Vulnerabilities are challenging to locate and repair, especially when source code is unavailable and binary patching is required. Manual methods are time-consuming, require significant expertise, and do not scale to the rate at which new vulnerabilities are discovered. Automated methods are an attractive alternative, and we propose Partially Recompilable Decompilation (PRD). PRD lifts suspect binary functions to source, available for analysis, revision, or review, and creates a patched binary using source- and binary-level techniques. Although decompilation and recompilation do not typically work on an entire binary, our approach succeeds because it is limited to a few functions, like those identified by our binary fault localization. We evaluate these assumptions and find that, without any grammar or compilation restrictions, 70-89% of individual functions are successfully decompiled and recompiled with sufficient type recovery. In comparison, only 1.7% of the full C-binaries succeed. When decompilation succeeds, PRD produces test-equivalent binaries 92.9% of the time. In addition, we evaluate PRD in two contexts: a fully automated process incorporating source-level Automated Program Repair (APR) methods; human-edited source-level repairs. When evaluated on DARPA Cyber Grand Challenge (CGC) binaries, we find that PRD-enabled APR tools, operating only on binaries, performs as well as, and sometimes better than full-source tools, collectively mitigating 85 of the 148 scenarios, a success rate consistent with these same tools operating with access to the entire source code. PRD achieves similar success rates as the winning CGC entries, sometimes finding higher-quality mitigations than those produced by top CGC teams. For generality, our evaluation includes two independently developed APR tools and C++, Rode0day, and real-world binaries.

翻译：漏洞的定位和修复极具挑战性，尤其在缺乏源代码而需进行二进制补丁的情况下。人工方法耗时且依赖专家经验，难以跟上新漏洞的发现速度。自动化方法成为理想替代方案，我们提出"部分可重编译反编译"（PRD）技术。PRD将可疑的二进制函数提升至源码级别，便于分析、修改或审查，并通过源码级与二进制级技术生成修复后的二进制程序。虽然反编译与重编译通常无法适用于整个二进制程序，但该方法通过限定处理范围（如通过二进制故障定位识别的少数函数）而得以实现。实验验证表明，在无语法或编译约束条件下，70%-89%的独立函数可成功完成反编译与重编译，并恢复充足的类型信息；相比之下，完整C语言二进制程序的成功率仅为1.7%。当反编译成功时，PRD生成测试等价二进制程序的概率为92.9%。此外，我们在两种场景下评估PRD：集成源码级自动程序修复（APR）方法的全自动流程，以及人工编辑的源码级修复。在DARPA网络挑战赛（CGC）二进制程序上的测试表明：仅基于二进制程序运行的PRD增强型APR工具，其性能与全源码工具相当甚至更优；在148个测试场景中成功缓解85个，成功率与使用完整源代码的同类工具一致。PRD达到了与CGC优胜队伍相近的成功率，有时甚至能生成比顶级CGC团队更高质量的缓解方案。为验证通用性，我们的评估还涵盖了两个独立开发的APR工具、C++语言、Rode0day及真实世界二进制程序。