In an example, a computing device may include a trusted execution environment (TEE) for executing signed and verified code. The device may receive a trusted binary object in a first form, but the object may need to be converted to a second format, either on-the-fly, or in advance. This may include, for example, a bytecode interpreter, script interpreter, runtime engine, compiler, just-in-time compiler, or other species of binary translator. The binary translator may be run from the TEE, and the output may then be signed by the TEE and treated as a new trusted binary.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically classifying static analysis rules as being anomalous or not. One of the methods includes receiving alerts generated by a particular static analysis rule for a plurality of different software projects analyzed by a static analysis system. For each project, a respective alert proportion metric value is computed. Each of the plurality of different software projects is classified according to the alert proportion metric values as being one non-outlier projects or outlier projects. If more than a threshold number of projects were classified as being outlier projects for the particular static analysis rule, the particular static analysis rule is classified as an anomalous static analysis rule.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating efficient compiled code. In an example method, a compilation system obtains an un-optimized computational graph comprising a plurality of nodes representing operations and directed edges representing data dependencies. The un-optimized computational graph is analyzed using pattern matching to determine fusable operations that can be fused together into a single fusion operation. The un-optimized computational graph is transformed into an optimized computational graph by replacing the nodes representing the fusable operations in the un-optimized computational graph with a fusion node representing the single fusion operation. The compilation system produces efficient code by translating the fusion node of the optimized computational graph as a call that performs the fused operations.

The disclosed computer-implemented method for threat detection using a software program update profile may include (1) building an update behavioral model that identifies legitimate update behavior for a software application by (a) monitoring client devices for update events associated with the software application and (b) analyzing the update events to identify the legitimate update behavior of the software application, (2) using the update behavioral model to identify suspicious behavior on a computing system by (a) detecting an update instance on the computing system, (b) comparing the update instance with the legitimate update behavior identified in the update behavioral model, and (c) determining, based on the comparison of the update instance with the legitimate update behavior, that the update instance is suspicious, and (3) in response to determining that the update instance is suspicious, performing a security action. Various other methods, systems, and computer-readable media are also disclosed.

A method and computing device for generating an intermediate representation of received source code for compiling or interpreting on the computing device are disclosed. The method may include receiving source code at the computing device and finding similar source code cached on the computing device that is not the same as the received source code. The received source code is compared to the similar source code to determine one or more differences between the received source code and the similar source code. Metadata for the similar source code is accessed, an intermediate representation of the cached source code is retrieved, and the intermediate representation of the cached source code is first copied and the copy is modified using the one or more differences in connection with the metadata to generate an intermediate representation for the received source code.

A smart tuple manager includes a mechanism for splitting a smart tuple, and for automatically generating one or more classes from existing classes when a smart tuple is split. When a first smart tuple is split into second and third new smart tuples, classes for the second and third smart tuples are automatically generated from the class for the first smart tuple. The classes for the second and third smart tuples are subsets of the data elements and code segments in the first class. After a class is automatically generated, new code segments may be added to the class as needed.

A method, and associated computer system and computer program product. A change of runtime code is detected by one or more processors of the computer system. The change is detected in a debugging session on a first machine. The runtime code is obtained from source code that is developed on a second machine that is different from the first machine. In response to the change being detected, a portion of the source code associated with the detected change is determined, by the one or more processors, based on a profile. The profile indicates a mapping between the source code and the runtime code. The portion of the source code is caused, by the one or more processors, to be updated based on the detected change in the runtime code.

Methods, apparatuses, systems, and implementations of a zero silent data corruption (ZDC) compiler technique are disclosed. The ZDC technique may use an effective instruction duplication approach to protect programs from soft errors. The ZDC may also provide an effective control flow checking mechanism to detect most control flow errors. The ZDC technique may provide a failure percentage close to zero while incurring a lower performance overhead than prior art systems. The ZDC may also be effectively applied in a multi-thread environment.

In a virtual machine that uses a just-in-time complier (JITC) as a software execution environment, an idle time of a core to which the JITC is allocated is utilized to generate machine code in advance, thereby reducing a load on an interpreter. Accordingly, code execution performance of the interpreter is improved, and the utilization of a multi-core system that executes applications is increased.

Apparatus, systems, and methods for a compiler are described. One such compiler converts source code into an automaton comprising states and transitions between the states, wherein the states in the automaton include a special purpose state that corresponds to a special purpose hardware element. The compiler converts the automaton into a netlist, and places and routes the netlist to provide machine code for configuring a target device.