[OT] Type inference propagation.


This is in the context of a decompiler going from ASM to LLVM IR.

1) Type inference propagation (TIP).
When registers are converted to SSA form, they are called "labels".
In order to get from ASM to LLVM IR, we need to know if labels are
pointers or not.
Also, we need to know the bit width of labels.
We need this so that we can make calls to the LLVM IR builder.
If anyone can help me in this area I would appreciate it.

So, are there any documents or existing algorithms to help in this area.
The problems I come across are problems with the solution not always converging.
I.e. label X is type A if you follow some dependencies, and type B if
you follow others.
Or there are dependency loops.

Kind Regards


The general state of the art for type recovery is TIE (http://moflow.org/ref/TIE%20-%20Principled%20Reverse%20Engineering%20of%20Types%20in%20Binary%20Programs.pdf), although there's been a more recent citation that seems to have slightly better results that I haven't digested yet (http://dl.acm.org/citation.cfm?id=2462165).