angr 9.2.135__py3-none-manylinux2014_aarch64.whl → 9.2.137__py3-none-manylinux2014_aarch64.whl

angr/analyses/reassembler.py

@@ -12,6 +12,7 @@ import cle
 import networkx
 import pyvex
 
+from angr.analyses import AnalysesHub
 from . import Analysis
 from .cfg.cfg_emulated import CFGEmulated
 from .ddg import DDG
@@ -2896,6 +2897,4 @@ class Reassembler(Analysis):
             return None
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("Reassembler", Reassembler)

angr/analyses/s_liveness.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 import networkx
 from ailment.expression import VirtualVariable
-from ailment.statement import Assignment
+from ailment.statement import Assignment, Call
 
 from angr.analyses import Analysis, register_analysis
 from angr.utils.ssa import VVarUsesCollector, phi_assignment_get_src
@@ -86,6 +86,8 @@ class SLivenessAnalysis(Analysis):
                 # handle assignments: a defined vvar is not live before the assignment
                 if isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable):
                     live.discard(stmt.dst.varid)
+                elif isinstance(stmt, Call) and isinstance(stmt.ret_expr, VirtualVariable):
+                    live.discard(stmt.ret_expr.varid)
 
                 phi_expr = phi_assignment_get_src(stmt)
                 if phi_expr is not None:
@@ -136,6 +138,8 @@ class SLivenessAnalysis(Analysis):
             for stmt in reversed(block.statements):
                 if isinstance(stmt, Assignment) and isinstance(stmt.dst, VirtualVariable):
                     def_vvar = stmt.dst.varid
+                elif isinstance(stmt, Call) and isinstance(stmt.ret_expr, VirtualVariable):
+                    def_vvar = stmt.ret_expr.varid
                 else:
                     def_vvar = None
 

angr/analyses/s_propagator.py

@@ -17,7 +17,7 @@ from ailment.expression import (
 from ailment.statement import Assignment, Store, Return, Jump
 
 from angr.knowledge_plugins.functions import Function
-from angr.code_location import CodeLocation
+from angr.code_location import CodeLocation, ExternalCodeLocation
 from angr.analyses import Analysis, register_analysis
 from angr.utils.ssa import (
     get_vvar_uselocs,
@@ -53,8 +53,8 @@ class SPropagatorAnalysis(Analysis):
         subject: Block | Function,
         func_graph=None,
         only_consts: bool = True,
-        immediate_stmt_removal: bool = False,
         stack_pointer_tracker=None,
+        func_args: set[VirtualVariable] | None = None,
         func_addr: int | None = None,
     ):
         if isinstance(subject, Block):
@@ -70,8 +70,8 @@ class SPropagatorAnalysis(Analysis):
 
         self.func_graph = func_graph
         self.func_addr = func_addr
+        self.func_args = func_args
         self.only_consts = only_consts
-        self.immediate_stmt_removal = immediate_stmt_removal
         self._sp_tracker = stack_pointer_tracker
 
         bp_as_gpr = False
@@ -111,6 +111,11 @@ class SPropagatorAnalysis(Analysis):
         # find all vvar uses
         vvar_uselocs = get_vvar_uselocs(blocks.values())
 
+        # update vvar_deflocs using function arguments
+        if self.func_args:
+            for func_arg in self.func_args:
+                vvar_deflocs[func_arg] = ExternalCodeLocation()
+
         # find all ret sites and indirect jump sites
         retsites: set[tuple[int, int | None, int]] = set()
         jumpsites: set[tuple[int, int | None, int]] = set()
@@ -132,8 +137,9 @@ class SPropagatorAnalysis(Analysis):
 
