A method of running an application program across systems is proposed, the method comprises loading a target application program; applying for a memory space on a current operating system for the target application program; modifying an address of a global variable and an address of an absolute jump instruction in the target application program according to an address of the applied memory space to adapt to the memory space of the current operating system; obtaining a SWI instruction of the target application program; and redirecting the SWI instruction to an instruction of calling the current operating system.

Embodiments relate to lightweight interrupts for floating point exceptions. An aspect includes, based on an exception occurring in a floating point unit of a processor during execution of an application, sending a lightweight interrupt corresponding to the exception to the application; and handling the exception by an exception handler of the application.

Embodiments relate to using a local entry point with an indirect call function. More specifically, an indirect call function configuration comprises a first application module having a target function of the indirect function call, a second application module with a symbolic reference to the target function of the indirect function call, and a third application module to originate an indirect function call. A compiler is provided to identify potential target functions and indicate the potential target functions in the program code. A linker can read the indication the compiler made in the program code. The linker optimizes an indirect call site if the potential target functions are defined in the same module.

Techniques for generating an instrumented software package and executing an instance thereof are disclosed. A software package, such as a container image, includes a library of system call wrapper functions. An instrumented system call wrapper function includes (a) a corresponding system call wrapper function and (b) instrumentation code. Instrumentation code is configured to perform one or more of: (a) capturing data associated with executing the set of operations associated with requesting the system call, and (b) manipulating execution of the set of operations associated with requesting the system call. An instrumented library, including instrumented system call wrapper functions, is added to the software package to generate an instrumented software package. An instrumentation configuration is applied to an instance of the instrumented software package. The instrumentation configuration indicates which portions of instrumentation code to set to an on state, and which portions of instrumentation code to set to an off state.

A method and system resolving a computed call/jump target with computed behavior. The method begins with stripping a structured control flow graph of a computer program down to only those instructions that can reach a computed call/jump instruction of interest. The method continues by setting instruction semantics of the computed call/jump instruction of interest to a single assignment with a synthetic call target state variable whose value is a symbolic expression representing the computed call/jump target. The method continues by extracting a computed behavior of the stripped structured control flow graph in terms of the synthetic call target state variable and checking a resulting final value of the synthetic call target state variable in the resulting stripped program behavior. When the synthetic call target state variable is equal to a constant, the computed call/jump target has been resolved to the constant value, which is stored to computer storage.

A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

Systems of the present disclosure provide a versatile, reusable mock server to respond to Application-Programming-Interface (API) requests. The mock server receives an API request and a cookie associated with the API request. The API server identifies response instructions found in the cookie. The response instructions may include a static response value, a name of an API server for the mock server to imitate, or code for the mock server to execute in the process of generating a mock API response. The mock server generates a mock API response based on the response instructions and sends the mock API response in reply to the API request.

A segmentation firewall executing on a host enforces a segmentation policy. In a co-existence mode, the segmentation firewall operates in co-existence with a system firewall that enforces a security policy. The segmentation firewall is configured to either drop packets that do not match any permissive rule or pass packets that match a permissive rule to the system firewall to enable the system firewall to determine whether to drop or accept the passed packets. To enable efficient operation of the segmentation firewall when operating in co-existence with the system firewall, the segmentation firewall may include a plurality of rule chains and may be configured to exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy.

A hardware secure element is described. The hardware secure element includes a microprocessor and a memory, such as a non-volatile memory. The memory stores a plurality of software routines executable by the microprocessor. Each software routine starts at a respective memory start address. The hardware secure element also includes a receiver circuit and a hardware message handler module. The receiver circuit is configured to receive command data that includes a command. The hardware message handler module is configured to determine a software routine to be executed by the microprocessor as a function of the command, and also configured to provide address data to the microprocessor that indicates the software routine to be executed.

A method of running an application program across systems is proposed, the method comprises loading a target application program; applying for a memory space on a current operating system for the target application program; modifying an address of a global variable and an address of an absolute jump instruction in the target application program according to an address of the applied memory space to adapt to the memory space of the current operating system; obtaining a SWI instruction of the target application program; and redirecting the SWI instruction to an instruction of calling the current operating system.