Tootfinder

Spiffy! CPython bytecode is now viewable in @… !
https://discuss.python.org/t/python-bytecode-cfg-added-to-com…

Python bytecode CFG added to compiler-explorer
Hi We just added control-flow-graph support to compiler-explorer: Hopefully it is useful to you guys. Please report any problems you find - and maybe even further enhancement suggestions! Toy example: Compiler Explorer Thanks, -Ofek

Decompiling Smart Contracts with a Large Language Model
Isaac David, Liyi Zhou, Dawn Song, Arthur Gervais, Kaihua Qin
https://arxiv.org/abs/2506.19624 http…

Decompiling Smart Contracts with a Large Language Model
The widespread lack of broad source code verification on blockchain explorers such as Etherscan, where despite 78,047,845 smart contracts deployed on Ethereum (as of May 26, 2025), a mere 767,520 (< 1%) are open source, presents a severe impediment to blockchain security. This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode, a fundamental research challenge with direct implications for identifying vulnerabilities and understanding malicious behavior. Pre…

WAMI: Compilation to WebAssembly through MLIR without Losing Abstraction
Byeongjee Kang, Harsh Desai, Limin Jia, Brandon Lucia
https://arxiv.org/abs/2506.16048

WAMI: Compilation to WebAssembly through MLIR without Losing Abstraction
WebAssembly (Wasm) is a portable bytecode format that serves as a compilation target for high-level languages, enabling their secure and efficient execution across diverse platforms, including web browsers and embedded systems. To improve support for high-level languages without incurring significant code size or performance overheads, Wasm continuously evolves by integrating high-level features such as Garbage Collection and Stack Switching. However, existing compilation approaches either lack…

from my link log —
Recovering control flow structures from Java bytecode without CFGs.
https://purplesyringa.moe/blog/recovering-control-flow-structures-without-cfgs/
saved 2025-06-06

Recovering control flow structures without CFGs
I’m working on a Java decompiler because I’m not satisfied with the performance of other solutions. I’ve always heard that decompiling JVM bytecode is a solved problem, but I’ve concluded that the decompilation methods used by CFR and Vineflower are hacky, inefficient, and sometimes don’t even work. The existing solutions are haphazard and inadequate compared to alternative approaches. Specifically, I have beef with the control flow extraction strategies employed by most decompilers. …

Very interesting applied security research into the #GSMA #eSIM universe, specfically the use of the JavaCard VM with its questionable security architecture depending on an off-card bytecode verifier in the context of the eUICC which inherently contains eSIM profiles of different [competing] mobile operators, e…

StoneDetector: Conventional and versatile code clone detection for Java
Thomas S. Heinze, Andr\'e Sch\"afer, Wolfram Amme
https://arxiv.org/abs/2508.03435 https://

StoneDetector: Conventional and versatile code clone detection for Java
Copy & paste is a widespread practice when developing software and, thus, duplicated and subsequently modified code occurs frequently in software projects. Since such code clones, i.e., identical or similar fragments of code, can bloat software projects and cause issues like bug or vulnerability propagation, their identification is of importance. In this paper, we present the StoneDetector platform and its underlying method for finding code clones in Java source and Bytecode. StoneDetector impl…

ScamDetect: Towards a Robust, Agnostic Framework to Uncover Threats in Smart Contracts
Pasquale De Rosa, Pascal Felber, Valerio Schiavoni
https://arxiv.org/abs/2508.07094 https:…

ScamDetect: Towards a Robust, Agnostic Framework to Uncover Threats in Smart Contracts
Smart contracts have transformed decentralized finance by enabling programmable, trustless transactions. However, their widespread adoption and growing financial significance have attracted persistent and sophisticated threats, such as phishing campaigns and contract-level exploits. Traditional transaction-based threat detection methods often expose sensitive user data and interactions, raising privacy and security concerns. In response, static bytecode analysis has emerged as a proactive mitig…