Enterprises often use automated tools to identify components of applications for licensing compliance purposes. For example, an enterprise can use a source code analysis tool to identify libraries, functions, or application programming interfaces (API's) that are subject to open source licenses such as various versions of the GNU Public License (GPL). Source code analysis tools can rely on textual comparisons to known samples of open source licensed code or a comparison of the uniquely identifying hash value of a function or file in a given source code to the hash value of a known sample of open source licensed code.
However, an enterprise is not always guaranteed to have access to the source code of an application. In these instances, code scanning tools can attempt to compare a signature (e.g., a hash value for a compiled open source licensed library) of known open source licensed code to individual portions of a compiled application. In other instances, code scanning tools can also attempt to do a byte-by-byte comparison of a portion of a compiled application to samples of a compiled open source licensed library. However, these approaches often fail to identity the compiled instance of open source licensed code because the compiled instance of code being analyzed can have been generated with a different compiler, different version of a compiler, or with different compiler optimization flags than were used to generate the sample.