Techniques for lazy copying of runtime-managed stack frames are disclosed. A runtime environment generates a runtime-managed stack including multiple frames. A topmost subset of frames includes data associated with particular instructions and a return address. A lower subset of frames includes data associated with different instructions. The runtime environment stores a copy of the topmost subset of frames in an OS-managed stack, without copying the lower subset. The particular instructions execute using the copy of the topmost subset of frames in the OS-managed stack. The runtime environment replaces, in the copy, the return address with a return barrier address. When execution of the instructions terminates, control passes to return barrier instructions, which store a copy of the lower subset of frames in the OS-managed stack and pass control to the different instructions. The different instructions execute using the copy of the lower subset of frames in the OS-managed stack.

In accordance with a first aspect of the present disclosure, a system is provided for applying patches to executable codes, comprising: a plurality of execution environments configured to execute said codes in different execution contexts; a control unit configured to apply the patches to said codes; wherein the control unit is configured to apply a specific patch to a specific code upon or after an execution environment configured to execute said specific code switches to an execution context corresponding to said specific code. In accordance with other aspects of the present disclosure, a corresponding method is conceived for applying patches to executable codes, and a corresponding computer program is provided.

A method for verifying data plane programs is provided in some embodiments. Because the behavior of a data plane program (e.g., a program written in the P4 language) is determined in part by the control plane populating match-action tables with specific forwarding rules, in some embodiments, programmers are provided with a way to document assumptions about the control plane using annotations (e.g., in the form of “assertions” or “assumptions” about the state based on the unknown control plane contribution). In some embodiments, annotations are added automatically to verify common properties, including checking that every header read or written is valid, that every expression has a well-defined value, and that all standard metadata is manipulated correctly. The method in some embodiments translates programs from a first language (e.g., P4) to a second language (e.g., Guarded Command Language (GCL)) for verification by a satisfiability modulo theory (SMT) solver.

Building and deployment of multiple applications can be augmented using metadata. Source code of a service can be generated automatically in a programming language without human intervention based on metadata descriptive of a data store and desired interaction with the data store by the service. Furthermore, documentation can be created automatically based on the metadata, wherein the documentation comprises at least one of application programming interface (API) data, data definitions, or end-user help document.

A pluggable trust architecture addresses the problem of establishing trust in hardware. The architecture has low impact on system performance and comprises a simple, user-supplied, and pluggable hardware element. The hardware element physically separates the untrusted components of a system from peripheral components that communicate with the external world. The invention only allows results of correct execution of software to be communicated externally.

Disclosed are techniques regarding aspects of implementing client configurable logic within a computer system. The computer system can be a cloud infrastructure. The techniques can include associating signature information with the client configurable logic for various purposes.

A computerized method of content verification comprising using a server for receiving a first data from a host monitoring code embedded in a webpage or an application loaded from a content server and executed by a client device, the host monitoring code is executed by the client device during an execution of the webpage or the application which further embeds nesting element(s) for loading nested content from nested content server(s), the first data is indicative of the execution, receiving a second data indicative of the execution from a guest monitoring code embedded in the nested content, combining the first data and second data for compliance verification of the execution with one or more rules associated with the nested content and initiating action(s) according to the verification. Wherein the first data is not available to the guest monitoring code and the second data is not available to the host monitoring code.

A method for verifying data plane programs is provided in some embodiments. Because the behavior of a data plane program (e.g., a program written in the P4 language) is determined in part by the control plane populating match-action tables with specific forwarding rules, in some embodiments, programmers are provided with a way to document assumptions about the control plane using annotations (e.g., in the form of “assertions” or “assumptions” about the state based on the unknown control plane contribution). In some embodiments, annotations are added automatically to verify common properties, including checking that every header read or written is valid, that every expression has a well-defined value, and that all standard metadata is manipulated correctly. The method in some embodiments translates programs from a first language (e.g., P4) to a second language (e.g., Guarded Command Language (GCL)) for verification by a satisfiability modulo theory (SMT) solver.

Presented herein are methods and systems for generating intermediate code files adjusted to prevent return oriented programming exploitation, comprising receiving compiled intermediate code file(s) comprise a plurality of routines and adjusting them prior to generation of a respective executable file for execution by one or more processor. The adjusting comprising analyzing a symbol table of the intermediate code file(s) to identify a beginning address of each of the routines, analyzing each of the routines to identify indirect branch instructions in the routines, and replacing each detected indirect branch instruction with invocation of a verification code segment configured to verify that the respective indirect branch instruction points to the beginning address of one of the routines. In runtime, the verification code segment causes the processor(s) to initiate one or more predefined actions in case the indirect branch instruction isn't pointing to the beginning address of one of the plurality of routines.

A selected location of a design view of a graphical user interface (GUI) generated using a design application may be received and used to identify a corresponding location for the selected location within an implementation view of the GUI. By mapping code of the GUI for the corresponding location to the selected location, using a validation language that relates the code to the design language, a difference between the selected location and the corresponding location may be identified. In this way, design validation may occur in a fast, automated, and reliable manner.