angr 9.2.138__py3-none-manylinux2014_x86_64.whl → 9.2.140__py3-none-manylinux2014_x86_64.whl

angr/analyses/decompiler/ail_simplifier.py

@@ -27,6 +27,7 @@ from ailment.expression import (
 from angr.analyses.s_propagator import SPropagatorAnalysis
 from angr.analyses.s_reaching_definitions import SRDAModel
 from angr.utils.ail import is_phi_assignment, HasExprWalker
+from angr.utils.ssa import has_call_in_between_stmts, has_store_stmt_in_between_stmts, has_load_expr_in_between_stmts
 from angr.code_location import CodeLocation, ExternalCodeLocation
 from angr.sim_variable import SimStackVariable, SimMemoryVariable, SimVariable
 from angr.knowledge_plugins.propagations.states import Equivalence
@@ -102,7 +103,7 @@ class AILSimplifier(Analysis):
         self.func = func
         self.func_graph = func_graph if func_graph is not None else func.graph
         self._reaching_definitions: SRDAModel | None = None
-        self._propagator = None
+        self._propagator: SPropagatorAnalysis | None = None
 
         self._remove_dead_memdefs = remove_dead_memdefs
         self._stack_arg_offsets = stack_arg_offsets
@@ -117,6 +118,7 @@ class AILSimplifier(Analysis):
         self._removed_vvar_ids = removed_vvar_ids if removed_vvar_ids is not None else set()
         self._arg_vvars = arg_vvars
         self._avoid_vvar_ids = avoid_vvar_ids
+        self._propagator_dead_vvar_ids: set[int] = set()
 
         self._calls_to_remove: set[CodeLocation] = set()
         self._assignments_to_remove: set[CodeLocation] = set()
@@ -231,6 +233,7 @@ class AILSimplifier(Analysis):
             only_consts=self._only_consts,
         )
         self._propagator = prop
+        self._propagator_dead_vvar_ids = prop.dead_vvar_ids
         return prop
 
     def _compute_equivalence(self) -> set[Equivalence]:
@@ -247,6 +250,9 @@ class AILSimplifier(Analysis):
                     if isinstance(stmt.ret_expr, (VirtualVariable, Load)):
                         codeloc = CodeLocation(block.addr, stmt_idx, block_idx=block.idx, ins_addr=stmt.ins_addr)
                         equivalence.add(Equivalence(codeloc, stmt.ret_expr, stmt))
+                    elif isinstance(stmt.fp_ret_expr, (VirtualVariable, Load)):
+                        codeloc = CodeLocation(block.addr, stmt_idx, block_idx=block.idx, ins_addr=stmt.ins_addr)
+                        equivalence.add(Equivalence(codeloc, stmt.fp_ret_expr, stmt))
                 elif (
                     isinstance(stmt, Store)
                     and isinstance(stmt.size, int)
@@ -287,7 +293,7 @@ class AILSimplifier(Analysis):
 
         narrowed = False
 
-        addr_and_idx_to_block: dict[tuple[int, int], Block] = {}
+        addr_and_idx_to_block: dict[tuple[int, int | None], Block] = {}
         for block in self.func_graph.nodes():
             addr_and_idx_to_block[(block.addr, block.idx)] = block
 
@@ -419,6 +425,7 @@ class AILSimplifier(Analysis):
                 return ExprNarrowingInfo(False)
 
             block = self.blocks.get(old_block, old_block)
+            assert loc.stmt_idx is not None
             if loc.stmt_idx >= len(block.statements):
                 # missing a statement for whatever reason
                 return ExprNarrowingInfo(False)
@@ -546,14 +553,23 @@ class AILSimplifier(Analysis):
                 return None, None
             return expr.size, ("expr", (expr,))
 
