Abstract: Systems for generating attack event logs are disclosed. An example system includes a storage device for storing an event log template. The system also includes a processor to receive a selection of the event log template, and receive an attack description comprising user instructions to fabricate synthetic log entries according to a format defined in the event log template. The attack description includes variables and rules for determining values for the variables. The processor generates the attack event log by determining values that satisfy the rules and writing the values into selected fields of the event log template.

Abstract: Systems for generating attack event logs are disclosed. An example system includes a storage device for storing an event log template. The system also includes a processor to receive a selection of the event log template, and receive an attack description comprising user instructions to fabricate synthetic log entries according to a format defined in the event log template. The attack description includes variables and rules for determining values for the variables. The processor generates the attack event log by determining values that satisfy the rules and writing the values into selected fields of the event log template.

Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

Abstract: A method, computer program product and/or system is disclosed. According to an aspect of this invention, one or more processors receive an indirect jump instruction comprising a target address offset and a maximal offset value. One or more processors determine whether the target address offset is valid by comparison of the target address offset and the maximal offset value and one or more processors execute a jump operation based on whether the target address offset is valid. In some embodiments of the present invention, the jump operation comprises one or more processors executing an instruction located at a target address referenced by the target address offset if the target address offset is valid. In some embodiments, the jump operation further comprises one or more processors raising an exception if the target address offset is not valid.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.

Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.

Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.

Abstract: A software container image that includes components dependent on a first computer instruction set architecture (ISA) is ported to enable a container to execute using the container image on a computer having a second ISA different from the first. Porting the container image entails replacing components of the container image not compatible with the second ISA with equivalent components compatible with the second ISA. The porting is performed, in some instances, dynamically as part of running a container with the container image on a computer implementing the second ISA.

Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.

Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.

Abstract: A method comprising: counting each occurrence of a hardware event by a Performance Monitoring Counter of a hardware processor during the execution of a target program code; orderly and continuously storing in a buffer of a Taken Branch Trace (TBT) Facility of said hardware processor a predefined TBT size of last taken branches of said target program code during its execution; every time said counting equals a sampling rate, triggering sampling of said buffer, to receive a TBT comprising current said predefined TBT size of last taken branches; constructing a full branch trace for each said TBT based on said target program code; extracting a predefined Chopped Branch Trace (CBT) size of last branches from each said full branch trace, to receive a chopped branch trace for said each TBT; and incrementally storing each said chopped branch trace to generate an edge profile of said target program code.

Abstract: Input is received during runtime of a program. The input is a return instruction address of a called function and a return target address of the program. A determination is made whether the instruction immediately prior to the return target address is a call to the called function. If the instruction immediately prior to the return target address is not a call to the called function, a notification is transmitted that return-oriented programming is suspected.

Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.

Abstract: An aspect includes performance profiling of an application. A processor executes an instruction stream of the application including instructions that are dynamically grouped at run-time. The processor monitors for an event associated with sampled instructions. A sampled instruction is associated with other events that include instruction grouping information. A number of the instructions in a group that includes the sampled instruction is determined as a group size. The monitored event is tracked as separate events with respect to each of the sampled instruction and one or more other instructions of the group. Subsequent monitored events are tracked as the separate events for each of the instructions from additional groups having various group sizes formed from a sequence of the instructions. An execution count for the sequence of the instructions is generated based on accumulating the separate events over a period of time.

Abstract: A method comprising: counting each occurrence of a hardware event by a Performance Monitoring Counter of a hardware processor during the execution of a target program code; orderly and continuously storing in a buffer of a Taken Branch Trace (TBT) Facility of said hardware processor a predefined TBT size of last taken branches of said target program code during its execution; every time said counting equals a sampling rate, triggering sampling of said buffer, to receive a TBT comprising current said predefined TBT size of last taken branches; constructing a full branch trace for each said TBT based on said target program code; extracting a predefined Chopped Branch Trace (CBT) size of last branches from each said full branch trace, to receive a chopped branch trace for said each TBT; and incrementally storing each said chopped branch trace to generate an edge profile of said target program code.