skip to main content
article
Free Access

Mutatis Mutandis: Safe and predictable dynamic software updating

Published:01 August 2007Publication History
Skip Abstract Section

Abstract

This article presents Proteus, a core calculus that models dynamic software updating, a service for fixing bugs and adding features to a running program. Proteus permits a program's type structure to change dynamically but guarantees the updated program remains type-correct by ensuring a property we call con-freeness. We show how con-freeness can be enforced dynamically, and how it can be approximated via a novel static analysis. This analysis can be used to assess the implications of a program's structure on future updates in order to make update success more predictable. We have implemented Proteus for C, and briefly discuss our implementation which we have tested on several well-known programs.

References

  1. Ajmani, S. 2004. Automatic software upgrades for distributed systems. Ph.D. thesis, Laboratory of Computer Science, the Massachussetts Institute of Technology. Google ScholarGoogle Scholar
  2. Ajmani, S., Liskov, B., and Shrira, L. 2006. Modular software upgrades for distributed systems. In Proceedings of the European Conference on Object-Oriented Programming (ECOOP).Google ScholarGoogle Scholar
  3. Altekar, G., Bagrak, I., Burstein, P., and Schultz, A. 2005. OPUS: Online patches and updates for security. In Proceedings of the Fourteenth USENIX Security Symposium. Baltimore, MD, 287--302. Google ScholarGoogle Scholar
  4. Appel, A. 1994. Hot-Sliding in ML. Unpublished manuscript.Google ScholarGoogle Scholar
  5. Armstrong, J. L. and Virding, R. 1991. Erlang---An experimental telephony switching language. In the 13th International Switching Symposium. Stockholm, Sweden.Google ScholarGoogle Scholar
  6. Ball, T. and Rajamani, S. K. 2002. The SLAM project: Debugging system software via static analysis. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL). Portland, OR, 1--3. Google ScholarGoogle Scholar
  7. Baumann, A., Heiser, G., Appavoo, J., Silva, D. D., Krieger, O., Wisniewski, R. W., and Kerr, J. 2005. Providing dynamic update in an operating system. In Proceedings of the USENIX Annual Technical Conference. Google ScholarGoogle Scholar
  8. Bierman, G., Hicks, M., Sewell, P., and Stoyle, G. 2003a. Formalizing dynamic software updating. In Proceedings of (USE03) the 2nd International Workshop on Unanticipated Software Evolution Warsaw, Poland.Google ScholarGoogle Scholar
  9. Bierman, G., Hicks, M., Sewell, P., Stoyle, G., and Wansbrough, K. 2003b. Dynamic rebinding for marshalling and update with destruct-time λ. In Proceedings of the ACM International Conference on Functional Programming (ICFP). Google ScholarGoogle Scholar
  10. Bloom, T. 1983. Dynamic module replacement in a distributed programming system. Ph.D. thesis, Laboratory for Computer Science, The Massachussets Institute of Technology.Google ScholarGoogle Scholar
  11. Bloom, T. and Day, M. 1993. Reconfiguration and module replacement in Argus: Theory and practice. Soft. Engin. J. 8, 2 (March), 102--108.Google ScholarGoogle Scholar
  12. Boyapati, C., Liskov, B., Shrira, L., Moh, C.-H., and Richman, S. 2003. Lazy modular upgrades in persistent object stores. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA). Google ScholarGoogle Scholar
  13. Breazu-Tannen, V., Coquand, T., Gunter, C., and Scedrov, A. 1991. Inheritance as implicit coercion. Inform. computat. 93, 1, 172--221. Google ScholarGoogle Scholar
  14. Buck, B. and Hollingsworth, J. K. 2000. An API for runtime code patching. J. High Perform. Comput. Appl. 14, 4, 317--329. Google ScholarGoogle Scholar
  15. Drossopoulou, S. and Eisenbach, S. 2003. Flexible, source level dynamic linking and re-linking. In Proceedings of the ECOOP 2003 Workshop on Formal Techniques for Java Programs.Google ScholarGoogle Scholar
  16. Duggan, D. 2001. Type-based hot swapping of running modules. In Proceedings of the ACM International Conference on Functional Programming (ICFP). Google ScholarGoogle Scholar
  17. Foster, J. S., Terauchi, T., and Aiken, A. 2002. Flow-sensitive type qualifiers. In Proceedings of the ACM Conference on Programming Languages Design and Implementation (PLDI). Berlin, Germany, 1--12. Google ScholarGoogle Scholar
  18. Frieder, O. and Segal, M. E. 1991. On dynamically updating a computer program: From concept to prototype. J. Syst. Softw. 14, 2 (Sept.) 111--128. Google ScholarGoogle Scholar
  19. Gapeyev, V., Levin, M., and Pierce, B. C. 2000. Recursive subtyping revealed. In Proceedings of the ACM International Conference on Functional Programming (ICFP). Google ScholarGoogle Scholar
  20. Gilmore, S., Kirli, D., and Walton, C. 1997. Dynamic ML without dynamic types. Tech. rep. ECS-LFCS-97-378, LFCS, University of Edinburgh.Google ScholarGoogle Scholar
  21. Grossman, D., Morrisett, G., Jim, T., Hicks, M., Wang, Y., and Cheney, J. 2002. Region-based memory management in Cyclone. In Proceedings of the ACM Conference on Programming Languages Design and Implementation (PLDI). Google ScholarGoogle Scholar
  22. Gupta, D. 1994. Online software version change. Ph.D. thesis, Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, India.Google ScholarGoogle Scholar
  23. Heintze, N. 1992. Set-based program analysis. Ph.D. thesis, Department of Computer Science, Carnegie Mellon University. Google ScholarGoogle Scholar
  24. Hicks, M. and Nettles, S. M. 2005. Dynamic software updating. ACM Trans. Program. Lang. Syst. 27, 6 (Nov.). Google ScholarGoogle Scholar
  25. Hicks, M., Tse, S., Hicks, B., and Zdancewic, S. 2005. Dynamic updating of information-flow policies. In Proceedings of the International Workshop on Foundations of Computer Security (FCS).Google ScholarGoogle Scholar
  26. Hicks, M., Weirich, S., and Crary, K. 2000. Safe and flexible dynamic linking of native code. In Proceedings of the ACM SIGPLAN Workshop on Types in Compilation (TIC). Lecture Notes in Computer Science, R. Harper, Ed. vol. 2071. Springer-Verlag. Google ScholarGoogle Scholar
  27. Hicks, M. W. 2001. Dynamic software updating. Ph.D. thesis, Department of Computer and Information Science, The University of Pennsylvania. Google ScholarGoogle Scholar
  28. Hjálmtýsson, G. and Gray, R. 1998. Dynamic C++ classes, a lightweight mechanism to update code in a running program. In Proceedings of the USENIX Annual Technical Conference. Google ScholarGoogle Scholar
  29. Mitchell, J. C. 1986. Representation independence and data abstraction. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL). 263--276. Google ScholarGoogle Scholar
  30. Neamtiu, I., Foster, J. S., and Hicks, M. 2005. Understanding source code evolution using abstract syntax tree matching. In Proceedings of the International Workshop on Mining Software Repositories (MSR). Google ScholarGoogle Scholar
  31. Neamtiu, I., Hicks, M., Stoyle, G., and Oriol, M. 2006. Practical dynamic software updating for C. In Proceedings of the ACM Conference on Programming Languages Design and Implementation (PLDI). 72--83. Google ScholarGoogle Scholar
  32. Necula, G. C., McPeak, S., Rahul, S. P., and Weimer, W. 2002. CIL: Intermediate language and tools for analysis and transformation of C programs. Lecture Notes in Computer Science vol. 2304, 213--228. Google ScholarGoogle Scholar
  33. Oppenheimer, D., Brown, A., Beck, J., Hettena, D., Kuroda, J., Treuhaft, N., Patterson, D. A., and Yelick, K. 2002. Roc-1: Hardware support for recovery-oriented computing. IEEE Trans. Comput. 51, 2, 100--107. Google ScholarGoogle Scholar
  34. Orso, A., Rao, A., and Harrold, M. 2002. A technique for dynamic updating of Java software. In Proceedings of the IEEE International Conference on Software Maintenance (ICSM). Google ScholarGoogle Scholar
  35. Peterson, J., Hudak, P., and Ling, G. S. 1997. Principled dynamic code improvement. Tech. rep. YALEU/DCS/RR-1135, Department of Computer Science, Yale University.Google ScholarGoogle Scholar
  36. Soules, C., Appavoo, J., Hui, K., Wisniewski, R. W., Silva, D. D., Ganger, G. R., Krieger, O., Stumm, M., Auslander, M., Ostrowski, M., Rosenburg, B., and Xenidis, J. 2003. System support for online reconfiguration. In Proceedings of the USENIX Annual Technical Conference.Google ScholarGoogle Scholar
  37. Stoyle, G., Hicks, M., Bierman, G., Sewell, P., and Neamtiu, I. 2005. Mutatis Mutandis: Safe and predictable dynamic software updating. In Proceedings of POPL 2005: The 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'05). Long Beach, CA, 183--194. Google ScholarGoogle Scholar
  38. Walker, D. 2000. A type system for expressive security policies. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL). 254--267. Google ScholarGoogle Scholar
  39. Walker, D., Crary, K., and Morrisett, G. 2000. Typed memory management via static capabilities. ACM Trans. Program. Lang. Syst. 22, 4, 701--771. Google ScholarGoogle Scholar
  40. Xie, Y. and Aiken, A. 2005. Scalable Error Detection using Boolean Satisfiability. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL). 351--363. Google ScholarGoogle Scholar
  41. Zorn, B. 2005. Personal communication, based on experience with Microsoft Windows customers.Google ScholarGoogle Scholar

Index Terms

  1. Mutatis Mutandis: Safe and predictable dynamic software updating

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!