WO2015117434A1 - Procédé et dispositif de création de correctif, procédé et dispositif pour activer un correctif - Google Patents

Procédé et dispositif de création de correctif, procédé et dispositif pour activer un correctif Download PDF

Info

Publication number
WO2015117434A1
WO2015117434A1 PCT/CN2014/090497 CN2014090497W WO2015117434A1 WO 2015117434 A1 WO2015117434 A1 WO 2015117434A1 CN 2014090497 W CN2014090497 W CN 2014090497W WO 2015117434 A1 WO2015117434 A1 WO 2015117434A1
Authority
WO
WIPO (PCT)
Prior art keywords
patch
code
module
instruction
replaced
Prior art date
Application number
PCT/CN2014/090497
Other languages
English (en)
Chinese (zh)
Inventor
蒋勇
隆春
王亮
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015117434A1 publication Critical patent/WO2015117434A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates

Definitions

  • the invention relates to the technical field of making and activating a patch, in particular to a method and a device for manufacturing a patch, a method and a device for activating a patch.
  • Program online upgrade refers to the method of replacing the running code segment of the program without restarting the program during the running process, and is widely used in various high-reliability server operating systems.
  • the current program online upgrade patch is basically based on functions, you can fix the application by fixing the function that has a vulnerability or need to be updated.
  • the related technology adopts a function-level program repair method.
  • the working principle is to replace the command of the patched function with the first instruction of the patched function to jump to the instruction in the replacement function, so that the program jumps to the position where the new function is located, when the replacement function is executed. After the execution is completed, jump back to the code that calls the old function, thus completing the entire calling process.
  • This function replacement has the following drawbacks:
  • the main technical problem to be solved by the embodiments of the present invention is to provide a method and a device for manufacturing a patch, a method and a device for activating the patch, and to solve the problem of patching existing in the program upgrade of the related art.
  • the repair granularity is relatively thick and can not solve the problem of multiple referenced functions being mutually referenced.
  • a method for manufacturing a patch includes the following steps:
  • a patch script corresponding to at least one line of the replaced code in the source code of the patched function, where the patch script includes a patch code corresponding to the replacement code and a position of the replaced code in the source code;
  • the step of generating a patch module that replaces the replaced code according to the patch script includes:
  • the kernel module is compiled into a patch module in the form of a binary program.
  • the predetermined type of language comprises a C language.
  • a method for activating a patch includes the following steps:
  • the patch module includes a patch code corresponding to at least one line of the replaced code in the source code of the patched function, and a start position and an end position of the instruction corresponding to the replaced code in the binary program;
  • the setting is used to jump to execute the patch code according to the start location.
  • the steps to transfer instructions include:
  • the instruction to the start position is modified to jump to the jump instruction that executes the patch code.
  • the method further includes: installing a detection point and a return point of the patch module, where the detection point is the start position, and the return point is the end position; Associating the patch function to the probe point when the probe point is installed;
  • the step of modifying an instruction to execute the start position to a jump instruction for jumping to execute the patch code includes:
  • the step of modifying the detected instruction of the probe point into a breakpoint instruction for executing the patch code by using a breakpoint exception handling function includes:
  • the probed instruction is backed up, and then the first one or more bytes in the probed instruction are replaced with a breakpoint instruction for executing the patch code by a breakpoint exception handling function.
  • a patch making device includes: a script editing module, a positioning module, and a patch generating module, wherein
  • the script editing module is configured to: write, by using a scripting language, a patch script corresponding to at least one line of the replaced code in the source code of the patched function, where the patch script includes the patch code corresponding to the replaced code and the replaced code is The location in the source code;
  • the patch generation module is configured to: generate a patch module that replaces the replaced code according to the patch script;
  • the positioning module is configured to: locate a start position and an end position of the corresponding instruction in the binary program according to the position of the replaced code in the source code, and place the replaced code in the binary program corresponding to the instruction The start location and the end location are added to the patch module.
  • the patch generation module includes: a script language translator and a patch module compiler, where
  • the scripting language translator is configured to: convert the patch script into code of a predetermined type language and compile into a loadable kernel module;
  • the patch module compiler is configured to: compile the kernel module into a patch module in the form of a binary program.
  • a patch activation device includes an acquisition module, an instruction setting module, and a return setting module, wherein
  • the obtaining module is configured to: acquire a patch module, where the patch module includes a patch code corresponding to at least one row of the replaced code in the source code of the patched function, and a start position and an end of the command corresponding to the replaced code in the binary program. position;
  • the instruction setting module is configured to: set a jump instruction for jumping to execute the patch code according to the start position, so that when the start position is executed, the jump instruction is executed to jump to execution Patch code in the patch module;
  • the returning device module is configured to: return to the patched function to continue running the code after executing the patch code according to the ending location setting.
  • the instruction setting module is configured to set a jump instruction for jumping to execute the patch code according to the start position according to the following manner:
  • the instruction to the start position is modified to jump to the jump instruction that executes the patch code.
  • the apparatus further includes a mounting module, wherein:
  • the installation module is configured to: install a detection point and a return point of the patch module, the detection point is the start position, the return point is the end position, and when the probe point is installed, A patch function is associated with the probe point;
  • the instruction setting module is configured to: modify the detected instruction of the probe point to jump to a breakpoint instruction for executing the patch code by a breakpoint exception handling function, such that when the probe point is executed, The breakpoint instruction is run and jumps to execute the patch code in the patch module by a breakpoint exception handler.
  • the instruction setting module is configured to: back up the detected instruction, and then The first one or more bytes in the probe instruction are replaced with a breakpoint instruction for executing the patch code by the breakpoint exception handling function.
  • a computer program comprising program instructions that, when executed by a computer, cause the computer to perform any of the above-described patching methods.
  • a computer program comprising program instructions that, when executed by a computer, cause the computer to perform any of the patch activation methods described above.
  • the technical solution of the present invention provides a method and a device for manufacturing a patch, a method and a device for activating a patch, which can replace one or more lines of code in a source code of a patched function, thereby implementing an upgrade or repair of the software program;
  • the patching method of the embodiment of the present invention includes: using a scripting language to write a patch script corresponding to at least one row of the replaced code in the source code of the patched function, the patch script including the patch code corresponding to the replacement code and the replaced a location of the code in the source code; generating, according to the patch script, a patch module that replaces the replaced code; and positioning a position of the replaced code in the source code to a start position of a corresponding instruction in the binary program according to the location of the replaced code And ending the location, and adding to the patch module; the method of the embodiment of the present invention may generate a patch for one or more lines of code in the source code, and use the patch to replace one or more lines of code in the
  • the embodiment of the present invention further provides a method for deactivating a patch, which can activate a patch module created by using the foregoing manufacturing method to implement replacement of one or more lines of code in the source code;
  • the method for deactivating a patch of an embodiment includes: acquiring a patch module, where the patch module includes a patch code corresponding to at least one line of the replaced code in the source code of the patched function, and a start of the instruction corresponding to the replaced code in the binary program.
  • FIG. 1 is a schematic flowchart of a method for manufacturing a patch according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic diagram of a specific processing procedure of a patch script according to Embodiment 1 of the present invention.
  • FIG. 3 is a schematic flowchart of a method for activating a patch according to Embodiment 2 of the present invention.
  • FIG. 4 is a schematic flowchart of a program upgrade according to an activation method of the embodiment provided by Embodiment 2 of the present invention.
  • FIG. 5 is a schematic structural diagram of an online software upgrade method according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic structural diagram of a device for fabricating a patch according to Embodiment 4 of the present invention.
