公开(公告)号：US20050188268A1

公开(公告)日：2005-08-25

申请号：US10918786

申请日：2004-08-13

申请人： Chad Verbowski ,  Jiahe Wang ,  John Platt ,  Ruyun Zhang ,  Yu Chen

发明人： Chad Verbowski ,  Jiahe Wang ,  John Platt ,  Ruyun Zhang ,  Yu Chen

IPC分类号： G06F9/445 ,  G06F11/07 ,  H04L12/24 ,  G05B15/00 ,  G06F11/00 ,  G06F11/30 ,  G06F15/00

CPC分类号： H04L41/0869 ,  G06F11/0748 ,  G06F11/079 ,  H04L41/0853 ,  H04L41/16

摘要： A method and system for identifying a configuration parameter of a “sick” computer system that is at fault for causing an undesired behavior based on analysis of configuration parameters from other computer systems is provided. In one embodiment, a troubleshooting system collects “suspect” values for “suspect” configuration parameters used by a “sick” application when the undesired behavior was exhibited by the sick computer system. The troubleshooting system then compares the suspect values to sample values of the suspect configuration parameters retrieved from sample computer systems. The troubleshooting system uses that comparison to identify one or more suspect configuration parameters that are likely at fault for causing the application to exhibit the undesired behavior.

摘要翻译： 提供了一种用于识别“病”计算机系统的配置参数的方法和系统，所述“病”计算机系统基于来自其他计算机系统的配置参数的分析而导致不期望的行为存在故障。 在一个实施例中，故障排除系统在病态计算机系统显示出不期望的行为时收集由“病”应用使用的“可疑”配置参数的“可疑”值。 然后，故障排除系统将可疑值与从示例计算机系统检索到的可疑配置参数的采样值进行比较。 故障排除系统使用该比较来识别可能出现故障的一个或多个可疑配置参数，导致应用程序显示不期望的行为。

公开(公告)号：US20070300103A1

公开(公告)日：2007-12-27

申请号：US11762634

申请日：2007-06-13

申请人： Chad Verbowski ,  Jiahe Wang ,  John Platt ,  Ruyun Zhang ,  Yu Chen

发明人： Chad Verbowski ,  Jiahe Wang ,  John Platt ,  Ruyun Zhang ,  Yu Chen

IPC分类号： G06F11/34

CPC分类号： H04L41/0869 ,  G06F11/0748 ,  G06F11/079 ,  H04L41/0853 ,  H04L41/16

摘要： A method and system for identifying a configuration parameter of a “sick” computer system that is at fault for causing an undesired behavior based on analysis of configuration parameters from other computer systems is provided. In one embodiment, a troubleshooting system collects “suspect” values for “suspect” configuration parameters used by a “sick” application when the undesired behavior was exhibited by the sick computer system. The troubleshooting system then compares the suspect values to sample values of the suspect configuration parameters retrieved from sample computer systems. The troubleshooting system uses that comparison to identify one or more suspect configuration parameters that are likely at fault for causing the application to exhibit the undesired behavior.

摘要翻译： 提供了一种用于识别“病”计算机系统的配置参数的方法和系统，所述“病”计算机系统基于来自其他计算机系统的配置参数的分析而导致不期望的行为存在故障。 在一个实施例中，故障排除系统在病态计算机系统显示出不期望的行为时收集由“病”应用使用的“可疑”配置参数的“可疑”值。 然后，故障排除系统将可疑值与从示例计算机系统检索到的可疑配置参数的采样值进行比较。 故障排除系统使用该比较来识别可能出现故障的一个或多个可疑配置参数，导致应用程序显示不期望的行为。

公开(公告)号：US20080059973A1

公开(公告)日：2008-03-06

申请号：US11932890

申请日：2007-10-31

申请人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

发明人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

IPC分类号： G06F9/46

CPC分类号： G06F11/36 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/552 ,  G06F2221/2101

摘要： Apparatus and methods for intercepting and analyzing threads are disclosed. In one embodiment, a thread data recorder is configured to instrument one or more existing functions by modifying computer executable instructions in the functions to intercept threads calling the functions. In one possible implementation, the number of existing functions instrumented can be reduced by instrumenting choke point functions. The instrumented functions can also capture data associated with the threads as the threads execute at the function. This data can be saved to memory and compressed into logs. In one aspect, the data can be saved and/or compressed at a time when processor resources are being used at or below predetermined level. The captured data can be used to analyze a functioning of a computer system in which the threads were produced.

摘要翻译： 公开了用于截取和分析线程的装置和方法。 在一个实施例中，线程数据记录器被配置为通过修改函数中的计算机可执行指令来调试一个或多个现有函数来截取调用函数的线程。 在一个可能的实现中，可以通过测量阻塞点功能来减少所调用的现有功能的数量。 当函数执行线程时，仪器函数还可以捕获与线程关联的数据。 该数据可以保存到内存并压缩成日志。 在一个方面，当处于或低于预定级别的处理器资源被使用时，可以保存和/或压缩数据。 捕获的数据可用于分析其中​​生成线程的计算机系统的功能。

公开(公告)号：US20070168550A1

公开(公告)日：2007-07-19

申请号：US11702856

申请日：2007-02-06

申请人： Yi-Min Wang ,  Lili Qiu ,  Chad Verbowski ,  Demetrios Achlioptas ,  Gautam Das ,  Per-Ake Larson

发明人： Yi-Min Wang ,  Lili Qiu ,  Chad Verbowski ,  Demetrios Achlioptas ,  Gautam Das ,  Per-Ake Larson

IPC分类号： G06F15/173

CPC分类号： H04L29/06 ,  H04L12/1859 ,  H04L67/327 ,  H04L69/329

摘要： A system arid method for enabling highly scalable multi-node event distribution networks through the use of summary-based routing, particularly event distribution networks using a content-based publish/subscribe model to distribute information. By allowing event routers to use imprecise summaries of the subscriptions hosted by matcher nodes, an event router can eliminate itself as a bottleneck thus improving overall event distribution network throughput even though the use of imprecise summaries results in some false positive event traffic. False positive event traffic is reduced by using a filter set partitioning that provides for good subscription set locality at each matcher node, while at the same time avoiding overloading any one matcher node. Good subscription set locality is maintained by routing new subscriptions to a matcher node with a subscription summary that best covers the new subscription. Where event space partitioning is desirable, an over-partitioning scheme is described that enables load balancing without repartitioning.

摘要翻译： 一种用于通过使用基于摘要的路由，特别是使用基于内容的发布/订阅模型来分发信息的事件分发网络来实现高度可扩展的多节点事件分发网络的系统和方法。 通过允许事件路由器使用由匹配器节点托管的订阅的不精确的摘要，事件路由器可以将自身消除为瓶颈，从而改善整体事件分发网络吞吐量，即使使用不精确的摘要导致一些假阳性事件流量。 通过使用在每个匹配器节点处提供良好订阅集位置的过滤器集分割来减少假正事件流量，同时避免任何一个匹配器节点的过载。 通过将新的订阅路由到具有最佳覆盖新订阅的订阅摘要的匹配器节点来维护良好的订阅集位置。 在需要事件空间分区的情况下，描述了能够进行负载均衡而不进行重新分区的过分配方案。

公开(公告)号：US07865777B2

公开(公告)日：2011-01-04

申请号：US11932890

申请日：2007-10-31

申请人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

发明人： Chad Verbowski ,  Brad Daniels ,  John Dunagan ,  Shan Lu ,  Roussi Roussev ,  Juhan Lee ,  Arunvijay Kumar

IPC分类号： G06F11/00

CPC分类号： G06F11/36 ,  G06F11/3466 ,  G06F11/3476 ,  G06F21/552 ,  G06F2221/2101

摘要： Apparatus and methods for intercepting and analyzing threads are disclosed. In one embodiment, a thread data recorder is configured to instrument one or more existing functions by modifying computer executable instructions in the functions to intercept threads calling the functions. In one possible implementation, the number of existing functions instrumented can be reduced by instrumenting choke point functions. The instrumented functions can also capture data associated with the threads as the threads execute at the function. This data can be saved to memory and compressed into logs. In one aspect, the data can be saved and/or compressed at a time when processor resources are being used at or below predetermined level. The captured data can be used to analyze a functioning of a computer system in which the threads were produced.

