The artifact will only operate on later stages of the decompilation pipeline. Give a brief introduction of this phase to give a complete overview.

Depends on issue #76.

Prerequisite for issue #17.

LLVM Bitcode File Format

Use the Clang compiler to produce test cases, as it is capable of emitting LLVM IR from C source code. The goal will be to reconstruct the high-level control flow structures (such as for-loops, if-else statements, etc) of the original C code from the LLVM IR.

Prerequisite for issue #22.

Depends on issue #76.

The project artifacts will be contained within the following three organizations:

• mewrev: Decompilation components and tools.
• mewlang: LLVM IR components.
• mewpaper: Project report.

Depends on issue #83.

The component will identify high-level control structures using control flow analysis of LLVM IR. Through pattern matching the properties of high-level control structures would be identified in a Control Flow Graph of the LLVM IR.

TODO: Split the task into sub-tasks and allocate time to them.

Design a decompilation system composed of individual components and based on the principle of separation of concerns. The system must be language-agnostic so that decompilation passes can be reused from other programming language environments.

Attempt to find flaws in the design by stress testing it through proof of concept implementations.

Engage in discussions with the open source community during the design process of any library intended for third party use; specifically the LLVM IR libraries.

• Add test cases to ensure the reliability of the LLVM IR bitcode parser as it has to be accurate.
• Create round-trip test cases which reads an LLVM IR bitcode file, stores it, and reads it back again. The IR of the two reads should be identical.
• Add similar test cases for the human readable assembly language representation of LLVM IR.

Project Plan

• Issue #17 - Introduction
• Issue #22 - Literature Review
• Issue #35 - Related Work
• Issue #49 - Methodology
• Issue #48 - Requirements (MUST)
• Issue #55 - Design (MUST)
• Issue #60 - Implementation (MUST)
• Issue #116 - Verification
• Issue #64 - Evaluation (MUST)
• Issue #69 - Conclusion

• Issue #121 - LLVM IR Library
• Issue #122 - Structural Analysis Library
• Issue #123 - Structural Analysis Tool

Depends on issue #81.

Prerequisite for issue #35.

The current report structure is being tracked by issue #3.

S. Moll, Decompilation of LLVM IR. BSc thesis, Saarland University, 2011.

• Issue #19 - Project Aim and Objectives
• Issue #20 - Deliverables
• Issue #21 - Disposition

The artifact will only operate on later stages of the decompilation pipeline. Give a brief introduction of this phase to give a complete overview.

Depends on issue #76.

Prerequisite for issue #35.

Depends on issue #16 and #76.

• Issue #36 - Native Code to LLVM IR
  • Issue #46 - Dagger
  • Issue #90 - MC-Semantics
• Issue #45 - Hex-Rays Decompiler

Brainstorm about additional decompilation steps. Identify structural patterns in the low-level IR which conveys information about the high-level semantics.

• Patterns of incrementation instructions, conditional jumps, and unconditional jumps may be represented as for loops using initialization, condition, and post statements.
• Jumps to offsets specified by branch tables may represent switch statements.
• Increments and decrements of the stack pointer register may indicate function prologues and epilogues respectively; which conveys information about local variables.

Prerequisite for issue #22.

Prerequisite for issue #22.

Depends on issue #82.

The artifact will only operate on later stages of the decompilation pipeline. Give a brief introduction of this phase to give a complete overview.

Depends on issue #76.

• Issue #115 - Abstract
• Issue #17 - Introduction
  • Issue #19 - Project Aim and Objectives
  • Issue #20 - Deliverables
  • Issue #21 - Disposition
• Issue #22 - Literature Review
  • Issue #87 - The Anatomy of an Executable
  • Issue #28 - Decompilation Phases
    • Issue #86 - Binary Analysis
    • Issue #29 - Disassembly
    • Issue #34 - Control Flow Analysis
  • Issue #23 - Evaluation of Intermediate Representations
    • Issue #25 - REIL
    • Issue #26 - LLVM IR
• Issue #35 - Related Work
  • Issue #36 - Native Code to LLVM IR
    • Issue #46 - Dagger
    • Issue #90 - MC-Semantics
  • Issue #45 - Hex-Rays Decompiler
• Issue #49 - Methodology
  • Issue #125 - Operational Prototyping
    • Issue #50 - Throwaway Prototyping
    • Issue #124 - Evolutionary Prototyping
  • Issue #53 - Continuous Integration
• Issue #48 - Requirements
  • Issue #121 - LLVM IR Library
  • Issue #122 - Control Flow Analysis Library
  • Issue #123 - Control Flow Analysis Tool
• Issue #55 - Design
  • Issue #59 - System Architecture
  • Issue #58 - Front-end Components
    • Issue #128 - Native Code to LLVM IR
    • Issue #129 - Compilers
  • Issue #57 - Middle-end Components
    • Issue #130 - Control Flow Graph Generation
    • Issue #131 - Control Flow Analysis
  • Issue #56 - Back-end Components
    • Issue #133 - Post-processing
• Issue #60 - Implementation
  • Issue #143 - Language Considerations
  • Issue #144 - LLVM IR Library
  • Issue #152 - Go Bindings for LLVM
  • Issue #146 - Subgraph Isomorphism Search Library
  • Issue #61 - Documentation
• Issue #116 - Verification
  • Issue #134 - Test Cases
    • Issue #135 - Code Coverage
  • Issue #118 - Performance
    • Issue #136 - Profiling
    • Issue #67 - Benchmarks
  • Issue #119 - Security Assessment
  • Issue #120 - Continuous Integration
    • Issue #137 - Source Code Formatting
    • Issue #138 - Coding Style
    • Issue #139 - Code Correctness
    • Issue #140 - Build Status
    • Issue #141 - Test Cases
    • Issue #142 - Code Coverage
• Issue #64 - Evaluation
  • Issue #153 - LLVM IR Library
    • Issue #159 - Essential Requirements
    • Issue #160 - Desirable Requirements
  • Issue #154 - Control Flow Analysis Library
    • Issue #161 - Essential Requirements
    • Issue #162 - Important Requirements
    • Issue #163 - Desirable Requirements
  • Issue #155 - Control Flow Analysis Tool
    • Issue #164 - Essential Requirements
• Issue #69 - Conclusion
  • Issue #70 - Project Summary
  • Issue #68 - Future Work
    • Issue #156 - Design Validation
    • Issue #157 - Reliability Improvements
    • Issue #158 - Extended Capabilities
  • Issue #72 - Personal Development
  • Issue #73 - Final Thoughts

Prerequisite for #49.

Prerequisite for issue #17.

The artifact will only operate on later stages of the decompilation pipeline. Give a brief introduction of this phase to give a complete overview.

Depends on issue #76.

Investigate which Continuous Integration services to use for:

• 2014-09-21: build status for commits and pull requests (SUCCESS/FAILURE)
• 2014-09-21: test cases (PASS/FAIL)
• 2014-09-21: code coverage (percentage)
• benchmarks? (percentage delta)

Develop libraries for interacting with LLVM IR; in each of its three forms. These components will be fundamental for the project as all decompilation phases build upon its Intermediate Representation. Therefore the data structure of the LLVM IR has to be chosen with careful consideration. Research idiomatic data structures and experiment until it feels just right.

Prerequisite for issue #35.

Depends on issue #76.

• Issue #87 - The Anatomy of an Executable
• Issue #28 - Decompilation Phases
  • Issue #86 - Binary Analysis
  • Issue #29 - Disassembly
  • Issue #34 - Control Flow Analysis
• Issue #23 - Evaluation of Intermediate Representations
  • Issue #25 - REIL
  • Issue #26 - LLVM IR

The following theses, papers, and online references will be included in the literature review:

• Issue #76 - C. Cifuentes, Reverse Compilation Techniques. PhD thesis, Queensland University of Technology, 1994.
• Issue #80 - I. Guilfanov, Decompilers and beyond. Black Hat USA, 2008.
• Issue #16: S. Moll, Decompilation of LLVM IR. BSc thesis, Saarland University, 2011.
• Issue #81 - L. Ďurfina, J. Křoustek, P. Zemek, D. Kolář, T. Hruška, K. Masařík, and A. Meduna, Design of a retargetable decompiler for a static platform-independent malware analysis, in Information Security and Assurance (pp. 72-86), Springer, 2011.
• Issue #82 - G. Chen, Z. Qi, S. Huang, K. Ni, Y. Zheng, W. Binder, and H. Guan, A refined decompiler to generate C code with high readability, Software: Practice and Experience, vol. 43, no. 11, pp. 1337-1358, 2013.
• Issue #83 - K. Yakdan, S. Eschweiler, and E. Gerhards-Padilla, REcompile: A Decompilation Framework for Static Analysis of Binaries, in MALWARE'13, pp. 95-102, IEEE, 2013.
• Issue #75 - LLVM Language Reference Manual.
• Issue #13 - LLVM Bitcode File Format.

The following theses, papers, and online references have been marked as future ambitions:

• Issue #77 - A. Mycroft, Type-Based Decompilation, in 8th European Symposium on Programming, ESOP'99, pp. 208–223, Springer-Verlag, 1999.
• Issue #78 - M. J. Van Emmerik, Static Single Assignment for Decompilation. PhD thesis, The University of Queensland, 2007.
• Issue #79 - T. Durden, Automated vulnerability auditing in machine code, Phrack Magazine, vol. 64, 2007.

Depends on issue #76.

Prerequisite for issue #17.

The tools will be reusable by other programming language environments as their input and output is specified by a formally defined IR.

Depends on issue #78.

Depends on issue #80.

Search for relevant literature related to decompilation, and its key concepts and algorithms. Add located resources to issue #2.

• Issue #125 - Operational Prototyping
  • Issue #50 - Throwaway Prototyping
  • Issue #124 - Evolutionary Prototyping
• Issue #53 - Continuous Integration