             vvarid_to_vvar[vvar.varid] = vvar
             defloc = vvar_deflocs[vvar]
-            assert defloc.block_addr is not None
-            assert defloc.stmt_idx is not None
+            if isinstance(defloc, ExternalCodeLocation):
+                continue
+
             block = blocks[(defloc.block_addr, defloc.block_idx)]
             stmt = block.statements[defloc.stmt_idx]
             r, v = is_const_assignment(stmt)
@@ -181,7 +187,20 @@ class SPropagatorAnalysis(Analysis):
                         continue
 
                     if is_const_and_vvar_assignment(stmt):
-                        replacements[vvar_useloc][vvar_used] = stmt.src
+                        # if the useloc is a phi assignment statement, ensure that stmt.src is the same as the phi
+                        # variable
+                        useloc_stmt = blocks[(vvar_useloc.block_addr, vvar_useloc.block_idx)].statements[
+                            vvar_useloc.stmt_idx
+                        ]
+                        if is_phi_assignment(useloc_stmt):
+                            if (
+                                isinstance(stmt.src, VirtualVariable)
+                                and stmt.src.oident == useloc_stmt.dst.oident
+                                and stmt.src.category == useloc_stmt.dst.category
+                            ):
+                                replacements[vvar_useloc][vvar_used] = stmt.src
+                        else:
+                            replacements[vvar_useloc][vvar_used] = stmt.src
                         continue
 
                 elif (
@@ -209,7 +228,7 @@ class SPropagatorAnalysis(Analysis):
                         stmt_src = stmt_src.operand
                     if isinstance(stmt_src, Load) and isinstance(stmt_src.addr, Const):
                         gv_updated = False
-                        for vvar_used, vvar_useloc in vvar_uselocs[vvar.varid]:
+                        for _vvar_used, vvar_useloc in vvar_uselocs[vvar.varid]:
                             gv_updated |= self.is_global_variable_updated(
                                 self.func_graph,
                                 blocks,

angr/analyses/s_reaching_definitions/s_rda_model.py

@@ -15,8 +15,9 @@ class SRDAModel:
     The model for SRDA.
     """
 
-    def __init__(self, func_graph, arch):
+    def __init__(self, func_graph, func_args, arch):
         self.func_graph = func_graph
+        self.func_args = func_args
         self.arch = arch
         self.varid_to_vvar: dict[int, VirtualVariable] = {}
         self.all_vvar_definitions: dict[VirtualVariable, CodeLocation] = {}

angr/analyses/s_reaching_definitions/s_rda_view.py

@@ -4,7 +4,7 @@ import logging
 from collections import defaultdict
 
 from ailment.statement import Statement, Assignment, Call, Label
-from ailment.expression import VirtualVariable, Expression
+from ailment.expression import VirtualVariable, VirtualVariableCategory, Expression
 
 from angr.utils.ail import is_phi_assignment
 from angr.utils.graph import GraphUtils
@@ -133,6 +133,16 @@ class SRDAView:
         predicater = RegVVarPredicate(reg_offset, vvars, self.model.arch)
         self._get_vvar_by_stmt(block_addr, block_idx, stmt_idx, op_type, predicater.predicate)
 
+        if not vvars:
+            # not found - check function arguments
+            for func_arg in self.model.func_args:
+                if isinstance(func_arg, VirtualVariable):
+                    func_arg_category = func_arg.oident[0]
+                    if func_arg_category == VirtualVariableCategory.REGISTER:
+                        func_arg_regoff = func_arg.oident[1]
+                        if func_arg_regoff == reg_offset:
+                            vvars.add(func_arg)
+
         assert len(vvars) <= 1
         return next(iter(vvars), None)
 
@@ -149,6 +159,15 @@ class SRDAView:
         predicater = StackVVarPredicate(stack_offset, size, vvars)
         self._get_vvar_by_stmt(block_addr, block_idx, stmt_idx, op_type, predicater.predicate)
 
