Do you have a scanner that checks these sorts of things or is it something that you are passionate about?
kazinator · 6h ago
By the following very short garden path:
1. How silly to write such a thing in C from scratch. Such a project will invariably invent half of Lisp in order to have the right kind of infrastructure for doing this and that.
2. Let's look for some of it up and down the tree. Oh look, there is a bitset and hashmap, see? I don't see test cases for these anywhere; is it original work from this project or battle-tested code taken from elsewhere?
3. Open hashmap.c ...
GPL violation found in half a minute.
issafram · 5h ago
Yea I'm not criticizing you. Was just genuinely curious. Thanks
Yea I saw that after looking it up. I wasn't questioning the statement, but me personally I wouldn't look at each file and look for license violations. That's all.
gibibit · 17h ago
I am always curious how different C programs decide how to manage memory.
In this case there are is a custom string library. Functions returned owned heap-allocated strings.
Sometimes it returns a static string like `g_str_int` and sometimes a newly heap-allocated string, such as returned by `class_type_array_name(g_str_int, depth)`.
Callers have no way to properly release the memory allocated by this function.
neocanable · 17h ago
In multi-threaded mode, each thread will create a separate memory pool. If in single-threaded mode, a global memory pool is used. You can refer to https://github.com/neocanable/garlic/blob/72357ddbcffdb75641.... The x_alloc and x_alloc_in in it indicate where the memory is allocated. When each task ends, the memory allocated in the memory pool is released, and the cycle repeats.
masfoobar · 1h ago
> I am always curious how different C programs decide how to manage memory.
At a basic level, you can create memory on the stack or on the heap. Obviously I will focus on the heap as that is dynamically allocating memory of a certain size.
The C programming language does not force you how to handle memory. You are pretty much on your own. For some C programmers (and likely more inexperienced ones) they will malloc individual variables like they are creating a 'new' instance in a typical OOP language like Java. This can be a telltale sign of a programmer working with C that comes from an OOP background. As they learn and improve on their C skills they realise they should create a chunk of memory of a certain type, but could still be malloc(ing) and free(ing) all over the code, making it difficult to understand what is being used and where -- especially if you are looking at code you did not write.
You can also have programs that do not bother free(ing) memory. For example, a simple shell program that just does simple input->process->output and terminates. For these types of programs, just let the OS deal with freeing the memory.
Good C code (in my opinion) uses malloc and free in only a handful of functions. There are higher level functions for proper Allocators. One example is an Arena Allocator. Then if you want a function which may require dynamic memory, you can tell it which allocator to use. It gives you control, generally speaking. You can create a simple string library or builder with an allocator.
Of course an Allocator does not have to use memory on the heap. It can still use on the stack as well.
There are various other patterns to use in the world of memory, especially in C.
norir · 12h ago
Many command line tools do not need memory management at all, at least to first approximation. Free nothing and let the os cleanup on process exit. Most libraries can either use an arena internally and copy any values that get returned to the user to the heap at boundaries or require the user to externally create and destroy the arena. This can be made ergonomic with one macro that injects an arena argument into function defs and another that replaces malloc by bumping the local arena data pointer that the prior macro injected.
1718627440 · 12h ago
That might be true, but leaking is neither the critical nor the most hard to find memory management issue, and good luck trying to adapt or even run valgrind with a codebase that mindlessly allocates and leaks everywhere.
kevin_thibedeau · 9h ago
Shhh. We want the ML models trained on this sort of deeply flawed code.
guerrilla · 12h ago
Pretty sure you can just disable leak checking.
1718627440 · 12h ago
But for example verifying that memory is not touched after it is supposed to, is much harder when you can't rely on it being freed.
Of course literally running valgrind is still possible, but it is difficult to get useful information.
nick__m · 11h ago
You cannot have use-after-free if you never call free, so there are no points at which memory should not be touched.
That's the beauty of the never free memory management strategy.
dajtxx · 10h ago
It can still be a bug if you use something after you would have freed it because your code isn't meant to be using that object any more. It points to errors in the logic.
kazinator · 6h ago
In the same file:
static bool is_java_identifier_start(char c)
{
return (isalpha(c) || c == '_' || c == '$');
}
Undefined behavior in isalpha if c happens to be negative (and not equal to EOF), like some UTF-8 byte.
I think some <ctype.h> implementations are hardened against this issue, but not all.
IshKebab · 16h ago
Interesting. Someone should come up with a language that prevents these sorts of mistakes!
cenamus · 15h ago
Thank god Lisp is older than C, don't have to deal with such nonsense :-)
brabel · 16h ago
That’s impossible. Just be more careful and everything should work, the author’s C was just a bit rusty!
neocanable · 16h ago
This project is my first project written in C language. Before this, my C language level was only at printf("hello world"). I am very happy because this project made me dare to use secondary pointers.
sim7c00 · 14h ago
u did really well ppl like to pick on C. :) thanks for making it in C, fun to read ur code and see how others go about this language!
uecker · 13h ago
I think he is using memory pools, so this is ok.
kookamamie · 16h ago
Yes, perhaps it could have a marketing slogan like "Write once, crash everywhere!"
pjmlp · 14h ago
If only there were a couple of OSes implementated during the 1960's with such programming languages....
SunlitCat · 14h ago
Strings! The bane of C programming, and a big reason I prefer C++. :D
Nice job! I don't know whether you know https://github.com/java-decompiler/jd-gui or not, but in case you haven't seen it before, maybe you could use it as a reference, since it's written in Java, for extra fun with your adventure?
rafram · 17h ago
Things may have changed, but my impression as of several years ago was that JD-GUI was far, far behind the state of the art (Fernflower, aka the built-in IntelliJ decompiler) in terms of correctness, re-sugaring, support for modern Java features, and so on. Fernflower is open source as part of IntelliJ: https://github.com/fesh0r/fernflower
GranPC · 16h ago
Is there a good GUI for this a la jadx-gui that isn't an entire IDE?
rafram · 15h ago
Not that I know of. The features I'd want in order to consider a decompiler GUI "good" (e.g. a good text editing control, go-to-definition, find usages, manual renaming of obfuscated symbol names) quickly approach the scope of an entire IDE, though.
DefineOutside · 14h ago
The most feature advanced decompiler I know of is Recaf. It supports a mix of decompilers and even bytecode editing.
mudkipdev · 7h ago
Recaf
appendixv3 · 20h ago
Very cool project! Love the idea of a Java decompiler written in C — the speed must be great.
Any plan to support `.dex` in the future? Also curious how you handle inner classes inside JARs.
I am writing the part of decompiling dex and apk. The current speed is about 10 times faster than that of Java, and it takes up less resources than Java. And the compiled binary is smaller, only about 300k. Thank you for your attention.
Koshkin · 9h ago
> 10 times faster than that of Java
I was hoping that these days' Java would be "almost" as fast C/C++. Oh well.
neocanable · 6h ago
In the process of writing this, I learned a lot about JVM. JVM has done well enough, even surpassing C/C++ in some cases.
mdaniel · 18h ago
This has been my life experience with things written in C/C++, so speed doesn't matter. Or, I guess from an alternative perspective, it ran very fast, but exited very fast, too :-D
Sorry for giving you a bad experience. Please provide the jar file or class file. I hope I can fix it as soon as possible.
uecker · 13h ago
Is it? This is my experience with Python. The C/C++ programs I use daily never seem to crash (Linux, bash, terminals, X, firefox, vim, etc.). It must be years ago one of those programs crashed while I used it.
1718627440 · 12h ago
Also a segfault IS the protection layer intervening, it is equivalent to a exception in other languages. The real problem is, when there is no segfault.
uecker · 11h ago
This is absolutely true. But even this does not happen in the software I use every day. Software written is C is definitely the most stable I use - by far. That there are people running around claiming that it is impossible to write stable software in C and it crashes all the time due to bugs is rather unfortunate, as it is far from the truth.
tslater2006 · 20h ago
The readme shows support for dumping dex files. Edit: missed that it has a comment that stays "unsupport for now" but at least it looks like something planned
neocanable · 19h ago
It is processes inner classes recursively. First read all entry from jar, and analyze the relationships between classes. Then do some decompile job.
By hand or with AI? Fascinating. So much work! What was your motivation for this?
neocanable · 19h ago
90% by hand, 10% AI. I do this for fun and to learn about jvm.
jebarker · 19h ago
I think that sort of ratio is the sweet spot for learning. I've been writing an 8086 simulator in C++ and using an LLM for answering specific technical questions I come up with has drastically sped up my progress without it actually doing the work for me.
keepamovin · 18h ago
Wow, impressive. A project of the scale and depth.
xandrius · 20h ago
Irrelevant to me. People would never ask whether someone has created something looking at SO or not. If the thing works as advertised, good for them!
lyxell · 19h ago
To some people the process leading to a finished project is the most interesting thing about posts like these.
johnisgood · 19h ago
LLMs can explain the process, and you can build projects with LLMs explaining the process.
nticompass · 19h ago
LLMs can attempt to explain the code, but it can't explain people's thought process and that's the interesting part.
I want to hear about the reverse engineering, how you thought the code through. LLMs are boring.
johnisgood · 18h ago
They can, if you write down your thought process, which is probably what you should do when you are using an LLM to create a product, but what do I know.
Ghoelian · 18h ago
> They can, if you write down your thought process
Just write a blogpost at that point.
johnisgood · 17h ago
You do not have to be as accurate or that specific, you do not have to worry about the way you word or organize things, the LLM can figure it out, as opposed to a blog post.
So "To some people the process leading to a finished project is the most interesting thing about posts like these." is bullshit, that is said by someone who has never used LLM properly. You can achieve it with LLMs. You definitely can, I know, I did, accurately (I double checked).
How come? You had different experiences? Which LLMs, what prompts? Give me all the details that supports your claim that it is not true. My experiences completely differ from yours, so the way I use it, it is very much true.
That said, it is probably pointless to argue with full-blown AI-skeptics.
People had lots of great and productive-enhancing experiences with LLMs, you did not, great, that does not reflect the tool, it reflects your way of using the tool.
Of course it can be done! It wouldn't be as general purpose as the Java decompiler in C because the C decompiler would have to know about the CPU architecture of the executable code (just as the Java decompiler has to know about JVM opcodes).
kamma4434 · 14h ago
I cannot help but wonder why starting a new project in C in 2025. It’s like driving a car with no seat belts. You sure you want to do that?
uecker · 13h ago
I moved from C++ to C and I am more productive. I also think this "no seat belts" meme is exaggerated, as there are plenty of tools and strategies to make C fairly safe to use. (it is true though that many people do not put the seat belts on).
hualaka · 37m ago
When debugging complex projects, the C language is more flexible and convenient to view data in memory.
zzo38computer · 14h ago
In my experience, although many of the other programming languages do improve some things compared with C, they also make many things worse and avoid some of the benefits of C programming.
pjmlp · 14h ago
I can't recall anything in that sense regarding Modula-2 and Object Pascal, other than not bringing UNIX to the party.
ronsor · 14h ago
Yes, yes I'm sure. I like using C sometimes.
userbinator · 3h ago
Or riding a motorcycle.
But stupid real-world analogies are stupid.
Sophira · 12h ago
We need people who can (and do) write in C, assembly, and all these low-level languages. Otherwise, software will just get slower and slower.
AgentME · 12h ago
Rust has the same low-level memory model as C without the footguns.
ramon156 · 58m ago
I love Rust but we really got to stop the link between C and Rust.
If someone mentions C, that's not a free invite to start educating them on why they SHOULD use Rust. No one at the party is going to talk to you again that night
dardeaup · 10h ago
Rust certainly does have some improvements, but I'm not 100% certain that it's the best tool for all low-level software. For example, I'm experimenting with Rust for some filesystem type code and I can't figure out how to write/read a struct to/from disk all at once. I'm brand new to Rust, so it's quite possible that it can be done and I just don't know the technique. Basically, I'm looking for something in Rust analogous to C's fread/fwrite. I know I can write out each field of the struct individually, but when the struct has many fields it means having to write a huge amount of nasty boilerplate code when in C it's a single function call (fread/fwrite).
saintfire · 8h ago
I think you're going to want to reach for serde.
Its a bit of annotating but you can then de/serialize structs to arbitrary formats with one call.
dardeaup · 7h ago
Thanks for the suggestion! I'll have a look.
sim7c00 · 14h ago
i only write in C. if id build a car it wouldnt have seatbelts. boring, put in ejector seats! not safe? no problem for C :).
SunlitCat · 14h ago
ejector seats in C car?
goto eject;
...more code we are going to ignore, it could be important but nah, ignore it, what could be happen?...
eject:
up_through_the_roof();
:D
UncleEntity · 8h ago
I cannot help but wonder why I would learn a whole new language before even beginning to start a new project when I already know C. Though, generally speaking, I tend to use C++ for new projects -- usually depending on what libraries I'm using, if the lib is in C I use C and if the lib is in C++ I use C++. The current thing I'm working on is intended as a Python extension module and Python is written in C so...
