NotDec: WebAssembly Decompilation With Inter-Procedural Type Recovery
With WebAssembly widely supported in browsers, containers, IoT devices, and serverless platforms and increasingly adopted as a universal low‑level bytecode standard, auditing its hidden vulnerabilities and malicious intentions has become critical. Decompiling existing WebAssembly modules can help security researchers and end users understand binary behavior, but current tools suffer from verbose result, poor readability, and limited type recovery.
We present NotDec, an advanced WebAssembly decompilation framework. NotDec extends the WebAssembly type checking algorithm to lift bytecode into an SSA‑based IR, applies the inter-procedural type recovery algorithm Retypd with pointer and numeric value differentiation methods to recover complex data structures, and leverages Memory SSA alongside semantics‑preserving structured control‑flow analysis to emit readable, semantically consistent C code.
NotDec achieves 100% recompilation success rate on all 5,241 Juliet samples and all Howard dataset programs, significantly outperforming baselines including Ghidra (45.95% success rate). On type recovery accuracy, NotDec recovers 85.33% of struct member accesses in real-world programs, vastly exceeding Ghidra’s 9.24%. While the full inter-procedural version faces scalability challenges on large binaries, the intra-procedural variant NotDec_F demonstrates superior efficiency, consuming less than half of Ghidra’s memory and up to 97% less execution time on unoptimized binaries.
| Presentation-Slide-NotDec.pdf (Presentation-NotDec.pdf) | 1.80MiB |
Wed 15 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
14:00 - 15:30 | Testing and Analysis 4Research Track / SE In Practice (SEIP) at Oceania IX Chair(s): Anil Koyuncu Bilkent University | ||
14:00 15mTalk | SymRadar: PoC-Centered Bounded Verification for Vulnerability Repair Research Track | ||
14:15 15mTalk | Fine-Grained Analyses for Evolution-Aware Runtime Verification Research Track Pengyue Jiang Cornell University, Kevin Guan Cornell University, M. Mahdi Khosravi Middle East Technical University, Moustafa Ismail Middle East Technical University, Marcelo d'Amorim North Carolina State University, Owolabi Legunsen Cornell University | ||
14:30 15mTalk | An Empirical Study on Static Application Security Testing (SAST) Tools for PythonDistinguished Paper Award Research Track Liu Zhuohang Nankai University, Zhi Wang Nankai University, Haotong Liu Nankai University, Wanpeng Li University of Liverpool | ||
14:45 15mTalk | NotDec: WebAssembly Decompilation With Inter-Procedural Type Recovery Research Track Jikai Wang Huazhong University of Science and Technology, Ningyu He Hong Kong Polytechnic University, Tianming Liu Huazhong University of Science and Technology, Junhai Wang Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology Media Attached File Attached | ||
15:00 15mTalk | PyXray: Practical Cross-Language Call Graph Construction through Object Layout Analysis Research Track Georgios Alexopoulos University of Athens, Thodoris Sotiropoulos ETH Zurich, Georgios Gousios Endor Labs, Zhendong Su ETH Zurich, Dimitris Mitropoulos University of Athens Pre-print | ||
15:15 15mTalk | HapCheck: DSL-Based Static Bug Detection Framework for OpenHarmony SE In Practice (SEIP) Xitong Zhong Beihang University, Chang Liu Beihang University, Runlin Liu Beihang University, Zifu Xu Beihang University, Zhengyao Liu Beihang University, Juqi Zhou Beihang University, Gang Fan Huawei Hong Kong Research Centre, Mingyi Zhou Beihang University, Xiang Gao Beihang University, Li Li Beihang University | ||