TY - GEN
T1 - JRed
T2 - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
AU - Jiang, Yufei
AU - Wu, Dinghao
AU - Liu, Peng
N1 - Funding Information:
This research was supported in part by the Office of Naval Research (ONR) grants N00014-13-1-0175 and N00014-16-1-2265, and the National Science Foundation (NSF) grants CNS-1223710 and CCF-1320605.
Publisher Copyright:
© 2016 IEEE.
PY - 2016/8/24
Y1 - 2016/8/24
N2 - Modern software engineering practice increasingly brings redundant code into software products, which has caused a phenomenon called bloatware, leading to software system maintenance, performance and reliability issues as well as security problems. With the rapid advances of smart devices and a more connected world, it is never more important to trim bloatware to improve the leanness, agility, reliability, performance, and security of the interconnected software and network systems. Previous methods have limited scopes and are usually not fully automated. In this paper, we propose a new static-analysis-enabled approach to trimming unused code from both Java applications and Java Runtime Environment (JRE) automatically. We have built a tool called JRed on top of the Soot framework. We have conducted a fairly comprehensive evaluation of JRed based on a set of criteria: code size, code complexity, memory footprint, execution and garbage collection time, and security. Our experimental results show that, Java application size can be reduced by 44.5% on average and the JRE code can be reduced by more than 82.5% on average. The code complexity is significantly reduced according to a set of well-known metrics. Furthermore, we report that by trimming redundant code, 48.6% of the known security vulnerabilities in the Java Runtime Environment JRE 6 update 45 has been removed.
AB - Modern software engineering practice increasingly brings redundant code into software products, which has caused a phenomenon called bloatware, leading to software system maintenance, performance and reliability issues as well as security problems. With the rapid advances of smart devices and a more connected world, it is never more important to trim bloatware to improve the leanness, agility, reliability, performance, and security of the interconnected software and network systems. Previous methods have limited scopes and are usually not fully automated. In this paper, we propose a new static-analysis-enabled approach to trimming unused code from both Java applications and Java Runtime Environment (JRE) automatically. We have built a tool called JRed on top of the Soot framework. We have conducted a fairly comprehensive evaluation of JRed based on a set of criteria: code size, code complexity, memory footprint, execution and garbage collection time, and security. Our experimental results show that, Java application size can be reduced by 44.5% on average and the JRE code can be reduced by more than 82.5% on average. The code complexity is significantly reduced according to a set of well-known metrics. Furthermore, we report that by trimming redundant code, 48.6% of the known security vulnerabilities in the Java Runtime Environment JRE 6 update 45 has been removed.
UR - http://www.scopus.com/inward/record.url?scp=84987936762&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84987936762&partnerID=8YFLogxK
U2 - 10.1109/COMPSAC.2016.146
DO - 10.1109/COMPSAC.2016.146
M3 - Conference contribution
AN - SCOPUS:84987936762
T3 - Proceedings - International Computer Software and Applications Conference
SP - 12
EP - 21
BT - Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
A2 - Claycomb, William
A2 - Milojicic, Dejan
A2 - Liu, Ling
A2 - Matskin, Mihhail
A2 - Zhang, Zhiyong
A2 - Reisman, Sorel
A2 - Sato, Hiroyuki
A2 - Zhang, Zhiyong
A2 - Ahamed, Sheikh Iqbal
PB - IEEE Computer Society
Y2 - 10 June 2016 through 14 June 2016
ER -