摘要:
Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.
摘要:
Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. For example, data written by the FPGA to memory is encrypted, and is decrypted within the FPGA when read back from memory. Data transferred between the FPGA and other components such as the CPU or GPU, whether directly or through memory, can similarly be encrypted using cryptographic keys known to the communicating components. Transferred data also can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code.
摘要:
A computer system includes one or more field programmable gate arrays as a coprocessor that can be shared among processes and programmed using hardware libraries. Given a set of hardware libraries, an update process periodically updates the libraries and/or adds new libraries. One or more update servers can provide information about libraries available for download, either in response to a request or by notifying systems using such libraries. New available libraries can be presented to a user for selection and download. Requests for updated libraries can arise in several ways, such as through polling for updates, exceptions from applications attempting to use libraries, and upon compilation of application code.
摘要:
A system and method for providing an augmented reality environment in which the environmental mapping process is decoupled from the localization processes performed by one or more mobile devices is described. In some embodiments, an augmented reality system includes a mapping system with independent sensing devices for mapping a particular real-world environment and one or more mobile devices. Each of the one or more mobile devices utilizes a separate asynchronous computing pipeline for localizing the mobile device and rendering virtual objects from a point of view of the mobile device. This distributed approach provides an efficient way for supporting mapping and localization processes for a large number of mobile devices, which are typically constrained by form factor and battery life limitations.
摘要:
Software fault isolation methods using byte-granularity memory protection are described. In an embodiment, untrusted drivers or other extensions to a software system are run in a separate domain from the host portion of the software system, but share the same address space as the host portion. Calls between domains are mediated using an interposition library and access control data is maintained for substantially each byte of relevant virtual address space. Instrumentation added to the untrusted extension at compile-time, before load-time, or at runtime and added by the interposition library enforces the isolation between domains, for example by adding access right checks before any writes or indirect calls and by redirecting function calls to call wrappers in the interposition library. The instrumentation also updates the access control data to grant and revoke access rights on a fine granularity according to the semantics of the operation being invoked.
摘要:
Extensions to operating systems or software applications can be hosted in virtual environments to fault isolate the extension. A generic proxy extension invoked by a host process can coordinate the invocation of an appropriate extension in a virtual process that can provide the same support APIs as the host process. Furthermore, a user mode context can be provided to the extension in the virtual process through memory copying or page table modifications. In addition, the virtual process, especially a virtual operating system process running on a virtual machine, can be efficiently started by cloning a coherent state. A coherent state can be created when a virtual machine starts up, or when the computing device starts up and the appropriate parameters are observed and saved. Alternatively, the operating system can create a coherent state by believing there is an additional CPU during the boot process.
摘要:
Network congestion avoidance within aggregated channels is disclosed. In one embodiment, a method first transmits a packet associated with a first channel of a plurality of related channels from a source protocol layer (e.g., a source IP layer) of a source through a network (e.g., the Internet). Next, the method triggers an ECN event by the packet at the network. Finally, at least one channel is determined to have decreased packets transmitted therethrough, in response to the triggering of the ECN event (e.g., based on a congestion pricing criteria).