DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment/Argument
This office action is in response to the amendment/argument filed on 02/01/2022.  
Claims 1-20 are presented for further examination. 
Applicant argues that US 20210120638 is not a prior art because marker region is not explicitly disclosed in the provisional application No. 63065840, to which the prior art US 20210120638 claims the benefit of priority under 35 U.S.C. § 119. The examiner disagrees and submits that the marker region is not recited in any of the claims. However, to make the record clear, the examiner agrees to cite the provisional application No. 63065840 whenever it is necessary. 
Upon further search, the Examiner has identified US 2016/0092702 and 2019/0227951 that also teach the claimed features. Accordingly, a new ground of rejection has been made over US 2016/0092702 and 2019/0227951 in current office action, which is made non-final.  
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Claim Rejections - 35 USC § 103
In the event a determination of the status of the application as subject to AIA  35 U.S.C. 102, 103, and 112 (or as subject to pre-AIA  35 U.S.C. 102, 103, and 112) is incorrect, any correction of the statutory basis for a rejection will not be considered a new ground of rejection if the prior art relied upon and/or the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-6, 10-13, and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Durham et al. (US 2016/0092702; hereinafter Durham-702) in view of Durham et al. (US 2019/0227951; hereinafter Durham-951).
Regarding independent claim 1, Durham-702 teaches a method comprising: receiving a plurality of requests to allocate memory, the plurality of requests comprising a first request and a second request (claim 1, a processor comprising address encoding logic to encode an indirect address during execution of a computer program and on a memory allocation operation that allocates memory and returns the indirect address; [0039], In FIG. 3A, the method 302 begins in response to a call for memory allocation from calling code (e.g., the privileged system component 142 or the user space application 134); [0028], at least one user space application 134; Upon the broadest reasonable interpretation, multiple user space applications may issue requests (e.g., a first request, a second request) to allocate memory);
identifying a chunk of memory (claim 1, a processor {a processing device} comprising address encoding logic to encode an indirect address during execution of a computer program and on a memory allocation operation that allocates memory {a chunk of memory} and returns the indirect address, wherein the indirect address comprises a plurality of unused bits and a plurality of used bits, and wherein the used bits are to store data indicative of a memory location of the allocated memory {identifying a chunk of memory});
Durham-702 does not explicitly teach a plurality of pointers to same chunk of memory. In an analogous art of memory protection, Durham-951 teaches generating, by a processing device, a plurality of pointers to the chunk of memory, the plurality of pointers comprising a first pointer and a second pointer (
[0035],  to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {chunk of memory}, and then provide software with a pointer value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer {e.g., first pointer or second pointer} (non-canonical bits of the linear address) with the metadata tag value stored in hidden memory for the specified memory location (linear address); 
[0039], If a software bug/vulnerability causes a freed pointer {a first pointer for a first request} to be used to access newly allocated memory {referenced by a second pointer for a second request} for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault; [0045], Some of the attacks 410 may include attempting to override a pointer …use a freed pointer to access a new object;
Upon the broadest reasonable interpretation, a plurality of pointers (e.g., a freed pointer and a new pointer for newly allocated memory) point to same chunk of memory in use-after-free bug/vulnerability).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of Durham-702 and Durham-951 was made, with the above teachings before them, to monitor and detect a plurality of pointers (e.g., a freed pointer and a new pointer for newly allocated memory) point to same chunk of memory in use-after-free bug/vulnerability caused by a chunk of memory that is allocated to a pointer and subsequently allocated to a second pointer after the memory has been freed.
