angr 9.2.135__py3-none-win_amd64.whl → 9.2.137__py3-none-win_amd64.whl

angr/exploration_techniques/__init__.py

@@ -17,7 +17,6 @@ from .manual_mergepoint import ManualMergepoint
 from .tech_builder import TechniqueBuilder
 from .stochastic import StochasticSearch
 from .unique import UniqueSearch
-from .symbion import Symbion
 from .memory_watcher import MemoryWatcher
 from .bucketizer import Bucketizer
 from .local_loop_seer import LocalLoopSeer
@@ -45,7 +44,6 @@ __all__ = (
     "StochasticSearch",
     "StubStasher",
     "Suggestions",
-    "Symbion",
     "TechniqueBuilder",
     "Threading",
     "Timeout",

angr/exploration_techniques/spiller.py

@@ -4,6 +4,7 @@ from __future__ import annotations
 import contextlib
 import logging
 
+from angr import vaults
 from .base import ExplorationTechnique
 
 
@@ -277,6 +278,3 @@ class Spiller(ExplorationTechnique):
     @staticmethod
     def state_priority(state):
         return id(state)
-
-
-from angr import vaults

angr/exploration_techniques/stochastic.py

@@ -44,13 +44,12 @@ class StochasticSearch(ExplorationTechnique):
                 assert len(states) >= 2
                 total_weight = sum(self.affinity[s.addr] for s in states)
                 selected = self._random.uniform(0, total_weight)
-                i = 0
                 for i, state in enumerate(states):
                     weight = self.affinity[state.addr]
                     if selected < weight:
-                        break
+                        return states[i]
                     selected -= weight
-                return states[i]
+                return states[len(states) - 1]
 
             simgr.stashes[stash] = [weighted_pick(simgr.stashes[stash])]
 

angr/factory.py

@@ -11,7 +11,7 @@ from .sim_state import SimState
 from .calling_conventions import default_cc, SimRegArg, SimStackArg, PointerWrapper, SimCCUnknown
 from .callable import Callable
 from .errors import AngrAssemblyError, AngrError
-from .engines import UberEngine, ProcedureEngine, SimEngineConcrete
+from .engines import UberEngine, ProcedureEngine
 from .sim_type import SimTypeFunction, SimTypeInt
 from .codenode import HookNode, SyscallNode
 from .block import Block, SootBlock
@@ -39,7 +39,6 @@ class AngrObjectFactory:
     project: Project
     default_engine_factory: type[SimEngine]
     procedure_engine: ProcedureEngine
-    concrete_engine: SimEngineConcrete | None
     _default_cc: type[SimCC] | None
 
     # We use thread local storage to cache engines on a per-thread basis
@@ -66,16 +65,11 @@ class AngrObjectFactory:
         )
         self.procedure_engine = ProcedureEngine(project)
 
-        if project.concrete_target:
-            self.concrete_engine = SimEngineConcrete(project)
-        else:
-            self.concrete_engine = None
-
     def __getstate__(self):
-        return self.project, self.default_engine_factory, self.procedure_engine, self.concrete_engine, self._default_cc
+        return self.project, self.default_engine_factory, self.procedure_engine, self._default_cc
 
     def __setstate__(self, state):
-        self.project, self.default_engine_factory, self.procedure_engine, self.concrete_engine, self._default_cc = state
+        self.project, self.default_engine_factory, self.procedure_engine, self._default_cc = state
         self._tls = threading.local()
 
     @property

angr/flirt/build_sig.py

@@ -22,9 +22,7 @@ def get_basic_info(ar_path: str) -> dict[str, str]:
     """
 
     with tempfile.TemporaryDirectory() as tempdirname:
-        cwd = os.getcwd()
-        os.chdir(tempdirname)
-        subprocess.call(["ar", "x", ar_path])
+        subprocess.call(["ar", "x", ar_path], cwd=tempdirname)
 
         # Load arch and OS information from the first .o file
         o_files = [f for f in os.listdir(".") if f.endswith(".o")]
@@ -32,8 +30,8 @@ def get_basic_info(ar_path: str) -> dict[str, str]:
             proj = angr.Project(o_files[0], auto_load_libs=False)
             arch_name = proj.arch.name.lower()
             os_name = proj.simos.name.lower()
-
-        os.chdir(cwd)
+        else:
+            raise ValueError("No .o files found in the archive.")
 
     return {
         "arch": arch_name,
@@ -64,9 +62,7 @@ def get_unique_strings(ar_path: str) -> list[str]:
     # extract the archive file into a temporary directory
     all_strings = set()
     with tempfile.TemporaryDirectory() as tempdirname:
-        cwd = os.getcwd()
-        os.chdir(tempdirname)
-        subprocess.call(["ar", "x", ar_path])
+        subprocess.call(["ar", "x", ar_path], cwd=tempdirname)
 
         for filename in os.listdir("."):
             if filename.endswith(".o"):
@@ -93,8 +89,6 @@ def get_unique_strings(ar_path: str) -> list[str]:
                     non_symbol_strings.add(s)
                 all_strings |= non_symbol_strings
 
-        os.chdir(cwd)
-
     grouped_strings = defaultdict(set)
     for s in all_strings:
         grouped_strings[s[:5]].add(s)
@@ -138,7 +132,7 @@ def process_exc_file(exc_path: str):
 
     TODO: Add caller-callee-based de-duplication.
     """
-    with open(exc_path) as f:
+    with open(exc_path, encoding="utf-8") as f:
         data = f.read()
         lines = data.split("\n")
 
@@ -184,7 +178,7 @@ def process_exc_file(exc_path: str):
         g[the_chosen_one] = "+" + line
 
     # output
-    with open(exc_path, "w") as f:
+    with open(exc_path, "w", encoding="utf-8") as f:
         for g in groups.values():
             for line in g.values():
                 f.write(line + "\n")
@@ -273,8 +267,7 @@ def main():
         basename = os.path.basename(ar_path)
 
         # sanitize basename since otherwise sigmake is not happy with it
-        if basename.endswith(".a"):
-            basename = basename[:-2]
+        basename = basename.removesuffix(".a")
         basename = basename.replace("+", "plus")
 
         # sanitize signame as well
@@ -292,7 +285,7 @@ def main():
 
             assert not has_collision
 
-    with open(meta_path, "w") as f:
+    with open(meta_path, "w", encoding="utf-8") as f:
         metadata = {
             "unique_strings": unique_strings,
         }

angr/knowledge_plugins/cfg/cfg_model.py

@@ -6,10 +6,10 @@ import logging
 from typing import TYPE_CHECKING
 from collections.abc import Callable
 from collections import defaultdict
-import bisect
 import string
 
 import networkx
+from sortedcontainers import SortedList
 
 import cle
 
@@ -81,7 +81,7 @@ class CFGModel(Serializable):
         # CFGNodes dict indexed by block ID. Don't serialize
         self._nodes: dict[int, CFGNode] = {}
         # addresses of CFGNodes to speed up get_any_node(..., anyaddr=True). Don't serialize
-        self._node_addrs: list[int] = []
+        self._node_addrs: SortedList[int] | None = None
 
         self.normalized = False
 
@@ -137,7 +137,8 @@ class CFGModel(Serializable):
             edge.dst_ea = dst.addr
             for k, v in data.items():
                 if k == "jumpkind":
-                    edge.jumpkind = cfg_jumpkind_to_pb(v)
+                    jk = cfg_jumpkind_to_pb(v)
+                    edge.jumpkind = primitives_pb2.Edge.UnknownJumpkind if jk is None else jk
                 elif k == "ins_addr":
                     edge.ins_addr = v if v is not None else 0xFFFF_FFFF_FFFF_FFFF
                 elif k == "stmt_idx":
@@ -176,7 +177,7 @@ class CFGModel(Serializable):
                     "The resulting graph may be broken."
                 )
 
-        model._node_addrs = sorted(model._nodes_by_addr.keys())
+        model._node_addrs = None
 
         # edges
         for edge_pb2 in cmsg.edges:
@@ -219,6 +220,9 @@ class CFGModel(Serializable):
 
         return model
 
+    def _build_node_addr_index(self):
+        self._node_addrs = SortedList(iter(k for k, lst in self._nodes_by_addr.items() if lst))
+
     #
     # Node insertion and removal
     #
@@ -227,12 +231,8 @@ class CFGModel(Serializable):
         self._nodes[block_id] = node
         self._nodes_by_addr[node.addr].append(node)
 
-        if isinstance(node.addr, int):
-            pos = bisect.bisect_left(self._node_addrs, node.addr)
-            if pos >= len(self._node_addrs):
-                self._node_addrs.append(node.addr)
-            elif self._node_addrs[pos] != node.addr:
-                self._node_addrs.insert(pos, node.addr)
+        if self._node_addrs is not None and isinstance(node.addr, int) and node.addr not in self._node_addrs:
+            self._node_addrs.add(node.addr)
 
     def remove_node(self, block_id: int, node: CFGNode) -> None:
         """
@@ -250,10 +250,8 @@ class CFGModel(Serializable):
             if not self._nodes_by_addr[node.addr]:
                 del self._nodes_by_addr[node.addr]
 
-                if isinstance(node.addr, int):
-                    pos = bisect.bisect_left(self._node_addrs, node.addr)
-                    if pos < len(self._node_addrs) and self._node_addrs[pos] == node.addr:
-                        self._node_addrs.pop(pos)
+                if self._node_addrs is not None and isinstance(node.addr, int) and node.addr in self._node_addrs:
+                    self._node_addrs.remove(node.addr)
 
     #
     # CFG View
@@ -294,17 +292,22 @@ class CFGModel(Serializable):
         # fastpath: directly look in the nodes list
         if not anyaddr or addr in self._nodes_by_addr:
             try:
-                return self._nodes_by_addr[addr][0]
-            except (KeyError, IndexError):
+                if is_syscall is None:
+                    return self._nodes_by_addr[addr][0]
+                return next(iter(node for node in self._nodes_by_addr[addr] if node.is_syscall == is_syscall))
+            except (KeyError, IndexError, StopIteration):
                 pass
 
         if force_fastpath:
             return None
 
         if isinstance(addr, int):
+            if self._node_addrs is None:
+                self._build_node_addr_index()
+
             # slower path
             # find all potential addresses that the block may cover
-            pos = bisect.bisect_left(self._node_addrs, max(addr - VEX_IRSB_MAX_SIZE, 0))
+            pos = self._node_addrs.bisect_left(max(addr - VEX_IRSB_MAX_SIZE, 0))
 
             is_cfgemulated = self.ident == "CFGEmulated"
 

angr/knowledge_plugins/functions/function.py

@@ -1,11 +1,14 @@
+# pylint:disable=too-many-boolean-expressions
 from __future__ import annotations
 import os
 import logging
-import networkx
 import itertools
 from collections import defaultdict
 from collections.abc import Iterable
+import contextlib
+from typing import overload
 
+import networkx
 from itanium_demangler import parse
 
 from cle.backends.symbol import Symbol
@@ -13,7 +16,6 @@ from archinfo.arch_arm import get_real_address_if_arm
 import claripy
 
 from angr.knowledge_plugins.cfg.memory_data import MemoryDataSort
-
 from angr.codenode import CodeNode, BlockNode, HookNode, SyscallNode
 from angr.serializable import Serializable
 from angr.errors import AngrValueError, SimEngineError, SimMemoryError
@@ -22,14 +24,12 @@ from angr.procedures.definitions import SimSyscallLibrary
 from angr.protos import function_pb2
 from angr.calling_conventions import DEFAULT_CC, default_cc
 from angr.misc.ux import deprecated
-from .function_parser import FunctionParser
-
-l = logging.getLogger(name=__name__)
-
 from angr.sim_type import SimTypeFunction, parse_defns
 from angr.calling_conventions import SimCC
 from angr.project import Project
-import contextlib
+from .function_parser import FunctionParser
+
+l = logging.getLogger(name=__name__)
 
