angr 9.2.139__py3-none-manylinux2014_x86_64.whl → 9.2.140__py3-none-manylinux2014_x86_64.whl

angr/analyses/propagator/top_checker_mixin.py

@@ -31,7 +31,7 @@ class ClaripyDataEngineMixin(
 
 
 def _vex_make_comparison(
-    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.Bool]
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.Bool],
 ) -> Callable[[ClaripyDataEngineMixin, Binop], claripy.ast.BV]:
     @SimEngineLightVEX.binop_handler
     def inner(self, expr):
@@ -44,7 +44,7 @@ def _vex_make_comparison(
 
 
 def _vex_make_vec_comparison(
-    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.Bool]
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.Bool],
 ) -> Callable[[ClaripyDataEngineMixin, int, int, Binop], claripy.ast.BV]:
     @SimEngineLightVEX.binopv_handler
     def inner(self, size, count, expr):
@@ -56,7 +56,7 @@ def _vex_make_vec_comparison(
 
 
 def _vex_make_operation(
-    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV]
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV],
 ) -> Callable[[ClaripyDataEngineMixin, Binop], claripy.ast.BV]:
     @SimEngineLightVEX.binop_handler
     def inner(self, expr: Binop):
@@ -70,7 +70,7 @@ def _vex_make_operation(
 
 
 def _vex_make_unary_operation(
-    func: Callable[[claripy.ast.BV], claripy.ast.BV]
+    func: Callable[[claripy.ast.BV], claripy.ast.BV],
 ) -> Callable[[ClaripyDataEngineMixin, Unop], claripy.ast.BV]:
     @SimEngineLightVEX.unop_handler
     def inner(self, expr):
@@ -84,7 +84,7 @@ def _vex_make_unary_operation(
 
 
 def _vex_make_shift_operation(
-    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV]
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV],
 ) -> Callable[[ClaripyDataEngineMixin, Binop], claripy.ast.BV]:
     @_vex_make_operation
     def inner(a, b):
@@ -99,7 +99,7 @@ def _vex_make_shift_operation(
 
 
 def _vex_make_vec_operation(
-    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV]
+    func: Callable[[claripy.ast.BV, claripy.ast.BV], claripy.ast.BV],
 ) -> Callable[[ClaripyDataEngineMixin, int, int, Binop], claripy.ast.BV]:
     @SimEngineLightVEX.binopv_handler
     def inner(self, size, count, expr):

angr/analyses/reaching_definitions/__init__.py

@@ -15,7 +15,7 @@ from angr.knowledge_plugins.key_definitions.atoms import (
 from angr.knowledge_plugins.key_definitions.definition import Definition
 from angr.analyses import register_analysis
 from .reaching_definitions import ReachingDefinitionsAnalysis, ReachingDefinitionsModel
-from .function_handler import FunctionHandler, FunctionCallData
+from .function_handler import FunctionHandler, FunctionCallData, FunctionCallRelationships
 from .rd_state import ReachingDefinitionsState
 
 if TYPE_CHECKING:
@@ -29,6 +29,7 @@ __all__ = (
     "ConstantSrc",
     "Definition",
     "FunctionCallData",
+    "FunctionCallRelationships",
     "FunctionHandler",
     "GuardUse",
     "LiveDefinitions",

angr/analyses/reaching_definitions/dep_graph.py

@@ -6,7 +6,6 @@ from typing import (
     Any,
 )
 from collections.abc import Iterable, Iterator
-from dataclasses import dataclass
 
 import networkx
 
@@ -35,16 +34,6 @@ def _is_definition(node):
     return isinstance(node, Definition)
 
 
-@dataclass
-class FunctionCallRelationships:  # TODO this doesn't belong in this file anymore
-    callsite: CodeLocation
-    target: int | None
-    args_defns: list[set[Definition]]
-    other_input_defns: set[Definition]
-    ret_defns: set[Definition]
-    other_output_defns: set[Definition]
-
-
 class DepGraph:
     """
     The representation of a dependency graph: a directed graph, where nodes are definitions, and edges represent uses.
@@ -84,7 +73,7 @@ class DepGraph:
         """
         self._graph.add_edge(source, destination, **labels)
 
