Scratching the Surface of ./configure: Learning the Effects of Compile-Time Options on Binary Size and Gadgets

Numerous software systems are configurable through compile-time options and the widely used ./configure. However, the combined effects of these options on binary’s non-functional properties (size and attack surface) are often not documented, and or not well understood, even by experts. Our goal is t...

Full description

Saved in:
Bibliographic Details
Published inReuse and Software Quality Vol. 13297; pp. 41 - 58
Main Authors Tërnava, Xhevahire, Acher, Mathieu, Lesoil, Luc, Blouin, Arnaud, Jézéquel, Jean-Marc
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 2022
Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Binary size
Compile-time variability
Configurable systems
Gadgets
Non-functional properties
Statistical learning
System security
Online AccessGet full text

Cover

More Information
Summary:Numerous software systems are configurable through compile-time options and the widely used ./configure. However, the combined effects of these options on binary’s non-functional properties (size and attack surface) are often not documented, and or not well understood, even by experts. Our goal is to provide automated support for exploring and comprehending the configuration space (a.k.a., surface) of compile-time options using statistical learning techniques. In this paper, we perform an empirical study on four C-based configurable systems. We measure the variation of binary size and attack surface (by quantifying the number of code reuse gadgets) in over 400 compile-time configurations of a subject system. We then apply statistical learning techniques on top of our build infrastructure to identify how compile-time options relate to non-functional properties. Our results show that, by changing the default configuration, the system’s binary size and gadgets vary greatly (roughly -79% $$-79\%$$ to 244% $$244\%$$ and -77% $$-77\%$$ to 30% $$30\%$$ , respectively). Then, we found out that identifying the most influential options can be accurately learned with a small training set, while their relative importance varies across size and attack surface for the same system. Practitioners can use our approach and artifacts to explore the effects of compile-time options in order to take informed decisions when configuring a system with ./configure.
Bibliography:Original Abstract: Numerous software systems are configurable through compile-time options and the widely used ./configure. However, the combined effects of these options on binary’s non-functional properties (size and attack surface) are often not documented, and or not well understood, even by experts. Our goal is to provide automated support for exploring and comprehending the configuration space (a.k.a., surface) of compile-time options using statistical learning techniques. In this paper, we perform an empirical study on four C-based configurable systems. We measure the variation of binary size and attack surface (by quantifying the number of code reuse gadgets) in over 400 compile-time configurations of a subject system. We then apply statistical learning techniques on top of our build infrastructure to identify how compile-time options relate to non-functional properties. Our results show that, by changing the default configuration, the system’s binary size and gadgets vary greatly (roughly -79%\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$-79\%$$\end{document} to 244%\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$244\%$$\end{document} and -77%\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$-77\%$$\end{document} to 30%\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$30\%$$\end{document}, respectively). Then, we found out that identifying the most influential options can be accurately learned with a small training set, while their relative importance varies across size and attack surface for the same system. Practitioners can use our approach and artifacts to explore the effects of compile-time options in order to take informed decisions when configuring a system with ./configure.
ISBN:3031081285
9783031081286
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-031-08129-3_3