Fix how original_size and addr are treated for Fake AIL Blocks

[mahaloz]

Description

After debugging some code that flowed through to_ail_supergraph, it became clear that this line is causing problems:

angr/angr/analyses/decompiler/utils.py

Line 301 in b0396c9

if (type_ == "fake_return") or (src.addr + src.original_size == dst.addr):

For completely normal AIL nodes (ones converted from Vex and untouched), this is a sane check. However, in the case of AIL nodes that have been created, this check fails. Any of the DUPLICATING optimizations, can create new nodes:

angr/angr/analyses/decompiler/optimization_passes/cross_jump_reverter.py

Line 99 in b0396c9

cp = copy.deepcopy(goto_blk)

At first, I thought you course just set original_size=None, and then do a special check in to_ail_supergraph, but this causes crashes elsewhere.

In summary, angr is not positioned to handle AIL nodes that have either fake addresses or fake sizes. We need to fix this eventually.

The Fix

1. Introduce a new property to nodes is_fake, meaning the node was created
2. Go through all places that use .addr or .original_size and update them to no longer trust these values

Steps to reproduce the bug

No response

Environment

No response

Additional context

No response