[ Index ] [ Individual Project ] [ Placement Presentation ] [ Timetable ]

Highly Reliable Upgrading of Components

Last Updated: 17th November 2001

The paper discuses a framework Hercules that aims to make the software upgrading process more reliable by keeping multiple versions of a component running until it is determined that the newest version doesn't break anything.

This approach is related to several areas of on-going research:

Distributed Configurable Systems
Self-Checking Systems
Multi-Version Programming
Redundant/Replicated Systems
Configuration Management

Each version of a component is considered to solve a domain of inputs. These domains are defined by Domain Constraints, which are used to define correct behaviour. Illegal Domain Constraints can also be defined when you want to state that a previous version should not attempt to solve things a new version does (i.e. new functionality).

When a new component is introduced it runs in parallel with the old one. The main system talks via an arbiter, which in turn talks to each component and determine which one is behaving correct by talking to a constraint evaluator. The arbiter will also collect statistics on the output of the various versions to help analysis later. Eventually you will want to remove a version, there are three different possibilities:

Remove version as faulty - i.e. the version broke too many things that worked in the old version.
Remove version as obsolete - i.e. the version behaves like the old one, except it corrects bugs, or introduces new functionality.
Modify domain constraints of a version - i.e. the new version actually does more than stated so you want to add more constraints, or it breaks things and you want to add illegal constraints.

Quotes

A new version offers specific fixes for known, encountered problems in the old version. The old version offers proven, reliable behavior outside of those known errors.

My Thoughts

The ideas presented in this paper would prove useful in a real world environment since testing for binary compatibility alone probably isn't enough. It aims to provide a more automated, safe, solution than checking CHANGELOGS alone. The main problems with this solution are that it currently only exists in Tcl (need to check this since the paper mentions further work into CORBA and Java Beans), and it requires changes in the way library programmers would work. This is a reasonable request if the system can be made so end-user programmers are not required to change their style of programming. This could be accomplished through a well designed arbiter.

Integrating this type of functionality into my project would likely to appear in an extension since the main aim of the program is to develop an automated technique of upgrading binary compatible libraries.

Miles Barr <miles@milesbarr.com>