There is the demovfuscator, which de-obfuscates movfuscated programs reasonably well. This work was actually done by friends of mine; see their talk here: https://recon.cx/2016/talks/"Movfuscator-Be-Gone.html

Interesting, thanks for the link!

Was just about to ask if such a project exists.

I wonder if there are other OISC architectures that are harder to 'decompile'.

Yes/no. Yes, because it's (slightly) harder to see what's executed. No, because AVs will soon get a rule like: basic block full of MOVs - flag it immediately. Some AVs even flag UPX packed executables by default, so it wouldn't be unexpected.

At around 34:30 in the talk he discusses this briefly, with the conclusion that you'd signature the data and also continue to monitor API calls etc. It wouldn't be such a big deal.

Obfuscation uses a lot of techniques including this. Redundancy also allows to create polymorphic code, that is which creates variable copies of itself.

one talk I remember said as much. If i remember correctly, repeated obfuscation via self modifying code can increase code size dramatically, though a correlation to time complexity was not shown (and I don't remember how the code modified).