The combination of Durham-702 and Durham-951 further teaches
providing the first pointer responsive to the first request and the second pointer responsive to the second request (Durham-702, [0022], On (or during) a memory allocation operation (e.g., a “malloc”), memory allocation logic 146 allocates a range of memory for a buffer {a chunk of memory} and returns the indirect address 114 and the metadata (e.g., range and/or permission metadata); Durham-951, [0045], Some of the attacks 410 may include attempting to override a pointer …use a freed pointer to access a new object); and 
updating, by the processing device, pointer validation data after providing the second pointer (Durham-951, [0064], The malloc routine will identify a freed block of memory, set the meta-data tags to a value corresponding to the pointer's virtual address identification tag returning this pointer to the caller. Malloc can access and set the hidden tag meta-data {pointer validation data} by using the LoadTag and StoreTag instructions. Similarly, when freeing allocated memory via the free routine, the memory manager may access the memory tag location for the size of the freed memory, setting the hidden tag meta-data to another value {updating pointer validation data} to prevent use-after-free of the previous pointer identification tags, thus, preventing use-after-free exploits;
Durham-702, [0022], The memory allocation logic 146 initiates the address encoding logic 152. The address encoding logic 152 includes range rule logic 154 and address adjustment logic 156, which encode the indirect address 114 with the metadata (e.g., range and/or permission metadata) and an “adjustment,” as described below. The address encoding logic 152 stores the metadata in an unused portion of the indirect address 114 (e.g., non-canonical bits of a 64-bit address); [0046], Other data values that may be used as tweaks include: … permission information encoded in the metadata, and/or version number {pointer validation data} (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register); [0040], In FIG. 3B, the method 320 begins in response to the output of an encoded indirect address at block 424 the method 400. In block 322, the computing device 100 returns the encoded version of the indirect address (e.g., the encoded address 206) to the calling code that initiated the memory allocation in block 310 of FIG. 3A. In block 324, the calling code uses the encoded indirect address to access the allocated memory (e.g., buffer). In doing so, the calling code may alter or modify the encoded indirect address by, for example, performing arithmetic operations on the encoded indirect address. Thus, a subsequent read or write operation of the calling code may trigger the execution of the method of FIG. 5, described below);
wherein the pointer validation data indicates at least one of the plurality of pointers is valid and at least one of the plurality of pointers is invalid (
Durham-951, [0035],  to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {chunk of memory}, and then provide software with a pointer value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer {first pointer or second pointer} (non-canonical bits of the linear address) with the metadata tag value stored in hidden memory for the specified memory location (linear address)); [0039], If a software bug/vulnerability causes a freed pointer to be used to access newly allocated memory for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault;
Durham-702, [0018], The address metadata can include valid range metadata. The valid range metadata allows executing programs to manipulate the value of the indirect address 114 within a valid range, but will corrupt the indirect address 114 if the memory is accessed using the indirect address 114 beyond the valid range; [0051], when a block of code calls, e.g., malloc, to allocate memory to itself, malloc can return the encrypted address using the calling code's memory block to insure private access to the allocated memory (so long as the allocated memory isn't freed and then reallocated to another code block).
Regarding independent claim 15, Durham-702 teaches a system comprising: a memory; and a processing device communicably coupled to the memory (Fig. 1), the processing device to: … (Claim recites substantially the same limitations as in claim 1, and is therefore rejected for the same reasons set forth in the analysis of claim 1).
Regarding independent claim 18, Durham-702 teaches A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to perform operations (claim 20) comprising: …(Claim recites substantially the same limitations as in claim 1, and is therefore rejected for the same reasons set forth in the analysis of claim 1).
Additionally, Durham-951 teaches determining a physical memory address of a chunk of physical memory (Fig. 5 & [0055], determined by the translation of a virtual address into a physical address via the page tables or extended page tables (EPTs) utilized by a memory management unit to populate virtual to physical address translations via translation lookaside buffers (TLB)); 
generating a plurality of virtual memory addresses that map to the physical memory address, the plurality of virtual memory addresses comprising a first virtual memory address and a second virtual memory address; providing the first virtual memory address responsive to the first request and the second virtual memory address responsive to the second request; providing the first virtual memory address responsive to the first request and the second virtual memory address responsive to the second request ([0063], when memory is first allocated via the malloc function for a certain size, the malloc function will determine the size. It will then return the virtual address with this identification tag to the caller; [0064], The malloc routine will identify a freed block of memory, set the meta-data tags to a value corresponding to the pointer's virtual address identification tag returning this pointer to the caller;
[0039], If a software bug/vulnerability causes a freed pointer {a first virtual address} to be used to access newly allocated memory {associated with a second virtual address} for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault; [0045], Some of the attacks 410 may include attempting to override a pointer …use a freed pointer to access a new object;
Upon the broadest reasonable interpretation, a plurality of virtual memory addresses (e.g., a freed virtual memory address and a new virtual memory address for newly allocated memory) point to same chunk of physical memory address in use-after-free bug/vulnerability); 
receiving a request to deallocate the chunk of physical memory, wherein the request to deallocate comprises the first virtual memory address; detecting, in view of pointer validation data, use of the first virtual memory address after the request to deallocate; and performing an action in response to the detecting ([0035], to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {physical memory address}, and then provide software {e.g., first request, second request} with a pointer {e.g., first virtual memory address, second virtual memory address} value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer (non-canonical bits of the linear address) with the metadata tag value {pointer validation data} stored in hidden memory for the specified memory location (linear address); [0037], There is then a determination whether the stored tag value (of the stored cacheline with tag metadata 330) matches the color tag value in the linear address 312. If not, then an error is indicated with the faulting address 314; [0039], If a software bug/vulnerability causes a freed pointer to be used to access newly allocated memory for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault).
Regarding claim(s) 2, The combination of Durham-702 and Durham-951 further teaches wherein the chunk of memory comprises a chunk of physical memory at a specific physical memory address (Durham-951, Fig. 5 & [0055]) and wherein the plurality of pointers comprise different virtual memory addresses that are mapped to the specific physical memory address (Durham-951, [0063]-[0064).  
