angr 9.2.175__cp310-abi3-macosx_11_0_arm64.whl → 9.2.176__cp310-abi3-macosx_11_0_arm64.whl

angr/analyses/typehoon/typeconsts.py

@@ -5,6 +5,7 @@ All type constants used in type inference. They can be mapped, translated, or re
 from __future__ import annotations
 
 import functools
+import itertools
 
 
 def memoize(f):
@@ -24,6 +25,9 @@ def memoize(f):
 class TypeConstant:
     SIZE = None
 
+    def __init__(self, name: str | None = None):
+        self.name = name
+
     def pp_str(self, mapping) -> str:  # pylint:disable=unused-argument
         return repr(self)
 
@@ -115,7 +119,8 @@ class Int512(Int):
 
 
 class IntVar(Int):
-    def __init__(self, size):
+    def __init__(self, size, name: str | None = None):
+        super().__init__(name)
         self._size = size
 
     @property
@@ -146,7 +151,8 @@ class Float64(Float):
 
 
 class Pointer(TypeConstant):
-    def __init__(self, basetype: TypeConstant | None):
+    def __init__(self, basetype: TypeConstant | None, name: str | None = None):
+        super().__init__(name=name)
         self.basetype: TypeConstant | None = basetype
 
     def __eq__(self, other):
@@ -169,13 +175,15 @@ class Pointer32(Pointer, Int32):
     32-bit pointers.
     """
 
-    def __init__(self, basetype=None):
-        Pointer.__init__(self, basetype)
+    def __init__(self, basetype=None, name: str | None = None):
+        Pointer.__init__(self, basetype, name=name)
+        Int32.__init__(self, name=name)
 
     @memoize
     def __repr__(self, memo=None):
         bt = self.basetype.__repr__(memo=memo) if isinstance(self.basetype, TypeConstant) else repr(self.basetype)
-        return f"ptr32({bt})"
+        name_str = f"{self.name}#" if self.name else ""
+        return f"{name_str}ptr32({bt})"
 
 
 class Pointer64(Pointer, Int64):
@@ -183,17 +191,20 @@ class Pointer64(Pointer, Int64):
     64-bit pointers.
     """
 
-    def __init__(self, basetype=None):
-        Pointer.__init__(self, basetype)
+    def __init__(self, basetype=None, name: str | None = None):
+        Pointer.__init__(self, basetype, name=name)
+        Int64.__init__(self, name=name)
 
     @memoize
     def __repr__(self, memo=None):
         bt = self.basetype.__repr__(memo=memo) if isinstance(self.basetype, TypeConstant) else repr(self.basetype)
-        return f"ptr64({bt})"
+        name_str = f"{self.name}#" if self.name else ""
+        return f"{name_str}ptr64({bt})"
 
 
 class Array(TypeConstant):
-    def __init__(self, element=None, count=None):
+    def __init__(self, element=None, count=None, name: str | None = None):
+        super().__init__(name=name)
         self.element: TypeConstant | None = element
         self.count: int | None = count
 
@@ -222,18 +233,22 @@ class Array(TypeConstant):
         return self._hash(set())
 
 
+_STRUCT_ID = itertools.count()
+
+
 class Struct(TypeConstant):
-    def __init__(self, fields=None, name=None, field_names=None, is_cppclass: bool = False):
+    def __init__(self, fields=None, name=None, field_names=None, is_cppclass: bool = False, idx: int = -1):
+        super().__init__(name=name)
         self.fields = {} if fields is None else fields  # offset to type
-        self.name = name
         self.field_names = field_names
         self.is_cppclass = is_cppclass
+        self.idx = idx if idx != -1 else next(_STRUCT_ID)
 
     def _hash(self, visited: set[int]):
         if id(self) in visited:
             return 0
         visited.add(id(self))
-        return hash((type(self), self._hash_fields(visited)))
+        return hash((type(self), self.idx, self._hash_fields(visited)))
 
     def _hash_fields(self, visited: set[int]):
         keys = sorted(self.fields.keys())
@@ -252,6 +267,7 @@ class Struct(TypeConstant):
     @memoize
     def __repr__(self, memo=None):
         prefix = "CppClass" if self.is_cppclass else "struct"
+        prefix += f"#{self.idx}"
         if self.name:
             prefix = f"{prefix} {self.name}"
         return (
@@ -262,14 +278,15 @@ class Struct(TypeConstant):
         )
 
     def __eq__(self, other):
-        return type(other) is type(self) and hash(self) == hash(other)
+        return type(other) is type(self) and self.idx == other.idx and hash(self) == hash(other)
 
     def __hash__(self):
         return self._hash(set())
 
 
 class Function(TypeConstant):
-    def __init__(self, params: list, outputs: list):
+    def __init__(self, params: list, outputs: list, name: str | None = None):
+        super().__init__(name=name)
         self.params = params
         self.outputs = outputs
 
