SBridge: Identifying Source-to-Binary Function Similarity via Cross-Domain Control Block Matching

📅 2026-06-26
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the challenge of cross-domain function similarity detection between source code and stripped binary executables, which is hindered by compiler optimizations such as inlining and symbol removal. To overcome this, the authors propose a fine-grained, control-block-based matching approach that decomposes functions into semantic units corresponding to conditionals, loops, and other control-flow constructs. By constructing a unified cross-domain semantic representation and integrating control-flow analysis with block alignment techniques, the method achieves high-precision functional matching. Evaluated on 3,904 real-world C/C++ binary samples, the approach attains 75.13% recall@1 and 80.98% recall@5 even when 40% of functions are inlined, substantially outperforming existing methods and significantly improving both precision and recall in vulnerability propagation detection.
📝 Abstract
We present SBridge, a precise approach for identifying functions in binaries that are similar to the given source code functions. Identifying reused code in binaries is critical for security, particularly for detecting propagated vulnerabilities. Although binary-to-binary comparison is feasible, leveraging source code as the reference is more practical because source code is easier to collect and analyze directly without compilation. However, significant gaps between source and binary representations, including function inlining, create challenges in cross-domain function detection. Existing approaches primarily rely on string literals or structural similarities between entire functions, failing to capture detailed code behavior and generating many false alarms. SBridge addresses these limitations through a key innovation: control block-based function matching, which encapsulates essential functional features by segmenting functions into meaningful units such as conditionals and loops. Leveraging control blocks as a cross-domain representation, SBridge enables precise measurement of function similarity between source and binary code, effectively overcoming challenges posed by function inlining and stripped binaries. For evaluation, we collected 3,904 real-world C/C++ binaries from BinKit. In experiments identifying binary functions identical to input source functions, despite approximately 40% of binary functions being inlined, SBridge achieved 75.13% recall@1 and 80.98% recall@5, outperforming existing approaches, which achieved up to 43.31% recall@1 and 50.2% recall@
Problem

Research questions and friction points this paper is trying to address.

source-to-binary similarity
function matching
control block
binary analysis
vulnerability propagation
Innovation

Methods, ideas, or system contributions that make the work stand out.

control block matching
cross-domain function similarity
source-to-binary analysis
function inlining resilience
binary code analysis
🔎 Similar Papers
No similar papers found.