-        first_op = walker.operations[0]
+        ops = walker.operations
+        first_op = ops[0]
+        if isinstance(first_op, BinaryOp) and first_op.op in {"Add", "Sub"}:
+            # expr + x
+            ops = ops[1:]
+            if not ops:
+                if expr is None:
+                    return None, None
+                return expr.size, ("expr", (expr,))
+            first_op = ops[0]
         if isinstance(first_op, Convert) and first_op.to_bits >= self.project.arch.byte_width:
             # we need at least one byte!
             return first_op.to_bits // self.project.arch.byte_width, ("convert", (first_op,))
         if isinstance(first_op, BinaryOp):
             second_op = None
-            if len(walker.operations) >= 2:
-                second_op = walker.operations[1]
+            if len(ops) >= 2:
+                second_op = ops[1]
             if (
                 first_op.op == "And"
                 and isinstance(first_op.operands[1], Const)
@@ -618,9 +634,9 @@ class AILSimplifier(Analysis):
             block = blocks_by_addr_and_idx[(block_addr, block_idx)]
 
             # only replace loads if there are stack arguments in this block
-            replace_loads = insn_addrs_using_stack_args is not None and {
-                stmt.ins_addr for stmt in block.statements
-            }.intersection(insn_addrs_using_stack_args)
+            replace_loads: bool = insn_addrs_using_stack_args is not None and bool(
+                {stmt.ins_addr for stmt in block.statements}.intersection(insn_addrs_using_stack_args)
+            )
 
             # remove virtual variables in the avoid list
             if self._avoid_vvar_ids:
@@ -657,7 +673,7 @@ class AILSimplifier(Analysis):
         if not equivalence:
             return simplified
 
-        addr_and_idx_to_block: dict[tuple[int, int], Block] = {}
+        addr_and_idx_to_block: dict[tuple[int, int | None], Block] = {}
         for block in self.func_graph.nodes():
             addr_and_idx_to_block[(block.addr, block.idx)] = block
 
@@ -938,6 +954,8 @@ class AILSimplifier(Analysis):
                     for use_loc in all_use_locs:
                         if use_loc == eq.codeloc:
                             continue
+                        assert use_loc.block_addr is not None
+                        assert use_loc.stmt_idx is not None
                         block = addr_and_idx_to_block[(use_loc.block_addr, use_loc.block_idx)]
                         stmt = block.statements[use_loc.stmt_idx]
                         if isinstance(stmt, Assignment) or (isinstance(replace_with, Load) and isinstance(stmt, Store)):
@@ -949,11 +967,15 @@ class AILSimplifier(Analysis):
 
                 remove_initial_assignment = False  # expression folding will take care of it
 
+            assert replace_with is not None
+
             if any(not isinstance(use_and_expr[1], VirtualVariable) for _, use_and_expr in all_uses_with_def):
                 # if any of the uses are phi assignments, we skip
                 used_in_phi_assignment = False
                 for _, use_and_expr in all_uses_with_def:
                     u = use_and_expr[0]
+                    assert u.block_addr is not None
+                    assert u.stmt_idx is not None
                     block = addr_and_idx_to_block[(u.block_addr, u.block_idx)]
                     stmt = block.statements[u.stmt_idx]
                     if is_phi_assignment(stmt):
@@ -1116,13 +1138,14 @@ class AILSimplifier(Analysis):
         In such cases, the one-use expression folder in RegionSimplifier will perform this transformation.
         """
 
+        # pylint:disable=unreachable
         simplified = False
 
         equivalence = self._compute_equivalence()
         if not equivalence:
             return simplified
 
-        addr_and_idx_to_block: dict[tuple[int, int], Block] = {}
+        addr_and_idx_to_block: dict[tuple[int, int | None], Block] = {}
         for block in self.func_graph.nodes():
             addr_and_idx_to_block[(block.addr, block.idx)] = block
 
@@ -1160,6 +1183,8 @@ class AILSimplifier(Analysis):
                     ),
                     eq.codeloc,
                 )
+                assert the_def.codeloc.block_addr is not None
+                assert the_def.codeloc.stmt_idx is not None
 
                 all_uses: set[tuple[CodeLocation, Any]] = set(rd.get_vvar_uses_with_expr(the_def.atom))
 
@@ -1168,6 +1193,8 @@ class AILSimplifier(Analysis):
                 u, used_expr = next(iter(all_uses))
                 if used_expr is None:
                     continue
+                assert u.block_addr is not None
+                assert u.stmt_idx is not None
 
                 if u in def_locations_to_remove:
                     # this use site has been altered by previous folding attempts. the corresponding statement will be
@@ -1188,41 +1215,28 @@ class AILSimplifier(Analysis):
                 if u.block_addr not in {b.addr for b in super_node_blocks}:
                     continue
 
-                # check if the register has been overwritten by statements in between the def site and the use site
-                # usesite_atom_defs = set(rd.get_defs(the_def.atom, u, OP_BEFORE))
-                # if len(usesite_atom_defs) != 1:
-                #     continue
-                # usesite_atom_def = next(iter(usesite_atom_defs))
-                # if usesite_atom_def != the_def:
-                #     continue
-
-                # check if any atoms that the call relies on has been overwritten by statements in between the def site
-                # and the use site.
-                # TODO: Prove non-interference
-                # defsite_all_expr_uses = set(rd.all_uses.get_uses_by_location(the_def.codeloc))
-                # defsite_used_atoms = set()
-                # for dd in defsite_all_expr_uses:
-                #     defsite_used_atoms.add(dd.atom)
-                # usesite_expr_def_outdated = False
-                # for defsite_expr_atom in defsite_used_atoms:
-                #     usesite_expr_uses = set(rd.get_defs(defsite_expr_atom, u, OP_BEFORE))
-                #     if not usesite_expr_uses:
-                #         # the atom is not defined at the use site - it's fine
-                #         continue
-                #     defsite_expr_uses = set(rd.get_defs(defsite_expr_atom, the_def.codeloc, OP_BEFORE))
-                #     if usesite_expr_uses != defsite_expr_uses:
-                #         # special case: ok if this atom is assigned to at the def site and has not been overwritten
-                #         if len(usesite_expr_uses) == 1:
-                #             usesite_expr_use = next(iter(usesite_expr_uses))
-                #             if usesite_expr_use.atom == defsite_expr_atom and (
-                #                 usesite_expr_use.codeloc == the_def.codeloc
-                #                 or usesite_expr_use.codeloc.block_addr == call_addr
-                #             ):
-                #                 continue
-                #         usesite_expr_def_outdated = True
-                #         break
-                # if usesite_expr_def_outdated:
-                #     continue
+                # ensure there are no other calls between the def site and the use site.
+                # this is because we do not want to alter the order of calls.
+                u_inclusive = CodeLocation(u.block_addr, u.stmt_idx + 1, block_idx=u.block_idx)
+                # note that the target statement being a store is fine
+                if (
+                    has_call_in_between_stmts(
+                        self.func_graph,
+                        addr_and_idx_to_block,
+                        the_def.codeloc,
+                        u_inclusive,
+                        skip_if_contains_vvar=the_def.atom.varid,
+                    )
+                    or has_store_stmt_in_between_stmts(self.func_graph, addr_and_idx_to_block, the_def.codeloc, u)
+                    or has_load_expr_in_between_stmts(
+                        self.func_graph,
+                        addr_and_idx_to_block,
+                        the_def.codeloc,
+                        u_inclusive,
+                        skip_if_contains_vvar=the_def.atom.varid,
+                    )
+                ):
+                    continue
 
