公开(公告)号：US08077718B2

公开(公告)日：2011-12-13

申请号：US11203011

申请日：2005-08-12

申请人： Richard M. Mortier ,  Paul Barham ,  Rebecca Isaacs

发明人： Richard M. Mortier ,  Paul Barham ,  Rebecca Isaacs

IPC分类号： H04L12/28

CPC分类号： H04L41/042 ,  H04L41/0213 ,  H04L41/12 ,  H04L43/0811 ,  H04L45/02 ,  H04L45/44

摘要： Hosts or end-systems residing at the edges of a network gather data about the traffic they transmit into and receive from the network. The network's routing protocol (typically a link-state protocol such as OSPF) is monitored and routing data or packets are used to recover the network's current status and topology. This data can be collected, fused, and maintained and a platform, preferably distributed, can be provided to query the data, thus enabling a variety of network management applications.

摘要翻译： 驻留在网络边缘的主机或终端系统收集关于它们从网络发送和接收的流量的数据。 监控网络的路由协议（通常是链路状态协议，如OSPF），并使用路由数据或数据包来恢复网络的当前状态和拓扑。 可以收集，融合和维护该数据，并且可以提供优选分布的平台来查询数据，从而实现各种网络管理应用。

公开(公告)号：US07747986B2

公开(公告)日：2010-06-29

申请号：US11154090

申请日：2005-06-15

申请人： Glenn F LaVigne ,  Efstathios Papaefstathiou ,  Jonathan C Hardwick ,  Quanzhan Zheng ,  Rebecca Isaacs ,  Paul Barham

发明人： Glenn F LaVigne ,  Efstathios Papaefstathiou ,  Jonathan C Hardwick ,  Quanzhan Zheng ,  Rebecca Isaacs ,  Paul Barham

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06Q10/10

摘要： A computing system for determining performance factors for using in performance modeling of a deployed subject system, is presented. The computing system includes a plurality of software components comprising the subject system. Each of the components is susceptible to event tracing while executing on the computing system. The computing system includes a tracing component. The tracing component is configured to trace events of the components of the subject system as they execute. The computing system includes a transaction identification table. The transaction identification table comprises starting and ending actions for transactions performed by the subject system. The computing system also includes a transaction identification component that identifies actions from traced events, identifies related actions corresponding to a transaction according to the starting and ending actions in the transaction identification table, and stores the related actions in the transaction workflow data store.

摘要翻译： 提出了一种用于确定在部署的主题系统的性能建模中使用的性能因素的计算系统。 计算系统包括多个包括该对象系统的软件组件。 在计算系统上执行时，每个组件都容易进行事件跟踪。 计算系统包括跟踪组件。 跟踪组件被配置为跟踪主体系统的组件在执行时的事件。 计算系统包括事务识别表。 交易识别表包括由主题系统执行的交易的开始和结束动作。 计算系统还包括识别跟踪事件的动作的事务识别组件，根据事务识别表中的起始和结束动作识别与事务相对应的相关动作，并将相关动作存储在事务工作流数据存储中。

公开(公告)号：US20090265715A1

公开(公告)日：2009-10-22

申请号：US12492045

申请日：2009-06-25

申请人： Ulfar Erlingsson ,  Edward P. Wobber ,  Paul Barham ,  Thomas Roeder

发明人： Ulfar Erlingsson ,  Edward P. Wobber ,  Paul Barham ,  Thomas Roeder

IPC分类号： G06F3/00 ,  G06F9/455 ,  G06F9/00 ,  G06F11/00

CPC分类号： G06F9/4411 ,  G06F9/4401

摘要： Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

摘要翻译： 操作系统或软件应用程序的扩展可以托管在虚拟环境中，以隔离扩展。 由主机进程调用的通用代理扩展可以协调在虚拟进程中调用适当的扩展，该虚拟进程可以提供与主机进程相同的支持API。 此外，可以通过存储器复制或页表修改在虚拟过程中向用户模式上下文提供。 此外，可以通过克隆一致的状态来有效地启动虚拟进程，特别是在虚拟机上运行的虚拟操作系统进程。 当虚拟机启动时，或者计算设备启动并且观察并保存适当的参数时，可以创建一致的状态。 或者，操作系统可以通过相信在引导过程中有额外的CPU来创建一致的状态。

公开(公告)号：US07574709B2

公开(公告)日：2009-08-11

申请号：US10837971

申请日：2004-04-30

申请人： Ulfar Erlingsson ,  Edward P. Wobber ,  Paul Barham ,  Thomas Roeder

发明人： Ulfar Erlingsson ,  Edward P. Wobber ,  Paul Barham ,  Thomas Roeder

IPC分类号： G06F3/00 ,  G06F9/00 ,  G06F9/455 ,  G06F11/00

CPC分类号： G06F9/4411 ,  G06F9/4401

摘要： Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. The virtual environment in which extensions designed to control hardware devices can safely execute can be efficiently created during an initial startup sequence of a host environment by indicating to the host environment that a second processing unit is present in the computing system allowing the host environment to create a coherent state. A virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by the created coherent state. A coherent state can be created when an operating system starts up and the appropriate parameters are observed and saved. Alternatively, an operating system of the host environment can create the coherent state by receiving indication of the second processing unit during the boot process.

