angr 9.2.96__py3-none-manylinux2014_x86_64.whl → 9.2.97__py3-none-manylinux2014_x86_64.whl

angr/knowledge_plugins/key_definitions/uses.py

@@ -21,10 +21,14 @@ class Uses:
         uses_by_location: Optional[DefaultChainMapCOW] = None,
     ):
         self._uses_by_definition: DefaultChainMapCOW["Definition", Set[Tuple[CodeLocation, Optional[Any]]]] = (
-            DefaultChainMapCOW(set, collapse_threshold=25) if uses_by_definition is None else uses_by_definition
+            DefaultChainMapCOW(default_factory=set, collapse_threshold=25)
+            if uses_by_definition is None
+            else uses_by_definition
         )
         self._uses_by_location: DefaultChainMapCOW[CodeLocation, Set[Tuple["Definition", Optional[Any]]]] = (
-            DefaultChainMapCOW(set, collapse_threshold=25) if uses_by_location is None else uses_by_location
+            DefaultChainMapCOW(default_factory=set, collapse_threshold=25)
+            if uses_by_location is None
+            else uses_by_location
         )
 
     def add_use(self, definition: "Definition", codeloc: CodeLocation, expr: Optional[Any] = None):
@@ -35,7 +39,9 @@ class Uses:
         :param codeloc:     The code location where the use occurs.
         :param expr:        The expression that uses the specified definition at this location.
         """
+        self._uses_by_definition = self._uses_by_definition.clean()
         self._uses_by_definition[definition].add((codeloc, expr))
+        self._uses_by_location = self._uses_by_location.clean()
         self._uses_by_location[codeloc].add((definition, expr))
 
     def get_uses(self, definition: "Definition") -> Set[CodeLocation]:
@@ -65,6 +71,7 @@ class Uses:
         """
         if definition in self._uses_by_definition:
             if codeloc in self._uses_by_definition[definition]:
+                self._uses_by_definition = self._uses_by_definition.clean()
                 if expr is None:
                     for codeloc_, expr_ in list(self._uses_by_definition[definition]):
                         if codeloc_ == codeloc:
@@ -73,6 +80,7 @@ class Uses:
                     self._uses_by_definition[definition].remove((codeloc, expr))
 
         if codeloc in self._uses_by_location:
+            self._uses_by_location = self._uses_by_location.clean()
             for item in list(self._uses_by_location[codeloc]):
                 if item[0] == definition:
                     self._uses_by_location[codeloc].remove(item)
@@ -85,9 +93,11 @@ class Uses:
         :return:            None
         """
         if definition in self._uses_by_definition:
+            self._uses_by_definition = self._uses_by_definition.clean()
             codeloc_and_ids = self._uses_by_definition[definition]
             del self._uses_by_definition[definition]
 
+            self._uses_by_location = self._uses_by_location.clean()
             for codeloc, _ in codeloc_and_ids:
                 for item in list(self._uses_by_location[codeloc]):
                     if item[0] == definition:
@@ -149,18 +159,22 @@ class Uses:
 
         for k, v in other._uses_by_definition.items():
             if k not in self._uses_by_definition:
+                self._uses_by_definition = self._uses_by_definition.clean()
                 self._uses_by_definition[k] = v
                 merge_occurred = True
             elif not v.issubset(self._uses_by_definition[k]):
                 merge_occurred = True
-                self._uses_by_definition[k] |= v
+                self._uses_by_definition = self._uses_by_definition.clean()
+                self._uses_by_definition[k] = self._uses_by_definition[k] | v
 
         for k, v in other._uses_by_location.items():
             if k not in self._uses_by_location:
+                self._uses_by_location = self._uses_by_location.clean()
                 self._uses_by_location[k] = v
                 merge_occurred = True
             elif not v.issubset(self._uses_by_location[k]):
                 merge_occurred = True
-                self._uses_by_location[k] |= v
+                self._uses_by_location = self._uses_by_location.clean()
+                self._uses_by_location[k] = self._uses_by_location[k] | v
 
