公开(公告)号：US08943601B1

公开(公告)日：2015-01-27

申请号：US11408127

申请日：2006-04-20

申请人： Roman A. Zelov ,  Alexey S. Popov ,  Vladimir V. Sizikov ,  Nedim Fresko ,  Roger S. Riggs

发明人： Roman A. Zelov ,  Alexey S. Popov ,  Vladimir V. Sizikov ,  Nedim Fresko ,  Roger S. Riggs

IPC分类号： G06F7/04 ,  G06F21/10 ,  G11B20/00

CPC分类号： G06F21/10 ,  G06F21/6236 ,  G11B20/00086

摘要： One embodiment of the present invention provides a system that executes an application designed for one application framework in a different application framework. First, the system receives an application designed to operate in the first application framework. The system determines a first set of security permissions used by the application in the first application framework, and maps these security permissions into a second set of security permissions associated with the second application framework. The system then configures the second application framework to provide the second set of security permissions. These steps allow the application to execute transparently in the second application framework with substantially similar security behavior as in the first application framework.

摘要翻译： 本发明的一个实施例提供一种在不同的应用框架中执行为一个应用框架设计的应用的系统。 首先，系统接收设计为在第一应用框架中运行的应用程序。 系统确定应用程序在第一个应用程序框架中使用的第一组安全权限，并将这些安全权限映射到与第二个应用程序框架相关联的第二组安全权限。 然后系统配置第二个应用程序框架以提供第二组安全权限。 这些步骤允许应用程序在第二应用程序框架中透明地执行与第一应用程序框架中具有基本相似的安全性行为。

公开(公告)号：US08769250B2

公开(公告)日：2014-07-01

申请号：US12554595

申请日：2009-09-04

申请人： Nedim Fresko ,  Dean R. Long ,  Jiangli Zhou

发明人： Nedim Fresko ,  Dean R. Long ,  Jiangli Zhou

IPC分类号： G06F9/00

CPC分类号： G06F12/145 ,  G06F11/3636 ,  G06F12/109 ,  G06F2212/1012 ,  G06F2212/656

摘要： In general, the invention relates to a method. The method includes receiving notification, which includes context information, of a trap. The method further includes accessing, based at least partially upon the context information, a particular instruction that caused the trap, determining, based at least partially upon the context information, a particular address that is to be accessed by the particular instruction, updating a set of log information to indicate accessing of the particular address, causing subsequent accesses of the particular address to not give rise to a trap, after causing subsequent accesses of the particular address to not give rise to a trap, accessing the particular address, after accessing the particular address, causing subsequent accesses of the particular address to give rise to a trap, and causing the particular instruction to not be executed.

摘要翻译： 通常，本发明涉及一种方法。 该方法包括接收陷阱的通知，其包括上下文信息。 该方法还包括至少部分地基于上下文信息访问引起陷阱的特定指令，至少部分地基于上下文信息确定特定指令要访问的特定地址，更新集合 的日志信息以指示特定地址的访问，导致特定地址的后续访问不引起陷阱，在使特定地址的后续访问不引起陷阱，访问特定地址之后，在访问特定地址之后 特定地址，引起特定地址的后续访问以产生陷阱，并使特定指令不被执行。

公开(公告)号：US08104085B2

公开(公告)日：2012-01-24

申请号：US10877410

申请日：2004-06-24

申请人： Nedim Fresko ,  Richard D. Tuck ,  Dean R. E. Long

发明人： Nedim Fresko ,  Richard D. Tuck ,  Dean R. E. Long

IPC分类号： G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F9/44

CPC分类号： G06F9/445

摘要： A hybrid system is provided. The system includes a computing device implementing a first application execution environment (AEE) and a second AEE. The first AEE is configured to be isolated from the second AEE. The first software application associated with the first AEE is configured to be processed on the first AEE such that the first software application is denied direct access to the second AEE. A second software application associated with the second AEE is configured to be processed on the second AEE such that the second software application is denied direct access to the first AEE.

摘要翻译： 提供混合系统。 该系统包括实现第一应用执行环境（AEE）和第二AEE的计算设备。 第一个AEE配置为与第二个AEE隔离。 与第一AEE相关联的第一软件应用被配置为在第一AEE处理，使得第一软件应用被拒绝直接访问第二AEE。 与第二AEE相关联的第二软件应用被配置为在第二AEE上进行处理，使得第二软件应用被拒绝直接访问第一AEE。

公开(公告)号：US20110145358A1

公开(公告)日：2011-06-16

申请号：US12974748

申请日：2010-12-21

申请人： Erez Landau ,  Dean R. E. Long ,  Nedim Fresko

发明人： Erez Landau ,  Dean R. E. Long ,  Nedim Fresko

IPC分类号： G06F15/167 ,  G06F12/08

CPC分类号： G06F9/44563

摘要： Techniques are disclosed for sharing programmatic modules among isolated virtual machines. A master JVM process loads data from a programmatic module, storing certain elements of that data into its private memory region, and storing other elements of that data into a “read-only” area of a shareable memory region. The master JVM process copies loaded data from its private memory region into a “read/write” area of the shareable memory region. Instead of re-loading the data from the programmatic module, other JVM processes map to the read-only area and also copy the loaded data from the read/write area into their own private memory regions. The private memory areas of all of the JVM processes begin at the same virtual memory address, so references between read-only data and copied data are preserved correctly. As a result, multiple JVM processes start up faster, and memory is conserved by avoiding the redundant storage of shareable data.

摘要翻译： 公开了用于在隔离的虚拟机之间共享程序化模块的技术。 主JVM进程从编程模块加载数据，将该数据的某些元素存储到其专用存储器区域中，并将该数据的其他元素存储到可共享存储器区域的“只读”区域中。 主JVM进程将加载的数据从其专用存储器区域复制到可共享内存区域的“读/写”区域。 代替从编程模块重新加载数据，其他JVM进程映射到只读区域，并将加载的数据从读/写区域复制到其自己的专用存储器区域中。 所有JVM进程的专用内存区域都从同一个虚拟内存地址开始，因此只读数据和复制的数据之间的引用被正确保存。 因此，多个JVM进程启动速度更快，并且通过避免可共享数据的冗余存储来节省内存。

公开(公告)号：US07647586B2

公开(公告)日：2010-01-12

申请号：US10918131

申请日：2004-08-13

申请人： Dean R. E. Long ,  Christopher J. Plummer ,  Nedim Fresko

发明人： Dean R. E. Long ,  Christopher J. Plummer ,  Nedim Fresko

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06F9/45504 ,  G06F11/3644

摘要： A system and method for providing exceptional flow control in protected code through watchpoints is described. Code is generated. The generated code includes a sequence of normal operations and is subject to protection against copying during execution of the generated code. Execution points within the generated code are identified. A watchpoint corresponding to each of the execution points is set. An exception handler associated with each watchpoint is defined and includes operations exceptional to the normal operations sequence that are performed upon a triggering of each watchpoint during execution of the generated code.

摘要翻译： 描述了通过观察点在保护代码中提供异常流控制的系统和方法。 代码生成。 生成的代码包括正常操作的顺序，并且在执行生成的代码期间受到保护以防止复制。 识别生成代码内的执行点。 设置与各执行点对应的观察点。 定义与每个观察点相关联的异常处理程序，并且包括在执行生成的代码期间触发每个观察点时执行的正常操作序列的操作异常。

公开(公告)号：US20060037004A1

公开(公告)日：2006-02-16

申请号：US10918131

申请日：2004-08-13

申请人： Dean Long ,  Christopher Plummer ,  Nedim Fresko

发明人： Dean Long ,  Christopher Plummer ,  Nedim Fresko

IPC分类号： G06F9/44

CPC分类号： G06F9/45504 ,  G06F11/3644

摘要： A system and method for providing exceptional flow control in protected code through watchpoints is described. Code is generated. The generated code includes a sequence of normal operations and is subject to protection against copying during execution of the generated code. Execution points within the generated code are identified. A watchpoint corresponding to each of the execution points is set. An exception handler associated with each watchpoint is defined and includes operations exceptional to the normal operations sequence that are performed upon a triggering of each watchpoint during execution of the generated code.

摘要翻译： 描述了通过观察点在保护代码中提供异常流控制的系统和方法。 代码生成。 生成的代码包括正常操作的顺序，并且在执行生成的代码期间受到保护以防止复制。 识别生成代码内的执行点。 设置与各执行点对应的观察点。 定义与每个观察点相关联的异常处理程序，并且包括在执行生成的代码期间触发每个观察点时执行的正常操作序列的操作异常。

公开(公告)号：US20050138623A1

公开(公告)日：2005-06-23

申请号：US10745018

申请日：2003-12-22

申请人： Nedim Fresko

发明人： Nedim Fresko

IPC分类号： G06F11/34 ,  G06F9/48 ,  G06F9/46

CPC分类号： G06F9/4843

摘要： A system and method for dynamically and persistently tracking incremental profiling data in a process cloning application environment is presented. A master runtime system process is executed. A memory space of the master runtime system process is cloned as a child runtime system process responsive to a process request. The child runtime system process is executed. The execution of the child runtime system process is profiled by collecting profiling data incrementally. The child runtime system process profiles are fed back to the master runtime system process to benefit subsequent cloned child runtime system processes. In a further embodiment, the child runtime system process profiles are maintained in a persistent storage for use by the master runtime system process upon the next start up.