+        if not vvars:
+            # not found - check function arguments
+            for func_arg in self.model.func_args:
+                if isinstance(func_arg, VirtualVariable):
+                    func_arg_category = func_arg.oident[0]
+                    if func_arg_category == VirtualVariableCategory.STACK:
+                        func_arg_stackoff = func_arg.oident[1]
+                        if func_arg_stackoff == stack_offset and func_arg.size == size:
+                            vvars.add(func_arg)
         assert len(vvars) <= 1
         return next(iter(vvars), None)
 

angr/analyses/s_reaching_definitions/s_reaching_definitions.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 from ailment.block import Block
 from ailment.statement import Assignment, Call, Return
+from ailment.expression import VirtualVariable
 import networkx
 
 from angr.knowledge_plugins.functions import Function
@@ -24,6 +25,7 @@ class SReachingDefinitionsAnalysis(Analysis):
         subject,
         func_addr: int | None = None,
         func_graph: networkx.DiGraph[Block] | None = None,
+        func_args: set[VirtualVariable] | None = None,
         track_tmps: bool = False,
     ):
         if isinstance(subject, Block):
@@ -39,13 +41,14 @@ class SReachingDefinitionsAnalysis(Analysis):
 
         self.func_graph = func_graph
         self.func_addr = func_addr if func_addr is not None else self.func.addr if self.func is not None else None
+        self.func_args = func_args
         self._track_tmps = track_tmps
 
         self._bp_as_gpr = False
         if self.func is not None:
             self._bp_as_gpr = self.func.info.get("bp_as_gpr", False)
 
-        self.model = SRDAModel(func_graph, self.project.arch)
+        self.model = SRDAModel(func_graph, func_args, self.project.arch)
 
         self._analyze()
 
@@ -66,6 +69,13 @@ class SReachingDefinitionsAnalysis(Analysis):
         # find all explicit vvar uses
         vvar_uselocs = get_vvar_uselocs(blocks.values())
 
+        # update vvar definitions using function arguments
+        if self.func_args:
+            for vvar in self.func_args:
+                if vvar not in vvar_deflocs:
+                    vvar_deflocs[vvar] = ExternalCodeLocation()
+            self.model.func_args = self.func_args
+
         # update model
         for vvar, defloc in vvar_deflocs.items():
             self.model.varid_to_vvar[vvar.varid] = vvar

angr/analyses/soot_class_hierarchy.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 import logging
 
+from angr.analyses import AnalysesHub
 from . import Analysis
 
 l = logging.getLogger(name=__name__)
@@ -269,6 +270,4 @@ class SootClassHierarchy(Analysis):
         return targets
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("SootClassHierarchy", SootClassHierarchy)

angr/analyses/stack_pointer_tracker.py

@@ -2,6 +2,7 @@
 from __future__ import annotations
 
 from typing import Any, TYPE_CHECKING
+import contextlib
 import re
 import logging
 from collections import defaultdict
@@ -15,7 +16,6 @@ from angr.knowledge_plugins import Function
 from angr.block import BlockNode
 from angr.errors import SimTranslationError
 from .analysis import Analysis
-import contextlib
 
 try:
     import pypcode
@@ -258,11 +258,11 @@ class StackPointerTrackerState:
             pass
         raise CouldNotResolveException
 
-    def put(self, reg, val):
+    def put(self, reg, val, force: bool = False):
         # strong update, but we only update values for registers that are already in self.regs and ignore all other
         # registers. obviously, self.regs should be initialized with registers that should be considered during
         # tracking,
-        if reg in self.regs:
+        if reg in self.regs or force:
             self.regs[reg] = val
 
