Abstract: A method for updating code in a shared codebase is provided. The method includes: using artificial intelligence techniques to generate a network graph that indicates a set of dependencies between a plurality of code modules included in the shared codebase; receiving information that relates to updating a first code module from among the plurality of code modules; and determining, based on the network graph, a subset of the plurality of code modules to be impacted when the first code module is updated. The method may further include scanning release notes associated with the shared codebase, and using natural language processing techniques to determine functions that will be impacted by the update.

Abstract: Software code is tested to determine relative performance of the software code. Successfully executing a test may be used to flag problems in a code repository to be corrected or criteria for accepting code for acceptance to the repository. To further evaluate test results, the test may be run several times on the same code version to determine a test result stability score describing how the test results may vary in different executions, such as a frequency that the code passes the test. Based on the score, additional tests may be run to further refine test result stability score. To evaluate time-variance of testing, when a code version fails a test, a previous version of the code may be run with the same test and the results compared to determine if a new regression was introduced.

Abstract: A computer-implemented method is provided for translating input text from a source language to a target language including receiving, by an interface, the input text in a source language, and identifying, by a processor coupled to the interface, at least one portion of the input text. The method includes replacing each portion with a corresponding sematic structure to produce at least one semantic structure, and organizing the at least one semantic structure into a semantic tree. The method includes matching a portion of the semantic tree to at least one phrase from a stored phrase bank, and providing one or more versions of the at least one phrase in the source language. The method includes receiving a selected version of the set of versions, translating the selected version from the source language to the target language, and providing the selected version in the target language.

Abstract: In an example, a non-transitory machine-readable storage medium storing instructions executable by a processor of a computing device to receive device telemetry data associated with an electronic device. The device telemetry data may include data that affects a performance of a graphics processor of the electronic device. Further, instructions may be executed by the processor to predict health of the graphics processor by applying a machine learning model to the device telemetry data. Furthermore, instructions may be executed by the processor to generate an alert notification based on the predicted health of the graphics processor.

Abstract: Methods and systems for garbage collection are described. In some embodiments, Garbage collector threads may maximize local accesses and minimize remote access by copying Young objects and Old objects differently. When copying a Young object, a garbage collector thread may determine the lgroup of the pool that contains the object and copy the object to a pool of the same lgroup. The garbage collector thread may spread Old objects among lgroups by copying Old objects to pools of the same lgroup as the respective garbage collector thread. Additional methods and systems are disclosed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for managing application program interface calls.

Abstract: A method includes receiving an API call including a request to resolve an API set contract to an associated host binary file, where the API set contract defines a set of APIs. The method further includes evaluating a runtime context of the API call to determine an application identifier for an application that initiated the request to resolve the API set contract to the associated host binary file. The method further includes executing elements of a first host binary instead of a second host binary responsive to determining that the API call was placed by a first application and executing elements of the second different host binary instead of the first host binary responsive to determining that the API call was placed by a second application.

Abstract: A method includes determining whether a code update for the service is available at a central repository of the computing environment and, in response to determining that the code update is available, retrieving the code update from the central repository. The method further includes performing a modification of the service in view of the code update.

Abstract: A method, system, or apparatus to debug software that is reorganized in memory is presented. A post-mortem debugging session is established by loading an executable code component corresponding to a packed binary file into memory. A randomly reorganized layout of the machine code corresponding to the blocks of the original source code is generated based on a transformation defined in a function randomization library corresponding to the blocks of original source code. A core dump file corresponding to the crash event associated with the executing of the executable code component and a debug data file that includes symbol table information to debug the blocks of the original source code are received. An updated debug data file is generated that includes symbol table information corresponding to the randomly reorganized layout. A debugger program is called with the executable code component, the core dump file, and the updated debug data file.

Abstract: Processing circuitry performs processing operations specified by program instructions, and a decoder decodes memory access instructions to generate control signals to control the processing circuitry to perform memory access operations. The memory access instructions have respective encodings specifying protected memory access instructions corresponding to protected memory access operations and less-protected memory access instructions corresponding to less-protected memory access operations. The less-protected memory access operations are associated with less restrictive memory access conditions than the protected memory access operations.

Abstract: A method for receiving a first portion of object code, analyzing a first portion of object code in a static manner to determine a call tree hierarchy, dividing, by a synthetic compiler, the first portion of object code into a plurality of modules; and starting to run the first portion of object code to start a runtime phase, with the running of the first portion of the object code including: (i) lazy loading of the modules of the plurality of modules of the first portion of object code, and/or (ii) eager unloading of the modules of the plurality of modules of the first portion of object code.