 
 class Function(Serializable):
@@ -41,7 +41,6 @@ class Function(Serializable):
         "_addr_to_block_node",
         "_argument_registers",
         "_argument_stack_variables",
-        "_block_cache",
         "_block_sizes",
         "_call_sites",
         "_callout_sites",
@@ -71,13 +70,10 @@ class Function(Serializable):
         "is_simprocedure",
         "is_syscall",
         "normalized",
-        "prepared_registers",
-        "prepared_stack_variables",
         "previous_names",
         "prototype",
         "prototype_libname",
         "ran_cca",
-        "registers_read_afterwards",
         "retaddr_on_stack",
         "sp_delta",
         "startpoint",
@@ -150,15 +146,11 @@ class Function(Serializable):
         self.is_prototype_guessed: bool = True
         # Whether this function returns or not. `None` means it's not determined yet
         self._returning = None
-        self.prepared_registers = set()
-        self.prepared_stack_variables = set()
-        self.registers_read_afterwards = set()
 
         self._addr_to_block_node = {}  # map addresses to nodes. it's a cache of blocks. if a block is removed from the
         # function, it may not be removed from _addr_to_block_node. if you want to list
         # all blocks of a function, access .blocks.
         self._block_sizes = {}  # map addresses to block sizes
-        self._block_cache = {}  # a cache of real, hard data Block objects
         self._local_blocks = {}  # a dict of all blocks inside the function
         self._local_block_addrs = set()  # a set of addresses of all blocks inside the function
 
@@ -374,13 +366,6 @@ class Function(Serializable):
         :param byte_string:
         :return:
         """
-        if addr in self._block_cache:
-            b = self._block_cache[addr]
-            if size is None or b.size == size:
-                return b
-            # size seems to be updated. remove this cached entry from the block cache
-            del self._block_cache[addr]
-
         if size is None and addr in self.block_addrs:
             # we know the size
             size = self._block_sizes[addr]
@@ -389,7 +374,6 @@ class Function(Serializable):
         if size is None:
             # update block_size dict
             self._block_sizes[addr] = block.size
-        self._block_cache[addr] = block
         return block
 
     # compatibility
@@ -440,7 +424,7 @@ class Function(Serializable):
 
     @classmethod
     def _get_cmsg(cls):
-        return function_pb2.Function()
+        return function_pb2.Function()  # pylint:disable=no-member
 
     def serialize_to_cmessage(self):
         return FunctionParser.serialize(self)
@@ -613,7 +597,6 @@ class Function(Serializable):
         d["_local_transition_graph"] = None
         d["_project"] = None
         d["_function_manager"] = None
-        d["_block_cache"] = {}
         return d
 
     @property
@@ -642,7 +625,7 @@ class Function(Serializable):
 
     @property
     def size(self):
-        return sum([b.size for b in self.blocks])
+        return sum(b.size for b in self.blocks)
 
     @property
     def binary(self):
@@ -675,7 +658,7 @@ class Function(Serializable):
         dec = self.project.analyses.Decompiler(self, cfg=self._function_manager._kb.cfgs.get_most_accurate())
         return dec.codegen.text
 
-    def add_jumpout_site(self, node):
+    def add_jumpout_site(self, node: CodeNode):
         """
         Add a custom jumpout site.
 
@@ -683,11 +666,11 @@ class Function(Serializable):
         :return:        None
         """
 
-        self._register_nodes(True, node)
+        node = self._register_node(True, node)
         self._jumpout_sites.add(node)
         self._add_endpoint(node, "transition")
 
-    def add_retout_site(self, node):
+    def add_retout_site(self, node: CodeNode):
         """
         Add a custom retout site.
 
