When a modification is applied to a statically linked single executable program file such as the monolithic kernel used in Linux, conventionally, the modified objects (hereinafter, referred to as modification objects) and all the other necessary objects are re-linked by a linker and one large executable file is thereby re-generated.
Here, “static link” refers to the inclusion of the necessary library to a program when an application program is linked. In particular, it refers to the creation of a binary file in an executable format by linking an object file to the general-purpose library when the process of linking is performed.
One of the advantages of the static link is that there are no failures due to the compatibility of the necessary API (Application Program Interface) or the version number of the library.
A static link is contrasted with a dynamic link in which the library is linked when a program is executed.
FIG. 1 illustrates an example of the conventional configuration principle of the case in which a part of the statically linked executable program is modified. In FIG. 1, the case is illustrated in which a modification is applied only to an object B. As in the above-described procedure, the modified object B (new) and all the other necessary objects A, C, and D are relocated and re-linked by a linker 100 and an executable file (new) is thereby re-generated. In this case, even for a local and small modification such as a security modification, the entirety of the file generated in the above-described procedure needs to be replaced.
Moreover, when the process of re-linking is performed by the linker, as a result of the object relocation, the information of the location to which the object is relocated (symbol information) is newly generated. Generally, the new symbol information obtained from the relocation and re-linking is different from the symbol information of the original executable file. Accordingly, even if a local modification is performed, the entirety of the executable file is changed from the original file.
FIG. 2 illustrates the case in which the process of re-linking is performed in order to modify only the object B for a kernel file (old). An object B (new) is replaced with an object B (old), and thereby the positional information (address) of objects C, D, and E is changed from addr-c0, addr-d0, and addr-e0 to addr-c1, addr-d1, and addr-e1, respectively. Hence, it is apparent that the data is re-written even for the other objects A, C, D, and E which would otherwise not require any modification (for example, when the object C is referred to from addr-ax of the object A, it was addr-co in the kernel file (old), but it is rewritten to addr-c1 in the kernel file (new)).
As described above, when a portion of the statically linked executable program is modified, even for a small and local modification, it was necessary to replace the entirety of the file. Moreover, the objects are relocated and thereby the symbol information of the relocated position or the like is newly generated, and thus the data needed to be re-written even for the other objects which would otherwise not require any modification. Furthermore, as a device driver provided as a kernel module depends on the symbol information, it was necessary to prepare a compatible module in accordance with the applied modification, and the device driver needed to be reinstalled.
On the other hand, for the mission critical systems which have been increasingly used in recent years, the period of time during which the system can be stopped is more restricted compared with the conventional systems. Accordingly, there are increasing demands for shortening the period of time during which the system is stopped due to the operation of applying the program modification, or for minimizing the effect to the system due to the application of modification.
For this purpose, when a part of the statically linked executable program as above is modified and applied, it is desired that the process of replacing the entirety of the file or rewriting the file of the symbol information or the like be minimized, and that the period of time during which the program modification is applied to the system be shortened as much as possible. Moreover, for cases in which a failure occurs to the new program after a modification is applied, it is desired that the original old program be restored to provide a more stable system.
Various technologies have been proposed in order to solve these problems.
First, in modules (=executable programs) and a plurality of programs (=objects) that constitute these modules, the technology of replacing the modification program such that the effect on the non-modified programs will be minimized is known. This technology is realized by providing a management function for managing the elements of the modules or programs. However, the position at which the modification object is replaced is not described, and thus it is not possible to restore the older version when the modification is inappropriate.
Moreover, the linker technology, characterized by performing the replacement and insertion of an object module (=object) in a load module (=executable program file), is known. In detail, this technology is realized by arranging the object module in the free area of the load module (in particular, at the position of the original object module). However, in this technology, the configuration is such that the processes of linking is performed as in the conventional art when there is no free area. Accordingly, the advantageous effects of the partial linkage may not be obtained. In addition, it is not possible to restore the older version when the modification is inappropriate.
The conventional method for applying a modification to a statically linked executable program has been described above, and the problems thereof are summarized as follows.                1) Because the size of an executable file is large, its distribution and acquisition is difficult, and the modification application period becomes longer. In particular, when a modification is applied to hundreds or thousands of executable files, the effect on the modification application period becomes significant.        2) When the restoration (roll back) is performed after a modification is applied, it is necessary to bring back to the system the entirety of the executable file which was backed up in advance. When a modification is applied to a large number of executable files, the effect on the period of time for the restoration becomes significant.        3) As a device driver or the like provided as a kernel module depends on the symbol information, it is necessary to prepare a compatible module in accordance with the applied modification, and the device driver or the like needs to be reinstalled.        4) When a modification is applied, changes are made, e.g., the symbol information is rewritten, even for the objects which do not involve any modification. Accordingly, in mission critical systems which require a high reliability, the entirety of the program needs to be re-examined.            [Patent Document 1] Japanese Laid-open Patent Publication No. 1-129326    [Patent Document 2] Japanese Laid-open Patent Publication No. 1-205332