摘要翻译： 介绍了一种用于在过程克隆应用程序环境中动态和持续跟踪增量分析数据的系统和方法。 执行主运行时系统进程。 主运行时系统进程的内存空间作为响应于进程请求的子运行时系统进程而被克隆。 执行子运行系统进程。 通过逐步收集分析数据来分析子运行时系统进程的执行情况。 将子运行时系统进程配置文件反馈到主运行时系统进程，以便受益于后续克隆的子系统进程。 在进一步的实施例中，子运行时系统进程简档被保存在永久存储器中以供下一次启动时的主运行时系统进程使用。

公开(公告)号：US06658492B1

公开(公告)日：2003-12-02

申请号：US09045508

申请日：1998-03-20

申请人： Hideya Kawahara ,  Nedim Fresko

发明人： Hideya Kawahara ,  Nedim Fresko

IPC分类号： G06F900

CPC分类号： G06F9/44573

摘要： A method and system that reduces the space allocated for internal data structures by a runtime engine. The internal data structures store member information for preloaded classes used by applications executed by the runtime engine. The system determines the different types of internal data structures represented in the classes and identifies thee possible values of each type's members. The system next determines the amount of space required to store the values for each type in a respective value table and the number of bits needed to index each entry of that table. The system determines based on the stored information whether occurrences of a member are optimally represented as a set of value table indices and a value table or, in the conventional manner, as a general variable that stores the member's value for each occurrence. The system then emits appropriate information for the member and its parent data structure.

摘要翻译： 减少由运行时引擎分配给内部数据结构的空间的方法和系统。 内部数据结构存储由运行时引擎执行的应用程序使用的预加载类的成员信息。 系统确定类中表示的不同类型的内部数据结构，并标识每种类型成员的可能值。 系统接下来确定在各个值表中存储每种类型的值所需的空间量以及索引该表的每个条目所需的位数。 系统基于所存储的信息确定成员的出现是否被最佳地表示为一组价值表索引和价值表，或者以常规方式作为存储每次出现的会员价值的一般变量。 然后系统会为该成员及其父数据结构发出适当的信息。

公开(公告)号：US5835958A

公开(公告)日：1998-11-10

申请号：US740445

申请日：1996-10-29

申请人： Dean R. E. Long ,  Alan G. Bishop ,  Nedim Fresko

发明人： Dean R. E. Long ,  Alan G. Bishop ,  Nedim Fresko

IPC分类号： G06F9/45 ,  G06F9/40 ,  G06F9/42 ,  G06F12/00

CPC分类号： G06F9/4426 ,  G06F9/4425 ,  Y10S707/99953 ,  Y10S707/99956

摘要： A method, apparatus, and software for efficiently allocating discontiguous stack space without requiring compiler changes are described. In one aspect, a method is provided for executing a compiled function that is located in a first computer memory stack chunk such that additional memory is allocated efficiently if a determination is made that such additional memory is necessary for execution of the compiled function. In one embodiment, the method includes calling a stack checking function that includes the compiled function. A determination is made if additional memory is required for executing the compiled function. If no additional memory is required, then the compiled function is called and executed. However, if additional memory is necessary, then additional memory is allocated that is discontiguous with the original memory stack.

摘要翻译： 描述用于有效地分配不连续栈空间而不需要编译器改变的方法，装置和软件。 在一个方面，提供了一种用于执行位于第一计算机存储器堆栈块中的编译功能的方法，使得如果确定这样的附加存储器对于编译的功能的执行是必需的，则附加存储器被有效地分配。 在一个实施例中，该方法包括调用包括编译功能的堆栈检查功能。 确定执行编译功能需要额外的内存。 如果不需要额外的内存，则调用并执行已编译的函数。 但是，如果需要额外的内存，则分配与原始内存堆栈不相关的附加内存。

公开(公告)号：US08881057B2

公开(公告)日：2014-11-04

申请号：US12974376

申请日：2010-12-21

申请人： Robert Mori ,  Curtis Jyun Sasaki ,  Bradley Michael Marks ,  Siamak Sartipi ,  Bhavuk Kaul ,  Nedim Fresko ,  Carol C. Wu

发明人： Robert Mori ,  Curtis Jyun Sasaki ,  Bradley Michael Marks ,  Siamak Sartipi ,  Bhavuk Kaul ,  Nedim Fresko ,  Carol C. Wu

IPC分类号： G06F3/048 ,  H04M1/725 ,  G06F3/0481

CPC分类号： H04M1/72583 ,  G06F3/0481 ,  H04M1/72569 ,  H04M1/72572

摘要： Example methods and apparatus to display mobile device contexts are disclosed. An example method includes displaying a first context in a user interface of a mobile device based on first device platform information, the first context including a first arrangement of information, graphics, and application icons that are associated with the first device platform information, determining that second device platform information received after the first device platform information corresponds to a second context, the second context being different from the first context and including a second arrangement of information, graphics, and applications that are associated with the second device platform information, and displaying the second context in the user interface replacing the first context without prompting a user of the mobile device.

摘要翻译： 公开了显示移动设备上下文的示例性方法和装置。 一种示例性方法包括基于第一设备平台信息在移动设备的用户界面中显示第一上下文，第一上下文包括与第一设备平台信息相关联的信息，图形和应用程序图标的第一布置，确定 在第一设备平台信息对应于第二上下文之后接收的第二设备平台信息，第二上下文不同于第一上下文，并且包括与第二设备平台信息相关联的信息，图形和应用的第二布置，并且显示 用户界面中的第二上下文替换第一上下文而不提示移动设备的用户。