Type-Based Decompilation (or Program Reconstruction via Type Reconstruction)

Authors:
Alan Mycroft
Affiliations:
-
Venue:
ESOP '99 Proceedings of the 8th European Symposium on Programming Languages and Systems
Year:
1999

Citing 7
Cited 5

Efficiently computing static single assignment form and the control dependence graph

ACM Transactions on Programming Languages and Systems (TOPLAS)
Effect systems with subtyping

PEPM '95 Proceedings of the 1995 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
From system F to typed assembly language

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The design and implementation of a certifying compiler

PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Using Informal and Formal Techniques for the Reverse Engineering of C Programs

ICSM '96 Proceedings of the 1996 International Conference on Software Maintenance
Correcting Errors in the Curry System

Proceedings of the 16th Conference on Foundations of Software Technology and Theoretical Computer Science
BCPL: The Language and its Compiler

BCPL: The Language and its Compiler

Typestate Checking of Machine Code

ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Using information obtained in the course of program execution for improving the quality of data type reconstruction in decompilation

Programming and Computing Software
Analysis of low-level code using cooperating decompilers

SAS'06 Proceedings of the 13th international conference on Static Analysis
Theory propagation and rational-trees

Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
Obfuscation resilient binary code reuse through trace-oriented programming

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a system which decompiles (reverse engineers) C programs from target machine code by type-inference techniques. This extends recent trends in the converse process of compiling high-level languages whereby type information is preserved during compilation. The algorithms remain independent of the particular architecture by virtue of treating target instructions as register-transfer specifications. Target code expressed in such RTL form is then transformed into SSA form (undoing register colouring etc.); this then generates a set of type constraints. Iteration and recursion over data-structures causes synthesis of appropriate recursive C structs; this is triggered by and resolves occurs-check constraint violation. Other constraint violations are resolved by C's casts and unions. In the limit we use heuristics to select between equally suitable C code--a good GUI would clearly facilitate its professional use.