T 1306/17 (Inter-process interference elimination/MICROSOFT) 19-03-2019

The invention

1. The application relates to the automatic creation and manipulation of what are called "operating-system pro­cesses" (or simply "processes"; see paragraphs 1 and 2) consisting of several "streams of computer executable instructions" called "threads" (see para­graph 4). In particular, the application is concerned with the elimination of what are called "inter-process interferences".

1.1 A scenario for the process construction according to the invention is depicted in figure 1. The pertinent system component (no. 100) comprises several optional modules (nos. 150-162), amongst which an "inter-process interference eliminator" (no. 160). This module is disclosed in paragraphs 67-77 and 98-102 and is mentioned in figure 3 (no. 328), on page 29 referring to figure 4, and in the "embodiments" listed on pages 61 to 66.

1.2 The description states that there is a risk that "the data and executing code of a process may be indiscriminately and unilaterally altered, removed, changed, and modi­fied by another process" (see paragraph 69). To avoid this, and to ensure that processes "play well with others", pro­cesses are normally equipped with their own ex­clu­sive address space (see paragraphs 70-71). The invention is said not to require this measure (para­graph 73) but, instead, to "manage[] a process's exe­cutable code so that" it simply "will not perform" the mentioned "inter-process interference" (paragraph 74).

1.3 It is explained (and claimed, if in slightly different words) that the proposed solution involves detecting "any actions (which the executable code would perform) that may include the possibility of inter-process interference" and the modification of the "executable code so that there is no possibility of inter-process interference when that code is executed" (see paragraph 75).

1.4 It is not disclosed exactly what kind of code is to be analysed and modified or how.

1.5 It is, however, noted that it "is difficult and some­times nearly impossible to perform [...] analyses on the integrity, security, and stability of [..] pro­cesses" (see par. 23) and suggested that the architec­ture according to the invention "constructs processes in a manner that allows for analyses regarding [such] properties" (see paragraphs 23 and 27).

Clarity, Article 84 EPC

2. The decision under appeal has found primarily that the invention does not comply with the requirement of Article 83 EPC, i.e. that it be disclosed "in a manner sufficiently clear and complete for it to be carried out by a person skilled in the art". In order to de­ter­mine what the invention is which, to comply with Ar­ticle 83 EPC, must be "sufficiently disclosed", it must be assessed how the claims are to be construed. In the process, it may turn out that the claims are unclear, Article 84 EPC.

3. In general, it is undefined in the claims what properties the instruction streams have. For instance, it is neither defined what memory access instructions occur and what addressing schemes they use - for instance indirect memory addressing is not excluded - nor what kind of control flow instructions occur. This has an impact on whether the property of interest (inter-process interference) can be practically determined for the process in question.

3.1 For instance, when the memory address being accessed is not visible in the instruction stream, because it is computed and read from a register at run-time (indirect addressing), it is not sufficient, contrary to the appellant's view (see the grounds of appeal, the paragraph bridging pages 2 and 3), to "look" for corresponding commands in the instruction streams.

3.2 Moreover, it is a fundamental mathematical fact that non-trivial semantic properties of "sufficiently complex" (i.e. "Turing-complete") programming languages are undecidable (this is known as "Rice's theorem").

3.2.1 Typical programming languages are Turing-complete and nothing in the claims excludes (and conventional knowledge rather suggests) that the processor instruction set forms a Turing-complete language. Therefore, it is in general undecidable - i.e. cannot be determined algorithmically by analysis of the instruction streams - whether any two processes, when executed, actually interfere with each other in the memory.

3.2.2 For instance, assume that it was an undesirable inter-process interference if one process were to write to a certain memory address and another process were to read from that same address (see the grounds of appeal, page 2, last paragraph). Assume further that one process contained a write instruction to an address and another process a read instruction to the same address. Then it could not, in general, be determined whether the two instructions were ever executed (as can be shown rigorously with reference to the fundamental "halting problem").

3.3 In practice, this issue is addressed by analysing a slightly different program property. For example and in the words of the claims, it is not assessed whether two processes, when executing, will actually interfere with each other but merely whether they have the "potential to interfere".

3.4 However, the board considers that the language trying to define the instruction stream property which is, in fact, meant to be ana­lysed (and how) is unclear and overly vague ("has a potential to interfere with another executing process in the memory in the form of uncontrolled memory access").

3.4.1 Firstly, whether two processes have a "potential to interfere" may be determined in more or less conservative terms. For example, two processes might be considered to have this "potential" if they access the same memory address, the same memory region or if they access memory at all.

3.4.2 Secondly, "inter-process interference" is not a well-defined term of art and that it may (or may not) take "the form of uncontrolled memory access" does not clarify the issue. In principle, it is well-known that parallel processes accessing the same memory address may cause conflicts between them. However, not all access to shared memory is unintended: Some may be needed to allow for inter-process communication.