And, yes, I know it's trivial to interface the Python C-API with C++ and quite often better as the 'object model' is very similar but the underlying concept I wanted to explore (guaranteed tailcalls) isn't possible in C++ from what I can tell.
https://opensource.stackexchange.com/questions/10737/inclusi...
Do you have a scanner that checks these sorts of things or is it something that you are passionate about?
1. How silly to write such a thing in C from scratch. Such a project will invariably invent half of Lisp in order to have the right kind of infrastructure for doing this and that.
2. Let's look for some of it up and down the tree. Oh look, there is a bitset and hashmap, see? I don't see test cases for these anywhere; is it original work from this project or battle-tested code taken from elsewhere?
3. Open hashmap.c ...
GPL violation found in half a minute.
In this case there are is a custom string library. Functions returned owned heap-allocated strings.
However, I think there's a problem where static strings are used interchangably with heap-allocated strings, such as in the function `string class_simple_name(string full)` ( https://github.com/neocanable/garlic/blob/72357ddbcffdb75641... )
Sometimes it returns a static string like `g_str_int` and sometimes a newly heap-allocated string, such as returned by `class_type_array_name(g_str_int, depth)`.
Callers have no way to properly release the memory allocated by this function.
At a basic level, you can create memory on the stack or on the heap. Obviously I will focus on the heap as that is dynamically allocating memory of a certain size.
The C programming language does not force you how to handle memory. You are pretty much on your own. For some C programmers (and likely more inexperienced ones) they will malloc individual variables like they are creating a 'new' instance in a typical OOP language like Java. This can be a telltale sign of a programmer working with C that comes from an OOP background. As they learn and improve on their C skills they realise they should create a chunk of memory of a certain type, but could still be malloc(ing) and free(ing) all over the code, making it difficult to understand what is being used and where -- especially if you are looking at code you did not write.
You can also have programs that do not bother free(ing) memory. For example, a simple shell program that just does simple input->process->output and terminates. For these types of programs, just let the OS deal with freeing the memory.
Good C code (in my opinion) uses malloc and free in only a handful of functions. There are higher level functions for proper Allocators. One example is an Arena Allocator. Then if you want a function which may require dynamic memory, you can tell it which allocator to use. It gives you control, generally speaking. You can create a simple string library or builder with an allocator.
Of course an Allocator does not have to use memory on the heap. It can still use on the stack as well.
There are various other patterns to use in the world of memory, especially in C.
Of course literally running valgrind is still possible, but it is difficult to get useful information.
That's the beauty of the never free memory management strategy.
I think some <ctype.h> implementations are hardened against this issue, but not all.
I guess there's some history there that I'm not familiar with because JBoss also has a FernFlower decompiler library https://mvnrepository.com/artifact/org.jboss.windup.decompil...
Any plan to support `.dex` in the future? Also curious how you handle inner classes inside JARs.
It seems someone liked it and made a "v2" along with LSP support https://github.com/A-LPG/LPG2#lpg2
https://www.jikesrvm.org/
I was hoping that these days' Java would be "almost" as fast C/C++. Oh well.
I want to hear about the reverse engineering, how you thought the code through. LLMs are boring.
Just write a blogpost at that point.
So "To some people the process leading to a finished project is the most interesting thing about posts like these." is bullshit, that is said by someone who has never used LLM properly. You can achieve it with LLMs. You definitely can, I know, I did, accurately (I double checked).
I will throw it out here, too: https://news.ycombinator.com/item?id=44163063 (My AI skeptic friends are all nuts)
That said, it is probably pointless to argue with full-blown AI-skeptics.
People had lots of great and productive-enhancing experiences with LLMs, you did not, great, that does not reflect the tool, it reflects your way of using the tool.
I will just throw it out here: https://news.ycombinator.com/item?id=44163063 (My AI skeptic friends are all nuts)
Additionally, "interesting" is highly subjective. It could be technically correct, yet uninteresting.
But stupid real-world analogies are stupid.
If someone mentions C, that's not a free invite to start educating them on why they SHOULD use Rust. No one at the party is going to talk to you again that night
goto eject; ...more code we are going to ignore, it could be important but nah, ignore it, what could be happen?...
eject: up_through_the_roof();
:D
And, yes, I know it's trivial to interface the Python C-API with C++ and quite often better as the 'object model' is very similar but the underlying concept I wanted to explore (guaranteed tailcalls) isn't possible in C++ from what I can tell.