Abstract: A system for providing ongoing verification of released software components utilizes feedback from a pool of devices that each locally execute a verification component. The verification component randomly selects one or more locally-executing software components, captures information associated with the randomly-selected software components responsive to detection of events satisfying one or more capture conditions, and communicates the captured information to a software component verification and analysis service. The total number of the randomly-selected software components within the verification pool is set to statistically guarantee that each one of the software components available for random selection is randomly selected on at least one of the plurality of processing devices within the verification pool.

Abstract: Interaction between operating system components and device drivers via device driver function call addresses is monitored. Each device driver is configured to interface with at least one hardware component of a computing system. One or more verification functions of an extended device driver verification component are registered for at least one of the device driver function call addresses, each defining a predetermined verification condition. A device driver function call to one of the device driver function call addresses is intercepted and evaluated against the predetermined verification condition of the verification function registered for the device driver function call address of the intercepted device driver function.

Abstract: Interaction between operating system components and device drivers via device driver function call addresses is monitored. Each device driver is configured to interface with at least one hardware component of a computing system. One or more verification functions of an extended device driver verification component are registered for at least one of the device driver function call addresses, each defining a predetermined verification condition. A device driver function call to one of the device driver function call addresses is intercepted and evaluated against the predetermined verification condition of the verification function registered for the device driver function call address of the intercepted device driver function.

Abstract: Interaction between operating system components and device drivers via device driver function call addresses is monitored. Each device driver is configured to interface with at least one hardware component of a computing system. One or more verification functions of an extended device driver verification component are registered for at least one of the device driver function call addresses, each defining a predetermined verification condition. A device driver function call to one of the device driver function call addresses is intercepted and evaluated against the predetermined verification condition of the verification function registered for the device driver function call address of the intercepted device driver function.

Abstract: A system for providing ongoing verification of released software components utilizes feedback from a pool of devices that each locally execute a verification component. The verification component randomly selects one or more locally-executing software components, captures information associated with the randomly-selected software components responsive to detection of events satisfying one or more capture conditions, and communicates the captured information to a software component verification and analysis service. The total number of the randomly-selected software components within the verification pool is set to statistically guarantee that each one of the software components available for random selection is randomly selected on at least one of the plurality of processing devices within the verification pool.

Abstract: Systems and methods are described for verifying functionality of a computing device. A set of rules are sent to a computing device identifying a device driver. Data is received from the one device that is indicative of collected driver data of the computing device. The data is collected by a driver verifier function executing on the computing device. The driver verifier function is configured to capture information associated with the identified device driver identified by the set of rules. The received data is parsed to categorize the data with previously collected driver data of other computing devices. The data is categorized based on attributes of the collected driver data. The categorized data is provided for analysis of the driver health on the computing device.

Abstract: Systems and methods are described for verifying functionality of a computing device. Rules are received that are usable to configure a driver verifier function to capture information associated with a device driver identified by the rules. The configured driver verifier function is run on a computing device. The information is captured in response to driver conditions identified by the rules. The computing device is allowed to continue operation when the driver condition includes an error condition of the identified device driver. A communication is initiated to transmit the captured information to a driver verification analysis service.

Abstract: Systems and methods are described for verifying functionality of a computing device. Rules are received that are usable to configure a driver verifier function to capture information associated with a device driver identified by the rules. The configured driver verifier function is run on a computing device. The information is captured in response to driver conditions identified by the rules. The computing device is allowed to continue operation when the driver condition includes an error condition of the identified device driver. A communication is initiated to transmit the captured information to a driver verification analysis service.

Abstract: Systems and methods are described for verifying functionality of a computing device. A set of rules are sent to a computing device identifying a device driver. Data is received from the one device that is indicative of collected driver data of the computing device. The data is collected by a driver verifier function executing on the computing device. The driver verifier function is configured to capture information associated with the identified device driver identified by the set of rules. The received data is parsed to categorize the data with previously collected driver data of other computing devices. The data is categorized based on attributes of the collected driver data. The categorized data is provided for analysis of the driver health on the computing device.

Abstract: A stateful rules verification platform is described that support timed state transitions. The verification platform implements a specification language to provide a formal definition for rules used to test target systems having a central module that provides APIs (“API provider”) and applications (“API clients”) that use the APIs. Rules may be defined in terms of transitions on state elements associated with interactions between API providers and API clients. The rules defined in accordance with the specification language enable run-time verification in which calls may be intercepted and run-time code to implement checks may automatically be generated and injected to test behaviors of the intercepted calls. The same set of rules may also be employed for static verification during compilation. Additionally, the specification language includes constructs to specify timed state transitions for at least some rules that impose time limits on state transitions specified by the rules.

Abstract: A stateful rules verification platform is described. The verification platform implements a specification language to provide a formal definition for rules used to test target systems having a central module that provides APIs (“API provider”) and applications (“API clients”) that use the APIs. Rules may be defined in terms of transitions on state elements associated with interactions between API providers and API clients. The rules defined in accordance with the specification language enable run-time verification in which calls may be intercepted and run-time code to implement checks may automatically be generated and injected to test behaviors of the intercepted calls. The same set of rules may also be employed for static verification during compilation. Additionally, the specification language includes constructs to provide rule descriptions and comments with rules definitions that facilitate publication of the rules and documentation of misbehavior identified during verification.

Abstract: A stateful rules verification platform is described that support timed state transitions. The verification platform implements a specification language to provide a formal definition for rules used to test target systems having a central module that provides APIs (“API provider”) and applications (“API clients”) that use the APIs. Rules may be defined in terms of transitions on state elements associated with interactions between API providers and API clients. The rules defined in accordance with the specification language enable run-time verification in which calls may be intercepted and run-time code to implement checks may automatically be generated and injected to test behaviors of the intercepted calls. The same set of rules may also be employed for static verification during compilation. Additionally, the specification language includes constructs to specify timed state transitions for at least some rules that impose time limits on state transitions specified by the rules.

Abstract: Various embodiments provide per group verification techniques in which code may be verified against one or more rules on a group by group basis. In one or more embodiments relationships between portions of a module to be verified can be defined. By being aware of relationships between various code portions, various embodiments can divide a module into related groups and perform verification on the basis of the groups. Multiple groups can be derived based at least in part upon the relationships. Each group can then be verified separately for compliance with one or more rules. Verification results can be output for each of the groups.

Abstract: A system is described for processing predicates in the course of analyzing a program, based on a general-purpose theory of pointers. The system converts location expressions in the predicates into logical formulae that are interpretable by a theorem prover module, producing converted predicates. This conversion associates the location expressions with location objects. More specifically, the conversion represents variables as explicitly-specified location objects, and location terms (such as a field-type access terms and dereference-type terms) as constructor-specified location objects. The theory of pointers is also expressed by a set of axioms which constrain the operation of the theorem prover module.

Abstract: An analysis engine is described for performing static analysis using CEGAR loop functionality, using a combination of forward and backward validation-phase trace analyses. The analysis engine includes a number of features. For example: (1) the analysis engine can operate on blocks of program statements of different adjustable sizes; (2) the analysis engine can identify a subtrace of the trace and perform analysis on that subtrace (rather than the full trace); (3) the analysis engine can form a pyramid of state conditions and extract predicates based on the pyramid and/or from auxiliary source(s); (4) the analysis engine can generate predicates using an increasingly-aggressive series of available discovery techniques; (5) the analysis engine can selectively concretize procedure calls associated with the trace on an as-needed basis and perform other refinements; and (6) the analysis engine can add additional verification targets in the course of its analysis, etc.

Abstract: A binary is received at a binary verification service from a binary verification client agent. The binary verification service performs binary verification of the binary, wherein binary verification includes determining whether the binary is complicit with a set of usage rules. The binary verification service sends a binary verification result to the binary verification client agent.

Abstract: A system is described for processing predicates in the course of analyzing a program, based on a general-purpose theory of pointers. The system converts location expressions in the predicates into logical formulae that are interpretable by a theorem prover module, producing converted predicates. This conversion associates the location expressions with location objects. More specifically, the conversion represents variables as explicitly-specified location objects, and location terms (such as a field-type access terms and dereference-type terms) as constructor-specified location objects. The theory of pointers is also expressed by a set of axioms which constrain the operation of the theorem prover module.

Abstract: An analysis engine is described for performing static analysis using CEGAR loop functionality, using a combination of forward and backward validation-phase trace analyses. The analysis engine includes a number of features. For example: (1) the analysis engine can operate on blocks of program statements of different adjustable sizes; (2) the analysis engine can identify a subtrace of the trace and perform analysis on that subtrace (rather than the full trace); (3) the analysis engine can form a pyramid of state conditions and extract predicates based on the pyramid and/or from auxiliary source(s); (4) the analysis engine can generate predicates using an increasingly-aggressive series of available discovery techniques; (5) the analysis engine can selectively concretize procedure calls associated with the trace on an as-needed basis and perform other refinements; and (6) the analysis engine can add additional verification targets in the course of its analysis, etc.

Abstract: Various embodiments provide techniques to segment program code that may be the subject of static analysis. In one or more embodiments, an algorithm is applied to an abstract representation of the program code to derive segments for the program code. In at least some embodiments, multiple segments can be derived based at least in part upon of one or more “boxed” portions of the program code that are designated to remain intact within the segments. Each segment can then be subjected individually to static analysis to verify compliance with one or more prescribed behaviors. Verification results can be output for each individual segment and the individual results can be combined to obtain results for the program code overall.

Abstract: Various embodiments provide per group verification techniques in which code may be verified against one or more rules on a group by group basis. In one or more embodiments relationships between portions of a module to be verified can be defined. By being aware of relationships between various code portions, various embodiments can divide a module into related groups and perform verification on the basis of the groups. Multiple groups can be derived based at least in part upon the relationships. Each group can then be verified separately for compliance with one or more rules. Verification results can be output for each of the groups.