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

Abstract: Disclosed are various implementations of cluster capacity management for infrastructure updates. In some examples, cluster hosts for a cluster can be scheduled for an update. A component of a datacenter level resource scheduler can analyze cluster specific resource usage data to identify a cluster scaling decision for the cluster. The datacenter level resource scheduler transmits an indication that the resource scheduler is successfully invoked. Cluster hosts can then be updated.

Abstract: Techniques for configuring unused memory into namespaces based on determined attributes of incoming input/output (IO). Incoming IO is analyzed to determine characteristics of the IO. Unused memory space is identified. Based on the characteristics of the IO, a portion of the unused memory space is configured into a particular namespace. This namespace is configured to handle IO having the identified characteristics. Subsequent to configuring the portion of the unused memory space into the particular namespace, a file system is created for the particular namespace. Subsequent IO, which shares the same characteristics as the IO, is routed to the namespace, which is managed using the file system.

Abstract: Performing usage-based software library decomposition is disclosed herein. In some examples, a processor device generates a first library graph representing a first software library including multiple functions. The first library graph comprises a plurality of nodes that each correspond to a function of the first software library. The processor device identifies a function within the first software library (“invoked function”) that is directly invoked by an application that depends on the first software library, then generates a call graph including nodes within the first library graph (“dependency nodes”) corresponding to either the invoked function or another function invoked by the invoked function during application execution. Using the call graph, the processor device generates a second software library including only functions of the first software library corresponding to dependency nodes of the call graph.

Abstract: Containers can be managed for cryptanalysis attack protection. For example, a computing system can receive, from a container, a description specifying a first hardware requirement for the container. The computing system can restrict access to hardware based on the first hardware requirement for the container. The computing system can perform, for a data object requested by the container, an encryption operation and a decryption operation using the hardware. A result of the encryption operation can be inaccessible to the container prior to the decryption operation.

Abstract: In a method for dynamically binding data in an application, an expression describing a relation between a first property of a first data of the application to a first property of a second data of the application is received. A binding is created between the first data and the second data based on the relation. A change is propagated to the first property of the second data based on a change to the first property of the first data. The receiving the expression and the creating the binding are repeated to create a plurality of bindings based on a plurality of expressions, and the receiving the expression and the creating the binding occur dynamically during an execution of the application.

Abstract: A library uplift tool may automatically identify changes to elements of an between different versions of a software library interface. The public interfaces of the two versions may be compared to identify changes to datatypes, variable or function names, parameter names, parameter lists, and other elements of the library interface. Locations in application source code using the software library may then be identified and linked with the changes between the library versions. A report or user interface may then display specific locations in the application source code that are affected by the changes to the library versions. For each change, a suggested action may be presented in the interface, and an example of modified source code may be generated. The interface may be interactive such that modified source code may be automatically propagated to source code files for compatibility with the new library version.

Abstract: The present invention provides a data read-write method and apparatus and a circular queue. The method includes: obtaining an offset position of a write pointer from a queue head of a circular queue; determining an offset position of a read pointer according to the offset position of the write pointer; and reading data from the circular queue according to the offset position of the read pointer. Single input multiple output of share memory is implemented, and therefore a plurality of read threads may read data from the circular queue in parallel, thereby effectively improving read-write efficiency of data, and reducing memory consumption.

Abstract: A computer-implemented method includes opening, by a computer device, a global data dictionary on a virtual machine running on the computer device; running, by the computer device, a system defined class on the virtual machine; allocating, by the computer device, program objects that relate to the system defined class from an operating system onto the virtual machine; initializing, by the computer device, a system trace module on the virtual machine; collecting and storing in the global data dictionary, by the computer device, additional class data that was not originally abstracted, the additional class data being references to the allocated program objects; triggering, by the computer device, the system trace module in response to a trace event; identifying, by the computer device, particular ones of the program objects that relate to the trace event; and consolidating, by the computer device, the additional class data that corresponds to the particular ones of the program objects with abstracted object dat

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; an operating system; an application framework including instructions to search a target directory for one or more shared libraries and to attempt to load the one or more shared libraries if found; and an application including: a library file including a primary feature module to provide a primary feature of the application, the primary feature module structured to operate within the application framework, wherein the library file is not independently executable by the operating system; and an unmanaged executable binary to host the library file, wherein the unmanaged executable binary is not managed by the application framework, and includes hooks to intercept the application framework's attempt to load the one or more shared libraries, and to provide security services to the one or more shared libraries before permitting the application framework to attempt to load the one or more shared libraries.

