Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from the operating system, all the way to software backends, frontends, and web-pages. In this paper, we focus on analyzing and quantifying bloat in machine learning containers. We develop MMLB, a framework to analyze bloat in machine learning containers, measuring the amount of bloat that exists on the container and package levels. Our tool quantifies the sources of bloat and integrates with vulnerability analysis tools to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from Tensorflow, Pytorch, and NVIDIA, we show that bloat is a significant issue, accounting for up to 80% of the container size in some cases. Our results demonstrate that bloat significantly increases the container provisioning time by up to 370% and exacerbates vulnerabilities by up to 99%.

翻译：当今的软件充斥着大多数用户从未使用的代码和功能。这种臃肿现象遍及整个软件栈，从操作系统到软件后端、前端乃至网页。本文聚焦于分析和量化机器学习容器中的臃肿问题。我们开发了MMLB框架，用于分析机器学习容器的臃肿程度，测量容器与包层面的臃肿量。该工具量化了臃肿的来源，并与漏洞分析工具集成，以评估臃肿对容器漏洞的影响。通过对TensorFlow、PyTorch和NVIDIA的15个机器学习容器进行实验，我们证明臃肿是一个显著问题，在某些情况下占容器大小的80%。结果表明，臃肿使容器预配时间最多增加370%，且漏洞风险加剧高达99%。