Abstract: Mechanisms for verifying software on a multi-CPU machine are provided, the mechanisms including: using a hardware processor: reordering, in a shared log, a first local CPU event from a local CPU operating on a shared object to be before at least one first prior oracle query corresponding to a prior event from another CPU based on whether the first local CPU event can be reordered with respect to the prior event without changing the multi-CPU machine's behavior with respect to the shared object; merging first consecutive oracle queries including the at least one first prior oracle query in the shared log; and verifying the software based on the merged first consecutive oracle queries.

Abstract: Mechanisms for protecting an application from an untrusted operating system (OS) are provided, the methods including: determining that a virtual address for a page of memory allocated by the untrusted OS for the application belongs to a valid mapping; determining that the page of memory is not already in use; and in response to determining that the virtual address for the page of memory belongs to a valid mapping and determining that the page of memory is not already in use, mapping the page of memory to an enclaved container for the application. Some mechanisms further include unmapping the page of memory from the untrusted OS. In some mechanism, determining that the virtual address for the page of memory belongs to a valid mapping is based on a list of valid mappings for the application.

Abstract: Mechanisms for proving the correctness of software on relaxed memory hardware are provided, the mechanisms comprising: receiving a specification, a hardware model, and an implementation for the software to be executed on the relaxed memory hardware; evaluating the software using a sequentially consistent hardware model; evaluating the software using a relaxed memory hardware model and at least one of the following conditions: a data-race-free (DRF)-kernel condition; a no-barrier-misuse condition; a memory-isolation condition; a transactional-page-table condition; a write-once-kernel-mapping condition; and a weak-memory-isolation condition; and outputting an indication of whether the software is correct based on the evaluating the software using the sequentially consistent hardware model and the evaluating the software using the relaxed memory hardware model.

Abstract: Systems comprising: a memory; and a hardware processor and configured to: execute a hypervisor having a first portion and a second portion, wherein the first portion of the hypervisor executes at a first exception level that allows the first portion to access data of a virtual machine in the hardware processor and the memory, and wherein the second portion of the hypervisor executes at a second exception level that prevents the second portion from accessing the data of the virtual machine in the hardware processor and the memory. Methods comprising: executing a first portion of a hypervisor at a first exception level that allows the first portion to access data of a virtual machine in a hardware processor and memory; and executing a second portion of a hypervisor at a second exception level that prevents the second portion from accessing the data in the hardware processor and the memory.

Abstract: Methods for distributing and providing access to stored content from remote storage comprising: receiving a first request to access a first portion of stored content from a requestor, wherein the first request is in a file system request format; creating a placeholder for the stored content so that the placeholder has at least one parameter identical to the stored content and the placeholder can hold the first portion of the stored content and at least a second portion of the stored content; requesting the first portion of the stored content from remote storage; receiving the first portion of the stored content from the remote storage; storing the first portion of the stored content in the placeholder; and before the second portion of the stored content has been stored in the placeholder, providing the first portion of the stored content to the requestor using a file system response format.

Abstract: Methods for distributing and providing access to stored content from remote storage comprising: receiving a first request to access a first portion of stored content from a requestor, wherein the first request is in a file system request format; creating a placeholder for the stored content so that the placeholder has at least one parameter identical to the stored content and the placeholder can hold the first portion of the stored content and at least a second portion of the stored content; requesting the first portion of the stored content from remote storage; receiving the first portion of the stored content from the remote storage; storing the first portion of the stored content in the placeholder; and before the second portion of the stored content has been stored in the placeholder, providing the first portion of the stored content to the requestor using a file system response format.

Abstract: Methods for distributing and providing access to stored content from remote storage comprising: receiving a first request to access a first portion of stored content from a requestor, wherein the first request is in a file system request format; creating a placeholder for the stored content so that the placeholder has at least one parameter identical to the stored content and the placeholder can hold the first portion of the stored content and at least a second portion of the stored content; requesting the first portion of the stored content from remote storage; receiving the first portion of the stored content from the remote storage; storing the first portion of the stored content in the placeholder; and before the second portion of the stored content has been stored in the placeholder, providing the first portion of the stored content to the requestor using a file system response format.

Abstract: Methods, systems, and media for binary compatible graphics support in mobile operating systems are provided. In some embodiments, binary compatible graphics support can be provided by extending diplomatic functions to perform library-wide prelude and postlude operations in the context of the foreign operating system before and after domestic library usage. In some embodiments, binary compatible graphics support can be provided by using thread impersonation approaches that allow one thread to temporarily take on the persona of another thread to perform some action that may be tread-dependent. In some embodiments, binary compatible graphics support can be provided by using dynamic library replication approaches that load multiple, independent instances of a single library within the same process.

Abstract: Methods for distributing and providing access to stored content from remote storage comprising: receiving a first request to access a first portion of stored content from a requestor, wherein the first request is in a file system request format; creating a placeholder for the stored content so that the placeholder has at least one parameter identical to the stored content and the placeholder can hold the first portion of the stored content and at least a second portion of the stored content; requesting the first portion of the stored content from remote storage; receiving the first portion of the stored content from the remote storage; storing the first portion of the stored content in the placeholder; and before the second portion of the stored content has been stored in the placeholder, providing the first portion of the stored content to the requestor using a file system response format.

