Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending in this office action.
Terminal Disclaimer
The terminal disclaimer filed on 12/15/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of 10,545,745 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Joseph C. Drish Reg.No. 66,198 on 12/14/2021.

Listing of claims:
The following claims will replace all previous claims:
1. (Currently amended) A method, comprising:
determining unused first instructions in a target application binary; 
rewriting the target application binary to reduce binary attack surface area for a runtime execution of the target application binary, comprising performing a first rewriting unused first instructions to remove the unused first instructions;
 wherein the first rewriting is  by performing a first dynamic rewriting of an original version of the target application binary residing in a volatile main memory during the runtime execution 
wherein the first dynamic rewriting of the original version of the target application binary during the runtime execution to remove the unused first instructions is performed on the original version of the target application binary residing in the volatile main memory, by rewriting, using a tracing or debugging program to remove the unused first instructions following identifying, by the tracing or debugging program, the unused first instructions for removal, the original version of the target application binary residing in the volatile main memory, in response to the target application binary being loaded into the volatile main memory before executing binary; and 
determining no longer used second instructions in the target application binary;
wherein rewriting the target application binary further comprises performing a second rewriting of the target application binary after the first rewriting to further reduce the binary attack surface area of the target application binary, the second rewriting comprising overwriting and removing the no longer used second instructions the tracing or debugging program 

2. (Currently amended) The method of claim 1, wherein: determining the no longer used second instructions in the target application binary comprises monitoring the target application binary during the runtime execution to determine the no longer used second instructions to remove from [[the]] a set of runtime instructions; and 
the second rewriting of the target application binary comprises a second dynamic rewriting of the target application binary residing in the volatile main memory during the runtime execution to overwrite the no longer used second instructions.

3. (Currently amended) The method of claim 1, further comprising profiling the target application binary to determine the unused first instructions, comprising: tracing the target application binary during an execution of the target application binary to create a control flow graph of the target application binary, the control flow graph describing a sequence of operation of an unmodified version of the target application binary; processing, using one or more algorithms, the control flow graph to identify all nodes that belong in loops; and recording all basic blocks that are at beginnings of the loops.
4. (Original) The method of claim 3, wherein the performing the first rewriting of the target application binary further comprises: overwriting instructions in all basic blocks not in the control flow graph with no operation instructions or trap instructions.

5. (Currently amended) The method of claim 2, wherein monitoring the target application binary during the runtime execution to determine the no longer used second the runtime execution of the target application binary reaching recorded basic blocks at beginning of loops, identifying basic block candidates for elimination as all basic blocks not reachable from a current recorded basic block.

6. (Currently amended) The method of claim 5, wherein monitoring the target application binary during the runtime execution to determine the no longer used second instructions further comprises: executing the target application binary; determining whether the recorded basic blocks are reached or not reached; and performing the identifying basic block candidates in response to a determination that the recorded basic blocks are reached or not reached.

7. (Currently amended) The method of claim 6, wherein: the recorded basic blocks are reached further comprises setting trap instructions or breakpoints on the recorded basic blocks and determining whether the recorded basic blocks are reached in response to the trap instructions or breakpoints being reached; and the no longer used second instructions comprise the basic blocks that are not reached.

8. (Currently amended) The method of claim 5, wherein the second dynamic rewriting of the target application binary during the runtime execution to remove the no longer used second instructions further comprises:


9. (Currently amended) The method of claim 1, further comprising performing the following during a subsequent runtime execution of the volatile main memory, following the first rewriting or the second rewriting to handle replacement of instructions falsely identified as the unused first instructions or the no longer used second instructions:
catching an exception caused by a trap instruction indicating one or more removed instructions of the target application binary volatile main memory are to be executed; replacing the one or more removed instructions of the target application binary volatile main memory that resulted in the caught exception caused by the trap instruction with one or more corresponding instructions from a version of the target application binary residing in a secondary memory; and resuming program execution from the replaced one or more instructions of the target application binary volatile main memory. 
10. (Original) The method of claim 9, wherein replacing the instruction replaces multiple instructions in a basic block, wherein the basic block was previously overwritten by the instruction that resulted in the caught exception and was overwritten by other instructions. 

11. (Currently amended) The method of claim 2, wherein the second dynamic rewriting of the target application binary during the runtime execution to remove the no longer used second instructions further comprises: determining during the runtime execution, loops in the target application binary; and for loops not reachable from a current loop being executed, overwriting the loops that are not reachable from a current loop being executed with no operation instructions or trap instructions.

12. (Currently amended) A computer system, comprising:
 one or more non-transitory memories comprising computer readable code; and
one or more processors, the one or more processors causing the computer system, in response to retrieval from the one or more memories and execution of the computer readable code, to perform operations comprising:
determining unused first instructions in a target application binary; 
rewriting the target application binary to reduce binary attack surface area for a runtime execution of the target application binary, comprising performing a first rewriting of the target application binary to overwrite the unused first instructions to remove the unused first instructions; 
wherein the first rewriting is performed by performing a first dynamic rewriting of an original version of the target application binary residing in a volatile main memory during the runtime execution of the target application binary to reduce the binary attack surface area of the target application binary;
wherein the first dynamic rewriting of the original version of the target application binary to remove the unused first instructions is performed on the original version of the target application binary residing in the volatile main memory, by rewriting, using a tracing or debugging program to remove the unused first instructions following binary; and 
determining no longer used second instructions in the target application binary;
wherein rewriting the target application binary further comprises performing a second rewriting of the target application binary after the first rewriting to further reduce the binary attack surface area of the target application binary, the second rewriting comprising overwriting and removing the no longer used second instructions the tracing or debugging program to remove the no longer used second instructions following identifying, by the tracing or debugging program, the no longer used second instructions for removal.

13. (Currently amended) The computer system of claim 12, wherein: 
determining the no longer used second instructions in the target application binary comprises monitoring the target application binary during the runtime execution to determine the no longer used second instructions to remove a set of runtime instructions; and 
the second rewriting of the target application binary comprises a second dynamic  rewriting of the target application binary residing in the volatile main memory during the runtime execution to overwrite the no longer used second instructions. 

the unused first instructions, comprising: 
tracing the target application binary during an execution of the target application binary to create a control flow graph of the target application binary, the control flow graph describing a sequence of operations of an unmodified version of the target application binary;
processing, using one or more algorithms, the control flow graph to identify all nodes that belong in loops; and
recording all basic blocks that are at beginnings of the loops. 

15. (Currently amended) The computer system of claim 13, wherein the second dynamic rewriting of the target application binary no longer used second instructions further comprises:
determining during the runtime execution loops in the target application binary; and for loops not reachable from a current loop being executed, overwriting the loops that are not reachable from a current loop being executed with no operation instructions or trap instructions. 

16. (Currently amended) A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer system to cause the computer system to perform operations comprising: 

rewriting the target application binary to reduce binary attack surface area for a runtime execution of the target application binary, comprising performing a first rewriting of the target application binary to overwrite the unused first instructions to remove the unused first instructions; 
wherein the first rewriting is performed by performing a first dynamic rewriting of an original version of the target application binary residing in a volatile main memory during the runtime execution of the target application binary;
wherein the first dynamic rewriting of the original target application binary during the runtime execution to remove the unused first instructions is performed on the original version of the target application binary residing in the volatile main memory, by rewriting the original version of the target application binary residing in the volatile main memory, in response to the target application binary being loaded into the volatile main memory before executing the binary; and 
determining no longer used second instructions in the target application binary;
wherein rewriting the target application binary further comprises performing a second rewriting of the target application binary to overwrite and remove the no longer used second instructions
determining whether unused first instructions or the no longer used second instructions are legitimately needed; and
replacing the unused first instructions or the no longer used second instructions that are legitimately needed but removed within the target application binary. 

17. (Previously presented) The method of claim 1, wherein a version of the target application binary residing in a secondary memory is non-volatile. 

18. (Currently amended) The method of claim 1, wherein the first dynamic rewriting of the target application binary during the runtime execution is performed on the target application binary residing in the volatile main memory without changing the target application binary residing in a secondary memory. 

19. (Currently amended) The method of claim 1, wherein the first dynamic rewriting of the target application binary during the runtime execution is performed on the target application binary residing in the volatile main memory in response to the target application binary being loaded into the volatile main memory by the tracing or debugging program. 

20. (Previously presented) The method of claim 1, wherein:
the unused first instructions comprise:
instructions not invoked by the target application binary during the runtime execution; and
the no longer used second instructions comprise:
instructions that are not in a main execution loop of the target application binary; and 
instructions in the main execution loop that are not accessed again. 

21. (Previously presented) The method of claim 1, wherein determining the no longer used second instructions comprises: 
performing a first execution of the target application binary to create a control flow graph of an unmodified target application binary; 
recording a plurality of basic blocks that are at a respective beginning of a respective loop within the control flow graph to generate a set of recorded basic blocks;
performing a second execution of the target application binary; 
identifying, during the second execution of the target application binary, basic blocks that are not reached from the set of recorded basic blocks; and 
determining the no longer used second instructions to be the identified basic blocks that are not reached from the set of recorded basic blocks. 

22. (Previously presented) The method of claim 1, wherein the first rewriting and the second rewriting do not require source code or recompilation.

Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance: as per independent claim 1, 12 and 16 art of records fail to disclose at least the following:
“…wherein rewriting the target application binary further comprises performing a second rewriting of the target application binary to overwrite and remove the no longer used second instructions; 

replacing the unused first instructions or the no longer used second instructions that are legitimately needed but removed within the target application binary..”. 
 	Art of records fail to disclose an iterative process (first writing, second writing) for removing, replacing and resuming execution of the target application binary, while a legitimacy of removed instruction  still can be replaced or overwritten as needed by the execution of the application binary
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRAHIM BOURZIK whose telephone number is (571)270-7155. The examiner can normally be reached Monday-Friday (8-4:30).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRAHIM BOURZIK/           Examiner, Art Unit 2191 

/WEI Y ZHEN/           Supervisory Patent Examiner, Art Unit 2191