TY - GEN
T1 - Retcon
T2 - 23rd ACM/IEEE International Conference on Information Processing in Sensor Networks, IPSN 2024
AU - Watson, Jean Luc
AU - Agrawal, Saharsh
AU - Tsang, Ryan
AU - Luo, Sherry
AU - Popa, Raluca Ada
AU - Dutta, Prabal
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Embedded systems are deeply integrated into critical applications but, despite their importance, lack an effective means to apply over-the-air software patches without significant downtime. Standard mechanisms for firmware updates require device reboots that wipe important in-memory state. Prior efforts have proposed "live"updates to address this problem, applying patches to an embedded application without a reset, but they tackle a limited set of applications or propose a clean-slate design. In this paper, we present Retcon, a live update toolchain for embedded systems that supports a familiar event-driven programming model and does not require application code changes. Retcon leverages static analysis at compile time to determine when it will be safe to update a device. To find safe update points in the presence of complex asynchronous behavior, we define a novel system state, asynchronous quiescence, in which an update can be applied. We evaluate Retcon on a set of embedded event-driven applications - a dual-chamber pacemaker model, a programmable logic controller runtime, an artificial pancreas system, and a sensing node - and demonstrate Retcon's ability to make low-overhead updates in less than one millisecond.
AB - Embedded systems are deeply integrated into critical applications but, despite their importance, lack an effective means to apply over-the-air software patches without significant downtime. Standard mechanisms for firmware updates require device reboots that wipe important in-memory state. Prior efforts have proposed "live"updates to address this problem, applying patches to an embedded application without a reset, but they tackle a limited set of applications or propose a clean-slate design. In this paper, we present Retcon, a live update toolchain for embedded systems that supports a familiar event-driven programming model and does not require application code changes. Retcon leverages static analysis at compile time to determine when it will be safe to update a device. To find safe update points in the presence of complex asynchronous behavior, we define a novel system state, asynchronous quiescence, in which an update can be applied. We evaluate Retcon on a set of embedded event-driven applications - a dual-chamber pacemaker model, a programmable logic controller runtime, an artificial pancreas system, and a sensing node - and demonstrate Retcon's ability to make low-overhead updates in less than one millisecond.
KW - Embedded OS
KW - Embedded systems
KW - Firmware update
KW - Live updates
KW - Static analysis
UR - https://www.scopus.com/pages/publications/85198563342
UR - https://www.scopus.com/pages/publications/85198563342#tab=citedBy
U2 - 10.1109/IPSN61024.2024.00015
DO - 10.1109/IPSN61024.2024.00015
M3 - Conference contribution
AN - SCOPUS:85198563342
T3 - Proceedings - 23rd ACM/IEEE International Conference on Information Processing in Sensor Networks, IPSN 2024
SP - 126
EP - 137
BT - Proceedings - 23rd ACM/IEEE International Conference on Information Processing in Sensor Networks, IPSN 2024
Y2 - 13 May 2024 through 16 May 2024
ER -