Machine learning systems are bloated and vulnerable
Journal article, 2024

Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from operating systems and applications to containers. Containers are lightweight virtualization technologies used to package code and dependencies, providing portable, reproducible and isolated environments. For their ease of use, data scientists often utilize machine learning containers to simplify their workflow. However, this convenience comes at a cost: containers are often bloated with unnecessary code and dependencies, resulting in very large sizes. In this paper, we analyze and quantify bloat in machine learning containers.We develop MMLB, a framework for analyzing bloat in software systems, focusing on machine learning containers. MMLB measures the amount of bloat at both the container and package levels, quantifying the sources of bloat. In addition, MMLB integrates with vulnerability analysis tools and performs package dependency analysis to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from TensorFlow, PyTorch, and Nvidia, we show that bloat accounts for up to 80% of machine learning container sizes, increasing container provisioning times by up to 370% and exacerbating vulnerabilities by up to 99%.

Machine learning systems

Software debloating

Author

Huaifeng Zhang

Network and Systems

Mohannad Alhanahnah

University of Wisconsin Madison

Fahmi Abdulqadir Ahmed

Student at Chalmers

Dyako Fatih

Student at Chalmers

Philipp Leitner

Software Engineering 2

Ahmed Ali-Eldin Hassan

Network and Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems

24761249 (eISSN)

Vol. 8 1 6

Areas of Advance

Information and Communication Technology

Subject Categories

Software Engineering

DOI

10.1145/3639032

More information

Latest update

3/12/2024