angr 9.2.83__py3-none-win_amd64.whl → 9.2.85__py3-none-win_amd64.whl

angr/analyses/decompiler/optimization_passes/lowered_switch_simplifier.py

@@ -139,7 +139,7 @@ class LoweredSwitchSimplifier(OptimizationPass):
         "AMD64",
     ]
     PLATFORMS = ["linux", "windows"]
-    STAGE = OptimizationPassStage.BEFORE_REGION_IDENTIFICATION
+    STAGE = OptimizationPassStage.DURING_REGION_IDENTIFICATION
     NAME = "Convert lowered switch-cases (if-else) to switch-cases"
     DESCRIPTION = (
         "Convert lowered switch-cases (if-else) to switch-cases. Only works when the Phoenix structuring "

angr/analyses/decompiler/optimization_passes/mod_simplifier.py

@@ -1,11 +1,13 @@
 import logging
 
 from ailment import Expr
+from unique_log_filter import UniqueLogFilter
 
 from .engine_base import SimplifierAILEngine, SimplifierAILState
 from .optimization_pass import OptimizationPass, OptimizationPassStage
 
 _l = logging.getLogger(name=__name__)
+_l.addFilter(UniqueLogFilter())
 
 
 class ModSimplifierAILEngine(SimplifierAILEngine):

angr/analyses/decompiler/optimization_passes/multi_simplifier.py

@@ -1,11 +1,13 @@
 import logging
 
 from ailment import Expr
+from unique_log_filter import UniqueLogFilter
 
 from .engine_base import SimplifierAILEngine, SimplifierAILState
 from .optimization_pass import OptimizationPass, OptimizationPassStage
 
 _l = logging.getLogger(name=__name__)
+_l.addFilter(UniqueLogFilter())
 
 
 class MultiSimplifierAILEngine(SimplifierAILEngine):

angr/analyses/decompiler/optimization_passes/optimization_pass.py

@@ -3,9 +3,12 @@ from typing import Optional, Dict, Set, Tuple, Generator, TYPE_CHECKING
 from enum import Enum
 
 import networkx  # pylint:disable=unused-import
-
 import ailment
 
+from angr.analyses.decompiler import RegionIdentifier
+from angr.analyses.decompiler.goto_manager import GotoManager
+from angr.analyses.decompiler.structuring import RecursiveStructurer, PhoenixStructurer
+from angr.analyses.decompiler.utils import add_labels
 
 if TYPE_CHECKING:
     from angr.knowledge_plugins.functions import Function
@@ -17,8 +20,6 @@ class MultipleBlocksException(Exception):
     requested.
     """
 
-    pass
-
 
 class OptimizationPassStage(Enum):
     """
@@ -234,3 +235,130 @@ class SequenceOptimizationPass(BaseOptimizationPass):
         super().__init__(func)
         self.seq = seq
         self.out_seq = None
+
+
+class StructuringOptimizationPass(OptimizationPass):
+    """
+    The base class for any optimization pass that requires structuring. Optimization passes that inherit from this class
+    should directly depend on structuring artifacts, such as regions and gotos. Otherwise, they should use
+    OptimizationPass. This is the heaviest (computation time) optimization pass class.
+    """
+
+    ARCHES = None
+    PLATFORMS = None
+    STAGE = OptimizationPassStage.DURING_REGION_IDENTIFICATION
+
+    def __init__(
+        self, func, prevent_new_gotos=True, recover_structure_fails=True, max_opt_iters=1, simplify_ail=True, **kwargs
+    ):
+        super().__init__(func, **kwargs)
+        self._prevent_new_gotos = prevent_new_gotos
+        self._recover_structure_fails = recover_structure_fails
+        self._max_opt_iters = max_opt_iters
+        self._simplify_ail = simplify_ail
+
+        self._goto_manager: Optional[GotoManager] = None
+        self._prev_graph: Optional[networkx.DiGraph] = None
+
+    def _analyze(self, cache=None) -> bool:
+        raise NotImplementedError()
+
+    def analyze(self):
+        """
+        Wrapper for _analyze() that verifies the graph is structurable before and after the optimization.
+        """
+        if not self._graph_is_structurable(self._graph):
+            return
+
+        initial_gotos = self._goto_manager.gotos.copy()
+        # replace the normal check in OptimizationPass.analyze()
+        ret, cache = self._check()
+        if not ret:
+            return
+
+        # setup for the very first analysis
+        self.out_graph = networkx.DiGraph(self._graph)
+        if self._max_opt_iters > 1:
+            self._fixed_point_analyze(cache=cache)
+        else:
+            updates = self._analyze(cache=cache)
+            if not updates:
+                self.out_graph = None
+
+        # analysis is complete, no out_graph means it failed somewhere along the way
+        if self.out_graph is None:
+            return
+
+        if not self._graph_is_structurable(self.out_graph):
+            self.out_graph = None
+            return
+
+        # simplify the AIL graph
+        if self._simplify_ail:
+            # this should not (TM) change the structure of the graph but is needed for later optimizations
+            self.out_graph = self._simplify_ail_graph(self.out_graph)
+
+        if self._prevent_new_gotos and (len(self._goto_manager.gotos) > len(initial_gotos)):
+            self.out_graph = None
+            return
+
+    def _fixed_point_analyze(self, cache=None):
+        for _ in range(self._max_opt_iters):
+            # backup the graph before the optimization
+            if self._recover_structure_fails and self.out_graph is not None:
+                self._prev_graph = networkx.DiGraph(self.out_graph)
+
+            # run the optimization, output applied to self.out_graph
+            changes = self._analyze(cache=cache)
+            if not changes:
+                break
+
+            # check if the graph is structurable
+            if not self._graph_is_structurable(self.out_graph):
+                self.out_graph = self._prev_graph if self._recover_structure_fails else None
+                break
+
+    def _simplify_ail_graph(self, graph):
+        simp = self.project.analyses.AILSimplifier(
+            self._func,
+            func_graph=graph,
+            gp=self._func.info.get("gp", None) if self.project.arch.name in {"MIPS32", "MIPS64"} else None,
+        )
+        return simp.func_graph if simp.simplified else graph
+
+    def _graph_is_structurable(self, graph, readd_labels=False) -> bool:
+        """
+        Checks weather the input graph is structurable under the Phoenix schema-matching structuring algorithm.
+        As a side effect, this will also update the region identifier and goto manager of this optimization pass.
+        Consequently, a true return guarantees up-to-date goto information in the goto manager.
+        """
+        if readd_labels:
+            graph = add_labels(graph)
+
+        self._ri = self.project.analyses[RegionIdentifier].prep(kb=self.kb)(
+            self._func,
+            graph=graph,
+            # never update the graph in-place, we need to keep the original graph for later use
+            update_graph=False,
+            cond_proc=self._ri.cond_proc,
+            force_loop_single_exit=False,
+            complete_successors=True,
+        )
+        if self._ri is None:
+            return False
+
+        rs = self.project.analyses[RecursiveStructurer].prep(kb=self.kb)(
+            self._ri.region,
+            cond_proc=self._ri.cond_proc,
+            func=self._func,
+            structurer_cls=PhoenixStructurer,
+        )
+        if not rs or not rs.result or not rs.result.nodes:
+            return False
+
+        rs = self.project.analyses.RegionSimplifier(self._func, rs.result, kb=self.kb, variable_kb=self._variable_kb)
+        if not rs or rs.goto_manager is None:
+            return False
+
+        self._goto_manager = rs.goto_manager
+        return True

angr/analyses/decompiler/optimization_passes/ret_deduplicator.py

@@ -6,7 +6,7 @@ from ailment import Block
 from ailment.statement import ConditionalJump, Return
 
 from ....utils.graph import subgraph_between_nodes
-from ..utils import remove_labels, to_ail_supergraph
+from ..utils import remove_labels, to_ail_supergraph, update_labels
 from .optimization_pass import OptimizationPass, OptimizationPassStage
 
 
@@ -26,7 +26,7 @@ class ReturnDeduplicator(OptimizationPass):
 
     ARCHES = ["X86", "AMD64", "ARMEL", "ARMHF", "ARMCortexM", "MIPS32", "MIPS64"]
     PLATFORMS = ["windows", "linux", "cgc"]
-    STAGE = OptimizationPassStage.AFTER_GLOBAL_SIMPLIFICATION
+    STAGE = OptimizationPassStage.DURING_REGION_IDENTIFICATION
     NAME = "Deduplicates return statements that may have been duplicated"
     DESCRIPTION = __doc__.strip()
 
@@ -44,7 +44,7 @@ class ReturnDeduplicator(OptimizationPass):
             graph_updated |= self._fix_if_ret_region(region_head, true_child, false_child, super_true, super_false)
 
         if graph_updated:
-            self.out_graph = self._graph
+            self.out_graph = update_labels(self._graph)
 
     def _fix_if_ret_region(self, region_head, true_child, false_child, super_true, super_false):
         """