An Evaluation of Current Java Bytecode Decompilers

Hamilton, James; Danicic, Sebastian

doi:10.1109/scam.2009.24

Cited by 21 publications

(29 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We evaluate eight recent and notable decompilers on code produced by two different compilers. This study is at least one order of magnitude larger than the related work [8], [9]. Our results are important for different people: 1) for all users of decompilation, our paper shows significant differences between decompilers and provide well-founded empirical evidence to choose the best ones; 2) for researchers in decompilation, our results shows that the problem is not solved, and we isolate a subset of 157 Java classes that no state-of-the-art decompiler can correctly handle: 3) for authors of decompilers, our experiments have identified bugs in their decompilers (2 have already been fixed, and counting) and our methodology of semantic equivalence modulo inputs can be 1 embedded in the QA process of all decompilers in the world.…”

Section: Introductionmentioning

confidence: 75%

“…In order to get a set of real world Java projects to evaluate the eight decompilers, we reuse the set of projects of Pawlak and colleagues [21]. To these 13 projects we added a fourteenth one named DcTest made out of examples collected from previous decompiler evaluations [8], [9]. 6 Table II shows a summary of this dataset: the Java version in which they are written, the number of Java source files, the number of unit tests as reported by Apache Maven, and the number of Java lines of code in their sources.…”

Section: Study Subjectsmentioning

confidence: 99%

See 1 more Smart Citation

The Strengths and Behavioral Quirks of Java Bytecode Decompilers

Harrand

Soto-Valero

Monperrus

et al. 2019

2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM)

View full text Add to dashboard Cite

During compilation from Java source code to bytecode, some information is irreversibly lost. In other words, compilation and decompilation of Java code is not symmetric. Consequently, the decompilation process, which aims at producing source code from bytecode, must establish some strategies to reconstruct the information that has been lost. Modern Java decompilers tend to use distinct strategies to achieve proper decompilation. In this work, we hypothesize that the diverse ways in which bytecode can be decompiled has a direct impact on the quality of the source code produced by decompilers.We study the effectiveness of eight Java decompilers with respect to three quality indicators: syntactic correctness, syntactic distortion and semantic equivalence modulo inputs. This study relies on a benchmark set of 14 real-world open-source software projects to be decompiled (2041 classes in total).Our results show that no single modern decompiler is able to correctly handle the variety of bytecode structures coming from real-world programs. Even the highest ranking decompiler in this study produces syntactically correct output for 84% of classes of our dataset and semantically equivalent code output for 78% of classes.

show abstract

Section: Introductionmentioning

confidence: 75%

Section: Study Subjectsmentioning

confidence: 99%

The Strengths and Behavioral Quirks of Java Bytecode Decompilers

Harrand

Soto-Valero

Monperrus

et al. 2019

2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM)

View full text Add to dashboard Cite

show abstract

“…In this work we present a software watermarking mechanism that can be inserted at the assembly level and that is especially useful for embedded applications. Most software watermarking mechanisms need either the software code to detect the watermark [4] or access to the memory structure during execution [7] [2]. However, in the embedded environment it is not easy to access the suspected code because in many cases, especially in those systems where code copying is a relevant threat, the memory is protected from unauthorized read operations.…”

Section: Introductionmentioning

confidence: 99%

“…However, in the embedded environment it is not easy to access the suspected code because in many cases, especially in those systems where code copying is a relevant threat, the memory is protected from unauthorized read operations. Another drawback of many previously proposed methods is that they have proven to be not very robust against code-transformation attacks [4]. In [4] every tested static software watermark mechanism was successfully removed using standard code-transformation software.…”

Section: Introductionmentioning

confidence: 99%

“…Another drawback of many previously proposed methods is that they have proven to be not very robust against code-transformation attacks [4]. In [4] every tested static software watermark mechanism was successfully removed using standard code-transformation software. Our This work was supported by the NSF Grants 0916854, 0964641, and 0923313.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Side-channel watermarks for embedded software

Becker

Burleson

Paar

2011

2011 IEEE 9th International New Circuits and Systems Conference

View full text Add to dashboard Cite

Abstract-In this paper we introduce a new software watermarking mechanism for the embedded environment. The newly proposed software watermarking mechanism can be added at the assembly level and hides the watermark in the power consumption of the device. By using side-channel analysis techniques, the verifier can reliably detect his watermark in the power traces of the device. This new approach is especially well suited for embedded microcontrollers that have program memory protection. In comparison to other software watermark mechanisms a verifier does not need to have access to the software code or data memory to detect the watermark. This makes the detection of the watermarks very efficient for embedded applications in which access to the program code or data memory is very restricted. Our watermark method can therefore serve as a very easy and cost efficient way to detect software theft for embedded applications.

show abstract

Modular Transformation of Java Exceptions Modulo Errors

Rubbens

Lathouwers

Huisman

2021

Formal Methods for Industrial Critical Systems

View full text Add to dashboard Cite

Deductive verifiers are used more and more in both academia and industry to prevent costly bugs. Their capabilities of verifying concurrent programs are getting better, but they are still lagging behind with regard to many major programming language features such as exceptions. To improve the situation, this work presents a semantics of Java exceptions which reduces the annotation burden on the user, while still allowing verification of exceptions. This is accomplished by ignoring sources of errors which are irrelevant to functional verification. Additionally, to deal with the complex control flow introduced by finally, a transformation is proposed that simplifies verification of exceptional postconditions and finally into postconditions and goto. We implement the approach and evaluate it against several common exception patterns.

show abstract

An Evaluation of Current Java Bytecode Decompilers

Cited by 21 publications

References 13 publications

The Strengths and Behavioral Quirks of Java Bytecode Decompilers

The Strengths and Behavioral Quirks of Java Bytecode Decompilers

Side-channel watermarks for embedded software

Modular Transformation of Java Exceptions Modulo Errors

Contact Info

Product

Resources

About