Run-time Variability with First-class Contexts

Software must be regularly updated to keep up with changing requirements. Unfortunately, to install an update, the system must usually be restarted, which is inconvenient and costly. In this dissertation, we aim at overcoming the need for restart by enabling run-time changes at the programming language level. We argue that the best way to achieve this goal is to improve the support for encapsulation, information hiding and late binding by contextualizing behavior. In our approach, behavioral variations are encapsulated into context objects that alter the behavior of other objects locally. We present three contextual language features that demonstrate our approach. First, we present a feature to evolve software by scoping variations to threads. This way, arbitrary objects can be substituted over time without compromising safety. Second, we present a variant of dynamic proxies that operate by delegation instead of forwarding. The proxies can be used as building blocks to implement contextualization mechanisms from within the language. Third, we contextualize the behavior of objects to intercept exchanges of references between objects. This approach scales information hiding from objects to aggregates. The three language features are supported by formalizations and case studies, showing their soundness and practicality. With these three complementary language features, developers can easily design applications that can accommodate run-time changes

Challenges in Validating FLOSS Conguration

Part 3: Licensing, Strategies, and PracticesInternational audienceDevelopers invest much effort into validating configuration during startup of free/libre and open source software (FLOSS) applications. Nevertheless, hardly any tools exist to validate configuration files to detect misconfigurations earlier. This paper aims at understanding the challenges to provide better tools for configuration validation. We use mixed methodology: (1) We analyzed 2,683 run-time configuration accesses in the source-code of 16 applications comprising 50 million lines of code. (2) We conducted a questionnaire survey with 162 FLOSS contributors completing the survey. We report our experiences about building up a FLOSS community that tackles the issues by unifying configuration validation with an external configuration access specification. We discovered that information necessary for validation is often missing in the applications and FLOSS developers dislike dependencies on external packages for such validations

TOWARDS CHANGE VALIDATION IN DYNAMIC SYSTEM UPDATING FRAMEWORKS

Dynamic Software Updating (DSU) provides mechanisms to update a program without stopping its execution. An indiscriminate update that does not consider the current state of the computation, potentially undermines the stability of the running application. Determining automatically a safe moment, the time that the updating process could be started, is still an open crux that usually neglected from the existing DSU systems. The program developer is the best one who knows the program semantics and the logical relations between two successive versions as well as the constraints which should be respected in order to proceed with the update. Therefore, a set of meta-data has been introduced that could be exploited to explain the constraints of the update. These constraints should be considered at the dynamic update time. Thus, a runtime validator has been designed and implemented to verify these constraints before starting the update process. The validator is independent of existing DSU systems and can be plugged into DSUs as a pre-update component. An architecture for validation has been proposed that includes the DSU, the running program, the validator, and their communications. Along with the ability to describe the restrictions by using meta-data, a method has been presented to extract some constraints automatically. The gradual transition from the old version to the new version requires that the running application frequently switches between executing old and new code for a transient period. Although this swinging execution phenomenon is inevitable, its beginning can be selected. Considering this issue, an automatic method has been proposed to determine which part of the code is unsafe to participate in the swinging execution. The method has been implemented as a static analyzer which can annotate the unsafe part of the code as constraints. This approach is demonstrated in the evolution of the various versions of three different long-running software systems and compared to other approaches. Although the approach has been evaluated by evolving various programs, the impact of different changes in the dynamic update is not entirely clear. In addition, the study of the effect of these changes can identify code smells on the program, regarding the dynamic update issue. For the first time, the code smells have been introduced that may cause a run-time or syntax error on the dynamic update process. A set of candidate error-prone patterns has been developed based on programming language features and possible changes for each item. This set of 75 patterns is inspected by three distinct DSUs to identify problematic cases as code smells. Additionally, error- prone patterns set can be exploited as a reference set by other DSUs to measure own flexibility

Plates-formes et mises à jour dynamiques configurables

Dynamic software updating allows applications to be modified without interrupting the services it provides. Because today's systems rely heavily on software and its availability, such a possibility is an important issue. Many mechanisms with diverse needs and properties enable dynamic updates. They are used by platforms targeting specific types of applications and/or updates. While the specialization of these platforms make the development of dynamic updates easier, it can cause the platform to be ill suited in the case of unforeseen updates. A solution is to select and combine best-suited mechanisms for each update in order to guarantee a best compatibility of platforms with the different kinds of applications and updates. The three contributions detailed in this thesis follow this objective: - Studying platforms and identify generic models for platforms and updates - Studying the needs and properties of mechanisms as well as their capacity to be combined - Develop configurable platforms allowing the selection of best-suited mechanisms for each update. Theses contributions open leads towards a new generation of platforms and towards new uses of dynamic updates. The third contribution lead to the development of Pymoult, a configurable platform for Python programs. Pymoult provides several mechanisms through a high-level API suited to the conception of dynamic updates.La mise à jour dynamique des logiciels permet de modifier ces derniers sans interrompre les services qu'ils fournissent. C'est un enjeu important à une époque où les logiciels sont omniprésents et où leur indisponibilité peut être coûteuse (service commercial) ou même dangereuse (système de sécurité). De nombreux mécanismes aux propriétés et besoins variés permettent d'atteindre cet objectif. Ces mécanismes sont employés par des plates-formes dédiées à des types de logiciel et/ou de mises à jour spécifiques. En se spécialisant, ces plates-formes facilitent l'écriture de mises à jour dynamiques mais peuvent être mal adaptées à l'application de certaines modifications imprévues. Il convient alors de sélectionner et combiner les mécanismes les mieux adaptés à chaque mise à jour afin d'assurer une meilleure compatibilité des plates-formes avec les différents logiciels et mises à jour. C'est autour de cet objectif que s'organisent les contributions de ce manuscrit: - Étudier les plates-formes et identifier des modèles génériques de plate-forme et de mise à jour - Étudier les besoins et les propriétés des mécanismes de mise à jour ainsi que leurs capacités à être combinés. - Développer des plates-formes configurables permettant de sélectionner les mécanismes les mieux adaptés pour chaque mise à jour. Les résultats obtenus ouvrent des pistes vers une nouvelle génération de plates-formes ainsi que vers de nouvelles utilisations de la mise à jour dynamique. Le troisième axe a mené au développement de Pymoult, plate-forme configurable pour programmes Python. Cette plate-forme fournit de nombreux mécanismes au travers d'une API de haut niveau adaptée à la conception de mises à jour dynamiques

Safe and automatic live update

Tanenbaum, A.S. [Promotor

Quarantine-mode based live patching for zero downtime safety-critical systems

150 p.En esta tesis se presenta una arquitectura y diseño de software, llamado Cetratus, que permite las actualizaciones en caliente en sistemas críticos, donde se efectúan actualizaciones dinámicas de los componentes de la aplicación. La característica principal es la ejecución y monitorización en modo cuarentena, donde la nueva versión del software es ejecutada y monitorizada hasta que se compruebe la confiabilidad de esta nueva versión. Esta característica también ofrece protección contra posibles fallos de software y actualización, así como la propagación de esos fallos a través del sistema. Para este propósito, se emplean técnicas de particionamiento. Aunque la actualización del software es iniciada por el usuario Updater, se necesita la ratificación del auditor para poder proceder y realizar la actualización dinámica. Estos usuarios son autenticados y registrados antes de continuar con la actualización. También se verifica la autenticidad e integridad del parche dinámico. Cetratus está alineado con las normativas de seguridad funcional y de ciber-seguridad industriales respecto a las actualizaciones de software.Se proporcionan dos casos de estudio. Por una parte, en el caso de uso de energía inteligente, se analiza una aplicación de gestión de energía eléctrica, compuesta por un sistema de gestión de energía (BEMS por sus siglas en ingles) y un servicio de optimización de energía en la nube (BEOS por sus siglas en ingles). El BEMS monitoriza y controla las instalaciones de energía eléctrica en un edificio residencial. Toda la información relacionada con la generación, consumo y ahorro es enviada al BEOS, que estima y optimiza el consumo general del edificio para reducir los costes y aumentar la eficiencia energética. En este caso de estudio se incorpora una nueva capa de ciberseguridad para aumentar la ciber-seguridad y privacidad de los datos de los clientes. Específicamente, se utiliza la criptografía homomorfica. Después de la actualización, todos los datos son enviados encriptados al BEOS.Por otro lado, se presenta un caso de estudio ferroviario. En este ejemplo se actualiza el componente Euroradio, que es la que habilita las comunicaciones entre el tren y el equipamiento instalado en las vías en el sistema de gestión de tráfico ferroviario en Europa (ERTMS por sus siglas en ingles). En el ejemplo se actualiza el algoritmo utilizado para el código de autenticación del mensaje (MAC por sus siglas en inglés) basado en el algoritmo de encriptación AES, debido a los fallos de seguridad del algoritmo actual