Control-Flow Flattening
- Control-flow flattening is a code obfuscation technique that transforms structured control flow into a centralized dispatcher-driven state machine while preserving program semantics.
- It replaces conventional nested conditionals and loops with a loop-switch construct and fresh state variables, complicating static and symbolic analysis.
- Empirical studies leverage metrics like Graph Edit Distance and BLEU to evaluate deobfuscation, with Chain-of-Thought-guided LLMs showing significant recovery improvements.
Searching arXiv for the papers on arXiv and closely related control-flow flattening work. First, locating the deobfuscation paper by title. Searching: "Analyzing Chain of Thought (CoT) Approaches in Control Flow Code Deobfuscation Tasks" Control-flow flattening (CFF) is a code obfuscation technique that restructures a program by decomposing it into basic blocks and routing execution through a centralized dispatcher, typically implemented as a loop with a switch statement, while preserving functional behavior and radically changing the control-flow graph (CFG) (Mohseni et al., 16 Apr 2026, Busi et al., 2020). In practical compiler-style realizations, the original structured control flow of nested conditionals and loops is replaced by a fresh state variable or program counter, and execution repeatedly dispatches to the basic block associated with the current state until a terminal state is reached. Recent work treats CFF both as an obfuscation to be inverted by deobfuscation systems and as a semantics-preserving transformation that can be studied formally with respect to security policies such as constant-time (Mohseni et al., 16 Apr 2026, Busi et al., 2020).
1. Transformation semantics and operational structure
CFF is described as a transformation on control flow rather than merely a syntactic rewrite. One formulation introduces source code , its AST , and a state transition graph for the flattened program, where is the set of dispatcher states and is a set of directed edges labeled by predicates (Mohseni et al., 16 Apr 2026). Each state corresponds roughly to a basic block or switch case, and each transition records which next state is selected under which predicate.
The semantic preservation requirement is expressed by a semantic function
with the constraint that the original program and the flattened program satisfy
for all inputs, even though their CFGs are radically different (Mohseni et al., 16 Apr 2026). This combination of semantic invariance and structural disruption is the defining property of CFF.
Operationally, the transformation proceeds by splitting the original function into basic blocks, introducing a dispatcher construct and a fresh state variable 0 or pc, initializing that variable to the entry state, and replacing direct control-flow edges with assignments to the state variable followed by a return to the dispatcher. In the canonical formulation studied for constant-time preservation, a flattened program has the shape
7
where termination occurs when pc is set to a special exit value such as 0 (Busi et al., 2020). Informally, nested loops and conditionals are flattened into a centralized dispatcher-driven state machine.
2. CFG formalization, structural distortion, and layered obfuscation
For structural analysis, the original and recovered CFGs are modeled as
1
where 2 is the set of basic blocks and 3 is the set of control-flow edges (Mohseni et al., 16 Apr 2026). The paper on LLM-based deobfuscation evaluates recovery quality with Graph Edit Distance (GED) and the normalized distance
4
from which it defines the Structural Similarity Score
5
so that 6, with 7 denoting structurally identical CFGs (Mohseni et al., 16 Apr 2026).
CFF dramatically alters graph structure. Many control-flow edges are funneled through the same dispatcher node, and the original structured CFG is replaced by a dispatcher-centered topology. The reported effect is that cyclomatic complexity and graph edit distance between the original and flattened CFGs grow, which directly lowers SRS when comparing original and flattened graphs (Mohseni et al., 16 Apr 2026). In other words, CFF preserves extensional behavior while maximizing intensional dissimilarity at the CFG level.
