Abstract
This article presents Proteus, a core calculus that models dynamic software updating, a service for fixing bugs and adding features to a running program. Proteus permits a program's type structure to change dynamically but guarantees the updated program remains type-correct by ensuring a property we call con-freeness. We show how con-freeness can be enforced dynamically, and how it can be approximated via a novel static analysis. This analysis can be used to assess the implications of a program's structure on future updates in order to make update success more predictable. We have implemented Proteus for C, and briefly discuss our implementation which we have tested on several well-known programs.
- Ajmani, S. 2004. Automatic software upgrades for distributed systems. Ph.D. thesis, Laboratory of Computer Science, the Massachussetts Institute of Technology. Google Scholar
- Ajmani, S., Liskov, B., and Shrira, L. 2006. Modular software upgrades for distributed systems. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP).Google Scholar
- Altekar, G., Bagrak, I., Burstein, P., and Schultz, A. 2005. OPUS: Online patches and updates for security. In Proceedings of the Fourteenth USENIX Security Symposium. Baltimore, MD, 287--302. Google Scholar
- Appel, A. 1994. Hot-Sliding in ML. Unpublished manuscript.Google Scholar
- Armstrong, J. L. and Virding, R. 1991. Erlang---An experimental telephony switching language. In the 13th International Switching Symposium. Stockholm, Sweden.Google Scholar
- Ball, T. and Rajamani, S. K. 2002. The SLAM project: Debugging system software via static analysis. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL). Portland, OR, 1--3. Google Scholar
- Baumann, A., Heiser, G., Appavoo, J., Silva, D. D., Krieger, O., Wisniewski, R. W., and Kerr, J. 2005. Providing dynamic update in an operating system. In Proceedings of the USENIX Annual Technical Conference. Google Scholar
- Bierman, G., Hicks, M., Sewell, P., and Stoyle, G. 2003a. Formalizing dynamic software updating. In Proceedings of (USE03) the 2nd International Workshop on Unanticipated Software Evolution Warsaw, Poland.Google Scholar
- Bierman, G., Hicks, M., Sewell, P., Stoyle, G., and Wansbrough, K. 2003b. Dynamic rebinding for marshalling and update with destruct-time λ. In Proceedings of the ACM International Conference on Functional Programming (ICFP). Google Scholar
- Bloom, T. 1983. Dynamic module replacement in a distributed programming system. Ph.D. thesis, Laboratory for Computer Science, The Massachussets Institute of Technology.Google Scholar
- Bloom, T. and Day, M. 1993. Reconfiguration and module replacement in Argus: Theory and practice. Soft. Engin. J. 8, 2 (March), 102--108.Google Scholar
- Boyapati, C., Liskov, B., Shrira, L., Moh, C.-H., and Richman, S. 2003. Lazy modular upgrades in persistent object stores. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). Google Scholar
- Breazu-Tannen, V., Coquand, T., Gunter, C., and Scedrov, A. 1991. Inheritance as implicit coercion. Inform. computat. 93, 1, 172--221. Google Scholar
- Buck, B. and Hollingsworth, J. K. 2000. An API for runtime code patching. J. High Perform. Comput. Appl. 14, 4, 317--329. Google Scholar
- Drossopoulou, S. and Eisenbach, S. 2003. Flexible, source level dynamic linking and re-linking. In Proceedings of the ECOOP 2003 Workshop on Formal Techniques for Java Programs.Google Scholar
- Duggan, D. 2001. Type-based hot swapping of running modules. In Proceedings of the ACM International Conference on Functional Programming (ICFP). Google Scholar
- Foster, J. S., Terauchi, T., and Aiken, A. 2002. Flow-sensitive type qualifiers. In Proceedings of the ACM Conference on Programming Languages Design and Implementation (PLDI). Berlin, Germany, 1--12. Google Scholar
- Frieder, O. and Segal, M. E. 1991. On dynamically updating a computer program: From concept to prototype. J. Syst. Softw. 14, 2 (Sept.) 111--128. Google Scholar
- Gapeyev, V., Levin, M., and Pierce, B. C. 2000. Recursive subtyping revealed. In Proceedings of the ACM International Conference on Functional Programming (ICFP). Google Scholar
- Gilmore, S., Kirli, D., and Walton, C. 1997. Dynamic ML without dynamic types. Tech. rep. ECS-LFCS-97-378, LFCS, University of Edinburgh.Google Scholar
- Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y., and Cheney, J. 2002. Region-based memory management in Cyclone. In Proceedings of the ACM Conference on Programming Languages Design and Implementation (PLDI). Google Scholar
- Gupta, D. 1994. Online software version change. Ph.D. thesis, Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, India.Google Scholar
- Heintze, N. 1992. Set-based program analysis. Ph.D. thesis, Department of Computer Science, Carnegie Mellon University. Google Scholar
