摘要:
Methods and apparatus for implementing modes of operation of computing device are disclosed. An example apparatus includes a mode-selection input device having a first state and a second state. The example apparatus also includes firmware operably coupled with the mode-selection input device. In the example apparatus, when the mode-selection input device is in the first state, the firmware is configured to cause the computing device to operate in a first mode of operation, a user mode. In the example apparatus, when the mode-selection input device is in the second state, the firmware is configured to cause the computing device to operate in second mode of operation, a developer mode.
摘要:
Methods and apparatus for implementing modes of operation of computing device are disclosed. An example apparatus includes a mode-selection input device having a first state and a second state. The example apparatus also includes firmware operably coupled with the mode-selection input device. In the example apparatus, when the mode-selection input device is in the first state, the firmware is configured to cause the computing device to operate in a first mode of operation, a user mode. In the example apparatus, when the mode-selection input device is in the second state, the firmware is configured to cause the computing device to operate in second mode of operation, a developer mode.
摘要:
One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application.
摘要:
Some embodiments provide a system that executes a web application. During operation, the system loads the web application in a web browser and loads a native code module associated with the web application into a secure runtime environment. Next, the system provides input data associated with the web application to the native code module and processes the input data using the native code module to obtain output data. Finally, the system provides the output data to the web application for use by the web application.
摘要:
Some embodiments of the present invention provide a system that renders graphics in a computing system that includes a plugin associated with a web browser in the computing system and a web application configured to execute in the web browser. During operation, the web application specifies a graphics model and provides the graphics model to the plugin. Next, the plugin generates a graphics-processing unit (GPU) command stream from the graphics model. Finally, the plugin sends the GPU command stream to a GPU of the computing system, which renders an image corresponding to the graphics model.
摘要:
A system that validates a native code module. During operation, the system receives a native code module comprised of untrusted native program code. The system validates the native code module by: (1) determining that code in the native code module does not include any restricted instructions and/or does not access restricted features of a computing device; and (2) determining that the instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and control flow instructions have valid targets. The system allows successfully-validated native code modules to execute, and rejects native code modules that fail validation. By validating the native code module, the system facilitates safely executing the native code module in the secure runtime environment on the computing device, thereby achieving native code performance for untrusted program binaries without significant risk of unwanted side effects.
摘要:
A graphics pipeline including a rasterizing stage producing diffuse color values; a plurality of texture stages producing texture values defining a particular texture; a combiner stage for combining four of a plurality of selectable input values including diffuse color values, texture values furnished by a plurality of texture stages, and proportions for combination of the selectable input values; the combiner stage being capable of providing a result equivalent to a sum of products of any two sets of input values, and a product of two input values.
摘要:
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for preserving code safety of application code that is received in a portable, instruction-set-neutral format. One aspect of the subject matter described in this specification can be embodied in methods that include the actions of receiving a portable code file that is implemented in an instruction-set-neutral and source code independent format; translating the portable code file into native object code for execution on a particular instruction set architecture; generating a native executable for the particular instruction set architecture using the native object code; and validation the native executable using a trusted validator prior to execution of the native executable.
摘要:
A system includes a service registry (SR) including respective entries for service modules (SM), each entry including data identifying the respective SM and at least one system service (SS) provided by the respective SM, a secure runtime environment (SRE) to execute a first native code module (NCM) according to a first security policy (SP) that specifies permissions for the first NCM to access a SS, and a discovery service (DS) to receive a request for access to a first SS from the first NCM, examine entries of the SR to identify a first SM that provides the first SS, examine the first SP to determine whether the first SP restricts access to the first SS from the first NCM, and select the first SM to provide the first system service to the first NCM if the first SP does not restrict access to the first SS from the first NCM.
摘要:
One embodiment provides a system that facilitates the execution of a web application. During operation, the system loads a native code module that includes a scenegraph renderer into a secure runtime environment. Next, the system uses the scenegraph renderer to create a scenegraph from a graphics model associated with the web application and generate a set of rendering commands from the scenegraph. The system then writes the rendering commands to a command buffer and reads the rendering commands from the command buffer. Finally, the system uses the rendering commands to render, for the web application, an image corresponding to the graphics model by executing the rendering commands using a graphics-processing unit (GPU).