     def copy(self):
@@ -702,6 +702,32 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
             # who are we calling?
             callees = [] if self._func is None else self._find_callees(node)
             if callees:
+                if len(callees) == 1:
+                    callee = callees[0]
+
+                    if callee.info.get("is_rust_probestack", False) is True and self.project.arch.name == "AMD64":
+                        # special-case for rust_probestack: sp = sp - rax right after returning from the call, so we
+                        # need to keep track of rax
+                        for stmt in reversed(vex_block.statements):
+                            if (
+                                isinstance(stmt, pyvex.IRStmt.Put)
+                                and stmt.offset == self.project.arch.registers["rax"][0]
+                                and isinstance(stmt.data, pyvex.IRExpr.Const)
+                            ):
+                                state.put(stmt.offset, Constant(stmt.data.con.value), force=True)
+                                break
+                    elif callee.name == "__chkstk":
+                        # special-case for __chkstk: sp = sp - rax right after returning from the call, so we need to
+                        # keep track of rax
+                        for stmt in reversed(vex_block.statements):
+                            if (
+                                isinstance(stmt, pyvex.IRStmt.Put)
+                                and stmt.offset == self.project.arch.registers["rax"][0]
+                                and isinstance(stmt.data, pyvex.IRExpr.Const)
+                            ):
+                                state.put(stmt.offset, Constant(stmt.data.con.value), force=True)
+                                break
+
                 callee_cleanups = [
                     callee
                     for callee in callees

angr/analyses/static_hooker.py

@@ -4,6 +4,7 @@ import logging
 from . import Analysis
 
 from angr import SIM_LIBRARIES
+from angr.analyses import AnalysesHub
 from angr.errors import AngrValueError
 
 l = logging.getLogger(name=__name__)
@@ -47,6 +48,4 @@ class StaticHooker(Analysis):
                 l.debug("Failed to hook %s at %#x", func.name, func.rebased_addr)
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("StaticHooker", StaticHooker)

angr/analyses/typehoon/simple_solver.py

@@ -870,7 +870,7 @@ class SimpleSolver:
             for x, y, data in graph.edges(data=True):
                 lbl = data.get("label")
                 if lbl and lbl[1] == "recall":
-                    for label, z in R[x]:
+                    for _label, z in R[x]:
                         if not graph.has_edge(z, y):
                             changed = True
                             graph.add_edge(z, y)
@@ -1167,7 +1167,7 @@ class SimpleSolver:
 
             candidate_bases = defaultdict(set)
 
-            for labels, succ in path_and_successors:
+            for labels, _succ in path_and_successors:
                 last_label = labels[-1] if labels else None
                 if isinstance(last_label, HasField):
                     # TODO: Really determine the maximum possible size of the field when MAX_POINTSTO_BITS is in use

angr/analyses/variable_recovery/engine_ail.py

@@ -74,17 +74,28 @@ class SimEngineVRAIL(
 
         elif dst_type is ailment.Expr.VirtualVariable:
             data = self._expr(stmt.src)
-            self._assign_to_vvar(
+            variable = self._assign_to_vvar(
                 stmt.dst, data, src=stmt.src, dst=stmt.dst, vvar_id=self._mapped_vvarid(stmt.dst.varid)
             )
 
+            if variable is not None and isinstance(stmt.src, ailment.Expr.Phi):
+                # this is a phi node - we update variable manager's phi variable tracking
+                for _, vvar in stmt.src.src_and_vvars:
+                    if vvar is not None:
+                        r = self._read_from_vvar(vvar, expr=stmt.src, vvar_id=self._mapped_vvarid(vvar.varid))
+                        if r.variable is not None:
+                            pv = self.variable_manager[self.func_addr]._phi_variables
+                            if variable not in pv:
+                                pv[variable] = set()
+                            pv[variable].add(r.variable)
+
             if stmt.dst.was_stack and isinstance(stmt.dst.stack_offset, int):
                 # store it to the stack region in case it's directly referenced later
                 self._store(
                     RichR(self.state.stack_address(stmt.dst.stack_offset)),
                     data,
                     stmt.dst.bits // self.arch.byte_width,
-                    stmt=stmt,
+                    atom=stmt.dst,
                 )
 
         else:
@@ -94,10 +105,11 @@ class SimEngineVRAIL(
         addr_r = self._expr_bv(stmt.addr)
         data = self._expr(stmt.data)
         size = stmt.size
-        self._store(addr_r, data, size, stmt=stmt)
+        self._store(addr_r, data, size, atom=stmt)
 
-    def _handle_stmt_Jump(self, stmt):
-        pass
+    def _handle_stmt_Jump(self, stmt: ailment.Stmt.Jump):
+        if not isinstance(stmt.target, ailment.Expr.Const):
+            self._expr(stmt.target)
 
     def _handle_stmt_ConditionalJump(self, stmt):
         self._expr(stmt.condition)
@@ -149,7 +161,7 @@ class SimEngineVRAIL(
                 prototype_libname = func.prototype_libname
 
         # dump the type of the return value
-        ret_ty = typevars.TypeVariable() if prototype is not None else typevars.TypeVariable()
+        ret_ty = typevars.TypeVariable()
         if isinstance(ret_ty, typeconsts.BottomType):
             ret_ty = typevars.TypeVariable()
 
@@ -218,7 +230,7 @@ class SimEngineVRAIL(
                 prototype_libname = func.prototype_libname
 
         # dump the type of the return value
-        ret_ty = typevars.TypeVariable() if prototype is not None else typevars.TypeVariable()
+        ret_ty = typevars.TypeVariable()
         if isinstance(ret_ty, typeconsts.BottomType):
             ret_ty = typevars.TypeVariable()
 

angr/analyses/variable_recovery/engine_base.py

@@ -387,7 +387,7 @@ class SimEngineVRBase(
         ) or not create_variable:
             # only store the value. don't worry about variables.
             self.vvar_region[vvar_id] = richr.data
-            return
+            return None
 
         codeloc: CodeLocation = self._codeloc()
         data = richr.data
@@ -463,10 +463,14 @@ class SimEngineVRBase(
             else:
                 typevar = self.state.typevars.get_type_variable(variable, codeloc)
             self.state.add_type_constraint(typevars.Subtype(richr.typevar, typevar))
+            # the constraint below is a default constraint that may conflict with more specific ones with different
+            # sizes; we post-process at the very end of VRA to remove conflicting default constraints.
             self.state.add_type_constraint(typevars.Subtype(typevar, typeconsts.int_type(variable.size * 8)))
 
+        return variable
+
     def _store(
-        self, richr_addr: RichR[claripy.ast.BV], data: RichR[claripy.ast.BV | claripy.ast.FP], size, stmt=None
+        self, richr_addr: RichR[claripy.ast.BV], data: RichR[claripy.ast.BV | claripy.ast.FP], size, atom=None
     ):  # pylint:disable=unused-argument
         """
 
@@ -481,19 +485,19 @@ class SimEngineVRBase(
 
         if addr.concrete:
             # fully concrete. this is a global address
-            self._store_to_global(addr.concrete_value, data, size, stmt=stmt)
+            self._store_to_global(addr.concrete_value, data, size, stmt=atom)
             stored = True
         elif self._addr_has_concrete_base(addr) and (parsed := self._parse_offsetted_addr(addr)) is not None:
             # we are storing to a concrete global address with an offset
             base_addr, offset, elem_size = parsed
-            self._store_to_global(base_addr.concrete_value, data, size, stmt=stmt, offset=offset, elem_size=elem_size)
+            self._store_to_global(base_addr.concrete_value, data, size, stmt=atom, offset=offset, elem_size=elem_size)
             stored = True
         else:
             if self.state.is_stack_address(addr):
                 stack_offset = self.state.get_stack_offset(addr)
                 if stack_offset is not None:
                     # fast path: Storing data to stack
-                    self._store_to_stack(stack_offset, data, size, stmt=stmt)
+                    self._store_to_stack(stack_offset, data, size, atom=atom)
                     stored = True
 
         if not stored:
@@ -504,21 +508,21 @@ class SimEngineVRBase(
             codeloc = self._codeloc()
             if existing_vars:
                 for existing_var, _ in list(existing_vars):
-                    self.variable_manager[self.func_addr].remove_variable_by_atom(codeloc, existing_var, stmt)
+                    self.variable_manager[self.func_addr].remove_variable_by_atom(codeloc, existing_var, atom)
 
