angr 9.2.139__py3-none-manylinux2014_aarch64.whl → 9.2.141__py3-none-manylinux2014_aarch64.whl

angr/state_plugins/plugin.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
-from typing import cast
+from typing import Any, Generic, cast, TypeVar, Protocol
+from collections.abc import Callable
 
 import logging
 
@@ -9,6 +10,18 @@ from angr.misc.ux import once
 
 l = logging.getLogger(name=__name__)
 
+T = TypeVar("T")
+S_co = TypeVar("S_co", covariant=True)
+
+
+class _CopyFunc(Protocol, Generic[S_co]):
+    """
+    Function wrapping copy method for memo tracking.
+    """
+
+    @staticmethod
+    def __call__(memo: dict[int, Any] | None = None) -> S_co: ...
+
 
 class SimStatePlugin:
     """
@@ -55,12 +68,12 @@ class SimStatePlugin:
         return o
 
     @staticmethod
-    def memo(f):
+    def memo(f: Callable[[T, dict[int, Any]], S_co]) -> _CopyFunc[S_co]:
         """
         A decorator function you should apply to ``copy``
         """
 
-        def inner(self, memo=None, **kwargs):
+        def inner(self, memo: dict[int, Any] | None = None, **kwargs: Any) -> S_co:
             if memo is None:
                 memo = {}
             if id(self) in memo:
@@ -69,7 +82,9 @@ class SimStatePlugin:
             memo[id(self)] = c
             return c
 
-        return inner
+        # Type-checking fails here because we can't express the `self` partial-application with a Protocol
+        # and we can't express the optional `memo` parameter without a Protocol
+        return inner  # type: ignore
 
     def merge(self, others, merge_conditions, common_ancestor=None):  # pylint:disable=unused-argument
         """

angr/storage/memory_mixins/memory_mixin.py

@@ -80,7 +80,7 @@ class MemoryMixin(Generic[InData, OutData, Addr], SimStatePlugin):
     def store(self, addr: Addr, data: InData, size: InData | None = None, **kwargs) -> None: ...
 
     def merge(
-        self, others: list[Self], merge_conditions: list[claripy.ast.Bool], common_ancestor: Self | None = None
+        self, others: list[Self], merge_conditions: list[claripy.ast.Bool] | None, common_ancestor: Self | None = None
     ) -> bool: ...
 
     def compare(self, other: Self) -> bool: ...

angr/storage/memory_mixins/paged_memory/pages/multi_values.py

@@ -5,7 +5,6 @@ import archinfo
 
 import claripy
 
-from angr.errors import AngrTypeError
 from angr.storage.memory_object import bv_slice
 
 MVType = TypeVar("MVType", bound=claripy.ast.BV | claripy.ast.FP)
@@ -91,8 +90,10 @@ class MultiValues(Generic[MVType]):
             value_end = offset + value.size() // 8
             if value_end > succ_offset:
                 if isinstance(value, claripy.ast.FP):
-                    raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                    # no precise floating point support; it directly goes to TOP
+                    value = cast(MVType, claripy.BVS("top", value.size()))
                 # value is too long. we need to break value into two
+                assert isinstance(value, claripy.ast.BV)
                 mid_value_size = succ_offset - offset
                 remaining_value = cast(MVType, value[value.size() - mid_value_size * 8 - 1 : 0])
                 # update value
@@ -107,7 +108,8 @@ class MultiValues(Generic[MVType]):
                 remaining_values = set()
                 for v in self._values[offset]:
                     if isinstance(v, claripy.ast.FP):
-                        raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                        # no precise floating point support; it directly goes to TOP
+                        v = claripy.BVS("top", v.size())
 
                     new_curr_values.add(v[v.size() - 1 : v.size() - value.size()])
                     remaining_values.add(v[v.size() - value.size() - 1 : 0])
@@ -116,9 +118,11 @@ class MultiValues(Generic[MVType]):
                     self.add_value(offset + value.size() // 8, v)
             elif curr_value_size < value.size() // 8:
                 if isinstance(value, claripy.ast.FP):
-                    raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                    # no precise floating point support; it directly goes to TOP
+                    value = cast(MVType, claripy.BVS("top", value.size()))
 
                 # value is too long. we need to break value into two
+                assert isinstance(value, claripy.ast.BV)
                 remaining_value = cast(MVType, value[value.size() - curr_value_size * 8 - 1 : 0])
                 # update value
                 value = cast(MVType, value[value.size() - 1 : value.size() - curr_value_size * 8])
@@ -137,7 +141,8 @@ class MultiValues(Generic[MVType]):
                 remaining_values = set()
                 for v in pre_values:
                     if isinstance(v, claripy.ast.FP):
-                        raise AngrTypeError("Unsupported case. How do we handle floating point values overlapping?")
+                        # no precise floating point support; it directly goes to TOP
+                        v = claripy.BVS("top", v.size())
                     new_pre_values.add(v[v.size() - 1 : v.size() - new_pre_value_size * 8])
                     remaining_values.add(v[v.size() - new_pre_value_size * 8 - 1 : 0])
                 self._values[pre_offset] = new_pre_values

angr/utils/ssa/__init__.py

@@ -1,11 +1,14 @@
 from __future__ import annotations
 from collections import defaultdict
+from collections.abc import Callable
 from typing import Any, Literal, overload
 
+import networkx
+
 import archinfo
 from ailment import Expression, Block
 from ailment.expression import VirtualVariable, Const, Phi, Tmp, Load, Register, StackBaseOffset, DirtyExpression, ITE
-from ailment.statement import Statement, Assignment, Call
+from ailment.statement import Statement, Assignment, Call, Store
 from ailment.block_walker import AILBlockWalkerBase
 
 from angr.knowledge_plugins.key_definitions import atoms
@@ -153,19 +156,41 @@ class AILBlacklistExprTypeWalker(AILBlockWalkerBase):
     Walks an AIL expression or statement and determines if it does not contain certain types of expressions.
     """
 
-    def __init__(self, blacklist_expr_types: tuple[type, ...]):
+    def __init__(self, blacklist_expr_types: tuple[type, ...], skip_if_contains_vvar: int | None = None):
         super().__init__()
         self.blacklist_expr_types = blacklist_expr_types
         self.has_blacklisted_exprs = False
+        self.skip_if_contains_vvar = skip_if_contains_vvar
+
+        self._has_specified_vvar = False
 
     def _handle_expr(
         self, expr_idx: int, expr: Expression, stmt_idx: int, stmt: Statement | None, block: Block | None
     ) -> Any:
         if isinstance(expr, self.blacklist_expr_types):
-            self.has_blacklisted_exprs = True
-            return None
+            if self.skip_if_contains_vvar is None:
+                self.has_blacklisted_exprs = True
+                return None
+            # otherwise we do a more complicated check
+            self._has_specified_vvar = False  # we do not support nested blacklisted expr types
+            has_blacklisted_exprs = True
+            r = super()._handle_expr(expr_idx, expr, stmt_idx, stmt, block)
+            if self._has_specified_vvar is False:
+                # we have seen the vvar that we are looking for! ignore this match
+                self.has_blacklisted_exprs = has_blacklisted_exprs
+                return None
+            self._has_specified_vvar = False
+            return r
+
         return super()._handle_expr(expr_idx, expr, stmt_idx, stmt, block)
 
+    def _handle_VirtualVariable(
+        self, expr_idx: int, expr: VirtualVariable, stmt_idx: int, stmt: Statement, block: Block | None
+    ):
+        if self.skip_if_contains_vvar is not None and expr.varid == self.skip_if_contains_vvar:
+            self._has_specified_vvar = True
+        return super()._handle_VirtualVariable(expr_idx, expr, stmt_idx, stmt, block)
+
 
 def is_const_and_vvar_assignment(stmt: Statement) -> bool:
     if isinstance(stmt, Assignment):
@@ -203,6 +228,12 @@ def is_phi_assignment(stmt: Statement) -> bool:
     return isinstance(stmt, Assignment) and isinstance(stmt.src, Phi)
 
 
+def has_load_expr(stmt: Statement, skip_if_contains_vvar: int | None = None) -> bool:
+    walker = AILBlacklistExprTypeWalker((Load,), skip_if_contains_vvar=skip_if_contains_vvar)
+    walker.walk_statement(stmt)
+    return walker.has_blacklisted_exprs
+
+
 def phi_assignment_get_src(stmt: Statement) -> Phi | None:
     if isinstance(stmt, Assignment) and isinstance(stmt.src, Phi):
         return stmt.src
@@ -225,13 +256,97 @@ def has_ite_stmt(stmt: Statement) -> bool:
     return walker.has_blacklisted_exprs
 
