This work addresses the growing firmware bloat in multimodal robotic vehicles and the limitations of existing debloating techniques, which suffer from coarse granularity and irreversibility. To overcome these challenges, the authors propose a runtime-adaptive, function-level dynamic debloating approach built on LLVM that integrates static and dynamic analysis to selectively prune non-essential code at runtime based on the active operational mode. This method achieves, for the first time, fine-grained, reversible, and mode-aware firmware reduction for multimodal embedded systems. Evaluation across six real-world and simulated robotic platforms demonstrates that, on average, 85% of functions can be safely removed in a given mode, reducing the call graph size by 45% while maintaining 100% task success rates, with only a 3.9% performance overhead and approximately 0.25 MB of memory overhead.

As the number of embedded devices grows and their functional requirements increase, embedded firmware is becoming increasingly larger, thereby expanding its attack surface. Despite the increase in firmware size, many embedded devices, such as robotic vehicles (RVs), operate in distinct modes, each requiring only a small subset of the firmware code at runtime. We refer to such devices as mode-based embedded devices. Debloating is an approach to reduce attack surfaces by removing or restricting unneeded code, but existing techniques suffer from significant limitations, such as coarse granularity and irreversible code removal, limiting their applicability. To address these limitations, we propose RVDebloater, a novel adaptive debloating technique for mode-based embedded devices that automatically identifies unneeded firmware code for each mode using either static or dynamic analysis, and dynamically debloats the firmware for each mode at the function level at runtime. RVDebloater introduces a new software-based enforcement approach that supports diverse mode-based embedded devices. We implemented RVDebloater using the LLVM compiler and evaluated its efficiency and effectiveness on six different RVs, including both simulated and real ones, with different real-world missions. We find that device requirements change throughout its lifetime for each mode, and that many critical firmware functions can be restricted in other modes, with an average of 85% of functions not being required. The results showed that none of the missions failed after debloating with RVDebloater, indicating that it neither incurred false positives nor false negatives. Further, RVDebloater prunes the firmware call graph by an average of 45% across different firmware. Finally, RVDebloater incurred an average performance overhead of 3.9% and memory overhead of 4% (approximately 0.25 MB) on real RVs.