Home

Surveys
Transformation
Reengineering
DSL
Domain Engineering
Decompilation
Generative Progr.

Collections
Categories
Systems
Conferences
People
Companies
Papers

Page

Web

Wiki

Decompilation Boomerang

Program-Transformation.Org: The Program Transformation Wiki

The Boomerang Decompiler and Tests

Boomerang is an attempt at a complete, retargetable decompiler, released under a BSD style (open source) license.

Introduction

It is intended to be highly modular, so that different parts of the decompiler can be replaced with experimental modules. It will be interactive, a la IDA Pro, because some things (not just variable names and comments, though these are obviously very important) require expert intervention.

As of February 2003, there is code that can be downloaded (CVS only; nothing will be released for many months). It's now at the stage where it can decompile correctly some small Pentium and SPARC programs. The very slow data flow analysis has been sped up dramatically. There is code for parameter analysis.

The SourceForge page is http://boomerang.sourceforge.net.

Tests

Fibo

The original source code for Fibo is: 
#include 
int fib (int x)
{
        if (x > 1)
                return (fib(x - 1) + fib(x - 2));
        else return (x);
}
int main (void)
{       int number, value;

        printf ("Input number: ");
        scanf ("%d", &number);
        value = fib(number);
        printf("fibonacci(%d) = %d\n", number, value);
        return (0);
}
As of early Febuary 2003, this is the output from Boomerang: 
int main() {
        printf("Input number: ") ;
        scanf("%d", r[14]+-20) ;
        if (*((int*) (r[14]+-20) ) +-1 == 0 ||
((*((int*) (r[14]+-20) ) +-1 >> 31)&0x1) != ((*((int*) (r[14]+-20) )
  >> 31)&0x1)&~((1 >> 31)&0x1)&~((*((int*) (r[14]+-20) ) +-1 >> 31)
&0x1)|~((*((int*) (r[14]+-20) )  >> 31)&0x1)&((1 >> 31)&0x1)&
((*((int*) (r[14]+-20) ) +-1 >> 31)&0x1)) {
                goto L10b18;
        }
        fib(*((int*) (r[14]+-20) ) +-1) ;
        fib(*((int*) (r[14]+-20) ) +-2) ;
L10b18:
        printf("fibonacci(%d) = %d\n", *((int*) (r[14]+-20) ) ,
*((int*) (r[14]+-20) ) ) ;
        return 0;
}

void fib(int arg1) {
        if (arg1+-1 == 0 || ((arg1+-1 >> 31)&0x1) != ((arg1 >> 31)&0x1)&~
((1 >> 31)&0x1)&~((arg1+-1 >> 31)&0x1)|~((arg1 >> 31)&0x1)&((1 >> 31)&0x1)
&((arg1+-1 >> 31)&0x1)) {
                goto L10ac8;
        }
        fib() ;
        fib() ;
L10ac8:
        return ;
}
Boomerang is obviously not ready for Fibo. Obvious problems include the presence of the register r[14], no structuring at all (presence of gotos), no high level comparison operators (such as signed less or equals), lack of actual parameters to fib (in main), lack of reurn value for fib. Good points: the parameters to printf and scanf are largely correct. All the SPARC save and restore semantics are correctly removed.

TwoProc

Here is a program that is more Boomerang's speed right now: 
int proc1(int a, int b) {
    return a + b;
}

int main() {
    printf("%i\n", proc1(3, 4));
}
The Boomerang output is 
void main() {
int local0;
   local0 = proc1(3, 4) ;
   local0 = printf("%i\n", local0) ;
   return ;
}

int proc1(int arg1, int arg2) {
   return arg2+arg1;
}
This code recompiles and runs correctly. Parameters to proc1 are correct, as is its semantics. The paramters to printf are also correct, including the string constant. The only slight blemish is the assignment of the result of printf for local0, which is not used.

The SPARC version decompiles the same, except that main returns an int.

-- MikeVanEmmerik - 04 Jan 2003

CategoryDecompilation

Transform.DecompilationBoomerang moved from Transform.DeCompilationBoomerang on 03 Feb 2003 - 06:50 by MikeVanEmmerik - put it back