Min Zhang,Kazuhiro Ogata,Kokichi Futatsugi

DOI: https://doi.org/10.1016/j.entcs.2013.02.013

2013-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Dynamic Software Updating (DSU) is a technique of updating running software systems on-the-fly. Whereas there are some studies on the correctness of dynamic updating, they focus on how to deploy updates correctly at the code level, e.g., if procedures refer to the data of correct types. However, little attention has been paid to the correctness of the dynamic updating at the behavior level, e.g., if systems after being updated behave as expected, and if unexpected behaviors can never occur. We present an algebraic methodology of specifying dynamic updates and verifying their behavioral correctness by using off-the-shelf theorem proving and model checking tools. By theorem proving we can show that systems after being updated indeed satisfy their desired properties, and by model checking we can detect potential errors. Our methodology is general in that: (1) it can be applied to three updating models that are mainly used in current DSU systems; and (2) it is not restricted to dynamic updates for certain programming models.

Gang Chen,Hai Jin,Deqing Zou,Zhenkai Liang,Bing,Hao Wang

DOI: https://doi.org/10.1109/tpds.2015.2430854

IF: 5.3

2016-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Dynamic software updating (DSU) enables a program to be patched on the fly without being shutdown. This paper addresses the practicality problem of the recent research on DSU systems, and presents Replus, a new DSU system that balances practicality and functionality. Replus aims to retain backward binary compatibility and support multi-threaded programs. In addition, it does not require customers to have developer-level software knowledge. More importantly, without specific compiler support, Replus can patch programs that are difficult to be updated at runtime, as well as programs that may incur an indefinite delay in DSU. The key technique of our solution is to update the stack elements for the patched program using two new mechanisms: Immediate Stack Updating, which immediately updates the stack of a thread, and timely stack updating, which only updates the stack frames of the necessary functions without affecting others. Replus also develops an Instruction Level Updating mechanism, which is more efficient for certain security patches. We used popular server applications as test suites to evaluate the effectiveness of Replus. The experimental results demonstrated that Replus can successfully update all the test suites with negligible impact on application performance.

Min Zhang,Kazuhiro Ogata,Kokichi Futatsugi

DOI: https://doi.org/10.1109/apsec.2012.100

2012-01-01

Abstract:Dynamic Software Updating (DSU) is a promising software maintenance technique, which aims at updating running software systems on the fly without incurring any downtime. The systems that require dynamic updating usually require high reliability assurance. Incorrect updating may cause them to behave erratically and/or even crash, and hence results in dreadful loss. However, there are few approaches to the study of the correctness of dynamic updating. In this paper, we systematically discuss the correctness of dynamic updating from a formal perspective, and present a first algebraic approach to formal analysis of it. The basic idea is to formalize dynamic updating systems as rewrite systems, with which we can analyze dynamic updates e.g. verifying their desired properties, or detecting incorrect update points, etc. The formal analysis helps us understand the behaviors of updated systems before we apply updates to the running systems, and hence improves the reliability of the systems after being updated.

Shengwei An,Xiaoxing Ma,Chun Cao,Ping Yu,Chang Xu

DOI: https://doi.org/10.1109/QRS.2015.33

2015-01-01

Abstract:Dynamic Software Update (DSU) is a technique to upgrade running programs without shutting them down. DSU can improve system availability and maintenance flexibility. However, its adoption in practice is still limited due to the risk of system misbehavior that careless DSU may bring. To reduce this risk we propose a formal framework for the specification and verification of DSU. Different from previous approaches where DSU is described from the viewpoint of program's internal state transitions, our framework focuses on program's external behavior and its effect on its environment. This more abstract view avoids over specification of DSU and allows for better DSU flexibility. Based on this framework, we also devise a mechanism that automatically synthesizes runtime monitors to improve DSU timeliness without compromising its safety.

Min Zhang,Kazuhiro Ogata,Kokichi Futatsugi

DOI: https://doi.org/10.1007/978-3-642-54624-2_28

2014-01-01

Abstract:Dynamic Software Updating (DSU) is a technique for updating running software systems without incurring downtime. However, a challenging problem is how to design a correct dynamic update so that the system after being updated will run as expected instead of causing any inconsistencies or even crashes. The OTS/CafeOBJ method is an effective and practical approach to specifying and verifying the design of software. In this paper, we propose an algebraic way of specifying and verifying the design of dynamic updates in the OTS/CafeOBJ method. By verifying the design of a dynamic update, we can (1) gain a better understanding of the update, e.g., how the behavior of the running system is affected by the update, (2) identify updating points where the dynamic update can be safely applied, (3) detect potential errors, and hence (4) design a safer dynamic update.

