<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>While not directly applicable to the JDK, this is still
interesting from a general reproducible build perspective.<br>
</p>
<div class="moz-forward-container">/Magnus<br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>DALEQ: An Open-Source Tool for Assessing Java Binary
Equivalence</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
<td>Fri, 8 Aug 2025 03:42:47 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
<td>Jens Dietrich via rb-general
<a class="moz-txt-link-rfc2396E" href="mailto:rb-general@lists.reproducible-builds.org"><rb-general@lists.reproducible-builds.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Reply-To:
</th>
<td>General discussions about reproducible builds
<a class="moz-txt-link-rfc2396E" href="mailto:rb-general@lists.reproducible-builds.org"><rb-general@lists.reproducible-builds.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:rb-general@lists.reproducible-builds.org">rb-general@lists.reproducible-builds.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:rb-general@lists.reproducible-builds.org"><rb-general@lists.reproducible-builds.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">CC: </th>
<td>Jens Dietrich <a class="moz-txt-link-rfc2396E" href="mailto:jens.dietrich@vuw.ac.nz"><jens.dietrich@vuw.ac.nz></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Introducing DALEQ: An Open-Source Tool for Assessing Java Binary
Equivalence</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
We’re excited to announce the release of DALEQ — a new
open-source tool for analyzing and comparing Java binaries.
DALEQ is designed to help developers, security researchers, and
build engineers assess whether two .jar files built from the
same source code are semantically equivalent, even when they’re
not bitwise identical. This is particularly useful for comparing
jars from Maven Central and jars produced via reproducible
builds, or generated by services like Oracle’s
build-from-source or Google’s Assured OSS. Although tools like
diff or hash-based checks can detect binary differences, they
don’t explain why binaries differ, or whether those differences
matter. Bytecode-level differences can be caused by changes in
compilers or build pipelines — not necessarily by compromised
builds. DALEQ helps distinguish harmless variation from
meaningful divergence.</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
How DALEQ Works</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
DALEQ focuses on Java bytecode comparison, though it can also
analyze resources and metadata in jars. At its core, DALEQ uses
a datalog engine (Soufflé) — the same kind of logic-based
analysis engine used in systems like CodeQL — to normalize and
compare bytecode structures. Key features include:</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- Bytecode normalization to reduce irrelevant build differences</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- Semantic diffing that identifies and explains non-equivalent
instructions</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- Provenance tracking: For equivalent files, DALEQ shows how
equivalence was derived via datalog rules, for non-equivalent
files, it provides bytecode-level diffs</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
DALEQ also verifies whether the underlying source code inputs
are the same (or at least equivalent, tolerating some variations
in comments and formatting) and includes integrations with
existing tools like the standard javap disassembler. It supports
extensibility through a plugin system.</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Real-World Evaluation</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
DALEQ builds on our earlier research into levels of binary
equivalence. We evaluated the tool using real-world .jar files
from Oracle and Google, both of whom independently rebuild Java
packages from source. The results are encouraging: DALEQ was
able to classify 85–90% of .class files that were not bitwise
identical as still being semantically equivalent, with
supporting provenance.</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Learn More</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
You can try out DALEQ now on GitHub: <a href="https://github.com/binaryeq/daleq/" data-outlook-id="da8d5d02-8fc1-421f-940d-d9052ce6f374" moz-do-not-send="true" class="moz-txt-link-freetext">
https://github.com/binaryeq/daleq/</a> </div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
A detailed technical paper describing DALEQ and our evaluation:
<a href="https://arxiv.org/abs/2508.01530" data-outlook-id="b3db5941-1f52-4a50-a87e-394e691f87a6" moz-do-not-send="true" class="moz-txt-link-freetext">
https://arxiv.org/abs/2508.01530</a> </div>
<div style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
A technical paper describing the conceptual approach of levels
of binary equivalence:
<a href="https://arxiv.org/abs/2410.08427" data-outlook-id="2405955d-0221-47e0-b565-906adba538c0" moz-do-not-send="true" class="moz-txt-link-freetext">
https://arxiv.org/abs/2410.08427</a> (to be presented at <a href="https://conf.researchr.org/home/icsme-2025" data-outlook-id="f93a86ef-6de1-4801-88a9-7b6944ef8bb6" moz-do-not-send="true">
ICSME’25</a>)</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" class="WhaTIKlJAariliaCLUCDVSOpdlscdOkdNj
" style="text-align: left; text-indent: 0px; line-height: 1rem; background-color: rgb(255, 255, 255); margin: 0px; max-width: calc(100% - 256px); font-family: -apple-system, system-ui, system-ui, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 16px; color: rgb(0, 0, 0);">
<span style="background-color: rgba(0, 0, 0, 0); line-height: 1.25;">Jens
Dietrich (Associate Professor at Victoria University of
Wellington)</span></div>
<div dir="ltr" class="WhaTIKlJAariliaCLUCDVSOpdlscdOkdNj
" style="text-align: left; text-indent: 0px; line-height: 1rem; background-color: rgb(255, 255, 255); margin: 0px; max-width: calc(100% - 256px); font-family: -apple-system, system-ui, system-ui, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 16px; color: rgb(0, 0, 0);">
<span style="background-color: rgba(0, 0, 0, 0); line-height: 1.25;"><br>
Behnaz Hassanshahi (Principal Researcher and Tech Lead at
Oracle, Oracle Labs Brisbane)</span></div>
<ul style="text-align: left; margin: 0px; padding-left: 0px; list-style-position: outside; list-style-type: none; background-color: rgb(255, 255, 255);">
<li style="font-family: -apple-system, system-ui, system-ui, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 16px; color: rgba(0, 0, 0, 0.9); margin: 0px;">
<button class="pqGUSkUyYBiMlXoensTVOoPJqLDJyEpcA text-align-left" type="button" style="margin-bottom:8px;font-family:-apple-system, system-ui, system-ui, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif;touch-action:manipulation;background:none;border:medium;cursor:pointer;width:232px;text-align:left !important">
</button></li>
</ul>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
<br>
</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div dir="ltr" style="font-family: Aptos, Arial, Helvetica, sans-serif; font-size: 12pt;">
<br>
</div>
</div>
</body>
</html>