Abstract: Provided are a mobile terminal test apparatus, a mobile terminal test system, and a control method for the mobile terminal test apparatus, which can reduce burdens on a user for setting parameters according to a specification of a test. A setting screen is displayed with a first operation image 21 for selecting a specification of a test and a second operation image 22 in which parameter operation images 22a to 22e for setting parameters for executing the test according to the specification selected by an operation with respect to the first operation image 21 are arranged based on parameter hierarchies. With an operation of changing one parameter with respect to the parameter operation images 22a to 22e, lower parameter operation images whose parameter hierarchies are lower than the parameter operation image are updated according to the specification selected by the operation with respect to the first operation image 21.

Abstract: An apparatus includes a database and a processor. The database stores a set of services, each of which produces outputs when provided inputs. The processor determines a machine learning policy that can be applied to a first service to determine a descriptor file assigned to the service. The first service can produce a first output when provided a first input. The descriptor file includes the first output type and the first input type. The processor applies the machine learning policy to the set of services to determine a set of descriptor files. The processor receives a request from a user for a second service that produces a second output given a second input. The processor then locates a second descriptor file that includes the second output type and the second input type, determines a third service assigned to the descriptor file, and sends the third service to the user.

Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.

Abstract: Plugin loading can be optimized. A service can use a plugin loader to load plugins on a computing device. When the plugin loader loads plugins, the plugins can be configured to determine their load statuses and report such load statuses to the plugin loader. After receiving the load statuses, the plugin loader can store the load statuses and then notify the service to request a restart. When the service restarts the plugin loader, the plugin loader can use the load statuses to determine which of the plugins should be loaded. In this way, the service and plugin loader can ensure that only plugins that are appropriate for a particular computing device will remain loaded.

Abstract: A computer device has a kernel driver in a kernel mode of the operating system which records an access token as initially associated with a user process. Later, the user process presents its access token when requesting certain operations through the operating system. The kernel driver detects that the user process has been subject to an escalation of privilege attack by evaluating the access token in its presented form as against the initially recorded access token and, in response, performs a mitigation action such as suspending the user process.

Abstract: Various embodiments comprise apparatuses and methods including a communications subsystem having an interface module and a protocol module with the communications subsystem being configured to be coupled to an antenna. An applications subsystem includes a software applications module and an abstraction module. The software applications module is to execute an operating system and user applications; the abstraction module is to provide an interface with the software applications module. A controller interface module is coupled to the abstraction module and the interface module and is to convert signals from the applications subsystem into signals that are executable by the communications subsystem. Additional apparatuses and methods are described.

Abstract: Techniques disclosed herein permit bundled web applications to be extended at runtime. In particular, the functionality of a container application that is a bundled web application may be extended by extensions that are also bundled web applications. To enable such extensibility, the container application registers reusable portion(s) of its code in a global context during a bootstrapping sequence of the container application. Thereafter, extensions that are loaded may access and utilize the registered portion(s) of code, as if those extensions had been bundled together with the rest of the container application. In addition, extensions may be managed using scoping and/or permissions that control access to the extensions based on the container application mode that the extensions can be used with and white lists of users who are allowed to use the extensions, respectively.

Abstract: Embodiments of the present systems and methods may provide additional security mechanisms inside an operating system kernel itself by isolating parts of the kernel to protect them from attacks. For example, in an embodiment, a computer-implemented method implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise: creating a namespace in an operating system kernel-space in the memory of the computer, creating an address space for the namespace that maps only kernel objects owned by the namespace, and providing access to kernel objects owned by the namespace only to the least one user process using the combined page table.

Abstract: Navigation data generation techniques and systems are described to address the complexities of digital content and that overcome the challenges of the conventional techniques. In one example, digital content is received by a flow graph system and used to generate a flow graph that models functionality available via the digital content as graph nodes and connections between the functions as edges between the graph nodes based on a markup language of the digital content. Each of the graph nodes includes a respective utterance that describes functionality available via that node and thus is usable to locate this functionality using semantic similarity to an input query. The flow graph is used as a basis to generate navigation data.

Abstract: Disclosed are systems and methods for managing software applications. The system receives, via a graphical user interface, a request to generate a chain application with a sequence of execution comprising a first application and a second application. In response to determining that an output type of the first application is not compatible with an input type of the second application, the system updates, without further user input, the sequence of execution such that the second application precedes the first application. The system generates the chain application configured to execute the first application and the second application in the updated sequence of execution.

Abstract: Disclosed are an apparatus and a method for providing security and an apparatus and a method for executing security to protect a code of a shared object.

Abstract: A method for replacing a software component among a plurality of software components of a runtime system, in particular a runtime system of an industrial control environment, comprises the steps of determining a first software component to be replaced among the plurality of software components, determining a second software component for replacing the first software component in the runtime system; initializing the second software component in the runtime system; routing a plurality of calls directed to the first software component centrally through a wrapper component; and switching the calls directed to the first software component to the second software component by means of a wrapper component.

Abstract: An automated system is presented for unit testing an application in a mainframe execution environment. The system includes a test configurator, a stub setup routine and an interceptor routine. The test configurator is configured to receive and parse a test input file, where the test input file includes a record for a particular file accessed by the application using the given type of file system. Upon reading the record, the test configurator calls the stub setup routine. The stub setup routine is associated with the given type of file system and creates an object for the particular file in the mainframe execution environment, such that the object is instantiated from a class representing the given type of file system. The interceptor routine is accessible by the application. In response to a given command issued by the application for the given type of file system, the interceptor routine operates to interact with methods provided by the object.

Abstract: Embodiments of the present application disclose a method and apparatus for removing a root-privileged virus, and an electronic device. The method comprises: detecting, according to a preset virus database, whether a smart device has a file with a characteristic of a root-privileged virus; obtaining a system root privilege when a file with the characteristic of the root-privileged virus is detected; terminating all processes corresponding to all the detected files with the characteristic of the root-privileged virus; recovering system startup items to a status before the intrusion of the root-privileged virus; and deleting all the detected files with the characteristic of the root-privileged virus. Compared with the prior art, the embodiments of the present application enable root-privileged viruses to be killed more thoroughly.

Abstract: A method is provided for a kernel driver in an operating system to detect loading of images into memory and unloading of the images from memory. The method includes registering a callback routine for load-image notifications, receiving a load-image notification for an image and recording loading of the image, storing original code at or about an entry point of the image, and patching redirect stub code over the original code at or about the entry point. The method also includes receiving, from the redirect stub code, a redirected call to or about the entry point to execute a routine in the image. The redirected call identifies a driver object representing the image. The method further includes, based on the driver object, providing a mechanism to intercept unloading of the image and recording the unloading of the image.

Abstract: A method for modifying a native runtime environment comprising modifying symbols in the least one of a compiled executable or byte-code of each of a plurality of library versions, modifying references to the symbols in development code associated with the at least one of the compiled executable or byte-code, building the development code into a plurality of versioned library packages, renaming identifiers in each of the versioned library packages and modify an application build for the native runtime environment to reference each of the versioned library packages according to their renamed identifiers.

Abstract: A microservice-based data processing apparatus, including: a type register, storing a list of types, a type being a semantic concept expression; and microservices each comprising an annotation of an input type and output types from the list; processing logic transforming input data expressed by the input type into output data expressed by the output types; and a messaging mechanism for inputting data, via a message, to a microservice, the mechanism defining a message format for structuring the messages. The format includes a first field specifying the data being input; and a second field specifying a type, from the list of types, semantically expressing the concept instantiated by the data. Each microservice includes a controller to receive a message from the mechanism having the format, and to respond by executing the logic when the type specified by the second field matches the input type of the microservice.

Abstract: A transmission and reception apparatus includes a first communication unit that performs communication by a first communication method, a second communication unit that performs communication by a second communication method which is higher in directivity than the first communication method and is faster than the first communication method, and a control unit that performs control such that storage confirmation information, which indicates whether data has been stored in a storage device provided in a first target machine without an error, is received through the first communication unit after the data is transmitted to the first target machine through the second communication unit, data transmission confirmation is received from the first target machine, and the data is transmitted to a second target machine through the second communication unit.

Abstract: Implementations are disclosed herein for enhancing swizzling technology. In at least one implementation, functions are hooked by modifying their machine code implementations to jump to a central callback function. The central callback function may then route to other target functions that serve to replace the hooked functions. In another implementation, the machine code implementations are modified to jump to intermediate functions. The intermediate functions invoke dispatch functions that can call into a central callback function. The central callback function may return to the hooked functions.

Abstract: The present invention relates to a method of memory estimation and configuration optimization for a distributed data processing system involves performing match between an application data stream and a data feature library, wherein the application data stream has received analysis and processing on conditional branches and/or loop bodies of an application code in a Java archive of the application, estimating a memory limit for at least one stage of the application based on the successful matching result, optimizing configuration parameters of the application accordingly, and acquiring static features and/or dynamic features of the application data based on running of the optimized application and performing persistent recording.

Abstract: Disclosed herein are techniques for performing dynamic linking at a computing device. According to some embodiments, the techniques can involve receiving a request to perform a dynamic linking of a software application. The request can be issued in conjunction with installing the software application, launching the software application for a first time, and so on. In response to the request, a closure file can be generated based on different properties associated with the software application (e.g., environment variables, object files, etc.). Notably, the closure file is generated “out-of-process” relative to the execution environment of the software application. Additionally, the techniques can involve caching the closure file such that the closure file is accessible to the software application. In turn, the software application can utilize the closure file at launch/execution times to reduce a number of dynamic linking operations that otherwise are required to take place using conventional approaches.

Abstract: In one example, a method includes receiving metadata in the form of a modification to metadata represented by a file system namespace abstraction, and the file system namespace abstraction corresponds to less than the entire file system namespace. Next, the file system namespace abstraction is updated based on the received metadata. Next, a determination is made whether or not caching is enabled for the file system namespace abstraction. If caching is enabled for the file system namespace abstraction, the updated file system namespace abstraction is cached in SSD storage.

Abstract: Embodiments relate to using a local entry point with an indirect call function. A compiler is provided to determine and indicate in the program code that the function pointer value resulting from a non-call reference of a function symbol is solely used to perform indirect calls in the same module, e.g. local-use-only. The compiler loads an address of a function through use of a symbolic reference. When the compiler determines that the value employed by the symbolic reference is used exclusively to perform an indirect function call, the compiler proceeds to resolve a local entry point address of the function, thereby reducing a quantity of operations to be executed.

Abstract: A system, method, and computer readable medium for reliable messaging between two or more servers. The computer readable medium includes computer-executable instructions for execution by a processing system. Primary applications runs on primary hosts and one or more replicated instances of each primary application run on one or more backup hosts. The reliable messaging ensures consistent ordered delivery of messages in the event that messages are lost; arrive out of order, or in duplicate. The messaging layer operates over TCP or UDP with our without multi-cast and broad-cast and requires no modification to applications, operating system or libraries.

Abstract: An automated system is presented for unit testing an application in a mainframe execution environment. The system includes a test configurator, a stub setup routine and an interceptor routine. The test configurator is configured to receive and parse a test input file, where the test input file includes a record for a particular file accessed by the application using the given type of file system. Upon reading the record, the test configurator calls the stub setup routine. The stub setup routine is associated with the given type of file system and creates an object for the particular file in the mainframe execution environment, such that the object is instantiated from a class representing the given type of file system. The interceptor routine is accessible by the application. In response to a given command issued by the application for the given type of file system, the interceptor routine operates to interact with methods provided by the object.

Abstract: The invention relates to a computer guard system for controlling delivery of encrypted media assets in a service which governs the delivery of a set of media assets to a group of authorized users comprising: an administrator interface configured to receive configuration data from an administrator to define at least one environment defining how media assets in that service are to be delivered to authorized users, wherein the configuration data defines, for each environment, (a) multiple DRM technologies for decrypting the same asset at multiple end user platforms, each DRM technology being associated with its own set of default license properties; (b) at least one software plug-in to be instantiated to perform a verification method to verify if an end user request for delivery of an asset is valid; a store for holding defined environments with respective environment identifiers; a key server module having an interface connectable to an encryption module and configured to: exchange (i) an asset identifier, whic

Abstract: A secure communication channel can be established between a recovery console and a recovery agent during an Active Directory disaster recovery. This secure channel can be established without employing the Kerberos or NT LAN Manager (NTLM) authentication protocols. Therefore, the recovery console and recovery agent will be able to establish a secure channel even when the domain controller is in Directory Services Restore Mode (DSRM) and NTLM is disabled. A secure channel can be established between the recovery console and the recovery agent based on the Microsoft Secure Channel (Schanel) Security Support Provider (SSP). The Schannel implementation can be modified in a manner that allows the client to be authenticated within the Schannel architecture.

Abstract: Embodiments relate to using a local entry point with an indirect call function. More specifically, an indirect call function configuration comprises a first application module having a target function of the indirect function call, a second application module with a symbolic reference to the target function of the indirect function call, and a third application module to originate an indirect function call. A compiler determines and indicates, in the program code, that the function pointer value resulting from a non-call reference of a function symbol is solely used to perform indirect calls in the same module, e.g. local-use-only. A linker or loader can read the indication the compiler made in the program code. The linker or loader use the local entry point associated with the target function if the target function is defined in the same module as the reference and is local-use-only.

Abstract: Systems and methods for patching system calls issued on a device. System calls are patched by transforming system calls to provide additional functionality. The system calls can then be rerouted to the updated or custom functions.