angr 9.2.92__py3-none-manylinux2014_x86_64.whl → 9.2.94__py3-none-manylinux2014_x86_64.whl

angr/analyses/decompiler/block_io_finder.py

@@ -0,0 +1,293 @@
+from collections import defaultdict
+from typing import Any, Optional, Union, List
+
+from ailment import Block
+from ailment.statement import Call, Statement, ConditionalJump, Assignment, Store, Return, Jump
+from ailment.expression import (
+    Load,
+    Expression,
+    BinaryOp,
+    UnaryOp,
+    Convert,
+    ITE,
+    Tmp,
+    Const,
+    StackBaseOffset,
+)
+from ailment.block_walker import AILBlockWalkerBase
+
+
+from angr.knowledge_plugins.key_definitions.atoms import MemoryLocation, Register, SpOffset, ConstantSrc
+
+
+class BlockIOFinder(AILBlockWalkerBase):
+    """
+    Finds the input and output locations of each statement in an AIL block.
+    I/O locations can be a Register, MemoryLocation, or SpOffset (wrapped in a Memory Location).
+    """
+
+    def __init__(self, ail_obj: Union[Block, List[Statement]], project, as_atom=True):
+        super().__init__()
+        self.expr_handlers[StackBaseOffset] = self._handle_StackBaseOffset
+        self._as_atom = as_atom
+        self._project = project
+
+        self.inputs_by_stmt = defaultdict(set)
+        self.outputs_by_stmt = defaultdict(set)
+        self.derefed_at = defaultdict(set)
+
+        block = Block(0, len(ail_obj), statements=ail_obj) if isinstance(ail_obj, list) else ail_obj
+        self.walk(block)
+
+    @staticmethod
+    def _add_or_update_dict(d, k, v):
+        if isinstance(v, set):
+            d[k].update(v)
+        else:
+            d[k].add(v)
+
+    @staticmethod
+    def _add_or_update_set(s, v):
+        if isinstance(v, set):
+            s.update(v)
+        else:
+            s.add(v)
+
+    #
+    # I/O helpers
+    #
+
+    @staticmethod
+    def _is_dangerous_memory(loc):
+        """
+        Assume any memory location that is NOT on the stack is a dangerous memory location.
+        """
+        return isinstance(loc, MemoryLocation) and not loc.is_on_stack
+
+    def _has_dangerous_deref(self, stmt_idx):
+        derefs = self.derefed_at.get(stmt_idx, set())
+        return any(self._is_dangerous_memory(d) for d in derefs)
+
+    def _input_defined_by_other_stmt(self, target_idx, other_idx):
+        target_inputs = self.inputs_by_stmt[target_idx]
+        # any memory location, not on stack, is not movable
+        if any(self._is_dangerous_memory(i) for i in target_inputs):
+            return True
+
+        other_outputs = self.outputs_by_stmt[other_idx]
+        return target_inputs.intersection(other_outputs)
+
+    def _output_used_by_other_stmt(self, target_idx, other_idx):
+        target_output = self.outputs_by_stmt[target_idx]
+        # any memory location, not on stack, is not movable
+        if any(self._is_dangerous_memory(o) for o in target_output):
+            return True
+
+        other_input = self.inputs_by_stmt[other_idx]
+        return target_output.intersection(other_input)
+
+    def can_swap(self, stmt, ail_obj: Union[Block, List[Statement]], offset: int):
+        all_stmts = (ail_obj.statements or []) if isinstance(ail_obj, Block) else ail_obj
+        if stmt not in all_stmts:
+            raise RuntimeError("Statement not in block, and we can't compute moving a stmt to a new block!")
+
+        curr_idx = all_stmts.index(stmt)
+        new_idx = curr_idx + offset
+        if (
+            # movement must be within bounds
+            (new_idx < 0 or new_idx >= len(all_stmts))
+            or
+            # you can never move jumps
+            isinstance(stmt, (ConditionalJump, Jump))
+            or
+            # we can't handle memory locations
+            self._has_dangerous_deref(curr_idx)
+            or self._has_dangerous_deref(new_idx)
+        ):
+            return False
+
+        # equivalent to swapping "down"
+        if offset == 1:
+            if self._output_used_by_other_stmt(curr_idx, new_idx):
+                return False
+        # equivalent to swapping "up"
+        elif offset == -1:
+            if self._input_defined_by_other_stmt(curr_idx, new_idx):
+                return False
+        else:
+            raise RuntimeError("Offset must be -1 or 1")
+
+        return True
+
+    #
+    # Statements (all with side effects)
+    #
+
+    def _handle_Assignment(self, stmt_idx: int, stmt: Assignment, block: Optional[Block]):
+        output_loc = self._handle_expr(0, stmt.dst, stmt_idx, stmt, block)
+        self._add_or_update_dict(self.outputs_by_stmt, stmt_idx, output_loc)
+
+        input_loc = self._handle_expr(1, stmt.src, stmt_idx, stmt, block)
+        self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, input_loc)
+
+    def _handle_Call(self, stmt_idx: int, stmt: Call, block: Optional[Block]):
+        if stmt.args:
+            for i, arg in enumerate(stmt.args):
+                input_loc = self._handle_expr(i, arg, stmt_idx, stmt, block)
+                self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, input_loc)
+
+        out_loc = self._handle_expr(0, stmt.ret_expr, stmt_idx, stmt, block)
+        self._add_or_update_dict(self.outputs_by_stmt, stmt_idx, out_loc)
+
+    def _handle_Store(self, stmt_idx: int, stmt: Store, block: Optional[Block]):
+        out_loc = self._handle_expr(0, stmt.addr, stmt_idx, stmt, block, is_memory=True)
+        self._add_or_update_dict(self.outputs_by_stmt, stmt_idx, out_loc)
+
+        input_loc = self._handle_expr(1, stmt.data, stmt_idx, stmt, block)
+        self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, input_loc)
+
+    def _handle_ConditionalJump(self, stmt_idx: int, stmt: ConditionalJump, block: Optional[Block]):
+        input1 = self._handle_expr(0, stmt.condition, stmt_idx, stmt, block)
+        input2 = self._handle_expr(1, stmt.true_target, stmt_idx, stmt, block)
+        input3 = self._handle_expr(2, stmt.false_target, stmt_idx, stmt, block)
+        self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, input1)
+        self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, input2)
+        self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, input3)
+
+    def _handle_Return(self, stmt_idx: int, stmt: Return, block: Optional[Block]):
+        if stmt.ret_exprs:
+            for i, ret_expr in enumerate(stmt.ret_exprs):
+                loc = self._handle_expr(i, ret_expr, stmt_idx, stmt, block)
+                self._add_or_update_dict(self.inputs_by_stmt, stmt_idx, loc)
+                self._add_or_update_dict(self.outputs_by_stmt, stmt_idx, loc)
+
+    #
+    # Expressions
+    #
+
+    def _handle_expr(
+        self,
+        expr_idx: int,
+        expr: Expression,
+        stmt_idx: int,
+        stmt: Optional[Statement],
+        block: Optional[Block],
+        is_memory=False,
+    ) -> Any:
+        try:
+            handler = self.expr_handlers[type(expr)]
+        except KeyError:
+            handler = None
+
+        if handler:
+            return handler(expr_idx, expr, stmt_idx, stmt, block, is_memory=is_memory)
+        return None
+
+    # pylint: disable=unused-argument
+    def _handle_Load(
