Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/20/2021 has been entered.
	- Claims 1-5, 7, 9-13, 15 and 17-20 are allowed.
- Claims 6, 8, 14 and 16 are cancelled.

Allowable Subject Matter
 	The following is an Examiner's statement of reasons for allowance:
- Following a telephonic interview held on 8/6/2021, Applicant’s representative Mr. Zhan John Cao authorized the Examiner’s amendment presented below in order to place the application in condition for allowance.
- The IDS documents filed on 7/13/2021 and 8/10/2021 have been considered. 
- In view of Examiner’s amendment presented below, the closest identified prior art of record including Phan, Artzi, Patil and Zhao alone or in combination, do not teach or suggest all the features of independent claim 1 as amended. The terms “grey box fuzzing” 
- In view of the above, independent claim 1 is deemed allowable. Claims 9 and 17 recite features similar to those recited in claim 1 and are therefore allowable for similar reasons. Claims 2-5, 7, 10-13, 15 and 18-21 depend on one of claims 1, 9 and 17 and are therefore allowable by virtue of their dependency.
 	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Examiner’s Amendment
 	The Examiner’s amendment presented below was authorized by Ms. Zhan John Cao following a telephonic interview held on 8/6/2021.
Please amend the claims as follows:
(Currently Amended) A computer-implemented method for evaluating vulnerability of program code, the method comprising:
receiving an intermediate result generated by a compiler based on source code, wherein the intermediate result includes one or more vulnerability indicators indicating one or more lines of the source code being potentially vulnerable; 
performing a grey box fuzzing process on a first executable code generated from the intermediate result to generate a first set of seed inputs;
calculating a vulnerability score for each of the seed inputs of the first set based 
one or more vulnerability indicators for the lines of the source code reachable but has not been explored by the grey box fuzzing process, wherein at least one of the one or more vulnerability indicators comprises an exception throw and catch (throw/catch) block inserted by the compiler, which when an associated line of source code violates a safety rule during execution, an exception is thrown and caught by an operating system;
identifying a plurality of basic blocks of code from the intermediate result;
for each of the basic blocks, determining a number of vulnerability indicators within the basic block; 
 	generating a mapping table that maps a block identifier (ID) of each basic block to 
the number of vulnerability indicators associated with the basic block, wherein the mapping table is utilized to calculate the vulnerability scores;
selecting one of the seed inputs in the first set having a highest vulnerability score; and
performing a concolic execution using the selected seed input as a priority, the concolic execution being performed on a second executable code generated from the intermediate result to generate a second set of seed inputs.

(Currently Amended) The method of claim 1, wherein the concolic executions generate [[a]] the second set of seed inputs from seed inputs that caused a program flow control of the concolic execution to explore one or more branches of the source code not explored by the grey box fuzzing process.

(Currently Amended) The method of claim 2, further comprising adding the second set of seed inputs to the first set of seed inputs, such that 

(Currently Amended) The method of claim 1, wherein calculating [[a]] the vulnerability score for each of the seed inputs of the first set comprises:
identifying a program control flow that has been explored by the grey box fuzzing process corresponding to the seed input; and
calculating the vulnerability score for the seed input based on a number of vulnerability indicators reachable by the program control flow but that have not been explored by the grey box fuzzing process.

(Original) The method of claim 1, wherein selecting one of the seed inputs in the first set having a highest vulnerability score comprises ordering the seed inputs of the first set based on their respective vulnerability scores to prioritize concolic executions for the first set of seed inputs.

(Canceled) 

(Currently Amended) The method of claim [[6]] 1, wherein calculating [[a]] the vulnerability score for each of the seed inputs of the first set comprises:
building a program control flow graph (CFG) based on a program control flow of the intermediate result corresponding to the seed input; and
summing the number of vulnerability indicators of all basic blocks reachable but unexplored by the program CFG to represent the vulnerability score for the seed input, wherein the summing comprises performing a lookup operation in the mapping table to determine a number of vulnerability indicators associated with the basic block.