Regarding claim(s) 3, The combination of Durham-702 and Durham-951 further teaches receiving, from a first thread, the first request to allocate memory and a first request to deallocate the memory, wherein the first request to deallocate the memory comprises the first pointer; receiving, from a second thread, the second request to allocate memory, wherein the second pointer that is provided responsive to the second request is mapped to a same location in the memory as the first pointer; receiving, from the first thread, a second request to deallocate the memory, wherein the second request to deallocate the memory comprises the first pointer; detecting an attempt to double deallocate the memory using the first pointer; and performing an action in response to the detecting (Durham-951, [0035],  to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {chunk of memory}, and then provide software with a pointer value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer {first pointer or second pointer} (non-canonical bits of the linear address) with the metadata tag value stored in hidden memory for the specified memory location (linear address)); [0039], If a software bug/vulnerability causes a freed pointer to be used to access newly allocated memory for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault).  
Regarding claim(s) 4 and 16, The combination of Durham-702 and Durham-951 further teaches wherein generating the plurality of pointers to the chunk of memory comprises generating the plurality of pointers after identifying the chunk of memory and prior to receiving the second request (Durham-702, claim 1, a processor {a processing device} comprising address encoding logic to encode an indirect address during execution of a computer program and on a memory allocation operation that allocates memory {a chunk of memory} and returns the indirect address, wherein the indirect address comprises a plurality of unused bits and a plurality of used bits, and wherein the used bits are to store data indicative of a memory location of the allocated memory {identifying a chunk of memory};
[0022], On (or during) a memory allocation operation (e.g., a “malloc”), memory allocation logic 146 allocates a range of memory for a buffer {a chunk of memory} and returns the indirect address 114 and the metadata (e.g., range and/or permission metadata); [0046], Other data values that may be used as tweaks include: … permission information encoded in the metadata, and/or version number {pointer validation data} (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register);
Durham-951, [0063], when memory is first allocated via the malloc function for a certain size, the malloc function will determine the size. It will then return the virtual address with this identification tag to the caller; [0064], The malloc routine will identify a freed block of memory, set the meta-data tags to a value corresponding to the pointer's virtual address identification tag returning this pointer to the caller).  
Regarding claim(s) 5, The combination of Durham-702 and Durham-951 further teaches selecting a pointer from the plurality of pointers in response to each request of the plurality of requests; and updating pointer validation data based on the selected pointer (Durham-702, [0022], On (or during) a memory allocation operation (e.g., a “malloc”), memory allocation logic 146 allocates a range of memory for a buffer {a chunk of memory} and returns the indirect address 114 and the metadata (e.g., range and/or permission metadata); [0046], Other data values that may be used as tweaks include: … permission information encoded in the metadata, and/or version number {pointer validation data} (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register).  
Regarding claim(s) 6 and 17, The combination of Durham-702 and Durham-951 further teaches wherein generating the plurality of pointers to the chunk of physical memory comprises generating the first pointer responsive to the first request and generating the second pointer responsive to the second request (Durham-951, [0039], If a software bug/vulnerability causes a freed pointer {a first pointer for a first request} to be used to access newly allocated memory {associated with a second pointer for a second request} for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault; [0045], Some of the attacks 410 may include attempting to override a pointer …use a freed pointer to access a new object).  
Regarding claim(s) 10, The combination of Durham-702 and Durham-951 further teaches storing the pointer validation data as a memory tag adjacent to the memory pointed to by the plurality of pointers, wherein the pointer validation data is used to validate the second pointer and comprises one of a boolean value, a counter value, an offset value, or an address value (
Durham-951, [0035],  to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {chunk of memory}, and then provide software with a pointer value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer (non-canonical bits of the linear address) with the metadata tag value stored in hidden memory {pointer validation data as a memory tag adjacent to the memory pointed to by the plurality of pointers} for the specified memory location (linear address); 
Durham-702, [0022], The memory allocation logic 146 initiates the address encoding logic 152. The address encoding logic 152 includes range rule logic 154 and address adjustment logic 156, which encode the indirect address 114 with the metadata (e.g., range and/or permission metadata) and an “adjustment,” as described below. The address encoding logic 152 stores the metadata in an unused portion of the indirect address 114 (e.g., non-canonical bits of a 64-bit address); [0046], Other data values that may be used as tweaks include: data stored in the unused bits of the indirect address, the upper limit on the buffer size, an exponent of a two's power boundary selected as the upper limit on the buffer size, an adjustment value applied to the two's power boundary, a code block identifier, instruction pointer data, permission information encoded in the metadata, and/or version number (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register)).  
Regarding claim(s) 11 and 20, The combination of Durham-702 and Durham-951 further teaches storing the pointer validation data in a data structure associated with the chunk of memory, wherein the data structure is stored in a heap of a computing process that initiated the plurality of requests and further comprises a size of the chunk, a physical memory address of the chunk, and a plurality of virtual memory addresses corresponding to the plurality of pointers (Durham-951, [0028], the metadata 140 is inserted as hidden inline metadata within the one or more cachelines 135. The metadata 140 is hidden at the linear address/virtual address level as memory is seen by software, but the metadata 140 is present and visible to the physical hardware and privileged software for the purposes such as memory tagging (such as tag compare with pointer tag value in linear address), capabilities (such as data structure length and permissions), and/or fine grain memory access control;
Durham-702, [0046], Other data values that may be used as tweaks include: data stored in the unused bits of the indirect address, the upper limit on the buffer size, an exponent of a two's power boundary selected as the upper limit on the buffer size, an adjustment value applied to the two's power boundary, a code block identifier, instruction pointer data, permission information encoded in the metadata, and/or version number (useful when reassigning/revoking pointers that were previously assigned to a program, version may be maintained by the processor in a register)).  
Regarding claim(s) 12, The combination of Durham-702 and Durham-951 further teaches detecting use of the first pointer after a deallocation of the chunk, wherein the detecting comprises: receiving a deallocation request to deallocate the memory, wherein the deallocation request comprises the first pointer that points to the chunk of memory; accessing the pointer validation data associated with the chunk of memory; and determining the first pointer is invalid in view of the pointer validation data (Durham-951, [0035],  to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {chunk of memory}, and then provide software with a pointer value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer {e.g., first pointer or second pointer} (non-canonical bits of the linear address) with the metadata tag value stored in hidden memory for the specified memory location (linear address); 
[0039], If a software bug/vulnerability causes a freed pointer {a first pointer for a first request} to be used to access newly allocated memory {associated with a second pointer for a second request} for another part of the program, when the newly stored tag values don't match the tag value in the freed pointer, then the processor will signal an error/exception/fault; [0045], Some of the attacks 410 may include attempting to override a pointer …use a freed pointer to access a new object).  
Regarding claim(s) 13, Durham-951 further teaches wherein determining the first pointer is invalid comprises: determining that the pointer validation data indicates an offset is in use; and detecting that the first pointer is absent the offset (
[0035],  to detect use-after-free exploits, a memory allocation routine (e.g., malloc) is to set the authorized memory tag(s) (StoreTag) for the allocated memory location(s) {chunk of memory}, and then provide software with a pointer value containing the matching tag value (color) addressing the allocated memory buffer. When the software executes and causes the allocated memory to be loaded (e.g., into a processor register or GPR) or stored to memory, the processor will first compare the tag value in the pointer (non-canonical bits of the linear address) with the metadata tag value stored in hidden memory {offset is in use} for the specified memory location (linear address); [0038], If there is a match 312, then memory access is allowed 316… The actual data location may be calculated based on the page offset 301;
[0039], If a software bug/vulnerability causes a freed pointer to be used to access newly allocated memory for another part of the program, when the newly stored tag values {offset in use} don't match the tag value in the freed pointer {the first pointer is absent the offset}, then the processor will signal an error/exception/fault; [0045], Some of the attacks 410 may include attempting to override a pointer …use a freed pointer to access a new object).
Regarding claim(s) 14, Durham-951 further teaches wherein determining the first pointer is invalid comprises: deriving a virtual memory address from the pointer validation data; and comparing the derived virtual memory address with the virtual memory address of the first pointer ([0037], There is then a determination whether the stored tag value (of the stored cacheline with tag metadata 330) matches the color tag value in the linear address 312. If not, then an error is indicated with the faulting address 314; [0039], If a software bug/vulnerability causes a freed pointer to be used to access newly allocated memory for another part of the program, when the newly stored tag values {derived virtual memory address} don't match the tag value in the freed pointer {virtual memory address of the first pointer}, then the processor will signal an error/exception/fault).
Allowable Subject Matter
Claims 7-9 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The prior arts of record, alone or in combination, do not teach following feature:
determining a count of an allocation request of the plurality of requests, wherein the count indicates whether the allocation request is an even request or an odd request; identifying a virtual memory address that is available; responsive to the even request, generating a pointer that comprises the virtual memory address; and responsive to the odd request, generating a pointer that comprises a combination of the virtual memory address and an offset, required in claim 7;
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRACY C. CHAN whose telephone number is (571) 272-9992.  The examiner can normally be reached on Monday - Friday 9 AM to 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TIM VO can be reached on (571) 272-3642.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TRACY C CHAN/            Primary Examiner, Art Unit 2138