DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12 June, 2021 has been entered.

Examiner Amendment
2. 	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with PHILIP MAZOKI on July 14, 2021.
IN THE CLAIMS                                                                                                                                                                          
The claims are amended as follows:
(Cancelled) 

(Currently Amended) A computer-implemented method for determining unexpected behavior of a computer routine, the method comprising:
analyzing a set of computer routines to identify a given computer routine of the set of computer routines having a vulnerability to unexpected behavior wherein, the identifying includes[[ing]] determining functions and system call sequences used by each thread associated with the set of computer routines to map run time control flow of the set of computer routines and the analysis includes at least one of: (i) performing a simulation to cause at least one failure condition and observing response of at least one computer routine of the set of computer routines to the simulation, (ii) extracting a histogram including a frequency of usage associated with the set of computer routines, (iii) determining size of one or more buffer read or write computer operations associated with the set of computer routines, (iv) determining size of one or more corresponding stacks associated with the set of computer routines, (v) determining size of one or more memory read or write operations based upon examining a corresponding loop size, and (vi) performing a taint analysis of one or more computer routine of the set;
manipulating the given computer routine using a testing technique; and
determining unexpected behavior of the given computer routine based on a result of the manipulating.

(Cancelled) 

4.	(Previously Presented) The method of Claim 2 further comprising:
deploying one or more patches to correct the unexpected behavior of the given computer routine.

5.	(Previously Presented) The method of Claim 2 further comprising:
analyzing at least one corresponding sequence of computer routines of the set of computer routines.

6.	(Previously Presented) The method of Claim 2 wherein the given computer routine includes at least one of:
a function; and
a system call.

7.	(Previously Presented) The method of Claim 2 wherein manipulating the given computer routine further comprises at least one of:
modifying data associated with the given computer routine, the data exceeding a corresponding buffer size; and 
modifying values that are declared in memory regions associated with the given computer routine.

8.	(Previously Presented) The method of Claim 2, wherein determining the unexpected behavior of 
determining that a control flow of a given thread associated with the given computer routine has changed as a result of the manipulation;
determining a failure condition that caused the thread to change its control flow; and
displaying the failure condition.

9.	(Previously Presented) The method of Claim 2, wherein, for a function of the given computer
routine, the testing technique provides at least one of invalid, unexpected, and random data to at least
one of an input of the function, logic within the function, and an output of the function.

10.	(Previously Presented) The method of Claim 2, wherein, for a system call of the given computer
routine, the testing technique provides at least one of invalid, unexpected, and random data to a system
call parameter associated with the system call.

11.	(Previously Presented) The method of Claim 10, wherein the system call parameter is associated
with at least one of: thread synchronization, process synchronization, thread scheduling, process scheduling, memory, memory allocation, memory de-allocation, memory writing, memory reading, a network socket, creation of a network socket, network socket input, network socket output, pipe creation, system input, system output, shared memory fifo creation, a terminal input, a terminal output, file handling, file creation, file writing, file reading, disk input, and disk output.

12.	(Currently Amended) A system for determining unexpected behavior of a computer routine, the
system comprising:
a processor; and
a memory with computer code instructions stored thereon, the processor and the memory, with
the computer code instructions, being configured to cause the system to:
analyze a set of computer routines to identify a given computer routine of the set of computer routines having a vulnerability to unexpected behavior wherein, the identifying includes[[ing]] determining functions and system call sequences used by each thread associated with the set of computer routines to map run time control flow of the set of computer routines and the analysis includes at least one of: (i) performing a simulation to cause at least one failure condition and observing response of at least one computer routine of the set of computer routines to the simulation, (ii) extracting a histogram including a frequency of usage associated with the set of computer routines, (iii) determining size of one or more buffer read or write computer operations associated with the set of computer routines, (iv) determining size of one or more corresponding stacks associated with the set of computer routines, (v) determining size of one or more memory read or write operations based upon examining a corresponding loop size, and (vi) performing a taint analysis of one or more computer routine of the set;
manipulate the given computer routine using a testing technique; and
determine unexpected behavior of the given computer routine based on a result of the manipulating.

13.	(Cancelled) 

14.	(Previously Presented) The system of Claim 12 wherein the processor and the memory, with the
computer code instructions, are further configured to cause the system to: deploy one or more patches to correct the unexpected behavior of the given computer routine.

15.	(Previously Presented) The system of Claim 12 wherein the processor and the memory, with the
computer code instructions, are further configured to cause the system to: analyze at least one corresponding sequence of computer routines of the set of computer routines.

16.	(Previously Presented) The system of Claim 12 wherein the given computer routine includes at
least one of:
a function; and
a system call.

17.	(Previously Presented) The system of Claim 12 where, in manipulating the given computer
routine, the processor and the memory, with the computer code instructions, are further configured to cause the system to:
modify data associated with the given computer routine, the data exceeding a corresponding buffer size; and 
modify values that are declared in memory regions associated with the given computer routine.


of the given computer routine, the processor and the memory, with the computer code instructions, are further configured to cause the system to:
determine that a control flow of a given thread associated with the given computer routine has changed as a result of the manipulation;
determine a failure condition that caused the thread to change its control flow; and
display the failure condition.

19.	(Previously Presented) The system of Claim 12, wherein, for a function of the given computer
routine, the testing technique provides at least one of invalid, unexpected, and random data to at least one of an input of the function, logic within the function, and an output of the function.

20.	(Previously Presented) The system of Claim 12, wherein, for a system call of the given computer
routine, the testing technique provides at least one of invalid, unexpected, and random data to a system call parameter associated with the system call.

21.	(Currently Amended) A non-transitory computer program product for determining unexpected
behavior of a computer routine, the computer program product comprising a computer-readable medium with computer code instructions stored thereon, the computer code instructions being configured, when executed by a processor, to cause an apparatus associated with the processor to:
analyze a set of computer routines to identify a given computer routine of the set of computer
routines having a vulnerability to unexpected behavior wherein, the identifying includes[[ing]] determining functions and system call sequences used by each thread associated with the set of computer routines to map run time control flow of the set of computer routines and the analysis includes at least one of: (i) performing a simulation to cause at least one failure condition and observing response of at least one computer routine of the set of computer routines to the simulation, (ii) extracting a histogram including a frequency of usage associated with the set of computer routines, (iii) determining size of one or more buffer read or write computer operations associated with the set of computer routines, (iv) determining size of one or more corresponding stacks associated with the set of computer routines, (v) determining size of one or more memory read or write operations based upon examining a corresponding loop size, and (vi) performing a taint analysis of one or more computer routine of the set;

determine unexpected behavior of the given computer routine based on a result of the manipulating.

Information Disclosure Statement
3.	The information disclosure statement (IDS) submitted on 06/25/2021, 07/02/2021, and 07/12/2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
4.	Applicant’s arguments with respect to the rejection of the pending claims over prior arts of record have been fully considered and are persuasive.  

Allowable Subject Matter
2.	Claims 2, 4-12, and 14-21 are allowed over the Prior Art of record.
3.        The following is an examiner’s statement of reasons for allowance:
The best prior art of record found to record are Fanning (U.S. No. 2009/0144698 A1), Keromytis (US No. 2010/0153785 A1) and Addala (US No. 2013/0086020 A1) which teach the claimed invention however fails to disclose the limitations of analysis includes at least one of: (i) performing a simulation to cause at least one failure condition and observing response of at least one computer routine of the set of computer routines to the simulation, (ii) extracting a histogram including a frequency of usage associated with the set of computer routines, (iii) determining size of one or more buffer read or write computer operations associated with the set of computer routines, (iv) determining size of one or more corresponding stacks associated with the set of computer routines, (v) determining size of one or more memory read or write operations based upon examining a corresponding loop size, and (vi) performing a taint analysis of one or more computer routine of the set that the instant method and system uses as claimed in independent claims 2, 12, and 21.  
Hence the prior art of record fails to teach the invention as set forth in claims 2, 4-12, and 14-21 and Examiner cannot find specific teaching of the invention, nor reasons within the cited art to combine the elements of these references other than applicant's own reasoning.  
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to jeffrey c pwu whose telephone number is (571)272-6798.  The examiner can normally be reached on 8-4.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached on 5712726798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMUEL AMBAYE/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433