- Hicks, M. and Nettles, S. M. 2005. Dynamic software updating. ACM Trans. Program. Lang. Syst. 27, 6 (Nov.). Google Scholar
- Hicks, M., Tse, S., Hicks, B., and Zdancewic, S. 2005. Dynamic updating of information-flow policies. In Proceedings of the International Workshop on Foundations of Computer Security (FCS).Google Scholar
- Hicks, M., Weirich, S., and Crary, K. 2000. Safe and flexible dynamic linking of native code. In Proceedings of the ACM SIGPLAN Workshop on Types in Compilation (TIC). Lecture Notes in Computer Science, R. Harper, Ed. vol. 2071. Springer-Verlag. Google Scholar
- Hicks, M. W. 2001. Dynamic software updating. Ph.D. thesis, Department of Computer and Information Science, The University of Pennsylvania. Google Scholar
- Hjálmtýsson, G. and Gray, R. 1998. Dynamic C++ classes, a lightweight mechanism to update code in a running program. In Proceedings of the USENIX Annual Technical Conference. Google Scholar
- Mitchell, J. C. 1986. Representation independence and data abstraction. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL). 263--276. Google Scholar
- Neamtiu, I., Foster, J. S., and Hicks, M. 2005. Understanding source code evolution using abstract syntax tree matching. In Proceedings of the International Workshop on Mining Software Repositories (MSR). Google Scholar
- Neamtiu, I., Hicks, M., Stoyle, G., and Oriol, M. 2006. Practical dynamic software updating for C. In Proceedings of the ACM Conference on Programming Languages Design and Implementation (PLDI). 72--83. Google Scholar
- Necula, G. C., McPeak, S., Rahul, S. P., and Weimer, W. 2002. CIL: Intermediate language and tools for analysis and transformation of C programs. Lecture Notes in Computer Science vol. 2304, 213--228. Google Scholar
- Oppenheimer, D., Brown, A., Beck, J., Hettena, D., Kuroda, J., Treuhaft, N., Patterson, D. A., and Yelick, K. 2002. Roc-1: Hardware support for recovery-oriented computing. IEEE Trans. Comput. 51, 2, 100--107. Google Scholar
- Orso, A., Rao, A., and Harrold, M. 2002. A technique for dynamic updating of Java software. In Proceedings of the IEEE International Conference on Software Maintenance (ICSM). Google Scholar
- Peterson, J., Hudak, P., and Ling, G. S. 1997. Principled dynamic code improvement. Tech. rep. YALEU/DCS/RR-1135, Department of Computer Science, Yale University.Google Scholar
- Soules, C., Appavoo, J., Hui, K., Wisniewski, R. W., Silva, D. D., Ganger, G. R., Krieger, O., Stumm, M., Auslander, M., Ostrowski, M., Rosenburg, B., and Xenidis, J. 2003. System support for online reconfiguration. In Proceedings of the USENIX Annual Technical Conference.Google Scholar
- Stoyle, G., Hicks, M., Bierman, G., Sewell, P., and Neamtiu, I. 2005. Mutatis Mutandis: Safe and predictable dynamic software updating. In Proceedings of POPL 2005: The 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'05). Long Beach, CA, 183--194. Google Scholar
- Walker, D. 2000. A type system for expressive security policies. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL). 254--267. Google Scholar
- Walker, D., Crary, K., and Morrisett, G. 2000. Typed memory management via static capabilities. ACM Trans. Program. Lang. Syst. 22, 4, 701--771. Google Scholar
- Xie, Y. and Aiken, A. 2005. Scalable Error Detection using Boolean Satisfiability. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL). 351--363. Google Scholar
- Zorn, B. 2005. Personal communication, based on experience with Microsoft Windows customers.Google Scholar
Index Terms
Mutatis Mutandis: Safe and predictable dynamic software updating
Recommendations
Dynamic software updates: a VM-centric approach
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and ImplementationSoftware evolves to fix bugs and add features. Stopping and restarting programs to apply changes is inconvenient and often costly. Dynamic software updating (DSU) addresses this problem by updating programs while they execute, but existing DSU systems ...
Kitsune: efficient, general-purpose dynamic software updating for C
OOPSLA '12: Proceedings of the ACM international conference on Object oriented programming systems languages and applicationsDynamic software updating (DSU) systems allow programs to be updated while running, thereby permitting developers to add features and fix bugs without downtime. This paper introduces Kitsune, a new DSU system for C whose design has three notable ...
Mutatis mutandis: safe and predictable dynamic software updating
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesDynamic software updates can be used to fix bugs or add features to a running program without downtime. Essential for some applications and convenient for others, low-level dynamic updating has been used for many years. Perhaps surprisingly, there is ...






Comments