Coverage-Based Debloating for Java Bytecode

Soto-Valero, César; Durieux, Thomas; Harrand, Nicolas; Baudry, Benoît

doi:10.1145/3546948

Cited by 7 publications

(4 citation statements)

References 58 publications

(65 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several binary debloating tools have been developed. These tools work on software binaries, for example, Linux shared libraries or executables [2,3,18,50,51,62], Java jar packages [13,23,48,59], and Android APK packages [34,62]. These tools typically measure their efficacy by studying the source of bloated dependencies [58,60], code size reduction [2,13,51,59,62], binary size reduction [3,18,34,48,59,62], and CVE reduction [3,18,50,51].…”

Section: Related Workmentioning

confidence: 99%

“…These tools work on software binaries, for example, Linux shared libraries or executables [2,3,18,50,51,62], Java jar packages [13,23,48,59], and Android APK packages [34,62]. These tools typically measure their efficacy by studying the source of bloated dependencies [58,60], code size reduction [2,13,51,59,62], binary size reduction [3,18,34,48,59,62], and CVE reduction [3,18,50,51]. Moreover, Tang et al [62] have shown that removing binary bloat can lead to improvements in runtime performance, as well as lower memory and power usage.…”

Section: Related Workmentioning

confidence: 99%

“…Bloat can be defined simply as the parts of software that are never used during deployment. Software bloat is a result of many factors, including unnecessary software features [8] and unnecessary code packaged with an application [59]. Software bloat has been studied in the context of operating systems [35], containers [44], Java applications [58], among many other domains.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from operating systems and applications to containers. Containers are lightweight virtualization technologies used to package code and dependencies, providing portable, reproducible and isolated environments. For their ease of use, data scientists often utilize machine learning containers to simplify their workflow. However, this convenience comes at a cost: containers are often bloated with unnecessary code and dependencies, resulting in very large sizes. In this paper, we analyze and quantify bloat in machine learning containers. We develop MMLB, a framework for analyzing bloat in software systems, focusing on machine learning containers. MMLB measures the amount of bloat at both the container and package levels, quantifying the sources of bloat. In addition, MMLB integrates with vulnerability analysis tools and performs package dependency analysis to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from TensorFlow, PyTorch, and Nvidia, we show that bloat accounts for up to 80% of machine learning container sizes, increasing container provisioning times by up to 370% and exacerbating vulnerabilities by up to 99%. For more detail, see the full paper, ~\citezhang2024machine.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

SIGMETRICS Perform. Eval. Rev.

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

Abstracts of the 2024 ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Sy

View full text Add to dashboard Cite

Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from operating systems and applications to containers. Containers are lightweight virtualization technologies used to package code and dependencies, providing portable, reproducible and isolated environments. For their ease of use, data scientists often utilize machine learning containers to simplify their workflow. However, this convenience comes at a cost: containers are often bloated with unnecessary code and dependencies, resulting in very large sizes. In this paper, we analyze and quantify bloat in machine learning containers. We develop MMLB, a framework for analyzing bloat in software systems, focusing on machine learning containers. MMLB measures the amount of bloat at both the container and package levels, quantifying the sources of bloat. In addition, MMLB integrates with vulnerability analysis tools and performs package dependency analysis to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from TensorFlow, PyTorch, and Nvidia, we show that bloat accounts for up to 80% of machine learning container sizes, increasing container provisioning times by up to 370% and exacerbating vulnerabilities by up to 99%.CCS Concepts: • Software and its engineering → Software libraries and repositories.

show abstract