摘要:
In various embodiments of the present invention, a first software entity, such as a program, routine, library, or module, authenticates a second software entity by extracting an authentication block from memory, validating the extracted authentication block, and comparing a value stored in the authentication block with a computable or pre-computed authentication value in order to authenticate the second software entity. In certain alternative embodiments, a program can authenticate itself at run-time. Additional embodiments of the present invention include methods for constructing and inserting authentication blocks into software entities to facilitate authentication by the authentication methods that represent embodiments of the present invention.
摘要:
Embodiments of the present invention are directed to computationally efficient timer-queue management. In one embodiment of the present invention, a timer queue is implemented as a circular-timer queue, containing timers, or time-associated data objects, due to expire in a relatively short period of time, and a second queue or list of timers or time-associated data objects, referred to as the “later queue,” containing timers or time-associated data objects due to expire after a period of time longer than the period of time during which the timers or timer-associated data objects on the circular-timer queue are due to expire. At generally regular intervals, as timers or time-associated data objects are removed from the circular-timer queue, timers or time-associated data objects are transferred from the later queue to the circular-timer queue.
摘要:
In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.
摘要:
Embodiments of the present invention are directed to computationally efficient methods and systems for managing connection-associated and exchange-associated resources within network proxies. In one embodiment of the present invention, a circular connection-switch queue is employed for allocating, de-allocating, and maintaining connection-based or exchange-based data resources within a proxy. The connection-switch queue includes a free pointer that identifies a next connection-switch queue entry for allocation, and an idle pointer that is incremented continuously or at fixed intervals as timers associated with connection-switch entries expire. In an alternate embodiment, the connection-switch queue includes a free pointer, an idle pointer, and a clear pointer.
摘要:
Various embodiments of the present invention are directed to an efficient and flexible method and system for managing a pool of computational resources that can be allocated from a resource pool, used for varying periods of time, and eventually returned to the resource pool. Certain embodiments of the present invention are directed to a method and system for efficiently managing ephemeral ports used for short-duration communications connections. In one embodiment of the present invention, an array of port tables is employed to store and manage a large space of ephemeral protocol ports. Each port table is a circular buffer, each entry of which includes a port number that uniquely identifies a communications port, a sequence number that allows the port to be immediately reallocated, and any other additional protocol-specific information that may be associated with the port. A non-local-port-number portion of a connection address, comprising a remote HP address, a remote port number, and a local IP address, may be hashed to generate a numerical reference to a particular port table within the array, or list, of port tables, and ephemeral ports for the non-local-port-number portion of a connection address are allocated from, and deallocated and returned to, the numerically identified port table.
摘要:
In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.
摘要:
Methods and techniques are provided for implementing a queued, asynchronous application programming interface (API) for network communications. According to one embodiment, the API provides (i) a system abstraction representing a connection between a local machine and a remote machine, and (ii) multiple routines accessible to applications for operating on connections. The connections instantiated by applications based upon the system abstraction are capable of providing full duplex communication channels between their respective local machines and remote machines. The routines define operations and parameters to establish, accept, read, write and close the connections.
摘要:
Various embodiments of the present invention provide for immediate allocation of virtual memory on behalf of processes running within a computer system. One or more bit flags within each translation indicate whether or not a corresponding virtual memory page is immediate. READ access to immediate virtual memory is satisfied by hardware-supplied or software-supplied values. WRITE access to immediate virtual memory raises an exception to allow an operating system to allocate physical memory for storing values written to the immediate virtual memory by the WRITE access.
摘要:
A method and system for execution of high performance, multiple-precision multiply-and-add operations that take advantage of native multiply-and-add instruction of modem processors. A careful choice of instruction ordering leads to highly parallelizable groups of instructions, the instructions in each group independent of the results generated by other instructions of the group.