angr 9.2.149__py3-none-manylinux2014_x86_64.whl → 9.2.152__py3-none-manylinux2014_x86_64.whl

angr/analyses/decompiler/ssailification/rewriting_engine.py

@@ -1,4 +1,4 @@
-# pylint:disable=no-self-use,unused-argument
+# pylint:disable=no-self-use,unused-argument,too-many-boolean-expressions
 from __future__ import annotations
 from typing import Literal
 import logging
@@ -9,6 +9,7 @@ from ailment.manager import Manager
 from ailment.statement import (
     Statement,
     Assignment,
+    CAS,
     Store,
     Call,
     Return,
@@ -18,6 +19,7 @@ from ailment.statement import (
     WeakAssignment,
 )
 from ailment.expression import (
+    Atom,
     Expression,
     Register,
     VirtualVariable,
@@ -204,6 +206,40 @@ class SimEngineSSARewriting(
             )
         return None
 
+    def _handle_stmt_CAS(self, stmt: CAS) -> CAS | None:
+        new_addr = self._expr(stmt.addr)
+        new_data_lo = self._expr(stmt.data_lo)
+        new_data_hi = self._expr(stmt.data_hi) if stmt.data_hi is not None else None
+        new_expd_lo = self._expr(stmt.expd_lo)
+        new_expd_hi = self._expr(stmt.expd_hi) if stmt.expd_hi is not None else None
+        new_old_lo = self._expr(stmt.old_lo)
+        new_old_hi = self._expr(stmt.old_hi) if stmt.old_hi is not None else None
+        assert new_old_lo is None or isinstance(new_old_lo, Atom)
+        assert new_old_hi is None or isinstance(new_old_hi, Atom)
+
+        if (
+            new_addr is not None
+            or new_old_lo is not None
+            or new_old_hi is not None
+            or new_data_lo is not None
+            or new_data_hi is not None
+            or new_expd_lo is not None
+            or new_expd_hi is not None
+        ):
+            return CAS(
+                stmt.idx,
+                stmt.addr if new_addr is None else new_addr,
+                stmt.data_lo if new_data_lo is None else new_data_lo,
+                stmt.data_hi if new_data_hi is None else new_data_hi,
+                stmt.expd_lo if new_expd_lo is None else new_expd_lo,
+                stmt.expd_hi if new_expd_hi is None else new_expd_hi,
+                stmt.old_lo if new_old_lo is None else new_old_lo,
+                stmt.old_hi if new_old_hi is None else new_old_hi,
+                stmt.endness,
+                **stmt.tags,
+            )
+        return None
+
     def _handle_stmt_Store(self, stmt: Store) -> Store | Assignment | tuple[Assignment, ...] | None:
         new_data = self._expr(stmt.data)
         if stmt.guard is None:

angr/analyses/decompiler/ssailification/traversal_engine.py

@@ -1,7 +1,7 @@
 from __future__ import annotations
 from collections import OrderedDict
 
-from ailment.statement import Call, Store, ConditionalJump
+from ailment.statement import Call, Store, ConditionalJump, CAS
 from ailment.expression import Register, BinaryOp, StackBaseOffset, ITE, VEXCCallExpression, Tmp, DirtyExpression, Load
 
 from angr.engines.light import SimEngineLightAIL
@@ -64,6 +64,15 @@ class SimEngineSSATraversal(SimEngineLightAIL[TraversalState, None, None, None])
         self._expr(stmt.src)
         self._expr(stmt.dst)
 
+    def _handle_stmt_CAS(self, stmt: CAS):
+        self._expr(stmt.addr)
+        self._expr(stmt.data_lo)
+        if stmt.data_hi is not None:
+            self._expr(stmt.data_hi)
+        self._expr(stmt.expd_lo)
+        if stmt.expd_hi is not None:
+            self._expr(stmt.expd_hi)
+
     def _handle_stmt_Store(self, stmt: Store):
         self._expr(stmt.addr)
         self._expr(stmt.data)

angr/analyses/decompiler/utils.py

@@ -723,6 +723,23 @@ def structured_node_is_simple_return(
     return False
 
 
+def structured_node_is_simple_return_strict(node: BaseNode | SequenceNode | MultiNode | ailment.Block) -> bool:
+    """
+    Returns True iff the node exclusively contains a return statement.
+    """
+    if isinstance(node, (SequenceNode, MultiNode)) and node.nodes:
+        flat_blocks = _flatten_structured_node(node)
+        if len(flat_blocks) != 1:
+            return False
+        node = flat_blocks[-1]
+
+    return (
+        isinstance(node, ailment.Block)
+        and len(node.statements) == 1
+        and isinstance(node.statements[0], ailment.Stmt.Return)
+    )
+
+
 def is_statement_terminating(stmt: ailment.statement.Statement, functions) -> bool:
     if isinstance(stmt, ailment.Stmt.Return):
         return True

angr/analyses/disassembly.py

@@ -1159,6 +1159,7 @@ class Disassembly(Analysis):
         show_bytes: bool = False,
         ascii_only: bool | None = None,
         color: bool = True,
+        min_edge_depth: int = 0,
     ) -> str:
         """
         Render the disassembly to a string, with optional edges and addresses.
@@ -1288,7 +1289,7 @@ class Disassembly(Analysis):
             for f, t in sorted(edges_by_line, key=lambda e: abs(e[0] - e[1])):
                 add_edge_to_buffer(edge_buf, ref_buf, f, t, lambda s: ansi_color(s, edge_col), ascii_only=ascii_only)
                 add_edge_to_buffer(ref_buf, ref_buf, f, t, ascii_only=ascii_only)
-            max_edge_depth = max(map(len, ref_buf))
+            max_edge_depth = max(*map(len, ref_buf), min_edge_depth)
 
             # Justify edge and combine with disassembly
             for i, line in enumerate(buf):

angr/analyses/patchfinder.py

@@ -97,7 +97,7 @@ class PatchFinderAnalysis(Analysis):
     # - Looking for instruction partials broken by a patch (nodecode)
     # - Unusual stack manipulation
 
-    atypical_alignments: list[Function]
+    atypical_alignments: list[AtypicallyAlignedFunction]
     possibly_patched_out: list[PatchedOutFunctionality]
 
     def __init__(self):

angr/analyses/reaching_definitions/engine_ail.py

@@ -143,6 +143,26 @@ class SimEngineRDAIL(
         else:
             l.warning("Unsupported type of Assignment dst %s.", type(dst).__name__)
 
+    def _handle_stmt_CAS(self, stmt: ailment.statement.CAS):
+        addr = self._expr(stmt.addr)
+        old_lo = stmt.old_lo
+        old_hi = stmt.old_hi
+
+        self._expr(stmt.data_lo)
+        if stmt.data_hi is not None:
+            self._expr(stmt.data_hi)
+        self._expr(stmt.expd_lo)
+        if stmt.expd_hi is not None:
+            self._expr(stmt.expd_hi)
+
+        if isinstance(old_lo, ailment.Tmp):
+            self.state.kill_and_add_definition(Tmp(old_lo.tmp_idx, old_lo.size), addr)
+            self.tmps[old_lo.tmp_idx] = self._top(old_lo.size)
+
+        if isinstance(old_hi, ailment.Tmp):
+            self.state.kill_and_add_definition(Tmp(old_hi.tmp_idx, old_hi.size), addr)
+            self.tmps[old_hi.tmp_idx] = self._top(old_hi.size)
+
     def _handle_stmt_Store(self, stmt: ailment.Stmt.Store) -> None:
         data = self._expr(stmt.data)
         addr = self._expr_bv(stmt.addr)

angr/analyses/s_propagator.py

@@ -511,5 +511,33 @@ class SPropagatorAnalysis(Analysis):
         }
         return (block_1.addr, block_1.idx) in stmt_0_targets
 
+    @staticmethod
+    def vvar_dep_graph(blocks, vvar_def_locs, vvar_use_locs) -> networkx.DiGraph:
+        g = networkx.DiGraph()
+
+        for var_id in vvar_def_locs:
+            # where is it used?
+            for _, use_loc in vvar_use_locs[var_id]:
+                if isinstance(use_loc, ExternalCodeLocation):
+                    g.add_edge(var_id, "ExternalCodeLocation")
+                    continue
+                assert use_loc.block_addr is not None
+                assert use_loc.stmt_idx is not None
+                block = blocks[(use_loc.block_addr, use_loc.block_idx)]
+                stmt = block.statements[use_loc.stmt_idx]
+                if isinstance(stmt, Assignment):
+                    if isinstance(stmt.dst, VirtualVariable):
+                        g.add_edge(var_id, stmt.dst.varid)
+                    else:
+                        g.add_edge(var_id, f"Assignment@{stmt.ins_addr:#x}")
+                elif isinstance(stmt, Store):
+                    # store to memory
+                    g.add_edge(var_id, f"Store@{stmt.ins_addr:#x}")
+                else:
+                    # other statements
+                    g.add_edge(var_id, f"{stmt.__class__.__name__}@{stmt.ins_addr:#x}")
+
+        return g
+
 
 register_analysis(SPropagatorAnalysis, "SPropagator")

angr/analyses/stack_pointer_tracker.py

@@ -791,7 +791,8 @@ class StackPointerTracker(Analysis, ForwardAnalysis):
                                     sp_adjusted = True
                                     sp_v = state.regs[self.project.arch.sp_offset]
                                     sp_v -= Constant(stmt.data.con.value)
-                                    state.put(self.project.arch.sp_offset, sp_v, force=True)
+                                    state.put(self.project.arch.sp_offset, sp_v, force=True)  # sp -= OFFSET
+                                    state.put(stmt.offset, Constant(0), force=True)  # rax = 0
                                     break
 
                 callee_cleanups = [

angr/analyses/typehoon/typehoon.py

@@ -263,7 +263,10 @@ class Typehoon(Analysis):
                     max_offset = offsets[-1]
                     field0_size = 1
                     if not isinstance(field0, TopType):
-                        field0_size = field0.size
+                        try:
+                            field0_size = field0.size
+                        except NotImplementedError:
+                            field0_size = 1
                     count = (max_offset + field0_size) // alignment
                     return Array(field0, count=count)
 

angr/analyses/variable_recovery/engine_ail.py

@@ -115,6 +115,15 @@ class SimEngineVRAIL(
             tc = typevars.Subtype(src.typevar, dst.typevar)
             self.state.add_type_constraint(tc)
 
+    def _handle_stmt_CAS(self, stmt) -> None:
+        self._expr(stmt.addr)
+        self._expr(stmt.data_lo)
+        if stmt.data_hi is not None:
+            self._expr(stmt.data_hi)
+        self._expr(stmt.expd_lo)
+        if stmt.expd_hi is not None:
+            self._expr(stmt.expd_hi)
+
     def _handle_stmt_Store(self, stmt: ailment.Stmt.Store):
         addr_r = self._expr_bv(stmt.addr)
         data = self._expr(stmt.data)

angr/engines/light/engine.py

@@ -533,6 +533,7 @@ class SimEngineLightAIL(
     def __init__(self, *args, **kwargs):
         self._stmt_handlers: dict[str, Callable[[Any], StmtDataType]] = {
             "Assignment": self._handle_stmt_Assignment,
+            "CAS": self._handle_stmt_CAS,
             "WeakAssignment": self._handle_stmt_WeakAssignment,
             "Store": self._handle_stmt_Store,
             "Jump": self._handle_stmt_Jump,
@@ -698,6 +699,9 @@ class SimEngineLightAIL(
     @abstractmethod
     def _handle_stmt_Assignment(self, stmt: ailment.statement.Assignment) -> StmtDataType: ...
 
+    @abstractmethod
+    def _handle_stmt_CAS(self, stmt: ailment.statement.CAS) -> StmtDataType: ...
+
     @abstractmethod
     def _handle_stmt_WeakAssignment(self, stmt: ailment.statement.WeakAssignment) -> StmtDataType: ...
 
@@ -1013,6 +1017,9 @@ class SimEngineNostmtAIL(
     def _handle_stmt_WeakAssignment(self, stmt) -> StmtDataType | None:
         pass
 
+    def _handle_stmt_CAS(self, stmt) -> StmtDataType | None:
+        pass
+
     def _handle_stmt_Store(self, stmt) -> StmtDataType | None:
         pass
 

angr/engines/pcode/lifter.py

@@ -427,6 +427,13 @@ class IRSB:
 
         return exits
 
+    @property
+    def is_noop_block(self) -> bool:
+        """
+        Returns True if this block is a no-op block (i.e. it has no instructions and no jumps).
+        """
+        return not any(op.opcode != pypcode.OpCode.IMARK for op in self._ops)
+
     #
     # private methods
     #

angr/storage/memory_mixins/clouseau_mixin.py

@@ -68,6 +68,7 @@ class InspectMixinHigh(MemoryMixin):
         if not inspect or not self.state.supports_inspect:
             return super().load(addr, size=size, condition=condition, endness=endness, inspect=inspect, **kwargs)
 
+        r = None
         if self.category == "reg":
             self.state._inspect(
                 "reg_read",
@@ -76,7 +77,9 @@ class InspectMixinHigh(MemoryMixin):
                 reg_read_length=size,
                 reg_read_condition=condition,
                 reg_read_endness=endness,
+                reg_read_expr=None,
             )
+            r = self.state._inspect_getattr("reg_read_expr", None)
             addr = self.state._inspect_getattr("reg_read_offset", addr)
             size = self.state._inspect_getattr("reg_read_length", size)
             condition = self.state._inspect_getattr("reg_read_condition", condition)
@@ -89,13 +92,16 @@ class InspectMixinHigh(MemoryMixin):
                 mem_read_length=size,
                 mem_read_condition=condition,
                 mem_read_endness=endness,
+                mem_read_expr=None,
             )
+            r = self.state._inspect_getattr("mem_read_expr", None)
             addr = self.state._inspect_getattr("mem_read_address", addr)
             size = self.state._inspect_getattr("mem_read_length", size)
             condition = self.state._inspect_getattr("mem_read_condition", condition)
             endness = self.state._inspect_getattr("mem_read_endness", endness)
 
-        r = super().load(addr, size=size, condition=condition, endness=endness, inspect=inspect, **kwargs)
+        if r is None:
+            r = super().load(addr, size=size, condition=condition, endness=endness, inspect=inspect, **kwargs)
 
         if self.category == "mem":
             self.state._inspect(

angr/utils/graph.py

@@ -672,9 +672,40 @@ class GraphUtils:
         addrs_to_index = {n.addr: i for (i, n) in enumerate(post_order)}
         return sorted(nodes, key=lambda n: addrs_to_index[n.addr], reverse=True)
 
+    @staticmethod
+    def _sort_node(node):
+        """
+        A sorter to make a deterministic order of nodes.
+        """
+        if hasattr(node, "addr"):
+            return node.addr
+        return node
+
+    @staticmethod
+    def _sort_edge(edge):
+        """
+        A sorter to make a deterministic order of edges.
+        """
+        _src, _dst = edge
+        src_addr, dst_addr = 0, 0
+        if hasattr(_src, "addr"):
+            src_addr = _src.addr
+        elif isinstance(_src, int):
+            src_addr = _src
+
+        if hasattr(_dst, "addr"):
+            dst_addr = _dst.addr
+        elif isinstance(_dst, int):
+            dst_addr = _dst
+
+        return src_addr + dst_addr
+
     @staticmethod
     def quasi_topological_sort_nodes(
-        graph: networkx.DiGraph, nodes: list | None = None, loop_heads: list | None = None
+        graph: networkx.DiGraph,
+        nodes: list | None = None,
+        loop_heads: list | None = None,
+        panic_mode_threshold: int = 3000,
     ) -> list:
         """
         Sort a given set of nodes from a graph based on the following rules:
@@ -688,6 +719,7 @@ class GraphUtils:
         :param graph:       A local transition graph of the function.
         :param nodes:       A list of nodes to sort. None if you want to sort all nodes inside the graph.
         :param loop_heads:  A list of nodes that should be treated loop heads.
+        :param panic_mode_threshold: Threshold of nodes in an SCC to begin aggressively removing edges.
         :return:            A list of ordered nodes.
         """
 
