TY - JOUR T1 - Evaluating Dynamic Software Update Safety Using Systematic Testing JF - IEEE Transactions on Software Engineering Y1 - 2011 A1 - Hayden,C. A1 - Smith,E. A1 - Hardisty,E. A1 - Hicks, Michael W. A1 - Foster, Jeffrey S. KW - and serviceability KW - Availability KW - Computer Systems Organization KW - Delay KW - Manuals KW - Performance of Systems KW - reliability KW - Safety KW - servers KW - software KW - software engineering KW - Test execution KW - Testing and Debugging AB - Dynamic software updating (DSU) systems patch programs on the fly without incurring downtime. To avoid failures due to the updating process itself, many DSU systems employ timing restrictions. However, timing restrictions are theoretically imperfect, and their practical effectiveness is an open question. This paper presents the first significant empirical evaluation of three popular timing restrictions: activeness safety (AS), which prevents updates to active functions; con-freeness safety (CFS), which only allows modifications to active functions when doing so is provably type-safe; and manual identification of the event-handling loops during which an update may occur. We evaluated these timing restrictions using a series of DSU patches to three programs: OpenSSH, vsftpd, and ngIRCd. We systematically applied updates at each distinct update point reached during execution of a suite of system tests for these programs to determine which updates pass and which fail. We found that all three timing restrictions prevented most failures, but only manual identification allowed none. Further, although CFS and AS allowed many more update points, manual identification still supported updates with minimal delay. Finally, we found that manual identification required the least developer effort. Overall, we conclude that manual identification is most effective. VL - PP SN - 0098-5589 CP - 99 M3 - 10.1109/TSE.2011.101 ER -