Coverage-Based Debloating for Java Bytecode

  title={Coverage-Based Debloating for Java Bytecode},
  author={C{\'e}sar Soto-Valero and Thomas Durieux and Nicolas Harrand and Beno{\^i}t Baudry},
  journal={ACM Computing Surveys (CSUR)},
Software bloat is code that is packaged in an application but is actually not necessary to run the application. The presence of software bloat is an issue for security, for performance, and for maintenance. In this paper, we introduce a novel technique for debloating, which we call coverage-based debloating. We implement the technique for one single language: Java bytecode. We leverage a combination of state-of-the-art Java bytecode coverage tools to precisely capture what parts of a project… 



JShrink: in-depth investigation into debloating modern Java applications

JShrink develops an end-to-end bytecode debloating framework that augments traditional static reachability analysis with dynamic profiling and type dependency analysis and renovates existing bytecode transformations to account for new language features in modern Java.

Configuration-Driven Software Debloating

This work explores an alternative configuration-driven software debloating approach that removes feature-specific code that is exclusively needed only when certain configuration directives are specified---which are often disabled by default.

Large-scale Debloating of Binary Shared Libraries

Nibbler is a system that identifies and erases unused functions within dynamic shared libraries and improves the deployability of a continuous re-randomization system for binaries by increasing its efficiency by 20%, and it improves certain fast but coarse and context-insensitive control-flow integrity schemes by reducing the number of gadgets reachable through indirect branch instructions.

JRed: Program Customization and Bloatware Mitigation Based on Static Analysis

A new static-analysis-enabled approach to trimming unused code from both Java applications and Java Runtime Environment (JRE) automatically is proposed, built on top of the Soot framework and evaluated based on a set of criteria: code size, code complexity, memory footprint, execution and garbage collection time, and security.

Trimmer: Application Specialization for Code Debloating

This work developed Trimmer, an application specialization tool that leverages user-provided configuration data to specialize an application to its deployment context and demonstrates Trimmer can effectively reduce code bloat.

Negative Effects of Bytecode Instrumentation on Java Source Code Coverage

The amount of differences in the results of these two Java code coverage approaches are investigated, the possible reasons are enumerated, and the implications on various applications are discussed.

Less is More: Quantifying the Security Benefits of Debloating Web Applications

The results show that the process of debloating removes code associated with tens of historical vulnerabilities and further shrinks a web application’s attack surface by removing unnecessary external packages and abusable PHP gadgets.

Binary Debloating for Security via Demand Driven Loading

This work creates a defense mechanism by debloating libraries to reduce the dynamic functions linked so that the possibilities of constructing malicious programs diminishes significantly, and presents a decision-tree based predictor, which acts as an oracle, and an optimized runtime system, which works directly with library binaries like GNU libc and libstdc++.

Practical extraction techniques for Java

This paper explores extraction techniques such as the removal of unreachable methods and redundant fields, inlining of method calls, and transformation of the class hierarchy for reducing application size, and presents a uniform approach for supplying this input that relies on MEL, a modular specification language.