  • FIG. 7 is a schematic structural diagram of another apparatus for fabricating a patch according to Embodiment 4 of the present invention.
  • FIG. 8 is a schematic structural diagram of a patch activation apparatus according to Embodiment 5 of the present invention.
  • FIG. 9 is a schematic structural diagram of another apparatus for activating a patch according to Embodiment 5 of the present invention.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the embodiment of the present invention proposes to upgrade one or more lines of code in the software.
  • the code line level replacement mode is upgraded.
  • the embodiment provides a method for manufacturing a patch, as shown in FIG. 1 , including the following steps:
  • Step 101 Write, by using a scripting language, a patch script corresponding to at least one line of the replaced code line in the source code of the patched function, where the patch script includes the patch code corresponding to the replacement code and the replaced code in the source code. s position.
  • the method in this embodiment uses a scripting language to write a patch.
  • the prepared patch script there are various data types and control structures.
  • all local variables and global variables that can be accessed in the patched function can be accessed, and the patch is patched. All structures that are accessible in the function.
  • the script can access all the global functions and static functions in the original program.
  • the patch scripting language uses a scripting language similar to the interpretation, which uses three data types—integers, strings, and associative arrays—that have complete control structures, including code blocks, conditions, loops, and functions. . Variables do not need to declare a type and can be automatically guessed and checked against the context.
  • the patch script consists of a probe and a patch code and a probe that need to be executed when the probe is triggered; and the probe specifies the range of the code segment to be replaced, that is, the start position of the replacement code in the source code and End position.
  • the probe specifies the range of code segments to be replaced, from page 3 of the page_alloc.c file to the code of 3341;
  • Kernel.statement ("*@mm/page_alloc.c:3336").end("*@mm/page_alloc.c:3341")
  • the scripting language also provides all the necessary operators similar to those commonly used in the C language, and the usage is the same, with arithmetic operators, binary operators, assignment operators, and pointer obsolescence, including string concatenation, associative array elements, and merges. Operator.
  • Step 102 Generate a patch module that replaces the replaced code according to the patch script.
  • Step 103 Position a position of the replaced code in the source code to a start position and an end position of a corresponding instruction in the binary program, and add a start position and an end position of the corresponding instruction to the patch module.
  • the method of the embodiment can use the position of the replaced code in the source code to locate the start position and the end position of the corresponding instruction of the binary program, and then add the start position and the end position of the corresponding instruction to the patch module.
  • the start position and the end position in this embodiment refer to the start address and the end address of the instruction.
  • the start address and the end address in the source code are specified, and after the patch location module is converted, the start address and the end address specified in the script are converted into a start address and an end address in the binary program, and then saved.
  • the code of the patch module In the code of the patch module.
  • the process of locating the start position and the end position of the instruction includes: parsing the patch script, and then obtaining a start position and an end position of the corresponding instruction in the binary program according to the position of the replaced code line in the patch script, and finally synthesizing to the patch module.
  • the patch module generated by the method of the embodiment includes at least: a position of the replaced code in the source code to locate a start position and an end position of the corresponding instruction in the binary program, and a patch code.
  • the method provided in this embodiment can generate a patch for one or more lines of code in the source code.
  • This patch can be used to replace one or more lines of code in the function source code to implement software upgrade; since the patch is made for the code line, the production process is simple and fast, and the software created by the invention is upgraded. Avoid replacing the entire function for a small problem, reducing the granularity of the repair of the program; in addition, applying the patch made by the method of the present invention can perform online upgrade of multiple functions in the original program, without considering the relationship between multiple functions. Mutual call relationship; compared with related technologies, it can improve the efficiency of software upgrade, reduce the complexity of patch production, and improve the security and reliability of patch upgrade.
  • the foregoing step 102 may include:
