Decompilation takes too much memory #13
Comments
|
Can you upload your dll somewhere? Looks interesting. |
|
https://www.file-upload.net/download-12866451/2mbTurnsInto32Gigs.dll.html Def. worth looking into in terms of denial of service. I've renamed the original dll, like I said, this isn't from an open source project or anything so I'm not sure regarding the legality of decompiling it. |
|
Thank you for the report. We will investigate it. To limit virtual memory on Linux, you can run e.g. |
fokin hell |
|
I have the same problem, is there any fix for this for now? |
|
@s3rvac Do your servers at work have 128 GB of RAM? I'm wondering if this is a larger design issue; formerly an analyst would be using RetDec on a remote server via the API, while with the open source release most analysts are running directly on their own low powered desktops/laptops. That being said, somebody (or me eventually) should probably generate a couple flame graphs to check if there's any easy problems to squash. |
|
With the testing I did yesterday I can already say that turning off optimizations ( |
|
We are aware of the memory/speed issues when decompiling certain binaries. In most cases, they are caused either by invalid instruction decoding (when e.g. data are decompiled as code) or simply by the size of the code that is being decompiled (the larger the binary is, the slower and more memory-intensive its decompilation may be). Many cases are already reported in our original bug tracker, which we want to migrate into GitHub. We plan to provide more information concerning these performance issues. Please, bear with us. There are a lot of things that still need to be done (fix of build issues on different systems, migration of our old bug tracker, wiki pages, documentation, tests, continuous integration, dependency management, roadmap, etc.). We try to do our best. Until then, I would just like to point out that in most cases, these issues are NOT caused by a single, particular bug somewhere it the decompiler. Rather, improvements in multiple parts of the decompiler will be needed. |
|
After 20 hours it crashed after having gone through 110GB of RAM, so ye, memory requirements =P Might help narrow it down though, as |
|
Yep, removing those from the Aaaaand three and a half hour later.. |
|
It breaks at 2Mb? I've got a binary that's 45 megabytes... what are my options? I've tried using It's using about 2.9G of RAM, but the timer isn't changing. I'm guessing I don't even get to that part that supposedly uses a lot of ram. Server has 110G of ram and 12 cores |
|
@mhsjlw:
It depends on the input binary. Many times, even larger binaries can be decompiled without a problem.
Generally, when a decompilation takes too much time or consumes too much memory, you can perform a selective decompilation, which will decompile only a part of the input file. For example, by running the decompiler will decode and decompile only functions named This will decompile everything between addresses
This parameter only applies to the back-end phase ( |
|
Ok, I'll give the selective decompilation a try, thanks. |
|
I think you can try some selective decompilation...I've had the same problem. I'll tell you when I try |
|
Same problem with another DLL. On Linux eats 16 GB RAM |
|
Maybe the code could be refactored to use binary trees or some other memory efficient data structure. |
s3rvac
changed the title
|
Same for me |
|
Few big files that we could test, and eventually handle.
|
|
@PeterMatula , you mean before this issue was opened or after? |
|
Same situation here. |
|
While this is indeed unfortunate, and I'm sure the retdec team is looking into it, users must deal with what we have available to use. While analyzing the binary you feed it retdec creates a JSON document that describes the assembly (and the functions which is what we are mostly after). We can get function offsets and names from this. To that end I have written a python 3 script that makes this somewhat easier (albeit still a bit tedious, I'm open to improvement suggestions). #!/usr/bin/python3
import os
import sys
import json
try:
path_to_decompiler_sh = sys.argv[1]
path_to_file_to_decompile = sys.argv[2]
path_to_retdec_json = sys.argv[3]
except IndexError:
print("Usage: path/to/decompiler.sh path/to/file.exe path/to/retdec.json")
sys.exit(1)
with open(path_to_retdec_json, 'r') as f:
obj = json.load(f)
for fn in obj['functions']:
n = fn['name']
if not n.startswith("function_"):
continue
s = hex(fn['startAddr'])
e = hex(fn['endAddr'])
cmd = "{} {} --select-ranges {}-{} --select-decode-only -o {}.fn" \
.format(path_to_decompiler_sh,
path_to_file_to_decompile,
s,
e,
n)
print(cmd)Running the script: $ ./the-script.py ~/bin/decompiler.sh path/to/my.exe /path/to/retdec_output.jsonWill produce something similar to the following: Which I can then run directly. You can of course modify the script to use Hopefully this helps someone. |
|
I would also like to add a little more. When optimizing in the backend, I mainly encounter problems with the SimpleCopyPropagationOptimizer. If I exclude it, I have no problems with most examples and tests. So there seems to be some mistake here. In my case, the storage problems occur primarily in the backend. Especially here I can hardly use the optimizations, because there are crashes here again and again. What I see as a problem here is that if an optimization fails, the whole process is aborted immediately. Actually, only the current optimization failed. One could continue with the other optimizations or output the existing intermediate result. But there is always a hard break-up here. This is sometimes really stupid. It would be a long time if it could be improved here in error handling. |
|
Sample from #97 is also taking to much time and memory in |
|
If i have a new file that is also using too much memory should I open a new issue for it? |
|
No, just zip it and upload it here if you want to share it for testing. |
|
Ok, thanks, here is the link. |
|
I had a similar problem with a 1.2mb (not packed) file. DeadLocalAssignOptimizer issued "warning: out of memory: trying to recover" in a seemingly endless loop. Though only 17GB of a total 32GB RAM was actually used. Adding the |
retdec-decompiler.py \
--backend-disabled-opts=DeadCode,DeadLocalAssign,CopyPropagation,SimpleCopyPropagation \
... |
|
I have same problem. I'm trying to decompile some.dll (11 Mb), and now I stuck for 20 hours at this step with enormous memory consumption: Decompilation settings are all default. Just set no memory limit. -_- |
|
same here, it just stop somewhere using half of my ram; im using 4.0 |
|
I finally decided to rent an Azure-server to be able to allow as much optimization as possible using virtual memory. I upped the swap-file to those disks outside C: to max-size, however enabling system managed swap on enough disks would already allow swap 3 times RAM = 192 GB, I allowed IE usage, installed python 3.7.3 on the server, ran retdec-decompiler.py with the --no-memory-limit option, turned off the automatic turn off of the server at 7PM UTC, turned off Windows update that rebooted my system around 6 AM, and even installed Application Insights to follow the committed memory usage from outside the server without having to RDP to it. At the moment the server decompile-process is finally surviving the night. |
|
As a reference, I once tried to decompile a 30MB binary. It ended up using 800GB of RAM 😮 |
|
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
|
and others
The file I'm decompiling is kinda publicly available but I'm not sure how to share it with devs because the people who have written the code probably don't want it to be decompiled in the first place.
I'd be happy to send the file to a dev via mail or some other means.
I'm running: ./decompiler.sh <path/to/dll>
Which at some point runs:
llvmir2hll -target-hll=c -var-renamer=readable -var-name-gen=fruit -var-name-gen-prefix= -call-info-obtainer=optim -arithm-expr-evaluator=c -validate-module -llvmir2bir-converter=orig -o [...].dll.c [...].dll.c.backend.bc -enable-debug -emit-debug-comments -config-path=[...].dll.c.jsonOnce it reaches the step below, it slowly starts eating memory until at one point it quickly goes from 8GB -> 32 GB and then get's killed by docker.
How would I help debugging this? My guess would be it's running into some infinite depth loop.
The text was updated successfully, but these errors were encountered: