PyPI - angr - Versions diffs - 9.2.140__py3-none-manylinux2014_x86_64.whl → 9.2.142__py3-none-manylinux2014_x86_64.whl - Mend

angr 9.2.140__py3-none-manylinux2014_x86_64.whl → 9.2.142__py3-none-manylinux2014_x86_64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (75) hide show

angr/__init__.py +1 -1
angr/analyses/calling_convention/calling_convention.py +105 -35
angr/analyses/calling_convention/fact_collector.py +44 -18
angr/analyses/calling_convention/utils.py +3 -1
angr/analyses/cfg/cfg_base.py +38 -4
angr/analyses/cfg/cfg_fast.py +23 -7
angr/analyses/cfg/indirect_jump_resolvers/jumptable.py +13 -8
angr/analyses/class_identifier.py +8 -7
angr/analyses/complete_calling_conventions.py +1 -1
angr/analyses/decompiler/ail_simplifier.py +105 -62
angr/analyses/decompiler/callsite_maker.py +24 -11
angr/analyses/decompiler/clinic.py +83 -5
angr/analyses/decompiler/condition_processor.py +7 -7
angr/analyses/decompiler/decompilation_cache.py +2 -1
angr/analyses/decompiler/decompiler.py +11 -2
angr/analyses/decompiler/dephication/graph_vvar_mapping.py +4 -6
angr/analyses/decompiler/optimization_passes/base_ptr_save_simplifier.py +8 -2
angr/analyses/decompiler/optimization_passes/condition_constprop.py +63 -34
angr/analyses/decompiler/optimization_passes/duplication_reverter/duplication_reverter.py +3 -1
angr/analyses/decompiler/optimization_passes/flip_boolean_cmp.py +21 -2
angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py +85 -16
angr/analyses/decompiler/optimization_passes/optimization_pass.py +78 -1
angr/analyses/decompiler/optimization_passes/register_save_area_simplifier.py +29 -7
angr/analyses/decompiler/optimization_passes/return_duplicator_base.py +51 -7
angr/analyses/decompiler/optimization_passes/stack_canary_simplifier.py +6 -0
angr/analyses/decompiler/optimization_passes/win_stack_canary_simplifier.py +9 -1
angr/analyses/decompiler/peephole_optimizations/eager_eval.py +44 -7
angr/analyses/decompiler/region_identifier.py +76 -51
angr/analyses/decompiler/region_simplifiers/expr_folding.py +32 -18
angr/analyses/decompiler/region_simplifiers/region_simplifier.py +4 -1
angr/analyses/decompiler/ssailification/rewriting.py +70 -32
angr/analyses/decompiler/ssailification/rewriting_engine.py +118 -24
angr/analyses/decompiler/ssailification/ssailification.py +22 -14
angr/analyses/decompiler/stack_item.py +36 -0
angr/analyses/decompiler/structured_codegen/c.py +86 -145
angr/analyses/decompiler/structuring/dream.py +1 -1
angr/analyses/decompiler/structuring/phoenix.py +9 -4
angr/analyses/decompiler/structuring/structurer_base.py +2 -1
angr/analyses/decompiler/utils.py +46 -20
angr/analyses/find_objects_static.py +2 -1
angr/analyses/reaching_definitions/engine_vex.py +13 -0
angr/analyses/reaching_definitions/function_handler.py +24 -10
angr/analyses/reaching_definitions/function_handler_library/stdio.py +1 -0
angr/analyses/reaching_definitions/function_handler_library/stdlib.py +45 -12
angr/analyses/reaching_definitions/function_handler_library/string.py +77 -21
angr/analyses/reaching_definitions/function_handler_library/unistd.py +21 -1
angr/analyses/reaching_definitions/rd_state.py +11 -7
angr/analyses/s_liveness.py +44 -6
angr/analyses/s_reaching_definitions/s_rda_model.py +4 -2
angr/analyses/s_reaching_definitions/s_rda_view.py +43 -25
angr/analyses/typehoon/simple_solver.py +35 -8
angr/analyses/typehoon/typehoon.py +3 -1
angr/analyses/variable_recovery/engine_ail.py +1 -1
angr/analyses/variable_recovery/engine_vex.py +20 -4
angr/calling_conventions.py +17 -12
angr/factory.py +8 -3
angr/knowledge_plugins/functions/function.py +5 -10
angr/knowledge_plugins/variables/variable_manager.py +34 -5
angr/procedures/definitions/__init__.py +3 -10
angr/procedures/definitions/wdk_ntoskrnl.py +2 -0
angr/procedures/win32_kernel/__fastfail.py +15 -0
angr/sim_procedure.py +2 -2
angr/simos/simos.py +17 -11
angr/simos/windows.py +42 -1
angr/utils/ail.py +41 -1
angr/utils/cpp.py +17 -0
angr/utils/doms.py +142 -0
angr/utils/library.py +1 -1
angr/utils/types.py +59 -0
{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/METADATA +7 -7
{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/RECORD +75 -70
{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/LICENSE +0 -0
{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/WHEEL +0 -0
{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/entry_points.txt +0 -0
{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/top_level.txt +0 -0

