公开(公告)号：US20120102567A1

公开(公告)日：2012-04-26

申请号：US13341277

申请日：2011-12-30

申请人： Nedim Fresko ,  Richard D. Tuck ,  Dean R.E. Long

发明人： Nedim Fresko ,  Richard D. Tuck ,  Dean R.E. Long

IPC分类号： G06F21/00 ,  G06F9/455

CPC分类号： G06F9/445

摘要： A hybrid system is provided. The system includes a computing device implementing a first application execution environment (AEE) and a second AEE. The first AEE is configured to be isolated from the second AEE. The first software application associated with the first AEE is configured to be processed on the first AEE such that the first software application is denied direct access to the second AEE. A second software application associated with the second AEE is configured to be processed on the second AEE such that the second software application is denied direct access to the first AEE.

摘要翻译： 提供混合系统。 该系统包括实现第一应用执行环境（AEE）和第二AEE的计算设备。 第一个AEE配置为与第二个AEE隔离。 与第一AEE相关联的第一软件应用被配置为在第一AEE处理，使得第一软件应用被拒绝直接访问第二AEE。 与第二AEE相关联的第二软件应用被配置为在第二AEE上被处理，使得第二软件应用被拒绝直接访问第一AEE。

公开(公告)号：US08104085B2

公开(公告)日：2012-01-24

申请号：US10877410

申请日：2004-06-24

申请人： Nedim Fresko ,  Richard D. Tuck ,  Dean R. E. Long

发明人： Nedim Fresko ,  Richard D. Tuck ,  Dean R. E. Long

IPC分类号： G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F9/44

CPC分类号： G06F9/445

摘要： A hybrid system is provided. The system includes a computing device implementing a first application execution environment (AEE) and a second AEE. The first AEE is configured to be isolated from the second AEE. The first software application associated with the first AEE is configured to be processed on the first AEE such that the first software application is denied direct access to the second AEE. A second software application associated with the second AEE is configured to be processed on the second AEE such that the second software application is denied direct access to the first AEE.

摘要翻译： 提供混合系统。 该系统包括实现第一应用执行环境（AEE）和第二AEE的计算设备。 第一个AEE配置为与第二个AEE隔离。 与第一AEE相关联的第一软件应用被配置为在第一AEE处理，使得第一软件应用被拒绝直接访问第二AEE。 与第二AEE相关联的第二软件应用被配置为在第二AEE上进行处理，使得第二软件应用被拒绝直接访问第一AEE。

公开(公告)号：US08756681B2

公开(公告)日：2014-06-17

申请号：US13341277

申请日：2011-12-30

申请人： Nedim Fresko ,  Richard D. Tuck ,  Dean R. E. Long

发明人： Nedim Fresko ,  Richard D. Tuck ,  Dean R. E. Long

IPC分类号： G06F21/00

CPC分类号： G06F9/445

摘要： A hybrid system is provided. The system includes a computing device implementing a first application execution environment (AEE) and a second AEE. The first AEE is configured to be isolated from the second AEE. The first software application associated with the first AEE is configured to be processed on the first AEE such that the first software application is denied direct access to the second AEE. A second software application associated with the second AEE is configured to be processed on the second AEE such that the second software application is denied direct access to the first AEE.

摘要翻译： 提供混合系统。 该系统包括实现第一应用执行环境（AEE）和第二AEE的计算设备。 第一个AEE配置为与第二个AEE隔离。 与第一AEE相关联的第一软件应用被配置为在第一AEE处理，使得第一软件应用被拒绝直接访问第二AEE。 与第二AEE相关联的第二软件应用被配置为在第二AEE上被处理，使得第二软件应用被拒绝直接访问第一AEE。

公开(公告)号：US06978448B1

公开(公告)日：2005-12-20

申请号：US09841759

申请日：2001-04-24

申请人： Christopher J. Plummer ,  Nedim Fresko ,  Richard D. Tuck

发明人： Christopher J. Plummer ,  Nedim Fresko ,  Richard D. Tuck

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06F8/443 ,  G06F9/4488

摘要： Methods and apparatus for reducing the number of runtime checks performed during the execution of a virtual machine. According to one aspect of the present invention, a computer system includes a preloader, a compiler, and a virtual machine. The preloader is arranged to determine whether a bytecode makes an active reference to a class which requires an execution of a static initializer, and is also arranged to determine if the class has a superclass which requires the execution of the static initializer. The compiler is arranged to accept a source file generated by the preloader as input and to produce an object file, and the virtual machine is arranged to execute the object file.

摘要翻译： 用于减少在执行虚拟机期间执行的运行时检查的数量的方法和装置。 根据本发明的一个方面，计算机系统包括预加载器，编译器和虚拟机。 预加载器被布置成确定字节码是否对需要执行静态初始化器的类进行活动引用，并且还被布置为确定该类是否具有需要执行静态初始化器的超类。 编译器被安排为接受由预加载器生成的源文件作为输入并产生目标文件，虚拟机被安排为执行目标文件。

公开(公告)号：US08943601B1

公开(公告)日：2015-01-27

申请号：US11408127

申请日：2006-04-20

申请人： Roman A. Zelov ,  Alexey S. Popov ,  Vladimir V. Sizikov ,  Nedim Fresko ,  Roger S. Riggs

发明人： Roman A. Zelov ,  Alexey S. Popov ,  Vladimir V. Sizikov ,  Nedim Fresko ,  Roger S. Riggs

IPC分类号： G06F7/04 ,  G06F21/10 ,  G11B20/00

CPC分类号： G06F21/10 ,  G06F21/6236 ,  G11B20/00086

摘要： One embodiment of the present invention provides a system that executes an application designed for one application framework in a different application framework. First, the system receives an application designed to operate in the first application framework. The system determines a first set of security permissions used by the application in the first application framework, and maps these security permissions into a second set of security permissions associated with the second application framework. The system then configures the second application framework to provide the second set of security permissions. These steps allow the application to execute transparently in the second application framework with substantially similar security behavior as in the first application framework.

摘要翻译： 本发明的一个实施例提供一种在不同的应用框架中执行为一个应用框架设计的应用的系统。 首先，系统接收设计为在第一应用框架中运行的应用程序。 系统确定应用程序在第一个应用程序框架中使用的第一组安全权限，并将这些安全权限映射到与第二个应用程序框架相关联的第二组安全权限。 然后系统配置第二个应用程序框架以提供第二组安全权限。 这些步骤允许应用程序在第二应用程序框架中透明地执行与第一应用程序框架中具有基本相似的安全性行为。

公开(公告)号：US08769250B2

公开(公告)日：2014-07-01

申请号：US12554595

申请日：2009-09-04

申请人： Nedim Fresko ,  Dean R. Long ,  Jiangli Zhou

发明人： Nedim Fresko ,  Dean R. Long ,  Jiangli Zhou

IPC分类号： G06F9/00

CPC分类号： G06F12/145 ,  G06F11/3636 ,  G06F12/109 ,  G06F2212/1012 ,  G06F2212/656

摘要： In general, the invention relates to a method. The method includes receiving notification, which includes context information, of a trap. The method further includes accessing, based at least partially upon the context information, a particular instruction that caused the trap, determining, based at least partially upon the context information, a particular address that is to be accessed by the particular instruction, updating a set of log information to indicate accessing of the particular address, causing subsequent accesses of the particular address to not give rise to a trap, after causing subsequent accesses of the particular address to not give rise to a trap, accessing the particular address, after accessing the particular address, causing subsequent accesses of the particular address to give rise to a trap, and causing the particular instruction to not be executed.

摘要翻译： 通常，本发明涉及一种方法。 该方法包括接收陷阱的通知，其包括上下文信息。 该方法还包括至少部分地基于上下文信息访问引起陷阱的特定指令，至少部分地基于上下文信息确定特定指令要访问的特定地址，更新集合 的日志信息以指示特定地址的访问，导致特定地址的后续访问不引起陷阱，在使特定地址的后续访问不引起陷阱，访问特定地址之后，在访问特定地址之后 特定地址，引起特定地址的后续访问以产生陷阱，并使特定指令不被执行。

公开(公告)号：US20110145358A1

公开(公告)日：2011-06-16

申请号：US12974748

申请日：2010-12-21

申请人： Erez Landau ,  Dean R. E. Long ,  Nedim Fresko

发明人： Erez Landau ,  Dean R. E. Long ,  Nedim Fresko

IPC分类号： G06F15/167 ,  G06F12/08

CPC分类号： G06F9/44563

摘要： Techniques are disclosed for sharing programmatic modules among isolated virtual machines. A master JVM process loads data from a programmatic module, storing certain elements of that data into its private memory region, and storing other elements of that data into a “read-only” area of a shareable memory region. The master JVM process copies loaded data from its private memory region into a “read/write” area of the shareable memory region. Instead of re-loading the data from the programmatic module, other JVM processes map to the read-only area and also copy the loaded data from the read/write area into their own private memory regions. The private memory areas of all of the JVM processes begin at the same virtual memory address, so references between read-only data and copied data are preserved correctly. As a result, multiple JVM processes start up faster, and memory is conserved by avoiding the redundant storage of shareable data.

