Multi-Version eXecution (MVX) allows to run multiple versions of the same program (variants) at the same time. MVX has direct applications in the broad areas of reliability (many variants can tolerate one variant crashing), security (a vulnerability exploited on one variant can be detected by the other variants), and availability (one can perform a software update on one variant while other variants keep executing). Unfortunately, current MVX cannot be applied to programs written in managed languages, which make up the vast majority of the programs used today. This project expands the applicability of MVX to managed languages, thus making MVX applicable to the majority of programs used nowadays. The project?s novelties are: (i) tools and techniques to apply MVX to popular managed languages and programs written in them, such as Java, Javascript, and Python; (ii) a direct application to apply MVX inside state-of-the-art commercial internet browsers via the Javascript code that animates and defines web pages; and (iii) tools and techniques to retrofit existing programs with MVX support with minimal developer support. The project’s impacts are: to use MVX to improve the overall reliability, security, and availability of software written in managed languages, which includes critical infrastructure and modern internet browsers that millions of users in the US use every day.
Current MVX techniques capture the interaction of a program with the underlying Operating System. Such approaches fail for managed languages, as managed languages have a rich runtime system with a non-deterministic behavior not directly related with the program being executed (e.g., when to perform Garbage Collection, when to perform Just-In-Time compilation, and what code to compile/optimize). In this project, the research team captures the interaction between the program and the language runtime, which effectively lifts the level of abstraction of MVX and enables novel solutions for well known limitations of MVX (e.g., multi-threading support, divergence handling). The presented approach relies on semantics-preserving automatic program transformations to enable MVX, and this project is divided in three thrusts. This project focuses on JavaScript as executed inside commercial internet browsers; Java and similar languages (e.g., C#, Python), by identifying language-level abstractions to capture via bytecode instrumentation and developing novel techniques to support MVX for multi-threaded programs; and on automatic techniques that allow to execute divergent variants (e.g., two versions of the same program).
[ECOOP_23] Sinatra: Stateful Instantaneous Updates for Commercial Browsers through Multi-Version eXecution. Ugnius Rumsevicius and Siddhanth Venkateshwaran and Ellen Kidane and Luís Pina. In Proceedings of the Schloss Dagstuhl – Leibniz-Zentrum für Informatik 37th European Conference on Object-Oriented Programming (ECOOP), July, 2023.