Not Applicable
All of the material in this patent document is subject to copyright protection under the copyright laws of the United States and of other countries. The owner of the copyright and maskwork rights has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the United States Patent and Trademark Office file or records, but otherwise reserves all copyright rights whatsoever.
1. Field of the Invention
This invention pertains generally to computer systems that must operate continuously, and more particularly to a process for upgrading the software of a computer system while it continues to provide service.
2. Description of the Background Art
Many computer systems must operate continuously, twenty-four hours per day, 365 days per year, without interruption of service. Examples of such computer systems include air traffic control, telephone exchange, hospital intensive care and electric power distribution computer systems. Even brief interruptions of service of such computer systems could be catastrophic. Such computer systems typically consist of multiple computers where, if one computer becomes faulty, another computer can continue to provide service while the faulty computer is repaired.
All computer systems require periodic upgrading to replace obsolete hardware and software with new and improved hardware and software. The software may also need to be upgraded to correct defects that have been discovered in it. Upgrades to the hardware can be handled by the well-understood methods for handling faults in the hardware and repair of the hardware, such as those described by D. P. Sieworek and R. S. Swarz, Reliable Computer Systems: Design and Evaluation, 2nd edition, Burlington, Mass.: Digital Press, 1992.
On the other hand, upgrades to the software are more difficult. Two methods are used in the current practice. In the first method, all of the computers in the computer system are stopped for several minutes or hours, a computer program in all of the computers is replaced, and the computer system is then restarted. This method is unacceptable for many applications because the operation of the program is disrupted.
In the second method, one or more computers of the computer system are stopped for several minutes or hours and their copies of the computer program are upgraded, while the other computers continue to provide service. The computers, whose copies of the program have been upgraded, are then restarted and are directed to take over operation. The computers, whose copies of the program have not yet been upgraded, are then stopped and their copies of the program are upgraded. The disadvantage of this approach is that, when the computers take over operation, the information available to them may be obsolete, because the program continued to operate on the other computers. If the computers use obsolete information, they may produce incorrect results.
There are a number of known methods for upgrading critical computer systems. For example, U.S. Pat. No. 5,708,809 addresses upgrades to reflect changes in the hardware configuration. In that method, while the upgrade is invisible to the user, the upgrade is performed while the program is not actually executing. U.S. Pat. Nos. 5,752,042 and 5,764,992 address upgrading a computer program because a newer version of the program has become available. Here again, while the upgrade is invisible to the user, the upgrade is performed while the program is not actually executing. U.S. Pat. No. 5,781,776 addresses upgrading computer programs while they are executing. That patent describes making a modification to a computer program by placing a revised section of the program elsewhere in the memory of the computer and by modifying the current version of the program by inserting into the program a branch instruction that branches to the revised section of the program. That method, however, is very difficult and requires great skill to perform correctly. Furthermore, while minor modifications to a computer program are possible with that technique, substantial modifications are usually not feasible. In U.S. Pat. No. 5,555,418, an upgrade method is described in which a second copy of the computer program is introduced into the memory of the computer and mechanisms are provided to copy the data of the old program into the new program and also to divert arriving transactions from the old program to the new program. It is possible in that method to operate the old program and the new program concurrently, but they must use different sets of data and there must be no interaction between the two versions of the program.
As can be seen, therefore, there are many inadequacies associated with conventional methods for upgrading computer hardware and software in critical systems. In particular, there is a need for the upgrade mechanisms to be object-oriented rather than program-oriented, so that it is possible to replace just the few objects that have been modified instead of replacing the entire program. It is also desirable that the upgrade mechanism be able to achieve upgrades where the object or program interfaces have been modified, where the signatures of the methods (routines, procedures) have been modified, where the attributes (data) of the objects have been modified, or where it is necessary to interleave operations of the old and the new versions of the program while they operate on the same data. The present invention satisfies those needs, as well as others, and overcomes the deficiencies found in prior art upgrade methods.
The present invention generally pertains to a process that assists a computer programmer to perform an upgrade to a computer program while that program continues to operate and provide service. By way of example, and not of limitation, an upgrade process according to the present invention is implemented in three phases: (1) the preparation by a computer programmer of a new computer program Pxe2x80x3 that is to replace an existing computer program P, (2) an offline preparation of the upgrade from P to Pxe2x80x3 with the assistance of the computer programmer, and (3) an online, fully automatic, live upgrade from P to Pxe2x80x3.
The present invention provides no specific assistance during phase (1), which involves the preparation of the new computer program.
During phase (2), however, which is the offline preparation phase, a mechanism of the invention prepares an intermediate program Pxe2x80x2 that contains an intermediate version of each of the program modules to be upgraded. The intermediate version of a program module contains both the old version used in P and the new version used in Pxe2x80x3. The intermediate version of the program module is used to ensure that the program can continue to operate without disruption of service while it is being upgraded. The mechanism inserts program code into the intermediate version that allows the module to switch from the old version to the new version, converting the state of the old version into the state of the new version as it does so.
During phase (3), which is the online live upgrade phase, a mechanism of the invention performs the upgrade from P to Pxe2x80x3, fully automatically without disrupting the operation of the program. First, the mechanism performs the upgrade from P to Pxe2x80x2. This upgrade is invisible and causes no disturbance to normal operation of the program. Next, the mechanism instructs the modules of Pxe2x80x2 to switch from their old versions to their new versions. Finally, the mechanism performs an invisible upgrade from Pxe2x80x2 to Pxe2x80x3 again with no disturbance to normal operation of the program.
It is an object of the present invention to provide a mechanism that can upgrade a computer program without requiring that the normal operation of the computer program be suspended and without risking disruption during the upgrade.
It is another object of the present invention to provide a highly automated mechanism that can upgrade the computer program quickly to minimize the disturbance to the operation of the computer program.
It is a further object of the present invention to provide a mechanism that can upgrade the computer program without placing special constraints on the design, structure, interfaces, implementation or extent of modification of the upgraded program.
It is also an object of the present invention that, while the invention requires a computer programmer to participate in the preparation of the upgrade, such assistance should require only conventional programming skills and should require no special skill to perform the upgrade.
Further objects and advantages of the invention will be brought out in the following portions of the specification, wherein the detailed description is for the purpose of fully disclosing preferred embodiments of the invention without placing limitations thereon.