Haibin Shen,Jimin Wang,Lingdi Ping,Kang Sun

DOI: https://doi.org/10.1007/11689522_32

2006-01-01

Abstract:Flexible features of C can be misused and result in potential vulnerabilities which are hard to detect by performing only static checking. Existing tools either give up run-time type checking or employ a type system whose granularity is too coarse (it does not differentiate between pointer types) so that many errors may go undetected. This paper presents a dynamic checking approach to conquer them. A type system that is based on the physical layout of data types and has the proper granularity has been employed. Rules for propagating dynamic types and checking for compatibility of types during execution of the target program are also set up. Then a model of dynamic type checking on this type system to capture run-time type errors is built. Experimental results show that it can catch most errors, including those may become system vulnerabilities and the overhead is moderate.

Zelin Zhao,Tianxiao Gu,Xiaoxing Ma,Chang Xu,Jian Lu

DOI: https://doi.org/10.1109/apsec.2016.043

2016-01-01

Abstract:Dynamic software updating (DSU) aims to patch software for fixing bugs or adding functions while it is running. Before update, developers need to make a dynamic patch ready, which includes update points, state transformers and a corresponding code patch. Existing practice mostly assumes manual preparation of dynamic patches, but this process can be both time-consuming and error-prone. Some pioneer work attempts to automate this process, but cannot guarantee the generation of safe dynamic patches for most updates. This paper presents a novel approach CURE to automatically generating safe dynamic patches. CURE takes two versions of software and their test cases as input, and automatically synthesizes state transformers and selects update points. We applied CURE to 28 updates for three real-world server software. The experimental results show that CURE generated safe dynamic patches automatically and their corresponding updates achieved an 88.7% success rate, as compared to 74.3% for TOS and 61.2% for default patches.

Min Zhang,Kazuhiro Ogata,Kokichi Futatsugi

DOI: https://doi.org/10.1109/apsec.2015.28

2015-01-01

Abstract:Even though software systems in some domains are expected to provide continuous services, most of them must undergo some form of changes. It leads to the emergence of dynamic software updating, a technique for updating a running software system without incurring any downtime. One of the challenges of designing a correct dynamic update is to identify a set of update points where the update can be safely applied to a running system. In this paper, we present a formal approach to modeling dynamic software updates and use the formal model to identify safe update points. In our approach, we formalize dynamic updates as state machines, and verify by model checking a set of desired properties which the running system is expected to satisfy after being updated. If counterexamples are found, we exclude those states that cause the counterexamples, and do model checking again. The process is iterated until all desired properties are successfully verified. We then finally obtain a set of safe update points. A case study is also presented to demonstrate the feasibility of the proposed approach.

Wang Ji-min,Ping Ling-di,Pan Xue-zeng,Shen Hai-bin,Yan Xiao-lang

DOI: https://doi.org/10.1007/bf02842479

2005-01-01

Journal of Zhejiang University SCIENCE A

Abstract:The C programming language is expressive and flexible, but not safe; as its expressive power and flexibility are obtained through unsafe language features, and improper use of these features can lead to program bugs whose causes are hard to identify. Since C is widely used, and it is impractical to rewrite all existing C programs in safe languages, so ways must be found to make C programs safe. This paper deals with the unsafe features of C and presents a survey on existing solutions to make C programs safe. We have studied binary-level instrumentation tools, source checkers, source-level instrumentation tools and safe dialects of C, and present a comparison of different solutions, summarized the strengths and weaknesses of different classes of solutions, and show measures that could possibly improve the accuracy or alleviate the overhead of existing solutions.

Shi Zhang,LinPeng Huang

DOI: https://doi.org/10.1109/qsic.2006.30

2006-01-01

Abstract:Dynamic software updating enables running programs to be updated while executing. In this paper, a simple formal system is established with the goal of understanding the underlying foundations of updating classes, for the purpose of understanding how to best build reliable updatable programs. The update calculus is built for O-O software with a precise mathematical semantics. It is formulated as an extension of a core calculus for Featherweight Java, and supports updating technology similar to that of the programming language Java and C++. The calculus also presents what kind of update can be made dynamically. At the end of the paper, we proof that these update is type safety

