angr.analyses.decompiler.optimization_passes.lowered_switch_simplifier

class angr.analyses.decompiler.optimization_passes.lowered_switch_simplifier.Case

Bases: object

Describes a case in a switch-case construct.

__init__(original_node, node_type, variable_hash, expr, value, target, target_idx, next_addr)
Parameters:

  • node_type (str | None)

  • value (int | str)

  • target_idx (int | None)

original_node
node_type
variable_hash
expr
value
target
target_idx
next_addr
class angr.analyses.decompiler.optimization_passes.lowered_switch_simplifier.StableVarExprHasher

Bases: AILBlockViewer

Obtain a stable hash of an AIL expression with respect to all variables and all operations applied on variables.

__init__(expr)
Parameters:

expr (Expression)

class angr.analyses.decompiler.optimization_passes.lowered_switch_simplifier.LoweredSwitchSimplifier

Bases: StructuringOptimizationPass

This optimization recognizes and reverts switch cases that have been lowered and possibly split into multiple if-else statements. This optimization, discussed in the USENIX 2024 paper SAILR, aims to undo the compiler optimization known as “Switch Lowering”, present in both GCC and Clang. An in-depth discussion of this optimization can be found in the paper or in our documentation of the optimization: https://github.com/mahaloz/sailr-eval/issues/14#issue-2232616411

Note, this optimization does not occur in MSVC, which uses a different optimization strategy for switch cases. As a hack for now, we only run this deoptimization on Linux binaries.

PLATFORMS = ['linux']
NAME = 'Convert lowered switch-cases (if-else) to switch-cases'
DESCRIPTION = 'Convert lowered switch-cases (if-else) to switch-cases. Only works when the Phoenix structuring algorithm is in use.'
__init__(*args, min_distinct_cases=2, **kwargs)
static restore_graph(node, last_stmt, graph, full_graph)
Parameters:
static cases_issubset(cases_0, cases_1)

Test if cases_0 is a subset of cases_1.

Return type:

bool

Parameters: