Highly reliable upgrading of components

After a system is deployed, fixes, enhancements, and modifications all occur that change the components that make up the system. Unfortunately, new versions of components can introduce new errors and break existing, depended-upon behavior. When this happens, the old component version could have provided the correct behavior, but it is no longer part of the system. We propose a framework, HERCULES, for upgrading system components that, instead of removing the old version of the component, keeps multiple versions of a component running. Doing so allows behavior to be utilized from all versions, and maintains system integrity and correctness even in the presence of newly introduced errors. This framework ensures that the move towards dynamic, configurable software systems does not lessen, but rather provides capabilities to enhance the reliability that software will achieve through the next century.

[1]  Dennis Heimbigner,et al.  Software Architecture, Conguration Management, and Congurable Distributed Systems: A M enage a Trois , 1998 .

[2]  Nancy G. Leveson,et al.  Analysis of Faults in an N-Version Software Experiment , 1990, IEEE Trans. Software Eng..

[3]  David S. Rosenblum A Practical Approach to Programming With Assertions , 1995, IEEE Trans. Software Eng..

[4]  Jay Lepreau,et al.  Dynamic program monitoring and transformation using the OMOS object server , 1993, [1993] Proceedings of the Twenty-sixth Hawaii International Conference on System Sciences.

[5]  James M. Purtilo,et al.  An Environment for Developing Fault-Tolerant Software , 1991, IEEE Trans. Software Eng..

[6]  Roger Kehr,et al.  Towards a requirements-based information model for configuration management , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[7]  Xavier Rousset de Pina,et al.  Dynamic configuration management in the Guide object-oriented distributed system , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[8]  Jay Lepreau,et al.  The Flux OSKit: a substrate for kernel and language research , 1997, SOSP.

[9]  Elizabeth L. White,et al.  Application of dynamic reconfiguration in the design of fault tolerant production systems , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[10]  David S. Rosenblum Automated Monitoring of Component Integrity in Distributed Object Systems , 1997 .

[11]  David C. Luckham Programming with Specifications: An Introduction to ANNA, A Language for Specifying Ada Programs , 1990 .

[12]  John K. Ousterhout,et al.  Tcl and the Tk Toolkit , 1994 .

[13]  David P. Gluch,et al.  Workshop on the State Of the Practice in Dependably Upgrading Critical Systems April 16-17,1997 , 1997 .

[14]  S. Yau,et al.  Design of self-checking software , 1975, Reliable Software.

[15]  Jeff Kramer,et al.  Maintaining node consistency in the face of dynamic change , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[16]  Jonathan Cook Assertions for the Tcl Language , 1997, Tcl/Tk Workshop.

[17]  Guy Juanole,et al.  Observer-A Concept for Formal On-Line Validation of Distributed Systems , 1994, IEEE Trans. Software Eng..

[18]  Steffen Hauptmann,et al.  On-line maintenance with on-the-fly software replacement , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[19]  D. E. Eckhardt,et al.  A theoretical basis for the analysis of redundant software subject to coincident errors , 1985 .

[20]  Flaviu Cristian,et al.  Understanding fault-tolerant distributed systems , 1991, CACM.

[21]  Bev Littlewood,et al.  Conceptual Modeling of Coincident Failures in Multiversion Software , 1989, IEEE Trans. Software Eng..

[22]  Jeff Magee,et al.  The Evolving Philosophers Problem: Dynamic Change Management , 1990, IEEE Trans. Software Eng..

[23]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[24]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[25]  Santosh K. Shrivastava,et al.  Architectural support for dynamic reconfiguration of large scale distributed applications , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[26]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[27]  Don Welch Building self-reconfiguring distributed systems using compensating reconfiguration , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[28]  Jeff Magee,et al.  A replication protocol to support dynamically configurable groups of servers , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[29]  D. Partridge Distinct Failure Diversity in Multiversion SoftwareDerek Partridge , 1997 .

[30]  Reidar Conradi,et al.  Version models for software configuration management , 1998, CSUR.

[31]  Peyman Oreizy,et al.  On the role of software architectures in runtime system reconfiguration , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[32]  Roberto Ierusalimschy,et al.  Dynamic configuration with CORBA components , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[33]  James M. Purtilo,et al.  The POLYLITH software bus , 1994, TOPL.

[34]  Santosh K. Shrivastava Lessons Learned from Building and Using the Arjuna Distributed Programming System , 1994, Dagstuhl Seminar on Distributed Systems.

[35]  Peter Fritzson,et al.  Using assertions in declarative and operational models for automated debugging , 1994, J. Syst. Softw..

[36]  Santosh K. Shrivastava,et al.  Using application specific knowledge for configuring object replicas , 1996, Proceedings of International Conference on Configurable Distributed Systems.

[37]  Lui Sha,et al.  Evolving dependable real-time systems , 1996, 1996 IEEE Aerospace Applications Conference. Proceedings.

[38]  Valérie Issarny,et al.  A dynamic reconfiguration service for CORBA , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[39]  S. S. Yau,et al.  Design of self-checking software , 1975 .

[40]  Peter H. Feiler,et al.  Consistency in dynamic reconfiguration , 1998, Proceedings. Fourth International Conference on Configurable Distributed Systems (Cat. No.98EX159).

[41]  Dennis Heimbigner,et al.  Software Architecture, Configuration Management, and Configurable Distributed Systems: A Menage a Trois , 1998 .

[42]  Naranker Dulay,et al.  A constructive development environment for parallel and distributed programs , 1994, Proceedings of 2nd International Workshop on Configurable Distributed Systems.

[43]  Mikhail Auguston,et al.  A debugger and assertion checker for the Awk programming language , 1996, Proceedings 1996 International Conference Software Engineering: Education and Practice.