EVOSS, a model-driven approach that manages the upgrade of Free and Open Source Software (FOSS) systems, is presented. The approach simulates upgrades so that failures can be predicted before they affect the operating system. Both fine-grained static aspects (eg, configuration incoherencies) and dynamic aspects (eg, the execution of configuration scripts) are taken into account, improving over the state of the art of upgrade planners. Effectiveness is validated by instantiations with widely-used FOSS distributions.
FOSS distributions are composed of thousands of components (software packages) evolving rapidly and independently. A FOSS distribution is a consistent and functional collection of software packages comprising a complete operating system. The management of the evolution of FOSS distributions is very challenging due to the community-centric nature and the frequent release of components.
Distributions typically have automated mechanisms, called meta-installers, to manage their components and system evolution. Current meta-installers can successfully manage only a very limited set of upgrades. More precisely, current upgrade management tools (eg, the package managers in Linux distributions) are only aware of certain static dependencies that can influence upgrades. The most important information concerns the specification of inter-package relationships such as dependencies (ie, what a package needs in order to be correctly installed and function correctly), and conflicts (ie, what should not be present on the system in order to avoid malfunctioning). These tools completely ignore relevant dynamic aspects, such as potential faults of configuration scripts executed during upgrade deployment. It is not surprising that an apparently innocuous package upgrade can lead to a broken system state.
EVOSS (EVolution of free and Open Source Software), proposed within the context of the EC 7th framework project Mancoosi, is a model-based approach to support the upgrade of FOSS systems (see Figure 1).
Figure 1: Overview of the EVOSS approach working in a real system
In order to make upgrade prediction more accurate, EVOSS considers both static and dynamic aspects of upgrades. The main dynamic aspects considered are those related to the behaviour of package configuration scripts (maintainer scripts) which are executed during upgrade deployment.
Maintainer scripts are executed during upgrades and they are fully-fledged programs usually written in POSIX shell language. Moreover, they are run with system administrator rights and may perform arbitrary changes to the whole system. EVOSS defines a domain-specific language (DSL) to specify script behaviour: this is a way to limit the expressive power of the language used in maintainer scripts, without reducing the functionality of the scripts themselves. The DSL includes a set of high level clauses with a well-defined transformational semantics expressed in terms of system state modifications: each system state is given as a model and script behaviour is represented by corresponding model transformations.
The idea of EVOSS is to simulate system upgrades through its upgrade simulator component (see Figure 1), which allows system users to identify upgrade failures before performing the upgrade on the real system. The simulator takes into account both fine-grained static aspects (eg configuration incoherencies) and dynamic aspects (eg the execution of maintainer scripts). The simulator is based on model-driven techniques and makes use of a model-based description of the system to be upgraded. In order to build the system’s configuration and package models, EVOSS makes use of model injectors that extract models from existing artifacts. The outcome of system injection is a model that represents, in a homogeneous form, different aspects of a running system, such as installed packages, users and groups, mime type handlers, alternatives, implicit dependencies, etc. The outcome of package injection contains modelling elements encoding both the package and its scripts (as DSL statements).
The fault detector is then used to check system configurations for incoherencies. The coherence of a configuration model is evaluated by means of queries which are embodied in the fault detector. Obviously it is not possible to define once-and-for-all a complete catalogue of faults because they are based on experience and acquired know-how. The fault detector has thus been designed to be open and extensible so that new queries can be added whenever new classes of faults are identified.
In summary, EVOSS represents an advancement, with respect to the state of the art of package managers, in the following aspects: (i) it provides a homogeneous representation of the whole system’s configuration in terms of models, including relevant system elements that are currently not explicitly represented, (ii) it supports the upgrade simulation with the aim of discovering failures before they can affect the real system, (iii) it proposes a fault detector module able to discover problems on the configuration reached by the simulation.
Davide Di Ruscio, Patrizio Pelliccione or Alfonso Pierantonio
University of Aquila, Italy