 
+def check_in_between_stmts(
+    graph: networkx.DiGraph,
+    blocks: dict[tuple[int, int | None], Block],
+    defloc: CodeLocation,
+    useloc: CodeLocation,
+    predicate: Callable,
+):
+    assert defloc.block_addr is not None
+    assert defloc.stmt_idx is not None
+    assert useloc.block_addr is not None
+    assert useloc.stmt_idx is not None
+    assert graph is not None
+
+    use_block = blocks[(useloc.block_addr, useloc.block_idx)]
+    def_block = blocks[(defloc.block_addr, defloc.block_idx)]
+
+    # traverse the graph, go from use_block until we reach def_block, and look for Store statements
+    seen = {use_block}
+    queue = [use_block]
+    while queue:
+        block = queue.pop(0)
+
+        starting_stmt_idx, ending_stmt_idx = 0, len(block.statements)
+        if block is def_block:
+            starting_stmt_idx = defloc.stmt_idx + 1
+        if block is use_block:
+            ending_stmt_idx = useloc.stmt_idx
+
+        for i in range(starting_stmt_idx, ending_stmt_idx):
+            if predicate(block.statements[i]):
+                return True
+
+        if block is def_block:
+            continue
+
+        for pred in graph.predecessors(block):
+            if pred not in seen:
+                seen.add(pred)
+                queue.append(pred)
+
+    return False
+
+
+def has_store_stmt_in_between_stmts(
+    graph: networkx.DiGraph, blocks: dict[tuple[int, int | None], Block], defloc: CodeLocation, useloc: CodeLocation
+) -> bool:
+    return check_in_between_stmts(graph, blocks, defloc, useloc, lambda stmt: isinstance(stmt, Store))
+
+
+def has_call_in_between_stmts(
+    graph: networkx.DiGraph,
+    blocks: dict[tuple[int, int | None], Block],
+    defloc: CodeLocation,
+    useloc: CodeLocation,
+    skip_if_contains_vvar: int | None = None,
+) -> bool:
+
+    def _contains_call(stmt: Statement) -> bool:
+        if isinstance(stmt, Call):
+            return True
+        # walk the statement and check if there is a call expression
+        walker = AILBlacklistExprTypeWalker((Call,), skip_if_contains_vvar=skip_if_contains_vvar)
+        walker.walk_statement(stmt)
+        return walker.has_blacklisted_exprs
+
+    return check_in_between_stmts(graph, blocks, defloc, useloc, _contains_call)
+
+
+def has_load_expr_in_between_stmts(
+    graph: networkx.DiGraph,
+    blocks: dict[tuple[int, int | None], Block],
+    defloc: CodeLocation,
+    useloc: CodeLocation,
+    skip_if_contains_vvar: int | None = None,
+) -> bool:
+    return check_in_between_stmts(
+        graph, blocks, defloc, useloc, lambda stmt: has_load_expr(stmt, skip_if_contains_vvar=skip_if_contains_vvar)
+    )
+
+
 __all__ = (
     "VVarUsesCollector",
+    "check_in_between_stmts",
     "get_tmp_deflocs",
     "get_tmp_uselocs",
     "get_vvar_deflocs",
     "get_vvar_uselocs",
+    "has_call_in_between_stmts",
     "has_ite_expr",
+    "has_load_expr_in_between_stmts",
+    "has_store_stmt_in_between_stmts",
     "is_const_and_vvar_assignment",
     "is_const_assignment",
     "is_const_vvar_load_assignment",

angr/utils/types.py

@@ -0,0 +1,48 @@
+from __future__ import annotations
+
+from angr.sim_type import TypeRef, SimType, SimTypePointer, SimTypeArray, SimTypeFixedSizeArray
+
+
+def unpack_typeref(ty):
+    if isinstance(ty, TypeRef):
+        return ty.type
+    return ty
+
+
+def unpack_pointer(ty, iterative: bool = False) -> SimType | None:
+    if isinstance(ty, SimTypePointer):
+        if iterative:
+            inner = unpack_pointer(ty.pts_to, iterative=True)
+            return inner if inner is not None else ty.pts_to
+        return ty.pts_to
+    return None
+
+
+def replace_pointer_pts_to(ty: SimType, old_pts_to: SimType, new_pts_to: SimType) -> SimTypePointer | None:
+    if isinstance(ty, SimTypePointer):
+        if ty.pts_to is old_pts_to:
+            inner = new_pts_to
+        elif isinstance(ty.pts_to, SimTypePointer):
+            # recursively replace pts_to inside
+            inner = replace_pointer_pts_to(ty.pts_to, old_pts_to, new_pts_to)
+        else:
+            return None
+        return SimTypePointer(inner, label=ty.label, offset=ty.offset)
+    return None
+
+
+def unpack_array(ty) -> SimType | None:
+    if isinstance(ty, SimTypeArray):
+        return ty.elem_type
+    if isinstance(ty, SimTypeFixedSizeArray):
+        return ty.elem_type
+    return None
+
+
+def squash_array_reference(ty):
+    pointed_to = unpack_pointer(ty)
+    if pointed_to:
+        array_of = unpack_array(pointed_to)
+        if array_of:
+            return SimTypePointer(array_of)
+    return ty

{angr-9.2.139.dist-info → angr-9.2.141.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: angr
-Version: 9.2.139
+Version: 9.2.141
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 Home-page: https://github.com/angr/angr
 License: BSD-2-Clause
@@ -16,13 +16,13 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: CppHeaderParser
 Requires-Dist: GitPython
-Requires-Dist: ailment==9.2.139
-Requires-Dist: archinfo==9.2.139
+Requires-Dist: ailment==9.2.141
+Requires-Dist: archinfo==9.2.141
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.139
-Requires-Dist: cle==9.2.139
+Requires-Dist: claripy==9.2.141
+Requires-Dist: cle==9.2.141
 Requires-Dist: itanium-demangler
 Requires-Dist: mulpyplexer
 Requires-Dist: nampa
@@ -31,7 +31,7 @@ Requires-Dist: protobuf>=5.28.2
 Requires-Dist: psutil
 Requires-Dist: pycparser>=2.18
 Requires-Dist: pyformlang
-Requires-Dist: pyvex==9.2.139
+Requires-Dist: pyvex==9.2.141
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy