OpenNovelty.org

SK2Decompile: LLM-based Two-Phase Binary Decompilation from Skeleton to Skin

ICLR 2026 Conference SubmissionAnonymous Authors
OpenReview Score: 6.0Download Report PDF
decompilationbinary analysis
Abstract:

Large Language Models (LLMs) have emerged as a promising approach for binary decompilation. However, the existing LLM-based decompilers still are somewhat limited in effectively presenting a program's source-level structure with its original identifiers. To mitigate this, we introduce SK2Decompile, a novel two-phase approach to decompile from the skeleton (semantic structure) to the skin (identifier) of programs. Specifically, we first apply a Structure Recovery model to translate a program's binary code to an Intermediate Representation (IR) as deriving the program's "skeleton", i.e., preserving control flow and data structures while obfuscating all identifiers with generic placeholders. We also apply reinforcement learning to reward the model for producing program structures that adhere to the syntactic and semantic rules expected by compilers. Second, we apply an Identifier Naming model to produce meaningful identifiers which reflect actual program semantics as deriving the program's "skin". We train the Identifier Naming model with a separate reinforcement learning objective that rewards the semantic similarity between its predictions and the reference code. Such a two-phase decompilation process facilitates advancing the correctness and readability of decompilation independently. Our evaluations indicate that SK2Decompile, significantly outperforms the SOTA baselines, achieving 21.6% average re-executability rate gain over GPT-5-mini on the HumanEval dataset and 29.4% average R2I improvement over Idioms on the GitHub2025 benchmark.

Disclaimer
This report is AI-GENERATED using Large Language Models and WisPaper (A scholar search engine). It analyzes academic papers' tasks and contributions against retrieved prior work. While this system identifies POTENTIAL overlaps and novel directions, ITS COVERAGE IS NOT EXHAUSTIVE AND JUDGMENTS ARE APPROXIMATE. These results are intended to assist human reviewers and SHOULD NOT be relied upon as a definitive verdict on novelty.
NOTE that some papers exist in multiple, slightly different versions (e.g., with different titles or URLs). The system may retrieve several versions of the same underlying work. The current automated pipeline does not reliably align or distinguish these cases, so human reviewers will need to disambiguate them manually.
If you have any questions, please contact: mingzhang23@m.fudan.edu.cn

Overview

Overall Novelty Assessment

The paper proposes a two-phase decompilation framework that first recovers program structure (skeleton) via an Intermediate Representation with obfuscated identifiers, then generates meaningful variable names (skin) using separate reinforcement learning objectives. It occupies the 'Two-Phase Skeleton-to-Skin Decompilation' leaf within the 'Neural and LLM-Based Binary Decompilation' branch. Notably, this leaf contains only the original paper itself—no sibling papers are present—indicating a sparse, potentially novel research direction within the broader binary decompilation landscape.

The taxonomy reveals that the paper's immediate parent branch, 'Neural and LLM-Based Binary Decompilation', also includes a 'Direct Neural Decompilation' leaf with two papers pursuing end-to-end translation without intermediate structure recovery. Neighboring branches address 'Compiler-Aware Structural Decompilation' (traditional algorithms), 'Decompiled Code Refinement and Enhancement' (post-processing), and 'Binary-Source Code Alignment and Mapping' (dataset generation). The two-phase skeleton-to-skin approach diverges from both single-pass neural methods and compiler-driven structural analysis, positioning itself at the intersection of modularity and learning-based refinement.

Among sixteen candidates examined, the two-phase framework contribution shows one refutable candidate out of five examined, suggesting some prior exploration of phased decompilation strategies. The Intermediate Representation contribution examined ten candidates with none clearly refuting it, indicating relative novelty in the specific obfuscation-based IR design. The phase-specific reinforcement learning contribution examined only one candidate without refutation, though the limited search scope prevents strong conclusions. Overall, the analysis covers a modest candidate pool drawn from semantic search, not an exhaustive survey of all decompilation literature.

Given the limited search scope and the paper's placement in a singleton taxonomy leaf, the work appears to explore a relatively underexplored direction within neural binary decompilation. The two-phase decomposition and reinforcement learning integration show partial overlap with prior phased refinement methods, but the specific skeleton-to-skin framing and obfuscated IR design may offer incremental differentiation. A broader literature review would clarify whether similar modular strategies exist outside the top-sixteen candidates examined.

Taxonomy

Core-task Taxonomy Papers
36
3
Claimed Contributions
16
Contribution Candidate Papers Compared
1
Refutable Paper

Research Landscape Overview

Core task: binary decompilation from pseudocode to source code. The field encompasses several distinct branches that reflect different entry points and problem formulations. Binary-to-Source Decompilation and Reconstruction focuses on recovering high-level source code directly from compiled binaries, often leveraging neural models and large language models to bridge the semantic gap introduced by compilation. Pseudocode-to-Code Translation addresses the conversion of algorithm descriptions or intermediate representations into executable code, with works such as SPoC[3] and Pseudocode2c[14] exploring sequence-to-sequence and template-based approaches. Code Translation and Cross-Language Conversion targets migration between programming languages, while Educational and Pedagogical Tools emphasize accessibility and learning support. Surveys, Reviews, and Comparative Studies provide meta-analyses of techniques, and Specialized and Domain-Specific Applications tailor methods to particular contexts such as embedded systems or domain-specific languages. Within Binary-to-Source Decompilation, a particularly active line of work employs neural and LLM-based methods to handle the complexity of low-level code. Some approaches adopt multi-phase strategies that first reconstruct a structural skeleton before refining syntactic and semantic details, as seen in Refining Decompiled Code[9] and Semantic Scaffolds[8]. SK2Decompile[0] exemplifies this two-phase skeleton-to-skin paradigm, decomposing the decompilation task into separate stages for control flow recovery and variable refinement. This contrasts with end-to-end models like SAILR[6] or Unicoder[4], which attempt direct translation in a single pass. The trade-off centers on modularity versus holistic context: phased methods offer interpretability and targeted error correction, while unified models may capture richer cross-layer dependencies. Open questions remain around scalability to large binaries, handling of obfuscation, and the balance between leveraging pre-trained code models and domain-specific architectural inductive biases.

Claimed Contributions

Two-phase decompilation framework with Structure Recovery and Identifier Naming

The authors introduce a novel framework that decomposes binary decompilation into two sequential phases. The first phase recovers program structure (skeleton) by translating binary to an intermediate representation, while the second phase recovers meaningful identifiers (skin) that reflect program semantics. Each phase uses reinforcement learning with phase-specific rewards.

5 retrieved papers
Can Refute
Intermediate Representation based on obfuscated source code

The authors design an intermediate representation that consists of source code with all identifiers replaced by generic placeholders. This IR is grounded in the Information Bottleneck principle, balancing compression of identifier semantics while preserving structural semantics, and serves as the bridge between the two decompilation phases.

10 retrieved papers
Phase-specific reinforcement learning rewards for correctness and readability

The authors develop distinct reinforcement learning objectives for each phase: compiler-based rewards for Structure Recovery to ensure syntactic and semantic correctness, and semantic similarity rewards for Identifier Naming to improve human-centric readability. This allows independent optimization of functional correctness and code readability.

1 retrieved paper

Core Task Comparisons

Comparisons with papers in the same taxonomy category

Within the taxonomy built over the current TopK core-task papers, the original paper is assigned to a leaf with no direct siblings and no cousin branches under the same grandparent topic. In this retrieved landscape, it appears structurally isolated, which is one partial signal of novelty, but still constrained by search coverage and taxonomy granularity.

Contribution Analysis

Detailed comparisons for each claimed contribution

Contribution

Two-phase decompilation framework with Structure Recovery and Identifier Naming

The authors introduce a novel framework that decomposes binary decompilation into two sequential phases. The first phase recovers program structure (skeleton) by translating binary to an intermediate representation, while the second phase recovers meaningful identifiers (skin) that reflect program semantics. Each phase uses reinforcement learning with phase-specific rewards.

Contribution

Intermediate Representation based on obfuscated source code

The authors design an intermediate representation that consists of source code with all identifiers replaced by generic placeholders. This IR is grounded in the Information Bottleneck principle, balancing compression of identifier semantics while preserving structural semantics, and serves as the bridge between the two decompilation phases.

Contribution

Phase-specific reinforcement learning rewards for correctness and readability

The authors develop distinct reinforcement learning objectives for each phase: compiler-based rewards for Structure Recovery to ensure syntactic and semantic correctness, and semantic similarity rewards for Identifier Naming to improve human-centric readability. This allows independent optimization of functional correctness and code readability.

Table of Contents