Zhongxin Liu,Xin Xia,David Lo,Meng Yan,Shanping Li

DOI: https://doi.org/10.1109/tse.2021.3138909

IF: 7.4

2021-01-01

IEEE Transactions on Software Engineering

Abstract:Comments are valuable resources for the development, comprehension and maintenance of software. However, while changing code, developers sometimes neglect the evolution of the corresponding comments, resulting in obsolete comments. Such obsolete comments can mislead developers and introduce bugs in the future, and are therefore detrimental. We notice that by detecting and updating obsolete comments in time with code changes, obsolete comments can be effectively reduced and even avoided. We refer to this task as Just-In-Time (JIT) Obsolete Comment Detection and Update. In this work, we propose a two-stage framework named CUP$^\mathrm{2}$2 ( Two -stage C omment UP dater) to automate this task. CUP $^\mathrm{2}$ consists two components, i.e., an O bsolete C omment D etector named OCD and a C omment UP dater named CUP , each of which relies on a distinct neural network model to perform detection (updates). Specifically, given a code change and a corresponding comment, CUP $^\mathrm{2}$ first leverages OCD to predict whether this comment should be updated. If the answer is yes, CUP will be used to generate the new version of the comment automatically. To evaluate CUP $^\mathrm{2}$ , we build a large-scale dataset with over 4 million code-comment change samples. Our dataset focuses on method-level code changes and updates on method header comments considering the importance and widespread use of such comments. Evaluation results show that 1) both OCD and CUP outperform their baselines by significant margins, and 2) CUP $^\mathrm{2}$ performs better than a rule-based baseline. Specifically, the comments generated by CUP $^\mathrm{2}$ are identical to the ground truth for 41.8% of the samples that are predicted to be positive by OCD. We believe CUP $^\mathrm{2}$ can help developers detect obsolete comments, better understand where and how to update obsolete comments and reduce their edits on obsolete comment updates.

Zelin Zhao,Xiaoxing Ma,Chang Xu,Wenhua Yang

2004-01-01

Abstract:Due to the demand for bugs fixing and features enhancements, developers inevitably need to update in-use software systems. Instead of shutting down a running software before updating, it is often desirable and sometimes mandatory to patch the running software system on the fly, with a mechanism generally referred as dynamic software updating (DSU). Practical DSU strategies often require manual specification of update points in the program for performing dynamic updates. At these points DSU systems will update the program code, and also migrate the program state to the new version program (using state transformer functions). However, finding appropriate update points is non-trivial because the choice of update points has great influence on two competing factors: the timeliness of DSU and the complexity of state transformer functions; and to strike a good balance between them requires a deep understanding of both versions of the program. In this paper, we propose a technique that automates the recommendation of update points. We carried out a preliminary study about the feasibility and effectiveness of this technique. By conducting a set of experiments based on an actual DSU case, we found that our technique is automatic, wide-covered and efficient.

Junrong Shen,Xi Sun,Gang Huang,Wenpin Jiao,Yanchun Sun,Hong Mei

DOI: https://doi.org/10.1145/1081706.1081720

2005-01-01

ACM SIGSOFT Software Engineering Notes

Abstract:The continuous requirements of evolving a delivered software system and the rising cost of shutting down a running software system are forcing researchers and practitioners to find ways of updating software as it runs. Dynamic update is a kind of software evolution that updates a running program without interruption. This paper covers the fundamental issues of the mechanisms of dynamic update theoretically. Based on a similarity analysis of many typical approaches to dynamic update during the past decades, we propose a unified formal model (namely, Dynamic Update Connector) to specify mechanisms of updating an architectural component, and reason about its properties. The model borrows the concept of connectors from software architecture community and is specified using process algebra CSP. We also demonstrate the applications of our DUC model.

Zhikun Chen,Weizhong Qiang

DOI: https://doi.org/10.1109/dsc.2017.50

2017-01-01

Abstract:Traditional software updating techniques usually needs to shut down the applications, which make them not applicable for applications that needs continuous service. Dynamic software updating (DSU) can update the running programs without downtime, but the existing DSU systems cannot combine flexibility, immediacy and security when they update the software. This paper presents an Immediate and Safe Live Update System (ISLUS) for C program, which aims to update the multi-threaded program securely and immediately without downtime or extra assistance of the special compiler. To solve the semantic security problem when other DSU systems update the functions being called on the stack, ISLUS makes a novel intermediate function as a transition from the old function to the new function. To guarantee the reliability of DSU, which has many dangerous memory operations, ISLUS proposes a rollback mechanism based on checkpoint that can be used to restore the crashed program, which cannot be achieved by the other DSU systems. We provide an example to explain ISLUS and do the security analysis. We have prototyped our system and deployed ISLUS to update two big data applications: Memcached and Redis. The results indicate that ISLUS is effective and with low-overhead.

Tianxiao Gu,Zelin Zhao,Xiaoxing Ma,Chang Xu,Chun Cao,Jian Lu

DOI: https://doi.org/10.1109/apsec.2016.044

2016-01-01

Abstract:Dynamic software updating (DSU) is a technique that can update running software systems without stopping them. Most existing approaches require programmer participation to guarantee the correctness of dynamic updating. However, manually preparing dynamic updating is error-prone and time-consuming. Therefore, other approaches prefer to aggressively perform updating without programmer intervention, which may definitely lead to unanticipated runtime errors. To reduce human effort and enhance the reliability for dynamic updating, we leverage automatic runtime recovery (ARR) techniques to recover runtime errors caused by improper dynamic updating. This paper presents ADSU, a fully automatic DSU system using ARR. We evaluate ADSU with real updates from widely used open source software systems, i.e., Apache Tomcat, Apache FTP Server and jEdit. The preliminary results have shown that ADSU succeeds in automatically applying 11 of 16 real-world updates that existing counterparts cannot.

