Roadmap
Where we are, where want to go
Building a decompiler is a big endeavour. Follow our latest advancements and the plan for the months to come towards the 1.0 release.
Tier 2: Closed beta (part 1)
Adopt new Hub frontend
Dismiss the old Web 1.0 Hub frontend in favor of the new Next.js-based Hub frontend.
Tier 2 Public Relations
Publish the new website, release a blog post, send newsletter, write tutorial for Tier 2 participants.
No timeouts/crashes on selected binaries
Make sure we can run the whole pipeline on a predetermined set reasonably-sized x86-64 Linux binaries without crashes and within a reasonable time frame.
Perform in-depth QA on `hostname`
Make sure the hostname binary is decompiled in a sensible way.
Tier 2.5: Closed beta (part 2)
UI quickies
Quick but important improvements to the UI
Implement performance assessment
Implement logic to assess our performance compared to other tools.
Clift backend
Implement a the new C backend, using our custom Clift MLIR Dialect to generate decompiled code.
Adapt variable producers
Migrate all the passes of the old decompilation pipeline to use LLVM alloca/load/store to represent C local variables. This is preliminary work for the new Clift-based C backend.
Clifter
Implement LLVM-to-Clift conversion for the new C decompilation backend.
Handle all the forms of memcpy
Ensure we emit memcpy gracefully for all the various architectures we support.
Comments in function's body
Enable users to input comments associated to a specific instruction of the program and show it in both the decompiled code and the disassembly.
Mass testing
Test on a massive amount of binaries and promote binaries that are decompiled without crashes and withing a reasonable time frame to the regression suite.
Implicit conversions
Detect and remove casts that in C would be implicit. This will significantly reduce the number of casts the user sees in the decompiled code.
EFA QA
Perform Quality Assurance on EFA results on a vast number of functions with a diverse set of arguments and return values.
Push variable declarations ALAP
In decompiled C code, make sure we declare local variables as late as possible.
Primitives inlining
Change the model layout so that primitive types (e.g., uint32_t) are defined inline, instead of having an entry in model::Binary::Types.
EFA4
Implement the 4th version of Early Function Analysis, which will significantly improve detection of register-based arguments and return values.
Invalidation logic
Implement the logic to detect what artifacts needs to be recomputed, instead of recomputing everything at every change.
Documentation
Provide public documentation of the model, the CLI and our Python/TypeScript wrappers.
Declutter the UI
Make the necessary changes to VSCode to remove everything that's not strictly necessary for our use case.
Tier 3: Open beta (part 1)
Emit segment references at lift time
Right now we turn literal integers into references to segments rather late in the pipeline. We need to anticipate that and make the new MLIR-based backend aware of them.
Improve handling of tail calls
We need to properly handle tail calls. Right now, the target of the tail call is considered to be part of the caller.
New backend: comments and local names
Enable the new MLIR-based backend to apply user-provided names to local variables and to insert user-provided comments.
New backend: emit headers
Make the new MLIR-based backend emit the C headers for the decompiled code, which mainly contain types and globals.
Minimal error reporting in UI
Ensure we have a minimal error reporting when editing types or the model directly.
Switch to clift backend
Drop the old C backend emitting text directly with the one based on our MLIR dialect, clift.
Scope-inducing transformations
Implement a set of transformations of the CFG to detect loops and nested scopes.
Adopt alias analysis in SwitchToStatements
Inform the Clift-based C decompilation pipeline that the stack frame does not alias other memory, to avoid redundant accesses to it in decompiled C code.
EmitFieldAccesses
Transform integer arithmetic into field accesses expression in the new Clift-based C backend.
New backend: optimizations
Improve C emission in the new MLIR-based backend: fold &*, fold *&, two's complement arithmetic normalization, remove empty branches of if-statements, hide implicit casts, match advanced loops (while, do-while), handle noreturn.
Initial auto-analyses twice
We need to be able to run the analysis pipeline twice without crashing.
Rebase QEMU
Rebase QEMU to the latest version. This will enable us to support additional architectures and start working on for proper floating point support.
Preserve debug info
Review the decompilation pipeline to ensure that debug information, which we use to trace decompiled code back to assembly instructions, are preserved as much as possible. This ensure we don't lose the link between decompiled code and assembly in most situations.
Drop kinds
Get rid of kinds from revng-pipeline.
Collaboration QA
Ensure collaboration works smoothly.
Hub: expose snippets
Implement in Hub a feature to embed decompiled code snippets.
Rename local variables
Enable users to customize local variable names.
Reorganize repositories
Merge the revng and revng-c repositories.
revng-pypeline
Implement a more git-like CLI for revng and move most of the revng-pipeline logic to Python.
Python client
Implement a dev-friendly Python library to interact with revng-daemon's GraphQL API.
Detect strings
Add analysis to detect string literals in segments.
Tier 3.5: Open beta (part 2)
Detect `memcpy` and similar functions
We need to identify parts of functions that implement memcpy, strcpy and so on and outline them in a separate functions.
Change types of local variables
Enable users to customize the type of local variables displayed in the decompiled C code.
Literals formatting
Enable users to customize how a constant value is displayed in the decompiled code (e.g., hexadecimal vs decimal).
Improve error reporting in type editor
The type editor should report in a nice way errors in parsing, translation to the model or when validating the model.
Improve model editing error reporting
Ensure that when the user makes changes to the model, in case of error, we report errors in a nice way.
Push register argument detection to bits
Improve register argument detection by reasoning at bit-level as opposed to register-level.
Upgrade LLVM
We need to update the LLVM version we're based on. This will enables us to use all the new MLIR features and get rid of tecnical debt.
DLA2
Design and implement the second version of Data Layout Analysis (DLA).
All analyses should import model
Some analysis are currently designed to be run only once. We need to upgrade them to be able to incrementally improve the model given its current state.
Find references to global variables
Add support for the UI to enumerate all the uses of a global variable, specifically a field of a struct describing a segment.
`goto` optimization
Implement algorithm for reducing the number of emitted gotos, with heuristic for preventing excessive code duplication.
VMA2
Implement type propagation within the body of a function.
Tackle stack slot reuse
Devise a way to handle stack slot being used in different ways across the body of a function. Core idea: promote to SSA value.
CRUD all model parts in UI
In the UI we need to provide a way to create, edit and remove types, functions, segments and so on.
Model verify on the client
Enable the VSCode client to verify the model without making a remote request. This ensures that the user can make interactive changes and immediately have a feedback if the changes are valid or not.
Find references to `struct` field
Make sure the UI can perform backward navigation even between references that are not available in the call graph. This might require to materialize all artifacts in background.
Perform QA on various architectures
We need to fix platform-specific issues, bug and limitations that pop up on architectures that have not gone through QA yet.
Support variadic arguments
Implement support for variadic arguments for the various ABIs we support.
Floating point support
Improve support for floating point instruction and data types.
HexView
Implement a basic hexadecimal view.
Segment with designated initializers
In the C view, show segments as global variables using C's designated initializers.
Support multiple binaries
Make sure a single project can handle multiple projects. Also, switch to record hashes of binaries in the model, instead of asking the user to provide it.
Inlining
The Inline attribute of model::Function has known limitations. Make sure we can inline any function.
Implement undo/redo
Implement the undo/redo feature.
Decompilation headers QA
Cleanup the C headers we emit.
Strings view
Implement a simple view to show all the strings we detected in the binary.
DLA: import model + subgraph
Ensure DLA can import existing model information and can correctly run on a portion of the call graph. This will enable us to re-run DLA after the initial analysis.
Tier 4: 1.0 release
Artifacts doc
Document in detail what users can expect to find in each artifact.
Detection of well-known static libraries
Automatically detect functions that belong to a well-known static library such as OpenSSL.
Import C headers
Make sure we can import a C header into the model. Core idea: compile the header with debug info, and then import via DWARF importer.
ConvertToCABI QA
Perform Quality Assurance on the result of converting RawFunctionTypes to CABIFunctionTypes.
Background artifacts production
Implement logic to asynchronously produce artifacts in background.
Patches raw bytes in model
Add support for patching the binary from the model.
Metaview
Implement a view that shows, as a single document, the whole binary.
Shop
Implement an online shop to buy subscriptions/licenses.
Import stack frames from DWARF
Exploit information in DWARF debug info to automatically populate the stack frame of functions.
Register to the UI closed beta!
Want to try the UI? We're now inviting people on a FIFO basis.