ailment — angr Intermediate Language

class ailment.Block(addr, original_size, statements=None, idx=None)

Bases: object

Describes an AIL block.

__init__(addr, original_size, statements=None, idx=None)

addr

original_size

statements: List[Statement]

idx

copy(statements=None)

dbg_repr(indent=0)

likes(other)

class ailment.Assignment(*args, **kwargs)

Bases: Statement

Assignment statement: expr_a = expr_b

__init__(idx, dst, src, **kwargs)

dst

src

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

Assignment

class ailment.Expression(*args, **kwargs)

Bases: TaggedObject

The base class of all AIL expressions.

__init__(idx, depth, **kwargs)

depth

has_atom(atom, identity=True)

likes(atom)

replace(old_expr, new_expr)

class ailment.Const(*args, **kwargs)

Bases: Atom

__init__(idx, variable, value, bits, **kwargs)

value

bits

property size

likes(other)

property sign_bit

copy()

Return type:

Const

class ailment.Tmp(*args, **kwargs)

Bases: Atom

__init__(idx, variable, tmp_idx, bits, **kwargs)

tmp_idx

bits

property size

likes(other)

copy()

Return type:

Tmp

class ailment.Register(*args, **kwargs)

Bases: Atom

__init__(idx, variable, reg_offset, bits, **kwargs)

reg_offset

bits

property size

likes(atom)

copy()

Return type:

Register

class ailment.UnaryOp(*args, **kwargs)

Bases: Op

__init__(idx, op, operand, variable=None, variable_offset=None, **kwargs)

operand

bits

variable

variable_offset

likes(other)

replace(old_expr, new_expr)

property operands

property size

copy()

Return type:

UnaryOp

has_atom(atom, identity=True)

class ailment.BinaryOp(*args, **kwargs)

Bases: Op

OPSTR_MAP = {'Add': '+', 'AddF': '+', 'AddV': '+', 'And': '&', 'Carry': 'CARRY', 'CmpEQ': '==', 'CmpF': 'CmpF', 'CmpGE': '>=', 'CmpGEs': '>=s', 'CmpGT': '>', 'CmpGTs': '>s', 'CmpLE': '<=', 'CmpLEs': '<=s', 'CmpLT': '<', 'CmpLTs': '<s', 'CmpNE': '!=', 'Concat': 'CONCAT', 'Div': '/', 'DivF': '/', 'DivMod': '/m', 'LogicalAnd': '&&', 'LogicalOr': '||', 'Mod': '%', 'Mul': '*', 'MulF': '*', 'MulV': '*', 'Or': '|', 'Rol': 'ROL', 'Ror': 'ROR', 'SBorrow': 'SBORROW', 'SCarry': 'SCARRY', 'Sar': '>>a', 'Shl': '<<', 'Shr': '>>', 'Sub': '-', 'SubF': '-', 'Xor': '^'}

COMPARISON_NEGATION = {'CmpEQ': 'CmpNE', 'CmpGE': 'CmpLT', 'CmpGEs': 'CmpLTs', 'CmpGT': 'CmpLE', 'CmpGTs': 'CmpLEs', 'CmpLE': 'CmpGT', 'CmpLEs': 'CmpGTs', 'CmpLT': 'CmpGE', 'CmpLTs': 'CmpGEs', 'CmpNE': 'CmpEQ'}

__init__(idx, op, operands, signed, variable=None, variable_offset=None, bits=None, floating_point=False, rounding_mode=None, from_bits=None, to_bits=None, **kwargs)

operands

bits

signed

variable

variable_offset

floating_point

rounding_mode

from_bits

to_bits

likes(other)

has_atom(atom, identity=True)

replace(old_expr, new_expr)

property verbose_op

property size

copy()

Return type:

BinaryOp

class ailment.Manager(name=None, arch=None)

Bases: object

Parameters:

name (str | None) –

__init__(name=None, arch=None)

Parameters:

name (str | None) –

next_atom()

reset()

property ins_addr: int | None

class ailment.IRSBConverter

Bases: Converter

static convert(irsb, manager)

Convert the given IRSB to an AIL block

Parameters:

• irsb – The IRSB to convert

• manager – The manager to use

Returns:

Returns the converted block

class ailment.AILBlockWalkerBase(stmt_handlers=None, expr_handlers=None)

Bases: object

Walks all statements and expressions of an AIL node and do nothing.

