Binary similarity analysis is critical to many code-reuse-related issues, where function matching is its fundamental task. “
1-to-1
” mechanism has been applied in most binary similarity analysis works, in which one function in a binary file is matched against one function in a source file or binary file. However, we discover that the function mapping is a more complex problem of “
1-to-n
” (one binary function matches multiple source functions or binary functions) or even “
n-to-n
” (multiple binary functions match multiple binary functions) due to the existence of
function inlining
, different from traditional understanding.
In this paper, we investigate the effect of function inlining on binary similarity analysis. We carry out three studies to investigate the extent of function inlining, the performance of existing works under function inlining, and the effectiveness of existing inlining-simulation strategies. Firstly, a scalable and lightweight identification method is designed to recover function inlining in binaries. 88 projects (compiled in 288 versions and resulting in 32,460,156 binary functions) are collected and analyzed to construct 4 inlining-oriented datasets for 4 security tasks in the software supply chain, including code search, OSS (Open Source Software) reuse detection, vulnerability detection, and patch presence test. Datasets reveal that the proportion of function inlining ranges from 30%-40% when using O3 and sometimes can reach nearly 70%. Then, we evaluate 4 existing works on our dataset. Results show most existing works neglect inlining and use the “1-to-1” mechanism. The mismatches cause a 30% loss in performance during code search and a 40% loss during vulnerability detection. Moreover, most inlined functions would be ignored during OSS reuse detection and patch presence test, thus leaving these functions risky. Finally, we analyze 2 inlining-simulation strategies on our dataset. It is shown that they miss nearly 40% of the inlined functions, and there is still a large space for promotion. By precisely recovering when function inlining happens, we discover that inlining is usually cumulative when optimization increases. Thus, conditional inlining and incremental inlining are recommended to design a low-cost and high-coverage inlining-simulation strategy.
Software reuse, especially partial reuse, poses legal and security threats to software development. Since its source codes are usually unavailable, software reuse is hard to be detected with interpretation. On the other hand, current approaches suffer from poor detection accuracy and efficiency, far from satisfying practical demands. To tackle these problems, in this paper, we propose ISRD, an interpretation-enabled software reuse detection approach based on a multi-level birthmark model that contains function level, basic block level, and instruction level. To overcome obfuscation caused by cross-compilation, we represent function semantics with Minimum Branch Path (MBP) and perform normalization to extract core semantics of instructions. For efficiently detecting reused functions, a process for "intent search based on anchor recognition" is designed to speed up reuse detection. It uses strict instruction match and identical library call invocation check to find anchor functions (in short anchors) and then traverses neighbors of the anchors to explore potentially matched function pairs. Extensive experiments based on two realworld binary datasets reveal that ISRD is interpretable, effective, and efficient, which achieves 97.2% precision and 94.8% recall. Moreover, it is resilient to cross-compilation, outperforming stateof-the-art approaches.
Ferroptosis is a newly discovered process of cell death that differs from apoptosis, autophagy, and pyroptosis. It is closely related to tumor formation, diseases that damage tissue, and neurodegenerative diseases. Activation of the extracellular regulated protein kinase (EPK) pathway and acylCOA synthetase long-chain family member 4 (ACSL4) are indicative of ferroptosis. During ferroptosis, the mitochondrial volume becomes smaller and the double membrane density increases. The process of ferroptosis involves disruption of the material redox reaction, and changes in the levels of cystine, glutathione, NADPH, and increase of GPX4, NOX, and ROS. Iron increases significantly in ferroptosis. Divalent iron ions can greatly promote lipid oxidation, ROS accumulation, and thus promote ferroptosis. The occurrence and progress of ferroptosis are influenced by multiple factors and signaling pathways.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.