Abstract
To fix bugs or to enhance a software system without service disruption, one has to update it dynamically during execution. Most prior dynamic software updating techniques require that the code to be changed is not running at the time of the update. However, this restriction precludes any change to the outermost loops of servers, OS scheduling loops and recursive functions. Permitting a dynamic update to more generally manipulate the program's execution state, including the runtime stack, alleviates this restriction but increases the likelihood of type errors. In this paper we present ReCaml, a language for writing dynamic updates to running programs that views execution state as a delimited continuation. ReCaml includes a novel feature for introspecting continuations called match_cont which is sufficiently powerful to implement a variety of updating policies. We have formalized the core of ReCaml and proved it sound (using the Coq proof assistant), thus ensuring that state-manipulating updates preserve type-safe execution of the updated program. We have implemented ReCaml as an extension to the Caml bytecode interpreter and used it for several examples.
Supplemental Material
- }}Gautam Altekar, Ilya Bagrak, Paul Burstein, and Andrew Schultz. Opus: online patches and updates for security. In USENIX Security Symposium, pages 287--302, Baltimore, Maryland, USA, August 2005. Google Scholar
Digital Library
- }}Pascalin Amagbégnon, Loïc Besnard, and Paul Le Guernic. Implementation of the dataflow synchronous language SIGNAL. ACM SIGPLAN Notices, 30(6):163--173, June 1995. doi: 10.1145/223428.207134. Google Scholar
Digital Library
- }}Jonathan Appavoo, Kevin Hui, Craig Soules, Robert Wisniewski, Dilma Da Silva, Orran Krieger, Marc Auslander, David Edelsohn, Ben Gamsa, Gregory Ganger, Paul McKenney, Michal Ostrowski, Bryan Rosenburg, Michael Stumm, and Jimi Xenidis. Enabling autonomic behavior in systems software with hot swapping. IBM Systems Journal, 42(1):60--76, 2003. Google Scholar
Digital Library
- }}Jeff Arnold and M. Frans Kaashoek. Ksplice: automatic rebootless kernel updates. In European Conference on Computer Systems, pages 187--198, Nuremberg, Germany, April 2009. doi: 10.1145/1519065.1519085. Google Scholar
Digital Library
- }}Kenichi Asai and Yukiyoshi Kameyama. Polymorphic delimited continuations. In Asian Symposium on Programming Languages and Systems, volume 4807 of LNCS, pages 239--254, Singapore, December 2007. doi: 10.1007/978-3-540-76637-7_16. Google Scholar
Digital Library
- }}Brian Aydemir, Aaron Bohannon, Benjamin Pierce, Jeffrey Vaughan, Dimitrios Vytiniotis, Stephanie Weirich, and Steve Zdancewic. Using proof assistants for programming language research or, how to write your next popl paper in coq. http://www.cis.upenn.edu/~plclub/popl08-tutorial/, 2008. POPL 2008 tutorial.Google Scholar
- }}Andrew Baumann, Jonathan Appavoo, Robert Wisniewski, Dilma Da Silva, Orran Krieger, and Gernot Heiser. Reboots are for hardware: challenges and solutions to updating an operating system on the fly. In USENIX Annual Technical Conference, Santa Clara, California, USA, June 2007. Google Scholar
Digital Library
- }}Gavin Bierman, Michael Hicks, Peter Sewell, Gareth Stoyle, and Keith Wansbrough. Dynamic rebinding for mashalling and update, with destruct-time λ. In International Conference on Functional Programming, pages 99--110, Uppsala, Sweden, August 2003. doi: 10.1145/944705.944715. Google Scholar
Digital Library
- }}Eric Bruneton, Thierry Coupaye, Matthieu Leclerq, Vivien Quéma, and Jean-Bernard Stefani. The Fractal component and its support in java. Software: Practice & Experience, special issue on experiences with auto-adaptive and reconfigurable systems, 36(11-12):1257--1284, September 2006. doi: 10.1002/spe.767. Google Scholar
Digital Library
