Methods, apparatus, and data structures for data driven computer patches and static analysis of same
First Claim
1. A computer implemented process intended to execute within a dynamically linked computing environment, the dynamically linked computing environment capable of supporting a plurality of computer implemented processes, the dynamically linked computing environment providing a given function available for use by said plurality of computer implemented processes, the computer implemented process having a dynamically linked and patched library structure comprising:
- a root code fragment including root functionality for said computer implemented process, said computer implemented process using said given function, said root code fragment including a main symbol and at least one import symbol, wherein said main symbol is used to launch said computer implemented process after it has been bound to any import library code fragments that it requires;
an import library code fragment linked to said root code fragment by said at least one library import symbol, such that said import library code fragment can be bound to said root code fragment prior to said launch of said computer implemented process; and
a patch library code fragment stored in a predefined format such that the patch library code fragment is discernible when the computer implemented process is in a quiescent state, the patch library code fragment including a patch description data structure having at least one patch descriptor which indicates a patch which is intended to affect said given function utilized by said computer implemented process,wherein the presence of said patch library code fragment in said dynamically linked and patched library structure is operable to affect a functionality of said given function only with respect to said computer implemented process.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention teaches a variety of methods, apparatus and data structures for providing data driven patching. According to one embodiment, patches are stored in a known format in a discernible location. In the described embodiment, each fragment code may have a corresponding patch library. This enables the patches to be located and analyzed in a quiescent state. In a method aspect of the present invention, the operating system, or a separate utility program, can evaluate and selectively add patches. Therefore, the present invention introduces a patch integrity validation layer into the patching process. In another method aspect, the invention teaches evaluating the patches in a quiescent state whereby the patches introduced by a program or a combination of programs may be exhaustively evaluated prior to execution.
340 Citations
41 Claims
-
1. A computer implemented process intended to execute within a dynamically linked computing environment, the dynamically linked computing environment capable of supporting a plurality of computer implemented processes, the dynamically linked computing environment providing a given function available for use by said plurality of computer implemented processes, the computer implemented process having a dynamically linked and patched library structure comprising:
-
a root code fragment including root functionality for said computer implemented process, said computer implemented process using said given function, said root code fragment including a main symbol and at least one import symbol, wherein said main symbol is used to launch said computer implemented process after it has been bound to any import library code fragments that it requires; an import library code fragment linked to said root code fragment by said at least one library import symbol, such that said import library code fragment can be bound to said root code fragment prior to said launch of said computer implemented process; and a patch library code fragment stored in a predefined format such that the patch library code fragment is discernible when the computer implemented process is in a quiescent state, the patch library code fragment including a patch description data structure having at least one patch descriptor which indicates a patch which is intended to affect said given function utilized by said computer implemented process, wherein the presence of said patch library code fragment in said dynamically linked and patched library structure is operable to affect a functionality of said given function only with respect to said computer implemented process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for binding a computer implemented process in preparation for execution within a dynamically linked computing environment, the dynamically linked computing environment capable of supporting a plurality of computer implemented processes, the dynamically linked computing environment providing a given function available for use by said plurality of computer implemented processes, the computer implemented process having a dynamically linked and patched library structure, the method comprising the steps of:
-
retrieving a root code fragment including root functionality for said computer implemented process, said computer implemented process using said given function, said root code fragment including a main symbol and a list of import symbols, wherein said main symbol is used to launch said computer implemented process after it has been bound to any import library code fragments that it requires; retrieving all import library code fragments linked to said root code fragment due to the inclusion of a symbol in said library code fragment that corresponds to a symbol in said list of import symbols; determining which patch library code fragments are linked to said retrieved import library code fragments, each of said patch library code fragments including a patch description data structure having at least one patch which affects said given function utilized by said computer implemented process; binding all import library code fragments that are linked to said root fragment to said root fragment; and installing said at least one patch to affect the use of said given function by said computer implemented process such that a call made by said computer implemented process to said given function is re-directed to said patch, wherein the installation of said patch library code fragment in said dynamically linked and patched library structure is operable to affect a functionality of said given function only with respect to said computer implemented process. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A method for statically testing a computer implemented process intended for execution within a dynamically linked computing environment, the dynamically linked computing environment capable of supporting a plurality of computer implemented processes, the dynamically linked computing environment providing a given function available for use by said plurality of computer implemented processes, the computer implemented process having a dynamically linked and patched library structure, the method comprising:
-
retrieving a root code fragment including root functionality for said computer implemented process, said computer implemented process using said given function, said root code fragment including a main symbol and a list of import symbols, wherein said main symbol is used to launch said computer implemented process after it has been bound to any import library code fragments that it requires; retrieving all import library code fragments linked to said root code fragment due to the inclusion of a symbol in said library code fragment that corresponds to a symbol in said list of import symbols; determining which patch library code fragments are linked to said retrieved import library code fragments, each of said patch library code fragments including a patch description data structure including at least one patch which affects said given function utilized by said computer implemented process, the linking of said at least one patch being operable to affect said given function only with respect to said computer implemented process; binding all import library code fragments that are linked to said root fragment to said root fragment; and statically analyzing the functionality of said at least one patch to predict the result of a call made by said computer implemented process to said given function after said call has been re-directed to said patch. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A binding manager for binding a dynamically linked and patched library structure into a desired process intended for execution within a dynamically linked computing environment, the dynamically linked computing environment capable of supporting a plurality of computer implemented processes, the dynamically linked computing environment providing a given function available for use by said plurality of computer implemented processes, the binding manager comprising:
-
digital processor means; memory means coupled to said digital processor means; fragment retrieving means executing on said digital processor means for retrieving root code fragments and import library code fragments stored in said memory means, wherein each of said root code fragments includes root functionality for a desired process, said desired process using said given function, each root code fragment including a main symbol and a list of import symbols, wherein said main symbol is used to launch said desired process after it has been bound to any import library code fragments that it requires, and wherein said import library code fragments are linked to said root code fragment due to the inclusion of a symbol in said library code fragment that corresponds to a symbol in said list of import symbols; fragment handling means executing on said digital processor means for determining which patch library code fragments are linked to said retrieved import library code fragments, said patch library code fragments each including a patch description data structure including at least one patch which affects said given function utilized by said desired process, the linking of said at least one patch being operable to affect said given function only with respect to said desired process; binding means executing on said digital processor for binding all import library code fragments that are linked to said root fragment to said root fragment; and patch manager means executing on said digital processor for installing said at least one patch to affect the use of said given function by said desired process such that a call made by said desired process to said given function is re-directed to said patch. - View Dependent Claims (34, 35, 36)
-
-
37. A static patch analyzer for analyzing a dynamically linked and patched library structure intended for use within a dynamically linked computing environment, the dynamically linked computing environment capable of supporting a plurality of computer implemented processes, the dynamically linked computing environment providing a given function available for use by said plurality of computer implemented processes, the static patch analyzer comprising:
-
digital processor means; memory means coupled to said digital processor means; fragment retrieving means executing on said digital processor means for retrieving root code fragments and import library code fragments stored in said memory means, wherein each of said root code fragments includes root functionality for a desired process, said desired process using said given function, each root code fragment including a main symbol and a list of import symbols, wherein said main symbol is used to launch said desired process after it has been bound to any import library code fragments that it requires, and wherein said import library code fragments are linked to said root code fragment due to the inclusion of a symbol in said library code fragment that corresponds to a symbol in said list of import symbols; fragment handling means executing on said digital processor means for determaining which patch library code fragment are linked to said retrieved import library code fragments, said patch library code fragment including a patch description data structure including at least one patch which affects said given function utilized by said desired process, the linking of said at least one patch being operable to affect said given function only with respect to said desired process; binding means executing on said digital processor for binding all import library code fragments that are linked to said root fragment to said root fragment; and patch analyzer means for statically analyzing the functionality of said at least one patch to predict the result of a call made by said desired process to said given function after said call has been re-directed to said patch. - View Dependent Claims (38, 39, 40, 41)
-
Specification