A Comb for Decompiled C Code

Decompilers are fundamental tools to perform security assessments of third-party software. The quality of decompiled code can be a game changer in order to reduce the time and effort required for analysis. This paper proposes a novel approach to restructure the control flow graph recovered from binary programs in a semantics-preserving fashion. The algorithm is designed from the ground up with the goal of producing C code that is both goto-free and drastically reducing the mental load required for an analyst to understand it. As a result, the code generated with this technique is well-structured, idiomatic, readable, easy to understand and fully exploits the expressiveness of C language. The algorithm has been implemented on top of the revng static binary analysis framework. The resulting decompiler, revngc, is compared on real-world binaries with state-of-the-art commercial and open source tools. The results show that our decompilation process introduces between 40% and 50% less extra cyclomatic complexity.