HELIOS: Hierarchical Graph Abstraction for Structure-Aware LLM Decompilation

Large language models (LLMs) have recently been applied to binary decompilation, yet they still treat code as plain text and ignore the graphs that govern program control flow. This limitation often yields syntactically fragile and logically inconsistent output, especially for optimized binaries. This paper presents \textsc{HELIOS}, a framework that reframes LLM-based decompilation as a structured reasoning task. \textsc{HELIOS} summarizes a binary’s control flow and function calls into a hierarchical text representation that spells out basic blocks, their successors, and high-level patterns such as loops and conditionals. This representation is supplied to a general-purpose LLM, along with raw decompiler output, optionally combined with a compiler-in-the-loop that returns error messages when the generated code fails to build. On HumanEval-Decompile for \texttt{x86_64}, \textsc{HELIOS} raises average object file compilability from 45.0% to 85.2% for Gemini2.0 and from 71.4% to 89.6% for GPT-4.1Mini. With compiler feedback, compilability exceeds 94% and functional correctness improves by up to 5.6 percentage points over text-only prompting. Across six architectures drawn from x86, ARM, and MIPS, \textsc{HELIOS} reduces the spread in functional correctness while keeping syntactic correctness consistently high, all without fine-tuning. These properties make \textsc{HELIOS} a practical building block for reverse engineering workflows in security settings where analysts need recompilable, semantically faithful code across diverse hardware targets.

💡 Research Summary

The paper “HELIOS: Hierarchical Graph Abstraction for Structure‑Aware LLM Decompilation” addresses a fundamental weakness in current large‑language‑model (LLM)‑based binary decompilation: the models treat binaries as flat text and ignore the underlying control‑flow graph (CFG) and function‑call graph (FCG). This “structurally blind” approach leads to syntactically fragile and semantically inconsistent output, especially for heavily optimized binaries where loops, conditionals, and early returns are often mis‑represented, causing low compilability and functional correctness.

HELIOS proposes a three‑stage solution that does not require any model fine‑tuning. First, a static‑analysis backend (implemented with Ghidra) extracts per‑function artifacts: (i) a high‑level function summary (name, signature, architecture, basic‑block count, loop count, etc.), (ii) a compact CFG overview listing each basic block and its successors, (iii) block‑level P‑Code (Ghidra’s intermediate representation) with stable identifiers, and (iv) the raw pseudo‑C code produced by the decompiler. Second, these artifacts are linearized into a hierarchical prompt consisting of four clearly demarcated sections: