As more and more people rely upon computers to perform a variety of tasks, the importance of system reliability or system robustness increases. Ideally, a computer should operate without error. However, in reality, errors occur during operation. Therefore, the key to increasing system robustness is decreasing the number of errors.
One factor that can negatively impact system robustness is the execution of an invalid program. If an invalid program is executed, then an error can occur. The severity of the error is unpredictable. A benign error might cause an error message to be presented to the user. However, a more serious error might require that the user restart the computer. Therefore, to increase system robustness, the execution of an invalid program should be prevented.
A computer user can obtain files containing executable programs from a number of different sources, including downloading files from a network, such as the Internet. A program obtained from a familiar source, such as an established computer software company, is more likely to have undergone extensive testing and debugging to ensure that the program is valid, than a program obtained from an unfamiliar source, such as an unknown author of an Internet page.
One possible solution to the problem of executing an invalid program would be to only execute programs that have been validated. If a program is signed, then the program could be validated during the signing process. A set of inputs to the program could be tested as a prerequisite to signing the program. If the program can execute without error for the tested set of inputs, then a digital signature would be associated with the program to indicate that the program is valid for the tested set of inputs. To prevent the execution of an invalid program, only signed programs would be executed. A drawback to this solution is that there are many valid programs that are not signed. These programs are commonly referred to as legacy programs. If only signed programs are allowed to be executed, then legacy programs cannot be executed, even though many of the legacy programs are valid. Thus, there is a need in the art for a method for preventing the execution of an invalid program that allows the execution of both signed and unsigned programs.
Another possible solution to the problem of executing an invalid program would be to check the input parameters to the instructions of the program before executing the instructions. A program is invalid if the parameters used by any of the instructions of the program during execution are invalid. Therefore, the input parameters used by an instruction could be checked before the instruction is executed to prevent the execution of an invalid program. A disadvantage of this solution is that it is slow. Typically, the performance of a program is critical at the time the program is executed. If the input parameters to each instruction are checked before each instruction is executed, then the parameter checking degrades the performance of the program. Thus, there is also a need in the art for a method for preventing the execution of an invalid program without the delay associated with parameter checking.