摘要翻译： 公开了用于在隔离的虚拟机之间共享程序化模块的技术。 主JVM进程从编程模块加载数据，将该数据的某些元素存储到其专用存储器区域中，并将该数据的其他元素存储到可共享存储器区域的“只读”区域中。 主JVM进程将加载的数据从其专用存储器区域复制到可共享内存区域的“读/写”区域。 代替从编程模块重新加载数据，其他JVM进程映射到只读区域，并将加载的数据从读/写区域复制到其自己的专用存储器区域中。 所有JVM进程的专用内存区域都从同一个虚拟内存地址开始，因此只读数据和复制的数据之间的引用被正确保存。 因此，多个JVM进程启动速度更快，并且通过避免可共享数据的冗余存储来节省内存。

公开(公告)号：US07647586B2

公开(公告)日：2010-01-12

申请号：US10918131

申请日：2004-08-13

申请人： Dean R. E. Long ,  Christopher J. Plummer ,  Nedim Fresko

发明人： Dean R. E. Long ,  Christopher J. Plummer ,  Nedim Fresko

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06F9/45504 ,  G06F11/3644

摘要： A system and method for providing exceptional flow control in protected code through watchpoints is described. Code is generated. The generated code includes a sequence of normal operations and is subject to protection against copying during execution of the generated code. Execution points within the generated code are identified. A watchpoint corresponding to each of the execution points is set. An exception handler associated with each watchpoint is defined and includes operations exceptional to the normal operations sequence that are performed upon a triggering of each watchpoint during execution of the generated code.

摘要翻译： 描述了通过观察点在保护代码中提供异常流控制的系统和方法。 代码生成。 生成的代码包括正常操作的顺序，并且在执行生成的代码期间受到保护以防止复制。 识别生成代码内的执行点。 设置与各执行点对应的观察点。 定义与每个观察点相关联的异常处理程序，并且包括在执行生成的代码期间触发每个观察点时执行的正常操作序列的操作异常。

公开(公告)号：US20060037004A1

公开(公告)日：2006-02-16

申请号：US10918131

申请日：2004-08-13

申请人： Dean Long ,  Christopher Plummer ,  Nedim Fresko

发明人： Dean Long ,  Christopher Plummer ,  Nedim Fresko

IPC分类号： G06F9/44

CPC分类号： G06F9/45504 ,  G06F11/3644

摘要： A system and method for providing exceptional flow control in protected code through watchpoints is described. Code is generated. The generated code includes a sequence of normal operations and is subject to protection against copying during execution of the generated code. Execution points within the generated code are identified. A watchpoint corresponding to each of the execution points is set. An exception handler associated with each watchpoint is defined and includes operations exceptional to the normal operations sequence that are performed upon a triggering of each watchpoint during execution of the generated code.

摘要翻译： 描述了通过观察点在保护代码中提供异常流控制的系统和方法。 代码生成。 生成的代码包括正常操作的顺序，并且在执行生成的代码期间受到保护以防止复制。 识别生成代码内的执行点。 设置与各执行点对应的观察点。 定义与每个观察点相关联的异常处理程序，并且包括在执行生成的代码期间触发每个观察点时执行的正常操作序列的操作异常。

公开(公告)号：US20050138623A1

公开(公告)日：2005-06-23

申请号：US10745018

申请日：2003-12-22

申请人： Nedim Fresko

发明人： Nedim Fresko

IPC分类号： G06F11/34 ,  G06F9/48 ,  G06F9/46

CPC分类号： G06F9/4843

摘要： A system and method for dynamically and persistently tracking incremental profiling data in a process cloning application environment is presented. A master runtime system process is executed. A memory space of the master runtime system process is cloned as a child runtime system process responsive to a process request. The child runtime system process is executed. The execution of the child runtime system process is profiled by collecting profiling data incrementally. The child runtime system process profiles are fed back to the master runtime system process to benefit subsequent cloned child runtime system processes. In a further embodiment, the child runtime system process profiles are maintained in a persistent storage for use by the master runtime system process upon the next start up.

摘要翻译： 介绍了一种用于在过程克隆应用程序环境中动态和持续跟踪增量分析数据的系统和方法。 执行主运行时系统进程。 主运行时系统进程的内存空间作为响应于进程请求的子运行时系统进程而被克隆。 执行子运行系统进程。 通过逐步收集分析数据来分析子运行时系统进程的执行情况。 将子运行时系统进程配置文件反馈到主运行时系统进程，以便受益于后续克隆的子系统进程。 在进一步的实施例中，子运行时系统进程简档被保存在永久存储器中以供下一次启动时的主运行时系统进程使用。