__init__(stmt_handlers=None, expr_handlers=None)

walk(block)

Parameters:

block (Block) –

walk_statement(stmt)

Parameters:

stmt (Statement) –

walk_expression(expr, stmt_idx=None, stmt=None, block=None)

Parameters:

• expr (Expression) –

• stmt_idx (int | None) –

• stmt (int | None) –

• block (Block | None) –

class ailment.AILBlockWalker(stmt_handlers=None, expr_handlers=None)

Bases: AILBlockWalkerBase

Walks all statements and expressions of an AIL node, and rebuilds expressions, statements, or blocks if needed.

If you need a pure walker without rebuilding, use AILBlockWalkerBase instead.

__init__(stmt_handlers=None, expr_handlers=None)

Converter

exception ailment.converter_common.SkipConversionNotice

Bases: Exception

class ailment.converter_common.Converter

Bases: object

static convert(thing)

Expressions

class ailment.expression.Expression(*args, **kwargs)

Bases: TaggedObject

The base class of all AIL expressions.

__init__(idx, depth, **kwargs)

depth

has_atom(atom, identity=True)

likes(atom)

replace(old_expr, new_expr)

class ailment.expression.Atom(*args, **kwargs)

Bases: Expression

__init__(idx, variable, variable_offset=0, **kwargs)

variable

variable_offset

copy()

class ailment.expression.Const(*args, **kwargs)

Bases: Atom

__init__(idx, variable, value, bits, **kwargs)

value

bits

property size

likes(other)

property sign_bit

copy()

Return type:

Const

class ailment.expression.Tmp(*args, **kwargs)

Bases: Atom

__init__(idx, variable, tmp_idx, bits, **kwargs)

tmp_idx

bits

property size

likes(other)

copy()

Return type:

Tmp

class ailment.expression.Register(*args, **kwargs)

Bases: Atom

__init__(idx, variable, reg_offset, bits, **kwargs)

reg_offset

bits

property size

likes(atom)

copy()

Return type:

Register

class ailment.expression.Op(*args, **kwargs)

Bases: Expression

__init__(idx, depth, op, **kwargs)

op

property verbose_op

class ailment.expression.UnaryOp(*args, **kwargs)

Bases: Op

__init__(idx, op, operand, variable=None, variable_offset=None, **kwargs)

operand

bits

variable

variable_offset

likes(other)

replace(old_expr, new_expr)

property operands

property size

copy()

Return type:

UnaryOp

has_atom(atom, identity=True)

class ailment.expression.Convert(*args, **kwargs)

Bases: UnaryOp

TYPE_INT = 0

TYPE_FP = 1

__init__(idx, from_bits, to_bits, is_signed, operand, from_type=0, to_type=0, rounding_mode=None, **kwargs)

from_bits

to_bits

is_signed

from_type

to_type

rounding_mode

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

Convert

class ailment.expression.Reinterpret(idx, from_bits, from_type, to_bits, to_type, operand, **kwargs)

Bases: UnaryOp

__init__(idx, from_bits, from_type, to_bits, to_type, operand, **kwargs)

Parameters:

• from_bits (int) –

• from_type (str) –

• to_bits (int) –

• to_type (str) –

from_bits

from_type

to_bits

to_type

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

Reinterpret

class ailment.expression.BinaryOp(*args, **kwargs)

Bases: Op

OPSTR_MAP = {'Add': '+', 'AddF': '+', 'AddV': '+', 'And': '&', 'Carry': 'CARRY', 'CmpEQ': '==', 'CmpF': 'CmpF', 'CmpGE': '>=', 'CmpGEs': '>=s', 'CmpGT': '>', 'CmpGTs': '>s', 'CmpLE': '<=', 'CmpLEs': '<=s', 'CmpLT': '<', 'CmpLTs': '<s', 'CmpNE': '!=', 'Concat': 'CONCAT', 'Div': '/', 'DivF': '/', 'DivMod': '/m', 'LogicalAnd': '&&', 'LogicalOr': '||', 'Mod': '%', 'Mul': '*', 'MulF': '*', 'MulV': '*', 'Or': '|', 'Rol': 'ROL', 'Ror': 'ROR', 'SBorrow': 'SBORROW', 'SCarry': 'SCARRY', 'Sar': '>>a', 'Shl': '<<', 'Shr': '>>', 'Sub': '-', 'SubF': '-', 'Xor': '^'}