         return merge_occurred

angr/knowledge_plugins/propagations/states.py

@@ -221,9 +221,10 @@ class PropagatorState:
                         merge_occurred = True
                     else:
                         if PropagatorState.is_top(repl) or PropagatorState.is_top(replacements_0[loc][var]):
-                            t = PropagatorState.top(_get_repl_size(repl))
-                            replacements_0[loc][var] = t
-                            merge_occurred = True
+                            if not PropagatorState.is_top(replacements_0[loc][var]):
+                                t = PropagatorState.top(_get_repl_size(repl))
+                                replacements_0[loc][var] = t
+                                merge_occurred = True
                         elif (
                             isinstance(replacements_0[loc][var], claripy.ast.Base) or isinstance(repl, claripy.ast.Base)
                         ) and replacements_0[loc][var] is not repl:
@@ -316,6 +317,12 @@ class RegisterAnnotation(claripy.Annotation):
     def relocatable(self) -> bool:
         return True
 
+    def __hash__(self):
+        return hash((RegisterAnnotation, self.offset, self.size))
+
+    def __eq__(self, other):
+        return type(other) is RegisterAnnotation and self.offset == other.offset and self.size == other.size
+
 
 class RegisterComparisonAnnotation(claripy.Annotation):
     """
@@ -336,6 +343,18 @@ class RegisterComparisonAnnotation(claripy.Annotation):
     def relocatable(self) -> bool:
         return True
 
+    def __hash__(self):
+        return hash((RegisterComparisonAnnotation, self.offset, self.size, self.cmp_op, self.value))
+
+    def __eq__(self, other):
+        return (
+            type(other) is RegisterAnnotation
+            and self.offset == other.offset
+            and self.size == other.size
+            and self.cmp_op == other.cmp_op
+            and self.value == other.value
+        )
+
 
 class PropagatorVEXState(PropagatorState):
     """

angr/knowledge_plugins/types.py

@@ -56,6 +56,12 @@ class TypesStore(KnowledgeBasePlugin, UserDict):
         yield from super().__iter__()
         yield from iter(ALL_TYPES)
 
+    def __getstate__(self):
+        return self.data  # do not pickle self.kb
+
+    def __setstate__(self, state):
+        self.data = state
+
     def iter_own(self):
         """
         Iterate over all the names which are stored in this object - i.e. ``values()`` without ``ALL_TYPES``

angr/knowledge_plugins/variables/variable_manager.py

@@ -122,7 +122,32 @@ class VariableManagerInternal(Serializable):
         self.__dict__.update(state)
 
     def __getstate__(self):
-        d = dict(self.__dict__)
+        attributes = [
+            "func_addr",
+            "_variables",
+            "_global_region",
+            "_stack_region",
+            "_register_region",
+            "_live_variables",
+            "_variable_accesses",
+            "_insn_to_variable",
+            "_stmt_to_variable",
+            "_variable_to_stmt",
+            "_atom_to_variable",
+            "_ident_to_variable",
+            "_variable_counters",
+            "_unified_variables",
+            "_variables_to_unified_variables",
+            "_phi_variables",
+            "_variables_to_phivars",
+            "_phi_variables_by_block",
+            "types",
+            "variable_to_types",
+            "variables_with_manual_types",
+            "_variables_without_writes",
+            "ret_val_size",
+        ]
+        d = {k: getattr(self, k) for k in attributes}
         d["manager"] = None
         d["types"].kb = None
         return d
@@ -759,10 +784,11 @@ class VariableManagerInternal(Serializable):
             if variable in self._phi_variables:
                 # a phi variable is definitely not an input variable
                 continue
-            accesses = self._variable_accesses[variable]
-            if has_read_access(accesses):
-                if not exclude_specials or not variable.category:
-                    input_variables.append(variable)
+            if variable in self._variable_accesses:
+                accesses = self._variable_accesses[variable]
+                if has_read_access(accesses):
+                    if not exclude_specials or not variable.category:
+                        input_variables.append(variable)
 
         return input_variables
 

angr/simos/simos.py

@@ -277,6 +277,8 @@ class SimOS:
 
         if state.arch.name == "PPC64" and toc is not None:
             state.regs.r2 = toc
+        elif state.arch.name in ("MIPS32", "MIPS64"):
+            state.regs.t9 = addr
 
         return state
 

angr/storage/memory_mixins/__init__.py

@@ -67,6 +67,9 @@ class MemoryMixin(SimStatePlugin):
     def merge(self, others, merge_conditions, common_ancestor=None) -> bool:
         pass
 
