1. Field
The present invention relates generally to computing systems and more specifically to codepath verification for code employed in computing systems.
2. Description of the Related Art
Current computing systems employ various means for detecting faults in code employed in the system. In certain mission critical systems, including but not limited to medical systems, defense systems, financial systems, and the like, the presence of code errors can be problematic at best and disastrous at worst. Automatic fault detection is typically employed in such mission critical systems in the form of toolkits that facilitate the recovery of systems that have experienced a fault. While such toolkits can be beneficial, they typically only assist after the fact, i.e. after a fault has occurred. Detection of problems before the fact, such as when a system is exhibiting incorrect behavior, can be difficult for the system. Such errant behavior may be apparent to a human observing system performance.
Faults such as memory leaks, address space violations, operating system resource leaks and processor leaks, such as unbound looping or spins, can be detected in many instances. However, a number of other faults may occur, and such faults cannot be detected easily.
Various mechanisms for code checking currently exist, such as algorithmic integrity checking and runtime integrity chain verification.
Algorithmic integrity checking seeks to verify that a computed value is valid and is implemented in various ways, such as computing a value using an algorithm different and separate from the main algorithm, or range checking the output of the main algorithm against a value produced by a monitoring algorithm. In deterministic situations, i.e. situations where only one answer is correct, CRC (cyclic redundancy checking) or checksums have been employed on the output of the algorithm, verified using precomputed known good values. Algorithmic integrity checking is useful for validating that a particular algorithm or program produced a valid answer. However, algorithmic integrity checking provides no insight as to how the algorithm arrived at the answer. In certain instances, the algorithm may arrive at the correct output even though performing the algorithm improperly. Such issues can delay detection of a faulty computing system.
Runtime integrity checking allows the monitoring system to determine how the observed system produced the output. Currently available runtime integrity checking tend to be CPU and/or development time intensive as they attempt to explicitly describe the execution chain and are used to detect and prevent malicious activity that leads to improper codepath execution, but as noted tends to be time consuming and can consume a great deal of system resources.
It would therefore be beneficial to offer a codepath checking procedure that overcomes present systems known in the art.