-    def nodes(self) -> networkx.classes.reportviews.NodeView[Definition]:
+    def nodes(self) -> Iterator[Definition]:
         return self._graph.nodes()
 
     def predecessors(self, node: Definition) -> Iterator[Definition]:

angr/analyses/reaching_definitions/engine_vex.py

@@ -12,7 +12,8 @@ from angr.engines.light import SimEngineNostmtVEX, SpOffset
 from angr.engines.vex.claripy.datalayer import value as claripy_value
 from angr.errors import SimEngineError, SimMemoryMissingError
 from angr.utils.constants import DEFAULT_STATEMENT
-from angr.knowledge_plugins.key_definitions.live_definitions import Definition, LiveDefinitions
+from angr.knowledge_plugins.key_definitions.definition import Definition
+from angr.knowledge_plugins.key_definitions.live_definitions import LiveDefinitions
 from angr.knowledge_plugins.key_definitions.tag import LocalVariableTag, ParameterTag, Tag
 from angr.knowledge_plugins.key_definitions.atoms import Atom, Register, MemoryLocation, Tmp
 from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE, OP_AFTER
@@ -78,11 +79,15 @@ class SimEngineRDVEX(
         self._set_codeloc()
         if self.block.vex.jumpkind == "Ijk_Call":
             # it has to be a function
-            addr = self._expr_bv(self.block.vex.next)
+            block_next = self.block.vex.next
+            assert isinstance(block_next, pyvex.expr.IRExpr)
+            addr = self._expr_bv(block_next)
             self._handle_function(addr)
         elif self.block.vex.jumpkind == "Ijk_Boring":
             # test if the target addr is a function or not
-            addr = self._expr_bv(self.block.vex.next)
+            block_next = self.block.vex.next
+            assert isinstance(block_next, pyvex.expr.IRExpr)
+            addr = self._expr_bv(block_next)
             addr_v = addr.one_value()
             if addr_v is not None and addr_v.concrete:
                 addr_int = addr_v.concrete_value
@@ -550,7 +555,7 @@ class SimEngineRDVEX(
         return r
 
     @unop_handler
-    def _handle_unop_Not(self, expr):
+    def _handle_unop_Not(self, expr: pyvex.expr.Unop) -> MultiValues:
         arg0 = expr.args[0]
         expr_0 = self._expr_bv(arg0)
         bits = expr.result_size(self.tyenv)
@@ -563,7 +568,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(bits))
 
     @unop_handler
-    def _handle_unop_Clz(self, expr):
+    def _handle_unop_Clz(self, expr: pyvex.expr.Unop) -> MultiValues:
         arg0 = expr.args[0]
         _ = self._expr(arg0)
         bits = expr.result_size(self.tyenv)
@@ -571,7 +576,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(bits))
 
     @unop_handler
-    def _handle_unop_Ctz(self, expr):
+    def _handle_unop_Ctz(self, expr: pyvex.expr.Unop) -> MultiValues:
         arg0 = expr.args[0]
         _ = self._expr(arg0)
         bits = expr.result_size(self.tyenv)
@@ -582,19 +587,19 @@ class SimEngineRDVEX(
     # Binary operation handlers
     #
     @binop_handler
-    def _handle_binop_ExpCmpNE64(self, expr):
+    def _handle_binop_ExpCmpNE64(self, expr: pyvex.expr.Binop) -> MultiValues:
         _, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
         bits = expr.result_size(self.tyenv)
         # Need to actually implement this later
         return MultiValues(self.state.top(bits))
 
     @binop_handler
-    def _handle_binop_16HLto32(self, expr):
+    def _handle_binop_16HLto32(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         return expr0.concat(expr1)
 
     @binop_handler
-    def _handle_binop_Add(self, expr):
+    def _handle_binop_Add(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -625,7 +630,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Sub(self, expr):
+    def _handle_binop_Sub(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -656,7 +661,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Mul(self, expr):
+    def _handle_binop_Mul(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_pair(expr.args[0], expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -687,13 +692,13 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Mull(self, expr):
+    def _handle_binop_Mull(self, expr: pyvex.expr.Binop) -> MultiValues:
         _, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
         bits = expr.result_size(self.tyenv)
         return MultiValues(self.state.top(bits))
 
