Stretched grid method: Difference between revisions

From formulasearchengine
Jump to navigation Jump to search
en>Sun Creator
 
en>E v popov
Line 1: Line 1:
In [[computer science]], '''Dynamic Software Updating''' (or ''DSU'') is a field of research pertaining to [[upgrade|upgrading]] programs while they are running. DSU is not currently widely used in industry. However, researchers have developed a wide variety of systems and techniques for implementing DSU. These systems are commonly tested on real-world programs. [[Ksplice]] is currently the most widely known DSU system.


Current operating systems and programming languages are typically not designed with DSU in mind. As such, DSU implementations commonly either utilize existing tools, or implement specialty [[Compiler]]s. These compilers preserve the semantics of the original program, but instrument either the source code or object code to produce a dynamically updateable program. Researchers compare DSU-capable variants of programs to the original program to assess safety and performance overhead.


The Forex exchange market market or Foreign Foreign money Alternate market is inclined one of the largest stock investing market in the world with over USD sole.three Trillion traded in a day. Salvaging drawing attention ever given it is open to Online trading. Forex trading can also be very profitable in case you are taking a long time to begin a right kind research, understanding more in comparison few options and pick a device made just for you. Essentially the most used Forex buying and selling machine might not be essentially the in wants and.<br><br>In most businesses, activity is laborious. The hours are long. The rejection is [http://www.wonderhowto.com/search/embarrassing/ embarrassing]. The success rate is embarrassing. Frankly, with each of the obstacles that hinder success in work from home business - failure is almost inevitable.<br><br>Comply just about all the regulations. This particular I mean comply with distance selling regulations, privacy regulations, and website accessibility etc and lots of others. Comply as and where you can construct a more potent amazing selling machine.<br><br>Don't improve mistake in thinking you can start making money without ANY investment. Your investment idea income for none of them. Here is the bare minimum you should expect to shell out. If you aren't willing to spend this much money, you may need to go find another joint partnership. $8.95 per year for a url.$6.00 per month for hosting [https://www.youtube.com/watch?v=jZ-rP3WK7bo web page].$50 to $100 for a good web editor like DreamWeaver.$400 for a great computer (check Dell's Refurbished site to find deals).and a trade in products if you are going to be selling physical products online.<br><br>Amazon sales are booming, and the actual reason being because within the ease helpful the site has as well as the simple shopping methods. You can do not in order to leave the comforts of your home, an individual will be shopping from your own personal computer. Exercise it not comfortable, but very convenient as correctly. This is why so people today are looking towards shopping this way, that also is a brilliant time an individual to access the sales action. Tend to be many so many items that you can think about selling on amazon, that you may already have got a difficult time choosing you actually will sell first. Very same start out selling one item and end track of a virtual store live on the internet. With many items you can be selling, you be kept busy enough to think about it a part-time endeavor.<br><br>What should you get regarding? Clean out that garage, your closet, your shed. you'll find stuff. Ask neighbors. Offer to take it away for free. If they wanted to sell it, strike a cope with them to market it for them and obtain a percentage.<br><br>Branding is often a conceptual release. But what about the more practical aspects of packaging? Variety of materials should companies use? Just how can products be packaged and shipped safely without pain? As an expert in packaging, it's as high as you to provide such guidance. Many businesses wish to package and ship unique products, they will don't just how to to package the products properly. Like a result, the items get damaged during cross over. This leads to loss of revenues.<br><br>Advertising Start tracking your competition's target marketing. If they've kept drinks as well . ad posted on Facebook up for months, that means that ad is position. As you track your competition's ads up over time, you are able to model their successes. That's all Received for today, do i want to know what we though with this post on the inside comments message!!!!!!!
== Introduction ==
 
Any running program can be thought of a [[tuple]] <math>(\delta, P)</math>, where <math>\delta</math> is the current program state and <math>P</math> is the current program code. Dynamic software updating systems transform a running program <math>(\delta, P)</math> to a new version <math>(\delta', P')</math>. In order to do this, the state must be transformed into the representation <math>P'</math> expects. This requires a ''state transformer'' function. Thus, DSU transforms a program <math>(\delta, P)</math> to <math>(S (\delta), P')</math>. An update is considered '''valid''' if and only if the running program <math>(S (\delta), P')</math> can be reduced to a point tuple <math>(\delta, P')</math> that is reachable from the starting point of the new version of the program, <math>(\delta_{init}, P')</math>.<ref name = "gupta" />
 
The location in a program where a dynamic update occurs is referred to as an '''update point'''. Existing DSU implementations vary widely in their treatment of update points. In some systems, such as [[#UpStare|UpStare]] and [[#PoLUS|PoLUS]], an update can occur at any time during execution. [[#Ginseng|Ginseng]]'s compiler will attempt to infer good locations for update points, but can also use programmer-specified update points. [[#Kitsune and Ekiden|Kitsune and Ekiden]] require developers to manually specify and name all update points.
 
Updating systems differ in the types of program changes that they support. For example, [[#Ksplice|Ksplice]] only supports code changes in functions, and does not support changes to state representation. This is because Ksplice primarily targets security changes, rather than general updates. In contrast, [[#Kitsune and Ekiden|Ekiden]] can update a program to any other program capable of being executed, even one written in a different programming language. Systems designers can extract valuable performance or safety assurances by limiting the scope of updates. For example, any [[#Update Safety|update safety check]] limits the scope of updates to updates which pass that safety check. The mechanism used to transform code and state influences what kinds of updates a system will support.
 
DSU systems, as tools, can also be evaluated on their ease-of-use and clarity to developers. Many DSU systems, such as [[#Ginseng|Ginseng]], require programs to pass various static analyses. While these analyses prove properties of programs that are valuable for DSU, they are by nature sophisticated and difficult to understand. DSU systems that do not use a static analysis might require use of a specialized compiler. Some DSU systems require neither static analysis nor specialty compilers.
 
Programs that are updated by a DSU system are referred to as '''target programs'''. Academic publications of DSU systems commonly include several target programs as case studies. [[vsftpd]], [[OpenSSH]], [[PostgreSQL]], [[Tor (anonymity network)|Tor]], [[Apache HTTP Server|Apache]], [[GNU Zebra]], [[memcached]], and [[Redis]] are all dynamic updating targets for various systems. Since few programs are written with support for dynamic updating in mind, retrofitting existing programs is a valuable means of evaluating a DSU system for practical use.
 
== Related Fields ==
 
The problem space addressed by dynamic updating can be thought of as an intersection of several others. Examples include [[checkpointing]], [[dynamic linking]], and [[Persistence (computer science)|persistence]]. A database that must be [[backwards-compatible]] with previous versions of its on-disk file format must accomplish the same type of state transformation expected of a dynamic updating system. Likewise, a program that has a plugin architecture must be able to load and execute new code at runtime.
 
== History ==
 
The earliest precursor to dynamic software updating is [[Redundancy (engineering)|redundant systems]]. In a redundant environment, spare systems exist ready to take control of active computations in the event of a failure of the main system. These systems contain a main machine and a ''hot spare''. The hot spare would be periodically seeded with a [[checkpoint]] of the primary system. In the event of a failure, the hot spare would take over, and the main machine would become the new hot spare. This pattern can be generalized to updating. In the event of an update, the hot spare would activate, the main system would update, and then the updated system would resume control.
 
The earliest true Dynamic Software Updating system is [[#DYMOS|DYMOS]] (''Dy''namic ''Mo''dification ''S''ystem).<ref name="dymos"/> Presented in 1983 in the PhD dissertation of Insup Lee, DYMOS was a fully integrated system that had access to an interactive user interface, a compiler and runtime for a [[Modula]] variant, and source code. This enabled DYMOS to type-check updates against the existing program.
 
== DSU Implementation ==
 
DSU systems must load new code into a running program, and transform existing state into a format that is understood by the new code. Since many motivational use-cases of DSU are time-critical (for example, deploying a security fix on a live and vulnerable system), DSU systems must provide adequate '''update availability'''. Some DSU systems also attempt to ensure that updates are safe before applying them.
 
