angr 9.2.135__py3-none-win_amd64.whl → 9.2.136__py3-none-win_amd64.whl

angr/analyses/cfg/indirect_jump_resolvers/const_resolver.py

@@ -75,7 +75,31 @@ class ConstantResolver(IndirectJumpResolver):
 
         vex_block = block.vex
         if isinstance(vex_block.next, pyvex.expr.RdTmp):
-            # what does the jump rely on? slice it back and see
+            tmp_stmt_idx, tmp_ins_addr = self._find_tmp_write_stmt_and_ins(vex_block, vex_block.next.tmp)
+            if tmp_stmt_idx is None or tmp_ins_addr is None:
+                return False, []
+
+            # first check: is it jumping to a target loaded from memory? if so, it should have been resolved by
+            # MemoryLoadResolver.
+            stmt = vex_block.statements[tmp_stmt_idx]
+            assert isinstance(stmt, pyvex.IRStmt.WrTmp)
+            if (
+                isinstance(stmt.data, pyvex.IRExpr.Load)
+                and isinstance(stmt.data.addr, pyvex.IRExpr.Const)
+                and stmt.data.result_size(vex_block.tyenv) == self.project.arch.bits
+            ):
+                # well, if MemoryLoadResolver hasn't resolved it, we can try to resolve it here, or bail early because
+                # ConstantResolver won't help.
+                load_addr = stmt.data.addr.con.value
+                try:
+                    value = self.project.loader.memory.unpack_word(load_addr, size=self.project.arch.bytes)
+                    if isinstance(value, int) and self._is_target_valid(cfg, value):
+                        return True, [value]
+                except KeyError:
+                    pass
+                return False, []
+
+            # second check: what does the jump rely on? slice it back and see
             b = Blade(
                 cfg.graph,
                 addr,
@@ -104,26 +128,25 @@ class ConstantResolver(IndirectJumpResolver):
                     block = self.project.factory.block(pred_addr, cross_insn_opt=True).vex
                     if stmt_idx != DEFAULT_STATEMENT:
                         stmt = block.statements[stmt_idx]
-                        if isinstance(stmt, pyvex.IRStmt.WrTmp) and isinstance(stmt.data, pyvex.IRExpr.Load):
+                        if (
+                            isinstance(stmt, pyvex.IRStmt.WrTmp)
+                            and isinstance(stmt.data, pyvex.IRExpr.Load)
+                            and not isinstance(stmt.data.addr, pyvex.IRExpr.Const)
+                        ):
                             # loading from memory - unsupported
                             return False, []
                 break
 
             _l.debug("ConstantResolver: Propagating for %r at %#x.", func, addr)
-            prop = self.project.analyses.Propagator(
-                func=func,
-                only_consts=True,
-                do_binops=True,
+            prop = self.project.analyses.FastConstantPropagation(
+                func,
                 vex_cross_insn_opt=False,
-                completed_funcs=cfg._completed_functions,
                 load_callback=PropagatorLoadCallback(self.project).propagator_load_callback,
-                cache_results=True,
-                key_prefix="cfg_intermediate",
             )
 
             replacements = prop.replacements
             if replacements:
-                block_loc = CodeLocation(block.addr, None)
+                block_loc = CodeLocation(block.addr, tmp_stmt_idx, ins_addr=tmp_ins_addr)
                 tmp_var = vex_vars.VEXTmp(vex_block.next.tmp)
 
                 if exists_in_replacements(replacements, block_loc, tmp_var):
@@ -135,5 +158,18 @@ class ConstantResolver(IndirectJumpResolver):
                         and self._is_target_valid(cfg, resolved_tmp.args[0])
                     ):
                         return True, [resolved_tmp.args[0]]
+                    if isinstance(resolved_tmp, int) and self._is_target_valid(cfg, resolved_tmp):
+                        return True, [resolved_tmp]
 