(Canceled) 

(Currently Amended) A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations, the operations comprising:
receiving an intermediate result generated by a compiler based on source code, wherein the intermediate result includes one or more vulnerability indicators indicating one or more lines of the source code being potentially vulnerable; 
performing a grey box fuzzing process on a first executable code generated from the intermediate result to generate a first set of seed inputs;
calculating  a vulnerability score for each of the seed inputs of the first set based on the one or more vulnerability indicators for the lines of the source code reachable but has not been explored by the grey box fuzzing process, wherein at least one of the one or more vulnerability indicators comprises an exception throw and catch (throw/catch) block inserted by the compiler, which when an associated line of source code violates a safety rule during execution, an exception is thrown and caught by an operating system;
identifying a plurality of basic blocks of code from the intermediate result;
for each of the basic blocks, determining a number of vulnerability indicators within the basic block; 
generating a mapping table that maps a block identifier (ID) of each basic block to 
the number of vulnerability indicators associated with the basic block, wherein the mapping table is utilized to calculate the vulnerability scores;
selecting one of the seed inputs in the first set having a highest vulnerability score; and
performing a concolic execution using the selected seed input as a priority, the concolic execution being performed on a second executable code generated from the intermediate result to generate a second set of seed inputs..

(Currently Amended) The non-transitory machine-readable medium of claim 9, wherein the concolic executions generate [[a]] the second set of seed inputs from seed inputs that caused a program flow control of the concolic execution to explore one or more branches of the source code not explored by the grey box fuzzing process.

(Currently Amended) The non-transitory machine-readable medium of claim 10, wherein the operations further comprise adding the second set of seed inputs to the first set of seed inputs, such that 

(Currently Amended) The non-transitory machine-readable medium of claim 9, wherein calculating [[a]] the vulnerability score for each of the seed inputs of the first set comprises:
identifying a program control flow that has been explored by the grey box fuzzing process corresponding to the seed input; and
calculating the vulnerability score for the seed input based on a number of vulnerability indicators reachable by the program control flow but that have not been explored by the grey box fuzzing process.

(Original) The non-transitory machine-readable medium of claim 9, wherein selecting one of the seed inputs in the first set having a highest vulnerability score comprises ordering the seed inputs of the first set based on their respective vulnerability scores to prioritize concolic executions for the first set of seed inputs.

(Canceled) 

(Currently Amended) The non-transitory machine-readable medium of claim [[14]] 9, wherein calculating [[a]] the vulnerability score for each of the seed inputs of the first set comprises:
building a program control flow graph (CFG) based on a program control flow of the intermediate result corresponding to the seed input; and
summing the number of vulnerability indicators of all basic blocks reachable but unexplored by the program CFG to represent the vulnerability score for the seed input, wherein the summing comprises performing a lookup operation in the mapping table to determine a number of vulnerability indicators associated with the basic block.

(Canceled) 

(Currently Amended) A data processing system, comprising:
a processor; and
a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations, the operations including
receiving an intermediate result generated by a compiler based on source code, wherein the intermediate result includes one or more vulnerability indicators indicating one or more lines of the source code being potentially vulnerable; 
performing a grey box fuzzing process on a first executable code generated from the intermediate result to generate a first set of seed inputs;
calculating  a vulnerability score for each of the seed inputs of the first set based on the one or more vulnerability indicators for the lines of the source code reachable but has not been explored by the grey box fuzzing process, wherein at least one of the one or more vulnerability indicators comprises an exception throw and catch (throw/catch) block inserted by the compiler, which when an associated line of source code violates a safety rule during execution, an exception is thrown and caught by an operating system;
identifying a plurality of basic blocks of code from the intermediate result;
for each of the basic blocks, determining a number of vulnerability indicators within the basic block; 
generating a mapping table that maps a block identifier (ID) of each basic block to 
the number of vulnerability indicators associated with the basic block, wherein the mapping table is utilized to calculate the vulnerability scores;
selecting one of the seed inputs in the first set having a highest vulnerability score; and
performing a concolic execution using the selected seed input as a priority, the concolic execution being performed on a second executable code generated from the intermediate result to generate a second set of seed inputs.

(Currently Amended) The system of claim 17, wherein the concolic executions generate [[a]] the second set of seed inputs from seed inputs that caused a program flow control of the concolic execution to explore one or more branches of the source code not explored by the grey box fuzzing process.

(Currently Amended) The system of claim 18, wherein the operations further comprise adding the second set of seed inputs to the first set of seed inputs, such that 

(Currently Amended) The system of claim 17, wherein calculating [[a]] the vulnerability score for each of the seed inputs of the first set comprises:
identifying a program control flow that has been explored by the grey box fuzzing process corresponding to the seed input; and
calculating the vulnerability score for the seed input based on a number of vulnerability indicators reachable by the program control flow but that have not been explored by the grey box fuzzing process.

(Original) The system of claim 17, wherein selecting one of the seed inputs in the first set having a highest vulnerability score comprises ordering the seed inputs of the first set based on their respective vulnerability scores to prioritize concolic executions for the first set of seed inputs.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434