An Empirical Study of Function-Irrelevant Patches Based on Internet Software

The current Internet environment is complex, and in the face of endless vulnerability, patching is one of the main means to mitigate vulnerability hazards. In the past few decades, the research on patch detection has mainly focused on detecting patches that modify functions and classes, without fully considering function-irrelevant patches. In this article, we first propose the concept of function-irrelevant patches, and focus on analyzing the types of different elements in their source code, such as functions, global variables, macros, and complex data types. Next, we study how to fix bugs with function-irrelevant patches, and take the CVE-2017- 3737 vulnerability patch as an example. Then, we analyze the impact of function-irrelevant patches on binary files. Finally, we conduct an analysis of the functions of existing patch presence testing tools to clarify their limitations and identify directions for improving function-irrelevant patch detection, with the hope of implementing these improvements in the blockchain field. © 2024 IEEE.