     @binop_handler
-    def _handle_binop_Div(self, expr):
+    def _handle_binop_Div(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_pair(expr.args[0], expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -727,19 +732,20 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_DivMod(self, expr):
+    def _handle_binop_DivMod(self, expr: pyvex.expr.Binop) -> MultiValues:
         _, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
         return MultiValues(self.state.top(bits))
 
-    def _handle_Mod(self, expr):
+    @binop_handler
+    def _handle_Mod(self, expr: pyvex.expr.Binop) -> MultiValues:
         _, _ = self._expr(expr.args[0]), self._expr(expr.args[1])
         bits = expr.result_size(self.tyenv)
         return MultiValues(self.state.top(bits))
 
     @binop_handler
-    def _handle_binop_And(self, expr):
+    def _handle_binop_And(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -748,9 +754,8 @@ class SimEngineRDVEX(
         expr1_v = expr1.one_value()
 
         if expr0_v is not None and expr1_v is not None:
-            if expr0_v.concrete and expr1_v.concrete:
-                # bitwise-and two single values together
-                r = MultiValues(expr0_v & expr1_v)
+            # bitwise-and two single values together
+            r = MultiValues(expr0_v & expr1_v)
         elif expr0_v is None and expr1_v is not None:
             # bitwise-and a single value with a multivalue
             if expr0.count() == 1 and 0 in expr0:
@@ -771,7 +776,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Xor(self, expr):
+    def _handle_binop_Xor(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -803,7 +808,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Or(self, expr):
+    def _handle_binop_Or(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -834,7 +839,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Sar(self, expr):
+    def _handle_binop_Sar(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -877,7 +882,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Shr(self, expr):
+    def _handle_binop_Shr(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr_bv(expr.args[0]), self._expr_bv(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -918,7 +923,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_Shl(self, expr):
+    def _handle_binop_Shl(self, expr: pyvex.expr.Binop) -> MultiValues:
         expr0, expr1 = self._expr(expr.args[0]), self._expr(expr.args[1])
         bits = expr.result_size(self.tyenv)
 
@@ -956,7 +961,7 @@ class SimEngineRDVEX(
         return r
 
     @binop_handler
-    def _handle_binop_CmpEQ(self, expr):
+    def _handle_binop_CmpEQ(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0 = self._expr(arg0)
         expr_1 = self._expr(arg1)
@@ -974,7 +979,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(1))
 
     @binop_handler
-    def _handle_binop_CmpNE(self, expr):
+    def _handle_binop_CmpNE(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0 = self._expr(arg0)
         expr_1 = self._expr(arg1)
@@ -989,7 +994,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(1))
 
     @binop_handler
-    def _handle_binop_CmpLT(self, expr):
+    def _handle_binop_CmpLT(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0, expr_1 = self._expr_pair(arg0, arg1)
 
@@ -1004,7 +1009,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(1))
 
     @binop_handler
-    def _handle_binop_CmpLE(self, expr):
+    def _handle_binop_CmpLE(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0, expr_1 = self._expr_pair(arg0, arg1)
 
@@ -1019,7 +1024,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(1))
 
     @binop_handler
-    def _handle_binop_CmpGT(self, expr):
+    def _handle_binop_CmpGT(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0, expr_1 = self._expr_pair(arg0, arg1)
 
@@ -1034,7 +1039,7 @@ class SimEngineRDVEX(
         return MultiValues(self.state.top(1))
 
     @binop_handler
-    def _handle_binop_CmpGE(self, expr):
+    def _handle_binop_CmpGE(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0, expr_1 = self._expr_pair(arg0, arg1)
 
@@ -1050,7 +1055,7 @@ class SimEngineRDVEX(
 
     # ppc only
     @binop_handler
-    def _handle_binop_CmpORD(self, expr):
+    def _handle_binop_CmpORD(self, expr: pyvex.expr.Binop) -> MultiValues:
         arg0, arg1 = expr.args
         expr_0, expr_1 = self._expr_pair(arg0, arg1)
 

angr/analyses/reaching_definitions/function_handler.py

@@ -16,7 +16,6 @@ from angr.calling_conventions import SimCC
 from angr.sim_type import SimTypeFunction
 from angr.knowledge_plugins.key_definitions.definition import Definition
 from angr.knowledge_plugins.functions import Function
-from angr.analyses.reaching_definitions.dep_graph import FunctionCallRelationships
 from angr.code_location import CodeLocation, ExternalCodeLocation
 from angr.knowledge_plugins.key_definitions.constants import ObservationPointType
 from angr import SIM_LIBRARIES, SIM_TYPE_COLLECTIONS
@@ -246,7 +245,7 @@ class FunctionCallDataUnwrapped(FunctionCallData):
     @staticmethod
     @wraps
     def decorate(
-        f: Callable[[FunctionHandler, ReachingDefinitionsState, FunctionCallDataUnwrapped], None]
+        f: Callable[[FunctionHandler, ReachingDefinitionsState, FunctionCallDataUnwrapped], None],
     ) -> Callable[[FunctionHandler, ReachingDefinitionsState, FunctionCallData], None]:
         """
         Decorate a function handler method with this to make it take a FunctionCallDataUnwrapped instead of a
@@ -263,6 +262,20 @@ def _mk_wrapper(func, iself):
     return lambda *args, **kwargs: func(iself, *args, **kwargs)
 
 
+@dataclass
+class FunctionCallRelationships:
+    """
+    Produced by the function handler, provides associated callsite info and function input/output definitions.
+    """
+
+    callsite: CodeLocation
+    target: int | None
+    args_defns: list[set[Definition]]
+    other_input_defns: set[Definition]
+    ret_defns: set[Definition]
+    other_output_defns: set[Definition]
+
+
 # pylint: disable=unused-argument, no-self-use
 class FunctionHandler:
     """

angr/analyses/reaching_definitions/rd_state.py

@@ -1,5 +1,5 @@
 from __future__ import annotations
-from typing import Any, TYPE_CHECKING, cast, overload
+from typing import Any, TYPE_CHECKING, overload
 from collections.abc import Iterable, Iterator
 import logging
 from typing_extensions import Self
@@ -7,7 +7,6 @@ from typing_extensions import Self
 import archinfo
 import claripy
 
-from angr.misc.ux import deprecated
 from angr.knowledge_plugins.key_definitions.environment import Environment
 from angr.knowledge_plugins.key_definitions.tag import Tag
 from angr.knowledge_plugins.key_definitions.heap_address import HeapAddress
@@ -541,41 +540,6 @@ class ReachingDefinitionsState:
         self.all_definitions = set()
         self.live_definitions.reset_uses()
 
-    @deprecated("deref")
-    def pointer_to_atoms(self, pointer: MultiValues, size: int, endness: str) -> set[MemoryLocation]:
-        """
-        Given a MultiValues, return the set of atoms that loading or storing to the pointer with that value
-        could define or use.
-        """
-        result = set()
-        for vs in pointer.values():
-            for value in vs:
-                atom = self.pointer_to_atom(value, size, endness)
-                if atom is not None:
-                    result.add(atom)
-
-        return result
-
-    @deprecated("deref")
-    def pointer_to_atom(self, value: claripy.ast.BV, size: int, endness: str) -> MemoryLocation | None:
-        if self.is_top(value):
-            return None
-
-        stack_offset = self.get_stack_offset(value)
-        if stack_offset is not None:
-            addr = SpOffset(len(value), stack_offset)
-        else:
-            heap_offset = self.get_heap_offset(value)
-            if heap_offset is not None:
-                addr = HeapAddress(heap_offset)
-            elif value.op == "BVV":
-                addr = cast(int, value.args[0])
-            else:
-                # cannot resolve
-                return None
-
-        return MemoryLocation(addr, size, endness)
-
     @overload
     def deref(
         self,

angr/analyses/reaching_definitions/reaching_definitions.py

@@ -16,7 +16,6 @@ from angr.knowledge_plugins.functions import Function
 from angr.knowledge_plugins.key_definitions import ReachingDefinitionsModel, LiveDefinitions
 from angr.knowledge_plugins.key_definitions.constants import OP_BEFORE, OP_AFTER, ObservationPointType, ObservationPoint
 from angr.code_location import CodeLocation, ExternalCodeLocation
-from angr.misc.ux import deprecated
 from angr.analyses.forward_analysis.visitors.graph import NodeType
 from angr.analyses.analysis import Analysis
 from .engine_ail import SimEngineRDAIL
@@ -50,13 +49,13 @@ class ReachingDefinitionsAnalysis(
 
     def __init__(
         self,
-        subject: Subject | ailment.Block | Block | Function | str = None,
+        subject: Subject | ailment.Block | Block | Function | str,
         func_graph=None,
         max_iterations=30,
         track_tmps=False,
         track_consts=True,
         observation_points: Iterable[ObservationPoint] | None = None,
-        init_state: ReachingDefinitionsState = None,
+        init_state: ReachingDefinitionsState | None = None,
         init_context=None,
         state_initializer: RDAStateInitializer | None = None,
         cc=None,
@@ -242,10 +241,6 @@ class ReachingDefinitionsAnalysis(
     def visited_blocks(self):
         return self._visited_blocks
 
-    @deprecated(replacement="get_reaching_definitions_by_insn")
-    def get_reaching_definitions(self, ins_addr, op_type):
-        return self.get_reaching_definitions_by_insn(ins_addr, op_type)
-
     def get_reaching_definitions_by_insn(self, ins_addr, op_type):
         key = "insn", ins_addr, op_type
         if key not in self.observed_results:
@@ -280,29 +275,22 @@ class ReachingDefinitionsAnalysis(
         :param node_idx:    ID of the node. Used in AIL to differentiate blocks with the same address.
         """
 
-        key = None
-
+        key: ObservationPoint | None = None
         observe = False
 
         if self._observe_all:
             observe = True
-            key: ObservationPoint = (
-                ("node", node_addr, op_type) if node_idx is None else ("node", (node_addr, node_idx), op_type)
-            )
+            key = ("node", node_addr, op_type) if node_idx is None else ("node", (node_addr, node_idx), op_type)
         elif self._observation_points is not None:
-            key: ObservationPoint = (
-                ("node", node_addr, op_type) if node_idx is None else ("node", (node_addr, node_idx), op_type)
-            )
+            key = ("node", node_addr, op_type) if node_idx is None else ("node", (node_addr, node_idx), op_type)
             if key in self._observation_points:
                 observe = True
         elif self._observe_callback is not None:
             observe = self._observe_callback("node", addr=node_addr, state=state, op_type=op_type, node_idx=node_idx)
             if observe:
-                key: ObservationPoint = (
-                    ("node", node_addr, op_type) if node_idx is None else ("node", (node_addr, node_idx), op_type)
-                )
+                key = ("node", node_addr, op_type) if node_idx is None else ("node", (node_addr, node_idx), op_type)
 
-        if observe:
+        if observe and key:
             self.observed_results[key] = state.live_definitions
 
     def insn_observe(
@@ -321,14 +309,14 @@ class ReachingDefinitionsAnalysis(
         :param op_type:     Type of the observation point. Must be one of the following: OP_BEORE, OP_AFTER.
         """
 
-        key = None
+        key: ObservationPoint | None = None
         observe = False
 
         if self._observe_all:
             observe = True
-            key: ObservationPoint = ("insn", insn_addr, op_type)
+            key = ("insn", insn_addr, op_type)
         elif self._observation_points is not None:
-            key: ObservationPoint = ("insn", insn_addr, op_type)
+            key = ("insn", insn_addr, op_type)
             if key in self._observation_points:
                 observe = True
         elif self._observe_callback is not None:
@@ -336,9 +324,9 @@ class ReachingDefinitionsAnalysis(
                 "insn", addr=insn_addr, stmt=stmt, block=block, state=state, op_type=op_type
             )
             if observe:
-                key: ObservationPoint = ("insn", insn_addr, op_type)
+                key = ("insn", insn_addr, op_type)
 
-        if not observe:
+        if not (observe and key):
             return
 
         if isinstance(stmt, pyvex.stmt.IRStmt):
@@ -533,6 +521,7 @@ class ReachingDefinitionsAnalysis(
             ]
             if node.addr == self.subject.content.addr:
                 node_parents += [ExternalCodeLocation()]
+            assert block is not None
             self.model.at_new_block(
                 CodeLocation(block.addr, 0, block_idx=block.idx if isinstance(block, ailment.Block) else None),
                 node_parents,

angr/analyses/s_propagator.py

@@ -35,6 +35,7 @@ from angr.utils.ssa import (
     get_tmp_uselocs,
     get_tmp_deflocs,
     phi_assignment_get_src,
+    has_store_stmt_in_between_stmts,
 )
 
