Debloating Software through Piece-Wise Compilation and Loading
This addresses the problem of software bloat and security vulnerabilities for software developers and users, offering a practical solution with significant reductions.
The paper tackles software bloat by presenting a debloating framework that reduces code size, achieving over 79% reduction in coreutils and 86% in SPEC CPU 2006 benchmarks without affecting functionality, while also improving security by eliminating over 71% of reusable code gadgets.
Programs are bloated. Our study shows that only 5% of libc is used on average across the Ubuntu Desktop environment (2016 programs); the heaviest user, vlc media player, only needed 18%. In this paper: (1) We present a debloating framework built on a compiler toolchain that can successfully debloat programs (shared/static libraries and executables). Our solution can successfully compile and load most libraries on Ubuntu Desktop 16.04. (2) We demonstrate the elimination of over 79% of code from coreutils and 86% of code from SPEC CPU 2006 benchmark programs without affecting functionality. We show that even complex programs such as Firefox and curl can be debloated without a need to recompile. (3) We demonstrate the security impact of debloating by eliminating over 71% of reusable code gadgets from the coreutils suite and show that unused code that contains real-world vulnerabilities can also be successfully eliminated without adverse effects on the program. (4) We incur a low load time overhead.