Practical Dynamic Software Updating
February 14, 2008
University of Maryland, College Park
Thursday, February 14, 11am
Stevens Institute of Technology
Software updates typically require stopping and restarting an application, but many systems cannot afford to halt service, or would prefer not to. Dynamic Software Updating (DSU) addresses this difficulty by permitting programs to be updated while they run. DSU is appealing compared to other approaches for on-line upgrades because it is general, preserves state and requires no redundant hardware.
However, despite its appeal, DSU has seen limited use in mainstream software development, because it is not yet practical for mainstream programming languages. In this talk I will present an approach and a tool suite called Ginseng for dynamically updating single-threaded and multi-threaded C programs in a safe, flexible, and efficient manner.
Ginseng compiles programs specially so that they can be dynamically patched, and generates most of a dynamic patch automatically. Ginseng also performs a series of static analyses that ensure an update will not violate 1) type-safety (while guaranteeing that data is kept up-to-date), and 2) transactional version consistency (a novel update correctness property where programmers designate blocks of code as transactions whose execution must always be attributable to a single program version).
We have used Ginseng to construct and dynamically apply patches to six substantial open-source programs: three single-threaded servers (vsftpd, OpenSSH sshd, and GNU Zebra), and three multi-threaded servers (Memcached, Icecast and Space Tyrant). We dynamically patched these programs with six months to four years' worth of releases, for a total of 40 updates. Performance experiments show that while DSU support affects application performance, the impact is not significant.