 
@@ -186,6 +187,8 @@ class SPropagatorAnalysis(Analysis):
 
         # function mode only
         if self.mode == "function":
+            assert self.func_graph is not None
+
             for vvar, defloc in vvar_deflocs.items():
                 if vvar.varid not in vvar_uselocs:
                     continue
@@ -213,7 +216,7 @@ class SPropagatorAnalysis(Analysis):
                     #    }
                     can_replace = True
                     for _, vvar_useloc in vvar_uselocs[vvar.varid]:
-                        if self.has_store_stmt_in_between(blocks, defloc, vvar_useloc):
+                        if has_store_stmt_in_between_stmts(self.func_graph, blocks, defloc, vvar_useloc):
                             can_replace = False
 
                     if can_replace:
@@ -241,8 +244,8 @@ class SPropagatorAnalysis(Analysis):
                 if vvar.was_reg or vvar.was_parameter:
                     if len(vvar_uselocs[vvar.varid]) == 1:
                         vvar_used, vvar_useloc = next(iter(vvar_uselocs[vvar.varid]))
-                        if is_const_vvar_load_assignment(stmt) and not self.has_store_stmt_in_between(
-                            blocks, defloc, vvar_useloc
+                        if is_const_vvar_load_assignment(stmt) and not has_store_stmt_in_between_stmts(
+                            self.func_graph, blocks, defloc, vvar_useloc
                         ):
                             # we can propagate this load because there is no store between its def and use
                             replacements[vvar_useloc][vvar_used] = stmt.src
@@ -462,44 +465,6 @@ class SPropagatorAnalysis(Analysis):
 
         return False
 
-    def has_store_stmt_in_between(
-        self, blocks: dict[tuple[int, int | None], Block], defloc: CodeLocation, useloc: CodeLocation
-    ) -> bool:
-        assert defloc.block_addr is not None
-        assert defloc.stmt_idx is not None
-        assert useloc.block_addr is not None
-        assert useloc.stmt_idx is not None
-        assert self.func_graph is not None
-
-        use_block = blocks[(useloc.block_addr, useloc.block_idx)]
-        def_block = blocks[(defloc.block_addr, defloc.block_idx)]
-
-        # traverse the graph, go from use_block until we reach def_block, and look for Store statements
-        seen = {use_block}
-        queue = [use_block]
-        while queue:
-            block = queue.pop(0)
-
-            starting_stmt_idx, ending_stmt_idx = 0, len(block.statements)
-            if block is def_block:
-                starting_stmt_idx = defloc.stmt_idx + 1
-            if block is use_block:
-                ending_stmt_idx = useloc.stmt_idx
-
-            for i in range(starting_stmt_idx, ending_stmt_idx):
-                if isinstance(block.statements[i], Store):
-                    return True
-
-            if block is def_block:
-                continue
-
-            for pred in self.func_graph.predecessors(block):
-                if pred not in seen:
-                    seen.add(pred)
-                    queue.append(pred)
-
-        return False
-
     @staticmethod
     def is_vvar_used_for_addr_loading_switch_case(uselocs: set[CodeLocation], blocks) -> bool:
         """

angr/analyses/s_reaching_definitions/s_rda_model.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 from collections import defaultdict
 from collections.abc import Generator
-from typing import Any
+from typing import Any, Literal, overload
 
 from ailment.expression import VirtualVariable, Tmp
 
@@ -48,6 +48,12 @@ class SRDAModel:
             s.add(Definition(tmp_atom, CodeLocation(block_loc.block_addr, stmt_idx, block_idx=block_loc.block_idx)))
         return s
 
+    @overload
+    def get_uses_by_location(self, loc: CodeLocation, exprs: Literal[True]) -> set[tuple[Definition, Any | None]]: ...
+
+    @overload
+    def get_uses_by_location(self, loc: CodeLocation, exprs: Literal[False] = ...) -> set[Definition]: ...
+
     def get_uses_by_location(
         self, loc: CodeLocation, exprs: bool = False
     ) -> set[Definition] | set[tuple[Definition, Any | None]]: