REFORGE Benchmarks LLM Reverse Engineering Capabilities in Binary Naming

Nicolas Koller, Andreas u. Schmidt· July 13, 2026 View original

Summary

REFORGE is a provenance-tracked pipeline for benchmarking LLMs' reverse engineering capabilities, specifically in decompiled binary function naming. It addresses the challenge of reliable binary-to-source alignment under compiler optimization, operationalizing alignment uncertainty to provide a more fair and accurate evaluation of LLM performance.

This research introduces REFORGE, a meticulously designed pipeline for benchmarking the reverse engineering capabilities of Large Language Models (LLMs), particularly in the task of naming functions within decompiled binaries. The authors highlight a significant flaw in existing benchmarks: they often assume perfect ground truth for function-level evaluation, overlooking the complexities introduced by compiler optimizations. This oversight can lead to inaccurate assessments of LLM performance. REFORGE tackles this by creating provenance-tracked ground truth, moving from C source code through compilation, DWARF and syntactic extraction, alignment, and decompilation. Crucially, it operationalizes alignment uncertainty using an eight-gate confidence funnel and three-tier stratification. A micro-benchmark demonstrated that high-confidence ground truth yield drops significantly with optimization levels, and traditional unpaired comparisons can misrepresent performance decay due to survivorship bias. A proof-of-concept evaluation of seven LLMs on function naming underscores the necessity of this uncertainty-aware benchmarking practice for fair and reliable assessment.

Why it matters

For cybersecurity professionals and AI engineers working on binary analysis, REFORGE provides a much-needed rigorous framework to accurately evaluate LLMs' capabilities, ensuring that claims about their performance in reverse engineering are reliable and actionable.

How to implement this in your domain

  1. 1Adopt REFORGE's principles for creating robust, uncertainty-aware benchmarks for LLM applications in cybersecurity.
  2. 2Integrate provenance tracking into your data generation pipelines for AI model evaluation.
  3. 3Develop internal tools to assess binary-to-source alignment reliability when creating ground truth for reverse engineering tasks.
  4. 4Use the REFORGE framework to evaluate the performance of LLMs in your security operations, especially for tasks like malware analysis or vulnerability research.

Who benefits

CybersecuritySoftware DevelopmentDefenseAI ResearchIT Consulting

Key takeaways

  • REFORGE benchmarks LLMs for reverse engineering, specifically binary function naming.
  • It addresses the challenge of reliable binary-to-source alignment under optimization.
  • The framework operationalizes alignment uncertainty for fair evaluation.
  • Compiler optimizations significantly impact ground truth yield and evaluation accuracy.

Original post by Nicolas Koller, Andreas u. Schmidt

"arXiv:2607.07738v1 Announce Type: cross Abstract: Large language models (LLMs) are increasingly applied to reverse-engineering tasks, and recent threat-intelligence reporting shows them operating inside live offensive-security workflows. Claims about their capability, however, ou…"

View on X

Originally posted by Nicolas Koller, Andreas u. Schmidt on X · view source

Want to go deeper?

Turn these trends into skills with Learnijoy's hands-on AI & tech courses.

Explore courses