Revertable managed execution image instrumentation

US 8,732,674 B1
Filed: 11/14/2012
Issued: 05/20/2014
Est. Priority Date: 11/14/2012
Status: Active Grant

First Claim

Patent Images

1. An instrumentation process for making changes to a software program during an execution of the software program by a machine having a processor and a memory in operable communication with the processor, the software program having a digital execution image which is being executed by the machine along an execution path during a current execution, the software program also having a pre-execution image which is stored in a computer-readable storage location apart from the execution image, the process comprising the steps of:

obtaining in the machine memory an instrumentation context for the software program'"'"'s execution image, wherein the obtaining step includes the machine executing at least one high-level programming language statement, and wherein the instrumentation context includes a set of function identifications which identify at least one function from the execution image which is in the execution path and also identify at least one other function from the execution image which is not in the execution path;

querying the instrumentation context using a high-level programming language query which specifies at least one query criterion to be satisfied;

receiving in the machine memory a query response which identifies one or more functions in the program'"'"'s execution image that satisfy the query regardless of whether those functions have executed yet during the current execution of the program, the one or more identified functions referred to here as query-satisfying functions; and

transforming a function body of at least one of query-satisfying functions in the program'"'"'s execution image without thereby modifying the program'"'"'s pre-execution image.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A target program is instrumented during execution by using statements in high-level programming languages, without restarting the target and without modifying the compiled binary of the target on disk. The target and the analysis program modifying it may each include managed code. The target program is presented by an instrumentation API as a queryable database, rather than a mere sequence of processor-level instructions. An instrumentation context for the target program'"'"'s execution image is obtained, with identifications of functions, individual instructions, and other instrumentable items that satisfy criteria specified in a query. Functions and low-level instructions may be identified as satisfying the query regardless of whether they have executed yet. High-level statements transform query-satisfying items in the target'"'"'s execution image, by appending code, injecting a fault, replacing an individual instruction, or replacing an individual operand. Instrumentation transformations may be reverted without restarting execution and without reverting to the pre-execution image.

45 Citations

View as Search Results

20 Claims

1. An instrumentation process for making changes to a software program during an execution of the software program by a machine having a processor and a memory in operable communication with the processor, the software program having a digital execution image which is being executed by the machine along an execution path during a current execution, the software program also having a pre-execution image which is stored in a computer-readable storage location apart from the execution image, the process comprising the steps of:
- obtaining in the machine memory an instrumentation context for the software program'"'"'s execution image, wherein the obtaining step includes the machine executing at least one high-level programming language statement, and wherein the instrumentation context includes a set of function identifications which identify at least one function from the execution image which is in the execution path and also identify at least one other function from the execution image which is not in the execution path;
  
  querying the instrumentation context using a high-level programming language query which specifies at least one query criterion to be satisfied;
  
  receiving in the machine memory a query response which identifies one or more functions in the program'"'"'s execution image that satisfy the query regardless of whether those functions have executed yet during the current execution of the program, the one or more identified functions referred to here as query-satisfying functions; and
  
  transforming a function body of at least one of query-satisfying functions in the program'"'"'s execution image without thereby modifying the program'"'"'s pre-execution image.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The instrumentation process of claim 1, wherein the transforming step comprises at least one of the following:
    - appending code at the beginning of at least one query-satisfying function, appending code at the end of at least one query-satisfying function.
  - 3. The instrumentation process of claim 1, wherein the transforming step comprises injecting a fault in at least one query-satisfying function.
  - 4. The instrumentation process of claim 1, wherein the transforming step comprises at least one of the following for each of at least one query-satisfying function:
    - replacing at most three individual instructions of the query-satisfying function without replacing the entire function, replacing one or more operands of at most three individual instructions of the query-satisfying function without replacing the entire function.
  - 5. The instrumentation process of claim 1, further comprising reverting transformation of at least one query-satisfying function without restarting execution of the software program.
  - 6. The instrumentation process of claim 1, further comprising reverting transformation of at least one query-satisfying function without reverting the program'"'"'s execution image to the program'"'"'s pre-execution image.

7. A computer-readable storage medium configured with data and with instructions that when executed by at least one processor causes the processor(s) to perform a technical process for instrumentation of an execution image of a software program while the software program is being executed along an execution path during a current execution, the software program also having a pre-execution image which is stored apart from the execution image, the process comprising the steps of:
- obtaining in a machine memory accessible to the processor(s) an instrumentation context for the software program'"'"'s execution image, the instrumentation context including item identifications which identify items from the execution image which include at least one item from the execution image which is in the execution path and also include at least one other item from the execution image which is not in the execution path;
  
  querying the instrumentation context using instructions compiled from a query specified in a high-level programming language, the query specifying at least one query criterion to be satisfied;
  
  receiving in the machine memory a query response which identifies at least one item in the program'"'"'s execution image that satisfies the query, including at least one identified item which has not yet executed during the current execution of the program, the identified item(s) referred to here as query-satisfying item(s), the query-satisfying item(s) including at least one of the following;
  
  a query-satisfying function, a query-satisfying low-level instruction; and
  
  transforming at least one query-satisfying item in the program'"'"'s execution image, thereby altering a functionality aspect of the execution image, namely, execution of the transformed item provides different functionality than would be provided by execution of the item without transforming the item, and wherein the transforming step is accomplished without modifying the program'"'"'s pre-execution image.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage medium of claim 7, wherein the transforming step comprises at least one of the following:
    - appending code at the beginning of at least one query-satisfying function;
      
      appending code at the end of at least one query-satisfying function;
      
      injecting a fault in at least one query-satisfying function;
      
      replacing an individual low-level instruction without replacing any adjacent low-level instruction and without replacing any operand of any adjacent low-level instruction;
      
      replacing at least one operand of an individual low-level instruction without replacing any adjacent low-level instruction and without replacing any operand of any adjacent low-level instruction.
  - 9. The computer-readable storage medium of claim 7, wherein the process further comprises at least one of the following:
    - reverting transformation of at least one query-satisfying item without restarting execution of the software program;
      
      reverting transformation of at least one query-satisfying item without reverting the program'"'"'s execution image to the program'"'"'s pre-execution image.
  - 10. The computer-readable storage medium of claim 7, wherein the query-satisfying item comprises at least one of the following:
    - a bytecode instruction;
      
      a Common Intermediate Language instruction;
      
      a low-level virtual machine instruction.
  - 11. The computer-readable storage medium of claim 7, wherein the query includes a declarative Language Integrated Query expression.
  - 12. The computer-readable storage medium of claim 7, wherein at least one of the following conditions occurs:
    - the receiving step receives a query response which identifies every item in the program'"'"'s execution image that satisfies the query;
      
      the transforming step transforms every query-satisfying item in the program'"'"'s execution image.

13. An instrumentation computer system comprising:
- a logical processor;
  
  a memory in operable communication with the logical processor;
  
  a current execution image of a software program, namely, an image of the software program as the software program is being executed by the instrumentation computer system during a current execution along an execution path, the software program also having a pre-execution image;
  
  an instrumentation application program interface (“
  
  instrumentation API”
  
  ) residing in the memory of the instrumentation computer system and directly accessible in a high-level programming language, the instrumentation API having constituent interfaces which include a query interface and a transformation interface;
  
  a query interface implementation having code which upon execution will identify query-satisfying items in the execution image which include at least one item in the execution image which is in the execution path and also include at least one other item in the execution image which is not in the execution path, namely, items in the execution image which satisfy query criteria set forth in an invocation of the query interface regardless of whether such items have been executed during the current execution; and
  
  a transformation interface implementation having code which upon execution will transform an item identified by the query interface implementation, thereby altering functionality of the current execution image in that execution of the transformed item provides different functionality than the functionality that would be provided by execution of the item without transforming the item, and wherein the item is transformed without modifying the pre-execution image.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The instrumentation computer system of claim 13, wherein the pre-execution image includes a signed assembly.
  - 15. The instrumentation computer system of claim 13, wherein the high-level programming language is among the following:
    - a programming language which compiles to bytecode, a Common Language Infrastructure programming language, a programming language which is not compiled directly to native processor instructions.
  - 16. The instrumentation computer system of claim 13, wherein the execution image comprises managed code.
  - 17. The instrumentation computer system of claim 13, wherein the transformation interface implementation includes code which upon execution will do at least one of the following:
    - append code at the beginning of at least one query-satisfying function of the execution image;
      
      append code at the end of at least one query-satisfying function of the execution image;
      
      inject a fault in at least one query-satisfying function of the execution image;
      
      replace an individual low-level instruction of the execution image without replacing any adjacent low-level instruction and without replacing any operand of any adjacent low-level instruction;
      
      replace at least one operand of an individual low-level instruction of the execution image without replacing any adjacent low-level instruction and without replacing any operand of any adjacent low-level instruction.
  - 18. The instrumentation computer system of claim 13, wherein at least one of the following conditions occurs:
    - transformation interface implementation code reverts transformation of at least one query-satisfying item without restarting execution of the software program;
      
      transformation interface implementation code reverts transformation of at least one query-satisfying item without reverting the program'"'"'s execution image to the program'"'"'s pre-execution image.
  - 19. The instrumentation computer system of claim 13, wherein at least one of the following conditions occurs:
    - the memory of the instrumentation computer system contains a query response which identifies every item in the program'"'"'s execution image that satisfies the query criteria;
      
      transformation interface implementation code transforms every query-satisfying item in the program'"'"'s execution image.
  - 20. The instrumentation computer system of claim 13, wherein the memory of the instrumentation computer system contains an instrumentation context for the current execution image, and the instrumentation context identifies at least one query-satisfying function which has not been executed during the current execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Agha, Karim
Primary Examiner(s)
Das, Chameli

Application Number

US13/676,189
Publication Number

US 20140137078A1
Time in Patent Office

552 Days
Field of Search

None
US Class Current

717/130
CPC Class Codes

G06F 9/45516 Runtime code conversion or ...

Revertable managed execution image instrumentation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Revertable managed execution image instrumentation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links