                 # check if there are any calls in between the def site and the use site
                 if self._count_calls_in_supernodeblocks(super_node_blocks, the_def.codeloc, u) > 0:
@@ -1308,8 +1322,8 @@ class AILSimplifier(Analysis):
         # keeping tracking of statements to remove and statements (as well as dead vvars) to keep allows us to handle
         # cases where a statement defines more than one atoms, e.g., a call statement that defines both the return
         # value and the floating-point return value.
-        stmts_to_remove_per_block: dict[tuple[int, int], set[int]] = defaultdict(set)
-        stmts_to_keep_per_block: dict[tuple[int, int], set[int]] = defaultdict(set)
+        stmts_to_remove_per_block: dict[tuple[int, int | None], set[int]] = defaultdict(set)
+        stmts_to_keep_per_block: dict[tuple[int, int | None], set[int]] = defaultdict(set)
         dead_vvar_ids: set[int] = set()
 
         # Find all statements that should be removed
@@ -1326,13 +1340,17 @@ class AILSimplifier(Analysis):
             if isinstance(def_.atom, atoms.MemoryLocation) and isinstance(def_.atom.addr, int):
                 continue
             if isinstance(def_.atom, atoms.VirtualVariable):
-                if def_.atom.was_stack:
+                if def_.atom.varid in self._propagator_dead_vvar_ids:
+                    # we are definitely removing this variable if it has no uses
+                    uses = rd.get_vvar_uses(def_.atom)
+                elif def_.atom.was_stack:
                     if not self._remove_dead_memdefs:
                         if rd.is_phi_vvar_id(def_.atom.varid):
                             # we always remove unused phi variables
                             pass
                         elif stackarg_offsets is not None:
                             # we always remove definitions for stack arguments
+                            assert def_.atom.stack_offset is not None
                             if (def_.atom.stack_offset & mask) not in stackarg_offsets:
                                 continue
                         else:
@@ -1353,10 +1371,15 @@ class AILSimplifier(Analysis):
                     dead_vvar_ids.add(def_.atom.varid)
 
                 if not isinstance(def_.codeloc, ExternalCodeLocation):
+                    assert def_.codeloc.block_addr is not None
+                    assert def_.codeloc.stmt_idx is not None
                     stmts_to_remove_per_block[(def_.codeloc.block_addr, def_.codeloc.block_idx)].add(
                         def_.codeloc.stmt_idx
                     )
             else:
+                if not isinstance(def_.codeloc, ExternalCodeLocation):
+                    assert def_.codeloc.block_addr is not None
+                    assert def_.codeloc.stmt_idx is not None
                 stmts_to_keep_per_block[(def_.codeloc.block_addr, def_.codeloc.block_idx)].add(def_.codeloc.stmt_idx)
 
         # find all phi variables that rely on variables that no longer exist
@@ -1369,6 +1392,7 @@ class AILSimplifier(Analysis):
                     vvarid in removed_vvar_ids for vvarid in phi_use_varids
                 ):
                     loc = rd.all_vvar_definitions[rd.varid_to_vvar[phi_varid]]
+                    assert loc.block_addr is not None and loc.stmt_idx is not None
                     stmts_to_remove_per_block[(loc.block_addr, loc.block_idx)].add(loc.stmt_idx)
                     new_removed_vvar_ids.add(phi_varid)
                     all_removed_var_ids.add(phi_varid)
@@ -1380,11 +1404,13 @@ class AILSimplifier(Analysis):
         redundant_phi_and_dirty_varids = self._find_cyclic_dependent_phis_and_dirty_vvars(rd)
         for varid in redundant_phi_and_dirty_varids:
             loc = rd.all_vvar_definitions[rd.varid_to_vvar[varid]]
+            assert loc.block_addr is not None and loc.stmt_idx is not None
             stmts_to_remove_per_block[(loc.block_addr, loc.block_idx)].add(loc.stmt_idx)
             stmts_to_keep_per_block[(loc.block_addr, loc.block_idx)].discard(loc.stmt_idx)
 
         for codeloc in self._calls_to_remove | self._assignments_to_remove:
             # this call can be removed. make sure it exists in stmts_to_remove_per_block
+            assert codeloc.block_addr is not None and codeloc.stmt_idx is not None
             stmts_to_remove_per_block[codeloc.block_addr, codeloc.block_idx].add(codeloc.stmt_idx)
 
         simplified = False
@@ -1540,7 +1566,7 @@ class AILSimplifier(Analysis):
             if bail:
                 continue
 
-            if all(varid in phi_and_dirty_vvar_ids for varid in scc):
+            if all(varid in phi_and_dirty_vvar_ids or rd.varid_to_vvar[varid].was_reg for varid in scc):
                 cyclic_dependent_phi_varids |= set(scc)
 
         return cyclic_dependent_phi_varids
@@ -1554,7 +1580,7 @@ class AILSimplifier(Analysis):
         if rewriter_cls is None:
             return False
 
-        walker = None
+        walker = AILBlockWalker()
 
         class _any_update:
             """
@@ -1563,7 +1589,9 @@ class AILSimplifier(Analysis):
 
             v = False
 
-        def _handle_expr(expr_idx: int, expr: Expression, stmt_idx: int, stmt: Statement, block) -> Expression | None:
+        def _handle_expr(
+            expr_idx: int, expr: Expression, stmt_idx: int, stmt: Statement | None, block: Block | None
+        ) -> Expression | None:
             if isinstance(expr, VEXCCallExpression):
                 rewriter = rewriter_cls(expr, self.project.arch)
                 if rewriter.result is not None:
@@ -1574,8 +1602,6 @@ class AILSimplifier(Analysis):
             return AILBlockWalker._handle_expr(walker, expr_idx, expr, stmt_idx, stmt, block)
 
         blocks_by_addr_and_idx = {(node.addr, node.idx): node for node in self.func_graph.nodes()}
-
-        walker = AILBlockWalker()
         walker._handle_expr = _handle_expr
 
         updated = False

angr/analyses/decompiler/block_simplifier.py

@@ -58,7 +58,6 @@ class BlockSimplifier(Analysis):
         self,
         block: Block | None,
         func_addr: int | None = None,
-        remove_dead_memdefs=False,
         stack_pointer_tracker=None,
         peephole_optimizations: None | (
             Iterable[type[PeepholeOptimizationStmtBase] | type[PeepholeOptimizationExprBase]]
@@ -74,7 +73,6 @@ class BlockSimplifier(Analysis):
         self.block = block
         self.func_addr = func_addr
 
-        self._remove_dead_memdefs = remove_dead_memdefs
         self._stack_pointer_tracker = stack_pointer_tracker
 
         if peephole_optimizations is None:

angr/analyses/decompiler/callsite_maker.py

@@ -5,9 +5,19 @@ import logging
 
 import archinfo
 from ailment import Stmt, Expr, Const
+from ailment.manager import Manager
 
 from angr.procedures.stubs.format_parser import FormatParser, FormatSpecifier
-from angr.sim_type import SimTypeBottom, SimTypePointer, SimTypeChar, SimTypeInt, dereference_simtype
+from angr.sim_type import (
+    SimTypeBottom,
+    SimTypePointer,
+    SimTypeChar,
+    SimTypeInt,
+    SimTypeFloat,
+    dereference_simtype,
+    SimTypeFunction,
+    SimTypeLongLong,
+)
 from angr.calling_conventions import SimRegArg, SimStackArg, SimCC, SimStructArg, SimComboArg
 from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE
 from angr.analyses import Analysis, register_analysis
@@ -27,7 +37,7 @@ class CallSiteMaker(Analysis):
     Add calling convention, declaration, and args to a call site.
     """
 