angr/knowledge_plugins/functions/function.py CHANGED Viewed

@@ -9,7 +9,7 @@ import contextlib
 from typing import overload
 import networkx
-from itanium_demangler import parse
+import pydemumble
 from cle.backends.symbol import Symbol
 from archinfo.arch_arm import get_real_address_if_arm
@@ -202,7 +202,8 @@ class Function(Serializable):
         if is_plt is not None:
             self.is_plt = is_plt
         else:
-            # Whether this function is a PLT entry or not is fully relying on the PLT detection in CLE
+            # Whether this function is a PLT entry or not is primarily relying on the PLT detection in CLE; it may also
+            # be updated (to True) during CFG recovery.
             if self.project is None:
                 raise ValueError(
                     "'is_plt' must be specified if you do not specify a function manager for this new function."
@@ -1568,14 +1569,8 @@ class Function(Serializable):
     @property
     def demangled_name(self):
-        if self.name[0:2] == "_Z":
-            try:
-                ast = parse(self.name)
-            except (NotImplementedError, KeyError):  # itanium demangler is not the most robust package in the world
-                return self.name
-            if ast:
-                return ast.__str__()
-        return self.name
+        ast = pydemumble.demangle(self.name)
+        return ast if ast else self.name
     def get_unambiguous_name(self, display_name: str | None = None) -> str:
         """

angr/knowledge_plugins/variables/variable_manager.py CHANGED Viewed

@@ -12,6 +12,7 @@ from cle.backends.elf.variable import Variable
 from angr.utils.orderedset import OrderedSet
 from angr.utils.ail import is_phi_assignment
+from angr.utils.types import unpack_pointer, replace_pointer_pts_to
 from angr.protos import variables_pb2
 from angr.serializable import Serializable
 from angr.sim_variable import SimVariable, SimStackVariable, SimMemoryVariable, SimRegisterVariable
@@ -19,7 +20,6 @@ from angr.sim_type import (
     TypeRef,
     SimType,
     SimStruct,
-    SimTypePointer,
     SimTypeBottom,
     SimTypeChar,
     SimTypeShort,
@@ -32,6 +32,7 @@ from angr.knowledge_plugins.types import TypesStore
 from .variable_access import VariableAccess, VariableAccessSort
 if TYPE_CHECKING:
+    from angr.analyses.decompiler.stack_item import StackItem
     from angr.code_location import CodeLocation
 l = logging.getLogger(name=__name__)
@@ -985,10 +986,12 @@ class VariableManagerInternal(Serializable):
             if name not in self.types:
                 self.types[name] = TypeRef(name, ty).with_arch(self.manager._kb._project.arch)
             ty = self.types[name]
-        elif isinstance(ty, SimTypePointer) and isinstance(ty.pts_to, SimStruct):
-            typeref = self._register_struct_type(ty.pts_to)
-            ty = ty.copy().with_arch(self.manager._kb._project.arch)
-            ty.pts_to = typeref
+        elif (inner_ty := unpack_pointer(ty, iterative=True)) and isinstance(inner_ty, SimStruct):
+            typeref = self._register_struct_type(inner_ty)
+            # rebuild the multi-layer pointer type
+            replaced_ty = replace_pointer_pts_to(ty, inner_ty, typeref)
+            assert replaced_ty is not None
+            ty = replaced_ty.with_arch(self.manager._kb._project.arch)
         elif isinstance(ty, SimStruct):
             ty = self._register_struct_type(ty, name=name)
@@ -1139,6 +1142,32 @@ class VariableManagerInternal(Serializable):
                     return False
         return True
+    def get_stackvar_max_sizes(self, stack_items: dict[int, StackItem]) -> dict[SimStackVariable, int]:
+        """
+        Get the maximum size of each stack variable regardless of the type of each stack variable, under the assumption
+        that stack variables do not overlap.
+        :return:        A dictionary from SimStackVariable to its maximum size.
+        """
+        stackvars_by_offset = defaultdict(list)
+        for v in self._variables:
+            if isinstance(v, SimStackVariable):
+                offset = v.offset
+                stackvars_by_offset[offset].append(v)
+        max_sizes = {}
+        offsets = sorted(list(stackvars_by_offset) + list(stack_items))
+        for i, offset in enumerate(offsets):
+            if i + 1 < len(offsets):
+                next_off = offsets[i + 1]
+                sz = next_off - offset
+                if offset in stackvars_by_offset:
+                    for v in stackvars_by_offset[offset]:
+                        max_sizes[v] = max(v.size, sz)
+        return max_sizes
 class VariableManager(KnowledgeBasePlugin):
     """

angr/procedures/definitions/__init__.py CHANGED Viewed

@@ -7,8 +7,7 @@ import inspect
 from collections import defaultdict
 from typing import TYPE_CHECKING
-import itanium_demangler
+import pydemumble
 import archinfo
 from angr.errors import AngrMissingTypeError
@@ -345,14 +344,8 @@ class SimCppLibrary(SimLibrary):
     @staticmethod
     def _try_demangle(name):
-        if name[0:2] == "_Z":
-            try:
-                ast = itanium_demangler.parse(name)
-            except NotImplementedError:
-                return name
-            if ast:
-                return str(ast)
-        return name
+        ast = pydemumble.demangle(name)
+        return ast if ast else name
     @staticmethod
     def _proto_from_demangled_name(name: str) -> SimTypeFunction | None:

angr/procedures/definitions/wdk_ntoskrnl.py CHANGED Viewed

@@ -20,6 +20,8 @@ lib.add_all_from_dict(P["win32_kernel"])
 lib.set_library_names("ntoskrnl.exe")
 prototypes = \
     {
+        # int 29h
+        '__fastfail': SimTypeFunction([SimTypeInt(signed=False, label="Int")], SimTypeBottom(label="void"), arg_names=["code"]),
         #
         'NtQueryObject': SimTypeFunction([SimTypePointer(SimTypeInt(signed=True, label="Int"), label="IntPtr", offset=0), SimTypeInt(signed=False, label="OBJECT_INFORMATION_CLASS"), SimTypePointer(SimTypeBottom(label="Void"), offset=0), SimTypeInt(signed=False, label="UInt32"), SimTypePointer(SimTypeInt(signed=False, label="UInt32"), offset=0)], SimTypeInt(signed=True, label="Int32"), arg_names=["Handle", "ObjectInformationClass", "ObjectInformation", "ObjectInformationLength", "ReturnLength"]),
         #

angr/procedures/win32_kernel/__fastfail.py ADDED Viewed

@@ -0,0 +1,15 @@
+from __future__ import annotations
+import angr
+class __fastfail(angr.SimProcedure):
+    """
+    Immediately terminates the calling process with minimum overhead.
+    https://learn.microsoft.com/en-us/cpp/intrinsics/fastfail?view=msvc-170
+    """
+    NO_RET = True
+    def run(self, _):  # pylint:disable=arguments-differ
+        self.exit(0xC0000409)

angr/sim_procedure.py CHANGED Viewed

@@ -3,7 +3,7 @@ import inspect
 import copy
 import itertools
 import logging
-from typing import TYPE_CHECKING
+from typing import Any, TYPE_CHECKING
 import claripy
 from cle import SymbolType
@@ -339,7 +339,7 @@ class SimProcedure:
     ALT_NAMES = None  # alternative names
     local_vars: tuple[str, ...] = ()
-    def run(self, *args, **kwargs):  # pylint: disable=unused-argument
+    def run(self, *args, **kwargs) -> Any:  # pylint: disable=unused-argument
         """
         Implement the actual procedure here!
         """

angr/simos/simos.py CHANGED Viewed

@@ -1,4 +1,5 @@
 from __future__ import annotations
+from typing import TYPE_CHECKING
 import logging
 import struct
@@ -14,6 +15,9 @@ from angr.procedures import SIM_PROCEDURES as P
 from angr import sim_options as o
 from angr.storage.file import SimFileStream, SimFileBase
+if TYPE_CHECKING:
+    from angr.sim_procedure import SimProcedure
 _l = logging.getLogger(name=__name__)
@@ -23,7 +27,9 @@ class SimOS:
     A class describing OS/arch-level configuration.
     """
-    def __init__(self, project: angr.Project, name=None):
+    name: str | None
+    def __init__(self, project: angr.Project, name: str | None = None):
         self.arch = project.arch
         self.project = project
         self.name = name
@@ -44,7 +50,7 @@ class SimOS:
         self.unresolvable_call_target = self.project.loader.extern_object.allocate()
         self.project.hook(self.unresolvable_call_target, P["stubs"]["UnresolvableCallTarget"]())
-        def irelative_resolver(resolver_addr):
+        def irelative_resolver(resolver_addr: int) -> int | None:
             # autohooking runs before this does, might have provided this already
             # in that case, we want to advertise the _resolver_ address, since it is now
             # providing the behavior of the actual function
@@ -68,7 +74,7 @@ class SimOS:
                 _l.error("Resolver at %#x failed to resolve!", resolver_addr)
                 return None
-            return val.concrete_value
+            return val.concrete_value if val is not None and val.concrete else None
         self.project.loader.perform_irelative_relocs(irelative_resolver)
@@ -77,7 +83,7 @@ class SimOS:
         if sym is not None:
             addr, _ = self.prepare_function_symbol(name, basic_addr=sym.rebased_addr)
-            if self.project.is_hooked(addr) and not self.project.hooked_by(addr).is_stub:
+            if self.project.is_hooked(addr) and not self.project.hooked_by(addr).is_stub:  # type: ignore
                 return
             self.project.hook(addr, hook)
@@ -240,7 +246,7 @@ class SimOS:
         return self.state_entry(**kwargs)
     def state_call(self, addr, *args, **kwargs):
-        cc = kwargs.pop("cc", default_cc(self.arch.name, platform=self.name)(self.project.arch))
+        cc = kwargs.pop("cc", default_cc(self.arch.name, platform=self.name)(self.project.arch))  # type: ignore
         state = kwargs.pop("base_state", None)
         toc = kwargs.pop("toc", None)
@@ -324,22 +330,22 @@ class SimOS:
     # Dummy stuff to allow this API to be used freely
     # pylint: disable=unused-argument, no-self-use
-    def syscall(self, state, allow_unsupported=True):
+    def syscall(self, state: SimState, allow_unsupported: bool = True) -> SimProcedure | None:
         return None
-    def syscall_abi(self, state) -> str:
+    def syscall_abi(self, state: SimState) -> str | None:
         return None
-    def syscall_cc(self, state) -> angr.calling_conventions.SimCCSyscall | None:
+    def syscall_cc(self, state: SimState) -> angr.calling_conventions.SimCCSyscall | None:
         raise NotImplementedError
-    def is_syscall_addr(self, addr):
+    def is_syscall_addr(self, addr) -> bool:
         return False
-    def syscall_from_addr(self, addr, allow_unsupported=True):
+    def syscall_from_addr(self, addr, allow_unsupported=True) -> SimProcedure | None:
         return None
-    def syscall_from_number(self, number, allow_unsupported=True, abi=None):
+    def syscall_from_number(self, number, allow_unsupported=True, abi=None) -> SimProcedure | None:
         return None
     def setup_gdt(self, state, gdt):

angr/simos/windows.py CHANGED Viewed

@@ -15,6 +15,7 @@ from angr import sim_options as o
 from angr.tablespecs import StringTableSpec
 from angr.procedures import SIM_LIBRARIES as L
 from angr.procedures.definitions import load_win32api_definitions
+from angr.calling_conventions import SYSCALL_CC
 from .simos import SimOS
 _l = logging.getLogger(name=__name__)
@@ -26,6 +27,8 @@ VS_SECURITY_COOKIES = {"AMD64": _VS_Security_Cookie(0x2B992DDFA232, 48), "X86":
 class SecurityCookieInit(enum.Enum):
+    """Security cooke initialization value initialization method."""
     NONE = 0
     RANDOM = 1
     STATIC = 2
@@ -48,6 +51,11 @@ class SimWindows(SimOS):
         self.acmdln_ptr = None
         self.wcmdln_ptr = None
+        self.fastfail = L["ntoskrnl.exe"].get("__fastfail", self.arch)
+        self.fastfail.addr = self._find_or_make(self.fastfail.display_name)
+        self.fastfail.cc = SYSCALL_CC[self.arch.name]["Win32"](self.arch)
+        self._syscall_handlers = {self.fastfail.addr: self.fastfail}
     def configure_project(self):
         super().configure_project()
@@ -66,11 +74,15 @@ class SimWindows(SimOS):
         self.acmdln_ptr = self._find_or_make("_acmdln")
         self.wcmdln_ptr = self._find_or_make("_wcmdln")
-        self.is_dump = isinstance(self.project.loader.main_object, cle.backends.Minidump)
+        self.project.hook(self.fastfail.addr, self.fastfail)
         if not self.is_dump:
             self.project.loader.tls.new_thread()
+    @property
+    def is_dump(self) -> bool:
+        return isinstance(self.project.loader.main_object, cle.backends.Minidump)
     def _find_or_make(self, name):
         sym = self.project.loader.find_symbol(name)
         if sym is None:
@@ -420,6 +432,35 @@ class SimWindows(SimOS):
         successors.add_successor(exc_state, self._exception_handler, claripy.true(), "Ijk_Exception")
         successors.processed = True
+    def syscall(self, state, allow_unsupported=True):
+        """
+        Given a state, return the procedure corresponding to the current syscall.
+        This procedure will have .syscall_number, .display_name, and .addr set.
+        :param state:               The state to get the syscall number from
+        :param allow_unsupported:   Whether to return a "dummy" sycall instead of raising an unsupported exception
+        """
+        if state.block(state.history.jump_source).bytes.hex() == "cd29":  # int 29h
+            return self.fastfail
+        return None
+    def is_syscall_addr(self, addr):
+        """
+        Return whether or not the given address corresponds to a syscall implementation.
+        """
+        return addr in self._syscall_handlers
+    def syscall_from_addr(self, addr, allow_unsupported=True):
+        """
+        Get a syscall SimProcedure from an address.
+        :param addr: The address to convert to a syscall SimProcedure
+        :param allow_unsupported: Whether to return a dummy procedure for an unsupported syscall instead of raising an
+                                  exception.
+        :return: The SimProcedure for the syscall, or None if the address is not a syscall address.
+        """
+        return self._syscall_handlers.get(addr, None)
     # these two methods load and store register state from a struct CONTEXT
     # https://www.nirsoft.net/kernel_struct/vista/CONTEXT.html
     @staticmethod

angr/utils/ail.py CHANGED Viewed

@@ -3,7 +3,7 @@ from __future__ import annotations
 from ailment import AILBlockWalkerBase
 from ailment.block import Block
 from ailment.expression import Expression, VirtualVariable, Phi
-from ailment.statement import Assignment, Statement
+from ailment.statement import Assignment, Statement, ConditionalJump
 def is_phi_assignment(stmt: Statement) -> bool:
@@ -28,3 +28,43 @@ class HasExprWalker(AILBlockWalkerBase):
             self.contains_exprs = True
         if not self.contains_exprs:
             super()._handle_expr(expr_idx, expr, stmt_idx, stmt, block)
+def is_head_controlled_loop_block(block: Block) -> bool:
+    """
+    Determine if the block is a "head-controlled loop." A head-controlled loop (for the lack of a better term) is a
+    single-block that contains a conditional jump towards the beginning of the block. This conditional jump controls
+    whether the loop body (the remaining statements after the conditional jump) will be executed or not. It is usually
+    the result of lifting rep stosX instructions on x86 and amd64.
+    A head-controlled loop block looks like the following (lifted from rep stosq qword ptr [rdi], rax):
+    ## Block 4036df
+    00 | 0x4036df | LABEL_4036df:
+    01 | 0x4036df | vvar_27{reg 72} = 𝜙@64b []
+    02 | 0x4036df | vvar_28{reg 24} = 𝜙@64b []
+    03 | 0x4036df | t1 = rcx<8>
+    04 | 0x4036df | t4 = (t1 == 0x0<64>)
+    05 | 0x4036df | if (t4) { Goto 0x4036e2<64> } else { Goto 0x4036df<64> }
+    06 | 0x4036df | t5 = (t1 - 0x1<64>)
+    07 | 0x4036df | rcx<8> = t5
+    08 | 0x4036df | t7 = d<8>
+    09 | 0x4036df | t6 = (t7 << 0x3<8>)
+    10 | 0x4036df | t2 = rax<8>
+    11 | 0x4036df | t3 = rdi<8>
+    12 | 0x4036df | STORE(addr=t3, data=t2, size=8, endness=Iend_LE, guard=None)
+    13 | 0x4036df | t8 = (t3 + t6)
+    14 | 0x4036df | rdi<8> = t8
+    Where statement 5 is the conditional jump that controls the execution of the remaining statements of this block.
+    :param block:   An AIL block.
+    :return:        True if the block represents a head-controlled loop block, False otherwise.
+    """
+    if not block.statements:
+        return False
+    last_stmt = block.statements[-1]
+    if isinstance(last_stmt, ConditionalJump):
+        return False
+    return any(isinstance(stmt, ConditionalJump) for stmt in block.statements[:-1])

angr/utils/cpp.py ADDED Viewed

@@ -0,0 +1,17 @@
+from __future__ import annotations
+def is_cpp_funcname_ctor(name: str) -> bool:
+    """
+    Check if a demangled C++ function name is a constructor.
+    :param name:    The demangled C++ function name.
+    :return:        True if the function name is a constructor, False otherwise.
+    """
+    # With pydemumble, constructor names look like:
+    #    A::A()
+    if "::" not in name:
+        return False
+    parts = name.split("::")
+    return bool(len(parts) == 2 and parts[0] and parts[0] + "()" == parts[1])

