Genrih, a runtime state analysis system for deciding the applicability of dynamic software updates

Abstract

Dynamic Software updating (DSU) systems enable applications to be upgraded without service interruption. However, the implications of changed program assumptions may result in unwanted runtime phenomena after the dynamic update if the momentary state of the application does not satisfy those changed assumptions. Hence, in order to enable dynamic updates in a safe manner, the updating mechanism needs to reason about the runtime state at update time. We present a runtime state analysis system, Genrih, that enhances an existing dynamic update system with the ability to take automated informed decisions concerning the safety of a particular program update. Genrih will determine if the automated default state transformations of the underlying DSU system are sufficient for the given update. In Genrih the atomic changes that constitute the update patch are analyzed in combination with the present runtime state of the application. Based on that analysis Genrih determines whether updating the system will lead to observable unwanted runtime phenomena. While Genrih is powerful enough to block updates until the runtime state satisfies the update to allow for a safe update, for practical purposes it observes the runtime state and produces notifications for enhanced analysis and crash management. The practical evaluation shows that the designed system imposes acceptable overhead and can help educate developers about runtime phenomena.