The Incredible Shrinking Context... in a Decompiler Near You

TL;DR

Shrknr is a novel static-analysis-based decompiler for Ethereum smart contracts that significantly improves scalability, completeness, and precision over existing tools by employing a new shrinking context sensitivity technique.

Contribution

The paper introduces shrinking context sensitivity, a new static analysis technique that enhances decompiler performance by efficiently managing control-flow context.

Findings

Scales to over 99.5% of contracts in benchmarks

Decompiles 67% more code than previous tools

Reduces imprecision metrics by over 65%

Abstract

Decompilation of binary code has arisen as a highly-important application in the space of Ethereum VM (EVM) smart contracts. Major new decompilers appear nearly every year and attain popularity, for a multitude of reverse-engineering or tool-building purposes. Technically, the problem is fundamental: it consists of recovering high-level control flow from a highly-optimized continuation-passing-style (CPS) representation. Architecturally, decompilers can be built using either static analysis or symbolic execution techniques. We present Shrknr, a static-analysis-based decompiler succeeding the state-of-the-art Elipmoc decompiler. Shrknr manages to achieve drastic improvements relative to the state of the art, in all significant dimensions: scalability, completeness, precision. Chief among the techniques employed is a new variant of static analysis context: shrinking context sensitivity. Shrinking context sensitivity performs deep cuts in the static analysis context, eagerly "forgetting" control-flow history, in order to leave room for further precise reasoning. We compare Shrnkr to state-of-the-art decompilers, both static-analysis- and symbolic-execution-based. In a standard benchmark set, Shrnkr scales to over 99.5% of contracts (compared to ~95%), covers (i.e., reaches and manages to decompile) 67% more code, and reduces key imprecision metrics by over 65%.