Lares: LLM-driven Code Slice Semantic Search for Patch Presence Testing

TL;DR

Lares is a novel method that uses large language models and semantic code analysis to accurately detect whether patches are present in binaries, improving usability and reliability over existing techniques.

Contribution

Lares introduces Code Slice Semantic Search, enabling patch presence testing directly from source code features without relying on compilation, and evaluates across diverse software configurations.

Findings

Achieves higher precision and recall than existing methods.

Works effectively across different architectures, optimization levels, and compilers.

Eliminates the need for compilation process, enhancing usability.

Abstract

In modern software ecosystems, 1-day vulnerabilities pose significant security risks due to extensive code reuse. Identifying vulnerable functions in target binaries alone is insufficient; it is also crucial to determine whether these functions have been patched. Existing methods, however, suffer from limited usability and accuracy. They often depend on the compilation process to extract features, requiring substantial manual effort and failing for certain software. Moreover, they cannot reliably differentiate between code changes caused by patches or compilation variations. To overcome these limitations, we propose Lares, a scalable and accurate method for patch presence testing. Lares introduces Code Slice Semantic Search, which directly extracts features from the patch source code and identifies semantically equivalent code slices in the pseudocode of the target binary. By eliminating the need for the compilation process, Lares improves usability, while leveraging large language models (LLMs) for code analysis and SMT solvers for logical reasoning to enhance accuracy. Experimental results show that Lares achieves superior precision, recall, and usability. Furthermore, it is the first work to evaluate patch presence testing across optimization levels, architectures, and compilers. The datasets and source code used in this article are available at https://github.com/Siyuan-Li201/Lares.