+    def compare(self, other) -> bool:
+        pass
+
     def widen(self, others):
         pass
 

angr/storage/memory_mixins/multi_value_merger_mixin.py

@@ -1,13 +1,17 @@
+# pylint:disable=missing-class-docstring
 from typing import Iterable, Tuple, Any, Callable, Optional
 
 from . import MemoryMixin
 
 
 class MultiValueMergerMixin(MemoryMixin):
-    def __init__(self, *args, element_limit=5, annotation_limit=256, top_func=None, phi_maker=None, **kwargs):
+    def __init__(
+        self, *args, element_limit=5, annotation_limit=256, top_func=None, is_top_func=None, phi_maker=None, **kwargs
+    ):
         self._element_limit = element_limit
         self._annotation_limit = annotation_limit
         self._top_func: Callable = top_func
+        self._is_top_func: Callable = is_top_func
         self._phi_maker: Optional[Callable] = phi_maker
 
         super().__init__(*args, **kwargs)
@@ -20,18 +24,23 @@ class MultiValueMergerMixin(MemoryMixin):
                 return {phi_var}
 
         # try to merge it in the traditional way
-        if len(values_set) > self._element_limit:
-            # strip annotations from each value and see how many raw values there are in total
-            # We have to use cache_key to determine uniqueness here, because if __hash__ collides,
-            # python implicitly calls __eq__ to determine if the two objects are actually the same
-            # and that just results in a new AST for a BV. Python then tries to convert that AST to a bool
-            # which fails with the safeguard in claripy.ast.bool.Bool.__bool__.
-            stripped_values_set = {v._apply_to_annotations(lambda alist: None).cache_key for v in values_set}
-            if len(stripped_values_set) > 1:
+        has_top = any(self._is_top_func(v) for v in values_set)
+        if has_top or len(values_set) > self._element_limit:
+            if has_top:
                 ret_val = self._top_func(merged_size * self.state.arch.byte_width)
             else:
-                # Get the AST back from the cache_key
-                ret_val = next(iter(stripped_values_set)).ast
+                # strip annotations from each value and see how many raw values there are in total
+                # We have to use cache_key to determine uniqueness here, because if __hash__ collides,
+                # python implicitly calls __eq__ to determine if the two objects are actually the same
+                # and that just results in a new AST for a BV. Python then tries to convert that AST to a bool
+                # which fails with the safeguard in claripy.ast.bool.Bool.__bool__.
+                stripped_values_set = {v._apply_to_annotations(lambda alist: None).cache_key for v in values_set}
+                if len(stripped_values_set) > 1:
+                    ret_val = self._top_func(merged_size * self.state.arch.byte_width)
+                else:
+                    # Get the AST back from the cache_key
+                    ret_val = next(iter(stripped_values_set)).ast
+
             # migrate annotations
             annotations = []
             annotations_set = set()
@@ -41,6 +50,7 @@ class MultiValueMergerMixin(MemoryMixin):
                         annotations.append(anno)
                         annotations_set.add(anno)
             if annotations:
+                annotations = sorted(annotations, key=str)
                 ret_val = ret_val.annotate(*annotations[: self._annotation_limit])
             merged_val = {ret_val}
         else:
@@ -52,5 +62,6 @@ class MultiValueMergerMixin(MemoryMixin):
         copied._element_limit = self._element_limit
         copied._annotation_limit = self._annotation_limit
         copied._top_func = self._top_func
+        copied._is_top_func = self._is_top_func
         copied._phi_maker = self._phi_maker
         return copied

angr/storage/memory_mixins/paged_memory/paged_memory_mixin.py

@@ -294,6 +294,24 @@ class PagedMemoryMixin(MemoryMixin):
 
         return bool(merged_bytes)
 
+    def compare(self, other: "PagedMemoryMixin") -> bool:
+        changed_pages_and_offsets: Dict[int, Optional[Set[int]]] = dict(self.changed_pages(other))
+
+        for page_no in sorted(changed_pages_and_offsets):
+            page = self._get_page(page_no, False)
+            page_addr = page_no * self.page_size
+            if page_no in other._pages:
+                r = page.compare(
+                    other._pages[page_no],
+                    page_addr=page_addr,
+                    memory=self,
+                    changed_offsets=changed_pages_and_offsets[page_no],
+                )
+                if r is False:
+                    return False
+
+        return True
+
     def permissions(self, addr, permissions=None, **kwargs):
         if type(addr) is not int:
             raise TypeError("addr must be an int in paged memory")
@@ -643,10 +661,10 @@ class LabeledPagesMixin(PagedMemoryMixin):
         if endness is None:
             endness = self.endness
 
-        if type(size) is not int:
+        if not isinstance(size, int):
             raise TypeError("Need size to be resolved to an int by this point")
 
-        if type(addr) is not int:
+        if not isinstance(addr, int):
             raise TypeError("Need addr to be resolved to an int by this point")
 
         pageno, pageoff = self._divide_addr(addr)

angr/storage/memory_mixins/paged_memory/pages/mv_list_page.py

@@ -1,6 +1,6 @@
-# pylint:disable=abstract-method,arguments-differ
+# pylint:disable=abstract-method,arguments-differ,assignment-from-no-return
 import logging
-from typing import Optional, List, Set, Tuple, Union, Callable
+from typing import Optional, List, Set, Tuple, Union, Callable, Any, FrozenSet
 
 from angr.utils.dynamic_dictlist import DynamicDictList
 from .....storage.memory_object import SimMemoryObject, SimLabeledMemoryObject
@@ -166,40 +166,58 @@ class MVListPage(
                 continue
             l.debug("... on byte 0x%x", b)
 
-            memory_objects = []
+            memory_object_sets: Set[Tuple[FrozenSet[SimMemoryObject], Any]] = set()
             unconstrained_in = []
 
-            # first get a list of all memory objects at that location, and
-            # all memories that don't have those bytes
+            # first get a list of all memory objects at that location, and all memories that don't have those bytes
+            self_has_memory_object_set = False
             for sm, fv in zip(all_pages, merge_conditions):
                 if sm._contains(b, page_addr):
                     l.info("... present in %s", fv)
+                    memory_objects = set()
                     for mo in sm.content_gen(b):
                         if mo.includes(page_addr + b):
-                            memory_objects.append((mo, fv))
+                            memory_objects.add(mo)
+                    memory_object_sets.add((frozenset(memory_objects), fv))
+                    if sm is self:
+                        self_has_memory_object_set = True
                 else:
                     l.info("... not present in %s", fv)
                     unconstrained_in.append((sm, fv))
 
-            if not memory_objects:
+            if not memory_object_sets:
+                continue
+            if self_has_memory_object_set and len(memory_object_sets) == 1:
                 continue
 
-            mos = {mo for mo, _ in memory_objects}
-            mo_bases = {mo.base for mo, _ in memory_objects}
-            mo_lengths = {mo.length for mo, _ in memory_objects}
-            endnesses = {mo.endness for mo in mos}
-
-            if not unconstrained_in and not (mos - merged_objects):  # pylint:disable=superfluous-parens
+            mo_sets = {mo_set for mo_set, _ in memory_object_sets}
+            mo_bases = set()
+            mo_lengths = set()
+            endnesses = set()
+            for mo_set in mo_sets:
+                for mo in mo_set:
+                    mo_bases.add(mo.base)
+                    mo_lengths.add(mo.length)
+                    endnesses.add(mo.endness)
+
+            if not unconstrained_in and not (mo_sets - merged_objects):  # pylint:disable=superfluous-parens
                 continue
 
             # first, optimize the case where we are dealing with the same-sized memory objects
             if len(mo_bases) == 1 and len(mo_lengths) == 1 and not unconstrained_in and len(endnesses) == 1:
+                if len(memory_object_sets) == 1:
+                    # nothing to merge!
+                    continue
+
                 the_endness = next(iter(endnesses))
-                to_merge = [(mo.object, fv) for mo, fv in memory_objects]
+                to_merge = []
+                for mo_set, fv in memory_object_sets:
+                    for mo in mo_set:
+                        to_merge.append((mo.object, fv))
 
                 # Update `merged_to`
                 mo_base = list(mo_bases)[0]
-                mo_length = memory_objects[0][0].length
+                mo_length = next(iter(mo_lengths))
                 size = min(mo_length - (page_addr + b - mo_base), len(self.content) - b)
                 merged_to = b + size
 
@@ -212,25 +230,18 @@ class MVListPage(
                 # TODO: Implement in-place replacement instead of calling store()
                 # new_object = self._replace_memory_object(our_mo, merged_val, page_addr, memory.page_size)
 
-                first_value = True
-                for v in merged_val:
-                    self.store(
-                        b,
-                        {SimMemoryObject(v, mo_base, endness=the_endness)},
-                        size=size,
-                        cooperate=True,
-                        weak=not first_value,
-                    )
-                    first_value = False
+                new_mos = {SimMemoryObject(v, mo_base, endness=the_endness) for v in merged_val}
+                self.store(b, new_mos, size=size, cooperate=True, weak=False)
 
                 merged_offsets.add(b)
 
             else:
-                # get the size that we can merge easily. This is the minimum of
-                # the size of all memory objects and unallocated spaces.
-                min_size = min(
-                    [mo.length - (b + page_addr - mo.base) for mo, _ in memory_objects] + [len(self.content) - b]
-                )
+                # get the size that we can merge easily. This is the minimum of the size of all memory objects and
+                # unallocated spaces.
+                min_size = len(self.content) - b
+                for mo_set in mo_sets:
+                    for mo in mo_set:
+                        min_size = min(min_size, mo.length - (b + page_addr - mo.base))
                 for um, _ in unconstrained_in:
                     for i in range(0, min_size):
                         if um._contains(b + i, page_addr):
@@ -241,9 +252,11 @@ class MVListPage(
 
                 # Now, we have the minimum size. We'll extract/create expressions of that
                 # size and merge them
-                extracted = (
-                    [(mo.bytes_at(page_addr + b, min_size), fv) for mo, fv in memory_objects] if min_size != 0 else []
-                )
+                extracted = []
+                if min_size != 0:
+                    for mo_set, fv in memory_object_sets:
+                        for mo in mo_set:
+                            extracted.append((mo.bytes_at(page_addr + b, min_size), fv))
                 if not memory.skip_missing_values_during_merging:
                     created = [
                         (self._default_value(None, min_size, name=f"merge_uc_{uc.id}_{b:x}", memory=memory), fv)
@@ -257,22 +270,46 @@ class MVListPage(
                 if merged_val is None:
                     continue
 
-                first_value = True
-                for v in merged_val:
-                    self.store(
-                        b,
-                        {SimMemoryObject(v, page_addr + b, endness="Iend_BE")},
-                        size=min_size,
-                        endness="Iend_BE",
-                        cooperate=True,
-                        weak=not first_value,
-                    )  # do not convert endianness again
-                    first_value = False
+                new_mos = {SimMemoryObject(v, page_addr + b, endness="Iend_BE") for v in merged_val}
+                self.store(b, new_mos, size=min_size, cooperate=True, weak=False)
                 merged_offsets.add(b)
 
         self.stored_offset |= merged_offsets
         return merged_offsets
 
+    def compare(
+        self, other: "MVListPage", page_addr: int = None, memory=None, changed_offsets=None
+    ) -> bool:  # pylint: disable=unused-argument
+        compared_to = None
+        for b in sorted(changed_offsets):
+            if compared_to is not None and not b >= compared_to:
+                continue
+
+            unconstrained_in = []
+            self_has_memory_object_set = False
+            memory_object_sets: Set[FrozenSet[SimMemoryObject]] = set()
+            for sm in [self, other]:
+                if sm._contains(b, page_addr):
+                    memory_objects = set()
+                    for mo in sm.content_gen(b):
+                        if mo.includes(page_addr + b):
+                            memory_objects.add(mo)
+                    memory_object_sets.add(frozenset(memory_objects))
+                    if sm is self:
+                        self_has_memory_object_set = True
+                else:
+                    unconstrained_in.append(sm)
+
+            if not memory_object_sets:
+                continue
+            if self_has_memory_object_set and len(memory_object_sets) == 1:
+                continue
+
+            # TODO: compare_values even more?
+            return False
+
+        return True
+
     def changed_bytes(self, other: "MVListPage", page_addr: int = None):
         candidates: Set[int] = super().changed_bytes(other)
         if candidates is not None:

angr/utils/cowdict.py

@@ -35,7 +35,7 @@ class DefaultChainMapCOW(ChainMapCOW):
     Implements a copy-on-write version of ChainMap with default values that supports auto-collapsing.
     """
 
