A hot-repair method for the running software with zero suspends

A hot-repair method for the running software with zero suspends

연구 분야: Verification

학회: Cybersecurity

Repairing software defects is crucial to improving the security and robustness of software. Traditional methods repair software defects by using the “stop-repair-restart” approach. Unfortunately, in some scenarios, such as cloud environments, restarting critical software is expensive. Dynamic methods enable the defect repair while the software is running, which can avoid software restart. However, dynamic repair requires capture the safe state of the running software (process). Otherwise, it will cause execution exceptions or even process crashes. To address the complex state issues in multi-threaded environments, existing methods modify the kernel or compiler, or even pre-adding custom code to the target software, which reduces their generality. To solve this problem, we propose a hot repair method HotFix, which can fix the defects without any software suspending. HotFix places probes in the process to receive state signals, which can avoid complex and time-consuming state identification. Then, it selects the safe zone and repairs the defects when the code in the safe zone is called, which can prevent the target process from hanging for a long time. Finally, HotFix completes multi-threaded automated migration online. Experiments and analysis show that HotFix can achieve hot repair in complex environments. We found that the affected function was executed no more than 1,000 times during the fix. Introducing 3us and 11us delays per request respectively when repairing Redis and Mem cached, and the requests influenced are limited.