angr 9.2.166__cp310-abi3-macosx_11_0_arm64.whl → 9.2.168__cp310-abi3-macosx_11_0_arm64.whl

angr/analyses/decompiler/structuring/structurer_base.py

@@ -35,6 +35,7 @@ from .structurer_nodes import (
     LoopNode,
     EmptyBlockNotice,
     IncompleteSwitchCaseNode,
+    IncompleteSwitchCaseHeadStatement,
 )
 
 if TYPE_CHECKING:
@@ -900,8 +901,24 @@ class StructurerBase(Analysis):
 
     @staticmethod
     def _remove_last_statement_if_jump(
-        node: BaseNode | ailment.Block | MultiNode,
+        node: BaseNode | ailment.Block | MultiNode | SequenceNode,
     ) -> ailment.Stmt.Jump | ailment.Stmt.ConditionalJump | None:
+        if isinstance(node, SequenceNode) and node.nodes and isinstance(node.nodes[-1], ConditionNode):
+            cond_node = node.nodes[-1]
+            the_stmt: ailment.Stmt.Jump | None = None
+            for block in [cond_node.true_node, cond_node.false_node]:
+                if (
+                    isinstance(block, ailment.Block)
+                    and block.statements
+                    and isinstance(block.statements[-1], ailment.Stmt.Jump)
+                ):
+                    the_stmt = block.statements[-1]  # type: ignore
+                    break
+
+            if the_stmt is not None:
+                node.nodes = node.nodes[:-1]
+                return the_stmt
+
         try:
             last_stmts = ConditionProcessor.get_last_statements(node)
         except EmptyBlockNotice:
@@ -911,6 +928,63 @@ class StructurerBase(Analysis):
             return remove_last_statement(node)  # type: ignore
         return None
 
+    @staticmethod
+    def _remove_last_statement_if_jump_or_schead(
+        node: BaseNode | ailment.Block | MultiNode | SequenceNode,
+    ) -> ailment.Stmt.Jump | ailment.Stmt.ConditionalJump | IncompleteSwitchCaseHeadStatement | None:
+        if isinstance(node, SequenceNode) and node.nodes and isinstance(node.nodes[-1], ConditionNode):
+            cond_node = node.nodes[-1]
+            the_stmt: ailment.Stmt.Jump | None = None
+            for block in [cond_node.true_node, cond_node.false_node]:
+                if (
+                    isinstance(block, ailment.Block)
+                    and block.statements
+                    and isinstance(block.statements[-1], ailment.Stmt.Jump)
+                ):
+                    the_stmt = block.statements[-1]  # type: ignore
+                    break
+
+            if the_stmt is not None:
+                node.nodes = node.nodes[:-1]
+                return the_stmt
+
+        try:
+            last_stmts = ConditionProcessor.get_last_statements(node)
+        except EmptyBlockNotice:
+            return None
+
+        if len(last_stmts) == 1 and isinstance(
+            last_stmts[0], (ailment.Stmt.Jump, ailment.Stmt.ConditionalJump, IncompleteSwitchCaseHeadStatement)
+        ):
+            return remove_last_statement(node)  # type: ignore
+        return None
+
+    @staticmethod
+    def _copy_and_remove_last_statement_if_jump(
+        node: ailment.Block | MultiNode | SequenceNode,
+    ) -> ailment.Block | MultiNode | SequenceNode:
+        if isinstance(node, SequenceNode):
+            if node.nodes and isinstance(node.nodes[-1], ConditionNode):
+                # copy the node and remove the last condition node
+                return SequenceNode(node.addr, nodes=node.nodes[:-1])
+            return node.copy()
+
+        if isinstance(node, MultiNode):
+            if node.nodes:
+                last_block = StructurerBase._copy_and_remove_last_statement_if_jump(node.nodes[-1])
+                nodes = [*node.nodes[:-1], last_block]
+            else:
+                nodes = []
+            return MultiNode(nodes, addr=node.addr, idx=node.idx)
+
+        assert isinstance(node, ailment.Block)
+        if node.statements and isinstance(node.statements[-1], (ailment.Stmt.Jump, ailment.Stmt.ConditionalJump)):
+            # copy the block and remove the last statement
+            stmts = node.statements[:-1]
+        else:
+            stmts = node.statements[::]
+        return ailment.Block(node.addr, node.original_size, statements=stmts, idx=node.idx)
+
     @staticmethod
     def _merge_nodes(node_0, node_1):
         addr = node_0.addr if node_0.addr is not None else node_1.addr

angr/analyses/decompiler/utils.py

@@ -156,27 +156,48 @@ def switch_extract_cmp_bounds(
 
     if not isinstance(last_stmt, ailment.Stmt.ConditionalJump):
         return None
+    return switch_extract_cmp_bounds_from_condition(last_stmt.condition)
 
+
+def switch_extract_cmp_bounds_from_condition(cond: ailment.Expr.Expression) -> tuple[Any, int, int] | None:
     # TODO: Add more operations
-    if isinstance(last_stmt.condition, ailment.Expr.BinaryOp) and last_stmt.condition.op in {"CmpLE", "CmpLT"}:
-        if not isinstance(last_stmt.condition.operands[1], ailment.Expr.Const):
-            return None
-        cmp_ub = (
-            last_stmt.condition.operands[1].value
-            if last_stmt.condition.op == "CmpLE"
-            else last_stmt.condition.operands[1].value - 1
-        )
-        cmp_lb = 0
-        cmp = last_stmt.condition.operands[0]
-        if (
-            isinstance(cmp, ailment.Expr.BinaryOp)
-            and cmp.op == "Sub"
-            and isinstance(cmp.operands[1], ailment.Expr.Const)
-        ):
-            cmp_ub += cmp.operands[1].value
-            cmp_lb += cmp.operands[1].value
-            cmp = cmp.operands[0]
-        return cmp, cmp_lb, cmp_ub
+    if isinstance(cond, ailment.Expr.BinaryOp):
+        if cond.op in {"CmpLE", "CmpLT"}:
+            if not (isinstance(cond.operands[1], ailment.Expr.Const) and isinstance(cond.operands[1].value, int)):
+                return None
+            cmp_ub = cond.operands[1].value if cond.op == "CmpLE" else cond.operands[1].value - 1
+            cmp_lb = 0
+            cmp = cond.operands[0]
+            if (
+                isinstance(cmp, ailment.Expr.BinaryOp)
+                and cmp.op == "Sub"
+                and isinstance(cmp.operands[1], ailment.Expr.Const)
+                and isinstance(cmp.operands[1].value, int)
+            ):
+                cmp_ub += cmp.operands[1].value
+                cmp_lb += cmp.operands[1].value
+                cmp = cmp.operands[0]
+            return cmp, cmp_lb, cmp_ub
+
+        if cond.op in {"CmpGE", "CmpGT"}:
+            # We got the negated condition here
+            #  CmpGE -> CmpLT
+            #  CmpGT -> CmpLE
+            if not (isinstance(cond.operands[1], ailment.Expr.Const) and isinstance(cond.operands[1].value, int)):
+                return None
+            cmp_ub = cond.operands[1].value if cond.op == "CmpGT" else cond.operands[1].value - 1
+            cmp_lb = 0
+            cmp = cond.operands[0]
+            if (
+                isinstance(cmp, ailment.Expr.BinaryOp)
+                and cmp.op == "Sub"
+                and isinstance(cmp.operands[1], ailment.Expr.Const)
+                and isinstance(cmp.operands[1].value, int)
+            ):
+                cmp_ub += cmp.operands[1].value
+                cmp_lb += cmp.operands[1].value
+                cmp = cmp.operands[0]
+            return cmp, cmp_lb, cmp_ub
 