There is no one canonical solution to any of these problems. Typically, a DSU system that performs well in one problem area does so at a trade-off to others. For example, empirical testing of dynamic updates indicates that increasing the number of update points results in an increased number of unsafe updates.<ref name="testing" />
 
== Code Transformation ==
 
Most DSU systems use [[subroutine]]s as the unit of code for updates; however, newer DSU systems implement whole-program updates.<ref name="ekiden" /><ref name="kitsune" />
 
If the target program is implemented in a [[virtual machine]] language, the VM can use existing infrastructure to load new code, since modern virtual machines support runtime loading for other use cases besides DSU (mainly [[debugging]]). The [[HotSpot]] [[JVM]] supports runtime code loading, and DSU systems targeting [[Java (programming language)]] can utilize this feature.
 
In native languages such as [[C (programming language)|C]] or [[C++]], DSU systems can use specialized compilers that insert indirection into the program. At update time, this indirection is updated to point to the newest version. If a DSU system does not use a compiler to insert these indirections statically, it insert them at runtime with '''binary rewriting'''. Binary rewriting is the process of writing low-level code into the memory image of a running native program to re-direct functions. While this requires no static analysis of a program, it is highly platform-dependent.
 
[[#Ekiden and Kitsune|Ekiden and Kitsune]] load new program code via starting an entirely new program, either through [[fork-exec]] or [[dynamic loading]]. The existing program state is then transferred to the new program space.<ref name="ekiden" /><ref name="kitsune" />
 
== State Transformation ==
 
During an update, program state must be transformed from the original representation to the new version's representation. This is referred to as '''state transformation'''. A function which transforms a state object or group of objects is referred to as a ''transformer function'' or ''state transformer''.
 
DSU systems can either attempt to synthesize transformer functions, or require that the developer manually supply them. Some systems mix these approaches, inferring some elements of transformers while requiring developer input on others.
 
These transformer functions can either be applied to program state lazily, as each piece of old-version state is accessed, or eagerly, transforming all state at update time. Lazy transformation ensures that the update will complete in constant time, but also incurs steady-state overhead on object access. Eager transformation incurs more expense at the time of update, requiring the system to [[Stop_and_copy#Stop-the-world_vs._incremental_vs._concurrent|stop the world]] while all transformers run. However, eager transformation allows compilers to fully optimize state access, avoiding the steady-state overhead involved with lazy transformation.
 
== Update Safety ==
 
Most DSU systems attempt to show some safety properties for updates. The most common variant of safety checking is type safety, where an update is considered safe if it does not result in any new code operating on an old state representation, or vice versa.
 
Type safety is typically checked by showing one of two properties, '''activeness safety''' or '''cons-freeness safety'''. A program is considered activeness-safe if no updated function exists on the [[call stack]] at update time. This proves safety because control can never return to old code that would access new representations of data.
 
''Cons-Freeness'' is another way to prove type safety, where a section of code is considered safe if it does not access state of a given type in a way that requires knowledge of the type representation. This code can be said to not access the state ''concretely'', while it may access the state ''abstractly''. It is possible to prove or disprove ''cons-freeness'' for all types in any section of code, and the DSU system Ginseng uses this to prove type safety.<ref name="cons-freeness" /><ref name="ginseng" /> If a function is proven ''cons-free'', it can be updated even if it is live on the stack, since it will not cause a type error by accessing state using the old representation.
 
Empirical analysis of ''cons-freeness'' and activeness safety by Hayden et all show that both techniques permit most correct updates and deny most erroneous updates. However, manually selecting update points results in zero update errors, and still allows frequent update availability.<ref name="testing" />
 
== Existing DSU systems==
 
=== DYMOS ===
 
DYMOS is notable in that it was the earliest proposed DSU system. DYMOS consists of a fully integrated environment for programs written in a derivative of [[Modula]], giving the system access to a command interpreter, source code, compiler, and runtime environment, similar to a [[REPL]]. In DYMOS, updates are initiated by a user executing a command in the interactive environment. This command includes directives specifying when an update can occur, called ''when-conditions''. The information available to DYMOS enables it to enforce type-safety of updates with respect to the running target program.<ref name="dymos" />
 
=== Ksplice ===
 
[[Ksplice]] is a specialized DSU system that targets only the [[Linux (kernel)|kernel Linux]]. It uses a [[diff]] to determine changes between current and updated versions of Linux, and then uses binary rewriting to insert the changes into the running kernel. Ksplice is unique among DSU systems in that it supports a single target program, and that target program is an [[Kernel (computing)|operating system kernel]].<ref name="ksplice" />
 
Ksplice was maintained by a commercial venture founded by its original authors, Ksplice Inc.. Ksplice Inc. was acquired by Oracle in July 2011.<ref>{{cite news|url=http://www.oracle.com/us/corporate/Acquisitions/ksplice/index.html|accessdate=21 July 2011}}</ref>
 
=== Ginseng ===
 
Ginseng is a general-purpose DSU system. It is the only DSU system to use the ''cons-freeness'' safety technique, allowing it to update functions that are live on the stack as long as they do not make concrete accesses to updated types.
 
Ginseng is implemented as a source-to-source compiler written using the [[C Intermediate Language]] framework in [[OCaml]]. This compiler inserts indirection to all function calls and type accesses, enabling Ginseng to lazily transform state at the cost of imposing a constant-time overhead for the entirety of the program execution.<ref name="ginseng" /> Ginseng's compiler proves the ''cons-freeness'' properties of the entire initial program and of dynamic patches.
 
Later versions of Ginseng also support a notion of transactional safety. This allows developers to annotate a sequence of function calls as a logical unit, preventing updates from violating program semantics in ways that are not detectable by either activeness safety or ''cons-freeness'' safety. For example, in two versions of [[OpenSSH]] examined by Ginseng's authors, important user verification code was moved between two functions called in sequence. If the first version of the first function executed, an update occurred, and the new version of the second function was executed, then the verification would never be performed. Marking this section as a transaction ensures that an update will not prevent the verification from occurring.<ref name="vc" />
 
=== UpStare ===
 
UpStare is a DSU system that uses a unique updating mechanism, '''stack reconstruction'''. To update a program with UpStare, a developer specifies a mapping between any possible stack frames. UpStare is able to use this mapping to immediately update the program at any point, with any number of threads, and with any functions live on the stack.<ref name="upstare" />
 
=== PoLUS ===
 
PoLUS is a binary-rewriting DSU system for [[C (programming language)|C]]. It is able to update unmodified programs at any point in their execution. To update functions, it rewrites the prelude to a target function to redirect to a new function, chaining these redirections over multiple versions. This avoids steady-state overhead in functions that have not been updated.<ref name="polus" />
 
=== Kitsune and Ekiden ===
 
Ekiden and Kitsune are two variants of a single DSU system that implements the state-transfer style of DSU for programs written in [[C (programming language)|C]]. Rather than updating functions within a single program, Ekiden and Kitsune perform updates over whole programs, transferring necessary state between the two executions. While Ekiden accomplishes this by starting a new program using the [[UNIX]] idiom of [[fork-exec]], serializing the target program's state, and transferring it, Kitsune uses [[dynamic linking]] to perform "in-place" state transfer. Kitsune is derived from Ekiden's codebase, and can be considered a later version of Ekiden.
 
Ekiden and Kitsune are also notable in that they are implemented primarily as application-level libraries, rather than specialized runtimes or compilers. As such, to use Ekiden or Kitsune, an application developer must manually mark state that is to be transferred, and manually select points in the program where an update can occur. To ease this process, Kitsune includes a specialized compiler that implements a [[domain-specific language]] for writing state transformers.<ref name="ekiden" /><ref name="kitsune" />
 
=== Erlang ===
 
[[Erlang (programming language)|Erlang]] supports Dynamic Software Updating, though this is commonly referred to as "[[Erlang_(programming_language)#Hot_code_loading_and_modules|hot code loading]]". Erlang requires no safety guarantees on updates, but Erlang culture suggests that developers write in a defensive style that will gracefully handle type errors generated by updating.
 
== See also ==
 
*[[Ksplice]]
*[[Persistence (computer science)]]
 
== External links==
*[http://ksplice.com Ksplice Homepage]
*[https://github.com/cormander/ksplice Ksplice Source Code]
*[http://www.cs.umd.edu/projects/dsu/ Ginseng Project Page and Source Code] UpStare Paper] PoLUS Paper]
*[http://www.erlang.org/ Erlang Homepage]
 
== References ==
 
{{Reflist|
  refs = <ref name="ekiden">{{cite journal
|first1 = Chris | last1 = Hayden
|first2 = Edward K. | last2 = Smith
|first3 = Michael | last3 = Hicks
|first4 = Jeffery | last4 = Foster
|journal = Data Engineering Workshops (ICDEW), 2011 IEEE 27th International Conference on
|pages = 179–184
|publisher = IEEE
|url = http://www.cs.umd.edu/~jfoster/papers/hotswup11.pdf
|year = 2011
|title = State transfer for clear and efficient runtime updates }}</ref><ref name="kitsune">{{cite journal
| last1 = Hayden
| first1 = Chris
| last2 = Smith
| first2 = Edward K.
| first3 = Michail | last3 = Denchev
| first4 = Michael | last4 = Hicks
| first5 = Jeffery | last5 = Foster
| year = 2011
| title = Kitsune: Efficient, General-purpose Dynamic Software Updating for C
| url = http://www.cs.umd.edu/~mwh/papers/kitsune.pdf }}</ref><ref name="testing">{{cite journal
|title = Evaluating dynamic software update safety using systematic testing
|first1 = Chris | last1 = Hayden
|first2 = Edward K | last2 = Smith
|first3 = Eric | last3 = Hardisty
|first4 = Michael | last4 = Hicks
|first5 = Jeffery | last5 = Foster
| year = 2011
|journal = Software Engineering, IEEE Transactions on
|issue = 99
|publisher = IEEE
|url = http://www.cs.umd.edu/~hayden/papers/empiricalsafety-draft.pdf }}</ref><ref name="ginseng">{{cite journal
| title = Practical dynamic software updating for C
| first1 = Iulian | last1 = Neamtiu
| first2 = Michael| last2 = Hicks
| first3 = Gareth | last3 = Stoyle
| first4 = Manuel | last4 = Oriol
| journal = ACM SIGPLAN Notices
| volume = 41
| issue = 6
| pages = 72–83
| publisher = ACM
| url = http://www.cs.umd.edu/~mwh/papers/ginseng.pdf }}</ref><ref name="cons-freeness">{{cite journal
|title = Mutatis mutandis: Safe and predictable dynamic software updating
|first1 = Gareth | last1 = Stoyle
|first2 = Michael | last2 = Hicks
|first3 = Gavin | last3 = Bierman
|first4 = Peter | last4 = Sewall
|first5 = Iulian | last5 = Neamtiu
|year = 2005
|journal = Proceedings of the ACM Conference on Principles of Programming Languages
| url = http://www.cs.umd.edu/~mwh/papers/proteus-popl.pdf }}</ref><ref name="upstare">{{cite journal
|title= Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction
|first1 = Kristis | last1 = Makris
|first2 = Rida A. | last2 = Bazzi
|journal = Proceedings of the 2009 conference on USENIX Annual technical conference
|url = http://files.mkgnu.net/files/upstare/doc/misc/upstare_usenix_09.pdf
|year = 2009 }}</ref><ref name="polus">{{cite journal
|title = POLUS: A POwerful Live Updating System
|author1 = Haibo Chen
|author2 = Jie Yu
|author3 = Rong Chen
|author4 = Binyu Zang
|author5 = Pen-Chung Yew
|journal = Software Engineering, 29th International Conference on
|year = 2007
|pages = 271–281
|url = http://ppi.fudan.edu.cn/system/publications/paper/chen-polus.pdf }}</ref><ref name="ksplice">{{cite journal
|title = Ksplice: automatic rebootless kernel updates
|first1 = Jeff |last1 = Arnold
|first2 = M. Frans | last2 = Kaashoek
|authorlink2 = Frans Kaashoek 
|year = 2009
| journal = Proceedings of the 4th ACM European conference on Computer systems
| doi = 10.1145/1519065.1519085
|url = https://www.ksplice.com/doc/ksplice.pdf }}</ref><ref name="dymos">{{cite thesis
|author = Insup Lee
|title = DYMOS: A DYNAMIC MODIFICATION SYSTEM
|degree = Doctor of Philosophy (Computer Science)
|year=1983
|publisher = University of Wisconsin - Madison
|url = http://www.cis.upenn.edu/~lee/mydissertation.doc }}</ref><ref name="gupta">{{cite journal
|last1 = Gupta | first1 = Deepak
|last2 = Jalote | first2 = Pankaj
|last3 = Barua | first3 = Gautam
|title = A Formal Framework for On-line Software Version Change
|journal = IEEE Transactions on Software Engineering
|volume = 22
|number = 2
|pages = 120–131
|url = http://www.win.tue.nl/~hmei/SoftwareUpdate/A%20formal%20framework%20for%20on-line%20software%20version%20change.pdf
|year = 1996}}</ref>
<ref name="vc">{{cite journal
| first1 = Iulian | last1 = Neamtiu
| first2 = Michael| last2 = Hicks
| first3 = Jeffrey | last3 = Foster
| first4 = Polyvios | last4 = Pratikakis
|title = Contextual Effects for Version-Consistent Dynamic Software Updating and Safe Concurrent Programming
|journal = Proceedings of the {ACM} Conference on Principles of Programming Languages (POPL)
|year = 2008
|pages= 37–58 }}
</ref> }}
 
[[Category:System administration]]

Revision as of 06:31, 17 January 2014

In computer science, Dynamic Software Updating (or DSU) is a field of research pertaining to upgrading programs while they are running. DSU is not currently widely used in industry. However, researchers have developed a wide variety of systems and techniques for implementing DSU. These systems are commonly tested on real-world programs. Ksplice is currently the most widely known DSU system.

Current operating systems and programming languages are typically not designed with DSU in mind. As such, DSU implementations commonly either utilize existing tools, or implement specialty Compilers. These compilers preserve the semantics of the original program, but instrument either the source code or object code to produce a dynamically updateable program. Researchers compare DSU-capable variants of programs to the original program to assess safety and performance overhead.

Introduction

Any running program can be thought of a tuple (δ,P), where δ is the current program state and P is the current program code. Dynamic software updating systems transform a running program (δ,P) to a new version (δ,P). In order to do this, the state must be transformed into the representation P expects. This requires a state transformer function. Thus, DSU transforms a program (δ,P) to (S(δ),P). An update is considered valid if and only if the running program (S(δ),P) can be reduced to a point tuple (δ,P) that is reachable from the starting point of the new version of the program, (δinit,P).[1]

The location in a program where a dynamic update occurs is referred to as an update point. Existing DSU implementations vary widely in their treatment of update points. In some systems, such as UpStare and PoLUS, an update can occur at any time during execution. Ginseng's compiler will attempt to infer good locations for update points, but can also use programmer-specified update points. Kitsune and Ekiden require developers to manually specify and name all update points.

Updating systems differ in the types of program changes that they support. For example, Ksplice only supports code changes in functions, and does not support changes to state representation. This is because Ksplice primarily targets security changes, rather than general updates. In contrast, Ekiden can update a program to any other program capable of being executed, even one written in a different programming language. Systems designers can extract valuable performance or safety assurances by limiting the scope of updates. For example, any update safety check limits the scope of updates to updates which pass that safety check. The mechanism used to transform code and state influences what kinds of updates a system will support.

DSU systems, as tools, can also be evaluated on their ease-of-use and clarity to developers. Many DSU systems, such as Ginseng, require programs to pass various static analyses. While these analyses prove properties of programs that are valuable for DSU, they are by nature sophisticated and difficult to understand. DSU systems that do not use a static analysis might require use of a specialized compiler. Some DSU systems require neither static analysis nor specialty compilers.

Programs that are updated by a DSU system are referred to as target programs. Academic publications of DSU systems commonly include several target programs as case studies. vsftpd, OpenSSH, PostgreSQL, Tor, Apache, GNU Zebra, memcached, and Redis are all dynamic updating targets for various systems. Since few programs are written with support for dynamic updating in mind, retrofitting existing programs is a valuable means of evaluating a DSU system for practical use.

Related Fields

The problem space addressed by dynamic updating can be thought of as an intersection of several others. Examples include checkpointing, dynamic linking, and persistence. A database that must be backwards-compatible with previous versions of its on-disk file format must accomplish the same type of state transformation expected of a dynamic updating system. Likewise, a program that has a plugin architecture must be able to load and execute new code at runtime.

History

The earliest precursor to dynamic software updating is redundant systems. In a redundant environment, spare systems exist ready to take control of active computations in the event of a failure of the main system. These systems contain a main machine and a hot spare. The hot spare would be periodically seeded with a checkpoint of the primary system. In the event of a failure, the hot spare would take over, and the main machine would become the new hot spare. This pattern can be generalized to updating. In the event of an update, the hot spare would activate, the main system would update, and then the updated system would resume control.

The earliest true Dynamic Software Updating system is DYMOS (Dynamic Modification System).[2] Presented in 1983 in the PhD dissertation of Insup Lee, DYMOS was a fully integrated system that had access to an interactive user interface, a compiler and runtime for a Modula variant, and source code. This enabled DYMOS to type-check updates against the existing program.

DSU Implementation

DSU systems must load new code into a running program, and transform existing state into a format that is understood by the new code. Since many motivational use-cases of DSU are time-critical (for example, deploying a security fix on a live and vulnerable system), DSU systems must provide adequate update availability. Some DSU systems also attempt to ensure that updates are safe before applying them.

There is no one canonical solution to any of these problems. Typically, a DSU system that performs well in one problem area does so at a trade-off to others. For example, empirical testing of dynamic updates indicates that increasing the number of update points results in an increased number of unsafe updates.[3]

Code Transformation

Most DSU systems use subroutines as the unit of code for updates; however, newer DSU systems implement whole-program updates.[4][5]

If the target program is implemented in a virtual machine language, the VM can use existing infrastructure to load new code, since modern virtual machines support runtime loading for other use cases besides DSU (mainly debugging). The HotSpot JVM supports runtime code loading, and DSU systems targeting Java (programming language) can utilize this feature.

In native languages such as C or C++, DSU systems can use specialized compilers that insert indirection into the program. At update time, this indirection is updated to point to the newest version. If a DSU system does not use a compiler to insert these indirections statically, it insert them at runtime with binary rewriting. Binary rewriting is the process of writing low-level code into the memory image of a running native program to re-direct functions. While this requires no static analysis of a program, it is highly platform-dependent.

Ekiden and Kitsune load new program code via starting an entirely new program, either through fork-exec or dynamic loading. The existing program state is then transferred to the new program space.[4][5]

State Transformation

During an update, program state must be transformed from the original representation to the new version's representation. This is referred to as state transformation. A function which transforms a state object or group of objects is referred to as a transformer function or state transformer.

DSU systems can either attempt to synthesize transformer functions, or require that the developer manually supply them. Some systems mix these approaches, inferring some elements of transformers while requiring developer input on others.

These transformer functions can either be applied to program state lazily, as each piece of old-version state is accessed, or eagerly, transforming all state at update time. Lazy transformation ensures that the update will complete in constant time, but also incurs steady-state overhead on object access. Eager transformation incurs more expense at the time of update, requiring the system to stop the world while all transformers run. However, eager transformation allows compilers to fully optimize state access, avoiding the steady-state overhead involved with lazy transformation.

Update Safety

Most DSU systems attempt to show some safety properties for updates. The most common variant of safety checking is type safety, where an update is considered safe if it does not result in any new code operating on an old state representation, or vice versa.

Type safety is typically checked by showing one of two properties, activeness safety or cons-freeness safety. A program is considered activeness-safe if no updated function exists on the call stack at update time. This proves safety because control can never return to old code that would access new representations of data.

Cons-Freeness is another way to prove type safety, where a section of code is considered safe if it does not access state of a given type in a way that requires knowledge of the type representation. This code can be said to not access the state concretely, while it may access the state abstractly. It is possible to prove or disprove cons-freeness for all types in any section of code, and the DSU system Ginseng uses this to prove type safety.[6][7] If a function is proven cons-free, it can be updated even if it is live on the stack, since it will not cause a type error by accessing state using the old representation.

Empirical analysis of cons-freeness and activeness safety by Hayden et all show that both techniques permit most correct updates and deny most erroneous updates. However, manually selecting update points results in zero update errors, and still allows frequent update availability.[3]

Existing DSU systems

DYMOS

DYMOS is notable in that it was the earliest proposed DSU system. DYMOS consists of a fully integrated environment for programs written in a derivative of Modula, giving the system access to a command interpreter, source code, compiler, and runtime environment, similar to a REPL. In DYMOS, updates are initiated by a user executing a command in the interactive environment. This command includes directives specifying when an update can occur, called when-conditions. The information available to DYMOS enables it to enforce type-safety of updates with respect to the running target program.[2]

Ksplice

Ksplice is a specialized DSU system that targets only the kernel Linux. It uses a diff to determine changes between current and updated versions of Linux, and then uses binary rewriting to insert the changes into the running kernel. Ksplice is unique among DSU systems in that it supports a single target program, and that target program is an operating system kernel.[8]

Ksplice was maintained by a commercial venture founded by its original authors, Ksplice Inc.. Ksplice Inc. was acquired by Oracle in July 2011.[9]

Ginseng

Ginseng is a general-purpose DSU system. It is the only DSU system to use the cons-freeness safety technique, allowing it to update functions that are live on the stack as long as they do not make concrete accesses to updated types.