-    def __init__(self, block, reaching_definitions=None, stack_pointer_tracker=None, ail_manager=None):
+    def __init__(self, block, reaching_definitions=None, stack_pointer_tracker=None, ail_manager: Manager = None):
         self.block = block
 
         self._reaching_definitions = reaching_definitions
@@ -60,7 +70,7 @@ class CallSiteMaker(Analysis):
             return
 
         cc = None
-        prototype = None
+        prototype: SimTypeFunction | None = None
         func = None
         stack_arg_locs: list[SimStackArg] = []
         stackarg_sp_diff = 0
@@ -106,7 +116,9 @@ class CallSiteMaker(Analysis):
                     for typelib_name in prototype_lib.type_collection_names:
                         type_collections.append(SIM_TYPE_COLLECTIONS[typelib_name])
             if type_collections:
-                prototype = dereference_simtype(prototype, type_collections).with_arch(self.project.arch)
+                prototype = dereference_simtype(prototype, type_collections).with_arch(  # type: ignore
+                    self.project.arch
+                )
 
         args = []
         arg_vvars = []
@@ -120,15 +132,18 @@ class CallSiteMaker(Analysis):
                 arg_locs = cc.arg_locs(prototype)
                 if prototype.variadic:
                     # determine the number of variadic arguments
+                    assert func is not None
                     variadic_args = self._determine_variadic_arguments(func, cc, call_stmt)
                     if variadic_args:
                         callsite_ty = copy.copy(prototype)
-                        callsite_ty.args = list(callsite_ty.args)
+                        callsite_args = list(callsite_ty.args)
+                        base_type = SimTypeInt if self.project.arch.bits == 32 else SimTypeLongLong
                         for _ in range(variadic_args):
-                            callsite_ty.args.append(SimTypeInt().with_arch(self.project.arch))
+                            callsite_args.append(base_type().with_arch(self.project.arch))
+                        callsite_ty.args = tuple(callsite_args)
                         arg_locs = cc.arg_locs(callsite_ty)
 
-        if arg_locs is not None:
+        if arg_locs is not None and cc is not None:
             expanded_arg_locs = []
             for arg_loc in arg_locs:
                 if isinstance(arg_loc, SimComboArg):
@@ -155,6 +170,38 @@ class CallSiteMaker(Analysis):
                             oident=vvar_def.oident,
                             **vvar_def.tags,
                         )
+                        vvar_def_reg_offset = None
+                        if vvar_def.was_reg:
+                            vvar_def_reg_offset = vvar_def.reg_offset
+                        elif (
+                            vvar_def.was_parameter
+                            and vvar_def.parameter_category == Expr.VirtualVariableCategory.REGISTER
+                        ):
+                            vvar_def_reg_offset = vvar_def.parameter_reg_offset
+
+                        if vvar_def_reg_offset is not None and offset > vvar_def_reg_offset:
+                            # we need to shift the value
+                            vvar_use = Expr.BinaryOp(
+                                self._ail_manager.next_atom(),
+                                "Shr",
+                                [
+                                    vvar_use,
+                                    Expr.Const(
+                                        self._ail_manager.next_atom(), None, (offset - vvar_def_reg_offset) * 8, 8
+                                    ),
+                                ],
+                                **vvar_use.tags,
+                            )
+                        if vvar_def.size > arg_loc.size:
+                            # we need to narrow the value
+                            vvar_use = Expr.Convert(
+                                self._ail_manager.next_atom(),
+                                vvar_use.bits,
+                                arg_loc.size * self.project.arch.byte_width,
+                                False,
+                                vvar_use,
+                                **vvar_use.tags,
+                            )
                         args.append(vvar_use)
                     else:
                         reg = Expr.Register(
@@ -219,6 +266,7 @@ class CallSiteMaker(Analysis):
         # calculate stack offsets for arguments that are put on the stack. these offsets will be consumed by
         # simplification steps in the future, which may decide to remove statements that store arguments on the stack.
         if stack_arg_locs:
+            assert self._stack_pointer_tracker is not None
             sp_offset = self._stack_pointer_tracker.offset_before(call_stmt.ins_addr, self.project.arch.sp_offset)
             if sp_offset is None:
                 l.warning(
@@ -233,8 +281,22 @@ class CallSiteMaker(Analysis):
                 }
 
