Dynamic software updating (DSU) systems allow running programs to be patched on-the-fly to add features or fix bugs. While dynamic updates can be tricky to write, techniques for establishing their correctness have received little attention. In this paper, we present the first methodology for automatically verifying the correctness of dynamic updates. Programmers express the desired properties of an updated execution using client-oriented specifications (CO-specs), which can describe a wide range of client-visible behaviors. We verify CO-specs automatically by using off-the-shelf tools to analyze a merged program, which is a combination of the old and new versions of a program, along with the CO-spec. We formalize the merging transformation and prove it correct. We also implemented a C program merger, and applied it to updates for the Redis key-value server and to updates for several synthetic programs. Using the Thor verification tool we could verify many of the synthetic programs, while Otter, a symbolic executor, could analyze every program, often in less than a minute. Both tools were able to detect faulty patches and incurred only a factor-of-four slowdown, on average, compared with analyzing individual versions.
[ .pdf ]
@inproceedings{hayden12dsucorrect, title = {Specifying and Verifying the Correctness of Dynamic Software Updates}, author = {Christopher M. Hayden and Stephen Magill and Michael Hicks and Nate Foster and Jeffrey S. Foster}, booktitle = {Proceedings of the International Conference on Verified Software: Theories, Tools, and Experiments ({VSTTE})}, year = 2012, month = jan, pages = {278--293} }
This file was generated by bibtex2html 1.99.