This document explains how to use docker container in Ubuntu 14.04 VM for trying out cgroups without actually using the host/guest operating system. It talks about using 'cpu' subcomponent and demostrates the effect of process isolation by 'htop' utility.
The docker containers are very effective way of trying out things by launching a container using standard/custom docker image from docker hub or your own image repository.
Is your profiler speaking the same language as you? -- Docklands JUGSimon Maple
Profilers are absolute beasts. And profilers might prove useful to pinpoint the performance issues in your Java applications.
By using profilers, developers are fortunate to find the root cause of an issue at hand. However, it requires effort to actually comprehend the data collected by the profiler. Due to the inherent complexity of the data, one has to understand how this data is collected. And thus understand how the profiler actually works.
During this talk we will go through the classic profiler features. What is a hotspot? What is the difference between sampling and instrumentation from the profiler point of view? What are the problems with either of those methods? What is the time budget of the application? And more!
I will also showcase a new kid on the block among the profiling tools: XRebel. This tool provides insight into application behaviour and permits the developers to discover application level issues.
This talk presents a number of conceptual and technical challenges that we discovered while building JRebel. At first, the JVM wasn't designed for live updates, so we will talk about the engine that mitigates the problem. Secondly, the diversity of Java ecosystem, created by the variety of application servers, the frameworks and tools, makes it challenging in creating a generic solution that would fit the majority of developers. We will see, how Java platform itself allows us to develop a solution by applying bytecode instrumentation mechanism.
JRebel does live code reloading to ensure that the developer can keep instantly alternating between the developing environment and the web browser, to save wasted time and increase the productivity flow.
This document explains how to use docker container in Ubuntu 14.04 VM for trying out cgroups without actually using the host/guest operating system. It talks about using 'cpu' subcomponent and demostrates the effect of process isolation by 'htop' utility.
The docker containers are very effective way of trying out things by launching a container using standard/custom docker image from docker hub or your own image repository.
Is your profiler speaking the same language as you? -- Docklands JUGSimon Maple
Profilers are absolute beasts. And profilers might prove useful to pinpoint the performance issues in your Java applications.
By using profilers, developers are fortunate to find the root cause of an issue at hand. However, it requires effort to actually comprehend the data collected by the profiler. Due to the inherent complexity of the data, one has to understand how this data is collected. And thus understand how the profiler actually works.
During this talk we will go through the classic profiler features. What is a hotspot? What is the difference between sampling and instrumentation from the profiler point of view? What are the problems with either of those methods? What is the time budget of the application? And more!
I will also showcase a new kid on the block among the profiling tools: XRebel. This tool provides insight into application behaviour and permits the developers to discover application level issues.
This talk presents a number of conceptual and technical challenges that we discovered while building JRebel. At first, the JVM wasn't designed for live updates, so we will talk about the engine that mitigates the problem. Secondly, the diversity of Java ecosystem, created by the variety of application servers, the frameworks and tools, makes it challenging in creating a generic solution that would fit the majority of developers. We will see, how Java platform itself allows us to develop a solution by applying bytecode instrumentation mechanism.
JRebel does live code reloading to ensure that the developer can keep instantly alternating between the developing environment and the web browser, to save wasted time and increase the productivity flow.
Some of the biggest issues at the center of analyzing large amounts of data are query flexibility, latency, and fault tolerance. Modern technologies that build upon the success of “big data” platforms, such as Apache Hadoop, have made it possible to spread the load of data analysis to commodity machines, but these analyses can still take hours to run and do not respond well to rapidly-changing data sets.
A new generation of data processing platforms -- which we call “stream architectures” -- have converted data sources into streams of data that can be processed and analyzed in real-time. This has led to the development of various distributed real-time computation frameworks (e.g. Apache Storm) and multi-consumer data integration technologies (e.g. Apache Kafka). Together, they offer a way to do predictable computation on real-time data streams.
In this talk, we will give an overview of these technologies and how they fit into the Python ecosystem. As part of this presentation, we also released streamparse, a new Python that makes it easy to debug and run large Storm clusters.
Links:
* http://parse.ly/code
* https://github.com/Parsely/streamparse
* https://github.com/getsamsa/samsa
Cassandra sf 2015 - Steady State Data Size With Compaction, Tombstones, and TTL aaronmorton
Slides from my talk at Cassandra Summit 2015
http://cassandrasummit-datastax.com/agenda/steady-state-data-size-with-compaction-tombstones-and-ttl/
thelastpickle.com
Accelerating microbiome research with OpenACCIgor Sfiligoi
Presented at OpenACC Summit 2020.
UniFrac is a commonly used metric in microbiome research for comparing microbiome profiles to one another. Computing UniFrac on modest sample sizes used to take a workday on a server class CPU-only node, while modern datasets would require a large compute cluster to be feasible. After porting to GPUs using OpenACC, the compute of the same modest sample size now takes only a few minutes on a single NVIDIA V100 GPU, while modern datasets can be processed on a single GPU in hours. The OpenACC programming model made the porting of the code to GPUs extremely simple; the first prototype was completed in just over a day. Getting full performance did however take much longer, since proper memory access is fundamental for this application.
Video games are written as a main loop: process player input, update the state of the game, render a new frame to the screen, repeat. They do this 60 times a second, with millisecond timing. Most monitoring tools are also written as loops: send a probe, wait for the response, update a data store, sleep. Often this is done pretty slowly, maybe once a second! In video games if you can’t update fast enough, you skip the rendering step and the frame rate drops. With monitoring tools if your loop takes to long you also stop logging data as often, and instead of choppy gameplay you get gaps in your graphs, often when you need that data the most!
Let’s use ping as an example and see how we can rewrite its main loop to function more like a video game, keeping a high frame rate.
Presentació a càrrec d'Ismael Fernández i Cristian
Gomollón (tècnics d'Aplicacions al CSUC) duta a terme a la jornada de formació "Com usar el servei de càlcul del CSUC" celebrada el 8 d'octubre de 2019 al CSUC.
(PFC302) Performance Benchmarking on AWS | AWS re:Invent 2014Amazon Web Services
In this session, we explain how to measure the key performance-impacting metrics in a cloud-based application and best practices for a reliable benchmarking process. Measuring the performance of applications correctly can be challenging and there are many tools available to measure and track performance. This session will provide you with specific examples of good and bad tests. We make it clear how to get reliable measurements of and how to map benchmark results to your application. We also cover the importance of selecting tests wisely, repeating tests, and measuring variability. In addition a customer will provide real-life examples of how they developed their application testing stack, utilize it for repeatable testing and identify bottlenecks.
This presentation will give a quick introduction on how to use slurm, the scheduler that runs programs (scripts) in HPC. Targeted for audience who are new to the Lawrencium or who may want to learn a few more things in troubleshooting their jobs.
Lecture 7: Introduction to Quantum Chemical Simulation graduate course taught at MIT in Fall 2014 by Heather Kulik. This course covers: wavefunction theory, density functional theory, force fields and molecular dynamics and sampling.
With the increasing adoption of cloud native technologies and containerization; the gap between Java development and system administration is decreasing. Whether you are using Docker Swarm, Kubernetes or Mesos as a container orchestrator; fundamental challenges for running docker in production are common.
In this talk, I would like to share some of the basic linux concepts (like memory management, CPU, IO, sockets, file descriptors, signals, OOM killer) every Java Developer should know to be able to perform effective configuration and troubleshooting for docker containers.
Agenda:
Have you ever wondered what happens when the kernel fires up? What is going on under the hood before init process is executed?
This talk will go into great depths explaining the entire process. From linker tricks and init sections to mounting and locating the init process to execute.
Speaker:
Boaz Taitler, experienced kernel developer.
Presentation from DICE Coder's Day (2010 November) by Andreas Fredriksson in the Frostbite team.
Goes into detail about Scope Stacks, which are a systems programming tool for memory layout that provides
• Deterministic memory map behavior
• Single-cycle allocation speed
• Regular C++ object life cycle for objects that need it
This makes it very suitable for games.
This presentation is Part 2 of 3 illustrating ARM® Cortex™ M boot sequence. Hands on illustration uses EFM®32 Zero Gecko starter kit based on Cortex M0+ core from Silicon Labs.
Simplicity Studio IDE from Silicon Labs was used to create a sample project (Bundled with Simplicity Studio), set breakpoints and inspect various entry points and other points of interest to get a introductory look at Cortex boot sequence
Some of the biggest issues at the center of analyzing large amounts of data are query flexibility, latency, and fault tolerance. Modern technologies that build upon the success of “big data” platforms, such as Apache Hadoop, have made it possible to spread the load of data analysis to commodity machines, but these analyses can still take hours to run and do not respond well to rapidly-changing data sets.
A new generation of data processing platforms -- which we call “stream architectures” -- have converted data sources into streams of data that can be processed and analyzed in real-time. This has led to the development of various distributed real-time computation frameworks (e.g. Apache Storm) and multi-consumer data integration technologies (e.g. Apache Kafka). Together, they offer a way to do predictable computation on real-time data streams.
In this talk, we will give an overview of these technologies and how they fit into the Python ecosystem. As part of this presentation, we also released streamparse, a new Python that makes it easy to debug and run large Storm clusters.
Links:
* http://parse.ly/code
* https://github.com/Parsely/streamparse
* https://github.com/getsamsa/samsa
Cassandra sf 2015 - Steady State Data Size With Compaction, Tombstones, and TTL aaronmorton
Slides from my talk at Cassandra Summit 2015
http://cassandrasummit-datastax.com/agenda/steady-state-data-size-with-compaction-tombstones-and-ttl/
thelastpickle.com
Accelerating microbiome research with OpenACCIgor Sfiligoi
Presented at OpenACC Summit 2020.
UniFrac is a commonly used metric in microbiome research for comparing microbiome profiles to one another. Computing UniFrac on modest sample sizes used to take a workday on a server class CPU-only node, while modern datasets would require a large compute cluster to be feasible. After porting to GPUs using OpenACC, the compute of the same modest sample size now takes only a few minutes on a single NVIDIA V100 GPU, while modern datasets can be processed on a single GPU in hours. The OpenACC programming model made the porting of the code to GPUs extremely simple; the first prototype was completed in just over a day. Getting full performance did however take much longer, since proper memory access is fundamental for this application.
Video games are written as a main loop: process player input, update the state of the game, render a new frame to the screen, repeat. They do this 60 times a second, with millisecond timing. Most monitoring tools are also written as loops: send a probe, wait for the response, update a data store, sleep. Often this is done pretty slowly, maybe once a second! In video games if you can’t update fast enough, you skip the rendering step and the frame rate drops. With monitoring tools if your loop takes to long you also stop logging data as often, and instead of choppy gameplay you get gaps in your graphs, often when you need that data the most!
Let’s use ping as an example and see how we can rewrite its main loop to function more like a video game, keeping a high frame rate.
Presentació a càrrec d'Ismael Fernández i Cristian
Gomollón (tècnics d'Aplicacions al CSUC) duta a terme a la jornada de formació "Com usar el servei de càlcul del CSUC" celebrada el 8 d'octubre de 2019 al CSUC.
(PFC302) Performance Benchmarking on AWS | AWS re:Invent 2014Amazon Web Services
In this session, we explain how to measure the key performance-impacting metrics in a cloud-based application and best practices for a reliable benchmarking process. Measuring the performance of applications correctly can be challenging and there are many tools available to measure and track performance. This session will provide you with specific examples of good and bad tests. We make it clear how to get reliable measurements of and how to map benchmark results to your application. We also cover the importance of selecting tests wisely, repeating tests, and measuring variability. In addition a customer will provide real-life examples of how they developed their application testing stack, utilize it for repeatable testing and identify bottlenecks.
This presentation will give a quick introduction on how to use slurm, the scheduler that runs programs (scripts) in HPC. Targeted for audience who are new to the Lawrencium or who may want to learn a few more things in troubleshooting their jobs.
Lecture 7: Introduction to Quantum Chemical Simulation graduate course taught at MIT in Fall 2014 by Heather Kulik. This course covers: wavefunction theory, density functional theory, force fields and molecular dynamics and sampling.
With the increasing adoption of cloud native technologies and containerization; the gap between Java development and system administration is decreasing. Whether you are using Docker Swarm, Kubernetes or Mesos as a container orchestrator; fundamental challenges for running docker in production are common.
In this talk, I would like to share some of the basic linux concepts (like memory management, CPU, IO, sockets, file descriptors, signals, OOM killer) every Java Developer should know to be able to perform effective configuration and troubleshooting for docker containers.
Agenda:
Have you ever wondered what happens when the kernel fires up? What is going on under the hood before init process is executed?
This talk will go into great depths explaining the entire process. From linker tricks and init sections to mounting and locating the init process to execute.
Speaker:
Boaz Taitler, experienced kernel developer.
Presentation from DICE Coder's Day (2010 November) by Andreas Fredriksson in the Frostbite team.
Goes into detail about Scope Stacks, which are a systems programming tool for memory layout that provides
• Deterministic memory map behavior
• Single-cycle allocation speed
• Regular C++ object life cycle for objects that need it
This makes it very suitable for games.
This presentation is Part 2 of 3 illustrating ARM® Cortex™ M boot sequence. Hands on illustration uses EFM®32 Zero Gecko starter kit based on Cortex M0+ core from Silicon Labs.
Simplicity Studio IDE from Silicon Labs was used to create a sample project (Bundled with Simplicity Studio), set breakpoints and inspect various entry points and other points of interest to get a introductory look at Cortex boot sequence
invited netflix talk: JVM issues in the age of scale! We take an under the hood look at java locking, memory model, overheads, serialization, uuid, gc tuning, CMS, ParallelGC, java.
Five cool ways the JVM can run Apache Spark fasterTim Ellison
The IBM JVM runs Apache Spark fast! This talk explains some of the findings and optimizations from our experience of running Spark workloads.
The talk was originally presented at the SparkEU Summit 2015 in Amsterdam.
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!
Container Performance Analysis Brendan Gregg, NetflixDocker, Inc.
Containers pose interesting challenges for performance monitoring and analysis, requiring new analysis methodologies and tooling. Resource-oriented analysis, as is common with systems performance tools and GUIs, must now account for both hardware limits and soft limits, as implemented using resource controls including cgroups. The interaction between containers can also be examined, and noisy neighbors either identified of exonerated. Performance tooling can also need special usage or workarounds to function properly from within a container or on the host, to deal with different privilege levels and name spaces. At Netflix, we're using containers for some microservices, and care very much about analyzing and tuning our containers to be as fast and efficient as possible. This talk will show how to successfully analyze performance in a Docker container environment, and navigate differences encountered.
Pragmatic Optimization in Modern Programming - Ordering Optimization ApproachesMarina Kolpakova
The slides give an idea about how to look pragmatically at software optimization and order optimization approaches according to this pragmatic point of view
Best Practices for performance evaluation and diagnosis of Java Applications ...IndicThreads
Session Presented at 5th IndicThreads.com Conference On Java held on 10-11 December 2010 in Pune, India
WEB: http://J10.IndicThreads.com
------------
Enterprise applications typically comprise of multi layered stacks including the application modules, application servers, the Java Virtual Machine and the underlying Operating System. Consequently the performance of these applications are a factor of these different layers. In the eventuality of a performance problem, it is often difficult to determine the starting point for diagnosis. The Java Virtual Machine is the ‘engine’ for most of the applications. It is responsible broadly for efficient execution and memory management of applications. End users have difficulty attributing the effect of the JVM on the performance of the application. This is because usually JVM is viewed as a ‘black box’.
This talk provides an insight into the key subsystems of the JVM by looking under the hood of a high performance JVM. It ventures onto talk about approaches and techniques for analyzing performance issues. It concludes by introducing the audience to a tool called the “Health Center” which is useful for evaluating and comprehending the JVM behavior of a running application in an unobtrusive, lightweight manner.
Takeaways for the Audience A better understanding of key JVM components, approaches and techniques to diagnose performance issues and performance evaluation using the Health Center
SRV402 Deep Dive on Amazon EC2 Instances, Featuring Performance Optimization ...Amazon Web Services
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and Accelerated Computing (GPU and FPGA) instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
SRV402 Deep Dive on Amazon EC2 Instances, Featuring Performance Optimization ...Amazon Web Services
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and Accelerated Computing (GPU and FPGA) instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
GPU programing
The Brick Wall -- UC Berkeley's View
Power Wall: power expensive, transistors free
Memory Wall: Memory slow, multiplies fast ILP Wall: diminishing returns on more ILP HW
Presentació a càrrec de Cristian Gomollon, tècnic d'Aplicacions al CSUC, duta a terme a la "5a Jornada de formació sobre l'ús del servei de càlcul" celebrada el 16 de març de 2021 en format virtual.
