Raimar Falke's
Diploma Thesis is written in German.
For English readers, I have translated the final section using
Google's translation facility and some hand editing.
It strikes me that natural language translation is at a somewhat equivalent stage as decompilation:
automatic translators exist, and you can get a sense of the original text, sometimes clearly,
at other times quite muddled. Often hand editing is required to produce a clean translation.
The automatic translator is useful despite its low quality, because at least initially,
you have very little idea of what the input text means.
--
MikeVanEmmerik - 13 Jan 2005
5 Summary and Conclusion
In this paper a type analysis system for a decompiler was presented.
Characteristics were defined, which contain all type-relevant information
about the examined program. Furthermore a multiplicity of possibilities
of the user were modelled for influencing the type analysis. The presented
type system supports the complex types field, group, sum beside integers
and pointers. To model sum types used around conflicts. The presented
methods for the recognition of fields work at all compiler optimizations
up to level two (loop unrolling and loop collapsing).
Multidimensional field types, classes, floating-point numbers,
64-Bit variables, enumerated types and bit fields were not considered in this paper.
These types offer challenges for the future. A procedure which measures
the quality of the extraction of type-relevant information and the type
reconstruction, would also be useful. Without this, one cannot formally measure the quality of a type analysis .
A graphical interface for the input of the user instructions would simplify
the use of the decompiler.
With the help of clone detection, it would be
possible to recognise compiler optimisations such as loop unrolling, and also improve
statements relating to field parameters. As became evident, aliases
limit the decompiler in many ways. This can be improved by the employment
of an alias analysis component.
The compiler puts more information down for debugging in the examined program.
Also the use of these information is a possible resuming task.
Harmful programs such as worms and viruses are partially
polymorphic, i.e. they change their form (e.g. the sequence of assembler instructions)
during their propagation. It would be interesting to find out to what extent these
transformations are still visible after decompilation.
CategoryDecompilation