Affiliation:
1. University of Illinois at Urbana-Champaign, Urbana-Champaign, IL, USA
Abstract
Software systems are constantly changing. Patches to fix bugs and patches to add features are all too common. Every change risks breaking a previously working system. Hence administrators loathe change, and are willing to delay even critical security patches until after fully validating their correctness. Compared to off-line validation, on-line validation has clear advantages since it tests against real life workloads. Yet unfortunately it imposes restrictive overheads as it requires running the old and new versions side-by-side. Moreover, due to spurious differences (e.g. event timing, random number generation, and thread interleavings), it is difficult to compare the two for validation.
To allow more effective on-line patch validation, we propose a new mechanism, called delta execution, that is based on the observation that most patches are small. Delta execution merges the two side-by-side executions for most of the time and splits only when necessary, such as when they access different data or execute different code. This allows us to perform on-line validation not only with lower overhead but also with greatly reduced spurious differences, allowing us to effectively validate changes.
We first validate the feasibility of our idea by studying the characteristics of 240 patches from 4 server programs; our examination shows that 77% of the changes should not be expected to cause large changes and are thereby feasible for Delta execution. We then implemented Delta execution using dynamic instrumentation. Using real world patches from 7 server applications and 3 other programs, we compared our implementation of Delta execution against a traditional side-by-side on-line validation. Delta execution outperformed traditional validation by up to 128%; further, for 3 of the changes, spurious differences caused the traditional validation to fail completely while Delta execution succeeded. This demonstrates that Delta execution can allow administrators to use on-line validation to confidently ensure the correctness of the changes they apply.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference25 articles.
1. CERT. Cert statistics. http://www.cert.org/ stats/ cert stats.html. CERT. Cert statistics. http://www.cert.org/ stats/ cert stats.html.
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Update with care: Testing candidate bug fixes and integrating selective updates through binary rewriting;Journal of Systems and Software;2022-09
2. DiffStream: differential output testing for stream processing programs;Proceedings of the ACM on Programming Languages;2020-11-13
3. Ad hoc Test Generation Through Binary Rewriting;2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM);2020-09
4. ShortCut;Proceedings of the 27th ACM Symposium on Operating Systems Principles;2019-10-27
5. Faster variational execution with transparent bytecode transformation;Proceedings of the ACM on Programming Languages;2018-10-24