Abstract: Embodiments are directed towards managing memory for an application be executing in a managed runtime environment. Managed peer objects may be generated to correspond to native objects executing in a native runtime environment such that memory may be allocated for managed peer objects. Garbage collection handles may be generated and associated with the managed peer objects. If the managed application executes instructions that interact with the managed peer objects and the native runtime environment each garbage collection handle associated with the managed peer objects may be modified based on a type of an interaction. The garbage collection handlers may be garbage collection roots for a garbage collector that may be included in the managed runtime memory manager. If a garbage collection event occurs, memory for the managed peer objects may be deallocated based in part on its correspondent garbage collection handle.

Abstract: Embodiments are directed towards generating applications that include multi-sized types running in managed code. During the compilation of an intermediate language version of an application, if a multi-size type is encountered, a runtime engine may perform actions to process the multi-size types. Accordingly, architecture information associated with the target computer may be determined. Data types corresponding to the architecture of the target computer and the multi-sized types may be determined based on the architecture information. Native code calls associated with an intermediate language code calls may be determined such that the parameters of the native code calls match the architecture dependent data types. And, a machine code version of the intermediate language code call may be generated. The generated machine code version of the intermediate language code may be executed with the data types specific to the target computer.

Abstract: Embodiments are directed towards generating applications that include multi-sized types running in managed code. During the compilation of an intermediate language version of an application, if a multi-size type is encountered, a runtime engine may perform actions to process the multi-size types. Accordingly, architecture information associated with the target computer may be determined. Data types corresponding to the architecture of the target computer and the multi-sized types may be determined based on the architecture information. Native code calls associated with an intermediate language code calls may be determined such that the parameters of the native code calls match the architecture dependent data types. And, a machine code version of the intermediate language code call may be generated. The generated machine code version of the intermediate language code may be executed with the data types specific to the target computer.

Abstract: Embodiments are directed towards generating applications that include multi-sized types running in managed code. During the compilation of an intermediate language version of an application, if a multi-size type is encountered, a runtime engine may perform actions to process the multi-size types. Accordingly, architecture information associated with the target computer may be determined. Data types corresponding to the architecture of the target computer and the multi-sized types may be determined based on the architecture information. Native code calls associated with an intermediate language code calls may be determined such that the parameters of the native code calls match the architecture dependent data types. And, a machine code version of the intermediate language code call may be generated. The generated machine code version of the intermediate language code may be executed with the data types specific to the target computer.

Abstract: Embodiments are directed towards managing memory for an application be executing in a managed runtime environment. Managed peer objects may be generated to correspond to native objects executing in a native runtime environment such that memory may be allocated for managed peer objects. Garbage collection handles may be generated and associated with the managed peer objects. If the managed application executes instructions that interact with the managed peer objects and the native runtime environment each garbage collection handle associated with the managed peer objects may be modified based on a type of an interaction. The garbage collection handlers may be garbage collection roots for a garbage collector that may be included in the managed runtime memory manager. If a garbage collection event occurs, memory for the managed peer objects may be deallocated based in part on its correspondent garbage collection handle.

Abstract: Embodiments are directed towards generating applications that include multi-sized types running in managed code. During the compilation of an intermediate language version of an application, if a multi-size type is encountered, a runtime engine may perform actions to process the multi-size types. Accordingly, architecture information associated with the target computer may be determined. Data types corresponding to the architecture of the target computer and the multi-sized types may be determined based on the architecture information. Native code calls associated with an intermediate language code calls may be determined such that the parameters of the native code calls match the architecture dependent data types. And, a machine code version of the intermediate language code call may be generated. The generated machine code version of the intermediate language code may be executed with the data types specific to the target computer.

Abstract: Embodiments are directed towards managing memory for an application be executing in a managed runtime environment. Managed peer objects may be generated to correspond to native objects executing in a native runtime environment such that memory may be allocated for managed peer objects. Garbage collection handles may be generated and associated with the managed peer objects. If the managed application executes instructions that interact with the managed peer objects and the native runtime environment each garbage collection handle associated with the managed peer objects may be modified based on a type of an interaction. The garbage collection handlers may be garbage collection roots for a garbage collector that may be included in the managed runtime memory manager. If a garbage collection event occurs, memory for the managed peer objects may be deallocated based in part on its correspondent garbage collection handle.

Abstract: Embodiments are directed towards managing generic objects across multiple runtime environments. If a generic type definition is encountered during compilation of an application it may be determined if the encountered generic type has interactions with the native runtime environment. Native runtime signatures that may be arranged to enable native objects to execute the generic type methods may be generated for each generic type methods that interact with the native runtime. Binding layer machine code may be generated to map each native runtime signature to a corresponding generic type method. And, in at least one of the various embodiments, the binding layer machine code may be inserted into the machine code version of the application.

Abstract: Embodiments are directed towards generating applications that include multi-sized types running in managed code. During the compilation of an intermediate language version of an application, if a multi-size type is encountered, a runtime engine may perform actions to process the multi-size types. Accordingly, architecture information associated with the target computer may be determined. Data types corresponding to the architecture of the target computer and the multi-sized types may be determined based on the architecture information. Native code calls associated with an intermediate language code calls may be determined such that the parameters of the native code calls match the architecture dependent data types. And, a machine code version of the intermediate language code call may be generated. The generated machine code version of the intermediate language code may be executed with the data types specific to the target computer.

