safe software updates via multi version execution
play

SAFE SOFTWARE UPDATES VIA MULTI-VERSION EXECUTION PETR HOSEK - PowerPoint PPT Presentation

Feb 17, 2023 •301 likes •923 views

SAFE SOFTWARE UPDATES VIA MULTI-VERSION EXECUTION PETR HOSEK CRISTIAN CADAR Petr Hosek is a recipient of the Google European Fellowship in Software Engineering and this research is supported in part by this Google Fellowship 2009 2010 10 11

  1. SAFE SOFTWARE UPDATES VIA MULTI-VERSION EXECUTION PETR HOSEK CRISTIAN CADAR Petr Hosek is a recipient of the Google European Fellowship in Software Engineering and this research is supported in part by this Google Fellowship

  2. 2009 2010 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 2

  3. 2009 2010 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 for (h = 0, i = 0; i < etag->used; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); HTTP ETag hash value computation in etag_mutate 2

  4. 2009 2010 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); HTTP ETag hash value computation in etag_mutate 2

  5. 2009 2010 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 Bug diagnosed in issue tracker for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); HTTP ETag hash value computation in etag_mutate 2

  6. etag_mutate(con->physical.etag, srv->tmp_buf); File (re)compression in mod_compress_physical 2009 2010 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 Bug diagnosed in issue tracker for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); HTTP ETag hash value computation in etag_mutate 2

  7. if (use_etag) { etag_mutate(con->physical.etag, srv->tmp_buf); } File (re)compression in mod_compress_physical 2009 2010 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 Bug diagnosed in issue tracker for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); HTTP ETag hash value computation in etag_mutate 2

  8. if (use_etag) { etag_mutate(con->physical.etag, srv->tmp_buf); } File (re)compression in mod_compress_physical 2009 2010 10 11 12 01 02 03 04 04 05 05 06 06 07 07 08 08 09 09 10 10 11 11 12 12 01 01 02 02 03 03 04 04 05 06 07 08 09 10 11 12 01 02 03 Bug diagnosed in issue tracker for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); HTTP ETag hash value computation in etag_mutate 2

  9. A year ago in a city far far away... Introducing novel approach for improving software updates: Multi-version execution based approach Relying on abundance of resources to improve reliability Run the new version in parallel with the existing one Synchronise the execution of the versions Use output of correctly executing version 3

  10. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 Synchronisation and fail-recovery mechanism 4

  11. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 Synchronisation Compare individual system calls and their arguments Synchronisation and fail-recovery mechanism 4

  12. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual system calls and their arguments Synchronisation and fail-recovery mechanism 4

  13. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Checkpointing Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual Use clone to take a system calls and snapshot of a process their arguments Synchronisation and fail-recovery mechanism 4

  14. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Checkpointing Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual Use clone to take a system calls and snapshot of a process their arguments for (h = 0, i = 0; i < etag->used; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Synchronisation and fail-recovery mechanism 4

  15. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Checkpointing Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual Use clone to take a system calls and snapshot of a process their arguments for (h = 0, i = 0; i < etag->used; ++i) for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Crash Segmentation fault Synchronisation and fail-recovery mechanism 4

  16. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Checkpointing Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual Use clone to take a system calls and snapshot of a process their arguments for (h = 0, i = 0; i < etag->used; ++i) for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Crash Segmentation fault Failure recovery Restart the snapshot and replace the code with the code of the new version Synchronisation and fail-recovery mechanism 4

  17. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Checkpointing Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual Use clone to take a system calls and snapshot of a process their arguments for (h = 0, i = 0; i < etag->used; ++i) for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Crash Segmentation fault Failure recovery for (h = 0, i = 0; i < etag->used; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Restart the snapshot and replace the code Reconvergence with the code of the Return to the new version original code and continue execution Synchronisation and fail-recovery mechanism 4

  18. LIGHTTPD 1.4.23 LIGHTTPD 1.4.22 GET /index.html HTTP/1.1 Checkpointing Synchronisation Host: srg.doc.ic.ac.uk Accept-Encoding: gzip Compare individual Use clone to take a system calls and snapshot of a process their arguments for (h = 0, i = 0; i < etag->used; ++i) for (h = 0, i = 0; i < etag->used - 1; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Crash Segmentation fault Failure recovery for (h = 0, i = 0; i < etag->used; ++i) h = (h << 5) ^ (h >> 27) ^ (etag->ptr[i]); Restart the snapshot and replace the code Reconvergence with the code of the Return to the new version original code and continue execution Synchronisation and fail-recovery mechanism 4