angr/utils/doms.py ADDED Viewed

@@ -0,0 +1,142 @@
+# pylint:disable=consider-using-dict-items
+from __future__ import annotations
+from typing import Any
+from collections import defaultdict
+import networkx
+from angr.utils.graph import shallow_reverse
+class IncrementalDominators:
+    """
+    This class allows for incrementally updating dominators and post-dominators for graphs. The graph must only be
+    modified by replacing nodes, not adding nodes or edges.
+    """
+    def __init__(self, graph: networkx.DiGraph, start, post: bool = False):
+        self.graph = graph
+        self.start = start
+        self._post: bool = post  # calculate post-dominators if True
+        self._pre: bool = not post  # calculate dominators
+        self._doms: dict[Any, Any] = {}
+        self._inverted_dom_tree: dict[Any, Any] | None = None  # initialized on demand
+        self._doms = self.init_doms()
+    def init_doms(self) -> dict[Any, Any]:
+        if self._post:
+            t = shallow_reverse(self.graph)
+            doms = networkx.immediate_dominators(t, self.start)
+        else:
+            doms = networkx.immediate_dominators(self.graph, self.start)
+        return doms
+    def _update_inverted_domtree(self):
+        # recalculate the dominators for dominatees of replaced nodes
+        if self._inverted_dom_tree is None:
+            self._inverted_dom_tree = defaultdict(list)
+            for dtee, dtor in self._doms.items():
+                self._inverted_dom_tree[dtor].append(dtee)
+    def graph_updated(self, new_node: Any, replaced_nodes: set[Any], replaced_head: Any):
+        self._update_inverted_domtree()
+        assert self._inverted_dom_tree is not None
+        # recalculate the dominators for impacted nodes
+        new_dom = self._doms[replaced_head]
+        while new_dom in replaced_nodes and new_dom is not self.start:
+            new_dom = self._doms[new_dom]
+        if self.start in replaced_nodes:
+            self.start = new_node
+        if new_dom in replaced_nodes:
+            new_dom = new_node
+        new_node_doms = []
+        for rn in replaced_nodes:
+            if rn not in self._inverted_dom_tree:
+                continue
+            for dtee in self._inverted_dom_tree[rn]:
+                self._doms[dtee] = new_node
+                new_node_doms.append(dtee)
+        self._doms[new_node] = new_dom
+        # keep inverted dom tree up-to-date
+        self._inverted_dom_tree[new_dom].append(new_node)
+        self._inverted_dom_tree[new_node] = new_node_doms
+        for rn in replaced_nodes:
+            if rn in self._doms:
+                d = self._doms[rn]
+                del self._doms[rn]
+                self._inverted_dom_tree[d].remove(rn)
+            if rn in self._inverted_dom_tree:
+                del self._inverted_dom_tree[rn]
+    def idom(self, node: Any) -> Any | None:
+        """
+        Get the immediate dominator of a given node.
+        """
+        return self._doms.get(node, None)
+    def df(self, node: Any) -> set[Any]:
+        """
+        Generate the dominance frontier of a node.
+        """
+        if node not in self.graph:
+            return set()
+        _pred = self.graph.predecessors if self._pre else self.graph.successors
+        _succ = self.graph.successors if self._pre else self.graph.predecessors
+        df = set()
+        visited = {node}
+        queue = [node]
+        while queue:
+            u = queue.pop(0)
+            preds = list(_pred(u))  # type: ignore
+            added = False
+            if len(preds) >= 2:
+                for v in preds:
+                    if v in self._doms:
+                        while v != self._doms[u]:
+                            if v is node:
+                                df.add(u)
+                                added = True
+                                break
+                            v = self._doms[v]
+                    if added:
+                        break
+            if not added:
+                for v in _succ(u):  # type: ignore
+                    if v not in visited:
+                        visited.add(v)
+                        queue.append(v)
+        return df
+    def dominates(self, dominator_node: Any, node: Any) -> bool:
+        """
+        Tests if dominator_node dominates (or post-dominates) node.
+        """
+        n = node
+        while n:
+            if n is dominator_node:
+                return True
+            d = self.idom(n)
+            n = d if d is not None and n is not d else None
+        return False
+    def _debug_check(self):
+        true_doms = self.init_doms()
+        if len(true_doms) != len(self._doms):
+            raise ValueError("dominators do not match")
+        for k in true_doms:
+            if true_doms[k] != self._doms[k]:
+                print(f"{k!r}: {true_doms[k]!r} {self._doms[k]!r}")
+                raise ValueError("dominators do not match")

angr/utils/library.py CHANGED Viewed

@@ -168,7 +168,7 @@ def parsedcprotos2py(
                 proto_.returnty = SimTypeFd(label=proto_.returnty.label)
             for i, arg in enumerate(proto_.args):
                 if (func_name, i) in fd_spots:
-                    proto_.args[i] = SimTypeFd(label=arg.label)
+                    proto_.args = proto_.args[:i] + (SimTypeFd(label=arg.label),) + proto_.args[i + 1 :]
         line1 = " " * 8 + "#" + ((" " + decl) if decl else "") + "\n"
         line2 = " " * 8 + repr(func_name) + ": " + (proto_._init_str() if proto_ is not None else "None") + "," + "\n"

angr/utils/types.py ADDED Viewed

@@ -0,0 +1,59 @@
+from __future__ import annotations
+from angr.sim_type import TypeRef, SimType, SimTypePointer, SimTypeArray, SimTypeFixedSizeArray
+def unpack_typeref(ty):
+    if isinstance(ty, TypeRef):
+        return ty.type
+    return ty
+def unpack_pointer(ty: SimType, iterative: bool = False) -> SimType | None:
+    if isinstance(ty, SimTypePointer):
+        if iterative:
+            inner = unpack_pointer(ty.pts_to, iterative=True)
+            return inner if inner is not None else ty.pts_to
+        return ty.pts_to
+    return None
+def unpack_pointer_and_array(ty: SimType, iterative: bool = False) -> SimType | None:
+    if isinstance(ty, SimTypePointer):
+        if iterative:
+            inner = unpack_pointer(ty.pts_to, iterative=True)
+            return inner if inner is not None else ty.pts_to
+        return ty.pts_to
+    if isinstance(ty, SimTypeArray):
+        return ty.elem_type
+    return None
+def replace_pointer_pts_to(ty: SimType, old_pts_to: SimType, new_pts_to: SimType) -> SimTypePointer | None:
+    if isinstance(ty, SimTypePointer):
+        if ty.pts_to is old_pts_to:
+            inner = new_pts_to
+        elif isinstance(ty.pts_to, SimTypePointer):
+            # recursively replace pts_to inside
+            inner = replace_pointer_pts_to(ty.pts_to, old_pts_to, new_pts_to)
+        else:
+            return None
+        return SimTypePointer(inner, label=ty.label, offset=ty.offset)
+    return None
+def unpack_array(ty) -> SimType | None:
+    if isinstance(ty, SimTypeArray):
+        return ty.elem_type
+    if isinstance(ty, SimTypeFixedSizeArray):
+        return ty.elem_type
+    return None
+def squash_array_reference(ty):
+    pointed_to = unpack_pointer(ty)
+    if pointed_to:
+        array_of = unpack_array(pointed_to)
+        if array_of:
+            return SimTypePointer(array_of)
+    return ty

{angr-9.2.140.dist-info → angr-9.2.142.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: angr
-Version: 9.2.140
+Version: 9.2.142
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 Home-page: https://github.com/angr/angr
 License: BSD-2-Clause
@@ -16,22 +16,22 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: CppHeaderParser
 Requires-Dist: GitPython
-Requires-Dist: ailment==9.2.140
-Requires-Dist: archinfo==9.2.140
+Requires-Dist: ailment==9.2.142
+Requires-Dist: archinfo==9.2.142
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.140
-Requires-Dist: cle==9.2.140
-Requires-Dist: itanium-demangler
+Requires-Dist: claripy==9.2.142
+Requires-Dist: cle==9.2.142
 Requires-Dist: mulpyplexer
 Requires-Dist: nampa
 Requires-Dist: networkx!=2.8.1,>=2.0
 Requires-Dist: protobuf>=5.28.2
 Requires-Dist: psutil
 Requires-Dist: pycparser>=2.18
+Requires-Dist: pydemumble
 Requires-Dist: pyformlang
-Requires-Dist: pyvex==9.2.140
+Requires-Dist: pyvex==9.2.142
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy