AboutPublicationsProjectsBlogContact

Edward J. Schwartz

Computer Security Researcher

Notes: Neural Decompiler Artifacts
Edward J. SchwartzComputer Security Researcher2 min. read
notes
research
decompilation

Can existing neural decompiler artifacts be used to run on a new example? Here are some notes on the current state of the art. I assign each decompiler a score from 0 to 10 based on how easy it is to use the publicly available artifacts to run on a new example.

SLaDe: 2/10

SLaDe has a publicly released replication artifact but there are several problems that prevent it from being used on new examples:

  1. The models are trained on assembly code produced from compilers rather than disassemblers. This is probably minor.
  2. More problematically, SLaDe uses IO testcases during beam search to help detect the best candidate. It can be used without these, but the results will be worse. SLaDe does not contain a mechanism for producing testcases for new examples.

Below is a quote from a private conversation with the author:

You are right that IO are somehow used to select in the beam search, in the sense that we report pass@5. They are not strictly required to get the outputs though.

The link you sent is for the program synthesis dataset. In this one, IO generation was programmatic but still kind of manual, I don't think it would be feasible to automatically generate the props file in the general case. For the Github functions, we have a separate repo that automatically generates IO tests, but those are randomly generated and the quality depends on each case. If I had to redo now, I would ask an LLM to generate unit tests! I can give you access to the private repo we used to automatically generate the IO examples for the general case if you wish, but now I'd do it with LLMs rather than randomly.

LLM4Decompile: 9/10

LLM4Decompile has published model files on HuggingFace that can easily be used to run on new examples. I created a few HuggingFace Spaces for testing.

resym: 2/10

resym has a publicly released replication artifact. Unfortunately, as of February 2025, the artifact is missing the "prolog-based inference system for struct layout recovery" which is the key contribution of the paper. Thus it is not possible to run resym on new examples.

DeGPT: 8/10

DeGPT has a publicly released GitHub repository. I'm largely going on memory, but I used it previously on new examples and it was relatively easy to use. I did have to file a few PRs though.

Tags
EVs (1)
adventofcode (3)
ai (2)
ansible (1)
binary analysis (1)
bluesky (1)
bqn (1)
cars (1)
decompilation (1)
dogs (1)
fostering (1)
fuzzing (2)
ghidra (1)
home (1)
linux (5)
llm (2)
notes (3)
notion (1)
papers (5)
personal (1)
pharos (3)
profiling (1)
programming (5)
prolog (1)
publications (4)
quick thoughts (2)
rescue (1)
research (7)
reverse engineering (2)
rust (2)
skiing (2)
talks (2)
travel (1)
ubuntu (2)
web (3)

Powered with by Gatsby 5.0