@@ -702,32 +734,18 @@ class GraphUtils:
 
         # find all strongly connected components in the graph
         sccs = [scc for scc in networkx.strongly_connected_components(graph) if len(scc) > 1]
-
-        def _sort_edge(edge):
-            """
-            A sorter to make a deterministic order of edges.
-            """
-            _src, _dst = edge
-            src_addr, dst_addr = 0, 0
-            if hasattr(_src, "addr"):
-                src_addr = _src.addr
-            elif isinstance(_src, int):
-                src_addr = _src
-
-            if hasattr(_dst, "addr"):
-                dst_addr = _dst.addr
-            elif isinstance(_dst, int):
-                dst_addr = _dst
-
-            return src_addr + dst_addr
+        comp_indices = {}
+        for i, scc in enumerate(sccs):
+            for node in scc:
+                if node not in comp_indices:
+                    comp_indices[node] = i
 
         # collapse all strongly connected components
-        edges = sorted(graph.edges(), key=_sort_edge)
-        for src, dst in edges:
-            scc_index = GraphUtils._components_index_node(sccs, src)
+        for src, dst in sorted(graph.edges(), key=GraphUtils._sort_edge):
+            scc_index = comp_indices.get(src)
             if scc_index is not None:
                 src = SCCPlaceholder(scc_index)
-            scc_index = GraphUtils._components_index_node(sccs, dst)
+            scc_index = comp_indices.get(dst)
             if scc_index is not None:
                 dst = SCCPlaceholder(scc_index)
 
@@ -754,7 +772,13 @@ class GraphUtils:
         ordered_nodes = []
         for n in tmp_nodes:
             if isinstance(n, SCCPlaceholder):
-                GraphUtils._append_scc(graph, ordered_nodes, sccs[n.scc_id], loop_head_candidates=loop_heads)
+                GraphUtils._append_scc(
+                    graph,
+                    ordered_nodes,
+                    sccs[n.scc_id],
+                    loop_head_candidates=loop_heads,
+                    panic_mode_threshold=panic_mode_threshold,
+                )
             else:
                 ordered_nodes.append(n)
 
@@ -762,16 +786,13 @@ class GraphUtils:
             return ordered_nodes
         return [n for n in ordered_nodes if n in set(nodes)]
 
-    @staticmethod
-    def _components_index_node(components, node):
-        for i, comp in enumerate(components):
-            if node in comp:
-                return i
-        return None
-
     @staticmethod
     def _append_scc(
-        graph: networkx.DiGraph, ordered_nodes: list, scc: set, loop_head_candidates: list | None = None
+        graph: networkx.DiGraph,
+        ordered_nodes: list,
+        scc: set,
+        loop_head_candidates: list | None = None,
+        panic_mode_threshold: int = 3000,
     ) -> None:
         """
         Append all nodes from a strongly connected component to a list of ordered nodes and ensure the topological
@@ -780,15 +801,16 @@ class GraphUtils:
         :param graph: The graph where all nodes belong to.
         :param ordered_nodes:     Ordered nodes.
         :param scc:           A set of nodes that forms a strongly connected component in the graph.
+        :param panic_mode_threshold: Threshold of nodes in an SCC to begin aggressively removing edges.
         """
 
         loop_head = None
 
         if loop_head_candidates is not None:
             # find the first node that appears in loop_heads
-            loop_head_candidates = set(loop_head_candidates)
+            loop_head_candidates_set = set(loop_head_candidates)
             for n in scc:
-                if n in loop_head_candidates:
+                if n in loop_head_candidates_set:
                     loop_head = n
                     break
 
@@ -817,10 +839,10 @@ class GraphUtils:
                     break
 
         if loop_head is None:
-            # randomly pick one
-            loop_head = next(iter(scc))
+            # pick the first one
+            loop_head = sorted(scc, key=GraphUtils._sort_node)[0]
 
-        subgraph: networkx.DiGraph = graph.subgraph(scc).copy()
+        subgraph: networkx.DiGraph = graph.subgraph(scc).copy()  # type: ignore
         for src, _ in list(subgraph.in_edges(loop_head)):
             subgraph.remove_edge(src, loop_head)
 
@@ -828,8 +850,8 @@ class GraphUtils:
         # will take too long to converge if we only remove one node out of the component each time. we introduce a
         # panic mode that will aggressively remove edges
 
-        if len(subgraph) > 3000 and len(subgraph.edges) > len(subgraph) * 1.4:
-            for n0, n1 in sorted(dfs_back_edges(subgraph, loop_head), key=lambda x: (x[0].addr, x[0].addr)):
+        if len(subgraph) > panic_mode_threshold and len(subgraph.edges) > len(subgraph) * 1.4:
+            for n0, n1 in sorted(dfs_back_edges(subgraph, loop_head), key=GraphUtils._sort_edge):
                 subgraph.remove_edge(n0, n1)
                 if len(subgraph.edges) <= len(subgraph) * 1.4:
                     break

angr/utils/ssa/__init__.py

@@ -8,7 +8,7 @@ import networkx
 import archinfo
 from ailment import Expression, Block
 from ailment.expression import VirtualVariable, Const, Phi, Tmp, Load, Register, StackBaseOffset, DirtyExpression, ITE
-from ailment.statement import Statement, Assignment, Call, Store
+from ailment.statement import Statement, Assignment, Call, Store, CAS
 from ailment.block_walker import AILBlockWalkerBase
 
 from angr.knowledge_plugins.key_definitions import atoms
@@ -126,6 +126,11 @@ def get_tmp_deflocs(blocks) -> dict[CodeLocation, dict[atoms.Tmp, int]]:
         for stmt_idx, stmt in enumerate(block.statements):
             if isinstance(stmt, Assignment) and isinstance(stmt.dst, Tmp):
                 tmp_to_loc[codeloc][atoms.Tmp(stmt.dst.tmp_idx, stmt.dst.bits)] = stmt_idx
+            if isinstance(stmt, CAS):
+                if isinstance(stmt.old_lo, Tmp):
+                    tmp_to_loc[codeloc][atoms.Tmp(stmt.old_lo.tmp_idx, stmt.old_lo.bits)] = stmt_idx
+                if stmt.old_hi is not None and isinstance(stmt.old_hi, Tmp):
+                    tmp_to_loc[codeloc][atoms.Tmp(stmt.old_hi.tmp_idx, stmt.old_hi.bits)] = stmt_idx
 
     return tmp_to_loc
 

{angr-9.2.149.dist-info → angr-9.2.152.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: angr
-Version: 9.2.149
+Version: 9.2.152
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 License: BSD-2-Clause
 Project-URL: Homepage, https://angr.io/
@@ -17,13 +17,13 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: cxxheaderparser
 Requires-Dist: GitPython
-Requires-Dist: ailment==9.2.149
-Requires-Dist: archinfo==9.2.149
+Requires-Dist: ailment==9.2.152
+Requires-Dist: archinfo==9.2.152
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.149
-Requires-Dist: cle==9.2.149
+Requires-Dist: claripy==9.2.152
+Requires-Dist: cle==9.2.152
 Requires-Dist: mulpyplexer
 Requires-Dist: networkx!=2.8.1,>=2.0
 Requires-Dist: protobuf>=5.28.2
@@ -31,7 +31,7 @@ Requires-Dist: psutil
 Requires-Dist: pycparser>=2.18
 Requires-Dist: pydemumble
 Requires-Dist: pyformlang
-Requires-Dist: pyvex==9.2.149
+Requires-Dist: pyvex==9.2.152
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy