Reverse engineering in LLVM

Hello, LLVMers.

I am trying to restore the original HL code from LLVM IR (kinda reverse engineering). There are two main issues for that, control-flow analysis and data-flow analysis. (Thanks to your suggestsions) I have good refereces about the control-flow analysis for structuring conditionals, loops and so on.

However, I have no good idea about data-flow analysis, especially on PHI-functions. It is quite tricky for me to deal with the PHI nodes in LLVM IR in order to restore the original code. I read some reverse engineering thesis but they are a little bit old so don't handle SSA form.

Could you shed some lights on me how I can give it a shot?
It also should be greatly appreciated if you can introduce some references about that.
Happy holidays!


Can someone tell me what kind of algorithm or method is used by IP const
propagation and alias analysis implemented in LLVM. I would also
appreciate if someone can give me links or reference method used if

I would also like to know whether this methods are
flow-sensitive/flow-insensitive or context sensitive/insensitive for const
prop & alias analysis resp.

Thank You ....

Naineet Patel