     return None
 
@@ -315,7 +336,7 @@ def switch_extract_bitwiseand_jumptable_info(last_stmt: ailment.Stmt.Jump) -> tu
     coeff = None
     index_expr = None
     lb = None
-    ub = None
+    ub: int | None = None
     while expr is not None:
         if isinstance(expr, ailment.Expr.BinaryOp):
             if expr.op == "Mul":
@@ -331,12 +352,12 @@ def switch_extract_bitwiseand_jumptable_info(last_stmt: ailment.Stmt.Jump) -> tu
                 masks = {0x1, 0x3, 0x7, 0xF, 0x1F, 0x3F, 0x7F, 0xFF, 0x1FF, 0x3FF}
                 if isinstance(expr.operands[1], ailment.Expr.Const) and expr.operands[1].value in masks:
                     lb = 0
-                    ub = expr.operands[1].value
+                    ub = expr.operands[1].value  # type:ignore
                     index_expr = expr
                     break
                 if isinstance(expr.operands[0], ailment.Expr.Const) and expr.operands[1].value in masks:
                     lb = 0
-                    ub = expr.operands[0].value
+                    ub = expr.operands[0].value  # type:ignore
                     index_expr = expr
                     break
                 return None
@@ -366,7 +387,7 @@ def get_ast_subexprs(claripy_ast):
             yield ast
 
 
-def insert_node(parent, insert_location: str, node, node_idx: int | tuple[int] | None, label=None):
+def insert_node(parent, insert_location: str, node, node_idx: int, label=None):
     if insert_location not in {"before", "after"}:
         raise ValueError('"insert_location" must be either "before" or "after"')
 
@@ -538,12 +559,13 @@ def is_empty_or_label_only_node(node) -> bool:
 
 
 def has_nonlabel_statements(block: ailment.Block) -> bool:
-    return block.statements and any(not isinstance(stmt, ailment.Stmt.Label) for stmt in block.statements)
+    return bool(block.statements and any(not isinstance(stmt, ailment.Stmt.Label) for stmt in block.statements))
 
 
 def has_nonlabel_nonphi_statements(block: ailment.Block) -> bool:
-    return block.statements and any(
-        not (isinstance(stmt, ailment.Stmt.Label) or is_phi_assignment(stmt)) for stmt in block.statements
+    return bool(
+        block.statements
+        and any(not (isinstance(stmt, ailment.Stmt.Label) or is_phi_assignment(stmt)) for stmt in block.statements)
     )
 
 
@@ -589,6 +611,19 @@ def last_nonlabel_statement(block: ailment.Block) -> ailment.Stmt.Statement | No
     return None
 
 
+def last_node(node: BaseNode) -> BaseNode | ailment.Block | None:
+    """
+    Get the last node in a sequence or code node.
+    """
+    if isinstance(node, CodeNode):
+        return last_node(node.node)
+    if isinstance(node, SequenceNode):
+        if not node.nodes:
+            return None
+        return last_node(node.nodes[-1])
+    return node
+
+
 def first_nonlabel_node(seq: SequenceNode) -> BaseNode | ailment.Block | None:
     for node in seq.nodes:
         inner_node = node.node if isinstance(node, CodeNode) else node
@@ -672,7 +707,9 @@ def _find_node_in_graph(node: ailment.Block, graph: networkx.DiGraph) -> ailment
     return None
 
 
-def structured_node_has_multi_predecessors(node: SequenceNode | MultiNode, graph: networkx.DiGraph) -> bool:
+def structured_node_has_multi_predecessors(
+    node: SequenceNode | MultiNode | ailment.Block, graph: networkx.DiGraph
+) -> bool:
     if graph is None:
         return False
 
@@ -728,6 +765,7 @@ def structured_node_is_simple_return(
     if valid_last_stmt:
         # note that the block may not be the same block in the AIL graph post dephication. we must find the block again
         # in the graph.
+        assert isinstance(last_block, ailment.Block)
         last_graph_block = _find_node_in_graph(last_block, graph)
         if last_graph_block is not None:
             succs = list(graph.successors(last_graph_block))
@@ -927,6 +965,7 @@ def peephole_optimize_multistmts(block, stmt_opts):
                         break
 
                 if matched:
+                    assert stmt_seq_len is not None
                     matched_stmts = statements[stmt_idx : stmt_idx + stmt_seq_len]
                     r = opt.optimize(matched_stmts, stmt_idx=stmt_idx, block=block)
                     if r is not None:
@@ -1036,7 +1075,11 @@ def decompile_functions(
             _l.critical("Failed to decompile %s because %s", repr(f), exception_string)
             decompilation += f"// [error: {func} | {exception_string}]\n"
         else:
-            decompilation += dec.codegen.text + "\n"
+            if dec is not None and dec.codegen is not None and dec.codegen.text is not None:
+                decompilation += dec.codegen.text
+            else:
+                decompilation += "Invalid decompilation output"
+            decompilation += "\n"
 
     return decompilation
 

angr/analyses/deobfuscator/string_obf_finder.py

@@ -173,10 +173,8 @@ class StringObfuscationFinder(Analysis):
                 continue
 
             # decompile this function and see if it "looks like" a deobfuscation function
-            try:
-                dec = self.project.analyses.Decompiler(func, cfg=cfg)
-            except Exception:  # pylint:disable=broad-exception-caught
-                continue
+            with self._resilience():
+                dec = self.project.analyses.Decompiler(func, cfg=cfg, fail_fast=self._fail_fast)  # type:ignore
             if (
                 dec.codegen is None
                 or not dec.codegen.text
@@ -470,10 +468,13 @@ class StringObfuscationFinder(Analysis):
                 continue
 
             # decompile this function and see if it "looks like" a deobfuscation function
-            try:
-                dec = self.project.analyses.Decompiler(func, cfg=cfg, expr_collapse_depth=64)
-            except Exception:  # pylint:disable=broad-exception-caught
-                continue
+            with self._resilience():
+                dec = self.project.analyses.Decompiler(
+                    func,
+                    cfg=cfg,
+                    expr_collapse_depth=64,
+                    fail_fast=self._fail_fast,  # type:ignore
+                )
             if (
                 dec.codegen is None
                 or not dec.codegen.text
@@ -666,11 +667,9 @@ class StringObfuscationFinder(Analysis):
                 continue
 
             # take a look at the content
-            try:
-                dec = self.project.analyses.Decompiler(func, cfg=cfg)
-            except Exception:  # pylint:disable=broad-exception-caught
+            with self._resilience():
                 # catch all exceptions
-                continue
+                dec = self.project.analyses.Decompiler(func, cfg=cfg, fail_fast=self._fail_fast)  # type:ignore
             if dec.codegen is None or not dec.codegen.text:
                 continue
 
@@ -736,7 +735,7 @@ class StringObfuscationFinder(Analysis):
         callinsn2content = {}
         for idx, call_site in enumerate(call_sites):
             _l.debug("Analyzing type 3 candidate call site %#x (%d/%d)...", call_site.addr, idx + 1, len(call_sites))
-            assert call_site.function_address is not None
+            assert call_site.function_address is not None and isinstance(call_site.function_address, int)
             data, _ = self._type3_prepare_and_execute(func_addr, call_site.addr, call_site.function_address, cfg)
             if data:
                 callinsn2content[call_site.instruction_addrs[-1]] = data
@@ -831,7 +830,7 @@ class StringObfuscationFinder(Analysis):
                     # at least a byte
                     continue
                 con = prop_state.load_register(reg_offset, reg_width // 8)
-                if isinstance(con, claripy.ast.Base) and con.op == "BVV":
+                if isinstance(con, claripy.ast.Base) and con.op == "BVV" and isinstance(con.concrete_value, int):
                     state.registers.store(reg_offset, claripy.BVV(con.concrete_value, reg_width))
                     if reg_offset == state.arch.bp_offset:
                         bp_set = True
@@ -851,7 +850,11 @@ class StringObfuscationFinder(Analysis):
 
         in_state = simgr.active[0]
 
-        cc = default_cc(self.project.arch.name, self.project.simos.name)(self.project.arch)
+        cc_cls = default_cc(self.project.arch.name, self.project.simos.name)
+        assert (
+            cc_cls is not None
+        ), f"Failed to obtain the default calling convention for {self.project.arch.name}-{self.project.simos.name}."
+        cc = cc_cls(self.project.arch)
         cc.STACKARG_SP_BUFF = 0  # disable shadow stack space because the binary code already sets it if needed
         cc.STACK_ALIGNMENT = 1  # disable stack address aligning because the binary code already sets it if needed
         prototype_0 = SimTypeFunction([], SimTypePointer(pts_to=SimTypeBottom(label="void"))).with_arch(
@@ -875,7 +878,7 @@ class StringObfuscationFinder(Analysis):
         out_state = callable_0.result_state
 
         # figure out what was written
-        assert out_state is not None
+        assert out_state is not None and ret_value is not None
         ptr = out_state.memory.load(ret_value, size=self.project.arch.bytes, endness=self.project.arch.memory_endness)
         if out_state.memory.load(ptr, size=4).concrete_value == 0:
             # fall back to using the return value as the pointer

angr/analyses/deobfuscator/string_obf_opt_passes.py

@@ -7,6 +7,7 @@ from angr.ailment import Block
 from angr.ailment.statement import Statement, Call, Assignment
 from angr.ailment.expression import Const, Register, VirtualVariable
 
+from angr.analyses.decompiler.notes.deobfuscated_strings import DeobfuscatedStringsNote
 from angr.analyses.decompiler.optimization_passes.optimization_pass import OptimizationPass, OptimizationPassStage
 from angr.analyses.decompiler.optimization_passes import register_optimization_pass
 
@@ -57,9 +58,11 @@ class StringObfType3Rewriter(OptimizationPass):
                 self.is_call_or_call_assignment(last_stmt)
                 and last_stmt.ins_addr in self.kb.obfuscations.type3_deobfuscated_strings
             ):
-                new_block = self._process_block(
-                    block, self.kb.obfuscations.type3_deobfuscated_strings[block.statements[-1].ins_addr]
-                )
+                the_str = self.kb.obfuscations.type3_deobfuscated_strings[block.statements[-1].ins_addr]
+                if "deobfuscated_strings" not in self.kb.notes:
+                    self.kb.notes["deobfuscated_strings"] = DeobfuscatedStringsNote("deobfuscated_strings")
+                self.kb.notes["deobfuscated_strings"].add_string("3", the_str, ref_addr=last_stmt.ins_addr)
+                new_block = self._process_block(block, the_str)
                 if new_block is not None:
                     self._update_block(block, new_block)
 

angr/analyses/reaching_definitions/engine_vex.py

@@ -434,8 +434,9 @@ class SimEngineRDVEX(
         size = bits // self.arch.byte_width
 
         # convert addr from MultiValues to a list of valid addresses
-        if (one_addr := addr.one_value()) is not None:
-            return self._load_core([one_addr], size, expr.endness)
+        if addr.count() == 1 and 0 in addr:
+            addrs = list(addr[0])
+            return self._load_core(addrs, size, expr.endness)
 
         top = self.state.top(bits)
         # annotate it

angr/procedures/glibc/scanf.py

@@ -7,5 +7,13 @@ class __isoc99_scanf(scanf):
     pass
 
 
+class __isoc23_scanf(scanf):
+    pass
+
+
 class __isoc99_fscanf(fscanf):
     pass
+
+
+class __isoc23_fscanf(fscanf):
+    pass

angr/procedures/glibc/sscanf.py

@@ -4,3 +4,7 @@ from angr.procedures.libc.sscanf import sscanf
 
 class __isoc99_sscanf(sscanf):
     pass
+
+
+class __isoc23_sscanf(sscanf):
+    pass

angr/utils/graph.py

@@ -85,7 +85,7 @@ def to_acyclic_graph(
     return acyclic_graph
 
 
-def dfs_back_edges(graph, start_node):
+def dfs_back_edges(graph, start_node, *, visit_all_nodes: bool = False, visited: set | None = None):
     """
     Perform an iterative DFS traversal of the graph, returning back edges.
 
