Raimar Falke's Diploma Thesis is written in German. For English readers, I have translated the final section using Google's translation facility and some hand editing.

It strikes me that natural language translation is at a somewhat equivalent stage as decompilation: automatic translators exist, and you can get a sense of the original text, sometimes clearly, at other times quite muddled. Often hand editing is required to produce a clean translation. The automatic translator is useful despite its low quality, because at least initially, you have very little idea of what the input text means.

-- MikeVanEmmerik - 13 Jan 2005

5 Summary and Conclusion

In this paper a type analysis system for a decompiler was presented. Characteristics were defined, which contain all type-relevant information about the examined program. Furthermore a multiplicity of possibilities of the user were modelled for influencing the type analysis. The presented type system supports the complex types field, group, sum beside integers and pointers. To model sum types used around conflicts. The presented methods for the recognition of fields work at all compiler optimizations up to level two (loop unrolling and loop collapsing).

Multidimensional field types, classes, floating-point numbers, 64-Bit variables, enumerated types and bit fields were not considered in this paper. These types offer challenges for the future. A procedure which measures the quality of the extraction of type-relevant information and the type reconstruction, would also be useful. Without this, one cannot formally measure the quality of a type analysis . A graphical interface for the input of the user instructions would simplify the use of the decompiler.

With the help of clone detection, it would be possible to recognise compiler optimisations such as loop unrolling, and also improve statements relating to field parameters. As became evident, aliases limit the decompiler in many ways. This can be improved by the employment of an alias analysis component. The compiler puts more information down for debugging in the examined program. Also the use of these information is a possible resuming task. Harmful programs such as worms and viruses are partially polymorphic, i.e. they change their form (e.g. the sequence of assembler instructions) during their propagation. It would be interesting to find out to what extent these transformations are still visible after decompilation.

CategoryDecompilation

Revision: r1.1 - 13 Jan 2005 - 08:33 - MikeVanEmmerik
Copyright © 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback