Data processing: software development – installation – and managem – Software program development tool – Translation of code
Reexamination Certificate
1997-12-01
2001-06-26
Powell, Mark R. (Department: 2122)
Data processing: software development, installation, and managem
Software program development tool
Translation of code
C717S152000, C717S152000, C713S182000, C713S152000
Reexamination Certificate
active
06253370
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to the processing of mobile, computer programs, and more particularly to annotating such programs to assist downstream processing phases.
BACKGROUND
In computer systems, and particularly in networked computer systems, computers commonly acquire programs to execute from other computers. Before executing an acquired program, the acquiring computer typically performs processing on the program. For example, the computer may compile the program into machine language native to that computer. As another example, the computer may verify that the program satisfies certain security constraints. This verification is particularly important because, generally, the computer distrusts the acquired program; the security checks ensure that the program does not tamper with files and other resources of the computer.
FIG. 1
illustrates a typical prior art network
100
in which a first computer
110
uses a program processing tool
112
to verify and compile a program downloaded from a second computer
120
. The program downloaded from the second computer
120
is in an intermediate form
130
that represents the program. The second computer
120
used an intermediate code generator
150
to generate the intermediate form
130
from source code
140
of the program. At the first computer
110
, the processing tool
112
analyzes the code
130
to determine whether the code
130
is safe to compile and execute. The tool
112
also performs code optimization techniques to produce executable machine code
160
native to the first computer
110
.
Security checks and compiler analyses consume system time and, as a result, can reduce performance. These analyses can also be ineffective because of insufficient information to perform a proper security check or insufficient time to thoroughly process available information.
Security checks, for example, may err on the side of caution and reject secure code because the information necessary to prove that the code is secure is lacking. Moreover, a security check itself may be a source of vulnerability because it is incorrectly designed or improperly implemented. Unwittingly, this security check may leave open doors for attack. Also, some compilers, such as just-in-time compilers, may not have sufficient time to perform thorough analysis for optimization. Without enough time for optimization, the machine code may perform poorly.
As a result, a need remains for a method and an apparatus that facilitate security checks and code analyses. Such a method and apparatus can lead to improved accuracy of the security checks and to machine code that performs better than what can currently be generated.
SUMMARY
In accordance with the present invention, an objective is to enhance program code, such as mobile code, with supplementary information that will help subsequent processing stages. Having such information available during subsequent processing stages will, for example, lead to more accurate determinations of the security of the code and to improved performances of generated machine code.
A method performed according to the principles of the invention achieves the aforementioned and other objectives when processing intermediate code generated at a first computer system by generating annotations for the code. The annotations provide information about the intermediate code that can be used to process the code. A second computer system receiving the code and the annotations can then process the code according to the information provided by the annotations.
The annotations, in general, provide information that is useful to the second computer system for processing the code. For example, the annotations can be a control flow graph that represents an execution flow of the code. Also, the annotations can provide a register allocation that maps the data structures of the code to machine registers of the second computer system. Other annotations can provide method offsets. Such information provided by the annotations can be useful to the second computer system, for example, when interpreting or compiling the code. As yet another example, the annotations can indicate whether running the code would perform unauthorized operations on the second computer system.
These annotations can be generated at a number of locations in a network before being transmitted to the second computer system. For example, the first computer system that produced the code can also produce the annotations and send both the code and the annotations to the receiving computer system. The first computer system may produce the code and the annotations concurrently or produce the annotations after the code has been generated. Also, the first computer system may add the annotations to the code and send both together to the second computer system, or store the annotations separately from the code and transmit the annotations and code separately. In still another example, a third computer system between the first and second computer systems, for example, a computer on a firewall protecting the second computer system from receiving potentially harmful programs, can generate and transmit the annotations to the second computer system.
Just as code from the first computer cannot always be trusted, downloaded annotations should also not be trusted unless a trusted system, such as the aforementioned third computer system on the firewall, generated the annotations. When the annotations come from an untrusted system, the second computer system must check the correctness of the annotations that the second computer system uses. Checking the analysis provided by the annotations, however, is often faster and simpler than performing the analysis, so the invention still improves the performance and reduces the vulnerability of the second computer system.
In terms of the disclosed apparatus, the invention comprises a first computer system and a second computer system coupled to each other by a network. The second computer system requests a computer program from the first computer system. An annotator generates an annotation for the program. The annotation provides information about the program that characterizes the program. The second computer system receives the code and the annotation and processes the code according to the information provided by the annotation.
REFERENCES:
patent: 5418958 (1995-05-01), Goebel
patent: 5734822 (1998-03-01), Houha et al.
Necular et al., “The Design and Implementation of a Certifying Compiler”, ACM, pp. 333-344, Jun. 1998.*
Myers, “JFlow: Practical Mostly-Static Information Flow Control”, ACM, pp. 228-241, Jan. 1999.*
Thorn, “Programming Language for Mobile Code”, ACM Computing Surveys, vol. 29, No. 3, pp. 213-239, Sep. 1997.*
Aho et a., “Compilers, Principles, Techniques, and Tools”, Addison-Wesley, pp. 10-15, 396-400, 517-518, 528-533, Mar. 1988.*
George C. Necula and Peter Lee, “Proof-Carrying Code,” CMU-CS-96-165.
Peter Lee's Web Page: http://www.cscmu.edu/~petel/papers/pcc/, “Proof-Carry Code,” printed Nov. 26, 1997.
Peter Lee and George C. Necula, “Research on Proof-Carrying Code for Mobile-Code Security,” DARPA Workshop on Foundations for Secure Mobile Code, Mar. 26-27, 1997.
The ANDF Home Page: http://www.osf.org/andf/, “A Brief Introduction to ANDF”, printed Oct. 1, 1997.
Abadi Martin
Ghemawat Sanjay
Stata Raymond Paul
Cesari and McKenna LLP
Compaq Computer Corporation
Paul Edwin H.
Powell Mark R.
Vo Ted. T.
LandOfFree
Method and apparatus for annotating a computer program to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for annotating a computer program to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for annotating a computer program to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2542632