Coverage-Based Debloating for Java Bytecode-Reference-Cited by-同舟云学术

Coverage-Based Debloating for Java Bytecode

Published:2023-04-04 Issue:2 Volume:32 Page:1-34
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Soto-Valero César¹^ORCID,Durieux Thomas¹^ORCID,Harrand Nicolas¹^ORCID,Baudry Benoit¹^ORCID

Affiliation:

1. KTH Royal Institute of Technology

Abstract

Software bloat is code that is packaged in an application but is actually not necessary to run the application. The presence of software bloat is an issue for security, performance, and for maintenance. In this article, we introduce a novel technique for debloating, which we call coverage-based debloating. We implement the technique for one single language: Java bytecode. We leverage a combination of state-of-the-art Java bytecode coverage tools to precisely capture what parts of a project and its dependencies are used when running with a specific workload. Then, we automatically remove the parts that are not covered, in order to generate a debloated version of the project. We succeed to debloat 211 library versions from a dataset of 94 unique open-source Java libraries. The debloated versions are syntactically correct and preserve their original behaviour according to the workload. Our results indicate that 68.3% of the libraries’ bytecode and 20.3% of their total dependencies can be removed through coverage-based debloating. For the first time in the literature on software debloating, we assess the utility of debloated libraries with respect to client applications that reuse them. We select 988 client projects that either have a direct reference to the debloated library in their source code or which test suite covers at least one class of the libraries that we debloat. Our results show that 81.5% of the clients, with at least one test that uses the library, successfully compile and pass their test suite when the original library is replaced by its debloated version.

Funder

Wallenberg AI, Autonomous Systems, and Software Program

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3546948

Reference63 articles.

1. Large-scale debloating of binary shared libraries;Agadakos Ioannis;Digital Threats: Research and Practice,2020

2. Dynamic program slicing;Agrawal Hiralal;SIGPLAN Notices,1990

3. Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis. 2019. Less is more: Quantifying the security benefits of debloating web applications. In Proceedings of the USENIX Security Symposium. 1697–1714.

4. Phosphor: Illuminating dynamic data flow in commodity JVMs;Bell Jonathan;ACM SIGPLAN Notices,2014

5. Suparna Bhattacharya, Kanchi Gopinath, and Mangala Gowri Nanda. 2013. Combining concern input with program analysis for bloat detection. In Proceedings of the OOPSLA. 745–764.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Automatic Specialization of Third-Party Java Dependencies;IEEE Transactions on Software Engineering;2023-11

2. Decker: Attack Surface Reduction via On-Demand Code Mapping;Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2;2023-01-27