SoK: Software Debloating Landscape and Future Directions
Mohannad Alhanahnah, Yazan Boshmaf, Ashish Gehani
TL;DR
This SoK systematically analyzes the software debloating landscape, proposing a multilevel taxonomy that categories tools by input/output artifacts, debloating strategies, and evaluation criteria. It surveys 48 publications from top venues to map the diverse techniques for shrinking the code surface, including static/dynamic/hybrid analyses and varying removal granularities. The work identifies key open problems, such as maintaining robustness, enabling SBOM generation, leveraging ML, assessing sustainability, and integrating debloating into CI/CD workflows. By providing a foundational reference, the paper aims to accelerate development of usable, secure, and efficient debloating solutions in real-world software ecosystems.
Abstract
Software debloating seeks to mitigate security risks and improve performance by eliminating unnecessary code. In recent years, a plethora of debloating tools have been developed, creating a dense and varied landscape. Several studies have delved into the literature, focusing on comparative analysis of these tools. To build upon these efforts, this paper presents a comprehensive systematization of knowledge (SoK) of the software debloating landscape. We conceptualize the software debloating workflow, which serves as the basis for developing a multilevel taxonomy. This framework classifies debloating tools according to their input/output artifacts, debloating strategies, and evaluation criteria. Lastly, we apply the taxonomy to pinpoint open problems in the field, which, together with the SoK, provide a foundational reference for researchers aiming to improve software security and efficiency through debloating.