angr 9.2.83__py3-none-win_amd64.whl → 9.2.85__py3-none-win_amd64.whl

angr/__init__.py

@@ -1,7 +1,7 @@
 # pylint: disable=wildcard-import
 # pylint: disable=wrong-import-position
 
-__version__ = "9.2.83"
+__version__ = "9.2.85"
 
 if bytes is str:
     raise Exception(

angr/analyses/cfg/cfg_base.py

@@ -308,6 +308,9 @@ class CFGBase(Analysis):
         self._jobs_to_analyze_per_function = defaultdict(set)
         self._completed_functions = set()
 
+    def _function_completed(self, func_addr: int):
+        pass
+
     def _post_analysis(self):
         if self._normalize:
             if not self.normalized:
@@ -1478,7 +1481,9 @@ class CFGBase(Analysis):
 
         finished = self._get_finished_functions()
         for func_addr in finished:
-            self._completed_functions.add(func_addr)
+            if func_addr not in self._completed_functions:
+                self._function_completed(func_addr)
+                self._completed_functions.add(func_addr)
         self._cleanup_analysis_jobs(finished_func_addrs=finished)
 
     #

angr/analyses/cfg/cfg_fast.py

@@ -1399,6 +1399,28 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
     def _post_job_handling(self, job, new_jobs, successors):
         pass
 
+    def _function_completed(self, func_addr: int):
+        if self._collect_data_ref and self.project is not None and ":" in self.project.arch.name:
+            # this is a pcode arch - use Clinic to recover data references
+
+            if not self.kb.functions.contains_addr(func_addr):
+                return
+
+            # we add an arbitrary limit to function sizes for now to ensure we are now slowing down CFG recovery by too
+            # much. we can remove this limit once we significantly speed up RDA and Propagator.
+
+            func = self.kb.functions.get_by_addr(func_addr)
+            if func.is_plt or func.is_simprocedure or func.is_syscall:
+                return
+            if not (1 <= len(func.block_addrs_set) < 15):
+                return
+
+            from angr.analyses.decompiler.clinic import ClinicMode  # pylint:disable=wrong-import-position
+
+            clinic = self.project.analyses.Clinic(func, mode=ClinicMode.COLLECT_DATA_REFS)
+            for irsb_addr, refs in clinic.data_refs.items():
+                self._process_irsb_data_refs(irsb_addr, refs)
+
     def _job_queue_empty(self):
         if self._pending_jobs:
             # fastpath
@@ -2635,14 +2657,14 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
         """
 
         if irsb.data_refs:
-            self._process_irsb_data_refs(irsb)
+            self._process_irsb_data_refs(irsb.addr, irsb.data_refs)
         elif irsb.statements:
             # for each statement, collect all constants that are referenced or used.
             self._collect_data_references_by_scanning_stmts(irsb, irsb_addr)
 
-    def _process_irsb_data_refs(self, irsb):
-        assumption = self._decoding_assumptions.get(irsb.addr & ~1)
-        for ref in irsb.data_refs:
+    def _process_irsb_data_refs(self, irsb_addr, data_refs):
+        assumption = self._decoding_assumptions.get(irsb_addr & ~1)
+        for ref in data_refs:
             if ref.data_type_str == "integer(store)":
                 data_type_str = "integer"
                 is_store = True
@@ -2658,7 +2680,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
                         assumption.add_data_seg(ref.data_addr, ref.data_size)
 
             self._add_data_reference(
-                irsb.addr,
+                irsb_addr,
                 ref.stmt_idx,
                 ref.ins_addr,
                 ref.data_addr,
@@ -2667,9 +2689,9 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             )
 
             if ref.data_size == self.project.arch.bytes and is_arm_arch(self.project.arch):
-                self._process_irsb_data_ref_inlined_data(irsb, ref)
+                self._process_irsb_data_ref_inlined_data(irsb_addr, ref)
 
-    def _process_irsb_data_ref_inlined_data(self, irsb, ref):
+    def _process_irsb_data_ref_inlined_data(self, irsb_addr: int, ref):
         # ARM (and maybe a few other architectures as well) has inline pointers
         sec = self.project.loader.find_section_containing(ref.data_addr)
         if sec is not None and sec.is_readable and not sec.is_writable:
@@ -2682,7 +2704,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             if sec_2nd is not None and sec_2nd.is_readable and not sec_2nd.is_writable:
                 # found it!
                 self._add_data_reference(
-                    irsb.addr,
+                    irsb_addr,
                     ref.stmt_idx,
                     ref.ins_addr,
                     v,
@@ -2717,7 +2739,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             # - For all other instructions that use labels, the value of the PC is the address of the current
             #   instruction plus 4 bytes, with bit[1] of the result cleared to 0 to make it word-aligned.
             #
-            if (irsb.addr & 1) == 1:
+            if (irsb_addr & 1) == 1:
                 actual_ref_ins_addr = ref.ins_addr + 2
                 v += 4 + actual_ref_ins_addr
                 v &= 0xFFFF_FFFF_FFFF_FFFE
@@ -2728,7 +2750,7 @@ class CFGFast(ForwardAnalysis[CFGNode, CFGNode, CFGJob, int], CFGBase):  # pylin
             if sec_3rd is not None and sec_3rd.is_readable and not sec_3rd.is_writable:
                 # found it!
                 self._add_data_reference(
-                    irsb.addr, ref.stmt_idx, actual_ref_ins_addr, v, data_size=None, data_type=MemoryDataSort.Unknown
+                    irsb_addr, ref.stmt_idx, actual_ref_ins_addr, v, data_size=None, data_type=MemoryDataSort.Unknown
                 )
 
     def _collect_data_references_by_scanning_stmts(self, irsb, irsb_addr):

angr/analyses/decompiler/clinic.py

@@ -1,6 +1,8 @@
 import copy
 from collections import defaultdict, namedtuple
 import logging
+import enum
+from dataclasses import dataclass
 from typing import Dict, List, Tuple, Set, Optional, Iterable, Union, Type, Any, NamedTuple, TYPE_CHECKING
 
 import networkx
@@ -9,6 +11,7 @@ import ailment
 
 from ...knowledge_base import KnowledgeBase
 from ...knowledge_plugins.functions import Function
+from ...knowledge_plugins.cfg.memory_data import MemoryDataSort
 from ...codenode import BlockNode
 from ...utils import timethis
 from ...calling_conventions import SimRegArg, SimStackArg, SimStructArg, SimFunctionArgument
@@ -43,6 +46,29 @@ l = logging.getLogger(name=__name__)
 BlockCache = namedtuple("BlockCache", ("rd", "prop"))
 
 
+class ClinicMode(enum.Enum):
+    """
+    Analysis mode for Clinic.
+    """
+
+    DECOMPILE = 1
+    COLLECT_DATA_REFS = 2
+
+
+@dataclass
+class DataRefDesc:
+    """
+    The fields of this class is compatible with items inside IRSB.data_refs.
+    """
+
+    data_addr: int
+    data_size: int
+    block_addr: int
+    stmt_idx: int
+    ins_addr: int
+    data_type_str: str
+
+
 class Clinic(Analysis):
     """
     A Clinic deals with AILments.
@@ -66,8 +92,9 @@ class Clinic(Analysis):
         reset_variable_names=False,
         rewrite_ites_to_diamonds=True,
         cache: Optional["DecompilationCache"] = None,
+        mode: ClinicMode = ClinicMode.DECOMPILE,
     ):
-        if not func.normalized:
+        if not func.normalized and mode == ClinicMode.DECOMPILE:
             raise ValueError("Decompilation must work on normalized function graphs.")
 
