Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: Mitigating return-oriented programming (ROP) attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.

Abstract: Mitigating return-oriented programming attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.

Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.

Abstract: Mitigating return-oriented programming (ROP) attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.

Abstract: Mitigating return-oriented programming attacks. Program code and associated components are received and loaded into memory. From the program code and associated components, a predetermined number of sequences of machine language instructions that terminate in a return instruction are selected. The sequences of machine language instructions include: machine language instruction sequences that are equivalent to a conditional statement “if-then-else return,” sequences of machine language instructions corresponding to known malicious code sequences, and sequences of machine language instructions corresponding to machine language instructions in known toolkits for assembling malicious code sequences.

Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.

Abstract: A method for identifying trends in system faults. During a generating stage, monitoring via a software based performance monitoring unit, a state of a server on a network and generating hardware or software performance information which indicate system faults of the server. During an analysis stage including, creating a dataset from the hardware or software performance information and isolating events from the dataset and categorizing each of the isolated events into a type, each type representing one application program call return. For each event in the dataset, assigning a trend score which decays with time such that recent events receive greater weight in the assigning than less recent events. Finally, performing one or more of: outputting a notification of the trend score, utilizing an optimization unit or triggering operation of a fault system handler for the event, when the trend score is above a threshold.

Abstract: A method for identifying trends in system faults. During a generating stage, monitoring via a software based performance monitoring unit, a state of a server on a network and generating hardware or software performance information which indicate system faults of the server. During an analysis stage including, creating a dataset from the hardware or software performance information and isolating events from the dataset and categorizing each of the isolated events into a type, each type representing one application program call return. For each event in the dataset, assigning a trend score which decays with time such that recent events receive greater weight in the assigning than less recent events. Finally, performing one or more of: outputting a notification of the trend score, utilizing an optimization unit or triggering operation of a fault system handler for the event, when the trend score is above a threshold.

Abstract: Detecting optimization opportunities is enabled by utilizing a trace of a target concurrent computer program and determining a relation between data objects accessed during the tracked execution. The relation may be stored in a Temporal Relation Graph (TRG), in an extended-TRG or another data structure. The relation may be affected by temporally-adjacent accesses to data objects. The relation may further be affected by accesses to data objects performed during critical sections of the target program.

Abstract: Systems and methods for cache optimization are provided. The method comprises tracing objects instantiated during execution of a program code under test according to type of access by one or more threads running in parallel, wherein said tracing provides information about order in which different instances of one or more objects are accessed by said one or more threads and whether the type of access is a read operation or a write operation; and utilizing tracing information to build a temporal relationship graph (TRG) for the accessed objects, wherein the objects are represented by nodes in the TRG and at least two types of edges for connecting the nodes are defined.

Abstract: Systems, methods and products for code optimization are provided. In one embodiment, the method comprises dividing a target code into basic blocks; analyzing traversed execution paths between the basic blocks during multiple executions of the target code to determine a frequency with which the execution path between two or more basic blocks are traversed; and determining whether code optimization may be achieved by identifying execution paths that have been traversed subject to one or more threshold levels.

Abstract: Systems and methods for cache optimization are provided. The method comprises tracing objects instantiated during execution of a program code under test according to type of access by one or more threads running in parallel, wherein said tracing provides information about order in which different instances of one or more objects are accessed by said one or more threads and whether the type of access is a read operation or a write operation; and utilizing tracing information to build a temporal relationship graph (TRG) for the accessed objects, wherein the objects are represented by nodes in the TRG and at least two types of edges for connecting the nodes are defined.

Abstract: Detecting optimization opportunities is enabled by utilizing a trace of a target concurrent computer program and determining a relation between data objects accessed during the tracked execution. The relation may be stored in a Temporal Relation Graph (TRG), in an extended-TRG or another data structure. The relation may be affected by temporally-adjacent accesses to data objects. The relation may further be affected by accesses to data objects performed during critical sections of the target program.

Abstract: A method for optimizing program code is provided. The method comprises detecting a branch instruction comprising a condition expression, wherein the branch instruction, when executed by a processor, causes the processor to execute either a first set of instructions or a second set of instructions according to a value of the condition expression; and replacing the branch instruction with a third set of instructions that are non-branching, wherein the third set of instructions, when executed by a processor, has a collective effect same as if either the first or second set of instructions were executed according to the value of the condition expression. The third set of instructions comprises a negation instruction to normalize the value of the condition expression.