摘要翻译： 操作系统或软件应用程序的扩展可以托管在虚拟环境中，以隔离扩展。 通过向主机环境指示在计算系统中存在允许主机环境创建的第二处理单元，可以在主机环境的初始启动顺序期间有效地创建用于控制硬件设备的扩展的安全执行的虚拟环境 一个连贯的状态。 可以通过创建的相干状态有效地启动虚拟进程，特别是在虚拟机上运行的虚拟操作系统进程。 当操作系统启动并且观察并保存适当的参数时，可以创建相干状态。 或者，主机环境的操作系统可以通过在引导过程期间接收第二处理单元的指示来创建相干状态。

公开(公告)号：US20070094495A1

公开(公告)日：2007-04-26

申请号：US11428162

申请日：2006-06-30

申请人： Galen Hunt ,  James Larus ,  Martin Abadi ,  Mark Aiken ,  Paul Barham ,  Manuel Fahndrich ,  Chris Hawblitzel ,  Orion Hodson ,  Steven Levi ,  Nicholas Murphy ,  Bjarne Steensgaard ,  David Tarditi ,  Edward Wobber ,  Brian Zill

发明人： Galen Hunt ,  James Larus ,  Martin Abadi ,  Mark Aiken ,  Paul Barham ,  Manuel Fahndrich ,  Chris Hawblitzel ,  Orion Hodson ,  Steven Levi ,  Nicholas Murphy ,  Bjarne Steensgaard ,  David Tarditi ,  Edward Wobber ,  Brian Zill

IPC分类号： H04L9/00

CPC分类号： G06F9/544 ,  G06F9/468

摘要： Described herein are one or more implementations of an operating system that provides for statically verifiable inter-process communication between isolated processes. Also, described herein are one or more implementations of programming tools that facilitate the development of statically verifiable isolated processes having inter-process communication.

摘要翻译： 这里描述了一种操作系统的一个或多个实现，该操作系统提供了隔离过程之间的静态可验证的进程间通信。 此外，这里描述了一种或多种编程工具的实现方式，其有助于开发具有进程间通信的静态可验证的隔离进程。

公开(公告)号：US20050246718A1

公开(公告)日：2005-11-03

申请号：US10837971

申请日：2004-04-30

申请人： Ulfar Erlingsson ,  Edward Wobber ,  Paul Barham ,  Thomas Roeder

发明人： Ulfar Erlingsson ,  Edward Wobber ,  Paul Barham ,  Thomas Roeder

IPC分类号： G06F9/54 ,  G06F9/44 ,  G06F9/445 ,  H04K1/00

CPC分类号： G06F9/4411 ,  G06F9/4401

摘要： Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.

摘要翻译： 操作系统或软件应用程序的扩展可以托管在虚拟环境中，以隔离扩展。 由主机进程调用的通用代理扩展可以协调在虚拟进程中调用适当的扩展，该虚拟进程可以提供与主机进程相同的支持API。 此外，可以通过存储器复制或页表修改在虚拟过程中向用户模式上下文提供。 此外，可以通过克隆一致的状态来有效地启动虚拟进程，特别是在虚拟机上运行的虚拟操作系统进程。 当虚拟机启动时，或者计算设备启动并且观察并保存适当的参数时，可以创建一致的状态。 或者，操作系统可以通过相信在引导过程中有额外的CPU来创建一致的状态。

公开(公告)号：US20130346758A1

公开(公告)日：2013-12-26

申请号：US13528400

申请日：2012-06-20

申请人： Brian A. LaMacchia ,  Edmund B. Nightingale ,  Paul Barham

发明人： Brian A. LaMacchia ,  Edmund B. Nightingale ,  Paul Barham

IPC分类号： G06F21/00 ,  G06F12/14

CPC分类号： G06F21/445 ,  G06F21/76 ,  G06F21/85

摘要： Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. For example, data written by the FPGA to memory is encrypted, and is decrypted within the FPGA when read back from memory. Data transferred between the FPGA and other components such as the CPU or GPU, whether directly or through memory, can similarly be encrypted using cryptographic keys known to the communicating components. Transferred data also can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code.

