Practical Dynamic Software Updating

Abstract

This dissertation makes the case that programs can be updated while they run, with modest programmer effort, while providing certain update safety guarantees, and without imposing a significant performance overhead. Few systems are designed with on-the-fly updating in mind. Those systems that permit it support only a very limited class of updates, and generally provide no guarantees that following the update, the system will behave as intended. We tackle the on-the-fly updating problem using a compiler-based approach called Dynamic Software Updating (DSU), in which a program is patched with new code and data while it runs. The challenge is in making DSU practical: it should support changes to programs as they occur in practice, yet be safe, easy to use, and not impose a large overhead. This dissertation makes both theoretical contributions---formalisms for reasoning about, and ensuring update safety---and practical contributions---Ginseng, a DSU implementation for C. Ginseng supports a broad range of changes to C programs, and performs a suite of safety analyses to ensure certain update safety properties. We performed a substantial study of using Ginseng to dynamically update six sizable C server programs, three single-threaded and three multi-threaded. The updates were derived from changes over long periods of time, ranging from 10 months to 4 years-worth of releases. Though the programs changed substantially, the updates were straightforward to generate, and performance measurements show that the overhead of Ginseng is detectable, but modest. In summary, this dissertation shows that DSU can be practical for updating realistic applications as they are written now, and as they evolve in practice.