Skip to content

re-compile/recompile

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
recompile
recompile
 
 
scripts
scripts
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

re:compile

re:compile is a Linux-native runtime analysis toolchain for C/C++ memory bugs.

Current supported path:

  • build or provide a Linux ELF binary
  • run rerun run --native <binary>
  • attach the C eBPF agent in recompile/runtime/agent/re-mini.c
  • persist canonical findings to findings.json
  • keep streaming/debug output in re-findings.jsonl

Status

Phase 0 is complete on the supported path. Phase 1 is complete for the Linux-native MVP scope. Phase 2 is complete for the current issue-backed escalation and evaluation scope.

Validated native findings in Docker:

  • memcpy_overflow -> heap_overflow
  • double_free -> double_free
  • invalid_free -> invalid_free

Current priority before Phase 3 is a full codebase review for dead files, deferred paths, stale Phase 0 remnants, and hotfix-ish logic.

Supported Environment

Primary supported environment:

  • Linux host, or
  • Docker with --privileged --pid=host

That PID namespace requirement is mandatory for the current eBPF tracing flow.

Quick Start

git clone <repo-url>
cd ai-compiler
docker build -t recompile-bootstrap:host .
docker run --rm -it --privileged --pid=host \
  -v "$PWD":/workspace/recompile \
  recompile-bootstrap:host bash

Inside the container:

cd /workspace/recompile/recompile
make rc

To smoke-test the bring-your-own-binary path:

make external-smoke

To smoke-test Valgrind confirmation:

make escalation-smoke

That smoke validates Valgrind confirmations for the current positive user-style samples and verifies Valgrind stays unconfirmed on clean user-style samples.

To smoke-test ASan confirmation for already-instrumented binaries:

make asan-smoke

ASan support is intentionally narrow: the binary must already be built with -fsanitize=address. rerun does not silently rebuild source files or pretend ASan applies to a normal binary.

To smoke-test the optional compiler-wrapper path:

make recc-smoke

recc is an advanced compile-wrapper path. It is not required for the primary rerun run --native <binary> workflow and is not part of the Phase 2 release gate.

To score the current native/escalation hit rate:

make hit-rate
jq . build/hit-rate/summary.json

Repo Layout

  • recompile/ - active Rust/C workspace
  • Dockerfile - supported bootstrap image

Core Docs

Not In Scope Right Now

  • VM-first workflow
  • macOS-first support
  • Rust runtime agent
  • recc as a required MVP path
  • CI as a release gate

Phase 1 RC Gate

The current release-candidate regression command is:

cd recompile
make rc

This runs active Rust checks/tests, the three golden regressions, and the user-style external sample suite.

Phase 2 Evaluation

The Phase 2 closeout gate is:

cd recompile
make phase2
make hit-rate

make phase2 runs the RC gate plus Valgrind and ASan escalation smoke tests. make hit-rate writes per-case native and escalation outcomes to build/hit-rate/summary.json.

The optional compiler-wrapper smoke remains separate:

cd recompile
make recc-smoke

recc is not part of the primary rerun run --native <binary> workflow.

To score only the current native/escalation hit rate:

cd recompile
make hit-rate

Some Phase 2 classes, such as use_after_free, memory_leak, and fd_leak, are currently Valgrind-first and marked as native-unsupported in that summary.

Native findings include provenance.source_status so unresolved source locations are explicit instead of silently missing.

Golden-only baseline:

cd recompile
make phase1

Bring Your Own Binary

For early technical users, the supported workflow is runtime triage for a Linux ELF binary the user already knows how to build:

clang -g -O0 -fno-omit-frame-pointer \
  -fno-builtin -fno-builtin-memcpy -fno-builtin-free \
  -o my_test my_test.c

./target/release/rerun run --native ./my_test --output build/my-test
jq . build/my-test/findings.json

To assert an expected class for one binary:

./scripts/validate-binary.sh --binary ./my_test --expect-class heap_overflow

To run Valgrind confirmation on an existing crashpack:

./target/release/rerun escalate build/my-test --tool valgrind
jq . build/my-test/escalations/results.json

For a crashpack with no native findings, run an explicit Valgrind binary scan:

./target/release/rerun escalate build/my-test --tool valgrind --scan-binary

To run ASan confirmation, build the target with ASan first:

clang -g -O0 -fno-omit-frame-pointer -fsanitize=address \
  -o my_asan_test my_test.c

./target/release/rerun run --native ./my_asan_test --output build/my-asan-test
./target/release/rerun escalate build/my-asan-test --tool asan --scan-binary
jq . build/my-asan-test/escalations/results.json

If the binary is not ASan-instrumented, --tool asan fails clearly with the -fsanitize=address requirement instead of reporting a fake negative.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages