A method of safety analysis for runtime code update

Authors:
Masatomo Hashimoto
Affiliations:
National Institute of Advanced Industrial Science and Technology, Tokyo, Japan
Venue:
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Year:
2006

Citing 10
Cited 0

Simple fast algorithms for the editing distance between trees and related problems

SIAM Journal on Computing
On dynamically updating a computer program: from concept to prototype

Journal of Systems and Software - Special issue on software maintenance
Control-flow analysis of higher-order languages of taming lambda

Control-flow analysis of higher-order languages of taming lambda
A unified treatment of flow analysis in higher-order languages

POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Formal Framework for On-line Software Version Change

IEEE Transactions on Software Engineering
The Tree-to-Tree Correction Problem

Journal of the ACM (JACM)
Type-based hot swapping of running modules (extended abstract)

Proceedings of the sixth ACM SIGPLAN international conference on Functional programming
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
How to design a system in which modules can be changed on the fly

ICSE '76 Proceedings of the 2nd international conference on Software engineering
Mutatis mutandis: safe and predictable dynamic software updating

Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a novel method of safety analysis for runtime code update, i.e., updating a program at runtime without terminating its execution. Runtime code update is an emerging technique especially for increasing availability of the servers which should always be in service and free of any known bugs or security flaws. However, it may cause state inconsistency or unintended behaviors unless it is properly restricted. Although too much restriction enables us to easily ensure safety of updating code at runtime, it prevents us from coping with the realistic updates. To reveal appropriate restriction, we first construct a very precise model of safe runtime code update based on a framework of explicit data/control flow and dependency. Then, a class of analyses which statically estimates the set of safe update points is derived by approximating the model. We restrict only the timing: behaviorally safe runtime code update may occur only at safe update points. Moreover, we can relax the restriction by explicitly specifying non-critical points.