  • the kernel module is compiled into a patch module in the form of a binary program.
  • the patch script is translated into the C language code, and then the C language code is compiled and linked to generate a loadable kernel module; finally, the kernel module is compiled into a patch module in the form of a binary program.
  • the patch module thus generated can be upgraded by the kernel.
  • the patch script corresponding to the above page_alloc.c file 3336 line 3341 is taken as an example. After the script is converted into a C language code, the specific contents are as follows:
  • the specific processing procedure of the patch script in the method of this embodiment may include:
  • Step 201 Parse the patch script.
  • the scripting language uses a scripting language similar to awk.
  • the script parsing phase mainly checks whether the input script has syntax errors, such as whether the braces match, whether the variable definition is normal, etc.; also checks the security of the script.
  • Step 202 Expand the function defined in the patch script according to the script library.
  • This stage is mainly to expand the probe points defined in the patch script or the functions used. It is not only necessary to expand the predefined script library, but also to analyze the debugging information of the kernel or kernel module. At this stage, it is necessary to determine the instruction address of the probe point and the return point.
  • Step 203 Translate the expanded script into a C file and compile the C file into a loadable kernel module.
  • the expanded script is converted to a C file.
  • the function call in the script needs to be converted into a function call of the kernel, and the C code is compiled and linked to generate a loadable kernel module.
  • Step 204 Compile the translated C file into an executable binary program.
  • the translated C code can be compiled into an executable binary program through a binary tool chain included in the system; in addition, it is linked with the script library runtime library function during compilation.
  • the binary generated by this step is the patch module.
  • the start and end addresses in the binary that are located on the replacement code can then be added to the patch module.
  • a binary patch module can be created that can be used by all cores for software upgrades.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • this embodiment provides a method for activating a patch, and the patch module generated in the first embodiment is activated to replace the code line in the original patched function.
  • the activation method includes the following steps. :
  • Step 301 Obtain a patch module, where the patch module includes the source code of the patched function. At least one line of the patch code corresponding to the replaced code and the start position and the end position of the corresponding instruction of the replaced code in the binary program.
  • Step 302 Set a jump instruction for jumping to execute the patch code according to the start position, so that when the start position is executed, the jump instruction is executed to jump to execute the patch module. Patch code.
  • Step 303 Return to the patched function to continue running the code after executing the patch code according to the end position setting.
  • the activation method of this embodiment may set a proxy in the kernel to complete the above steps.
  • the working mechanism of the stub proxy is: when the kernel executes to the start address of the replaced code in the binary program, the jump instruction jumps. To the patch code that executes the replaced code; when the kernel executes the patch code, it returns to the original function and continues to run the code according to the end address of the replaced code in the binary program.
  • one or more lines of code in the patched function can be replaced, thereby implementing the program upgrade or repair.
  • the process of jumping to the execution of the jump instruction of the patch code according to the start position in step 303 may include: modifying an instruction executed to the start position to be used to jump to Execute the jump instruction of the patch code.
  • the kernel can be jumped to execute the patch code by modifying the instruction, thereby implementing the program upgrade.
  • the deactivation method of this embodiment may jump to the execution of the patch code to implement replacement of the code line by means of a breakpoint exception.
  • the embodiment may be implemented by: installing a detection point and a return point of the patch module, where the detection point is the start position, and the return point is the end position; Pointing a patch function to the probe point; at this time, the step of modifying the instruction to execute the start position to the jump instruction for executing the patch code as described above includes: The detected instruction of the probe point is modified to jump to a breakpoint instruction executing the patch code by the breakpoint exception handling function, such that when the probe point is executed, the breakpoint instruction is executed and a breakpoint exception is passed The handler jumps to execute the patch code in the patch module.
  • the breakpoint exception handler when the probe point is installed, the breakpoint exception handler is not associated with Probe the point, but associate the patch function to the probe point.
