Practical Dynamic Software Updating
Publication or External Link
This dissertation makes the case that programs can be updated while
they run, with modest programmer effort, while providing certain
update safety guarantees, and without imposing a significant
Few systems are designed with on-the-fly updating in mind. Those
systems that permit it support only a very limited class of updates,
and generally provide no guarantees that following the update, the
system will behave as intended. We tackle the on-the-fly updating
problem using a compiler-based approach called
Dynamic Software Updating (DSU), in which a
program is patched with new code and data while it runs. The
challenge is in making DSU practical: it should support changes
to programs as they occur in practice, yet be safe, easy to use, and
not impose a large overhead.
This dissertation makes both theoretical contributions---formalisms
for reasoning about, and ensuring update safety---and practical
contributions---Ginseng, a DSU implementation for C. Ginseng
supports a broad range of changes to C programs, and performs a suite
of safety analyses to ensure certain update safety properties. We
performed a substantial study of using Ginseng to dynamically update
six sizable C server programs, three single-threaded and three
multi-threaded. The updates were derived from changes over long
periods of time, ranging from 10 months to 4 years-worth of releases.
Though the programs changed substantially, the updates were
straightforward to generate, and performance measurements show that
the overhead of Ginseng is detectable, but modest.
In summary, this dissertation shows that DSU can be practical for
updating realistic applications as they are written now, and as they
evolve in practice.