There are several technologies that enable upgrade of software binaries by only sending the differences between a current software version and an updated software version. The difference in a new version of a particular piece of software is typically about 1-10% of the source binaries. The procedure of using a difference file, generally denoted delta file, is especially advantageous when updates are sent over low bandwidth bearers like GPRS (General Packet Radio Service). This technology is called Firmware Upgrade Over the Air, and is currently standardized within OMA. One example of how this type of upgrade works can be outlined as follows:
A mobile phone, which is the microprocessor-controlled device to upgrade, currently has software V1. The goal is to update the software to the latest release version V2. The following procedure is performed to update the software in the mobile phone:                1. Compile and link target software, V2;        2. Compute the difference D12 of the binaries from V1 to V2. D12 contains all information needed to create V2 from V1;        3. Transport D12 to target, e.g. over GPRS;        4. Let target device re-flash, i.e. upgrade, itself by using the current binary V1 and D12 to create V2 on target.The target device has now been updated to V2 by only sending a small update package D12 to the device.        
A critical step in the update process above is target upgrade. Due to the fact that the target software, e.g. RTOS (Real Time Operating System) and applications, is being re-flashed a power loss could be fatal for the device. The update process must be 100% fault recovery safe, meaning that the update process must be able to continue after an unexpected power failure. A state of the art method used to implement fail safe capability is called 2 phase commit, which is already used in a number of applications like databases. The idea is to keep a copy of the old information during the update. Not until the update is complete the old information is removed. In this manner it is always possible to go back to the last state if the update would fall during the update.
For devices using NOR flash the memory is divided in equally sized blocks of typically 64 kB. There are special constrains when writing a NOR device. Only whole blocks can be erased at once, at which all bits in the block are set to 1. Write can be performed on byte level but it is only possible to change bit state from 1 to 0. Upgrade on a NOR device is performed block by block. To enable fail recovery each block is first copied to a specific backup block before updated block is written to the original block. This state of the art procedure is now described with reference to FIG. 1.
A particular device software consists of four software blocks 1-4, stored in four memory blocks 101-104. Memory blocks 101-104 are defined in a memory space 111 in a physical memory of the device. Memory blocks 101-104 are depicted vertically as represented in a particular state 106-110 during an update process. Each column represents a new state in the update process, running from left to right as indicated by the arrows in the drawing. The process is also associated with a delta package, state information and the update application, but these are not illustrated here for the sake of clarifying the overall process as such. During an update process two software blocks 1 and 2 have already been updated, which is the state depicted in column 106. Block 3 shall be updated next. To be able to recover from a potential power loss, information need to be stored persistently. State information is used to keep track of which block is being processed, and in which state of the update you currently are. In addition, the old block must be kept until the new block is generated. The process of updating block 3 is achieved by first erasing backup block 105, which is also defined in memory space 111, in the step to state 107. The data of block 3 is then copied from block 103 to backup block 105 in the step to state 108. Block 103 is subsequently erased in the step to state 109, leaving an empty block 103. Finally, the Write process is performed in the step to state 110 on block 103, upgrading the data therein to new block 3. Alternatively, the new block 3 is created in backup block 105, instead of copying the old block 3 to backup block 105.
Had the backup block 105 not been used, a power loss after block erase and before the new block is completely written would be unrecoverable, since neither the source block nor the destination block would be available. By using the procedure above it is always possible to take up the update where it exited by rewriting the last block and continue with the update.
A problem with this state of the art procedure is that the write time during flash update is doubled because each block has to be written twice for each block to support power loss recovery. For NOR flashes the typical write speed is about 200 kB/s. The time for writing blocks in a 16 MB image update is then roughly 16 MB*2/0.2=160 seconds, if all blocks need to be updated. During update the device is completely unusable so it is important to keep this time as low as possible. Depending on the size of the update and how code changes are distributed in the new binary image the number of blocks that have to be updated can be different. Experience reveals that the most updates need to update the majority of all available blocks. There are methods to decrease the number of blocks that need to be updated by structuring the binary image in such a way that updates are concentrated to smaller parts of the image. However, these techniques are quite complex.