Assessing the Effects of Source Language on Binary Similarity Tools

Binary similarity is a fundamental technique that enables software analysis practitioners to compare machine-level code at scale and with fine granularity. With application in software reverse engineering, vulnerability research, malware attribution and more, state-of-the-art binary similarity tools have undergone thorough research and development to account for variations in compilers, optimizations, machine architectures, and even obfuscations. And, although these tools aim to compare and detect binary-level code segments generated from similar or identical source code, no preexisting work has investigated the effects of source languages other than C and C++. This thesis addresses this research gap by presenting a thorough investigation of SOTA binary similarity tools when applied to modern compiled languages, Rust and Golang.

To adequately evaluate the capabilities of the available binary similarity approaches, this work includes three distinct tools - BSim, a new component of the Ghidra Software Reverse Engineering Framework, which utilizes a clustering based similarity mechanism; BinDiff, an industry-recognized tool using graph-based comparisons; and jTrans, a BERT-based model fine-tuned to the binary similarity task. First, to enable this work, we introduce a new dataset of Rust and Golang binaries compiled from leading open-source projects in the Homebrew and Arch Linux repositories. Comprised of 800 binaries and over 1 million functions, this dataset was built to represent a broad range of implementation styles, application diversity, and source language features. Next, the main investigation of this thesis is presented wherein we asses each approach's ability to accurately report semantically equivalent functions compiled from the same source code. Results across the three tools reveal a systematic degradation of precision when comparing binaries produced by Rust and Go rather than those produced by C and C++. Finally, we provide a technical demonstration which highlights the implications of these results and discuss near- and long-term solutions to more adequately equip binary analysis practitioners.