Practical Dynamic Software Updating

Abstract

This dissertation makes the case that programs can be updated while

they run, with modest programmer effort, while providing certain

update safety guarantees, and without imposing a significant

performance overhead.

Few systems are designed with on-the-fly updating in mind. Those

systems that permit it support only a very limited class of updates,

and generally provide no guarantees that following the update, the

system will behave as intended. We tackle the on-the-fly updating

problem using a compiler-based approach called

Dynamic Software Updating (DSU), in which a

program is patched with new code and data while it runs. The

challenge is in making DSU practical: it should support changes

to programs as they occur in practice, yet be safe, easy to use, and

not impose a large overhead.

This dissertation makes both theoretical contributions---formalisms

for reasoning about, and ensuring update safety---and practical

contributions---Ginseng, a DSU implementation for C. Ginseng

supports a broad range of changes to C programs, and performs a suite

of safety analyses to ensure certain update safety properties. We

performed a substantial study of using Ginseng to dynamically update

six sizable C server programs, three single-threaded and three

multi-threaded. The updates were derived from changes over long

periods of time, ranging from 10 months to 4 years-worth of releases.

Though the programs changed substantially, the updates were

straightforward to generate, and performance measurements show that

the overhead of Ginseng is detectable, but modest.

In summary, this dissertation shows that DSU can be practical for

updating realistic applications as they are written now, and as they

evolve in practice.