         ret_expr = call_stmt.ret_expr
-        # if ret_expr is None, it means in previous steps (such as during AIL simplification) we have deemed the return
-        # value of this call statement as useless and is removed.
+        fp_ret_expr = call_stmt.fp_ret_expr
+        # if ret_expr and fp_ret_expr are None, it means in previous steps (such as during AIL simplification) we have
+        # deemed the return value of this call statement as useless and is removed.
+
+        if (
+            ret_expr is not None
+            and fp_ret_expr is not None
+            and prototype is not None
+            and prototype.returnty is not None
+        ):
+            # we need to determine the return type of this call (ret_expr vs fp_ret_expr)
+            is_float = isinstance(prototype.returnty, SimTypeFloat)
+            if is_float:
+                ret_expr = None
+            else:
+                fp_ret_expr = None
 
         if (
             ret_expr is not None
@@ -243,9 +305,9 @@ class CallSiteMaker(Analysis):
             and not isinstance(prototype.returnty, SimTypeBottom)
             and not isinstance(ret_expr, Expr.VirtualVariable)
         ):
-            # try to narrow the return expression if needed
+            # try to narrow the non-float return expression if needed
             ret_type_bits = prototype.returnty.with_arch(self.project.arch).size
-            if ret_expr.bits > ret_type_bits:
+            if ret_type_bits is not None and ret_expr.bits > ret_type_bits:
                 ret_expr = ret_expr.copy()
                 ret_expr.bits = ret_type_bits
             # TODO: Support narrowing virtual variables
@@ -257,6 +319,7 @@ class CallSiteMaker(Analysis):
             prototype=prototype,
             args=args,
             ret_expr=ret_expr,
+            fp_ret_expr=fp_ret_expr,
             arg_vvars=arg_vvars,
             **call_stmt.tags,
         )
@@ -291,7 +354,7 @@ class CallSiteMaker(Analysis):
         l.warning("TODO: Unsupported statement type %s for definitions.", type(stmt))
         return None
 
-    def _resolve_register_argument(self, arg_loc) -> tuple[int | None, Expr.VirtualVariable] | None:
+    def _resolve_register_argument(self, arg_loc) -> tuple[Expr.Expression | None, Expr.VirtualVariable] | None:
         offset = arg_loc.check_offset(self.project.arch)
 
         if self._reaching_definitions is not None:
@@ -310,6 +373,8 @@ class CallSiteMaker(Analysis):
         return None
 
     def _resolve_stack_argument(self, call_stmt, arg_loc) -> tuple[Any, Any]:  # pylint:disable=unused-argument
+        assert self._stack_pointer_tracker is not None
+
         size = arg_loc.size
         offset = arg_loc.stack_offset
         if self.project.arch.call_pushes_ret:
@@ -331,6 +396,7 @@ class CallSiteMaker(Analysis):
                     sp_offset, size, self.block.addr, self.block.idx, len(self.block.statements) - 1, OP_BEFORE
                 )
                 if vvar is not None:
+                    # FIXME: vvar may be larger than that we ask; we may need to chop the correct value of vvar
                     value = view.get_vvar_value(vvar)
                     if value is not None and not isinstance(value, Expr.Phi):
                         return None, value
@@ -391,8 +457,8 @@ class CallSiteMaker(Analysis):
 
         return s
 
-    def _determine_variadic_arguments(self, func: Function | None, cc: SimCC, call_stmt) -> int | None:
-        if (func is not None and "printf" in func.name) or "scanf" in func.name:
+    def _determine_variadic_arguments(self, func: Function, cc: SimCC, call_stmt) -> int | None:
+        if "printf" in func.name or "scanf" in func.name:
             return self._determine_variadic_arguments_for_format_strings(func, cc, call_stmt)
         return None