Ginseng is implemented as a source-to-source compiler written using the C Intermediate Language framework in OCaml. This compiler inserts indirection to all function calls and type accesses, enabling Ginseng to lazily transform state at the cost of imposing a constant-time overhead for the entirety of the program execution.[7] Ginseng's compiler proves the cons-freeness properties of the entire initial program and of dynamic patches.

Later versions of Ginseng also support a notion of transactional safety. This allows developers to annotate a sequence of function calls as a logical unit, preventing updates from violating program semantics in ways that are not detectable by either activeness safety or cons-freeness safety. For example, in two versions of OpenSSH examined by Ginseng's authors, important user verification code was moved between two functions called in sequence. If the first version of the first function executed, an update occurred, and the new version of the second function was executed, then the verification would never be performed. Marking this section as a transaction ensures that an update will not prevent the verification from occurring.[10]

UpStare

UpStare is a DSU system that uses a unique updating mechanism, stack reconstruction. To update a program with UpStare, a developer specifies a mapping between any possible stack frames. UpStare is able to use this mapping to immediately update the program at any point, with any number of threads, and with any functions live on the stack.[11]

PoLUS

PoLUS is a binary-rewriting DSU system for C. It is able to update unmodified programs at any point in their execution. To update functions, it rewrites the prelude to a target function to redirect to a new function, chaining these redirections over multiple versions. This avoids steady-state overhead in functions that have not been updated.[12]

Kitsune and Ekiden

Ekiden and Kitsune are two variants of a single DSU system that implements the state-transfer style of DSU for programs written in C. Rather than updating functions within a single program, Ekiden and Kitsune perform updates over whole programs, transferring necessary state between the two executions. While Ekiden accomplishes this by starting a new program using the UNIX idiom of fork-exec, serializing the target program's state, and transferring it, Kitsune uses dynamic linking to perform "in-place" state transfer. Kitsune is derived from Ekiden's codebase, and can be considered a later version of Ekiden.

Ekiden and Kitsune are also notable in that they are implemented primarily as application-level libraries, rather than specialized runtimes or compilers. As such, to use Ekiden or Kitsune, an application developer must manually mark state that is to be transferred, and manually select points in the program where an update can occur. To ease this process, Kitsune includes a specialized compiler that implements a domain-specific language for writing state transformers.[4][5]

Erlang

Erlang supports Dynamic Software Updating, though this is commonly referred to as "hot code loading". Erlang requires no safety guarantees on updates, but Erlang culture suggests that developers write in a defensive style that will gracefully handle type errors generated by updating.

See also

External links

References

43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.

  1. Cite error: Invalid <ref> tag; no text was provided for refs named gupta
  2. 2.0 2.1 Cite error: Invalid <ref> tag; no text was provided for refs named dymos
  3. 3.0 3.1 Cite error: Invalid <ref> tag; no text was provided for refs named testing
  4. 4.0 4.1 4.2 Cite error: Invalid <ref> tag; no text was provided for refs named ekiden
  5. 5.0 5.1 5.2 Cite error: Invalid <ref> tag; no text was provided for refs named kitsune
  6. Cite error: Invalid <ref> tag; no text was provided for refs named cons-freeness
  7. 7.0 7.1 Cite error: Invalid <ref> tag; no text was provided for refs named ginseng
  8. Cite error: Invalid <ref> tag; no text was provided for refs named ksplice
  9. Template:Cite news
  10. Cite error: Invalid <ref> tag; no text was provided for refs named vc
  11. Cite error: Invalid <ref> tag; no text was provided for refs named upstare
  12. Cite error: Invalid <ref> tag; no text was provided for refs named polus