This invention relates to a method of generating and applying patches to a computer program code concurrently with its execution on a computer system, a computer system for executing the method and a computer program product containing code to execute the method.
Computer users have long had a need for continuous non-disrupted operation. Therefore methods have been developed to modify and update computer programs concurrently with their execution with new code (a patch) that is loaded into the computer.
Typically, a computer program consists of different sections such as executable machine code, static data variables, and temporary data. The executable code can be comprised of various procedures, which are called via their address in memory. A static data variable is kept valid in the same memory address during the entire execution of the program. In contrast, a temporary data variable (and its location in memory) is only valid during certain periods of the program execution, e.g. while a specific procedure executes.
A patch to a computer program code replaces either parts of or the complete computer program code. Methods that replace only parts of a computer program code are described in the U.S. Pat. No. 5,321,844, the European patent 0,492,251 B1, and the European patent application 0,757,314 A1.
The main processor firmware in existing IBM® eServer® zSeries® systems can be patched concurrently such that the complete computer program code is replaced. The method used there assumes that it is possible to replace the currently running code with new code at a time where the temporary data are irrelevant for the program execution. Especially, the method allows preserving the static variables and their content.
The concurrent patch operation is executed by a concurrent loader process which runs as a background task. The concurrent loader loads new computer program code (so called code load) into the computer system memory and prepares this code for execution. Once the loading and preparation is completed, the concurrent loader brings the computer program to be patched into a state where temporary data can be ignored during the concurrent patch operation. Finally, it switches from the old code to the new code in an atomic operation. This entire procedure is called the application of a concurrent patch.
The preparation of the new program code for its execution consists in resolving and adapting all address references in the code load to the addresses of the memory section into which the code is loaded. This step performed by the concurrent loader is also known as relocation. Therefore a standard linker program can be used for the generation of the program code that does not need special knowledge about the concurrent patch procedure. This makes the concurrent patch application transparent to the programmer: There is no need to know how it works when implementing the program. In fact, there is no difference for a code load that can be used for a concurrent patch application to one which can be loaded by a loader that is not a concurrent loader.
The format of the computer program code and the format of the code load used for the concurrent patch is the standard ELF (Executable and Linking Format) format and any linker program that supports the ELF format can be used. A code load in the ELF format can be used for a concurrent patch and it could be loaded by any zSeries-compliant loader that supports the ELF format, which is not necessarily a concurrent loader.
But the main processor firmware in existing IBM eServer zSeries products does not fully support the use of function pointers. A function pointer is an element of many high-level programming languages (e.g. C and C++), which can be used instead of a procedure name literal string in order to refer to a specific procedure. Function pointers allow algorithms using procedures as manipulation objects.
Usually, function pointers are translated into the address of the referenced procedure by the programming language compiler. Especially, the content of a data variable can be a function pointer. Since static data variables are preserved during the concurrent patch application, static data variables containing the address of a procedure are preserved as well. However, there is no guarantee that the address of the referenced procedure is still the same after the concurrent patch application. Between the assignment of an address of a procedure to a function pointer and the actual usage of the function pointer one or more concurrent patch operations could have changed the address of the procedure. The content of the function pointer does not necessarily point to the correct address of the procedure after the application of a concurrent patch.
An address does not provide more information other than pointing to a memory location, and the content stored in this memory location cannot be identified to be a procedure, a data variable, a pure number, or even an instruction of the processor. A procedure is translated in a sequence of processor instructions by the compiler. A given sequence of processor instructions cannot be related to a procedure later on.
The U.S. Pat. Nos. 5,481,713 and 5,938,766 disclose non-concurrent patch methods replacing parts of a computer program code only. These methods support function pointers. The function pointers are kept in a special memory area called vector table. The vector table is maintained by a loader program that is responsible for the patch application.
The support for the vector table is added to a code load transparently for the programmer in a special code load creation step called vectorisation. The vectorisation manipulates the object files that are produced by a compiler or assembler. The manipulated object files are then processed by a linker program as usual in order to generate a code load that can be applied as a patch by the loader.
However, this approach does not disclose means to support function pointers as the content of variables, especially not of static variables that are preserved during a concurrent patch application. Another disadvantage is that it requires significant modifications to the loader program, which is a critical component since a failure in the loader program can make the entire computer system unusable.