COMPARISON_NEGATION = {'CmpEQ': 'CmpNE', 'CmpGE': 'CmpLT', 'CmpGEs': 'CmpLTs', 'CmpGT': 'CmpLE', 'CmpGTs': 'CmpLEs', 'CmpLE': 'CmpGT', 'CmpLEs': 'CmpGTs', 'CmpLT': 'CmpGE', 'CmpLTs': 'CmpGEs', 'CmpNE': 'CmpEQ'}

__init__(idx, op, operands, signed, variable=None, variable_offset=None, bits=None, floating_point=False, rounding_mode=None, from_bits=None, to_bits=None, **kwargs)

operands

bits

signed

variable

variable_offset

floating_point

rounding_mode

from_bits

to_bits

likes(other)

has_atom(atom, identity=True)

replace(old_expr, new_expr)

property verbose_op

property size

copy()

Return type:

BinaryOp

class ailment.expression.TernaryOp(*args, **kwargs)

Bases: Op

OPSTR_MAP = {}

__init__(idx, op, operands, bits=None, **kwargs)

operands

bits

likes(other)

has_atom(atom, identity=True)

replace(old_expr, new_expr)

property verbose_op

property size

copy()

Return type:

TernaryOp

class ailment.expression.Load(*args, **kwargs)

Bases: Expression

__init__(idx, addr, size, endness, variable=None, variable_offset=None, guard=None, alt=None, **kwargs)

addr

size

endness

guard

alt

variable

variable_offset

property bits

has_atom(atom, identity=True)

replace(old_expr, new_expr)

likes(other)

copy()

Return type:

Load

class ailment.expression.ITE(*args, **kwargs)

Bases: Expression

__init__(idx, cond, iffalse, iftrue, variable=None, variable_offset=None, **kwargs)

cond

iffalse

iftrue

bits

variable

variable_offset

likes(atom)

has_atom(atom, identity=True)

replace(old_expr, new_expr)

property size

copy()

Return type:

ITE

class ailment.expression.DirtyExpression(*args, **kwargs)

Bases: Expression

__init__(idx, dirty_expr, bits=None, **kwargs)

dirty_expr

bits

likes(other)

copy()

Return type:

DirtyExpression

replace(old_expr, new_expr)

property size

class ailment.expression.VEXCCallExpression(*args, **kwargs)

Bases: Expression

__init__(idx, cee_name, operands, bits=None, **kwargs)

cee_name

operands

bits

likes(other)

copy()

Return type:

VEXCCallExpression

replace(old_expr, new_expr)

property size

class ailment.expression.MultiStatementExpression(idx, stmts, expr, **kwargs)

Bases: Expression

For representing comma-separated statements and expression in C.

__init__(idx, stmts, expr, **kwargs)

Parameters:

• idx (int | None) –

• stmts (List[Statement]) –

• expr (Expression) –

stmts

expr

likes(other)

property bits

property size

replace(old_expr, new_expr)

copy()

Return type:

MultiStatementExpression

class ailment.expression.BasePointerOffset(*args, **kwargs)

Bases: Expression

__init__(idx, bits, base, offset, variable=None, variable_offset=None, **kwargs)

bits

base

offset

variable

variable_offset

property size

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

BasePointerOffset

class ailment.expression.StackBaseOffset(*args, **kwargs)

Bases: BasePointerOffset

__init__(idx, bits, offset, **kwargs)

copy()

Return type:

StackBaseOffset

ailment.expression.negate(expr)

Return type:

Expression

Parameters:

expr (Expression) –

Statement

class ailment.statement.Statement(*args, **kwargs)

Bases: TaggedObject

The base class of all AIL statements.