         self.function = func
@@ -77,6 +104,7 @@ class Clinic(Analysis):
         self.arg_list = None
         self.variable_kb = variable_kb
         self.externs: Set[SimMemoryVariable] = set()
+        self.data_refs: Dict[int, int] = {}  # data address to instruction address
 
         self._func_graph: Optional[networkx.DiGraph] = None
         self._ail_manager = None
@@ -94,6 +122,7 @@ class Clinic(Analysis):
         self._rewrite_ites_to_diamonds = rewrite_ites_to_diamonds
         self.reaching_definitions: Optional[ReachingDefinitionsAnalysis] = None
         self._cache = cache
+        self._mode = mode
 
         self._register_save_areas_removed: bool = False
 
@@ -109,7 +138,12 @@ class Clinic(Analysis):
             self._optimization_passes = get_default_optimization_passes(self.project.arch, self.project.simos.name)
             l.debug("Get %d optimization passes for the current binary.", len(self._optimization_passes))
 
-        self._analyze()
+        if self._mode == ClinicMode.DECOMPILE:
+            self._analyze_for_decompiling()
+        elif self._mode == ClinicMode.COLLECT_DATA_REFS:
+            self._analyze_for_data_refs()
+        else:
+            raise TypeError(f"Unsupported analysis mode {self._mode}")
 
     #
     # Public methods
@@ -146,7 +180,7 @@ class Clinic(Analysis):
     # Private methods
     #
 
-    def _analyze(self):
+    def _analyze_for_decompiling(self):
         is_pcode_arch = ":" in self.project.arch.name
 
         # Set up the function graph according to configurations
@@ -335,6 +369,78 @@ class Clinic(Analysis):
         self.cc_graph = self.copy_graph()
         self.externs = self._collect_externs(ail_graph, variable_kb)
 
+    def _analyze_for_data_refs(self):
+        # Set up the function graph according to configurations
+        self._update_progress(0.0, text="Setting up function graph")
+        self._set_function_graph()
+
+        # Remove alignment blocks
+        self._update_progress(5.0, text="Removing alignment blocks")
+        self._remove_alignment_blocks()
+
+        # if the graph is empty, don't continue
+        if not self._func_graph:
+            return
+
+        # initialize the AIL conversion manager
+        self._ail_manager = ailment.Manager(arch=self.project.arch)
+
+        # Track stack pointers
+        self._update_progress(15.0, text="Tracking stack pointers")
+        spt = self._track_stack_pointers()
+
+        # Convert VEX blocks to AIL blocks and then simplify them
+
+        self._update_progress(20.0, text="Converting VEX to AIL")
+        self._convert_all()
+
+        ail_graph = self._make_ailgraph()
+        self._remove_redundant_jump_blocks(ail_graph)
+
+        # full-function constant-only propagation
+        self._update_progress(33.0, text="Constant propagation")
+        self._simplify_function(
+            ail_graph,
+            remove_dead_memdefs=False,
+            unify_variables=False,
+            narrow_expressions=False,
+            only_consts=True,
+            fold_callexprs_into_conditions=self._fold_callexprs_into_conditions,
+            max_iterations=1,
+        )
+
+        # cached block-level reaching definition analysis results and propagator results
+        block_simplification_cache: Optional[Dict[ailment.Block, NamedTuple]] = {}
+
+        # Simplify blocks
+        # we never remove dead memory definitions before making callsites. otherwise stack arguments may go missing
+        # before they are recognized as stack arguments.
+        self._update_progress(35.0, text="Simplifying blocks 1")
+        ail_graph = self._simplify_blocks(
+            ail_graph, stack_pointer_tracker=spt, remove_dead_memdefs=False, cache=block_simplification_cache
+        )
+
+        # Simplify the entire function for the first time
+        self._update_progress(45.0, text="Simplifying function 1")
+        self._simplify_function(
+            ail_graph,
+            remove_dead_memdefs=False,
+            unify_variables=False,
+            narrow_expressions=False,
+            fold_callexprs_into_conditions=False,
+        )
+
+        # clear _blocks_by_addr_and_size so no one can use it again
+        # TODO: Totally remove this dict
+        self._blocks_by_addr_and_size = None
+
+        self.graph = ail_graph
+        self.arg_list = None
+        self.variable_kb = None
+        self.cc_graph = None
+        self.externs = None
+        self.data_refs: Dict[int, List[DataRefDesc]] = self._collect_data_refs(ail_graph)
+
     def copy_graph(self) -> networkx.DiGraph:
         """
         Copy AIL Graph.
@@ -1521,7 +1627,7 @@ class Clinic(Analysis):
 
         def handle_expr(
             expr_idx: int,
-            expr: ailment.expression.Load,
+            expr: ailment.expression.Expression,
             stmt_idx: int,
             stmt: ailment.statement.Statement,
             block: Optional[ailment.Block],
@@ -1546,6 +1652,100 @@ class Clinic(Analysis):
         AILGraphWalker(ail_graph, walker.walk).walk()
         return variables
 
+    @staticmethod
+    def _collect_data_refs(ail_graph) -> Dict[int, List[DataRefDesc]]:
+        # pylint:disable=unused-argument
+        walker = ailment.AILBlockWalker()
+        data_refs: Dict[int, List[DataRefDesc]] = defaultdict(list)
+
+        def handle_Const(
+            expr_idx: int,
+            expr: ailment.expression.Const,
+            stmt_idx: int,
+            stmt: ailment.statement.Statement,
+            block: Optional[ailment.Block],
+        ):
+            if isinstance(expr.value, int) and hasattr(expr, "ins_addr"):
+                data_refs[block.addr].append(
+                    DataRefDesc(expr.value, 1, block.addr, stmt_idx, expr.ins_addr, MemoryDataSort.Unknown)
+                )
+            if hasattr(expr, "deref_src_addr"):
+                data_refs[block.addr].append(
+                    DataRefDesc(
+                        expr.deref_src_addr, expr.size, block.addr, stmt_idx, expr.ins_addr, MemoryDataSort.Unknown
+                    )
+                )
+
+        def handle_Load(
+            expr_idx: int,
+            expr: ailment.expression.Load,
+            stmt_idx: int,
+            stmt: ailment.statement.Statement,
+            block: Optional[ailment.Block],
+        ):
+            if isinstance(expr.addr, ailment.expression.Const):
+                addr = expr.addr
+                if isinstance(addr.value, int) and hasattr(addr, "ins_addr"):
+                    data_refs[block.addr].append(
+                        DataRefDesc(
+                            addr.value,
+                            expr.size,
+                            block.addr,
+                            stmt_idx,
+                            addr.ins_addr,
+                            MemoryDataSort.Integer if expr.size == 4 else MemoryDataSort.Unknown,
+                        )
+                    )
+                if hasattr(addr, "deref_src_addr"):
+                    data_refs[block.addr].append(
+                        DataRefDesc(
+                            addr.deref_src_addr,
+                            expr.size,
+                            block.addr,
+                            stmt_idx,
+                            addr.ins_addr,
+                            MemoryDataSort.Integer if expr.size == 4 else MemoryDataSort.Unknown,
+                        )
+                    )
+                return None
+
+            return ailment.AILBlockWalker._handle_Load(walker, expr_idx, expr, stmt_idx, stmt, block)
+
+        def handle_Store(stmt_idx: int, stmt: ailment.statement.Store, block: Optional[ailment.Block]):
+            if isinstance(stmt.addr, ailment.expression.Const):
+                addr = stmt.addr
+                if isinstance(addr.value, int) and hasattr(addr, "ins_addr"):
+                    data_refs[block.addr].append(
+                        DataRefDesc(
+                            addr.value,
+                            stmt.size,
+                            block.addr,
+                            stmt_idx,
+                            addr.ins_addr,
+                            MemoryDataSort.Integer if stmt.size == 4 else MemoryDataSort.Unknown,
+                        )
+                    )
+                if hasattr(addr, "deref_src_addr"):
+                    data_refs[block.addr].append(
+                        DataRefDesc(
+                            addr.deref_src_addr,
+                            stmt.size,
+                            block.addr,
+                            stmt_idx,
+                            addr.ins_addr,
+                            MemoryDataSort.Integer if stmt.size == 4 else MemoryDataSort.Unknown,
+                        )
+                    )
+                return None
+
+            return ailment.AILBlockWalker._handle_Store(walker, stmt_idx, stmt, block)
+
+        walker.stmt_handlers[ailment.statement.Store] = handle_Store
+        walker.expr_handlers[ailment.expression.Load] = handle_Load
+        walker.expr_handlers[ailment.expression.Const] = handle_Const
+        AILGraphWalker(ail_graph, walker.walk).walk()
+        return data_refs
+
     def _next_atom(self) -> int:
         return self._ail_manager.next_atom()
 

angr/analyses/decompiler/condition_processor.py

@@ -3,10 +3,11 @@ from typing import Generator, Dict, Any, Optional, Set, List
 import operator
 import logging
 
+import ailment
+import claripy
 import networkx
+from unique_log_filter import UniqueLogFilter
 
-import claripy
-import ailment
 
 from angr.utils.graph import GraphUtils
 from ...utils.lazy_import import lazy_import
@@ -39,6 +40,7 @@ else:
 
 
 l = logging.getLogger(__name__)
+l.addFilter(UniqueLogFilter())
 
 
 _UNIFIABLE_COMPARISONS = {
@@ -111,6 +113,10 @@ _ail2claripy_op_mapping = {
     "Reinterpret": lambda expr, _, m: _dummy_bvs(expr, m),
     "Rol": lambda expr, _, m: _dummy_bvs(expr, m),
     "Ror": lambda expr, _, m: _dummy_bvs(expr, m),
+    "LogicalXor": lambda expr, _, m: _dummy_bvs(expr, m),
+    "Carry": lambda expr, _, m: _dummy_bvs(expr, m),
+    "SCarry": lambda expr, _, m: _dummy_bvs(expr, m),
+    "SBorrow": lambda expr, _, m: _dummy_bvs(expr, m),
 }
 
 #

angr/analyses/decompiler/decompilation_options.py

@@ -176,6 +176,16 @@ options = [
         default_value=True,
         clears_cache=True,
     ),
+    O(
+        "Show disambiguated names",
+        "Disambiguate function names when they conflict with variables and other functions",
+        bool,
+        "codegen",
+        "show_disambiguated_name",
+        category="Display",
+        default_value=True,
+        clears_cache=True,
+    ),
     O(
         "Structuring algorithm",
         "Select a structuring algorithm. Currently supports Dream and Phoenix.",

angr/analyses/decompiler/decompiler.py

@@ -3,6 +3,7 @@ import logging
 from collections import defaultdict
 from typing import List, Tuple, Optional, Iterable, Union, Type, Set, Dict, Any, TYPE_CHECKING
 
+import networkx
 from cle import SymbolType
 import ailment
 
@@ -195,15 +196,12 @@ class Decompiler(Analysis):
             ite_exprs=ite_exprs,
         )
 
-        # recover regions
-        ri = self.project.analyses[RegionIdentifier].prep(kb=self.kb)(
-            self.func,
-            graph=clinic.graph,
-            cond_proc=cond_proc,
-            force_loop_single_exit=self._force_loop_single_exit,
-            complete_successors=self._complete_successors,
-            **self.options_to_params(self.options_by_class["region_identifier"]),
+        # recover regions, delay updating when we have optimizations that may update regions themselves
+        delay_graph_updates = any(
+            pass_.STAGE == OptimizationPassStage.DURING_REGION_IDENTIFICATION for pass_ in self._optimization_passes
         )
+        ri = self._recover_regions(clinic.graph, cond_proc, update_graph=not delay_graph_updates)
+
         # run optimizations that may require re-RegionIdentification
         clinic.graph, ri = self._run_region_simplification_passes(
             clinic.graph,
@@ -265,6 +263,17 @@ class Decompiler(Analysis):
         self.cache.codegen = codegen
         self.cache.clinic = self.clinic
 
