Iulian Neamtiu
Michael Hicks
Abstract
Software updates typically require stopping and restarting an application, but many systems cannot afford to halt service, or would prefer not to. Dynamic software updating (DSU) addresses this difficulty by permitting programs to be updated while they run. DSU is appealing compared to other approaches for on-line upgrades because it is quite general and requires no redundant hardware. The challenge is in making DSU practical: it should be flexible, and yet safe, efficient, and easy to use.In this paper, we present Ginseng, a DSU implementation for C that aims to meet this challenge. We compile programs specially so that they can be dynamically patched, and generate most of a dynamic patch automatically. Ginseng performs a series of analyses that when combined with some simple runtime support ensure that an update will not violate type-safety while guaranteeing that data is kept up-to-date. We have used Ginseng to construct and dynamically apply patches to three substantial open-source server programs---Very Secure FTP daemon, OpenSSH sshd daemon, and GNU Zebra. In total, we dynamically patched each program with three years' worth of releases. Though the programs changed substantially, the majority of updates were easy to generate. Performance experiments show that all patches could be applied in less than 5 ms, and that the overhead on application throughput due to updating support ranged from 0 to at most 32%.
- A. Aiken, J. S. Foster, J. Kodumal, and T. Terauchi. Checking and inferring local non-aliasing. In Proc. PLDI, 2003.]] Google Scholar
Digital Library
- G. Altekar, I. Bagrak, P. Burstein, and A. Schultz. OPUS: Online patches and updates for security. In Proc. USENIX Security, 2005.]] Google ScholarDigital Library
- J. Armstrong, R. Virding, C. Wikstrom, and M. Williams. Concurrent programming in ERLANG (2nd ed.). Prentice Hall International Ltd., 1996.]] Google ScholarDigital Library
- A. Baumann, J. Appavoo, D. D. Silva, J. Kerr, O. Krieger, and R. W. Wisniewski. Providing dynamic update in an operating system. In Proc. USENIX ATC, 2005.]] Google ScholarDigital Library
- T. Bloom. Dynamic Module Replacement in a Distributed Programming System. PhD thesis, MIT/LCS, March 1983.]]Google Scholar
- T. Bloom and M. Day. Reconfiguration and module replacement in Argus: theory and practice. Software Engineering Journal, 8(2):102--108, 1993.]]Google ScholarCross Ref
- C. Boyapati, B. Liskov, L. Shrira, C.-H. Moh, and S. Richman. Lazy modular upgrades in persistent object stores. In Proc. OOPSLA, 2003.]] Google ScholarDigital Library
- G. Bronevetsky, M. Schulz, P. Szwed, D. Marques, and K. Pingali. Application-level checkpointing for shared memory programs. In Proc. ASPLOS, 2004.]] Google ScholarDigital Library
- B. Buck and J. K. Hollingsworth. An API for runtime code patching. Journal of High Performance Computing Applications, 14(4):317--329, 2000.]] Google ScholarDigital Library
- C. Calcagno. Stratified Operational Semantics for Safety and Correctness of The Region Calculus. In POPL, 2001.]] Google ScholarDigital Library
- S. Drossopoulou and S. Eisenbach. Flexible, source level dynamic linking and re-linking. In Proc. Workshop on Formal Techniques for Java Programs, 2003.]]Google Scholar
- D. Duggan. Type-based hot swapping of running modules. In ICFP, 2001.]] Google ScholarDigital Library
- O. Frieder and M. E. Segal. On dynamically updating a computer program: From concept to prototype. The Journal of Systems and Software, 14(2):111--128, 1991.]] Google ScholarDigital Library
- S. Gilmore, D. Kirli, and C. Walton. Dynamic ML without dynamic types. Technical Report ECS-LFCS-97-378, LFCS, University of Edinburgh, 1997.]]Google Scholar
- A. Goldberg and D. Robson. Smalltalk 80 - the Language and its Implementation. Addison-Wesley, Reading, 1989.]] Google ScholarDigital Library
- D. Gupta. On-line Software Version Change. PhD thesis, Indian Institute of Technology, Kanpur, November 1994.]]Google Scholar
- M. W. Hicks. Dynamic Software Updating. PhD thesis, The University of Pennsylvania, August 2001.]] Google ScholarDigital Library
- G. Hjálmtýsson and R. Gray. Dynamic C++ classes, a lightweight mechanism to update code in a running program. In Proc. USENIX ATC, 1998.]] Google ScholarDigital Library
- Java platform debugger architecture. This supports class replacement. See http://java.sun.com/j2se/1.4.2/docs/guide/jpda/.]]Google Scholar
- The K42 Project. http://www.research.ibm.com/K42/.]]Google Scholar
- J. Kodumal and A. Aiken. Banshee: A scalable constraint-based analysis toolkit. In Proc. SAS, September 2005.]] Google ScholarDigital Library
- D. E. Lowell, Y. Saito, and E. J. Samberg. Devirtualizable virtual machines enabling general, single-node, online maintenance. In Proc. ASPLOS, 2004.]] Google ScholarDigital Library
- J. M. Lucassen and D. K. Gifford. Polymorphic Effect Systems. In POPL, 1988.]] Google ScholarDigital Library
- S. Malabarba, R. Pandey, J. Gragg, E. Barr, and J. F. Barnes. Runtime support for type-safe dynamic java classes. In Proc. ECOOP, 2000.]] Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. LNCS, 2304:213--228, 2002.]] Google ScholarDigital Library
- D. Oppenheimer, A. Brown, J. Beck, D. Hettena, J. Kuroda, N. Treuhaft, D. A. Patterson, and K. Yelick. Roc-1: Hardware support for recovery-oriented computing. IEEE Trans. Comput., 51(2):100--107, 2002.]] Google ScholarDigital Library
- A. Orso, A. Rao, and M. Harrold. A technique for dynamic updating of Java software. In Proc. ICSM, 2002.]] Google ScholarDigital Library
- S. Parker. A simple equation: IT on = Business on. The IT Journal, Hewlett Packard, 2001.]]Google Scholar
- J. S. Plank. An overview of checkpointing in uniprocessor and distributed systems, focusing on implementation and performance. Technical Report UT-CS-97-372, Computer Science Department, the University of Tennessee, 1997.]] Google ScholarDigital Library
- J. M. Smith. A survey of process migration mechanisms. ACM Operating Systems Review, SIGOPS, 22(3):28--40, 1988.]] Google ScholarDigital Library
- C. Soules, J. Appavoo, K. Hui, D. D. Silva, G. Ganger, O. Krieger, M. Stumm, R. Wisniewski, M. Auslander, M. Ostrowski, B. Rosen-burg, and J. Xenidis. System support for online reconfiguration. In Proc. USENIX ATC, June 2003.]]Google Scholar
- G. Stoyle. A Theory of Dynamic Software Updates. PhD thesis, Computer Laboratory, University of Cambridge. To appear.]]Google Scholar
- G. Stoyle, M. Hicks, G. Bierman, P. Sewell, and I. Neamtiu. Mutatis Mutandis: Safe and predictable dynamic software updating. In Proc. POPL, 2005.]] Google ScholarDigital Library
- M. Tofte and J.-P. Talpin. Region-based memory management. Information and Computation, 132(2):109--176, 1997.]] Google ScholarDigital Library
- B. Zorn. Personal communication, based on experience with Microsoft Windows customers, August 2005.]]Google Scholar
Index Terms
- Practical dynamic software updating for C
Recommendations
Dynamic software updates: a VM-centric approach
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and ImplementationSoftware evolves to fix bugs and add features. Stopping and restarting programs to apply changes is inconvenient and often costly. Dynamic software updating (DSU) addresses this problem by updating programs while they execute, but existing DSU systems ...
Dynamic software updating
Many important applications must run continuously and without interruption, and yet also must be changed to fix bugs or upgrade functionality. No prior general-purpose methodology for dynamic updating achieves a practical balance between flexibility, ...
Practical dynamic software updating for C
PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and ImplementationSoftware updates typically require stopping and restarting an application, but many systems cannot afford to halt service, or would prefer not to. Dynamic software updating (DSU) addresses this difficulty by permitting programs to be updated while they ...
Comments