BinTrimmer: Towards static binary debloating through abstract interpretation

Nilo Redini, Ruoyu Wang, Aravind Machiry, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Scopus citations


The increasing complexity of modern programs motivates software engineers to often rely on the support of third-party libraries. Although this practice allows application developers to achieve a compelling time-to-market, it often makes the final product bloated with conspicuous chunks of unused code. Other than making a program unnecessarily large, this dormant code could be leveraged by willful attackers to harm users. As a consequence, several techniques have been recently proposed to perform program debloating and remove (or secure) dead code from applications. However, state-of-the-art approaches are either based on unsound strategies, thus producing unreliable results, or pose too strict assumptions on the program itself. In this work, we propose a novel abstract domain, called Signedness-Agnostic Strided Interval, which we use as the cornerstone to design a novel and sound static technique, based on abstract interpretation, to reliably perform program debloating. Throughout the paper, we detail the specifics of our approach and show its effectiveness and usefulness by implementing it in a tool, called BinTrimmer, to perform static program debloating on binaries. Our evaluation shows that BinTrimmer can remove up to 65.6% of a library’s code and that our domain is, on average, 98% more precise than the related work.

Original languageEnglish (US)
Title of host publicationDetection of Intrusions and Malware, and Vulnerability Assessment - 16th International Conference, DIMVA 2019, Proceedings
EditorsRoberto Perdisci, Roberto Perdisci, Clémentine Maurice, Giorgio Giacinto, Magnus Almgren
PublisherSpringer Verlag
Number of pages20
ISBN (Print)9783030220372
StatePublished - 2019
Event16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019 - Gothenburg, Sweden
Duration: Jun 19 2019Jun 20 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11543 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2019

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'BinTrimmer: Towards static binary debloating through abstract interpretation'. Together they form a unique fingerprint.

Cite this