A Formal Verification of Safe Update Point Detection in Dynamic Software Updating

Dynamic Software Updating (DSU) consists in updating running programs on the fly without any downtime. This feature is interesting in critical applications that must run continuously. Because updates may lead to safety errors and security breaches, the question of their correctness is raised. Formal methods are a rigorous means to ensure the high level of safety requested by such applications. The detection of points to perform safe updates is a critical issue in DSU. Indeed, an hazardous update point leads the updated system to erroneous and unexpected behavior. We present in this paper a mechanism to detect safe update points in DSU for Java Card applications. The mechanism is then formally verified using model checking against correctness properties: deadlock free, activeness safety and DSU-liveness.

[1]  Dilma Da Silva,et al.  Module hot-swapping for dynamic update and reconfiguration in K42 , 2005 .

[2]  Umesh Bellur,et al.  Correctness of Request Executions in Online Updates of Concurrent Object Oriented Programs , 2008, 2008 15th Asia-Pacific Software Engineering Conference.

[3]  Nathaniel Charlton,et al.  Formal reasoning about runtime code update , 2011, 2011 IEEE 27th International Conference on Data Engineering Workshops.

[4]  Julian Rathke,et al.  Migrating protocols in multi-threaded message-passing systems , 2009, HotSWUp '09.

[5]  Kazuhiro Ogata,et al.  An Algebraic Approach to Formal Analysis of Dynamic Software Updating Mechanisms , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[6]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[7]  Jean-Louis Lanet,et al.  Hot updates for Java based smart cards , 2011, 2011 IEEE 27th International Conference on Data Engineering Workshops.

[8]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[9]  Jean-Louis Lanet,et al.  An Approach for Formal Verification of Updated Java Bytecode Programs , 2015, VECoS.

[10]  Michael Hicks,et al.  Mutatis Mutandis : Safe and predictable dynamic software updating , 2007 .

[11]  Michael Hicks,et al.  Contextual effects for version-consistent dynamic software updating and safe concurrent programming , 2008, POPL '08.

[12]  Kazuhiro Ogata,et al.  Towards a Formal Approach to Modeling and Verifying the Design of Dynamic Software Updates , 2015, 2015 Asia-Pacific Software Engineering Conference (APSEC).

[13]  Kazuhiro Ogata,et al.  Formalization and Verification of Behavioral Correctness of Dynamic Software Updates , 2013, Electron. Notes Theor. Comput. Sci..

[14]  Jianhua Liu,et al.  A Framework for Dynamic Updating of Service Pack in the Internet of Things , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[15]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[16]  Gerard J. Holzmann,et al.  An Automated Verification Method for Distributed Systems Software Based on Model Extraction , 2002, IEEE Trans. Software Eng..

[17]  Lei Wang,et al.  Dynamic Software Updating for Onboard Software , 2012, 2012 Second International Conference on Intelligent System Design and Engineering Application.

[18]  Simon Holmbacka,et al.  Lightweight Framework for Runtime Updating of C-Based Software in Embedded Systems , 2013, HotSWUp.

[19]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[20]  Michael Hicks,et al.  Specifying and Verifying the Correctness of Dynamic Software Updates , 2012, VSTTE.

[21]  Kyung Dong Ryu,et al.  Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels , 2007, EuroSys '07.

[22]  Peter Sewell,et al.  Formalizing Dynamic Software Updating , 2003 .

[23]  Manuel Oriol,et al.  Disruption-free software updates in automation systems , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).