  19. Assumptions Recovery considered successful if versions exhibit the same externally observable behaviour after recovery: Assumes small bug propagation distance Crashes are the only type of observable divergences The non-crashing version used as an oracle If unrecoverable, continue with the non-crashing version 5

  20. Uncoordinated Execution Total Synchronisation Synchronisation possible at multiple levels of abstraction 6

  21. Uncoordinated Execution Total Synchronisation System Calls Synchronisation possible at multiple levels of abstraction 6

  22. Uncoordinated Execution Function Calls Total Synchronisation System Calls Synchronisation possible at multiple levels of abstraction 6

  23. Uncoordinated Execution Function Calls Total Synchronisation System Calls Inputs/Outputs Synchronisation possible at multiple levels of abstraction 6

  24. System calls define external behaviour VERSION 1 VERSION 2 void fib( int n) void fib( int n) { { int f[n+1]; int a = 1, b = 1; f[1] = f[2] = 1; for ( int i = 3; i <= n; ++i) { for ( int i = 3; i <= n; ++i) int c = a + b; f[i] = f[i-1] + f[i-2]; a = b, b = c; } printf(“%d\n”, f[n]); printf(“%d\n”, b); } } int main( int argc, char **argv) { fib(5); fib(6); } Example testing code Tested with both implementations 7

  25. System calls define external behaviour VERSION 1 VERSION 1 VERSION 2 VERSION 2 void fib( int n) void fib( int n) { { int f[n+1]; int a = 1, b = 1; f[1] = f[2] = 1; for ( int i = 3; i <= n; ++i) { write(1, “5\n”, 2) = 2 write(1, “5\n”, 2) = 2 for ( int i = 3; i <= n; ++i) int c = a + b; write(1, “8\n”, 2) = 2 write(1, “8\n”, 2) = 2 f[i] = f[i-1] + f[i-2]; a = b, b = c; } printf(“%d\n”, f[n]); printf(“%d\n”, b); } } Snippet of system call trace Snippet of system call trace Obtained using the strace tool Obtained using the strace tool int main( int argc, char **argv) { fib(5); fib(6); } Example testing code Tested with both implementations 7

  26. External behaviour evolves sporadically 95% of revisions introduce no change 1 Traces Source code 0.75 difference (normalised) 0.5 0.25 0 2379 2393 2411 2432 2473 2494 2517 2546 2578 2599 2621 2635 lighttpd Subversion revision Measured using lighttpd regression suite on 164 revisions Taken on Linux kernel 2.6.40 and glibc 2.14 using strace tool and custom post-processing (details in the paper) 8

  27. Mx architecture RUNTIME MANIPULATION STATIC ANALYSIS MULTI-VERSION APPLICATION CONVENTIONAL APPLICATION SYSTEM CALL INTERPOSITION Mx Execution Environment OPERATING SYSTEM LINUX KERNEL 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris Rida A. Bazzi {makristis,bazzi}@asu.edu 1 Motivation Software update problem: replace old version with new version Traditional

584 views • 42 slides
Deploying Dynamic Analyses and Preventing Compiler Backdoors with Multi-Version Execution Lus

Deploying Dynamic Analyses and Preventing Compiler Backdoors with Multi-Version Execution Lus

Deploying Dynamic Analyses and Preventing Compiler Backdoors with Multi-Version Execution Lus Pina l.pina@imperial.ac.uk Joint work with Cristian Cadar , Anastasios Andronidis , and John Regehr Imperial College London, UK University of

945 views • 72 slides
Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all instructions take the same amount of time for execution Idea: Have multiple different functional units that take different number of cycles

749 views • 39 slides
Rethinking Serializable Multi-version Concurrency Control Jose Faleiro and Daniel Abadi Yale

Rethinking Serializable Multi-version Concurrency Control Jose Faleiro and Daniel Abadi Yale

Rethinking Serializable Multi-version Concurrency Control Jose Faleiro and Daniel Abadi Yale University Theory: Single- vs Multi-version Systems Single-version T w Write X T r Read X system X 0 Multi-version T r Read X T w

570 views • 42 slides
Rough times? TUF shines A Framework for Secure Software Updates Trishank Karthik Kuppusamy,

Rough times? TUF shines A Framework for Secure Software Updates Trishank Karthik Kuppusamy,

Rough times? TUF shines A Framework for Secure Software Updates Trishank Karthik Kuppusamy, Vladimir Diaz, Sebastien Awwad Lukas Phringer , Justin Cappos Software updates Experts agree that software updates are the most important thing

613 views • 27 slides
Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany Dr. Stefan Voget Agenda SAFE Motivation makes Functional safety safe SAFE in SAFE and the project standardization landscape 2 SAFE

569 views • 20 slides
1 Baselines Version control Baseline: A specification or a product, which is Procedures

1 Baselines Version control Baseline: A specification or a product, which is Procedures

CONFIGURATION MANAGEMENT WHY CM? Today we talk about Software Configuration Multiple people are working on changing software Management (SCM for short): More than one version of the software needs to be - What? supported: - Why?

392 views • 3 slides
What is this talk about? What is this talk about? Deriving tight and safe task execution time

What is this talk about? What is this talk about? Deriving tight and safe task execution time

What is this talk about? What is this talk about? Deriving tight and safe task execution time bounds in a flexible and easy way independently of the system complexity... What is this talk about? Deriving tight and safe task execution time

551 views • 34 slides
Execution Architecture Sofware Architecture VO (706.706) Roman Kern Version 2.1.3 Institute for

Execution Architecture Sofware Architecture VO (706.706) Roman Kern Version 2.1.3 Institute for

Execution Architecture Sofware Architecture VO (706.706) Roman Kern Version 2.1.3 Institute for Interactive Systems and Data Science, Graz University of Technology 1 Outline Definition Initial Design Stereotypes Detailed Design Behaviour

525 views • 13 slides
and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM

and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM

ISCA20 Section 5B Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM MORRISON*, CHRISTOPHER W. FLETCHER UNIVERSITY OF ILLINOIS AT

833 views • 57 slides
QBE Query-By-Example provides a visual interface for queries and updates a version

QBE Query-By-Example provides a visual interface for queries and updates a version

QBE Query-By-Example provides a visual interface for queries and updates a version supported by Microsoft Access (Graphical QBE) Examples: movie database queries Find the titles of currently playing movies schedule

664 views • 7 slides
NC MULTI - SLIDES PROGRAMMABLE CMP 250 NOVELTY Pressmac recently has developed a new version of

NC MULTI - SLIDES PROGRAMMABLE CMP 250 NOVELTY Pressmac recently has developed a new version of

NC - multi - slides - programmable - CMP250.pdf 05/2014 NC MULTI - SLIDES PROGRAMMABLE CMP 250 NOVELTY Pressmac recently has developed a new version of his multi - slide NC, the CMP 250. This new multi - slide is more compact with bending force of

250 views • 3 slides
NC MULTI - SLIDES PROGRAMMABLE CMP 250 NOVELTY Pressmac Recently developed a new version of his

NC MULTI - SLIDES PROGRAMMABLE CMP 250 NOVELTY Pressmac Recently developed a new version of his

NC - multi - slides - programmable - CMP250.pdf 05/2014 NC MULTI - SLIDES PROGRAMMABLE CMP 250 NOVELTY Pressmac Recently developed a new version of his multi - slide NC, the CMP 250. This new multi - slide is smaller et more compact. Some Waiting

136 views • 3 slides
Multi-Solver Support in Symbolic Execution Hristina Palikareva, Cristian Cadar SMT Workshop 2014,

Multi-Solver Support in Symbolic Execution Hristina Palikareva, Cristian Cadar SMT Workshop 2014,

Multi-Solver Support in Symbolic Execution Hristina Palikareva, Cristian Cadar SMT Workshop 2014, Vienna, 17 July 2014 Dynamic Symbolic Execution Automated program analysis technique that employs an SMT solver to systematically explore paths

503 views • 39 slides
Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique

Secure Multi-Execution Dominique Devriese Frank Piessens K.U.Leuven May 14, 2010 Dominique Devriese, Frank Piessens (K.U.Leuven) Secure Multi-Execution May 14, 2010 1 / 24 Secure Multi-Execution Outline Secure Multi-Execution

622 views • 29 slides
Efficient Symbolic Execution for Software Testing Johannes Kinder Royal Holloway, University of

Efficient Symbolic Execution for Software Testing Johannes Kinder Royal Holloway, University of

Efficient Symbolic Execution for Software Testing Johannes Kinder Royal Holloway, University of London Joint work with: Stefan Bucur, George Candea, Volodymyr Kuznetsov @ EPFL Symbolic Execution Automatically explore program paths

2.34k views • 200 slides
Paxos Made Simple Lamport Thomas Marshall Motivation We need a way to maintain consistency

Paxos Made Simple Lamport Thomas Marshall Motivation We need a way to maintain consistency

Paxos Made Simple Lamport Thomas Marshall Motivation We need a way to maintain consistency in a distributed system in the presence of failures. 2PC works, but can get stuck, so a consensus algorithm is better. Background Jim

393 views • 26 slides
Program Webinar Award Program Updates and Information for Applicants June 27, 2017

Program Webinar Award Program Updates and Information for Applicants June 27, 2017

Eugene Washington PCORI Engagement Award Program Webinar Award Program Updates and Information for Applicants June 27, 2017 12:00pm-1:00pm EDT Agenda Welcome and Staff Introductions About PCORI and Engagement Eugene Washington

370 views • 36 slides
Automatic Generation of Assembly Instruction Images Bill Alford &lt;balford@atlantisdiy.com&gt;

Automatic Generation of Assembly Instruction Images Bill Alford &lt;balford@atlantisdiy.com&gt;

Automatic Generation of Assembly Instruction Images Bill Alford &lt;balford@atlantisdiy.com&gt; http:/ /inventhub.org/ Problem: Assembly Instructions can be Hard to Follow CNC (computer numerical controlled) laser cutters, routers, and 3D

53 views • 4 slides
Child Protection in Crisis Uganda: March 2012 Learning Retreat Social Welfare Systems

Child Protection in Crisis Uganda: March 2012 Learning Retreat Social Welfare Systems

Child Protection in Crisis Uganda: March 2012 Learning Retreat Social Welfare Systems Strengthening within the Local Government Experiences from SUNRISE OVC Project Grace Mayanja, Chief of Party International HIV/AIDS Alliance Critical

1.12k views • 12 slides
1. Keys to solving problems recursively (1) Whats the most simple case (e.g., smallest n, or

1. Keys to solving problems recursively (1) Whats the most simple case (e.g., smallest n, or

CISC 2200 Recursion Practice Problems Fall 2019 1. Keys to solving problems recursively (1) Whats the most simple case (e.g., smallest n, or smallest array, or shortest linked list, ) for which a solution is trivially found? (2) How can

388 views • 4 slides
Breakout Session Social Emotional Learning: Tension and Complement to Blended and Personalized

Breakout Session Social Emotional Learning: Tension and Complement to Blended and Personalized

Breakout Session Social Emotional Learning: Tension and Complement to Blended and Personalized Learning Dr. Heather Greenhalgh-Spencer, Texas Tech University Dr. Jeasik Cho, Texas Tech University Claudia Meza, Spring Branch Independent School

696 views • 40 slides
Basics of Model-Based Learning Michael Gutmann Probabilistic Modelling and Reasoning (INFR11134)

Basics of Model-Based Learning Michael Gutmann Probabilistic Modelling and Reasoning (INFR11134)

Basics of Model-Based Learning Michael Gutmann Probabilistic Modelling and Reasoning (INFR11134) School of Informatics, University of Edinburgh Spring semester 2018 Recap z p ( x , y o , z ) p ( x | y o ) = x , z p ( x , y o , z )

1.01k views • 66 slides
Enhancing Memory and Attention Through the Science of Learning Karla A. Lassonde Ph.D. 41 st

Enhancing Memory and Attention Through the Science of Learning Karla A. Lassonde Ph.D. 41 st

Enhancing Memory and Attention Through the Science of Learning Karla A. Lassonde Ph.D. 41 st Annual Frontier Forum College of Social &amp; Behavioral Sciences Curious Learner: What does learning look like? Curiosity in learning Attention

770 views • 64 slides

More recommend