angr.analyses.typehoon.typehoon¶
- class angr.analyses.typehoon.typehoon.Typehoon¶
Bases:
AnalysisA spiritual tribute to the long-standing typehoon project that @jmg (John Grosen) worked on during his days in the angr team. Now I feel really bad of asking the poor guy to work directly on VEX IR without any fancy static analysis support as we have right now…
Typehoon analysis implements a pushdown system that simplifies and solves type constraints. Our type constraints are largely an implementation of the paper Polymorphic Type Inference for Machine Code by Noonan, Loginov, and Cok from GrammaTech (with missing functionality support and bugs, of course). Type constraints are collected by running VariableRecoveryFast (maybe VariableRecovery later as well) on a function, and then solved using this analysis.
User may specify ground truth, which will override all types at certain program points during constraint solving.
- __init__(constraints, func_var, ground_truth=None, var_mapping=None, must_struct=None, stackvar_max_sizes=None, stack_offset_tvs=None, constraint_set_degradation_threshold=150, type_translator=None, tv_manager=None)¶
- Parameters:
constraints
ground_truth – A set of SimType-style solutions for some or all type variables. They will be respected during type solving.
var_mapping (
dict[SimVariable,set[TypeVariable]] |None)must_struct (
set[TypeVariable] |None)stackvar_max_sizes (dict[TypeVariable, int] | None)
stack_offset_tvs (dict[int, TypeVariable] | None)
constraint_set_degradation_threshold (int)
type_translator (TypeTranslator | None)
tv_manager (TypeVariableManager | None)
- update_variable_types(func_addr, var_to_typevars, stack_offset_tvs=None)¶
- Return type:
- Parameters:
var_to_typevars (dict[SimVariable, set[TypeVariable]])
stack_offset_tvs (dict[int, TypeVariable] | None)
- pp_constraints()¶
Pretty-print constraints between variables using the variable mapping.
- Return type: