Traditional program equivalence checking offers only binary judgments, failing to characterize the scope and conditions under which patches affect program behavior. This work proposes a quantitative partial equivalence analysis method that integrates symbolic execution with a numerical-domain-optimized range-search heuristic to precisely identify regions in the input space where original and patched programs exhibit consistent or divergent behaviors, and to quantify the degree of their differences. By elevating patch impact analysis from qualitative to quantitative, the approach provides reliable lower-bound estimates for equivalence. Experimental evaluation on 90 CVE patches and the Juliet test suite demonstrates its effectiveness, and within EqBench, it successfully uncovered five C program pairs erroneously labeled as equivalent, accurately pinpointing the conditions causing behavioral divergence.

Traditional equivalence checking classifies programs as equivalent or non-equivalent, providing insufficient information for tasks like patch impact analysis where it is expected the patched version of the program to be non-equivalent to the original program. When two program versions are non-equivalent, determining under what conditions they differ and what percentage of inputs are affected remains an open challenge. In this work, we introduce quantitative partial equivalence analysis, an approach for assessing software patches by quantifying behavioral differences between the original (vulnerable) code and the patched code. Using symbolic analysis, we identify input conditions under which patched and original programs exhibit identical or divergent behaviors. Our approach refines non-equivalence by measuring the extent of behavioral divergence across the input domain. For efficient quantitative analysis of numerical domains, we propose a range-based search heuristic that provides a sound lower bound on equivalence. We demonstrate our approach on 90 CVE patches from widely used open-source projects (Linux, Qemu, FFmpeg), as well as on a Juliet Test Suite-based dataset containing programs with CWEs. Our results show that quantitative partial equivalence analysis effectively characterizes and quantifies patch impact. Additionally, experiments on the EqBench benchmark reveal five C program pairs that are mislabeled as equivalent, and we identify the input conditions under which their behaviors diverge.