The same study places CFF in a broader family of control-flow obfuscations by distinguishing three obfuscation modes:
| Mode | Description |
|---|---|
| Opaque only | Inject bogus conditional branches around real blocks |
| CFF only | Flatten control flow without bogus branches |
| Opaque-CFF | Combine both, with opaque predicates embedded inside flattened control flow |
Opaque predicates are formally defined as predicates whose outcome is fixed but hard to prove statically: 8 (Mohseni et al., 16 Apr 2026). In the combined Opaque-CFF setting, the analyst must both reverse the dispatcher and identify which apparent transitions are guarded by invariant predicates whose alternative branches are unreachable. This layered strategy compounds structural and semantic complexity.
3. Deobfuscation as inversion of the flattened state machine
In the deobfuscation setting, CFF is treated as an invertible but difficult transformation. The input is obfuscated code 9, produced by Tigress or O-LLVM via CFF, Opaque, or Opaque-CFF, and the objective is to synthesize deobfuscated code 0 such that the recovered CFG is close to the original and program behavior is preserved (Mohseni et al., 16 Apr 2026). For CFF specifically, deobfuscation means removing the dispatcher, switch-based state machine, and related artifacts; reconstructing structured control flow; eliminating useless state variables and dead case blocks; and removing unreachable paths introduced by opaque predicates.
The CoT-guided workflow is encoded as a multi-phase pipeline. It first detects the dispatcher 1 and the state variable 2. It then extracts case blocks
3
and initializes the flattened transition graph
4
For each case 5, it determines the current state label
6
analyzes state updates
7
and inserts the corresponding vertices and labeled edges into the transition graph (Mohseni et al., 16 Apr 2026). This extracts the dispatcher’s state machine.
After transition extraction, the method reconstructs a more natural CFG by detecting back edges 8, performing TopologicalSort over 9 while accounting for loops, and combining blocks in that order (Mohseni et al., 16 Apr 2026). Opaque predicates are then analyzed by propagating the values of participating variables and retaining only the reachable branch when the predicate is always true or always false. A final cleanup phase removes dead variables, including the dispatcher state variable, removes unreachable code, and normalizes the AST.
The central methodological claim is that Chain-of-Thought prompting improves performance because it asks the model to externalize step-by-step reasoning about dispatcher structure, state transitions, back edges, and invariant predicates, rather than merely rewriting code textually (Mohseni et al., 16 Apr 2026). Zero-shot prompting, by contrast, is reported to make local edits, miss dispatcher logic, and produce code that fails to compile or diverges semantically.
4. Empirical behavior, benchmark results, and failure modes
The evaluation corpus consists of 12 standard C benchmarks: Merge Sort, Heap Sort, Quick Sort, Binary Search, Dijkstra, BFS, DFS, Knapsack, Matrix Multiplication, N-Queens (with solution printing), AVL tree with rotations, and Huffman encoding/decoding (Mohseni et al., 16 Apr 2026). The first nine are grouped as simpler CFGs, while N-Queens, AVL, and Huffman are grouped as more complex CFGs. Each benchmark is compiled with GCC 4.6 on Debian and then obfuscated using Tigress or O-LLVM under the three obfuscation configurations listed above; identifiers and comments are stripped before LLM inference (Mohseni et al., 16 Apr 2026).
Structural recovery is measured with SRS, and semantic preservation is approximated by executing the original and deobfuscated programs and comparing textual outputs with BLEU (Mohseni et al., 16 Apr 2026). BLEU is explicitly described as a “simple, reproducible, lightweight lexical baseline” for behavior similarity. The evaluated reasoning-mode LLMs are GPT5, o3, DeepSeek-V2, Qwen-3 MAX, and QWQ-32B (Mohseni et al., 16 Apr 2026).
Among the tested models and by applying CoT, GPT5 achieves the strongest overall performance, with an average gain of about 16% in control-flow graph reconstruction and about 20.5% in semantic preservation across the benchmarks compared to zero-shot prompting (Mohseni et al., 16 Apr 2026). For GPT5 under O-LLVM CFF, zero-shot SRS is 87.0% and CoT SRS is 99.7%, corresponding to +14.6% relative improvement; under Tigress CFF with CoT, GPT5 reaches SRS 100% and BLEU 98.1%, while under O-LLVM CFF with CoT it reaches SRS 99.7% and BLEU 98.5% (Mohseni et al., 16 Apr 2026). DeepSeek-V2 on Tigress CFF illustrates the role of prompting particularly clearly: zero-shot SRS is 54.5% and CoT SRS is 88.4% (+62.2% relative improvement), while BLEU increases from 59.6% to 94.9% (+59.2%) (Mohseni et al., 16 Apr 2026).
Performance depends not only on obfuscation level and obfuscator choice but also on the intrinsic complexity of the original CFG (Mohseni et al., 16 Apr 2026). Group 1 programs remain comparatively robust under moderate obfuscation, whereas Group 2 programs degrade significantly as obfuscation intensity rises. Some models, specifically QWQ-32B and o3, fail completely beyond a certain opaque density and are unable to produce executable code (Mohseni et al., 16 Apr 2026). The reported failure modes include simple omissions such as missing headers or struct definitions, structural hallucinations in which CFG recovery is plausible but type correctness fails, and semantic hallucinations in which compilable code changes behavior. A salient example is a deobfuscated tree routine that computes the sum of subtree heights rather than the maximum, thereby changing a tree-height computation into something closer to node counting for the sample tree (Mohseni et al., 16 Apr 2026).
These results support two distinct conclusions. First, CFF produced by common dispatcher patterns can often be inverted to a high degree by CoT-guided LLMs. Second, high CFG-level recovery does not guarantee semantic correctness, especially for layered obfuscation and complex original graphs (Mohseni et al., 16 Apr 2026).
5. Constant-time preservation under canonical flattening
A separate line of work studies whether CFF preserves the constant-time policy rather than how easily it can be reversed (Busi et al., 2020). The security question is: given a program that already satisfies a constant-time side-channel policy, does applying CFG flattening preserve that policy? The answer proved for a canonical flattening scheme is affirmative: every program satisfying the policy still does after the transformation (Busi et al., 2020).
The formal setting is a deterministic labeled transition system whose small-step semantics emits leakage traces. The leakage model includes the sequence of evaluated operations in arithmetic and boolean expressions, used as a proxy for timing, and certain control-flow decisions, such as the branch outcomes of conditionals (Busi et al., 2020). Constant-time is expressed as observational non-interference (ONI): for any two attacker-indistinguishable initial configurations, executions must produce identical leakage sequences and the same termination behavior in lockstep. The paper states the condition as
0
where 1 captures attacker-visible equivalence on configurations (Busi et al., 2020).
The flattening pass is defined recursively with a fresh program counter variable 2, a while loop guarded by 1 ≤ pc, and a switch encoded as sugared nested conditionals (Busi et al., 2020). A size function 3 determines how many dispatcher cases each command consumes, and a recursive constructor 4 assigns labels to the flattened representation of each command so that pc := 0 denotes termination. Conditionals and loops preserve their original guards: every if b then in the source becomes an if b then inside a case in the flattened program, and every while b do becomes a case that tests the same predicate and updates pc accordingly (Busi et al., 2020).
The proof architecture instantiates the secure-compilation framework of Barthe–Grégoire–Laporte based on CT-simulations (Busi et al., 2020). It constructs a general simulation 5 between source and flattened configurations, together with a number-of-steps function and a measure that control stuttering, and then defines a CT-simulation equivalence 6 by equality of command syntax. The resulting theorem yields the corollary that control-flow flattening preserves the constant-time policy (Busi et al., 2020).
The proof intuition is that flattening does not introduce new secret-dependent guards or memory accesses beyond the original program. The additional pc assignments and the test 1 ≤ pc are secret-independent, and every source step is simulated by a bounded, secret-independent sequence of target steps whose leakage remains synchronized with the original. Under the paper’s leakage model, flattening therefore does not create new timing or control-flow side channels if the source program was already constant-time (Busi et al., 2020).
6. Scope, limitations, and common misconceptions
One common misconception is that the drastic CFG distortion of CFF necessarily changes program meaning. Both lines of work reject that view at different levels of abstraction. The deobfuscation study treats semantic preservation as the baseline property of obfuscation and measures how closely deobfuscated code returns to the original behavior (Mohseni et al., 16 Apr 2026). The constant-time study proves, for a canonical scheme, that flattening preserves observational non-interference in addition to preserving functional behavior (Busi et al., 2020).
A second misconception is that successful structural recovery implies reliable semantic recovery. The deobfuscation results show that this is false in practice: code can exhibit a largely correct CFG while still omitting headers, misdeclaring data structures, or changing algorithmic behavior through semantic hallucination (Mohseni et al., 16 Apr 2026). Structural and semantic metrics therefore serve different purposes.
A third misconception is that CFF in isolation remains uniformly resilient to modern automated analysis. The reported results suggest that, against CoT-guided LLMs, vanilla CFF is less effective than one might hope when it relies on fairly stereotyped dispatcher patterns (Mohseni et al., 16 Apr 2026). However, the same results also show that stronger Opaque-CFF settings, especially with diverse opaque predicate patterns and complex original CFGs, remain challenging, and layered obfuscation still offers substantial resistance (Mohseni et al., 16 Apr 2026).
The scope of the constant-time theorem is also limited. It is proved for a small structured while-language without pointers, undefined behavior, concurrency, or microarchitectural effects such as caches and pipelines (Busi et al., 2020). The attacker is passive, and the transformation studied is exactly the canonical flattening scheme defined through the dispatcher and pc; variants that use more complex opaque predicates or interleave unrelated code are not covered (Busi et al., 2020). By contrast, the LLM deobfuscation study works on source, LLVM-IR, or binaries derived from Tigress and O-LLVM, but validates semantic preservation through execution and BLEU rather than by a formal equivalence proof (Mohseni et al., 16 Apr 2026).
7. Research context and practical significance
Within obfuscation research, CFF is characterized as a widely used structural transformation for C/C++ and LLVM-level code, and as one of the most widely used advanced obfuscations in industrial tools such as Obfuscator-LLVM (Mohseni et al., 16 Apr 2026, Busi et al., 2020). It sits alongside other control-flow obfuscations such as opaque predicates, bogus control flow, control-flow locking, and virtualization (Mohseni et al., 16 Apr 2026). Prior deobfuscation approaches include static analysis and symbolic execution, which suffer from path explosion under CFF and virtualization, dynamic analysis, which only covers observed paths and can be evaded, and machine-learning-based graph methods such as DFSGraph and neural graph embeddings for flattened binaries (Mohseni et al., 16 Apr 2026).
The CoT-guided LLM approach is positioned as complementary to, rather than a replacement for, static and dynamic tools (Mohseni et al., 16 Apr 2026). It does not require dynamic execution and does not need training or fine-tuning on obfuscated corpora, instead using prompt engineering to guide general-purpose reasoning models through dispatcher recovery, state-transition extraction, opaque predicate analysis, and CFG restructuring (Mohseni et al., 16 Apr 2026). The constant-time study, in turn, is presented as a first step toward a broader theory of security-preserving obfuscations, asking which obfuscation passes preserve which security properties and how CT-simulations can serve as a proof harness for such questions (Busi et al., 2020).
Taken together, these results define CFF as a transformation with a dual research identity. As an obfuscation, it replaces structured CFGs with dispatcher-driven state machines that significantly complicate static analysis. As a target of deobfuscation, it can often be substantially reversed by CoT-guided LLMs, although layered obfuscation and semantic hallucinations remain major obstacles. As a formally specified compiler pass, it can preserve a precise constant-time policy under a standard leakage semantics and a canonical dispatcher construction (Mohseni et al., 16 Apr 2026, Busi et al., 2020).