ReCaml: execution state as the cornerstone of reconfigurations

To fix bugs or to enhance a software system without service disruption, one has to update it dynamically during execution. Most prior dynamic software updating techniques require that the code to be changed is not running at the time of the update. However, this restriction precludes any change to the outermost loops of servers, OS scheduling loops and recursive functions. Permitting a dynamic update to more generally manipulate the program's execution state, including the runtime stack, alleviates this restriction but increases the likelihood of type errors. In this paper we present ReCaml, a language for writing dynamic updates to running programs that views execution state as a delimited continuation. ReCaml includes a novel feature for introspecting continuations called match_cont which is sufficiently powerful to implement a variety of updating policies. We have formalized the core of ReCaml and proved it sound (using the Coq proof assistant), thus ensuring that state-manipulating updates preserve type-safe execution of the updated program. We have implemented ReCaml as an extension to the Caml bytecode interpreter and used it for several examples.

[1]  Thierry Coupaye,et al.  The FRACTAL component model and its support in Java: Experiences with Auto-adaptive and Reconfigurable Systems , 2006 .

[2]  Oleg Kiselyov,et al.  How to remove a dynamic prompt: static and dynamic delimited continuation operators are equally expressible , 2005 .

[3]  Xavier Leroy,et al.  Polymorphism by name for references and continuations , 1993, POPL '93.

[4]  Mads Tofte,et al.  Type Inference for Polymorphic References , 1990, Inf. Comput..

[5]  Dilma Da Silva,et al.  Reboots Are for Hardware: Challenges and Solutions to Updating an Operating System on the Fly , 2007, USENIX Annual Technical Conference.

[6]  Michael Hicks,et al.  Dynamic rebinding for marshalling and update, via redex-time and destruct-time reduction , 2007, Journal of Functional Programming.

[7]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[8]  Fabien Dagnat,et al.  Introspecting continuations in order to update active code , 2008, HotSWUp '08.

[9]  Simon L. Peyton Jones,et al.  Making a fast curry: push/enter vs. eval/apply for higher-order languages , 2004, ICFP '04.

[10]  Theo D'Hondt,et al.  Tranquility: A Low Disruptive Alternative to Quiescence for Ensuring Safe Dynamic Updates , 2007, IEEE Transactions on Software Engineering.

[11]  Gavin M. Bierman,et al.  Dynamic rebinding for marshalling and update, with destruct-time ? , 2003, ICFP '03.

[12]  Andrew Schultz,et al.  OPUS: Online Patches and Updates for Security , 2005, USENIX Security Symposium.

[13]  Mikhail Dmitriev,et al.  Safe class and data evolution in large and long-lived Java applications , 2001 .

[14]  James M. Purtilo,et al.  Dynamic reconfiguration in distributed systems: adapting software modules for replacement , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[15]  Simon L. Peyton Jones,et al.  A monadic framework for delimited continuations , 2007, J. Funct. Program..

[16]  Kyung Dong Ryu,et al.  Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels , 2007, EuroSys '07.

[17]  Martin Odersky,et al.  Implementing first-class polymorphic delimited continuations by a type-directed selective CPS-transform , 2009, ICFP.

[18]  Thierry Coupaye,et al.  The FRACTAL component model and its support in Java , 2006, Softw. Pract. Exp..

[19]  Chung-chieh Shan,et al.  Shift control. , 2002, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[20]  Rida A. Bazzi,et al.  Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction , 2009, USENIX Annual Technical Conference.

[21]  Stephen Gilmore,et al.  Dynamic ML without dynamic types , 1997 .

[22]  Xavier Leroy,et al.  The ZINC experiment : an economical implementation of the ML language , 1990 .

[23]  Didier Rémy,et al.  A generalization of exceptions and control in ML-like languages , 1995, FPCA '95.

[24]  MakrisKristis,et al.  Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels , 2007 .

[25]  Jeff Magee,et al.  The Evolving Philosophers Problem: Dynamic Change Management , 1990, IEEE Trans. Software Eng..

[26]  Joe Marshall,et al.  Continuations from generalized stack inspection , 2005, ICFP '05.

[27]  Jean-Marc Jézéquel,et al.  Making Components Contract Aware , 1999, Computer.

[28]  Benjamin C. Pierce Lambda, the ultimate TA: using a proof assistant to teach programming language foundations , 2009, ICFP.

[29]  Paul Le Guernic,et al.  Implementation of the data-flow synchronous language SIGNAL , 1995, PLDI '95.

[30]  Ji Zhang,et al.  Specifying adaptation semantics , 2005, ACM SIGSOFT Softw. Eng. Notes.

[31]  A. K. Wmght Polymorphism for imperative languages without imperative types , 1993 .

[32]  Haibo Chen,et al.  POLUS: A POwerful Live Updating System , 2007, 29th International Conference on Software Engineering (ICSE'07).

[33]  Matthias Felleisen,et al.  The theory and practice of first-class prompts , 1988, POPL '88.

[34]  Yukiyoshi Kameyama,et al.  Polymorphic Delimited Continuations , 2007, APLAS.

[35]  Manuel Oriol,et al.  Practical dynamic software updating for C , 2006, PLDI '06.

[36]  Deepak Gupta,et al.  A Formal Framework for On-line Software Version Change , 1996, IEEE Trans. Software Eng..

[37]  Dilma Da Silva,et al.  Enabling autonomic behavior in systems software with hot swapping , 2003, IBM Syst. J..