Toward Practical Dynamic Software Updating for C

Software systems are imperfect, so software updates are a fact of life. While typical software updates require stopping and restarting the program in question, many systems cannot afford to halt service, or would prefer not to. Dynamic software updating (DSU) addresses this difficulty by permitting programs to be updated while they run. DSU is appealing compared to other approaches for on-line upgrades because it is quite general and requires no redundant hardware. The challenge is in making DSU flexible, and yet safe and easy to use. In this paper, we describe a prototype DSU implementation for C programs that permits adding, deleting, and changing program definitions, including functions, global variables, and type declarations. We compile programs specially so that they can be dynamically patched, and generate most of a dynamic patch automatically. Our framework ensures that an update cannot be applied at a time that would violate type-safety. We report our experience with two open-source server programs: OpenSSH daemon, and Very Secure FTP daemon. The majority of updates were easy to generate, though more effort was required for signficant functional changes. Compiling for updateability had virtually no impact on server performance, but would be more significant for compute-bound programs.

Speaker Details

Michael W. Hicks is an assistant professor in the Computer Science department at the University of Maryland, College Park. His research bridges the areas of “systems” and programming languages, in that he frequently applies or develops language-based technology to solve problems that occur in systems software. For his Ph.D. dissertation, he designed and implemented a general, language-based approach for dynamically upgrading running software. This dissertation won the 2002 ACM SIGPLAN Doctoral Dissertation Award. With his students he has been significantly extending this work to make it more flexible and practical, to apply to real C programs. He is a core designer and implementor of Cyclone, a safe C-like language for building systems software, for which he is currently developing means to prove safe a variety of low-level memory management idioms; these idioms can be employed by programmers manually or with automated assistance. He has also been looking at building robust, flexible, and scalable tools for automatically detecting concurrency errors in multi-threaded programs, both in C and Java.

Date:
Speakers:
Michael Hicks
Affiliation:
University of Maryland, College Park
    • Portrait of Jeff Running

      Jeff Running