PPTSP: patch presence test via semantic normalization and key path extraction
摘要
Determining whether a binary contains a security patch is a critical task in vulnerability analysis. Existing approaches mainly rely on structural similarity of patch features, which limits their ability to identify semantically equivalent but syntactically different binary generated under different compilers and optimization settings. In addition, analyzing binaries at the function level often introduces noise from vendor-added extension code, which increases the false positives. To address these challenges, a semantic-aware patch presence test approach that focus on the control paths affected by the patch is proposed, named Patch presence test via Semantic Normalization and Key Path Extraction (PPTSP). The method first maps semantically equivalent instruction sequences to a unified representation, enhancing feature consistency across different compilation architectures. Then, it identifies the control paths affected by the patch to eliminate interference from irrelevant execution paths during feature extraction. Finally, when features are structurally similar, a large language model (LLM) is leveraged to analyze their semantic equivalence, further enhancing detection accuracy. Experiments demonstrate that PPTSP outperforms current state-of-the-art methods, even under different compiler and optimization level settings.