@@ -298,7 +315,8 @@ class Function(TypeConstant):
 
 
 class TypeVariableReference(TypeConstant):
-    def __init__(self, typevar):
+    def __init__(self, typevar, name: str | None = None):
+        super().__init__(name=name)
         self.typevar = typevar
 
     def __repr__(self, memo=None):

angr/analyses/typehoon/typevars.py

@@ -559,20 +559,27 @@ class ReinterpretAs(BaseLabel):
 
 
 class HasField(BaseLabel):
+    """
+    Has a field of the given bit size * elem_count at the given offset.
+    """
+
     __slots__ = (
         "bits",
+        "elem_count",
         "offset",
     )
 
-    def __init__(self, bits, offset):
+    def __init__(self, bits, offset, elem_count: int = 1):
         self.bits = bits
         self.offset = offset
+        self.elem_count = elem_count
         super().__init__()
 
     def __repr__(self):
         if self.bits == MAX_POINTSTO_BITS:
             return f"<MAX_POINTSTO_BITS>@{self.offset}"
-        return f"<{self.bits} bits>@{self.offset}"
+        elem_str = str(self.elem_count) if self.elem_count != 1 else ""
+        return f"<{self.bits} bits>@{self.offset}{elem_str}"
 
 
 class IsArray(BaseLabel):

angr/analyses/variable_recovery/engine_ail.py

@@ -34,6 +34,7 @@ class SimEngineVRAIL(
     def __init__(
         self,
         *args,
+        type_lifter: TypeLifter,
         call_info=None,
         vvar_to_vvar: dict[int, int] | None,
         vvar_type_hints: dict[int, typeconsts.TypeConstant] | None = None,
@@ -44,6 +45,7 @@ class SimEngineVRAIL(
         self._reference_spoffset: bool = False
         self.call_info = call_info or {}
         self.vvar_to_vvar = vvar_to_vvar
+        self.type_lifter = type_lifter
 
     def _mapped_vvarid(self, vvar_id: int) -> int | None:
         if self.vvar_to_vvar is not None and vvar_id in self.vvar_to_vvar:
@@ -195,7 +197,7 @@ class SimEngineVRAIL(
                     arg_type = (
                         dereference_simtype_by_lib(arg_type, prototype_libname) if prototype_libname else arg_type
                     )
-                    arg_ty = TypeLifter(self.arch.bits).lift(arg_type)
+                    arg_ty = self.type_lifter.lift(arg_type)
                     type_constraint = typevars.Subtype(arg.typevar, arg_ty)
                     self.state.add_type_constraint(type_constraint)
 
@@ -282,7 +284,7 @@ class SimEngineVRAIL(
                     arg_type = (
                         dereference_simtype_by_lib(arg_type, prototype_libname) if prototype_libname else arg_type
                     )
-                    arg_ty = TypeLifter(self.arch.bits).lift(arg_type)
+                    arg_ty = self.type_lifter.lift(arg_type)
                     if arg.typevar is not None and isinstance(
                         arg_ty, (typeconsts.TypeConstant, typevars.TypeVariable, typevars.DerivedTypeVariable)
                     ):

angr/analyses/variable_recovery/engine_base.py

@@ -277,7 +277,10 @@ class SimEngineVRBase(
         variable, _ = existing_vars[0]
 
         if not self.state.typevars.has_type_variable_for(variable):
-            variable_typevar = typevars.TypeVariable()
+            if isinstance(variable, SimStackVariable) and variable.offset in self.state.stack_offset_typevars:
+                variable_typevar = self.state.stack_offset_typevars[variable.offset]
+            else:
+                variable_typevar = typevars.TypeVariable()
             self.state.typevars.add_type_variable(variable, variable_typevar)
         # we do not add any type constraint here because we are not sure if the given memory address will ever be
         # accessed or not

angr/analyses/variable_recovery/variable_recovery_fast.py

@@ -284,6 +284,7 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
         self._unify_variables = unify_variables
 
         # handle type hints
+        self.type_lifter = TypeLifter(self.project.arch.bits)
         self.vvar_type_hints = {}
         if type_hints:
             self._parse_type_hints(type_hints)
@@ -294,6 +295,7 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
             call_info=call_info,
             vvar_to_vvar=self.vvar_to_vvar,
             vvar_type_hints=self.vvar_type_hints,
+            type_lifter=self.type_lifter,
         )
         self._vex_engine: SimEngineVRVEX = SimEngineVRVEX(self.project, self.kb, call_info=call_info)
 
@@ -654,7 +656,7 @@ class VariableRecoveryFast(ForwardAnalysis, VariableRecoveryBase):  # pylint:dis
         if ty is None:
             return None
         ty = ty.with_arch(self.project.arch)
-        lifted = TypeLifter(self.project.arch.bits).lift(ty)
+        lifted = self.type_lifter.lift(ty)
         return None if isinstance(lifted, (BottomType, TopType)) else lifted
 
 

angr/engines/icicle.py

@@ -8,7 +8,7 @@ from dataclasses import dataclass
 from typing_extensions import override
 
 import pypcode
-from archinfo import Arch, Endness
+from archinfo import Arch, Endness, ArchARMCortexM
 
 from angr.engines.concrete import ConcreteEngine, HeavyConcreteState
 from angr.engines.failure import SimEngineFailure
@@ -84,11 +84,11 @@ class IcicleEngine(ConcreteEngine):
         return icicle_arch.startswith(("arm", "thumb"))
 
     @staticmethod
-    def __is_thumb(icicle_arch: str, addr: int) -> bool:
+    def __is_thumb(angr_arch: Arch, icicle_arch: str, addr: int) -> bool:
         """
         Check if the architecture is thumb based on the address.
         """
-        return IcicleEngine.__is_arm(icicle_arch) and addr & 1 == 1
+        return isinstance(angr_arch, ArchARMCortexM) or (IcicleEngine.__is_arm(icicle_arch) and addr & 1 == 1)
 
     @staticmethod
     def __get_pages(state: HeavyConcreteState) -> set[int]:
@@ -138,7 +138,7 @@ class IcicleEngine(ConcreteEngine):
                 log.debug("Register %s not found in icicle", register)
 
         # Unset the thumb bit if necessary
-        if IcicleEngine.__is_thumb(icicle_arch, state.addr):
+        if IcicleEngine.__is_thumb(state.arch, icicle_arch, state.addr):
             emu.pc = state.addr & ~1
             emu.isa_mode = 1
         elif "arm" in icicle_arch:  # Hack to work around us calling it r15t

angr/engines/vex/claripy/ccall.py

@@ -343,7 +343,7 @@ def pc_make_rdata_if_necessary(nbits, cf, pf, af, zf, sf, of, platform=None):
 
 
 def pc_actions_ADD(state, nbits, arg_l, arg_r, cc_ndep, platform=None):
-    data_mask, sign_mask = pc_preamble(nbits)
+    data_mask, _sign_mask = pc_preamble(nbits)
     res = arg_l + arg_r
 
     cf = claripy.If(claripy.ULT(res, arg_l), claripy.BVV(1, 1), claripy.BVV(0, 1))
@@ -701,7 +701,7 @@ def pc_calculate_rdata_all(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=Non
 def pc_calculate_condition(state, cond, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=None):
     rdata_all = pc_calculate_rdata_all_WRK(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=platform)
     if isinstance(rdata_all, tuple):
-        cf, pf, af, zf, sf, of = rdata_all
+        cf, pf, _af, zf, sf, of = rdata_all
         v = op_concretize(cond)
 
         inv = v & 1
@@ -993,7 +993,7 @@ def pc_calculate_rdata_c(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=None)
     rdata_all = pc_calculate_rdata_all_WRK(state, cc_op, cc_dep1, cc_dep2, cc_ndep, platform=platform)
 
     if isinstance(rdata_all, tuple):
-        cf, pf, af, zf, sf, of = rdata_all
+        cf, _pf, _af, _zf, _sf, _of = rdata_all
         return claripy.Concat(claripy.BVV(0, data[platform]["size"] - 1), cf & 1)
     return claripy.LShR(rdata_all, data[platform]["CondBitOffsets"]["G_CC_SHIFT_C"]) & 1
 

angr/knowledge_plugins/functions/function.py

@@ -1750,6 +1750,23 @@ class Function(Serializable):
         _find_called(self.addr)
         return {self._function_manager.function(a) for a in called}
 
+    def holes(self, min_size: int = 8) -> int:
+        """
+        Find the number of non-consecutive areas in the function that are at least `min_size` bytes large.
+        """
+
+        block_addrs = sorted(self._local_block_addrs)
+        if not block_addrs:
+            return 0
+        holes = 0
+        for i, addr in enumerate(block_addrs):
+            if i == len(block_addrs) - 1:
+                break
+            next_addr = block_addrs[i + 1]
+            if next_addr > addr + self._block_sizes[addr] and next_addr - (addr + self._block_sizes[addr]) >= min_size:
+                holes += 1
+        return holes
+
     def copy(self):
         func = Function(self._function_manager, self.addr, name=self.name, syscall=self.is_syscall)
         func.transition_graph = networkx.DiGraph(self.transition_graph)

angr/procedures/posix/pthread.py

@@ -52,20 +52,20 @@ class pthread_cond_signal(angr.SimProcedure):
 
 class pthread_mutex_lock(angr.SimProcedure):
     """
-    A no-op.
+    Always returns 0 (SUCCESS).
     """
 
     def run(self, arg):
-        pass
+        return 0
 
 
 class pthread_mutex_unlock(angr.SimProcedure):
     """
-    A no-op.
+    Always returns 0 (SUCCESS).
     """
 
     def run(self, arg):
-        pass
+        return 0
 
 
 class pthread_once(angr.SimProcedure):

angr/procedures/stubs/format_parser.py

@@ -99,11 +99,11 @@ class FormatString:
                     elif fmt_spec.spec_type == b"c":
                         s_val = chr(c_val & 0xFF)
                     elif fmt_spec.spec_type == b"x":
-                        s_val = hex(c_val)[2:]
+                        s_val = f"{c_val:x}"[2:]
                     elif fmt_spec.spec_type == b"o":
-                        s_val = oct(c_val)[2:]
+                        s_val = f"{c_val:o}"[2:]
                     elif fmt_spec.spec_type == b"p":
-                        s_val = hex(c_val)
+                        s_val = f"{c_val:x}"
                     else:
                         raise SimProcedureError(f"Unimplemented format specifier '{fmt_spec.spec_type}'")
 

angr/sim_type.py

@@ -872,6 +872,8 @@ class SimTypePointer(SimTypeReg):
         self, name=None, full=0, memo=None, indent=0, name_parens: bool = True
     ):  # pylint: disable=unused-argument
         # if pts_to is SimTypeBottom, we return a void*
+        if self.label is not None and name is not None:
+            return super().c_repr(name=name, full=full, memo=memo, indent=indent, name_parens=name_parens)
         if isinstance(self.pts_to, SimTypeBottom):
             out = "void*"
             if name is None:
@@ -2192,10 +2194,10 @@ class SimTypeRef(SimType):
     ) -> str:  # pylint: disable=unused-argument
         prefix = "unknown"
         if self.original_type is SimStruct:
-            prefix = "struct"
+            prefix = "struct "
         if name is None:
             name = ""
-        return f"{prefix}{name} {self.name}"
+        return f"{prefix}{self.label} {name}"
 
     def _init_str(self) -> str:
         original_type_name = self.original_type.__name__.split(".")[-1]
@@ -3752,7 +3754,7 @@ def _cpp_decl_to_type(
         for idx, param in enumerate(the_func.parameters):
             arg_type = param.type
             args.append(_cpp_decl_to_type(arg_type, extra_types, opaque_classes=opaque_classes))
-            arg_name = param.name if param.name is not None else f"unknown_{idx}"
+            arg_name = param.name if param.name is not None else f"arg_{idx}"
             arg_names.append(arg_name)
 
         args = tuple(args)
@@ -3799,7 +3801,7 @@ def _cpp_decl_to_type(
         for idx, param in enumerate(the_func.parameters):
             arg_type = param.type
             args.append(_cpp_decl_to_type(arg_type, extra_types, opaque_classes=opaque_classes))
-            arg_name = param.name if param.name is not None else f"unknown_{idx}"
+            arg_name = param.name if param.name is not None else f"arg_{idx}"
             arg_names.append(arg_name)
 
