MadS&P | PyLingual: Toward Perfect Decompilation of Evolving High-Level Languages

March 02, 2026

PyLingual: Toward Perfect Decompilation of Evolving High-Level Languages

Abstract

Python is one of the most popular programming languages, used by developers and malware authors of all skill levels. However, maintainers of Python reverse engineering tools have been continuously challenged by Python’s aggressive language improvements and unstable bytecode specification. Recently, Python’s development trend has shifted sharply towards increasing bytecode complexity in pursuit of interpreter runtime optimizations.

To simultaneously improve the adaptability and trustworthiness of Python decompilers, we develop PyLingual, a novel decompiler architecture that integrates statistical natural language processing techniques with traditional programming theory to reduce maintenance effort across Python versions. PyLingual is the first practical decompiler to explicitly target “perfect decompilation”, a strict refinement of semantic equivalence that is easily verifiable even without access to the original source code.

Beyond releasing PyLingual’s code, we also launch a decompilation web service at https://pylingual.io, which has since emerged as an unprecedented vantage point for observing the closed-source Python ecosystem. By analyzing this unique filestream, we characterize the types of programs that appear in the wild and construct a novel malware detection dataset that offers insights into the poor real-world generalization of academic malware detection models.

Biography

Josh Wiedemeier is a PhD candidate and Eugene McDermott Fellow at the University of Texas at Dallas. His research focuses on the development of verifiable Python decompilation tools and the empirical study of large-scale program data. Josh is the creator of PyLingual, a decompiler that utilizes a hybrid of machine learning and traditional program analysis to withstand rapid changes in the Python language specification. By leveraging the unique view of the closed-source Python ecosystem provided by PyLingual’s web service, he has uncovered significant trends in Python-based malware, specifically identifying how benign data selection impacts the reliability of ML-based detection systems.