3.4.3 The appellant suggested that inter-process communication would normally take place via a dedicated shared memory. In this situation, accessing the same memory address in the shared memory could be considered "controlled memory access" and thus not an indication of undesirable inter-process interference. Although this is indeed a possibility, the board notes that the claims neither refer to inter-process communication via a dedicated shared memory nor define "uncontrolled memory access" with reference to it.

3.5 The claims also do not specify how the instruction streams are modified to eliminate potential interferences. The board appreciates that suitable such modifications may be evident in individual situations. However, it cannot be assessed whether this is true for the claims over their entire breadth. For instance, the appellant's suggestion that memory conflicts can be solved by simply changing the memory addresses (see the grounds of appeal, page 3, lines 4-7) is not correct in all cases: In shared-memory communication between processes it is crucial and intended that the processes read from and write to the same memory addresses. Moreover, certain types of "memory addresses" may be limited (registers, for instance) so that it may be impossible to choose a new address to eliminate an interference. Also, the board notes that many potential conflicts between two processes can be avoided by serializing their execution (e.g. by adding instructions that make one process wait for the termination of another one).

3.6 The independent claims of auxiliary request 1 specify that the modification should be such that processes do not "require separately defined address spaces for each process" (emphasis by the board). The board takes this to mean that the claimed modification does not use separate address spaces and, thus, shows that separate address spaces are not required to eliminate inter-process interference. While the board agrees with the appellant that this feature excludes certain solutions to the elimination problem, it falls short of remedying the above clarity problems.

3.7 The independent claims of auxiliary request 2 add the feature that "static analysis" is used to "verify that the [...] instruction stream [...] will not engage in inter-process interference" and "further analyzes [...] unverified [portions] regarding inter-process interference". Apart from the imprecision that the static analysis can, apparently, only try to verify an instruction stream, because otherwise no "unverified" portions would remain and require further analysis, all this feature implies is that the claimed analysis is "static", i.e. carried out before process execution. This, however, is insufficient to address any of the above clarity problems.

3.8 In summary, the board concludes that the independent claims of all three requests fail to define clearly the problem addressed or the solution provided by the invention and therefore do not comply with Article 84 EPC.

Sufficiency of disclosure, Article 83 EPC

4. The description con­tains no detail that could overcome the mentioned clarity problems.

4.1 It is also noted that the description does not describe in detail at least one way of carry­ing out the invention claimed, as required by Rule 42(1)(e) EPC.

4.2 As a consequence in this case, the board considers that the description does not enable the skilled person to carry out the invention, i.e. either the analysing or the modifying steps or means. More specifically, the skilled person cannot carry out the invention over its full breadth, i.e. for any kind of instruction stream and possible form of ("potential" and "uncontrolled") "interference", and the individual situations were it can be argued that he could are insufficient to support the claim in its full breadth.

4.3 Therefore, the board agrees with the examining division that the claimed invention does not comply with Article 83 EPC.

Inventive step, Article 56 EPC

5. The independent claims of all requests specify the invention in terms of two steps, one of analysing instruction streams to detect potential inter-process interferences and one of modifying them to eliminate such potential.

5.1 The board takes the view that the claims could only possibly be accepted as clear on the assumption that both the analysis and the modification themselves belong to the common knowledge in the art.

5.2 From this perspective (and even though the board does not share the assumption), the claimed invention specifies no more than that instruction streams are analysed for certain undesirable properties and that they are fixed by modification of the code ("inserting and/or changing").

5.3 In this generality, the board considers the approach to be obvious from first principles, irrespective of which undesirable property is considered, and thus insufficient to establish an inventive step within the meaning of Article 56 EPC.

The appellant's complaint regarding the "further comments"

6. The appellant takes issue with the fact that the section "Further comments" in the decision contains arguments that appear to have been copied from earlier communications of the examining division and thus do not take into account submissions made by the appellant in the meantime and that the objection under Article 54 EPC "had not been maintained" during the oral procee­dings (see the grounds of appeal, page 4, paragraphs 3 and 6), and it challenges the corresponding objections in substance.

7. It is not necessary to address this argument in detail.

7.1 The board takes the view that the appellant's right to be heard cannot normally be affected by a section in the decision which is clearly marked as containing obiter dicta, in particular not when at least one reason for the decision is clearly given and sufficiently reasoned. In the present case, it seems not to be controversial that this holds true for the Article 83 EPC objection on which the decision is based.

7.2 It may also be noted that an objection that has not been discussed during oral proceedings is not automa­tically "given up" by the deciding body. In the present case, the minutes suggest that only Articles 83 and 84 EPC were discussed during the oral proceedings before the examining division but contain no suggestion that the Article 54 EPC objection was given up.