Execution of multiple execution paths

US 9,038,185 B2
Filed: 12/28/2011
Issued: 05/19/2015
Est. Priority Date: 12/28/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

ascertaining that executable code includes multiple execution paths, the multiple execution paths corresponding to one or more browser configuration parameters for different versions of a browser;

causing the executable code to be executed according to the multiple execution paths in a single execution of the executable code, the execution performed within sub-environments that individually correspond to different respective instances of the different versions of the browser; and

analyzing outputs from the execution of the multiple execution paths for one or more of malware, an error in the executable code, or an optimization for the executable code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for execution of multiple execution paths are described. In one or more embodiments, an execution of a portion of executable code is conditioned upon a particular environment-specific value. For example, the execution of the executable code can cause one type of output if the value of the variable equals a particular value, and can cause a different type of output if the value of the variable equals a different value. Techniques discussed herein can enable the executable code to be executed such that multiple outputs are produced, e.g., by executing the code according to the different values for the variable. In implementations, the multiple outputs can be analyzed for various attributes, such as presence of malware, implementation and coding errors, and so on.

40 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- ascertaining that executable code includes multiple execution paths, the multiple execution paths corresponding to one or more browser configuration parameters for different versions of a browser;
  
  causing the executable code to be executed according to the multiple execution paths in a single execution of the executable code, the execution performed within sub-environments that individually correspond to different respective instances of the different versions of the browser; and
  
  analyzing outputs from the execution of the multiple execution paths for one or more of malware, an error in the executable code, or an optimization for the executable code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer-implemented method as described in claim 1, wherein the executable code is retrieved from a webpage, and wherein the outputs correspond to content for the webpage from at least two different sources.
  - 3. A computer-implemented method as described in claim 1, wherein the browser configuration parameters include one or more of an indication of a plug-in version for the browser, an operating system version, or a device type.
  - 4. A computer-implemented method as described in claim 1, wherein the multiple execution paths comprise one or more of an if-then-else statement or a while loop, and wherein:
    - if the multiple execution paths comprise the if-then-else statement, said causing comprises causing both an if-then portion and an else portion of the if-then-else statement to be executed as part of the single execution; and
      
      if the multiple execution paths comprise the while loop, said causing comprises causing the while loop to be executed once such that a condition of terminating the loop is produced.
  - 5. A computer-implemented method as described in claim 1, wherein said causing comprises:
    - representing a variable value associated with the multiple execution paths with a symbolic value, the symbolic value being configured to maintain a conditional aspect of the variable value;
      
      executing at least a portion of the executable code based on the symbolic value; and
      
      causing concrete values to replace the symbolic value such that the multiple execution paths are further executed based on the concrete values to cause the outputs.
  - 6. A computer-implemented method as described in claim 5, wherein the causing the concrete values to replace the symbolic value is based on one or more execution policies that specify the concrete values.
  - 7. A computer-implemented method as described in claim 1, further comprising at least one of:
    - determining that at least one of the resulting outputs includes benign executable code, and that another of the resulting outputs includes malware;
      
      ordetermining that multiple of the outputs include malware.
  - 8. A computer-implemented method as described in claim 1, further comprising determining types of variables in the executable code based at least in part on the outputs, and associating the types of variables with one or more expressions in the executable code.

9. A computer-implemented method, comprising:
- representing a variable value in executable code with a symbolic value, the variable value representing a browser configuration parameter within the executable code corresponding to different versions of a browser;
  
  executing at least a portion of the executable code within sub-environments individually corresponding to different respective instances of the different versions of the browser and based on the symbolic value, the symbolic value maintaining a conditional aspect of the variable value during said executing; and
  
  applying multiple concrete values to the symbolic value in response to an indication of an output for the symbolic value, said applying causing multiple different outputs to be provided within the sub-environments and based on an execution of the conditional aspect with the multiple concrete values.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A computer-implemented method as described in claim 9, wherein said executing and said applying are performed during a single execution of the executable code.
  - 11. A computer-implemented method as described in claim 9, wherein the conditional aspect comprises an if-then-else statement, and wherein said applying comprises replacing the symbolic value with at least one of the multiple concrete values for the if-then portion of the if-then statement, and replacing the symbolic value with at least another of the multiple concrete values for the else portion of the if-then-else statement such that both the if-then portion and the else portion are executed.
  - 12. A computer-implemented method as described in claim 9, further comprising analyzing one or more of the multiple different outputs for malware.
  - 13. A computer-implemented method as described in claim 9, further comprising analyzing one or more of the multiple different outputs for coding errors in the executable code or code optimizations for the executable code.

14. A system comprising:
- one or more hardware processors; and
  
  one or more computer-readable storage devices storing computer-executable instructions that are executable by the one or more hardware processors, the computer-executable instructions comprising;
  
  a module including instructions for performing operations including executing executable code within sub-environments according to two or more alternative execution paths in a single execution of the executable code, the alternative execution paths corresponding to one or more browser configuration parameters for different versions of a browser; and
  
  execution policies that specify how the alternative execution paths are to be executed by the module and that specify within the policies the browser configuration parameters that are to be used to execute the alternative execution paths within the sub-environments.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A system as recited in claim 14, wherein the module is configured to execute the executable code by:
    - representing a variable value for the executable code with a symbolic value that maintains a conditional aspect of the variable value during execution of at least a portion of the executable code;
      
      ascertaining an indication of an output for the variable value from the executable code; and
      
      applying concrete values to the variable value and based on the symbolic value such that execution of the executable code according to the two or more alternative execution paths produces multiple different outputs.
  - 16. A system as recited in claim 15, further comprising a malware detection module configured to individually analyze the multiple different outputs for the presence of malware.
  - 17. A system as recited in claim 15, further comprising a bug detection module configured to individually analyze the multiple different outputs for one or more of coding errors in the executable code or coding optimizations for the executable code.
  - 18. A system as recited in claim 14, wherein the browser configuration parameters comprise one or more of representations of different versions of software plug-ins, different operating systems, or different device types.
  - 19. A system as recited in claim 14, wherein the browser configuration parameters comprise one or more of a software configuration parameter or a hardware configuration parameter.
  - 20. A system as recited in claim 14, wherein the executable code corresponds to a webpage and wherein the operations further include:
    - prior to display of the webpage, using the execution policies to provide different outputs of the webpage;
      
      analyzing the different outputs to ascertain whether one or more of malware or a code error are present in the web page; and
      
      causing display of the webpage responsive to determining that no malware or no code error is present in the different outputs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Livshits, Benjamin, Zorn, Benjamin Goth, Seifert, Christian, Kolbitsch, Clemens
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US13/339,322
Publication Number

US 20130174258A1
Time in Patent Office

1,238 Days
Field of Search

726/24
US Class Current

726/24
CPC Class Codes

G06F 11/3612   by runtime analysis perform...

G06F 11/3688   for test execution, e.g. sc...

G06F 21/566   Dynamic detection, i.e. det...

Execution of multiple execution paths

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Execution of multiple execution paths

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links