@@ -703,7 +686,7 @@ class Function(Serializable):
         :return:     None
         """
 
-        self._register_nodes(True, node)
+        node = self._register_node(True, node)
         self._retout_sites.add(node)
         self._add_endpoint(node, "return")
 
@@ -785,7 +768,6 @@ class Function(Serializable):
         return None
 
     def _clear_transition_graph(self):
-        self._block_cache = {}
         self._block_sizes = {}
         self._addr_to_block_node = {}
         self._local_blocks = {}
@@ -812,11 +794,13 @@ class Function(Serializable):
 
         # it's confirmed. register the node if needed
         if "outside" not in data or data["outside"] is False:
-            self._register_nodes(True, dst)
+            dst = self._register_node(True, dst)
 
         self.transition_graph[src][dst]["confirmed"] = True
 
-    def _transit_to(self, from_node, to_node, outside=False, ins_addr=None, stmt_idx=None, is_exception=False):
+    def _transit_to(
+        self, from_node: CodeNode, to_node, outside=False, ins_addr=None, stmt_idx=None, is_exception=False
+    ):
         """
         Registers an edge between basic blocks in this function's transition graph.
         Arguments are CodeNode objects.
@@ -830,16 +814,15 @@ class Function(Serializable):
         """
 
         if outside:
-            self._register_nodes(True, from_node)
+            from_node = self._register_node(True, from_node)
             if to_node is not None:
-                self._register_nodes(False, to_node)
+                to_node = self._register_node(False, to_node)
 
             self._jumpout_sites.add(from_node)
         else:
+            from_node = self._register_node(True, from_node)
             if to_node is not None:
-                self._register_nodes(True, from_node, to_node)
-            else:
-                self._register_nodes(True, from_node)
+                to_node = self._register_node(True, to_node)
 
         type_ = "transition" if not is_exception else "exception"
         if to_node is not None:
@@ -871,19 +854,22 @@ class Function(Serializable):
         :type  ins_addr:    int or None
         """
 
-        self._register_nodes(True, from_node)
+        from_node = self._register_node(True, from_node)
 
         if to_func.is_syscall:
             self.transition_graph.add_edge(from_node, to_func, type="syscall", stmt_idx=stmt_idx, ins_addr=ins_addr)
         else:
             self.transition_graph.add_edge(from_node, to_func, type="call", stmt_idx=stmt_idx, ins_addr=ins_addr)
             if ret_node is not None:
+                ret_node = self._register_node(return_to_outside is False, ret_node)
                 self._fakeret_to(from_node, ret_node, to_outside=return_to_outside)
 
         self._local_transition_graph = None
 
     def _fakeret_to(self, from_node, to_node, confirmed=None, to_outside=False):
-        self._register_nodes(True, from_node)
+        from_node = self._register_node(True, from_node)
+        if confirmed:
+            to_node = self._register_node(not to_outside, to_node)
 
         if confirmed is None:
             self.transition_graph.add_edge(from_node, to_node, type="fake_return", outside=to_outside)
@@ -891,8 +877,6 @@ class Function(Serializable):
             self.transition_graph.add_edge(
                 from_node, to_node, type="fake_return", confirmed=confirmed, outside=to_outside
             )
-            if confirmed:
-                self._register_nodes(not to_outside, to_node)
 
         self._local_transition_graph = None
 
@@ -910,45 +894,56 @@ class Function(Serializable):
         self._local_transition_graph = None
 
     def _update_local_blocks(self, node: CodeNode):
-        self._local_blocks[node.addr] = node
-        self._local_block_addrs.add(node.addr)
+        if node.addr not in self._local_blocks or self._local_blocks[node.addr] != node:
+            self._local_blocks[node.addr] = node
+            self._local_block_addrs.add(node.addr)
 
     def _update_addr_to_block_cache(self, node: BlockNode):
         if node.addr not in self._addr_to_block_node:
             self._addr_to_block_node[node.addr] = node
 
-    def _register_nodes(self, is_local, *nodes):
-        if not isinstance(is_local, bool):
-            raise AngrValueError('_register_nodes(): the "is_local" parameter must be a bool')
-
-        for node in nodes:
-            if node.addr not in self:
-                # only add each node once
-                self.transition_graph.add_node(node)
-
-            if not isinstance(node, CodeNode):
-                continue
-            node._graph = self.transition_graph
-            if self._block_sizes.get(node.addr, 0) == 0:
-                self._block_sizes[node.addr] = node.size
-            if node.addr == self.addr and (self.startpoint is None or not self.startpoint.is_hook):
-                self.startpoint = node
-            if is_local and node.addr not in self._local_blocks:
-                self._update_local_blocks(node)
-            # add BlockNodes to the addr_to_block_node cache if not already there
-            if isinstance(node, BlockNode):
-                self._update_addr_to_block_cache(node)
-                # else:
-                #    # checks that we don't have multiple block nodes at a single address
-                #    assert node == self._addr_to_block_node[node.addr]
-
-    def _add_return_site(self, return_site):
+    @overload
+    def _register_node(self, is_local: bool, node: CodeNode) -> CodeNode: ...
+
+    @overload
+    def _register_node(self, is_local: bool, node: Function) -> Function: ...
+
+    def _register_node(self, is_local: bool, node: CodeNode | Function) -> CodeNode | Function:
+        # if the node already exists and is the same, we reuse the existing node
+        if is_local and self._local_blocks.get(node.addr, None) == node:
+            return self._local_blocks[node.addr]
+
+        if node.addr not in self and node not in self.transition_graph:
+            # only add each node to the graph once
+            self.transition_graph.add_node(node)
+
+        if not isinstance(node, CodeNode):
+            # function and other things bail here
+            return node
+
+        # this is either a new node or a different node at the same address
+        node._graph = self.transition_graph
+        if self._block_sizes.get(node.addr, 0) == 0:
+            self._block_sizes[node.addr] = node.size
+        if node.addr == self.addr and (self.startpoint is None or not self.startpoint.is_hook):
+            self.startpoint = node
+        if is_local and node.addr not in self._local_blocks:
+            self._update_local_blocks(node)
+        # add BlockNodes to the addr_to_block_node cache if not already there
+        if isinstance(node, BlockNode):
+            self._update_addr_to_block_cache(node)
+            # else:
+            #    # checks that we don't have multiple block nodes at a single address
+            #    assert node == self._addr_to_block_node[node.addr]
+        return node
+
+    def _add_return_site(self, return_site: CodeNode):
         """
         Registers a basic block as a site for control flow to return from this function.
 
-        :param CodeNode return_site:     The block node that ends with a return.
+        :param return_site:     The block node that ends with a return.
         """
-        self._register_nodes(True, return_site)
+        return_site = self._register_node(True, return_site)
 
         self._ret_sites.add(return_site)
         # A return site must be an endpoint of the function - you cannot continue execution of the current function
@@ -1285,8 +1280,8 @@ class Function(Serializable):
         """
         Draw the graph and save it to a PNG file.
         """
-        import matplotlib.pyplot as pyplot  # pylint: disable=import-error
-        from networkx.drawing.nx_agraph import graphviz_layout  # pylint: disable=import-error
+        import matplotlib.pyplot as pyplot  # pylint: disable=import-error,import-outside-toplevel
+        from networkx.drawing.nx_agraph import graphviz_layout  # pylint: disable=import-error,import-outside-toplevel
 
         tmp_graph = networkx.classes.digraph.DiGraph()
         for from_block, to_block in self.transition_graph.edges():
@@ -1416,11 +1411,8 @@ class Function(Serializable):
                     self._local_blocks[n.addr] = new_node
 
                 # update block_cache and block_sizes
-                if (n.addr in self._block_cache and self._block_cache[n.addr].size != new_node.size) or (
-                    n.addr in self._block_sizes and self._block_sizes[n.addr] != new_node.size
-                ):
+                if n.addr in self._block_sizes and self._block_sizes[n.addr] != new_node.size:
                     # the cache needs updating
-                    self._block_cache.pop(n.addr, None)
                     self._block_sizes[n.addr] = new_node.size
 
                 for p, _, data in original_predecessors:
@@ -1680,7 +1672,6 @@ class Function(Serializable):
         func.startpoint = self.startpoint
         func._addr_to_block_node = self._addr_to_block_node.copy()
         func._block_sizes = self._block_sizes.copy()
-        func._block_cache = self._block_cache.copy()
         func._local_blocks = self._local_blocks.copy()
         func._local_block_addrs = self._local_block_addrs.copy()
         func.info = self.info.copy()