+        self, expr_idx: int, expr: Load, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=True
+    ):
+        load_loc = self._handle_expr(0, expr.addr, stmt_idx, stmt, block, is_memory=True)
+        self._add_or_update_dict(self.derefed_at, stmt_idx, load_loc)
+        return load_loc
+
+    def _handle_CallExpr(
+        self, expr_idx: int, expr: Call, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        args = set()
+        if expr.args:
+            for i, arg in enumerate(expr.args):
+                self._add_or_update_set(args, self._handle_expr(i, arg, stmt_idx, stmt, block, is_memory=is_memory))
+
+        return args
+
+    def _handle_BinaryOp(
+        self, expr_idx: int, expr: BinaryOp, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        input_locs = set()
+        self._add_or_update_set(
+            input_locs, self._handle_expr(0, expr.operands[0], stmt_idx, stmt, block, is_memory=is_memory)
+        )
+        self._add_or_update_set(
+            input_locs, self._handle_expr(1, expr.operands[1], stmt_idx, stmt, block, is_memory=is_memory)
+        )
+
+        return input_locs
+
+    def _handle_UnaryOp(
+        self, expr_idx: int, expr: UnaryOp, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        return self._handle_expr(0, expr.operand, stmt_idx, stmt, block, is_memory=is_memory)
+
+    def _handle_Convert(
+        self, expr_idx: int, expr: Convert, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        return self._handle_expr(expr_idx, expr.operand, stmt_idx, stmt, block, is_memory=is_memory)
+
+    def _handle_ITE(
+        self, expr_idx: int, expr: ITE, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        input_locs = set()
+        self._add_or_update_set(
+            input_locs,
+            self._handle_expr(0, expr.cond, stmt_idx, stmt, block, is_memory=is_memory),
+        )
+        self._add_or_update_set(
+            input_locs,
+            self._handle_expr(1, expr.iftrue, stmt_idx, stmt, block, is_memory=is_memory),
+        )
+        self._add_or_update_set(
+            input_locs,
+            self._handle_expr(2, expr.iffalse, stmt_idx, stmt, block, is_memory=is_memory),
+        )
+
+        return input_locs
+
+    #
+    # Base locations
+    #
+
+    # pylint: disable=unused-argument
+    def _handle_Tmp(
+        self, expr_idx: int, expr: Tmp, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        if self._as_atom:
+            return None
+        else:
+            return expr
+
+    # pylint: disable=unused-argument
+    def _handle_Register(
+        self, expr_idx: int, expr: Register, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        if self._as_atom:
+            return Register(expr.reg_offset, expr.size)
+        else:
+            return expr
+
+    def _handle_Const(
+        self, expr_idx: int, expr: Const, stmt_idx: int, stmt: Statement, block: Optional[Block], is_memory=False
+    ):
+        if self._as_atom:
+            return MemoryLocation(expr.value, expr.size) if is_memory else ConstantSrc(expr.value, expr.size)
+
+        return (
+            expr,
+            is_memory,
+        )
+
+    # pylint: disable=unused-argument
+    def _handle_StackBaseOffset(
+        self,
+        expr_idx: int,
+        expr: StackBaseOffset,
+        stmt_idx: int,
+        stmt: Statement,
+        block: Optional[Block],
+        is_memory=False,
+    ):
+        if self._as_atom:
+            return MemoryLocation(
+                SpOffset(self._project.arch.bits, expr.offset), expr.size * self._project.arch.byte_width
+            )
+        return expr

angr/analyses/decompiler/block_similarity.py

@@ -0,0 +1,190 @@
+from typing import Union, Optional, List, Tuple
+
+import networkx as nx
+from ailment.block import Block
+from ailment.statement import Statement, ConditionalJump
+
+from .utils import find_block_by_addr
+
+
+def has_similar_stmt(blk1: Block, blk2: Block):
+    """
+    Returns True if blk1 has a statement that is similar to a statement in blk2, False otherwise.
+    """
+    for stmt1 in blk1.statements:
+        for stmt2 in blk2.statements:
+            if is_similar(stmt1, stmt2):
+                return True
+    return False
+
+
+def is_similar(
+    ail_obj1: Union[Block, Statement], ail_obj2: Union[Block, Statement], graph: nx.DiGraph = None, partial: bool = True
+):
+    """
+    Returns True if the two AIL objects are similar, False otherwise.
+    """
+    if type(ail_obj1) is not type(ail_obj2):
+        return False
+
+    if ail_obj1 is ail_obj2:
+        return True
+
+    # AIL Blocks
+    if isinstance(ail_obj1, Block):
+        if len(ail_obj1.statements) != len(ail_obj2.statements):
+            return False
+
+        for stmt1, stmt2 in zip(ail_obj1.statements, ail_obj2.statements):
+            if not is_similar(stmt1, stmt2, graph=graph):
+                return False
+        return True
+
+    # AIL Statements
+    elif isinstance(ail_obj1, Statement):
+        # if all(barr in [0x404530, 0x404573] for barr in [ail_obj1.ins_addr, ail_obj2.ins_addr]):
+        #    do a breakpoint
+
+        # ConditionalJump Handler
+        if isinstance(ail_obj1, ConditionalJump):
+            # try a simple compare
+            liked = ail_obj1.likes(ail_obj2)
+            if liked or not graph:
+                return liked
+
+            # even in partial matching, the condition must at least match
+            if not ail_obj1.condition.likes(ail_obj2.condition):
+                return False
+
+            # must use graph to know
+            for attr in ["true_target", "false_target"]:
+                t1, t2 = getattr(ail_obj1, attr).value, getattr(ail_obj2, attr).value
+                try:
+                    t1_blk, t2_blk = find_block_by_addr(graph, t1), find_block_by_addr(graph, t2)
+                except KeyError:
+                    return False
+
+                # special checks for when a node is empty:
+                if not t1_blk.statements or not t2_blk.statements:
+                    # when both are empty, they are similar
+                    if len(t1_blk.statements) == len(t2_blk.statements):
+                        continue
+
+                    # TODO: implement a check for when one is empty and other is jump.
+                    #   this will require a recursive call into similar() to check if a jump and empty are equal
+                    return False
+
+                # skip full checks when partial checking is on
+                if partial and t1_blk.statements[0].likes(t2_blk.statements[0]):
+                    continue
+
+                if not is_similar(t1_blk, t2_blk, graph=graph):
+                    return False
+            return True
+
+        # Generic Statement Handler
+        else:
+            return ail_obj1.likes(ail_obj2)
+    else:
+        return False
+
+
+#
+# Knuth-Morris-Pratt Similarity Matching
+#
+
+
+def _kmp_search_ail_obj(search_pattern, stmt_seq, graph=None, partial=True):
+    """
+    Uses the Knuth-Morris-Pratt algorithm for searching.
+    Found: https://code.activestate.com/recipes/117214/.
+
+    Returns a generator of positions, which will be empty if its not found.
+    """
+    # allow indexing into pattern and protect against change during yield
+    search_pattern = list(search_pattern)
+
+    # build table of shift amounts
+    shifts = [1] * (len(search_pattern) + 1)
+    shift = 1
+    for pos, curr_pattern in enumerate(search_pattern):
+        while shift <= pos and not is_similar(curr_pattern, search_pattern[pos - shift], graph=graph, partial=partial):
+            shift += shifts[pos - shift]
+        shifts[pos + 1] = shift
+
+    # do the actual search
+    start_pos = 0
+    match_len = 0
+    for c in stmt_seq:
+        while (
+            match_len == len(search_pattern)
+            or match_len >= 0
+            and not is_similar(search_pattern[match_len], c, graph=graph, partial=partial)
+        ):
+            start_pos += shifts[match_len]
+            match_len -= shifts[match_len]
+        match_len += 1
+        if match_len == len(search_pattern):
+            yield start_pos
+
+
+def index_of_similar_stmts(search_stmts, other_stmts, graph=None, all_positions=False) -> Optional[int]:
+    """
+    Returns the index of the first occurrence of the search_stmts (a list of Statement) in other_stmts (a list of
+    Statement). If all_positions is True, returns a list of all positions.
+
+    @return: None or int (position start in other)
+    """
+    positions = list(_kmp_search_ail_obj(search_stmts, other_stmts, graph=graph))
+
+    if len(positions) == 0:
+        return None
+
+    return positions.pop() if not all_positions else positions
+
+
+def in_other(stmts, other, graph=None):
+    """
+    Returns True if the stmts (a list of Statement) is found as a subsequence in other
+
+    @return:
+    """
+
+    if index_of_similar_stmts(stmts, other, graph=graph) is not None:
+        return True
+
+    return False
+
+
+def longest_ail_subseq(
+    stmts_list: List[List[Statement]], graph=None
+) -> Tuple[Optional[List[Statement]], Optional[List[int]]]:
+    """
+    Given a list of List[Statement], it returns the longest List[Statement] that is a subsequence of all the lists.
+    The common List[Statement] most all be in the same order and adjacent to each other. If no common subsequence is
+    found, it returns None.
+
+    @param stmts_list:
+    @param graph:
+    @return: Tuple[List[Statement], List[int]], where the first element is the longest common subsequence, and the
+             second element is a list of integers indicating the index of the longest common subsequence in each
+             list of statements.
+    """
+
+    # find the longest sequence in all stmts
+    subseq = []
+    if len(stmts_list) <= 1:
+        return stmts_list[0], [0]
+
+    if len(stmts_list[0]) > 0:
+        for i in range(len(stmts_list[0])):
+            for j in range(len(stmts_list[0]) - i + 1):
+                if j > len(subseq) and all(
+                    in_other(stmts_list[0][i : i + j], stmts, graph=graph) for stmts in stmts_list
+                ):
+                    subseq = stmts_list[0][i : i + j]
+
+    if not subseq:
+        return None, [None] * len(stmts_list)
+
+    return subseq, [index_of_similar_stmts(subseq, stmts, graph=graph) for stmts in stmts_list]

angr/analyses/decompiler/callsite_maker.py

@@ -49,6 +49,11 @@ class CallSiteMaker(Analysis):
             self.result_block = self.block
             return
 
+        if isinstance(last_stmt.target, str):
+            # custom function calls
+            self.result_block = self.block
+            return
+
         cc = None
         prototype = None
         func = None

angr/analyses/decompiler/clinic.py

@@ -6,6 +6,7 @@ from dataclasses import dataclass
 from typing import Dict, List, Tuple, Set, Optional, Iterable, Union, Type, Any, NamedTuple, TYPE_CHECKING
 
 import networkx
+import capstone
 
 import ailment
 
@@ -262,6 +263,7 @@ class Clinic(Analysis):
         ail_graph = self._simplify_blocks(
             ail_graph, stack_pointer_tracker=spt, remove_dead_memdefs=False, cache=block_simplification_cache
         )
+        self._rewrite_alloca(ail_graph)
 
         # Run simplification passes
         self._update_progress(40.0, text="Running simplifications 1")
@@ -606,7 +608,12 @@ class Clinic(Analysis):
         regs = {self.project.arch.sp_offset}
         if hasattr(self.project.arch, "bp_offset") and self.project.arch.bp_offset is not None:
             regs.add(self.project.arch.bp_offset)
-        spt = self.project.analyses.StackPointerTracker(self.function, regs, track_memory=self._sp_tracker_track_memory)
+
+        regs |= self._find_regs_compared_against_sp(self._func_graph)
+
+        spt = self.project.analyses.StackPointerTracker(
+            self.function, regs, track_memory=self._sp_tracker_track_memory, cross_insn_opt=False
+        )
         if spt.inconsistent_for(self.project.arch.sp_offset):
             l.warning("Inconsistency found during stack pointer tracking. Decompilation results might be incorrect.")
         return spt
@@ -1201,6 +1208,7 @@ class Clinic(Analysis):
 
         if self._cache is not None:
             self._cache.type_constraints = vr.type_constraints
+            self._cache.func_typevar = vr.func_typevar
             self._cache.var_to_typevar = vr.var_to_typevars
 
         return tmp_kb
@@ -1877,5 +1885,99 @@ class Clinic(Analysis):
         AILGraphWalker(graph, handle_node, replace_nodes=True).walk()
         return graph
 
+    def _find_regs_compared_against_sp(self, func_graph):
+        # TODO: Implement this function for architectures beyond amd64
+        extra_regs = set()
+        if self.project.arch.name == "AMD64":
+            for node in func_graph.nodes:
+                block = self.project.factory.block(node.addr, size=node.size).capstone
+                for insn in block.insns:
+                    if insn.mnemonic == "cmp":
+                        capstone_reg_offset = None
+                        if (
+                            insn.operands[0].type == capstone.x86.X86_OP_REG
+                            and insn.operands[0].reg == capstone.x86.X86_REG_RSP
+                            and insn.operands[1].type == capstone.x86.X86_OP_REG
+                        ):
+                            capstone_reg_offset = insn.operands[1].reg
+                        elif (
+                            insn.operands[1].type == capstone.x86.X86_OP_REG
+                            and insn.operands[1].reg == capstone.x86.X86_REG_RSP
+                            and insn.operands[0].type == capstone.x86.X86_OP_REG
+                        ):
+                            capstone_reg_offset = insn.operands[0].reg
+
+                        if capstone_reg_offset is not None:
+                            reg_name = insn.reg_name(capstone_reg_offset)
+                            extra_regs.add(self.project.arch.registers[reg_name][0])
+
+        return extra_regs
+
+    def _rewrite_alloca(self, ail_graph):
+        # pylint:disable=too-many-boolean-expressions
+        alloca_node = None
+        sp_equal_to = None
+
+        for node in ail_graph:
+            if ail_graph.in_degree[node] == 2 and ail_graph.out_degree[node] == 2:
+                succs = ail_graph.successors(node)
+                if node in succs:
+                    # self loop!
+                    if len(node.statements) >= 6:
+                        stmt0 = node.statements[1]  # skip the LABEL statement
+                        stmt1 = node.statements[2]
+                        last_stmt = node.statements[-1]
+                        if (
+                            isinstance(stmt0, ailment.Stmt.Assignment)
+                            and isinstance(stmt0.dst, ailment.Expr.Register)
+                            and isinstance(stmt0.src, ailment.Expr.StackBaseOffset)
+                            and stmt0.src.offset == -0x1000
+                        ):
+                            if (
+                                isinstance(stmt1, ailment.Stmt.Store)
+                                and isinstance(stmt1.addr, ailment.Expr.StackBaseOffset)
+                                and stmt1.addr.offset == -0x1000
+                                and isinstance(stmt1.data, ailment.Expr.Load)
+                                and isinstance(stmt1.data.addr, ailment.Expr.StackBaseOffset)
+                                and stmt1.data.addr.offset == -0x1000
+                            ):
+                                if (
+                                    isinstance(last_stmt, ailment.Stmt.ConditionalJump)
+                                    and isinstance(last_stmt.condition, ailment.Expr.BinaryOp)
+                                    and last_stmt.condition.op == "CmpEQ"
+                                    and isinstance(last_stmt.condition.operands[0], ailment.Expr.StackBaseOffset)
+                                    and last_stmt.condition.operands[0].offset == -0x1000
+                                    and isinstance(last_stmt.condition.operands[1], ailment.Expr.Register)
+                                    and isinstance(last_stmt.false_target, ailment.Expr.Const)
+                                    and last_stmt.false_target.value == node.addr
+                                ):
+                                    # found it!
+                                    alloca_node = node
+                                    sp_equal_to = ailment.Expr.BinaryOp(
+                                        None,
+                                        "Sub",
+                                        [
+                                            ailment.Expr.Register(
+                                                None, None, self.project.arch.sp_offset, self.project.arch.bits
+                                            ),
+                                            last_stmt.condition.operands[1],
+                                        ],
+                                        False,
+                                    )
+                                    break
+
+        if alloca_node is not None:
+            stmt0 = alloca_node.statements[1]
+            statements = [ailment.Stmt.Call(stmt0.idx, "alloca", args=[sp_equal_to], **stmt0.tags)]
+            new_node = ailment.Block(alloca_node.addr, alloca_node.original_size, statements=statements)
+            # replace the node
+            preds = [pred for pred in ail_graph.predecessors(alloca_node) if pred is not alloca_node]
+            succs = [succ for succ in ail_graph.successors(alloca_node) if succ is not alloca_node]
+            ail_graph.remove_node(alloca_node)
+            for pred in preds:
+                ail_graph.add_edge(pred, new_node)
+            for succ in succs:
+                ail_graph.add_edge(new_node, succ)
+
 
 register_analysis(Clinic, "Clinic")

angr/analyses/decompiler/decompilation_cache.py

@@ -15,6 +15,7 @@ class DecompilationCache:
     __slots__ = (
         "addr",
         "type_constraints",
+        "func_typevar",
         "var_to_typevar",
         "codegen",
         "clinic",
@@ -25,6 +26,7 @@ class DecompilationCache:
     def __init__(self, addr):
         self.addr = addr
         self.type_constraints: Optional[Set] = None
+        self.func_typevar = None
         self.var_to_typevar: Optional[Dict] = None
         self.codegen: Optional[BaseStructuredCodeGenerator] = None
         self.clinic: Optional[Clinic] = None