         return False, []
+
+    @staticmethod
+    def _find_tmp_write_stmt_and_ins(vex_block, tmp: int) -> tuple[int | None, int | None]:
+        stmt_idx = None
+        for idx, stmt in enumerate(reversed(vex_block.statements)):
+            if isinstance(stmt, pyvex.IRStmt.IMark) and stmt_idx is not None:
+                ins_addr = stmt.addr + stmt.delta
+                return stmt_idx, ins_addr
+            if isinstance(stmt, pyvex.IRStmt.WrTmp) and stmt.tmp == tmp:
+                stmt_idx = len(vex_block.statements) - idx - 1
+        return None, None

angr/analyses/cfg/indirect_jump_resolvers/default_resolvers.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 import cle
+from angr.analyses.cfg.indirect_jump_resolvers import MemoryLoadResolver
 
 from . import MipsElfFastResolver
 from . import X86ElfPicPltResolver
@@ -19,6 +20,9 @@ DEFAULT_RESOLVERS = {
         cle.PE: [
             X86PeIatResolver,
         ],
+        cle.XBE: [
+            X86PeIatResolver,
+        ],
     },
     "AMD64": {
         cle.MetaELF: [
@@ -54,7 +58,7 @@ DEFAULT_RESOLVERS = {
             ArmElfFastResolver,
         ]
     },
-    "ALL": [JumpTableResolver, ConstantResolver],
+    "ALL": [MemoryLoadResolver, JumpTableResolver, ConstantResolver],
 }
 
 

angr/analyses/cfg/indirect_jump_resolvers/jumptable.py

@@ -10,6 +10,7 @@ import functools
 import pyvex
 import claripy
 from archinfo.arch_arm import is_arm_arch
+from claripy.annotation import UninitializedAnnotation
 
 from angr import sim_options as o
 from angr import BP, BP_BEFORE, BP_AFTER
@@ -144,20 +145,22 @@ class ConstantValueManager:
 
     __slots__ = (
         "func",
+        "indirect_jump_addr",
         "kb",
         "mapping",
         "project",
     )
 
-    def __init__(self, project: Project, kb, func: Function):
+    def __init__(self, project: Project, kb, func: Function, ij_addr: int):
         self.project = project
         self.kb = kb
         self.func = func
+        self.indirect_jump_addr = ij_addr
 
         self.mapping: dict[Any, dict[Any, claripy.ast.Base]] | None = None
 
     def reg_read_callback(self, state: SimState):
-        if not self.mapping:
+        if self.mapping is None:
             self._build_mapping()
             assert self.mapping is not None
 
@@ -168,18 +171,54 @@ class ConstantValueManager:
                 reg_read_offset = reg_read_offset.args[0]
             variable = VEXReg(reg_read_offset, state.inspect.reg_read_length)
             if variable in self.mapping[codeloc]:
-                state.inspect.reg_read_expr = self.mapping[codeloc][variable]
+                v = self.mapping[codeloc][variable]
+                if isinstance(v, int):
+                    v = claripy.BVV(v, state.inspect.reg_read_length * state.arch.byte_width)
+                state.inspect.reg_read_expr = v
 
     def _build_mapping(self):
         # constant propagation
-        l.debug("JumpTable: Propagating for %r.", self.func)
-        prop = self.project.analyses[PropagatorAnalysis].prep()(
-            func=self.func,
-            only_consts=True,
+        l.debug("JumpTable: Propagating for %r at %#x.", self.func, self.indirect_jump_addr)
+
+        # determine blocks to run FCP on
+
+        # - include at most three levels of successors from the entrypoint
+        startpoint = self.func.startpoint
+        blocks = set()
+        succs = [startpoint]
+        for _ in range(3):
+            new_succs = []
+            for node in succs:
+                if node in blocks:
+                    continue
+                blocks.add(node)
+                if node.addr == self.indirect_jump_addr:
+                    # stop at the indirect jump block
+                    continue
+                new_succs += list(self.func.graph.successors(node))
+            succs = new_succs
+            if not succs:
+                break
+
+        # - include at most six levels of predecessors from the indirect jump block
+        ij_block = self.func.get_node(self.indirect_jump_addr)
+        preds = [ij_block]
+        for _ in range(6):
+            new_preds = []
+            for node in preds:
+                if node in blocks:
+                    continue
+                blocks.add(node)
+                new_preds += list(self.func.graph.predecessors(node))
+            preds = new_preds
+            if not preds:
+                break
+
+        prop = self.project.analyses.FastConstantPropagation(
+            self.func,
+            blocks=blocks,
             vex_cross_insn_opt=True,
             load_callback=PropagatorLoadCallback(self.project).propagator_load_callback,
-            cache_results=True,
-            key_prefix="cfg_intermediate",
         )
         self.mapping = prop.replacements
 
@@ -853,7 +892,7 @@ class JumpTableResolver(IndirectJumpResolver):
         potential_call_table = jumpkind == "Ijk_Call" or self._sp_moved_up(block) or len(func.block_addrs_set) <= 5
         # we only perform full-function propagation for jump tables or call tables in really small functions
         if not potential_call_table or len(func.block_addrs_set) <= 5:
-            cv_manager = ConstantValueManager(self.project, cfg.kb, func)
+            cv_manager = ConstantValueManager(self.project, cfg.kb, func, addr)
         else:
             cv_manager = None
 
@@ -2131,7 +2170,7 @@ class JumpTableResolver(IndirectJumpResolver):
         read_addr = state.inspect.mem_read_address
         cond = state.inspect.mem_read_condition
 
-        if not isinstance(read_addr, int) and read_addr.uninitialized and cond is None:
+        if not isinstance(read_addr, int) and read_addr.has_annotation_type(UninitializedAnnotation) and cond is None:
             # if this AST has been initialized before, just use the cached addr
             cached_addr = self._cached_memread_addrs.get(read_addr, None)
             if cached_addr is not None:
@@ -2402,6 +2441,3 @@ class JumpTableResolver(IndirectJumpResolver):
         if load_stmt_ids:
             return [load_stmt_ids[-1]]
         return []
-
-
-from angr.analyses.propagator import PropagatorAnalysis

angr/analyses/cfg/indirect_jump_resolvers/memload_resolver.py

@@ -0,0 +1,81 @@
+from __future__ import annotations
+import logging
+
+import pyvex
+
+from .resolver import IndirectJumpResolver
+
+_l = logging.getLogger(name=__name__)
+
+
+class MemoryLoadResolver(IndirectJumpResolver):
+    """
+    Resolve an indirect jump that looks like the following::
+
+    .text:
+                    call    off_3314A8
+
+    .data:
+    off_3314A8      dd offset sub_1E426F
+
+    This indirect jump resolver may not be the best solution for all cases (e.g., when the .data section can be
+    intentionally altered by the binary itself).
+    """
+
+    def __init__(self, project):
+        super().__init__(project, timeless=True)
+
+    def filter(self, cfg, addr, func_addr, block, jumpkind):
+        return jumpkind in {"Ijk_Boring", "Ijk_Call"}
+
+    def resolve(  # pylint:disable=unused-argument
+        self,
+        cfg,
+        addr: int,
+        func_addr: int,
+        block: pyvex.IRSB,
+        jumpkind: str,
+        func_graph_complete: bool = True,
+        **kwargs,
+    ):
+        """
+        :param cfg:         CFG with specified function
+        :param addr:        Address of indirect jump
+        :param func_addr:   Address of function of indirect jump
+        :param block:       Block of indirect jump (Block object)
+        :param jumpkind:    VEX jumpkind (Ijk_Boring or Ijk_Call)
+        :return:            Bool tuple with replacement address
+        """
+        vex_block = block
+        if isinstance(vex_block.next, pyvex.expr.RdTmp):
+            tmp_stmt_idx, tmp_ins_addr = self._find_tmp_write_stmt_and_ins(vex_block, vex_block.next.tmp)
+            if tmp_stmt_idx is None or tmp_ins_addr is None:
+                return False, []
+
+            stmt = vex_block.statements[tmp_stmt_idx]
+            assert isinstance(stmt, pyvex.IRStmt.WrTmp)
+            if (
+                isinstance(stmt.data, pyvex.IRExpr.Load)
+                and isinstance(stmt.data.addr, pyvex.IRExpr.Const)
+                and stmt.data.result_size(vex_block.tyenv) == self.project.arch.bits
+            ):
+                load_addr = stmt.data.addr.con.value
+                try:
+                    value = self.project.loader.memory.unpack_word(load_addr, size=self.project.arch.bytes)
+                    if isinstance(value, int) and self._is_target_valid(cfg, value):
+                        return True, [value]
+                except KeyError:
+                    return False, []
+
+        return False, []
+
+    @staticmethod
+    def _find_tmp_write_stmt_and_ins(vex_block, tmp: int) -> tuple[int | None, int | None]:
+        stmt_idx = None
+        for idx, stmt in enumerate(reversed(vex_block.statements)):
+            if isinstance(stmt, pyvex.IRStmt.IMark) and stmt_idx is not None:
+                ins_addr = stmt.addr + stmt.delta
+                return stmt_idx, ins_addr
+            if isinstance(stmt, pyvex.IRStmt.WrTmp) and stmt.tmp == tmp:
+                stmt_idx = len(vex_block.statements) - idx - 1
+        return None, None

angr/analyses/cfg/indirect_jump_resolvers/propagator_utils.py

@@ -10,7 +10,7 @@ class PropagatorLoadCallback:
     def __init__(self, project):
         self.project = project
 
-    def propagator_load_callback(self, addr, size) -> bool:  # pylint:disable=unused-argument
+    def propagator_load_callback(self, addr: claripy.ast.BV | int, size: int) -> bool:  # pylint:disable=unused-argument
         # only allow loading if the address falls into a read-only region
         if isinstance(addr, claripy.ast.BV) and addr.op == "BVV":
             addr_v = addr.args[0]
@@ -19,9 +19,28 @@ class PropagatorLoadCallback:
         else:
             return False
         section = self.project.loader.find_section_containing(addr_v)
+        segment = None
         if section is not None:
-            return section.is_readable and not section.is_writable
-        segment = self.project.loader.find_segment_containing(addr_v)
-        if segment is not None:
-            return segment.is_readable and not segment.is_writable
+            if section.is_readable and not section.is_writable:
+                # read-only section
+                return True
+        else:
+            segment = self.project.loader.find_segment_containing(addr_v)
+            if segment is not None and segment.is_readable and not segment.is_writable:
+                # read-only segment
+                return True
+
+        if (size == self.project.arch.bytes and (section is not None and section.is_readable)) or (
+            segment is not None and segment.is_readable
+        ):
+            # memory is mapped and readable. does it contain a valid address?
+            try:
+                target_addr = self.project.loader.memory.unpack_word(
+                    addr_v, size=size, endness=self.project.arch.memory_endness
+                )
+                if target_addr >= 0x1000 and self.project.loader.find_object_containing(target_addr) is not None:
+                    return True
+            except KeyError:
+                return False
+
         return False

angr/analyses/cfg/indirect_jump_resolvers/x86_pe_iat.py

@@ -3,7 +3,6 @@ import logging
 
 from capstone.x86_const import X86_OP_MEM
 
-from angr.simos import SimWindows
 from .resolver import IndirectJumpResolver
 
 l = logging.getLogger(name=__name__)
@@ -11,16 +10,14 @@ l = logging.getLogger(name=__name__)
 
 class X86PeIatResolver(IndirectJumpResolver):
     """
-    A timeless indirect jump resolver for IAT in x86 PEs.
+    A timeless indirect jump resolver for IAT in x86 PEs and xbes.
     """
 
     def __init__(self, project):
         super().__init__(project, timeless=True)
 
     def filter(self, cfg, addr, func_addr, block, jumpkind):
-        if not isinstance(self.project.simos, SimWindows):
-            return False
-        if jumpkind != "Ijk_Call":
+        if jumpkind not in {"Ijk_Call", "Ijk_Boring"}:  # both call and jmp
             return False
 
         insns = self.project.factory.block(addr).capstone.insns

angr/analyses/congruency_check.py

@@ -3,6 +3,8 @@ import logging
 
 import claripy
 
+from angr.errors import AngrIncongruencyError
+from angr.analyses import AnalysesHub
 from . import Analysis
 
 l = logging.getLogger(name=__name__)
@@ -372,7 +374,4 @@ class CongruencyCheck(Analysis):
         return True
 
 
-from angr.errors import AngrIncongruencyError
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("CongruencyCheck", CongruencyCheck)

angr/analyses/data_dep/data_dependency_analysis.py

@@ -9,7 +9,7 @@ from typing import TYPE_CHECKING
 from networkx import DiGraph
 
 import claripy
-from claripy.ast.bv import BV
+from claripy.ast import BV
 from .dep_nodes import DepNodeTypes, ConstantDepNode, MemDepNode, VarDepNode, RegDepNode, TmpDepNode
 from .sim_act_location import SimActLocation, DEFAULT_LOCATION, ParsedInstruction
 from angr.analyses import Analysis
@@ -173,7 +173,7 @@ class DataDependencyGraphAnalysis(Analysis):
         self,
         type_: int,
         sim_act: SimActionData,
-        val: tuple[BV, int],
+        val: tuple[claripy.ast.BV, int],
         *constructor_params,
     ) -> BaseDepNode:
         """

angr/analyses/ddg.py

@@ -6,8 +6,7 @@ import claripy
 import networkx
 import pyvex
 
-from . import Analysis
-
+from angr.analyses import Analysis, AnalysesHub
 from angr.code_location import CodeLocation
 from angr.errors import SimSolverModeError, SimUnsatError, AngrDDGError
 from angr.sim_variable import (
@@ -1668,6 +1667,4 @@ class DDG(Analysis):
         return sources
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("DDG", DDG)

angr/analyses/decompiler/ail_simplifier.py

@@ -216,7 +216,7 @@ class AILSimplifier(Analysis):
         self._reaching_definitions = rd
         return rd
 
-    def _compute_propagation(self, immediate_stmt_removal: bool = False) -> SPropagatorAnalysis:
+    def _compute_propagation(self) -> SPropagatorAnalysis:
         # Propagate expressions or return the existing result
         if self._propagator is not None:
             return self._propagator
@@ -225,7 +225,6 @@ class AILSimplifier(Analysis):
             func_graph=self.func_graph,
             # gp=self._gp,
             only_consts=self._only_consts,
-            immediate_stmt_removal=immediate_stmt_removal,
         )
         self._propagator = prop
         return prop
@@ -354,7 +353,7 @@ class AILSimplifier(Analysis):
     ):
         repeat = False
         narrowable_phivarids = set()
-        for def_vvarid, (_, narrow_info) in narrowing_candidates.items():
+        for def_vvarid in narrowing_candidates:
             if def_vvarid in blacklist_varids:
                 continue
             if def_vvarid in rd.phi_vvar_ids:
@@ -591,7 +590,7 @@ class AILSimplifier(Analysis):
         """
 
         # propagator
-        propagator = self._compute_propagation(immediate_stmt_removal=True)
+        propagator = self._compute_propagation()
         replacements = propagator.replacements
 
         # take replacements and rebuild the corresponding blocks

angr/analyses/decompiler/clinic.py

@@ -527,6 +527,9 @@ class Clinic(Analysis):
         # TODO: Totally remove this dict
         self._blocks_by_addr_and_size = None
 
+        # Rust-specific; only call this on Rust binaries when we can identify language and compiler
+        ail_graph = self._rewrite_rust_probestack_call(ail_graph)
+
         # Make call-sites
         self._update_progress(50.0, text="Making callsites")
         _, stackarg_offsets, removed_vvar_ids = self._make_callsites(ail_graph, stack_pointer_tracker=spt)
@@ -1010,13 +1013,15 @@ class Clinic(Analysis):
                 if node is None:
                     continue
                 successors = self._cfg.get_successors(node, excluding_fakeret=True, jumpkind="Ijk_Call")
-                if len(successors) == 1 and not isinstance(
-                    self.project.hooked_by(successors[0].addr), UnresolvableCallTarget
-                ):
-                    # found a single successor - replace the last statement
-                    new_last_stmt = last_stmt.copy()
-                    new_last_stmt.target = ailment.Expr.Const(None, None, successors[0].addr, last_stmt.target.bits)
-                    block.statements[-1] = new_last_stmt
+                if len(successors) == 1:
+                    succ_addr = successors[0].addr
+                    if not self.project.is_hooked(succ_addr) or not isinstance(
+                        self.project.hooked_by(successors[0].addr), UnresolvableCallTarget
+                    ):
+                        # found a single successor - replace the last statement
+                        new_last_stmt = last_stmt.copy()
+                        new_last_stmt.target = ailment.Expr.Const(None, None, successors[0].addr, last_stmt.target.bits)
+                        block.statements[-1] = new_last_stmt
 
             elif isinstance(last_stmt, ailment.Stmt.Jump) and not isinstance(last_stmt.target, ailment.Expr.Const):
                 # indirect jump
@@ -2732,6 +2737,36 @@ class Clinic(Analysis):
 
         return extra_regs
 
+    def _rewrite_rust_probestack_call(self, ail_graph):
+        for node in ail_graph:
+            if not node.statements or ail_graph.out_degree[node] != 1:
+                continue
+            last_stmt = node.statements[-1]
+            if isinstance(last_stmt, ailment.Stmt.Call) and isinstance(last_stmt.target, ailment.Expr.Const):
+                func = (
+                    self.project.kb.functions.get_by_addr(last_stmt.target.value)
+                    if self.project.kb.functions.contains_addr(last_stmt.target.value)
+                    else None
+                )
+                if func is not None and func.info.get("is_rust_probestack", False) is True:
+                    # get rid of this call
+                    node.statements = node.statements[:-1]
+                    if self.project.arch.call_pushes_ret and node.statements:
+                        last_stmt = node.statements[-1]
+                        succ = next(iter(ail_graph.successors(node)))
+                        if (
+                            isinstance(last_stmt, ailment.Stmt.Store)
+                            and isinstance(last_stmt.addr, ailment.Expr.StackBaseOffset)
+                            and isinstance(last_stmt.addr.offset, int)
+                            and last_stmt.addr.offset < 0
+                            and isinstance(last_stmt.data, ailment.Expr.Const)
+                            and last_stmt.data.value == succ.addr
+                        ):
+                            # remove the statement that pushes the return address
+                            node.statements = node.statements[:-1]
+                    break
+        return ail_graph
+
     def _rewrite_alloca(self, ail_graph):
         # pylint:disable=too-many-boolean-expressions
         alloca_node = None

angr/analyses/decompiler/optimization_passes/duplication_reverter/ail_merge_graph.py

@@ -304,7 +304,7 @@ class AILMergeGraph:
         end_pair_map = {}
         end_pairs = set()
         merge_to_end_pair = {}
-        for split, sblocks in self.merge_blocks_to_originals.items():
+        for sblocks in self.merge_blocks_to_originals.values():
             for sblock in sblocks:
                 if isinstance(sblock, AILBlockSplit) and sblock.original in self.merge_blocks_to_originals:
                     deletable_blocks.add(sblock.original)
@@ -429,7 +429,7 @@ class AILMergeGraph:
                     self.original_split_blocks[updated] = self.original_split_blocks[k]
                     del self.original_split_blocks[k]
 
-            for k, v in self.original_split_blocks.items():
+            for v in self.original_split_blocks.values():
                 for sblock in v:
                     for attr in ["up_split", "match_split", "down_split"]:
                         if getattr(sblock, attr) == original:

angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py

@@ -167,7 +167,7 @@ class DuplicationReverter(StructuringOptimizationPass):
 
     def _reinsert_merged_candidate(self, ail_merge_graph: AILMergeGraph, candidate: tuple[Block, Block]) -> bool:
         og_succs, og_preds = {}, {}
-        for block, original_blocks in ail_merge_graph.original_blocks.items():
+        for original_blocks in ail_merge_graph.original_blocks.values():
             # collect all the old edges
             for og_block in original_blocks:
                 og_succs[og_block] = list(self.write_graph.successors(og_block))
@@ -364,7 +364,7 @@ class DuplicationReverter(StructuringOptimizationPass):
             new_nodes[node] = new_node
 