-    def __init__(self, default_factory, *args, collapse_threshold=None):
+    def __init__(self, *args, default_factory=None, collapse_threshold=None):
         super().__init__(*args, collapse_threshold=collapse_threshold)
         self.default_factory = default_factory
 
@@ -53,7 +53,9 @@ class DefaultChainMapCOW(ChainMapCOW):
                 collapsed = {}
                 for m in reversed(self.maps):
                     collapsed.update(m)
-                return DefaultChainMapCOW(collapsed, collapse_threshold=self.collapse_threshold)
+                return DefaultChainMapCOW(
+                    collapsed, default_factory=self.default_factory, collapse_threshold=self.collapse_threshold
+                )
             r = self.new_child()
             r.default_factory = self.default_factory
             r.collapse_threshold = self.collapse_threshold

angr/utils/funcid.py

@@ -13,6 +13,8 @@ def is_function_security_check_cookie(func, project, security_cookie_addr: int)
     block = project.factory.block(func.addr)
     if block.instructions != 2:
         return False
+    if not block.capstone.insns or len(block.capstone.insns) != 2:
+        return False
     ins0 = block.capstone.insns[0]
     if (
         ins0.mnemonic == "cmp"
@@ -57,6 +59,8 @@ def is_function_security_init_cookie(func: "Function", project, security_cookie_
         block = project.factory.block(node_addr, size=node_size)
         if not block.instructions:
             continue
+        if not block.capstone.insns:
+            continue
         last_insn = block.capstone.insns[-1]
         if (
             last_insn.mnemonic == "mov"
@@ -78,6 +82,8 @@ def is_function_security_init_cookie_win8(func: "Function", project, security_co
     block = project.factory.block(func.addr)
     if block.instructions != 3:
         return False
+    if not block.capstone.insns or len(block.capstone.insns) != 3:
+        return False
     ins0 = block.capstone.insns[0]
     if (
         ins0.mnemonic == "mov"

angr/utils/mp.py

@@ -43,7 +43,7 @@ class Initializer:
     def initialize(self) -> None:
         """
         Initialize a multiprocessing.Process
-        Set the current global initalizer to the same state as this initalizer, then calls each initalizer
+        Set the current global initializer to the same state as this initializer, then calls each initializer
         """
         self._single = self
         for i in self.initializers:

{angr-9.2.96.dist-info → angr-9.2.97.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: angr
-Version: 9.2.96
+Version: 9.2.97
 Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
 Home-page: https://github.com/angr/angr
 License: BSD-2-Clause
@@ -17,13 +17,13 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: CppHeaderParser
 Requires-Dist: GitPython
-Requires-Dist: ailment ==9.2.96
-Requires-Dist: archinfo ==9.2.96
+Requires-Dist: ailment ==9.2.97
+Requires-Dist: archinfo ==9.2.97
 Requires-Dist: cachetools
 Requires-Dist: capstone ==5.0.0.post1
 Requires-Dist: cffi >=1.14.0
-Requires-Dist: claripy ==9.2.96
-Requires-Dist: cle ==9.2.96
+Requires-Dist: claripy ==9.2.97
+Requires-Dist: cle ==9.2.97
 Requires-Dist: dpkt
 Requires-Dist: itanium-demangler
 Requires-Dist: mulpyplexer
@@ -33,7 +33,7 @@ Requires-Dist: protobuf >=3.19.0
 Requires-Dist: psutil
 Requires-Dist: pycparser >=2.18
 Requires-Dist: pyformlang
-Requires-Dist: pyvex ==9.2.96
+Requires-Dist: pyvex ==9.2.97
 Requires-Dist: rich >=13.1.0
 Requires-Dist: rpyc
 Requires-Dist: sortedcontainers