@@ -96,9 +96,9 @@ def dfs_back_edges(graph, start_node):
     if start_node not in graph:
         return  # Ensures that the start node is in the graph
 
-    visited = set()  # Tracks visited nodes
+    visited = set() if visited is None else visited  # Tracks visited nodes
     finished = set()  # Tracks nodes whose descendants are fully explored
-    stack = [(start_node, iter(graph[start_node]))]
+    stack = [(start_node, iter(sorted(graph[start_node], key=GraphUtils._sort_node)))]
 
     while stack:
         node, children = stack[-1]
@@ -110,11 +110,17 @@ def dfs_back_edges(graph, start_node):
                 if child not in finished:
                     yield node, child  # Found a back edge
             elif child not in finished:  # Check if the child has not been finished
-                stack.append((child, iter(graph[child])))
+                stack.append((child, iter(sorted(graph[child], key=GraphUtils._sort_node))))
         except StopIteration:
             stack.pop()  # Done with this node's children
             finished.add(node)  # Mark this node as finished
 
+    if visit_all_nodes:
+        while len(visited) < len(graph):
+            # If we need to visit all nodes, we can start from unvisited nodes
+            node = sorted(set(graph) - visited, key=GraphUtils._sort_node)[0]
+            yield from dfs_back_edges(graph, node, visited=visited)
+
 
 def subgraph_between_nodes(graph, source, frontier, include_frontier=False):
     """
@@ -594,17 +600,24 @@ class SCCPlaceholder:
     Describes a placeholder for strongly-connected-components in a graph.
     """
 
-    __slots__ = ("scc_id",)
+    __slots__ = (
+        "addr",
+        "scc_id",
+    )
 
-    def __init__(self, scc_id):
+    def __init__(self, scc_id, addr):
         self.scc_id = scc_id
+        self.addr = addr
 
     def __eq__(self, other):
-        return isinstance(other, SCCPlaceholder) and other.scc_id == self.scc_id
+        return isinstance(other, SCCPlaceholder) and other.scc_id == self.scc_id and other.addr == self.addr
 
     def __hash__(self):
         return hash(f"scc_placeholder_{self.scc_id}")
 
+    def __repr__(self):
+        return f"SCCPlaceholder({self.scc_id}, addr={self.addr:#x})"
+
 
 class GraphUtils:
     """
@@ -676,17 +689,17 @@ class GraphUtils:
     @staticmethod
     def dfs_postorder_nodes_deterministic(graph: networkx.DiGraph, source):
         visited = set()
-        stack = [source]
+        stack: list[tuple[Any, bool]] = [(source, True)]  # NodeType, is_pre_visit
         while stack:
-            node = stack[-1]
-            if node not in visited:
+            node, pre_visit = stack.pop()
+            if pre_visit and node not in visited:
                 visited.add(node)
+                stack.append((node, False))
                 for succ in sorted(graph.successors(node), key=GraphUtils._sort_node):
                     if succ not in visited:
-                        stack.append(succ)
-            else:
+                        stack.append((succ, True))
+            elif not pre_visit:
                 yield node
-                stack.pop()
 
     @staticmethod
     def reverse_post_order_sort_nodes(graph, nodes=None):
@@ -759,7 +772,10 @@ class GraphUtils:
         """
 
         # fast path for single node graphs
-        if graph.number_of_nodes() == 1:
+        number_of_nodes = graph.number_of_nodes()
+        if number_of_nodes == 0:
+            return []
+        if number_of_nodes == 1:
             if nodes is None:
                 return list(graph.nodes)
             return [n for n in graph.nodes() if n in nodes]
@@ -768,21 +784,25 @@ class GraphUtils:
         graph_copy = networkx.DiGraph()
 