Abstract: Methods for distributing and providing access to stored content from remote storage comprising; receiving a first request to access a first portion of stored content from a requestor, wherein the first request is in a file system request format; creating a placeholder for the stored content so that the placeholder has at least one parameter identical to the stored content and the placeholder can hold the first portion of the stored content and at least a second portion of the stored content; requesting the first portion of the stored content from remote storage; receiving the first portion of the stored content from the remote storage; storing the first portion of the stored content in the placeholder; and before the second portion of the stored content has been stored in the placeholder, providing the first portion of the stored content to the requestor using a file system response format.

Abstract: Methods, systems, and media for binary compatibility comprises: receiving, from a foreign application, a function call to at least one surrogate function, wherein the at least one surrogate function is contained in a surrogate library, and wherein the surrogate library corresponds to a foreign library associated with the foreign function call; identifying a domestic function corresponding to the surrogate function; setting a pointer identifying a block of memory that is local to a thread associated with the surrogate function to point to a first portion of memory associated with the domestic function; invoking the identified domestic function; storing values including one or more error codes returned from the invoked domestic function; setting the pointer to point to a second portion of memory associated with the foreign function call; copying the one or more error codes to the second portion of memory; and continuing to execute the foreign application

Abstract: Methods, systems, and media for binary compatible graphics support in mobile operating systems are provided. In some embodiments, binary compatible graphics support can be provided by extending diplomatic functions to perform library-wide prelude and postlude operations in the context of the foreign operating system before and after domestic library usage. In some embodiments, binary compatible graphics support can be provided by using thread impersonation approaches that allow one thread to temporarily take on the persona of another thread to perform some action that may be tread-dependent. In some embodiments, binary compatible graphics support can be provided by using dynamic library replication approaches that load multiple, independent instances of a single library within the same process.

Abstract: Apparatus, systems, and methods can operate to provide efficient data transfer in a peer-to-peer network. A list of peer computers can be accessed and sorted by a data exchange metric. A requester peer is selected by traversing the list from a peer computer with a smallest data exchange metric to a peer computer with a largest data exchange metric to identify a peer computer with a pending data block request, the peer computer with the pending data block request being the requester peer and having an associated data exchange metric. A data block is then transmitted to the requester peer and the data exchange metric associated with the requester peer is updated to provide an updated data exchange metric for the requester peer. The list of peer computers can then be resorted. Additional apparatus, systems, and methods are disclosed.

Abstract: Methods for distributing and providing access to stored content from remote storage comprising; receiving a first request to access a first portion of stored content from a requestor, wherein the first request is in a file system request format; creating a placeholder for the stored content so that the placeholder has at least one parameter identical to the stored content and the placeholder can hold the first portion of the stored content and at least a second portion of the stored content; requesting the first portion of the stored content from remote storage; receiving the first portion of the stored content from the remote storage; storing the first portion of the stored content in the placeholder; and before the second portion of the stored content has been stored in the placeholder, providing the first portion of the stored content to the requestor using a file system response format.

Abstract: Methods, systems; and media for application fault containment are provided. In accordance with some embodiments, a method for application fault containment is provided, the method comprising: determining a plurality of applications associated with a processing device; isolating each of the plurality of applications into an application container; receiving a user selection of one of the plurality of applications; and creating the application container of a container type for the user selected application in response to receiving the user selection; wherein, upon determining that the container type is a persistent container, configuring the created application container to maintain state information across executions of the user selected application, and wherein, upon determining that the container type is an ephemeral container, configuring the created application container to be removed after a single execution of the user selected application.

Abstract: Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.

Abstract: A method for recording and replaying execution of an application running on a computer system using a program module is provided. The method includes recording events which result from the execution of the application including a non-deterministic event, wherein the program module deterministically records the non-deterministic event, saving the recorded events for deterministic replay of the recorded execution, restoring the saved recorded events, and deterministically replaying the recorded execution of the application.

Abstract: Methods, media and systems for managing a distributed application running in a plurality of digital processing devices are provided. In some embodiments, a method includes running one or more processes associated with the distributed application in virtualized operating system environments on a plurality of digital processing devices, suspending the one or more processes, and saving network state information relating to network connections among the one or more processes. The method further include storing process information relating to the one or more processes, recreating the network connections using the saved network state information, and restarting the one or more processes using the stored process information.

Abstract: Methods, systems; and media for application fault containment are provided. In accordance with some embodiments, a method for application fault containment is provided, the method comprising: determining a plurality of applications associated with a processing device; isolating each of the plurality of applications into an application container; receiving a user selection of one of the plurality of applications; and creating the application container of a container type for the user selected application in response to receiving the user selection; wherein, upon determining that the container type is a persistent container, configuring the created application container to maintain state information across executions of the user selected application, and wherein, upon determining that the container type is an ephemeral container, configuring the created application container to be removed after a single execution of the user selected application.

Abstract: Systems for recording, searching, and outputting display information are provided. In some embodiments, systems for recording display information are provided. The systems include a virtual display that: intercepts display-changes describing changes to be made to a state of a display; sends the display-changes to a client for display; records the display-changes; and a context recorder that records context information describing a state of the display derived from a source independently of the display changes and independently of screen-images. In some embodiments, the systems further include a display system that generates an output screen-image based at least in part on at least one of the display-changes and in response to a search of the context information. In some embodiments, the virtual display further records screen-images; and the display system further generates the output screen-image based at least in part on a recorded-screen-image of the recorded screen-images.