replace(old_expr, new_expr)

eq(expr0, expr1)

class ailment.statement.Assignment(*args, **kwargs)

Bases: Statement

Assignment statement: expr_a = expr_b

__init__(idx, dst, src, **kwargs)

dst

src

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

Assignment

class ailment.statement.Store(*args, **kwargs)

Bases: Statement

Store statement: *addr = data

__init__(idx, addr, data, size, endness, guard=None, variable=None, offset=None, **kwargs)

addr

data

size

endness

variable

guard

offset

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

Store

class ailment.statement.Jump(idx, target, target_idx=None, **kwargs)

Bases: Statement

Jump statement: goto target

__init__(idx, target, target_idx=None, **kwargs)

Parameters:

target_idx (int | None) –

target

target_idx

likes(other)

property depth

replace(old_expr, new_expr)

copy()

class ailment.statement.ConditionalJump(idx, condition, true_target, false_target, true_target_idx=None, false_target_idx=None, **kwargs)

Bases: Statement

if (cond) {true_target} else {false_target}

__init__(idx, condition, true_target, false_target, true_target_idx=None, false_target_idx=None, **kwargs)

Parameters:

• true_target_idx (int | None) –

• false_target_idx (int | None) –

condition

true_target

false_target

true_target_idx

false_target_idx

likes(other)

replace(old_expr, new_expr)

copy()

Return type:

ConditionalJump

class ailment.statement.Call(idx, target, calling_convention=None, prototype=None, args=None, ret_expr=None, fp_ret_expr=None, **kwargs)

Bases: Expression, Statement

Call is both an expression and a statement. The return expression of a call is defined as the ret_expr if and only if the callee function has one return expression.

__init__(idx, target, calling_convention=None, prototype=None, args=None, ret_expr=None, fp_ret_expr=None, **kwargs)

Parameters:

calling_convention (SimCC | None) –

target

calling_convention

prototype

args

ret_expr

fp_ret_expr

likes(other)

property bits

property size

property verbose_op

property op

replace(old_expr, new_expr)

copy()

class ailment.statement.Return(*args, **kwargs)

Bases: Statement

Return statement: (return expr_a), (return)

__init__(idx, ret_exprs, **kwargs)

ret_exprs

likes(other)

replace(old_expr, new_expr)

copy()

class ailment.statement.DirtyStatement(*args, **kwargs)

Bases: Statement

Wrapper around the original statement, which is usually not convertible (temporarily).

__init__(idx, dirty_stmt, **kwargs)

dirty_stmt

copy()

Return type:

DirtyStatement

class ailment.statement.Label(idx, name, ins_addr, block_idx=None, **kwargs)

Bases: Statement

A dummy statement that indicates a label with a name.

__init__(idx, name, ins_addr, block_idx=None, **kwargs)

Parameters:

• name (str) –

• ins_addr (int) –

• block_idx (int | None) –

name

ins_addr

block_idx

likes(other)

Parameters:

other (Label) –

copy()

Return type:

Label

Misc. Things

class ailment.block.Block(addr, original_size, statements=None, idx=None)

Bases: object

Describes an AIL block.

Parameters:

statements (List[Statement]) –

__init__(addr, original_size, statements=None, idx=None)

addr

original_size

statements: List[Statement]

idx

copy(statements=None)

dbg_repr(indent=0)

likes(other)

class ailment.manager.Manager(name=None, arch=None)

Bases: object

Parameters:

name (str | None) –

__init__(name=None, arch=None)

Parameters:

name (str | None) –

next_atom()

reset()

property ins_addr: int | None

class ailment.tagged_object.TaggedObject(*args, **kwargs)

Bases: object

A class that takes arbitrary tags.

__init__(idx, **kwargs)

idx

initialize_tags(tags)

property tags: Dict

ailment.utils.get_bits(expr)

Return type:

Optional[int]

Parameters:

expr (int | Expression) –

ailment.utils.stable_hash(t)

Return type:

int

Parameters:

t (Tuple) –

ailment.utils.is_none_or_likeable(arg1, arg2, is_list=False)

Returns whether two things are both None or can like each other