register_concretize: list of tuples (reg_name, symbolic variable) that are going to be written
-    :param timeout: how long we should wait the concrete target to reach the breakpoint
-
-    """
-
-    def __init__(self, find=None, memory_concretize=None, register_concretize=None, timeout=0, find_stash="found"):
-        super().__init__()
-
-        # need to keep the raw list of addresses to
-        self.breakpoints = find
-        self.find = condition_to_lambda(find)
-        self.memory_concretize = memory_concretize
-        self.register_concretize = register_concretize
-        self.find_stash = find_stash
-        self.timeout = timeout
-
-    def setup(self, simgr):
-        # adding the 'found' stash during the setup
-        simgr.stashes[self.find_stash] = []
-
-    def step(self, simgr, stash="active", **kwargs):
-        # safe guard
-        if not len(simgr.stashes[stash]):
-            l.warning("No stashes to step, aborting.")
-            return None
-
-        # check if the stash contains only one SimState and if not warn the user that only the
-        # first state in the stash can be stepped in the SimEngineConcrete.
-        # This because for now we support only one concrete execution, in future we can think about
-        # a snapshot engine and give to each SimState an instance of a concrete process.
-        if len(simgr.stashes[stash]) > 1:
-            l.warning(
-                "You are trying to use the Symbion exploration technique on multiple state, "
-                "this is not supported now."
-            )
-
-        return simgr.step(stash=stash, **kwargs)
-
-    def step_state(self, simgr, *args, **kwargs):  # pylint:disable=arguments-differ
-        state = args[0]
-        ss = self.successors(
-            state=state,
-            simgr=simgr,
-            engine=self.project.factory.concrete_engine,
-            extra_stop_points=self.breakpoints,
-            memory_concretize=self.memory_concretize,
-            register_concretize=self.register_concretize,
-            timeout=self.timeout,
-        )
-
-        new_state = ss.successors
-
-        if new_state[0].globals.get("symbion_timeout", None):
-            return {"timeout": new_state}
-
-        return {"found": new_state}
-
-    def complete(self, simgr):
-        # We are done if we have hit at least one breakpoint in
-        # the concrete execution
-        return len(simgr.stashes[self.find_stash]) >= 1