Zelin Zhao,Xiaoxing Ma,Chang Xu,Wenhua Yang

DOI: https://doi.org/10.1145/2677832.2677853

2014-01-01

Abstract:Due to the demand for bugs fixing and feature enhancements, developers inevitably need to update in-use software systems. Instead of shutting down a running system before updating, it is often desirable and sometimes mandatory to patch the running software system on the fly, with a mechanism generally referred as dynamic software updating (DSU). Practical DSU strategies often require manual specification of update points in the program for performing dynamic updates. At these points DSU systems will update the program code, and also migrate the program state to the new version program (using transformation functions). However, finding appropriate update points is non-trivial because the choice of update points has great influence on two competing factors: the timeliness of DSU and the complexity of transformation functions; and to strike a good balance between them requires a deep understanding of both versions of the program. In this exploratory paper, we conceive an automated approach to the recommendation of update points for developers. We conduct a set of preliminary experiments with a real world software update case to examine the feasibility of the approach.

Feng Chen,Weizhong Qiang,Hai Jin,Deqing Zou,Duoqiang Wang

DOI: https://doi.org/10.1109/compsac.2015.130

2015-01-01

Abstract:Softwares usually need to be updated to fix bugs or add new features. On the other hand, some critical softwares, such as cloud applications, need to provide service continuously, thus should be updated without downtime. Conventional Dynamic Software Updating (DSU) systems try to update programs while running, but they hardly consider the communication of the program to be updated with other programs, which may lead to some inconsistency problems. We handle the problem with an improved DSU system by using multi-version execution. When a new update arrives, instead of updating the application to the new version, we fork a new process of the old version and dynamically update it to the new version, then make these two versions run concurrently until the update finishes. We implement a prototype system called MUC (Multi-vesion for Updating of Cloud) on Linux. To verify our prototype, we apply MUC to cloud applications Redis and Ice cast, and evaluate the overhead of MUC at runtime.

Xiaohui Xu,Linpeng Huang,Dejun Wang,Junqing Chen

DOI: https://doi.org/10.48550/arXiv.1011.6496

2010-11-30

Abstract:It is important to enable reasoning about the meaning and possible effects of updates to ensure that the updated system operates correctly. A formal, mathematical model of dynamic update should be developed, in order to understand by both users and implementors of update technology what design choices can be considered. In this paper, we define a formal calculus $update\pi$, a variant extension of higher-order $\pi$ calculus, to model dynamic updates of component-based software, which is language and technology independent. The calculus focuses on following main concepts: proper granularity of update, timing of dynamic update, state transformation between versions, update failure check and recovery. We describe a series of rule on safe component updates to model some general processes of dynamic update and discuss its reduction semantics coincides with a labelled transition system semantics that illustrate the expressive power of these calculi.

Logic in Computer Science

Xiaojun Wang,Keyan Shi,Dezhi Dong,Pingping Chen,Changsheng Hu,Dehong Xu

DOI: https://doi.org/10.1109/ifeec.2017.7992261

2017-01-01

Abstract:Verifying digital control programs for a complicated power electronic system is usually time consuming. In this paper, a circuit simulation method to verify digital control programs is investigated. This method uses the C block provided by PSIM to integrate digital control program code into the circuit simulation environment. A program module packaging technique is first exploited to guarantee the program code sharing between the circuit simulation and the practical digital controller. Then a software clock is introduced in simulation to emulate the program execution timing sequence in a real digital controller. A simulation platform for UPS program code verification is established. The software code for a UPS rectifier is verified in both the simulation platform and a practical 50kVA UPS system. The high agreement between simulation and experimental results proves the validity of the investigated program verification method.

Du Siqi,Huang Linpeng,Chen Junqing,Chen Luxi

DOI: https://doi.org/10.3969/j.issn.2095-2783.2012.10.007

2012-01-01

Abstract:Dynamic updating is a software technique that updates running systems without interruption and can help to decrease the downtime of a system.As a new and important computing paradigm,pervasive computing brings new challenges to the design and implementation of dynamic updating.This paper first introduces the characteristics of pervasive computing,analyses the updating objects and current updating mechanism,and evaluates the existing approaches.In order to make dynamic service updating available in pervasive computing,a decentralized mechanism is proposed.The paper also uses the process algebra FSP to build a decentralized formal model and specifies the updating mechanism.Finally,we verify that the model is dead-lock free,client-transparent and service-correct,which ensures that the proposed approach is effective.