         # fixup every single jump target (before adding them to the graph)
-        for src, dst, data in graph.edges(data=True):
+        for src, dst in graph.edges():
             new_src = new_nodes[src]
             new_dst = new_nodes[dst]
             if new_dst is not dst:

angr/analyses/decompiler/optimization_passes/ite_region_converter.py

@@ -263,7 +263,7 @@ class ITERegionConverter(OptimizationPass):
 
             # is this the statement that we are looking for?
             found_true_src_vvar, found_false_src_vvar = False, False
-            for src, vvar in stmt.src.src_and_vvars:
+            for _src, vvar in stmt.src.src_and_vvars:
                 if vvar is not None:
                     if vvar.varid == true_stmt_dst.varid:
                         found_true_src_vvar = True

angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py

@@ -557,7 +557,7 @@ class LoweredSwitchSimplifier(StructuringOptimizationPass):
                     varhash_to_caselists[v].append((cases, extra_cmp_nodes))
 
         for v, caselists in list(varhash_to_caselists.items()):
-            for idx, (cases, redundant_nodes) in list(enumerate(caselists)):
+            for idx, (cases, _redundant_nodes) in list(enumerate(caselists)):
                 # filter: each case value should only appear once
                 if len({case.value for case in cases}) != len(cases):
                     caselists[idx] = None

angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py

@@ -144,7 +144,7 @@ class StackCanarySimplifier(OptimizationPass):
                 nodes_to_process.append((pred, canary_check_stmt_idx, stack_chk_fail_caller, ret_node))
 
             # Awesome. Now patch this function.
-            for pred, canary_check_stmt_idx, stack_chk_fail_caller, ret_node in nodes_to_process:
+            for pred, _canary_check_stmt_idx, stack_chk_fail_caller, ret_node in nodes_to_process:
                 # Patch the pred so that it jumps to the one that is not stack_chk_fail_caller
                 pred_copy = pred.copy()
                 pred_copy.statements[-1] = ailment.Stmt.Jump(

angr/analyses/decompiler/structuring/phoenix.py

@@ -1536,7 +1536,7 @@ class PhoenixStructurer(StructurerBase):
                     full_graph.remove_edge(head, out_dst)
 
                 # fix full_graph if needed: remove successors that are no longer needed
-                for out_src, out_dst in out_edges[1:]:
+                for _out_src, out_dst in out_edges[1:]:
                     if out_dst in full_graph and out_dst not in graph and full_graph.in_degree[out_dst] == 0:
                         full_graph.remove_node(out_dst)
                         if out_dst in self._region.successors:

angr/analyses/disassembly.py

@@ -1,22 +1,24 @@
 from __future__ import annotations
+
+import contextlib
 import logging
 from collections import defaultdict
-from typing import Union, Any
 from collections.abc import Sequence
+from typing import Union, Any
 
 import pyvex
 import archinfo
-from angr.knowledge_plugins import Function
 
 from . import Analysis
 
+from angr.analyses import AnalysesHub
 from angr.errors import AngrTypeError
+from angr.knowledge_plugins import Function
 from angr.utils.library import get_cpp_function_name
 from angr.utils.formatting import ansi_color_enabled, ansi_color, add_edge_to_buffer
 from angr.block import DisassemblerInsn, CapstoneInsn, SootBlockNode
 from angr.codenode import BlockNode
 from .disassembly_utils import decode_instruction
-import contextlib
 
 try:
     from angr.engines import pcode
@@ -1295,6 +1297,4 @@ class Disassembly(Analysis):
         return "\n".join(buf)
 
 
-from angr.analyses import AnalysesHub
-
 AnalysesHub.register_default("Disassembly", Disassembly)

angr/analyses/fcp/__init__.py

@@ -0,0 +1,4 @@
+from __future__ import annotations
+from .fcp import FastConstantPropagation
+
+__all__ = ["FastConstantPropagation"]