Abstract: Generally discussed herein are devices, systems, and methods for software memory tagging that provides buffer overflow protection. A method can include responsive to a memory write operation to write data to a heap of a memory, identifying a first tag value associated with a first address of the memory write operation in the bit map, comparing, for each address after the first address affected by the memory write operation, respective tag values in a bit map of the memory to the identified first tag value, and halting execution of the application if any of the respective tag values do not match the first tag value.

Abstract: Generally discussed herein are devices, systems, and methods for software memory tagging that provides buffer overflow protection. A method can include responsive to a memory write operation to write data to a heap of a memory, identifying a first tag value associated with a first address of the memory write operation in the bit map, comparing, for each address after the first address affected by the memory write operation, respective tag values in a bit map of the memory to the identified first tag value, and halting execution of the application if any of the respective tag values do not match the first tag value.

Abstract: A method of memory deallocation across a trust boundary between a first software component and a second software component is described. Some memory is shared between the first and second software components. An in-memory message passing facility is implemented using the shared memory. The first software component is used to deallocate memory from the shared memory which has been allocated by the second software component. The deallocation is done by: taking at least one allocation to be freed from the message passing facility; and freeing the at least one allocation using a local deallocation mechanism while validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory.

Abstract: A method of memory deallocation across a trust boundary between a first software component and a second software component is described. Some memory is shared between the first and second software components. An in-memory message passing facility is implemented using the shared memory. The first software component is used to deallocate memory from the shared memory which has been allocated by the second software component. The deallocation is done by: taking at least one allocation to be freed from the message passing facility; and freeing the at least one allocation using a local deallocation mechanism while validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory.

Abstract: Generally discussed herein are devices, systems, and methods for software memory tagging that provides buffer overflow protection. A method can include responsive to a memory write operation to write data to a heap of a memory, identifying a first tag value associated with a first address of the memory write operation in the bit map, comparing, for each address after the first address affected by the memory write operation, respective tag values in a bit map of the memory to the identified first tag value, and halting execution of the application if any of the respective tag values do not match the first tag value.

Abstract: A method of manual memory management is described which comprises enabling one or more threads to access an object created in a manual heap by storing a reference to the object in thread-local state and subsequently deleting the stored reference after accessing the object. In response to abandonment of the object, an identifier for the object and a current value of either a local counter of a thread or a global counter are stored in a delete queue and all threads are prevented from storing any further references to the object in thread-local state. Deallocation of the object only occurs when all references to the object stored in thread-local state for any threads have been deleted and a current value of the local counter for the thread or the global counter has incremented to a value that is at least a pre-defined amount more than the stored value, wherein the global counter is updated using one or more local counters.

Abstract: A method of memory deallocation across a trust boundary between a first software component and a second software component is described. Some memory is shared between the first and second software components. An in-memory message passing facility is implemented using the shared memory. The first software component is used to deallocate memory from the shared memory which has been allocated by the second software component. The deallocation is done by: taking at least one allocation to be freed from the message passing facility; and freeing the at least one allocation using a local deallocation mechanism while validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory.

Abstract: A method of operating a computer according to an actor model, the method comprising: defining a plurality of actors, each taking form of a data structure comprising respective data and one or more respective functions for operating on the respective data; generating a wrapped message to be transmitted from a transmitting actor to multiple recipient actors, the wrapped message comprising at least one constituent message, a sorted list of the recipient actors, and an index indicating an entry in the list, the index initially being set to indicate the first recipient actor in the list; transmitting the wrapped message from the transmitting actor to the first recipient actor in the list; each of the recipient actors, except the last in the list, upon receiving the wrapped message, advancing the index and forwarding the wrapped message to the next actor in the list as indicated by the advanced index.

Abstract: In various examples, there is a computer-implemented method for providing packages for processing on a computer system. The method creates a secure connection to an enclave and retrieves a quote to verify that the enclave is genuine and that it contains a predetermined process. The predetermined process is configured to create an enclave for itself and determine that an initial state of the computer system is equivalent to a predetermined state based on a quote retrieved from a security module. The predetermined process is further configured to receive a package to be processed by the computer system and cause the processor to process the package outside of the enclave. In response to verifying the enclave, the method provides a package to be processed by the computer system.

Abstract: A method of operating a computer according to an actor model, the method comprising: defining a plurality of actors, each taking form of a data structure comprising respective data and one or more respective functions for operating on the respective data; generating a wrapped message to be transmitted from a transmitting actor to multiple recipient actors, the wrapped message comprising at least one constituent message, a sorted list of the recipient actors, and an index indicating an entry in the list, the index initially being set to indicate the first recipient actor in the list; transmitting the wrapped message from the transmitting actor to the first recipient actor in the list; each of the recipient actors, except the last in the list, upon receiving the wrapped message, advancing the index and forwarding the wrapped message to the next actor in the list as indicated by the advanced index.

Abstract: A method of running a computer program comprising concurrent threads, wherein: at any time, the program is in a current global execution phase, GEP, each thread is divided into a sequence of local execution phases, LEPs, each corresponding to a different GEP, wherein the thread is in a current LEP that cannot progress beyond the LEP corresponding to the current GEP; any of the threads is able to advance the GEP if the current LEP of all threads has reached the LEP corresponding to the current GEP; one thread comprises code to perform an internal acquire to acquire a lock on its respective LEP; and at least one other threads comprises code to perform an external release to force advancement of the current LEP of said one thread, but wherein the external release will be blocked if said thread has performed the internal acquire.

Abstract: A method of manual memory management is described. In response to detecting an access violation triggered by the use of an invalid reference to an object in a manual heap, a source of the access in a register or stack is identified. An updated reference for the object using stored mapping data is determined and used to replace the invalid reference in the source.

Abstract: A method of communicating messages between threads. For each thread there are defined M buckets. When a transmitting thread has a message to send, it assigns the message to the bucket numbered m=Tid_r mod M to await transmission, where Tid_r is the ID of the receiving thread. The bucket m=Tid_t mod M is the home bucket, where Tid_t is the ID of the transmitting thread. After accumulating multiple messages, a batch transmission is performed, comprising a plurality of successive phases p. Each phase comprises: i) from each bucket other than the home bucket, transmitting some or all of the messages in the bucket as a batch to one of the receiving threads of the bucket, and ii) except in the last phase, incrementing the phase p by 1, and redistributing the messages remaining in the home bucket according to m=(Tid_r/M{circumflex over (?)}p) mod M.

Abstract: In various examples, there is a computer-implemented method for providing packages for processing on a computer system. The method creates a secure connection to an enclave and retrieves a quote to verify that the enclave is genuine and that it contains a predetermined process. The predetermined process is configured to create an enclave for itself and determine that an initial state of the computer system is equivalent to a predetermined state based on a quote retrieved from a security module. The predetermined process is further configured to receive a package to be processed by the computer system and cause the processor to process the package outside of the enclave. In response to verifying the enclave, the method provides a package to be processed by the computer system.

Abstract: A method of manual memory management is described. In response to detecting an access violation triggered by the use of an invalid reference to an object in a manual heap, a source of the access in a register or stack is identified. An updated reference for the object using stored mapping data is determined and used to replace the invalid reference in the source.

Abstract: A method of manual memory management is described which comprises enabling one or more threads to access an object created in a manual heap by storing a reference to the object in thread-local state and subsequently deleting the stored reference after accessing the object. In response to abandonment of the object, an identifier for the object and a current value of either a local counter of a thread or a global counter are stored in a delete queue and all threads are prevented from storing any further references to the object in thread-local state. Deallocation of the object only occurs when all references to the object stored in thread-local state for any threads have been deleted and a current value of the local counter for the thread or the global counter has incremented to a value that is at least a pre-defined amount more than the stored value, wherein the global counter is updated using one or more local counters.