When a program function is called, if the instructions for that function are not in active memory, a page fault occurs. Resolving a page fault includes a costly process of loading a page of object code instructions, into active memory, including the instructions for the called function. Technology is disclosed to reduce page faults by placing interrelated functions near each other within executable code based on a log of previous function calls. A log of function calls may be from observing the execution of applications over time. Computing devices can compute where to place functions within executable code by: obtaining the function call log; building a call graph based on the function call log; defining multiple node clusters within the call graph; and generating an ordered list of functions by sorting the node clusters. The ordered list of functions can then be provided during linking to determine function placements.

Systems of the present disclosure provide a versatile, reusable mock server to respond to Application-Programming-Interface (API) requests. The mock server receives an API request and a cookie associated with the API request. The API server identifies response instructions found in the cookie. The response instructions may include a static response value, a name of an API server for the mock server to imitate, or code for the mock server to execute in the process of generating a mock API response. The mock server generates a mock API response based on the response instructions and sends the mock API response in reply to the API request.

Systems of the present disclosure provide a versatile, reusable mock server to respond to Application-Programming-Interface (API) requests. The mock server receives an API request and a cookie associated with the API request. The API server identifies response instructions found in the cookie. The response instructions may include a static response value, a name of an API server for the mock server to imitate, or code for the mock server to execute in the process of generating a mock API response. The mock server generates a mock API response based on the response instructions and sends the mock API response in reply to the API request.

The present disclosure involves systems and computer-implemented methods for installing software hooks. One process includes identifying a target method and a hook code, where the hook code is to execute instead of at least a portion of the target method, and wherein the target method and the hook code are executed within a managed code environment. A compiled version of the target method and a compiled version of the hook code are located in memory, where the compiled versions of the target method and the hook code are compiled in native code. Then, the compiled version of the target method is modified to direct execution of at least a portion of the compiled version of the target method to the compiled version of the hook code. The non-compiled version of the target method may be originally stored as bytecode. The managed code environment may comprise a managed .NET environment.

Presented herein are methods and systems for generating intermediate code files adjusted to prevent return oriented programming exploitation, comprising receiving compiled intermediate code file(s) comprise a plurality of routines and adjusting them prior to generation of a respective executable file for execution by one or more processor. The adjusting comprising analyzing a symbol table of the intermediate code file(s) to identify a beginning address of each of the routines, analyzing each of the routines to identify indirect branch instructions in the routines, and replacing each detected indirect branch instruction with invocation of a verification code segment configured to verify that the respective indirect branch instruction points to the beginning address of one of the routines. In runtime, the verification code segment causes the processor(s) to initiate one or more predefined actions in case the indirect branch instruction isn't pointing to the beginning address of one of the plurality of routines.

Establishing a conditional branch frame barrier is described. A conditional branch in a function epilogue is used to provide frame-specific control. The conditional branch evaluates a return condition to determine whether to return from a callee function to a calling function, or to execute a slow path instead. The return condition is evaluated based on a thread local value. The thread local value is set such that returns to potentially unsafe frames in a call stack are prohibited. The prohibition to return to a potentially unsafe frame may be referred to as a frame barrier. Additionally, the thread local value may be used to establish safepointing and/or thread local handshakes, both after execution of a function body and after execution of a loop body.

Embodiments relate to optimizing an indirect call function. A compiler is provided to identify potential target functions and indicate the potential target functions in the program code. Additionally, the compiler determines and indicates in the program code that the function pointer value resulting from a non-call reference of a function symbol is solely used to perform indirect calls in the same module. A linker can read the indication the compiler made in the program code and optimize the indirect call function.

A method can include identifying fixed instructions of the instructions and relocatable instructions of the instructions, the fixed instructions reference another instruction of the instructions and the relocatable instructions do not reference another instruction of the instructions, altering the location of the relocatable instructions relative to one another in the memory and add respective reference instructions to the fixed instructions and relocatable instructions that cause the instructions to be executed in a same order as they would be if the location was not altered, and executing the fixed instructions and the relocatable instructions from their altered locations in the medium.

Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.