State transfer for clear and efficient runtime updates

Dynamic software updating (DSU), the practice of updating software while it executes, is a lively area of research. The DSU approach most prominent in both commercial and research systems is in-place updating, in which patches containing program modifications are loaded into a running process. However, in-place updating suffers from several problems: it requires complex tool support, it may adversely affect the performance of normal execution, it requires challenging reasoning to understand the behavior of an updated program, and it requires extra effort to modify program state to be compatible with an update. This paper presents preliminary work investigating the potential for state transfer updating to address these problems. State transfer updates work by launching a new process running the updated program version and transferring program state from the running process to the updated version. In this paper, we describe the use and implementation of Ekiden, a new state transfer updating library for C/C++ programs. Ekiden seeks to redress the difficulties of in-place updating, and we report on our experience updating VSFTPD using Ekiden. This initial experience suggests that state transfer provides the availability benefits of in-place DSU approaches while addressing many of their shortcomings.

[1]  Feng Long Practical Dynamic Software Updating for C , 2007 .

[2]  Jonathan M. Smith,et al.  EROS: a fast capability system , 1999, SOSP.

[3]  Rida A. Bazzi,et al.  Dynamic software updates: the state mapping problem , 2009, HotSWUp '09.

[4]  Andrew Schultz,et al.  OPUS: Online Patches and Updates for Security , 2005, USENIX Security Symposium.

[5]  Jeffrey S. Foster,et al.  A Testing Based Empirical Study of Dynamic Software Update Safety Restrictions , 2009 .

[6]  Deepak Gupta,et al.  On‐line software version change using state transfer between processes , 1993, Softw. Pract. Exp..

[7]  Kyung Dong Ryu,et al.  Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels , 2007, EuroSys '07.

[8]  Jason Nieh,et al.  AutoPod: Unscheduled System Updates with Zero Data Loss , 2005, Second International Conference on Autonomic Computing (ICAC'05).

[9]  Manuel Oriol,et al.  Practical dynamic software updating for C , 2006, PLDI '06.

[10]  Michael W. Hicks,et al.  Automated detection of persistent kernel control-flow attacks , 2007, CCS '07.

[11]  Kathryn S. McKinley,et al.  Dynamic software updates: a VM-centric approach , 2009, PLDI '09.

[12]  Claes Wikström,et al.  Concurrent programming in ERLANG (2nd ed.) , 1996 .

[13]  Jonathan M. Smith,et al.  A survey of process migration mechanisms , 1988, OPSR.

[14]  Rida A. Bazzi,et al.  Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction , 2009, USENIX Annual Technical Conference.

[15]  Stephen A. Rago,et al.  Advanced Programming in the UNIX(R) Environment (2nd Edition) , 2005 .

[16]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[17]  Haibo Chen,et al.  POLUS: A POwerful Live Updating System , 2007, 29th International Conference on Software Engineering (ICSE'07).

[18]  Kathryn S. McKinley,et al.  Dynamic Software Updates for Java : A VM-Centric Approach , 2008 .

[19]  George C. Necula,et al.  Dependent Types for Low-Level Programming , 2007, ESOP.

[20]  Kai Li,et al.  Libckpt: Transparent Checkpointing under UNIX , 1995, USENIX.