angr.analyses.decompiler.structuring

angr.analyses.decompiler.structuring.DEFAULT_STRUCTURER

alias of SAILRStructurer

class angr.analyses.decompiler.structuring.DreamStructurer

Bases: StructurerBase

Structure a region using a structuring algorithm that is similar to the one in Dream decompiler (described in the “no more gotos” paper). Note that this implementation has quite a few improvements over the original described version and should not be used to evaluate the performance of the original algorithm described in that paper.

The current function graph is provided so that we can detect certain edge cases, for example, jump table entries no longer exist due to empty node removal during structuring or prior steps.

NAME = 'dream'

__init__(region, parent_map=None, condition_processor=None, func=None, case_entry_to_switch_head=None, parent_region=None, **kwargs)

Parameters:

• func (Function | None)

• case_entry_to_switch_head (dict[int, int] | None)

class angr.analyses.decompiler.structuring.PhoenixStructurer

Bases: StructurerBase

Structure a region using a structuring algorithm that is similar to the one in Phoenix decompiler (described in the “phoenix decompiler” paper). Note that this implementation has quite a few improvements over the original described version and should not be used to evaluate the performance of the original algorithm described in that paper.

NAME = 'phoenix'

__init__(region, parent_map=None, condition_processor=None, func=None, case_entry_to_switch_head=None, parent_region=None, improve_algorithm=False, use_multistmtexprs=MultiStmtExprMode.MAX_ONE_CALL, multistmtexpr_stmt_threshold=5, **kwargs)

Parameters:

• func (Function | None)

• case_entry_to_switch_head (dict[int, int] | None)

• use_multistmtexprs (MultiStmtExprMode)

• multistmtexpr_stmt_threshold (int)

replace_nodes(graph, old_node_0, new_node, old_node_1=None, self_loop=True, update_node_order=False, drop_refinement_marks=False)

Parameters:

• update_node_order (bool)

• drop_refinement_marks (bool)

static dump_graph(graph, path)

Return type:

None

Parameters:

• graph (DiGraph)

• path (str)

static switch_case_entry_node_has_common_successor_case_1(graph, jump_table, case_nodes, node_pred)

Return type:

bool

static switch_case_entry_node_has_common_successor_case_2(graph, jump_table, case_nodes, node_pred)

Return type:

bool

class angr.analyses.decompiler.structuring.RecursiveStructurer

Bases: Analysis

Recursively structure a region and all of its subregions.

__init__(region, cond_proc=None, func=None, structurer_cls=None, *, ail_manager, **kwargs)

Parameters:

• func (Function | None)

• structurer_cls (type | None)

• ail_manager (Manager)

class angr.analyses.decompiler.structuring.SAILRStructurer

Bases: PhoenixStructurer

The SAILR structuring algorithm is the phoenix-based algorithm from the USENIX 2024 paper SAILR. The entirety of the algorithm is implemented across this class and various optimization passes in the decompiler. To find each optimization class, simply search for optimizations which reference this class.NAME.

At a high-level, SAILR does three things different from the traditional Phoenix schema-based algorithm:

1. It recursively structures the graph, rather than doing it in a single pass. This allows decisions to be made based on the current state of what the decompilation would look like.

2. It performs deoptimizations targeting specific optimizations that introduces gotos and mis-structured code. It can only do this because of the recursive nature of the algorithm.

3. It uses a more advanced heuristic for virtualizing edges, which is implemented in this class.

Additionally, some changes in Phoenix are only activated when SAILR is used.

NAME = 'sailr'

__init__(region, improve_phoenix=True, postdom_max_edges=10, postdom_max_graph_size=50, **kwargs)

angr.analyses.decompiler.structuring.structurer_class_from_name(name)

Return type:

type | None

Parameters:

name (str)

Submodules

dream
phoenix
recursive_structurer
sailr
structurer_base