摘要翻译： 公开了用于截取和分析线程的装置和方法。 在一个实施例中，线程数据记录器被配置为通过修改函数中的计算机可执行指令来调试一个或多个现有函数来截取调用函数的线程。 在一个可能的实现中，可以通过测量阻塞点功能来减少所调用的现有功能的数量。 当函数执行线程时，仪器函数还可以捕获与线程关联的数据。 该数据可以保存到内存并压缩成日志。 在一个方面，当处于或低于预定级别的处理器资源被使用时，可以保存和/或压缩数据。 捕获的数据可用于分析其中​​生成线程的计算机系统的功能。

公开(公告)号：US20070027974A1

公开(公告)日：2007-02-01

申请号：US11194891

申请日：2005-08-01

申请人： Juhan Lee ,  John Dunagan ,  Alastair Wolman ,  Chad Verbowski ,  Stephen Lovett

发明人： Juhan Lee ,  John Dunagan ,  Alastair Wolman ,  Chad Verbowski ,  Stephen Lovett

IPC分类号： G06F15/173

CPC分类号： H04L41/5009 ,  H04L41/0681 ,  H04L41/5051 ,  H04L43/0805 ,  H04L43/0817 ,  H04L43/0852 ,  H04L43/0864 ,  H04L43/16

摘要： A status notification method and facility is provided for use with a service chain processing a request for a service. The service chain can include multiple computer nodes, and the method includes dynamically creating the service chain for processing the request, and guaranteeing agreement, on at least two of the nodes of the service chain, about the status of the processing of the request. The method can also include saving detailed operational data logs in response to determining that a failure in processing the request has occurred. When a given node in the service chain determines that failure has occurred, agreement about the failure can be propagated throughout the service chain. Also, conditional logging of detailed operational data can minimize the amount of operational data transmitted over a network and saved to a data repository.

摘要翻译： 提供状态通知方法和设施用于处理服务请求的服务链。 服务链可以包括多个计算机节点，并且该方法包括动态地创建用于处理该请求的服务链，并且在服务链的至少两个节点上保证关于请求的处理状态的协议。 该方法还可以包括保存详细的操作数据日志以响应于确定处理该请求的失败已经发生。 当服务链中的给定节点确定发生故障时，关于故障的协议可以在整个服务链中传播。 此外，详细操作数据的条件记录可以最小化通过网络传输并保存到数据存储库的操作数据量。

公开(公告)号：US20050155031A1

公开(公告)日：2005-07-14

申请号：US10830334

申请日：2004-04-22

申请人： Yi-Min Wang ,  Aaron Johnson ,  David Ladd ,  Roussi Roussev ,  Chad Verbowski

发明人： Yi-Min Wang ,  Aaron Johnson ,  David Ladd ,  Roussi Roussev ,  Chad Verbowski

IPC分类号： G06F9/445 ,  G06F9/44

CPC分类号： G06F9/44505 ,  G06F8/65

摘要： As computer programs grow more complex, extensible, and connected, it becomes increasingly difficult for users to understand what has changed on their machines and what impact those changes have. An embodiment of the invention is described via a software tool, called AskStrider, that answers those questions by correlating volatile process information with persistent-state context information and change history. AskStrider scans a system for active components, matches them against a change log to identify recently updated and hence more interesting state, and searches for context information to help users understand the changes. Several real-world cases are provided to demonstrate the effectiveness of using AskStrider to quickly identify the presence of unwanted software, to determine if a software patch is potentially breaking an application, and to detect lingering components left over from an unclean uninstallation.

摘要翻译： 随着计算机程序变得越来越复杂，可扩展和连接，用户越来越难以了解机器上发生了什么变化，以及这些更改有什么影响。 通过称为AskStrider的软件工具来描述本发明的实施例，其通过将易失性进程信息与持久状态上下文信息和变化历史相关联来回答这些问题。 AskStrider扫描系统中的活动组件，将其与更改日志进行匹配，以识别最近更新并因此更有趣的状态，并搜索上下文信息以帮助用户了解更改。 提供了几个真实案例来证明使用AskStrider快速识别不需要的软件的存在，确定软件补丁是否潜在地破坏应用程序，以及检测从不洁净卸载中遗留的剩余部件的有效性。

公开(公告)号：US08024815B2

公开(公告)日：2011-09-20

申请号：US11532127

申请日：2006-09-15

申请人： Jacob R. Lorch ,  Yi-Min Wang ,  Chad Verbowski ,  Helen J. Wang ,  Samuel King

发明人： Jacob R. Lorch ,  Yi-Min Wang ,  Chad Verbowski ,  Helen J. Wang ,  Samuel King

IPC分类号： G06F7/04 ,  G06F17/30

CPC分类号： H04N21/818 ,  H04N21/4435 ,  H04N21/4437

摘要： In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).

摘要翻译： 在基于隔离环境的信息访问的实施例中，可以在诸如虚拟机的环境中隔离在基于计算的设备上运行的程序（包括操作系统和应用）。 访问包括在基于计算的设备和正在运行的程序之间传送的命令和/或数据的信息以及与程序和基于计算的设备相关联的信息，而不被程序检测到 s）。 在一个实现中，信息包括状态信息以及诸如用户名和密码的敏感信息的命令和/或数据。 在另一实现中，该信息可用于秘密地访问该程序。

公开(公告)号：US20100223499A1

公开(公告)日：2010-09-02

申请号：US12394451

申请日：2009-02-27

申请人： Rina Panigrahy ,  Chad Verbowski ,  Yinglian Xie ,  Junfeng Yang ,  Ding Yuan

发明人： Rina Panigrahy ,  Chad Verbowski ,  Yinglian Xie ,  Junfeng Yang ,  Ding Yuan

IPC分类号： G06F11/28 ,  G06F11/07 ,  G06F17/30

CPC分类号： G06F11/079 ,  G06F11/0709 ,  G06F11/0715 ,  H04L41/16

摘要： A technique for automatically detecting and correcting configuration errors in a computing system. In a learning process, recurring event sequences, including e.g., registry access events, are identified from event logs, and corresponding rules are developed. In a detecting phase, the rules are applied to detected event sequences to identify violations and to recover from failures. Event sequences across multiple hosts can be analyzed. The recurring event sequences are identified efficiently by flattening a hierarchical sequence of the events such as is obtained from the Sequitur algorithm. A trie is generated from the recurring event sequences and edges of nodes of the trie are marked as rule edges or non-rule edges. A rule is formed from a set of nodes connected by rule edges. The rules can be updated as additional event sequences are analyzed. False positive suppression policies include a violation- consistency policy and an expected event disappearance policy.

摘要翻译： 一种自动检测和纠正计算系统中配置错误的技术。 在学习过程中，从事件日志中识别循环事件序列，包括例如注册表访问事件，并且开发相应的规则。 在检测阶段，将规则应用于检测到的事件序列以识别违例行为并从故障中恢复。 可以分析多个主机的事件序列。 通过对诸如从Sequitur算法获得的事件的分层序列进行平坦化来有效地识别循环事件序列。 从循环事件序列生成特里（trie），并将特里斯的节点的边缘标记为规则边缘或非规则边缘。 规则是由一组通过规则边连接的节点形成的。 当分析附加事件序列时，可以更新规则。 虚假的积极抑制政策包括违规行为政策和预期的事件消失政策。

公开(公告)号：US07698305B2

公开(公告)日：2010-04-13

申请号：US11566170

申请日：2006-12-01

申请人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

发明人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

IPC分类号： G06F17/30

CPC分类号： G06F21/552 ,  G06F11/3644 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.

摘要翻译： 基于对一个或多个程序之间的相互作用的审查以及他们倾向于表示的持续状态来实现系统管理的系统和方法。 该系统提供对系统内发生的修改的检测，验证修改是否被批准，并且在检测未知修改时产生通知。