Abstract: A system and method may be used to track software changes by analyzing intermediate language level representations of the software. For example, software changes may be tracked by analyzing object-oriented program code that includes one or more non-native binary executables based on an intermediate language. The program code may be associated with metadata describing content of the non-native binary executables. An object tree, which includes a plurality of nodes, may be constructed to represent the non-native binary executables and the metadata describing the content of the non-native binary executables. One or more of the plurality of nodes may be hashed to associate respective digest values with the hashed nodes, such that changes in the received program code can be tracked using the digest values associated with the hashed nodes.

Abstract: The invention is a system and method for delegating security permission evaluation from a client computer to remote network service (e.g., a security server). The centralization of permission evaluation allows performance enhancements using rules compilation and better manageability. An application on a client machine may request a permission to access a resource at runtime and provide evidence data to a security server. The permission evaluation (the decision) is executed by the network service and enforced locally on the client machine. When the application runs on top of a virtual machine, its security manager may be used to hide all of the client-side processes, and thus providing the extra information to the network service in order to locally enforce the results.

Abstract: The invention relates to a system and method for providing multiple assembly caches for storing shared application resources. Each assembly cache may be associated with a different security policies, locations, internal structures and management. An application may be determined to have access to an assembly cache based on the permission and security policy of the application and security policy of the assembly cache. Additionally, one or more assembly caches may have other policies for cache retention, resolution, and creation.

Abstract: System and method for allowing embedded devices, even with a limited amount of CPU power and limited memory, to run code more efficiently by eliminating all or most of the runtime checks, while retaining the benefits of runtime checks. The runtime checks may be moved or duplicated to an outside application running on a remote computer. The outside application can prepare the runtime checks for execution at the embedded system. The embedded system may receive pre-validated code and store it inside custom cache for later execution using a check-less, or check-limited, runtime on the embedded device.

Abstract: System and method for accurately determining security policy for an application based on dynamic code analysis of application runtime execution(s). A dynamic recorder, dynamic code analyzer and security policy analyzer can evaluate and determine the security decisions and access to secure resources made during a security event within one or more executions of an application in order to identify an existing security policy that best matches an application's security needs. Security events may be analyzed to determine which security decisions and access to secure resources are necessary and which can be eliminated or replaced with alternative decisions or resources.

Abstract: The invention relates to a system and method for efficient security runtime. If the same security demand for permissions occurs twice during the same code path (i.e. execution stack) the latter can be automatically turned (optimized) into a security assertion based on the former demand. A security runtime can determine which assertions to establish in a call stack, using declarative security information kept in an assembly metadata and based on execution history to know what has already been demanded for a specific stack frame. If the method being called has been allowed to execute before then a demand may be replaced with an assertion for the same permissions within the call stack. If that frame was executed then it means the security demand was successfully evaluated. Furthermore, if the permission evaluation result is known to be static (e.g.

Abstract: The present invention allows shell program to be managed with security policies and enforced using sandboxes enforced by the security manager of a managed environment. The additional security policies may come from shell tool specific security policies, application specific security policies, resource based security policies, shell based policies, owner based policies, user based policies and/or other types of policies. Security policies may be merged to provide a managed shell more permission granularity in addition to existing machine policies.

Abstract: A system and method may be used to track software changes by analyzing intermediate language level representations of the software. For example, software changes may be tracked by analyzing object-oriented program code that includes one or more non-native binary executables based on an intermediate language. The program code may be associated with metadata describing content of the non-native binary executables. An object tree, which includes a plurality of nodes, may be constructed to represent the non-native binary executables and the metadata describing the content of the non-native binary executables. One or more of the plurality of nodes may be hashed to associate respective digest values with the hashed nodes, such that changes in the received program code can be tracked using the digest values associated with the hashed nodes.

Abstract: The invention relates to a system and method for providing multiple assembly caches for storing shared application resources. Each assembly cache may be associated with a different security policies, locations, internal structures and management. An application may be determined to have access to an assembly cache based on the permission and security policy of the application and security policy of the assembly cache. Additionally, one or more assembly caches may have other policies for cache retention, resolution, and creation.

Abstract: System and method for allowing embedded devices, even with a limited amount of CPU power and limited memory, to run code more efficiently by eliminating all or most of the runtime checks, while retaining the benefits of runtime checks. The runtime checks may be moved or duplicated to an outside application running on a remote computer. The outside application can prepare the runtime checks for execution at the embedded system. The embedded system may receive pre-validated code and store it inside custom cache for later execution using a check-less, or check-limited, runtime on the embedded device.

Abstract: The invention is a system and method for delegating security permission evaluation from a client computer to remote network service (e.g., a security server). The centralization of permission evaluation allows performance enhancements using rules compilation and better manageability. An application on a client machine may request a permission to access a resource at runtime and provide evidence data to a security server. The permission evaluation (the decision) is executed by the network service and enforced locally on the client machine. When the application runs on top of a virtual machine, its security manager may be used to hide all of the client-side processes, and thus providing the extra information to the network service in order to locally enforce the results.