  • the breakpoint exception handler is a public function that finds the patch function in the handler through the probe point location after entering the breakpoint exception handler through the breakpoint instruction.
  • the probe point substantially refers to the start address of the program instruction (the corresponding instruction of the replaced code line in the binary program), and the return point substantially refers to the end address of the program instruction to be replaced.
  • Probe points and return points are determined during the patch module creation process.
  • the work of the above-mentioned pile agent may be to complete the setting of the detection point and the return point.
  • the CPU After the CPU is set to the detection point, the CPU automatically enters the breakpoint exception function, and the patch code is called in the breakpoint exception function.
  • the process of installing the return point includes: saving the return address after the execution of the patch code in the stack of the breakpoint exception, so that when the breakpoint exception is executed, the jump is automatically performed to the return address.
  • the installation of the return point in the method of this embodiment is to correctly fill in the return address after the execution of the patch code in the stack of the breakpoint exception.
  • the detected instruction of the probe point can be modified into a breakpoint instruction, so that the kernel runs a breakpoint instruction when executing to the probe point, thereby triggering the breakpoint exception processing, and jumps to execute the patch code through the breakpoint exception processing.
  • the patch function can be associated with the probe point.
  • the trap operation will be executed by running the breakpoint instruction, which will cause the CPU to save the register and enter the breakpoint exception handler.
  • the point exception handling function searches for the corresponding patch module according to the code segment address of the current CPU, and then calls the patch code in the corresponding patch module.
  • the deactivation setting in this embodiment may trigger the following process: the CPU will execute a breakpoint instruction to trigger a trap exception of the CPU when executing the probe point, and save the context of the current function and the CPU register as a patch module interruption point in the trap exception handling function. Process the entry parameters of the function; finally jump to execute the patch code in the patch module.
  • the first one or more bytes of the detected instruction are replaced with a breakpoint instruction for performing the patch code by using a breakpoint exception processing manner.
  • Step 401 When installing a probe point and a return point, the stub agent first backs up the detected instruction, and then uses the CPU breakpoint instruction (such as i386 and x86_64 int3 instructions) to replace the detected instruction.
  • the first one or a few bytes.
  • Step 402 When the CPU executes the detection point, the breakpoint abnormal operation will be executed due to the running breakpoint instruction, which will result in saving the CPU register and calling the corresponding breakpoint exception handling function.
  • Step 403 In the breakpoint exception processing function, the patch code registered by the probe point is called, and an entry parameter is constructed for the call of the function.
  • Step 404 Perform a patch code for the probe point registration.
  • Step 405 In order to return to the correct return point specified in the patch after the patch code registered at the probe point is processed, it is necessary to recalculate the return address of the breakpoint exception and modify the return address in the exception stack.
  • the return address in the breakpoint exception stack is modified to the return address specified by the patch module, so that after the patch code is executed, it can be returned to the correct position in the patched function to continue running.
  • step 406 since the single-step debugging mode is enabled, an exception of type 1 needs to be triggered after executing the probe point processing function, and returns to the patched function to continue running.
  • the activation method of the embodiment of the present invention can implement the replacement of the instruction in the running program by the breakpoint abnormality of the CPU and the recalculation of the return address after the breakpoint abnormality, and the replaced instruction corresponds to a code of a certain row or several lines in the source code.
  • the embodiment adopts a breakpoint instruction of the CPU when the instruction is replaced, and the instruction is an atomic operation, which can ensure safety and reliability when the program is upgraded online under the condition of multiple CPUs or multiple threads, and does not cause the program running state to be inconsistent. This directive is used extensively in the program debugger.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • this embodiment provides an overall architecture diagram of a software online upgrade method, an ELF binary program file including debugging information, a source code file to be patched, and all required header files, and a script language translator. , ELF format parser, patch module compiler, kernel patch stub agent.
  • the ELF binary program file containing the debugging information may be an image file of the kernel. It can also be a binary program of the kernel module.
  • the binary program can read all the symbol information, relocation information, and code compilation information used by the patch function, and the binary program can locate the instruction start and end addresses corresponding to the code line.
  • the source code file and the header file are used to create a patch script, and the source file and the header file can be used to obtain all the global variables used in the patch, the names of the local variables, and the member variables of the data structure.
  • the scripting language translator is used to translate the patch script into C language code, relocate the variables in the patch referenced in the patch script to an absolute address, and reference the structure member variable in the source code in the patch script. Relocate to absolute address plus member variable offset. At the same time, the scripting language translator adds the necessary locks and security checking code as needed. When the script language translator translates the script into C language, it needs to convert the function call in the script into the kernel function call, and the generated C code compiles the link to generate a loadable kernel module.
  • the ELF format parser is used to help the script language translator to find the symbol address in the positioning binary program and the instruction address in the binary program corresponding to the code line.
  • the patch module compiler refers to a binary program compilation environment included in the system, and is used to compile the patch module into a binary executable program.
  • the kernel patch stub agent is used to complete the management of loading, activating, deactivating, and uninstalling the patch module.
  • the loading of the patch module refers to loading the patch module into the kernel space and allocating corresponding system resources.
  • the activation of the patch module refers to the detection point and return point of the patch module.
  • Probe points and return points are determined during the patch module creation process.
  • the probe point essentially refers to the start address of the program instruction to be replaced, and the return point essentially refers to the end address of the program instruction to be replaced.
  • the start address and end address of the program instruction to be replaced can be calculated by combining the code line position in the source code with the DWARF debug information in the ELF format.
  • the CPU executes the probe point, it will run a breakpoint instruction to trigger the trap exception of the CPU.
  • the context of the current function and the CPU register are used as the entry parameters of the patch module interrupt point processing function.
  • the deactivation of the patch module refers to restoring the original command backed up when the patch is activated to the probe point. Address, so that when the CPU executes to the probe point address, it will not run the breakpoint instruction and enter the breakpoint processing function.
  • the uninstallation of the patch module refers to releasing the system resources requested by the patch module and removing the patch module from the kernel space.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • the embodiment provides a patch making apparatus, including: a script editing module 601, a positioning module 603, and a patch generating module 602;
  • the script editing module 601 is configured to write, by using a scripting language, a patch script corresponding to at least one row of the replaced code lines in the source code of the patched function, where the patch script includes the patch code corresponding to the replacement code and the replaced code is The location in the source code;
  • the patch generation module 602 is configured to generate, according to the patch script, a patch module that replaces the replaced code
  • the positioning module 603 is configured to locate a start position and an end position of the corresponding instruction in the binary program according to the position of the replaced code in the source code, and add to the patch module.
  • the patch generation module 602 includes: a script language translator 6021 and a patch module compiler 6022; the script language translator 6021 is configured to convert the patch script into a schedule.
  • the code of the type language is compiled into a loadable kernel module; the patch module compiler 6022 is configured to compile the kernel module into a patch module in the form of a binary program.
  • the device of the embodiment can use the patch to replace one or more lines of code in the function source code, thereby implementing software upgrade; since the patch is generated for the code line, the production process is simple and fast, and the patch of the invention is applied. Upgrade the software to avoid replacing the whole function for a small problem, and reduce the granularity of the repair of the program.
  • the patch created by the method of the present invention can perform online upgrade of multiple functions in the original program without considering many The mutual calling relationship between functions; compared with related technologies, it can improve the efficiency of software upgrade, reduce the complexity of patch production, and improve the security and reliability of patch upgrade.
  • Embodiment 5 is a diagrammatic representation of Embodiment 5:
  • this embodiment provides a patch activation device, including an acquisition module 801, an instruction setting module 802, and a return setting module 803;
  • the obtaining module 801 is configured to obtain a patch module, where the patch module includes a patch code corresponding to at least one row of the replaced code line in the source code of the patched function, and a start position of the command corresponding to the replaced code in the binary program. End position
  • the instruction setting module 802 is configured to set, according to the start position, a jump instruction for jumping to execute the patch code, so that when the execution to the start position is performed, the jump instruction is executed to jump to the execution location
  • the patch code in the patch module
  • the returning device module 803 is configured to: after the execution of the patch code, return to the patched function to continue running code according to the ending position.
  • the instruction setting module 802 is configured to modify an instruction executed to the start position to jump to a jump instruction to execute the patch code.
  • a mounting module 804 may also include a mounting module 804;
  • the installation module 804 is configured to install a detection point and a return point of the patch module, where the detection point is the start position, the return point is the end position, and a patch function is installed when the probe point is installed. Associated to the probe point;
  • the instruction setting module 802 is configured to modify the detected instruction of the probe point to use a breakpoint exception processing function to jump to a breakpoint instruction that executes the patch code, so that when the probe point is executed, Running the breakpoint instruction and jumping to execute the patch code in the patch module by a breakpoint exception handling function.
  • the instruction setting module 802 is configured to back up the detected instruction, and then replace one or more bytes in the detected instruction with a breakpoint instruction for executing a breakpoint instruction by using a breakpoint exception handling function.
  • the breakpoint exception handling function jumps to the breakpoint instruction that executes the patch code.
  • the activation device of the embodiment can be configured to enable the jump instruction to jump to execute the patch code in the patch module when the kernel runs to the start position, so that one or more lines of code can be performed during the software upgrade process. replace.
  • the embodiment of the invention also discloses a computer program, including program instructions, when the program instruction When executed by a computer, the computer is enabled to perform any of the above-described patch making methods.
  • the embodiment of the invention also discloses a carrier carrying the above computer program.
  • the embodiment of the invention also discloses a computer program, comprising program instructions, which when executed by a computer, enable the computer to execute any of the above patch activation methods.
  • the embodiment of the invention also discloses a carrier carrying the above computer program.
  • the technical solution of the present invention solves the problem that the patching of the related program upgrade is cumbersome, the repair granularity is relatively coarse, and the problem that multiple patched functions are mutually referenced cannot be well solved. Therefore, the present invention has strong industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un procédé et un dispositif de création de correctif, un procédé et un dispositif pour activer un correctif, une instruction de programme correspondante et un support de l'instruction de programme. Le procédé de création de correctif consiste : à écrire un script correctif, correspondant à au moins une ligne de code remplacée, dans un code source où une fonction corrigée est située à l'aide d'un langage de script, le script correctif comportant un code correctif correspondant à un code de remplacement et une position dans le code source où un code remplacé est situé; à générer un module correctif pour remplacer le code remplacé en fonction du script correctif ; à positionner, au niveau d'une position de début et d'une position de fin, une instruction correspondante dans un programme binaire en fonction de la position dans le code source où le code remplacé est situé, et à ajouter ladite instruction dans le module correctif. Le procédé peut résoudre le problème selon lequel, quand un programme concerné est mis à niveau, la création de correctif est complexe et la granularité de réparation est plus grossière, et le problème selon lequel une pluralité de fonctions corrigées se faisant mutuellement référence ne peut pas être résolu de manière satisfaisante.
PCT/CN2014/090497 2014-08-21 2014-11-06 Procédé et dispositif de création de correctif, procédé et dispositif pour activer un correctif WO2015117434A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410416228.9 2014-08-21
CN201410416228.9A CN105354045A (zh) 2014-08-21 2014-08-21 补丁的制作方法及装置、补丁的激活方法及装置

Publications (1)

Publication Number Publication Date
WO2015117434A1 true WO2015117434A1 (fr) 2015-08-13

Family

ID=53777246

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090497 WO2015117434A1 (fr) 2014-08-21 2014-11-06 Procédé et dispositif de création de correctif, procédé et dispositif pour activer un correctif

Country Status (2)

Country Link
CN (1) CN105354045A (fr)
WO (1) WO2015117434A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106843933A (zh) * 2016-12-27 2017-06-13 北京五八信息技术有限公司 一种应用程序的漏洞修复方法、移动终端及补丁服务器

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107451474B (zh) * 2016-05-31 2020-06-26 百度在线网络技术(北京)有限公司 用于终端的软件漏洞修复方法和装置
CN107506293B (zh) * 2016-06-14 2022-04-22 中兴通讯股份有限公司 一种软件性能数据采集方法和装置
CN106569863B (zh) * 2016-11-10 2020-01-17 福州智永信息科技有限公司 基于资源和代码模块化的安卓app资源更新和修复的方法
CN107463375A (zh) * 2017-07-18 2017-12-12 上海斐讯数据通信技术有限公司 一种检测源代码的方法和系统
CN107908402A (zh) * 2017-08-15 2018-04-13 口碑(上海)信息技术有限公司 Java服务端热修复方法和系统
CN108009429B (zh) * 2017-12-11 2021-09-03 北京奇虎科技有限公司 一种补丁函数生成方法及装置
CN109725923A (zh) * 2018-12-27 2019-05-07 广州华多网络科技有限公司 一种软件轻量更新方法、装置及设备
CN111930413B (zh) * 2020-05-22 2023-07-21 无锡中感微电子股份有限公司 一种补丁自动生成方法、装置及系统
CN111796832B (zh) * 2020-06-30 2022-11-04 苏州三六零智能安全科技有限公司 热补丁文件生成方法、装置、设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1475909A (zh) * 2002-08-16 2004-02-18 华为技术有限公司 一种嵌入式系统软件补丁的实现和控制方法
CN103077062A (zh) * 2012-11-30 2013-05-01 华为技术有限公司 一种代码改动的检测方法和装置
US8468516B1 (en) * 2008-12-19 2013-06-18 Juniper Networks, Inc. Creating hot patches for embedded systems

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101561764B (zh) * 2009-05-18 2012-05-23 华为技术有限公司 一种多核环境下的补丁方法与补丁装置
US9052983B2 (en) * 2012-01-16 2015-06-09 International Business Machines Corporation Source code patches

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1475909A (zh) * 2002-08-16 2004-02-18 华为技术有限公司 一种嵌入式系统软件补丁的实现和控制方法
US8468516B1 (en) * 2008-12-19 2013-06-18 Juniper Networks, Inc. Creating hot patches for embedded systems
CN103077062A (zh) * 2012-11-30 2013-05-01 华为技术有限公司 一种代码改动的检测方法和装置

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106843933A (zh) * 2016-12-27 2017-06-13 北京五八信息技术有限公司 一种应用程序的漏洞修复方法、移动终端及补丁服务器

Also Published As

Publication number Publication date
CN105354045A (zh) 2016-02-24

Similar Documents

Publication Publication Date Title
WO2015117434A1 (fr) Procédé et dispositif de création de correctif, procédé et dispositif pour activer un correctif
CN102402427B (zh) 一种Java应用程序的更新方法及装置
US10114637B1 (en) Automatically updating a shared project build platform
US9378014B2 (en) Method and apparatus for porting source code
CA2292123C (fr) Methode et systeme de modification d'un fichier code executable pour accroitre la fonctionalite
KR100868762B1 (ko) 임베디드용 소프트웨어의 오류 검출 방법
US10579966B1 (en) Adapting a shared project build platform to a developer plugin
EP3265916B1 (fr) Procédé pour identifier une cause d'un échec d'un essai
Zhang et al. Pensieve: Non-intrusive failure reproduction for distributed systems using the event chaining approach
US8806436B2 (en) Systems and methods for debugging applications using dual code generation
US20110126179A1 (en) Method and System for Dynamic Patching Software Using Source Code
CN105528231A (zh) 一种基于中间辅助函数的软件动态升级方法及系统
US20150074640A1 (en) Runtime detection of software configurations and upgrades
CN104391717A (zh) 一种调试时代码动态更新方法
US20080127118A1 (en) Method and system for dynamic patching of software
Romano et al. An empirical study of bugs in webassembly compilers
Reiter et al. Automatically mitigating vulnerabilities in x86 binary programs via partially recompilable decompilation
EP3891613B1 (fr) Restauration de point de contrôle de logiciel entre des exécutables compilés distinctement
Gao et al. Scalable fuzzing of program binaries with E9AFL
Cazzola et al. Dodging unsafe update points in java dynamic software updating systems
Huang et al. {PYLIVE}:{On-the-Fly} Code Change for Python-based Online Services
CN111984329B (zh) 一种boot引导软件标准化生成、执行方法及系统
Sogaro MicroJIT: a lightweight just-in-time compiler to improve startup times
Kim et al. Optimizing unit test execution in large software programs using dependency analysis
CN115268983B (zh) 一种针对嵌入式物联网设备漏洞的热修复方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14882070

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14882070

Country of ref document: EP

Kind code of ref document: A1