Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Analysis of Low-Level Code Using Cooperating Decompilers

Bor-Yuh Evan Chang, Matthew Thomas Harren and George Necula

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2006-86
June 10, 2006

http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-86.pdf

Analysis or verification of low-level code is useful for minimizing the disconnect between what is verified and what is actually executed and is necessary when source code is unavailable or is, say, intermingled with inline assembly. We present a modular framework for building pipelines of cooperating decompilers that gradually lift the level of the language to something appropriate for source-level tools. Each decompilation stage contains an abstract interpreter that encapsulates its findings about the program by translating the program into a higher-level intermediate language. We provide evidence for the modularity of this framework through the implementation of multiple decompilation pipelines for both x86 and MIPS assembly produced by gcc, gcj, and coolc (a compiler for a pedagogical Java-like language) that share several low-level components. Finally, we discuss our experimental results that apply the BLAST model checker for C and the Cqual analyzer to decompiled assembly.


BibTeX citation:

@techreport{Chang:EECS-2006-86,
    Author = {Chang, Bor-Yuh Evan and Harren, Matthew Thomas and Necula, George},
    Title = {Analysis of Low-Level Code Using Cooperating Decompilers},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2006},
    Month = {Jun},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-86.html},
    Number = {UCB/EECS-2006-86},
    Abstract = {Analysis or verification of low-level code is useful for minimizing the disconnect between what is verified and what is actually executed and is necessary when source code is unavailable or is, say, intermingled with inline assembly.  We present a modular framework for building pipelines of cooperating decompilers that gradually lift the level of the language to something appropriate for source-level tools. Each decompilation stage contains an abstract interpreter that encapsulates its findings about the program by translating the program into a higher-level intermediate language.  We provide evidence for the modularity of this framework through the implementation of multiple decompilation pipelines for both x86 and MIPS assembly produced by <code>gcc</code>, <code>gcj</code>, and <code>coolc</code> (a compiler for a pedagogical Java-like language) that share several low-level components.  Finally, we discuss our experimental results that apply the BLAST model checker for C and the Cqual analyzer to decompiled assembly.}
}

EndNote citation:

%0 Report
%A Chang, Bor-Yuh Evan
%A Harren, Matthew Thomas
%A Necula, George
%T Analysis of Low-Level Code Using Cooperating Decompilers
%I EECS Department, University of California, Berkeley
%D 2006
%8 June 10
%@ UCB/EECS-2006-86
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-86.html
%F Chang:EECS-2006-86