Predicting Problems Caused by Component Upgrades
This report presents a new, automatic technique to assess whether replacing a component of a softwaresystem by a purportedly compatible component may change the behavior of the system. The techniqueoperates before integrating the new component into the system or running system tests, permitting quickerand cheaper identification of problems. It takes into account the systemÂ s use of the component, becausea particular component upgrade may be desirable in one context but undesirable in another. No formalspecifications are required, permitting detection of problems due either to errors in the component or toerrors in the system. Both external and internal behaviors can be compared, enabling detection of problemsthat are not immediately reflected in the output.The technique generates an operational abstraction for the old component in the context of the system,and one for the new component in the context of its test suite. An operational abstraction is a set of programproperties that generalizes over observed run-time behavior. Modeling a system as divided into modules,and taking into account the control and data flow between the modules, we formulate a logical conditionto guarantee that the systemÂ s behavior is preserved across a component replacement. If automated logicalcomparison indicates that the new component does not make all the guarantees that the old one did, thenthe upgrade may affect system behavior and should not be performed without further scrutiny.We describe a practical implementation of the technique, incorporating enhancements to handle nonlocalstate, non-determinism, and missing test suites, and to distinguish old from new incompatibilities. Weevaluate the implementation in case studies using real-world systems, including the Linux C library and 48Unix programs. Our implementation identified real incompatibilities among versions of the C library thataffected some of the programs, and it approved the upgrades for other programs that were unaffected by thechanges.This report is a revision of the first authorÂ s MasterÂ s thesis, submitted January 2004.