- }}Jérémy Buisson and Fabien Dagnat. Introspecting continuations in order to update active code. In Workshop on Hot Topics in Software Upgrades, Nashville, Tennessee, USA, October 2008. doi: 10.1145/1490283.1490289. Google Scholar
Digital Library
- }}Acacio Cruz. Official Gmail Blog: Update on today's Gmail outage. http://gmailblog.blogspot.com/2009/02/update-on-todays-gmail-outage.html, February 2009.Google Scholar
- }}Mikhail Dmitriev. Safe class and data evolution in large and long-lived java applications. Technical Report TR-2001-98, Sun Microsystems, August 2001. Google Scholar
Digital Library
- }}Kent Dybvig, Simon Peyton-Jones, and Amr Sabry. A monadic framework for delimited continuations. Journal of Functional Programming, 17(6):687--730, November 2007. doi: 10.1017/S0956796807006259. Google Scholar
Digital Library
- }}Ericsson AB. Erlang 5.6.3 Reference manual, chapter 12. Compilation and code loading. 2008. http://www.erlang.org/doc/reference_manual/part_frame.html.Google Scholar
- }}Matthias Felleisen. The theory and practice of first-class prompts. In Principles of Programming Languages, pages 180--190, San Diego, California, USA, January 1988. doi: 10.1145/73560.73576. Google Scholar
Digital Library
- }}Stephen Gilmore, Dilsun Kirli, and Christopher Walton. Dynamic ML without dynamic types. Technical Report ECS-LFCS-97-379, University of Edinburgh, December 1997.Google Scholar
- }}Carl A. Gunter, Didier Rémy, and Jon G. Riecke. A generalization of exceptions and control in ML-like languages. In International Conference on Functional Programming Languages and Computer Architecture, pages 12--23, La Jolla, California, USA, June 1995. doi: 10.1145/224164.224173. Google Scholar
Digital Library
- }}Deepak Gupta, Pankaj Jalote, and Gautam Barua. A formal framework for on-line software version change. IEEE Transactions on Software Engineering, 22(2):120--131, February 1996. doi: 10.1109/32.485222. Google Scholar
Digital Library
- }}Jennifer Hamilton, Michael Magruder, James Hogg, William Evans, Vance Morrison, Lawrence Sullivan, Sean Trowbridge, Jason Zander, Ian Carmichael, Patrick Dussud, John Hamby, John Rivard, Li Zhang, Mario Chenier, Douglas Rosen, Steven Steiner, Peter Hallam, Brian Crawford, James Miller, Sam Spencer, and Habib Heydarian. Method and system for program editing and debugging in a common language runtime environment. Patent US7516441, Microsoft Corporation, April 2009.Google Scholar
- }}Christine Hofmeister and James Purtilo. Dynamic reconfiguration in distributed systems: adapting software modules for replacement. In International Conference on Distributed Computing Systems, pages 101--110, Pittsburgh, Pennsylvania, USA, May 1993. doi: 10.1109/ICDCS.1993.287718.Google Scholar
Cross Ref
- }}Oleg Kiselyov. How to remove a dynamic prompt: static and dynamic delimited continuation operators are equally expressible. Technical Report TR611, Indiana University, March 2005.Google Scholar
- }}Jeff Kramer and Jeff Magee. The evolving philosophers problem: dynamic change management. IEEE Transactions on Software Engineering, 16(11):1293--1306, November 1990. doi: 10.1109/32.60317. Google Scholar
Digital Library
- }}Xavier Leroy. The ZINC experiment, an economical implementation of the ML language. Technical Report 117, INRIA, 1990.Google Scholar
- }}Xavier Leroy. Polymorphism by name for references and continuations. In Principles of Programming Languages, pages 220--231, Charleston, South Carolina, USA, January 1993. doi: 10.1145/158511.158632. Google Scholar
Digital Library
- }}Kristis Makris and Rida Bazzi. Multi-threaded dynamic software updates using stack reconstruction. In USENIX Annual Technical Conference, San Diego, California, USA, June 2009. Google Scholar
Digital Library
- }}Kristis Makris and Kyung Dong Ryu. Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels. In European Conference on Computer Systems, pages 327--340, Lisboa, Portugal, March 2007. doi: 10.1145/1272996.1273031. Google Scholar
Digital Library
- }}Simon Marlow and Simon Peyton-Jones. Making a fast curry: push/enter vs eval/apply for higher-order languages. Journal of Functionnal Programming, 16(4-5):415--449, July 2006. doi: 10.1017/S0956796806005995. Google Scholar
Digital Library
- }}Iulian Neamtiu, Micheal Hicks, Gareth Stoyle, and Manuel Oriol. Practical dynamic software updating for C. In Conference on Programming Language Design and Implementation, pages 72--83, Ottawa, Ontario, Canada, June 2006. doi: 10.1145/1133981.1133991. Google Scholar
Digital Library
- }}Greg Pettyjohn, John Clements, Joe Marshall, Shriram Krishnamurthi, and Matthias Felleisen. Continuations from generalized stack inspection. In International Conference on Functional Programming, pages 216--227, Tallinn, Estonia, September 2005. doi: 10.1145/1090189.1086393. Google Scholar
Digital Library
- }}Benjamin Pierce. Lambda, the ultimate TA: Using a proof assistant to teach programming language foundations, September 2009. Keynote address at International Conference on Functional Programming. Google Scholar
Digital Library
- }}Benjamin Pierce, Chris Casinghino, and Michael Greenberg. Software foundations. 2010. http://www.cis.upenn.edu/~bcpierce/sf/.Google Scholar
- }}Tiark Rompf, Ingo Maier, and Martin Odersky. Implementing firstclass polymorphic delimited continuations by a type-directed selective CPS transform. In International Conference on Functional Programming, Edinburgh, Scotland, UK, September 2009. doi: 10.1145/1596550.1596596. Google Scholar
Digital Library
- }}Peter Sewell, Gareth Stoyle, Michael Hicks, Gavin Bierman, and Keith Wansbrough. Dynamic rebinding for marshalling and update, via redex-time and destruct-time reduction. Journal of Functional Programming, 18(4):437--502, July 2008. doi: 10.1017/S0956796807006600. Google Scholar
Digital Library
- }}Chung-Chieh Shan. Shift to control. In ACM SIGPLAN Scheme Workshop, Snowbird, Utah, USA, September 2004.Google Scholar
- }}Mads Tofte. Type inference for polymorphic references. Information and computation, 89(1):1--34, November 1990. doi: 10.1016/0890-5401(90)90018-D. Google Scholar
Digital Library
- }}Yves Vandewoude, Peter Ebraert, Yolande Berbers, and Theo D'Hondt. Tranquility: a low disruptive alternative to quiescence for ensuring safe dynamic updates. IEEE Transactions on Software Engineering, 33(12):856--868, December 2007. doi: 10.1109/TSE.2007.70733. Google Scholar
Digital Library
- }}Andrew Wright. Polymorphism for imperative languages without imperative types. Technical Report TR93--200, Rice University, February 1993.Google Scholar
Index Terms
ReCaml: execution state as the cornerstone of reconfigurations
Recommendations
ReCaml: execution state as the cornerstone of reconfigurations
ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programmingTo fix bugs or to enhance a software system without service disruption, one has to update it dynamically during execution. Most prior dynamic software updating techniques require that the code to be changed is not running at the time of the update. ...
Dynamic software updates: a VM-centric approach
PLDI '09Software evolves to fix bugs and add features. Stopping and restarting programs to apply changes is inconvenient and often costly. Dynamic software updating (DSU) addresses this problem by updating programs while they execute, but existing DSU systems ...
Kitsune: Efficient, General-Purpose Dynamic Software Updating for C
Dynamic software updating (DSU) systems facilitate software updates to running programs, thereby permitting developers to add features and fix bugs without downtime. This article introduces Kitsune, a DSU system for C. Kitsune’s design has three notable ...







Comments