+    def _recover_regions(self, graph: networkx.DiGraph, condition_processor, update_graph: bool = True):
+        return self.project.analyses[RegionIdentifier].prep(kb=self.kb)(
+            self.func,
+            graph=graph,
+            cond_proc=condition_processor,
+            update_graph=update_graph,
+            force_loop_single_exit=self._force_loop_single_exit,
+            complete_successors=self._complete_successors,
+            **self.options_to_params(self.options_by_class["region_identifier"]),
+        )
+
     @timethis
     def _run_graph_simplification_passes(self, ail_graph, reaching_definitions, **kwargs):
         """
@@ -364,16 +373,9 @@ class Decompiler(Analysis):
 
                 cond_proc = ConditionProcessor(self.project.arch)
                 # always update RI on graph change
-                ri = self.project.analyses[RegionIdentifier].prep(kb=self.kb)(
-                    self.func,
-                    graph=ail_graph,
-                    cond_proc=cond_proc,
-                    force_loop_single_exit=self._force_loop_single_exit,
-                    complete_successors=self._complete_successors,
-                    **self.options_to_params(self.options_by_class["region_identifier"]),
-                )
+                ri = self._recover_regions(ail_graph, cond_proc, update_graph=False)
 
-        return ail_graph, ri
+        return ail_graph, self._recover_regions(ail_graph, ConditionProcessor(self.project.arch), update_graph=True)
 
     @timethis
     def _run_post_structuring_simplification_passes(self, seq_node, **kwargs):

angr/analyses/decompiler/goto_manager.py

@@ -1,5 +1,4 @@
 from typing import Set
-from collections import defaultdict
 
 import ailment
 
@@ -10,32 +9,28 @@ class Goto:
     will differ).
     """
 
-    def __init__(self, block_addr=None, ins_addr=None, target_addr=None):
-        """
-        :param block_addr:  The block address this goto is contained in
-        :param ins_addr:    The instruction address this goto is at
-        :param target_addr: The target this goto will jump to
-        """
-        self.block_addr = block_addr
-        self.ins_addr = ins_addr
-        self.target_addr = target_addr
+    def __init__(self, src_addr, dst_addr, src_idx=None, dst_idx=None, src_ins_addr=None):
+        self.src_addr = src_addr
+        self.dst_addr = dst_addr
+        self.src_idx = src_idx
+        self.dst_idx = dst_idx
+        self.src_ins_addr = src_ins_addr
 
     def __hash__(self):
-        return hash(f"{self.block_addr}{self.ins_addr}{self.target_addr}")
+        return hash(f"{self.src_addr}{self.dst_addr}{self.src_idx}{self.dst_idx}")
 
     def __str__(self):
-        if not self.addr or not self.target_addr:
+        if self.src_addr is None or self.dst_addr is None:
             return f"<Goto {self.__hash__()}>"
 
-        return f"<Goto: [{hex(self.addr)}] -> {hex(self.target_addr)}>"
+        src_idx_str = "" if self.src_idx is None else f".{self.src_idx}"
+        dst_idx_str = "" if self.dst_idx is None else f".{self.dst_idx}"
+        src_ins_addr_str = "" if self.src_ins_addr is None else f"{hex(self.src_ins_addr)}"
+        return f"<Goto: [{hex(self.src_addr)}@{src_ins_addr_str}{src_idx_str}] -> {hex(self.dst_addr)}{dst_idx_str}>"
 
     def __repr__(self):
         return self.__str__()
 
-    @property
-    def addr(self):
-        return self.block_addr or self.ins_addr
-
 
 class GotoManager:
     """
@@ -55,38 +50,26 @@ class GotoManager:
     def __repr__(self):
         return self.__str__()
 
-    def gotos_by_addr(self, force_refresh=False):
-        """
-        Returns a dictionary of gotos by addresses. This set can CONTAIN DUPLICATES, so don't trust
-        this for a valid number of gotos. If you need the real number of gotos, just get the size of
-        self.gotos. This set should mostly be used when checking if a block contains a goto, since recording
-        can be recorded on null-addr blocks.
-
-        :param force_refresh: Don't use the cached self._gotos_by_addr
-        :return:
-        """
-
-        if not force_refresh and self._gotos_by_addr:
-            return self._gotos_by_addr
-
-        self._gotos_by_addr = defaultdict(set)
-        for goto in self.gotos:
-            if goto.block_addr is not None:
-                self._gotos_by_addr[goto.block_addr].add(goto)
-
-            if goto.ins_addr is not None:
-                self._gotos_by_addr[goto.ins_addr].add(goto)
-
-        return self._gotos_by_addr
-
     def gotos_in_block(self, block: ailment.Block) -> Set[Goto]:
-        gotos_by_addr = self.gotos_by_addr()
-        gotos = set()
-        if block.addr in gotos_by_addr:
-            gotos.update(gotos_by_addr[block.addr])
-
-        for stmt in block.statements:
-            if stmt.ins_addr in gotos_by_addr:
-                gotos.update(gotos_by_addr[stmt.ins_addr])
-
-        return gotos
+        gotos_found = set()
+        for goto in self.gotos:
+            if goto.src_addr == block.addr:
+                gotos_found.add(goto)
+            else:
+                block_addrs = {stmt.ins_addr for stmt in block.statements if "ins_addr" in stmt.tags}
+                if goto.src_ins_addr in block_addrs:
+                    gotos_found.add(goto)
+
+        return gotos_found
+
+    def is_goto_edge(self, src: ailment.Block, dst: ailment.Block):
+        src_gotos = self.gotos_in_block(src)
+        for goto in src_gotos:
+            if goto.dst_addr == dst.addr:
+                return True
+            else:
+                block_addrs = {stmt.ins_addr for stmt in dst.statements if "ins_addr" in stmt.tags}
+                if goto.dst_addr in block_addrs:
+                    return True
+
+        return False

angr/analyses/decompiler/optimization_passes/__init__.py

@@ -13,7 +13,7 @@ from .lowered_switch_simplifier import LoweredSwitchSimplifier
 from .multi_simplifier import MultiSimplifier
 from .div_simplifier import DivSimplifier
 from .mod_simplifier import ModSimplifier
-from .eager_returns import EagerReturnsSimplifier
+from .return_duplicator import ReturnDuplicator
 from .const_derefs import ConstantDereferencesSimplifier
 from .register_save_area_simplifier import RegisterSaveAreaSimplifier
 from .ret_addr_save_simplifier import RetAddrSaveSimplifier
@@ -22,7 +22,7 @@ from .flip_boolean_cmp import FlipBooleanCmp
 from .ret_deduplicator import ReturnDeduplicator
 from .win_stack_canary_simplifier import WinStackCanarySimplifier
 
-
+# order matters!
 _all_optimization_passes = [
     (RegisterSaveAreaSimplifier, True),
     (StackCanarySimplifier, True),
@@ -35,11 +35,11 @@ _all_optimization_passes = [
     (RetAddrSaveSimplifier, True),
     (X86GccGetPcSimplifier, True),
     (ITERegionConverter, True),
-    (ReturnDeduplicator, True),
-    (LoweredSwitchSimplifier, False),
-    (EagerReturnsSimplifier, True),
     (ITEExprConverter, True),
     (ExprOpSwapper, True),
+    (ReturnDuplicator, True),
+    (LoweredSwitchSimplifier, False),
+    (ReturnDeduplicator, True),
     (FlipBooleanCmp, True),
 ]
 

angr/analyses/decompiler/optimization_passes/div_simplifier.py

@@ -3,11 +3,13 @@ import logging
 import math
 
 from ailment import Expr
+from unique_log_filter import UniqueLogFilter
 
 from .engine_base import SimplifierAILEngine, SimplifierAILState
 from .optimization_pass import OptimizationPass, OptimizationPassStage
 
 _l = logging.getLogger(name=__name__)
+_l.addFilter(UniqueLogFilter())
 
 
 class DivSimplifierAILEngine(SimplifierAILEngine):