         # find all strongly connected components in the graph
-        sccs = [scc for scc in networkx.strongly_connected_components(graph) if len(scc) > 1]
+        sccs = sorted(
+            (scc for scc in networkx.strongly_connected_components(graph) if len(scc) > 1),
+            key=lambda x: (len(x), min(node.addr if hasattr(node, "addr") else node for node in x)),
+        )
         comp_indices = {}
         for i, scc in enumerate(sccs):
+            scc_addr = min(node.addr if hasattr(node, "addr") else node for node in scc)
             for node in scc:
                 if node not in comp_indices:
-                    comp_indices[node] = i
+                    comp_indices[node] = (i, scc_addr)
 
         # collapse all strongly connected components
         for src, dst in sorted(graph.edges(), key=GraphUtils._sort_edge):
-            scc_index = comp_indices.get(src)
+            scc_index, scc_addr = comp_indices.get(src, (None, None))
             if scc_index is not None:
-                src = SCCPlaceholder(scc_index)
-            scc_index = comp_indices.get(dst)
+                src = SCCPlaceholder(scc_index, scc_addr)
+            scc_index, scc_addr = comp_indices.get(dst, (None, None))
             if scc_index is not None:
-                dst = SCCPlaceholder(scc_index)
+                dst = SCCPlaceholder(scc_index, scc_addr)
 
             if isinstance(src, SCCPlaceholder) and isinstance(dst, SCCPlaceholder) and src == dst:
                 if src not in graph_copy:
@@ -801,11 +821,28 @@ class GraphUtils:
             if graph.in_degree(node) == 0:
                 graph_copy.add_node(node)
 
-        # topological sort on acyclic graph `graph_copy`
-        tmp_nodes = networkx.topological_sort(graph_copy)
+        class NodeWithAddr:
+            """
+            Temporary node class.
+            """
 
+            def __init__(self, addr: int):
+                self.addr = addr
+
+        # topological sort on acyclic graph `graph_copy`
+        heads = [nn for nn in graph_copy if graph_copy.in_degree[nn] == 0]
+        if len(heads) > 1:
+            head = NodeWithAddr(-1)
+            for real_head in heads:
+                graph_copy.add_edge(head, real_head)
+        else:
+            assert heads
+            head = heads[0]
+        tmp_nodes = reversed(list(GraphUtils.dfs_postorder_nodes_deterministic(graph_copy, head)))
         ordered_nodes = []
         for n in tmp_nodes:
+            if isinstance(n, NodeWithAddr):
+                continue
             if isinstance(n, SCCPlaceholder):
                 GraphUtils._append_scc(
                     graph,
@@ -860,9 +897,10 @@ class GraphUtils:
                 if len(scc_succs) > 1:
                     # calculate the distance between each pair of nodes within scc_succs, pick the one with the
                     # shortest total distance
+                    sorted_scc_succs = sorted(scc_succs, key=GraphUtils._sort_node)
                     scc_node_distance = defaultdict(int)
-                    for scc_succ in scc_succs:
-                        for other_node in scc_succs:
+                    for scc_succ in sorted_scc_succs:
+                        for other_node in sorted_scc_succs:
                             if other_node is scc_succ:
                                 continue
                             scc_node_distance[scc_succ] += networkx.algorithms.shortest_path_length(

{angr-9.2.166.dist-info → angr-9.2.168.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: angr
-Version: 9.2.166
+Version: 9.2.168
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 License: BSD-2-Clause
 Project-URL: Homepage, https://angr.io/
@@ -16,12 +16,12 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: cxxheaderparser
 Requires-Dist: GitPython
-Requires-Dist: archinfo==9.2.166
+Requires-Dist: archinfo==9.2.168
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.166
-Requires-Dist: cle==9.2.166
+Requires-Dist: claripy==9.2.168
+Requires-Dist: cle==9.2.168
 Requires-Dist: mulpyplexer
 Requires-Dist: networkx!=2.8.1,>=2.0
 Requires-Dist: protobuf>=5.28.2
@@ -30,7 +30,7 @@ Requires-Dist: pycparser>=2.18
 Requires-Dist: pydemumble
 Requires-Dist: pyformlang
 Requires-Dist: pypcode<4.0,>=3.2.1
-Requires-Dist: pyvex==9.2.166
+Requires-Dist: pyvex==9.2.168
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy