Raimar Falke's Diploma Thesis is written in German. For English readers, I have translated the final section using Google's translation facility and some hand editing.

It strikes me that natural language translation is at a somewhat equivalent stage as decompilation: automatic translators exist, and you can get a sense of the original text, sometimes clearly, at other times quite muddled. Often hand editing is required to produce a clean translation. The automatic translator is useful despite its low quality, because at least initially, you have very little idea of what the input text means.

-- MikeVanEmmerik - 13 Jan 2005

5 Summary and Conclusion

In this paper a type analysis system for a decompiler was presented. Characteristics were defined, which contain all type-relevant information about the examined program. Furthermore a multitude of possibilities of the user were modelled for influencing the type analysis. The presented type system supports the complex types array, struct and sum types in addition to integers and pointers. Sum types are used to model conflicts. The presented methods for the recognition of arrays work for all compiler optimizations except two (loop unrolling and loop collapsing).

Multidimensional array types, classes, floating-point numbers, 64-Bit integers, enumerated types and bit fields were not considered in this paper. These types offer challenges for the future. A procedure which measures the quality of the extraction of type-relevant information and the type reconstruction, would also be useful. Without this, one cannot formally measure the quality of a type analysis. A graphical interface for the input of the user instructions would simplify the use of the decompiler.

With the help of clone detection, it would be possible to recognise compiler optimisations such as loop unrolling, and also improve statements relating to array parameters. As became evident, aliases limit the decompiler in many ways. This can be improved by the employment of an alias analysis component. Compilers usually include additional information for debugging in the examined program. Using these information is a also possible task. Harmful programs such as worms and viruses are partially polymorphic, i.e. they change their form (e.g. the sequence of assembler instructions) during their propagation. It would be interesting to find out to what extent these transformations are still visible after decompilation.


CategoryDecompilation

Revision: r1.2 - 13 Jan 2005 - 12:00 - MikeVanEmmerik
Copyright © 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback