A method for implementing a function jump includes receiving a first function, searching, for an address of the first function, a first data structure in which addresses of a plurality of functions are stored, where a patch function used to replace the first function is available when the address of the first function is found, searching a second data structure for an address of the patch function based on the address of the first function, where correspondences between a plurality of functions and patch functions of the functions are stored in the second data structure, jumping from the first function to the patch function of the first function based on the address of the patch function of the first function, and executing the patch function of the first function to respond to the call to the first function.

Dynamically overriding a function based on a capability set. A computer system reads a portion of an executable image file. The portion includes a first memory address corresponding to a first callee function implementation. The first memory address was inserted into the portion by a compiler toolchain. Based on extensible metadata included in the executable image file, and based on a capability set that is specific to the computer system, the computer system determines a second memory address corresponding to a second callee function implementation. Before execution of the portion, the computer system modifies the portion to replace the first memory address with the second memory address.

A method can include identifying fixed instructions of the instructions and relocatable instructions of the instructions, the fixed instructions reference another instruction of the instructions and the relocatable instructions do not reference another instruction of the instructions, altering the location of the relocatable instructions relative to one another in the memory and add respective reference instructions to the fixed instructions and relocatable instructions that cause the instructions to be executed in a same order as they would be if the location was not altered, and executing the fixed instructions and the relocatable instructions from their altered locations in the medium.

A segmentation firewall executing on a host enforces a segmentation policy. In a co-existence mode, the segmentation firewall operates in co-existence with a system firewall that enforces a security policy. The segmentation firewall is configured to either drop packets that do not match any permissive rule or pass packets that match a permissive rule to the system firewall to enable the system firewall to determine whether to drop or accept the passed packets. To enable efficient operation of the segmentation firewall when operating in co-existence with the system firewall, the segmentation firewall may include a plurality of rule chains and may be configured to exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy.

A method for executing new instructions is provided. The method is used in a processor and includes: receiving an instruction; when the received instruction is an unknown instruction, the processor executes the following steps through a conversion program: determining whether the received instruction is a new instruction; and converting the received instruction into at least one old instruction when the received instruction is a new instruction; and simulating the execution of the received instruction by executing the at least one old instruction.

A segmentation firewall executing on a host enforces a segmentation policy. In a co-existence mode, the segmentation firewall operates in co-existence with a system firewall that enforces a security policy. The segmentation firewall is configured to either drop packets that do not match any permissive rule or pass packets that match a permissive rule to the system firewall to enable the system firewall to determine whether to drop or accept the passed packets. To enable efficient operation of the segmentation firewall when operating in co-existence with the system firewall, the segmentation firewall may include a plurality of rule chains and may be configured to exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy.

Techniques for managing threads involve acquiring respective runtime addresses and call information of a plurality of lock objects in a plurality of threads, and determining, from the plurality of lock objects, a first group of lock objects associated with first call information and a second group of lock objects associated with second call information different from the first call information. The techniques further involve providing an indication that a deadlock exists in the plurality of threads if it is determined that a first group of runtime addresses of the first group of lock objects overlaps with a second group of runtime addresses of the second group of lock objects. Accordingly, potential deadlocks in a plurality of threads can be analyzed, thereby avoiding the inability of the threads to proceed normally due to the deadlocks.

Presented herein are methods and systems for generating intermediate code files adjusted to prevent return oriented programming exploitation, comprising receiving compiled intermediate code file(s) comprise a plurality of routines and adjusting them prior to generation of a respective executable file for execution by one or more processor. The adjusting comprising analyzing a symbol table of the intermediate code file(s) to identify a beginning address of each of the routines, analyzing each of the routines to identify indirect branch instructions in the routines, and replacing each detected indirect branch instruction with invocation of a verification code segment configured to verify that the respective indirect branch instruction points to the beginning address of one of the routines. In runtime, the verification code segment causes the processor(s) to initiate one or more predefined actions in case the indirect branch instruction isn't pointing to the beginning address of one of the plurality of routines.

A processing unit employs microcode wherein the jump table associated with the microcode is embedded in the microcode itself. When the microcode is compiled based on a set of programmer instructions, the compiler prepares the jump table for the microcode and stores the jump table in the same file or other storage unit as the microcode. When the processing unit is initialized to execute a program, such as an operating system, the processing unit retrieves the microcode corresponding to the program from memory, stores the microcode in a cache or other memory module for execution, and automatically loads the embedded jump table from the microcode to a specified set of jump table registers, thereby preparing the processing unit to process received packets.

A method for implementing a function jump includes receiving a first function, searching, for an address of the first function, a first data structure in which addresses of a plurality of functions are stored, where a patch function used to replace the first function is available when the address of the first function is found, searching a second data structure for an address of the patch function based on the address of the first function, where correspondences between a plurality of functions and patch functions of the functions are stored in the second data structure, jumping from the first function to the patch function of the first function based on the address of the patch function of the first function, and executing the patch function of the first function to respond to the call to the first function.