             # storing to a location specified by a pointer whose value cannot be determined at this point
-            self._store_to_variable(richr_addr, size, stmt=stmt)
+            self._store_to_variable(richr_addr, size)
 
     def _store_to_stack(
-        self, stack_offset, data: RichR[claripy.ast.BV | claripy.ast.FP], size, offset=0, stmt=None, endness=None
+        self, stack_offset, data: RichR[claripy.ast.BV | claripy.ast.FP], size, offset=0, atom=None, endness=None
     ):
-        if stmt is None:
+        if atom is None:
             existing_vars = self.variable_manager[self.func_addr].find_variables_by_stmt(
                 self.block.addr, self.stmt_idx, "memory"
             )
         else:
             existing_vars = self.variable_manager[self.func_addr].find_variables_by_atom(
-                self.block.addr, self.stmt_idx, stmt
+                self.block.addr, self.stmt_idx, atom
             )
         if not existing_vars:
             variable = SimStackVariable(
@@ -562,7 +566,7 @@ class SimEngineVRBase(
                     var,
                     offset_into_var,
                     codeloc,
-                    atom=stmt,
+                    atom=atom,
                 )
 
             # create type constraints
@@ -673,9 +677,7 @@ class SimEngineVRBase(
                 self.state.add_type_constraint(typevars.Subtype(store_typevar, typeconsts.TopType()))
                 self.state.add_type_constraint(typevars.Subtype(data.typevar, store_typevar))
 
-    def _store_to_variable(
-        self, richr_addr: RichR[claripy.ast.BV], size: int, stmt=None
-    ):  # pylint:disable=unused-argument
+    def _store_to_variable(self, richr_addr: RichR[claripy.ast.BV], size: int):
         addr_variable = richr_addr.variable
         codeloc = self._codeloc()
 

angr/analyses/variable_recovery/engine_vex.py

@@ -74,7 +74,7 @@ class SimEngineVRVEX(
         size = stmt.data.result_size(self.tyenv) // 8
         r = self._expr(stmt.data)
 
-        self._store(addr_r, r, size, stmt=stmt)
+        self._store(addr_r, r, size, atom=stmt)
 
     def _handle_stmt_StoreG(self, stmt):
         guard = self._expr(stmt.guard)
@@ -82,7 +82,7 @@ class SimEngineVRVEX(
             addr = self._expr_bv(stmt.addr)
             size = stmt.data.result_size(self.tyenv) // 8
             data = self._expr(stmt.data)
-            self._store(addr, data, size, stmt=stmt)
+            self._store(addr, data, size, atom=stmt)
 
     def _handle_stmt_LoadG(self, stmt):
         guard = self._expr(stmt.guard)

angr/analyses/variable_recovery/variable_recovery_fast.py

@@ -12,6 +12,7 @@ import ailment
 from ailment.expression import VirtualVariable
 
 import angr.errors
+from angr.analyses import AnalysesHub
 from angr.storage.memory_mixins.paged_memory.pages.multi_values import MultiValues
 from angr.block import Block
 from angr.errors import AngrVariableRecoveryError, SimEngineError
@@ -19,7 +20,8 @@ from angr.knowledge_plugins import Function
 from angr.sim_variable import SimStackVariable, SimRegisterVariable, SimVariable, SimMemoryVariable
 from angr.engines.vex.claripy.irop import vexop_to_simop
 from angr.analyses import ForwardAnalysis, visitors
-from angr.analyses.typehoon.typevars import Equivalence, TypeVariable, TypeVariables
+from angr.analyses.typehoon.typevars import Equivalence, TypeVariable, TypeVariables, Subtype, DerivedTypeVariable
+from angr.analyses.typehoon.typeconsts import Int
 from .variable_recovery_base import VariableRecoveryBase, VariableRecoveryStateBase
 from .engine_vex import SimEngineVRVEX
 from .engine_ail import SimEngineVRAIL
@@ -499,6 +501,26 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
                 for tv in sorted_typevars[1:]:
                     self.type_constraints[self.func_typevar].add(Equivalence(sorted_typevars[0], tv))
 
+        # remove default constraints with size conflicts
+        for func_var in self.type_constraints:
+            var_to_subtyping: dict[TypeVariable, list[Subtype]] = defaultdict(list)
+            for constraint in self.type_constraints[func_var]:
+                if isinstance(constraint, Subtype) and isinstance(constraint.sub_type, TypeVariable):
+                    var_to_subtyping[constraint.sub_type].append(constraint)
+
+            for constraints in var_to_subtyping.values():
+                if len(constraints) <= 1:
+                    continue
+                default_subtyping_constraints = set()
+                has_nondefault_subtyping_constraints = False
+                for constraint in constraints:
+                    if isinstance(constraint.super_type, Int):
+                        default_subtyping_constraints.add(constraint)
+                    elif isinstance(constraint.super_type, DerivedTypeVariable) and constraint.super_type.labels:
+                        has_nondefault_subtyping_constraints = True
+                if has_nondefault_subtyping_constraints:
+                    self.type_constraints[func_var].difference_update(default_subtyping_constraints)
+
         self.variable_manager[self.function.addr].ret_val_size = self.ret_val_size
 
         self.delayed_type_constraints = None
@@ -600,6 +622,4 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
                 state.register_region.store(self.project.arch.sp_offset, sp_v)
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("VariableRecoveryFast", VariableRecoveryFast)

angr/analyses/veritesting.py

@@ -4,11 +4,14 @@ from collections import defaultdict
 from functools import cmp_to_key
 
 import networkx
+from claripy import ClaripyError
 
 from angr import SIM_PROCEDURES
 from angr import options as o
+from angr.analyses import AnalysesHub
 from angr.knowledge_base import KnowledgeBase
-from angr.errors import AngrError, AngrCFGError
+from angr.errors import AngrError, AngrCFGError, SimValueError, SimSolverModeError, SimError
+from angr.sim_options import BYPASS_VERITESTING_EXCEPTIONS
 from angr.sim_manager import SimulationManager
 from angr.utils.graph import shallow_reverse
 from . import Analysis, CFGEmulated
@@ -620,10 +623,4 @@ class Veritesting(Analysis):
         return [(n.addr, n.looping_times) for n in nodes]
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("Veritesting", Veritesting)
-
-from angr.errors import SimValueError, SimSolverModeError, SimError
-from angr.sim_options import BYPASS_VERITESTING_EXCEPTIONS
-from claripy import ClaripyError

angr/analyses/vfg.py

@@ -651,7 +651,7 @@ class VFG(ForwardAnalysis[SimState, VFGNode, VFGJob, BlockID], Analysis):  # pyl
                 l.debug("%s is not recorded. Skip the job.", job)
                 raise AngrSkipJobNotice
             # unwind the stack till the target, unless we see any pending jobs for each new top task
-            for i in range(unwind_count):
+            for _ in range(unwind_count):
                 if isinstance(self._top_task, FunctionAnalysis):
                     # are there any pending job belonging to the current function that we should handle first?
                     pending_job_key = self._get_pending_job(self._top_task.function_address)

angr/analyses/vsa_ddg.py

@@ -5,6 +5,7 @@ from collections import defaultdict
 import networkx
 from . import Analysis, VFG
 
+from angr.analyses import AnalysesHub
 from angr.code_location import CodeLocation
 from angr.errors import AngrDDGError
 from angr.sim_variable import SimRegisterVariable, SimMemoryVariable
@@ -416,6 +417,4 @@ class VSA_DDG(Analysis):
         return nodes
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("VSA_DDG", VSA_DDG)