         args = tuple(args)
@@ -3821,8 +3823,11 @@ def _cpp_decl_to_type(
         elif lbl in ALL_TYPES:
             t = ALL_TYPES[lbl]
         elif opaque_classes is True:
-            # create a class without knowing the internal members
-            t = SimCppClass(unique_name=lbl, name=lbl, members={}, size=32)
+            # create a struct or a class without knowing the internal members
+            if decl.typename.classkey == "struct":
+                t = SimTypeRef(lbl.removeprefix("struct "), SimStruct)
+            else:
+                t = SimCppClass(unique_name=lbl, name=lbl, members={}, size=32)
         else:
             raise TypeError(f'Unknown type "{lbl}"')
 

angr/simos/windows.py

@@ -440,7 +440,7 @@ class SimWindows(SimOS):
         :param state:               The state to get the syscall number from
         :param allow_unsupported:   Whether to return a "dummy" sycall instead of raising an unsupported exception
         """
-        if state.block(state.history.jump_source).bytes.hex() == "cd29":  # int 29h
+        if state.history.jump_source and state.block(state.history.jump_source).bytes.hex() == "cd29":  # int 29h
             return self.fastfail
         return None
 

angr/storage/memory_mixins/paged_memory/page_backer_mixins.py

@@ -192,7 +192,7 @@ class ConcreteBackerMixin(ClemoryBackerMixin):
 
         try:
             backer_iter = self._clemory_backer.backers(addr)
-            backer_start, backer = next(backer_iter)
+            backer_start, _backer = next(backer_iter)
         except StopIteration:
             return super()._initialize_page(pageno, permissions=permissions, **kwargs)
 

angr/utils/constants.py

@@ -6,4 +6,4 @@ MAX_POINTSTO_BITS = -1330 * 8
 
 
 def is_alignment_mask(n):
-    return n in {0xFFFFFFFFFFFFFFE0, 0xFFFFFFFFFFFFFFF0, 0xFFFFFFE0, 0xFFFFFFF0, 0xFFFFFFFC, 0xFFFFFFF8}
+    return n in {0xFFFFFFFFFFFFFFE0, 0xFFFFFFFFFFFFFFF0, 0xFFFFFFC0, 0xFFFFFFE0, 0xFFFFFFF0, 0xFFFFFFFC, 0xFFFFFFF8}

angr/utils/strings.py

@@ -0,0 +1,20 @@
+from __future__ import annotations
+
+
+def decode_utf16_string(data: bytes) -> str:
+    """
+    Decode a UTF-16 encoded string from a bytes object in a resilient manner.
+
+    :param data: The bytes object containing the UTF-16 encoded string.
+    :param errors: The error handling scheme. Default is 'strict'.
+                   Other options include 'ignore', 'replace', etc.
+    :return: The decoded string.
+    """
+    if len(data) % 2 == 1:
+        data = data[:-1]  # Trim off the last byte if the length is odd
+
+    # If no BOM, try to decode as little-endian first
+    try:
+        return data.decode("utf-16-le")
+    except UnicodeDecodeError:
+        return "<utf16-decode-error>"

{angr-9.2.175.dist-info → angr-9.2.176.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: angr
-Version: 9.2.175
+Version: 9.2.176
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 License: BSD-2-Clause
 Project-URL: Homepage, https://angr.io/
@@ -16,12 +16,12 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: cxxheaderparser
 Requires-Dist: GitPython
-Requires-Dist: archinfo==9.2.175
+Requires-Dist: archinfo==9.2.176
 Requires-Dist: cachetools
 Requires-Dist: capstone==5.0.3
 Requires-Dist: cffi>=1.14.0
-Requires-Dist: claripy==9.2.175
-Requires-Dist: cle==9.2.175
+Requires-Dist: claripy==9.2.176
+Requires-Dist: cle==9.2.176
 Requires-Dist: msgspec
 Requires-Dist: mulpyplexer
 Requires-Dist: networkx!=2.8.1,>=2.0
@@ -31,7 +31,7 @@ Requires-Dist: pycparser>=2.18
 Requires-Dist: pydemumble
 Requires-Dist: pyformlang
 Requires-Dist: pypcode<4.0,>=3.2.1
-Requires-Dist: pyvex==9.2.175
+Requires-Dist: pyvex==9.2.176
 Requires-Dist: rich>=13.1.0
 Requires-Dist: sortedcontainers
 Requires-Dist: sympy