摘要翻译： 现场可编程门阵列可用作通用计算系统中的共享可编程协处理器资源。 FPGA的组件是隔离的，用于保护FPGA和FPGA与计算机系统其他组件之间传输的数据。 例如，由FPGA写入存储器的数据被加密，并在从存储器读回时在FPGA内进行解密。 FPGA和GPU等其他组件（无论是直接还是通过内存）之间传输的数据可以使用通信组件已知的加密密钥进行加密。 传输的数据也可以由FPGA或其他组件进行数字签名，以提供认证。 编程FPGA的代码可以由作者进行加密和签名，在加密状态下加载到FPGA中，然后在使用代码编程FPGA之前，由FPGA自身对其进行解密和认证。

公开(公告)号：US20130346669A1

公开(公告)日：2013-12-26

申请号：US13528329

申请日：2012-06-20

申请人： Edmund B. Nightingale ,  Brian LaMacchia ,  Paul Barham

发明人： Edmund B. Nightingale ,  Brian LaMacchia ,  Paul Barham

IPC分类号： G06F12/02

CPC分类号： G06F8/65 ,  G06F9/44521 ,  G06F15/7871

摘要： A computer system includes one or more field programmable gate arrays as a coprocessor that can be shared among processes and programmed using hardware libraries. Given a set of hardware libraries, an update process periodically updates the libraries and/or adds new libraries. One or more update servers can provide information about libraries available for download, either in response to a request or by notifying systems using such libraries. New available libraries can be presented to a user for selection and download. Requests for updated libraries can arise in several ways, such as through polling for updates, exceptions from applications attempting to use libraries, and upon compilation of application code.

摘要翻译： 计算机系统包括作为协处理器的一个或多个现场可编程门阵列，其可以在进程之间共享并且使用硬件库进行编程。 给定一组硬件库，更新过程定期更新库和/或添加新库。 一个或多个更新服务器可以提供有关可供下载的库的信息，无论是响应请求还是通知使用此类库的系统。 可以将新的可用库呈现给用户进行选择和下载。 更新库的请求可以通过几种方式出现，例如通过轮询更新，尝试使用库的应用程序的异常以及编译应用程序代码。

公开(公告)号：US20130169626A1

公开(公告)日：2013-07-04

申请号：US13688093

申请日：2012-11-28

申请人： Alexandru Balan ,  Jason Flaks ,  Steve Hodges ,  Michael Isard ,  Oliver Williams ,  Paul Barham ,  Shahram Izadi ,  Otmar Hiliges ,  David Molyneaux ,  David Kim

发明人： Alexandru Balan ,  Jason Flaks ,  Steve Hodges ,  Michael Isard ,  Oliver Williams ,  Paul Barham ,  Shahram Izadi ,  Otmar Hiliges ,  David Molyneaux ,  David Kim

IPC分类号： G06T19/00

CPC分类号： G06T19/006 ,  G06F3/005 ,  G06F3/0304 ,  G09G3/003 ,  G09G2340/12 ,  G09G2340/125 ,  G09G2340/14 ,  G09G2354/00

摘要： A system and method for providing an augmented reality environment in which the environmental mapping process is decoupled from the localization processes performed by one or more mobile devices is described. In some embodiments, an augmented reality system includes a mapping system with independent sensing devices for mapping a particular real-world environment and one or more mobile devices. Each of the one or more mobile devices utilizes a separate asynchronous computing pipeline for localizing the mobile device and rendering virtual objects from a point of view of the mobile device. This distributed approach provides an efficient way for supporting mapping and localization processes for a large number of mobile devices, which are typically constrained by form factor and battery life limitations.

摘要翻译： 描述了一种用于提供增强现实环境的系统和方法，其中环境映射过程与由一个或多个移动设备执行的定位处理分离。 在一些实施例中，增强现实系统包括具有用于映射特定现实世界环境和一个或多个移动设备的独立感测设备的映射系统。 一个或多个移动设备中的每一个利用单独的异步计算流水线来定位移动设备并从移动设备的角度呈现虚拟对象。 这种分布式方法提供了一种有效的方式来支持大量移动设备的映射和定位过程，这些移动设备通常受形状因素和电池寿命限制的限制。

公开(公告)号：US08352797B2

公开(公告)日：2013-01-08

申请号：US12633326

申请日：2009-12-08

申请人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

发明人： Richard John Black ,  Paul Barham ,  Manuel Costa ,  Marcus Peinado ,  Jean-Philippe Martin ,  Periklis Akritidis ,  Austin Donnelly ,  Miguel Castro

IPC分类号： G06F11/30

CPC分类号： G06F21/53 ,  G06F9/468 ,  G06F12/1483 ,  G06F21/54 ,  G06F21/57 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/101

摘要： Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.

摘要翻译： 描述了使用字节粒度内存保护的软件故障隔离方法。 在一个实施例中，软件系统的不受信任的驱动程序或其他扩展在与软件系统的主机部分分开的域中运行，但是与主机部分共享相同的地址空间。 域之间的调用使用插入库进行调用，并且访问控制数据基本上维持相关虚拟地址空间的每个字节。 在编译期间，在加载时间之前或在运行时添加到不可信扩展的仪器，在插入库中添加的仪器会强制实现域之间的隔离，例如在任何写入或间接调用之前添加访问权限检查，并通过将函数调用重定向到 在插页库中调用包装器。 仪器还会更新访问控制数据，根据正在调用的操作的语义，以精细粒度授予和撤销访问权限。