Similar to Improving app performance using .Net Core 3.0 (20)
Reignite your desire to improve (NDC Sydney 2018)Richard Banks
"We're doing pretty well. There's not much to improve on" #sigh
It's so, so easy to get improvement fatigue. To become overly familiar and comfortable with the little dysfunctions in how you and your team work. To stop improving and start missing out on the fresh ideas and experiments that could elevate your team beyond the level they're currently working at.
Let's explore the common problems teams often become comfortable with, and ideas for addressing them. Let's explore what you could try that can help your team think differently, to challenge the status quo, and to help you and your team reinvigorate your desire to improve and to raise your game to the next level!
Microservices with .Net - NDC Sydney, 2016Richard Banks
Presented at NDC Sydney, August 2016
Thanks to organisations like Netflix, and the need to develop solutions that scale well in the cloud, microservices have become the hot new topic. Yet, for all the talk, there are few practical examples of how you actually build a microservice in .NET.
It's time to fix that little oversight as we show you how you can build a microservices based solution using .NET, and a number of open source tools (EventStore, RabbitMq and Redis to name a few).
You'll also get to understand the pros and cons of a microservices solution and consider how a microservices approach might impact how you and your team relate to your customers.
CQRS and what it means for your architectureRichard Banks
A session on the CQRS pattern (Command Query Responsibility Separation) with C# code samples, and a discussion of what it means for your architecture and when and why you should use it. First presented at the Sydney Alt.Net group in June 2016.
Presentation from DDD Sydney, May 28th, 2016
Buzz word! More buzz words! And another buzz word!! Now that that's out of the way, if you're thinking of heading down the microservices path, then how do you do it? How do you build the services? What do you need to think about if you're starting from scratch? What if you're converting a legacy app? How do we deal with versioning? Do we have to use a NoSQL solution, just because Netflix does? Do we need to use docker/containers? What about the code? Show me the code! Well, that's what this session is all about. Designing and building microservices in .NET and then handling a bunch of other concerns that a microservices approach will force you to think about. Sounds interesting, doesn't it? You betcha.
No matter how good your design or how well the big pieces of your architecture fit together it's the little things that really count. The little things are the things that can take your vision of beauty and either make it a reality or turn it into a thing of nightmares. This deck talks about what these little things are, the impact they have and, most importantly, what to do about them.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
4. Reduced memory allocations
Less time spent in GC collections and less overall GC pressure
Less time allocating and deallocating objects means more CPU for you
Across the framework, lots of small improvements over many classes.
6. Span<T>
https://adamsitnik.com/Span/
Stack access only (use Memory<T> for the heap)
Can’t use it as a field in a class (since a class is on the heap) but can use it in a struct.
Can’t do async/await with it (since the compiler creates a state machine… on the heap)
8. Memory<T>
Has a .Span property that you can use to get a Span in a method
Create it from a string, array, or something implementing IOwnedMemory.
Lots of methods in .NET Core 2.1+ take Spans as arguments.
Many more do so in .NET Core 3.0 (.Net Standard 2.1)
https://apisof.net/
Base64.EncodeToUtf8(ReadOnlySpan<Byte>,Span<Byte>,Int32,Int32,Boolean)
9. System.Buffers.ArrayPool
Object pooling pattern - https://www.codeproject.com/articles/20848/c-object-pooling
In .NET Core (System.Buffers) - https://adamsitnik.com/Array-Pool/
var samePool = ArrayPool<byte>.Shared;
byte[] buffer = samePool.Rent(minLength);
try {
Use(buffer);
} finally {
samePool.Return(buffer);
}
Cheaper as soon as you need 1K of memory (or more) – and no allocations required.
12. ref locals and ref returns
ref int Max(ref int first, ref int second, ref int third) {
ref int max = ref first;
if (first < second) max = second;
if (second < third) max = third;
return ref max;
}
The method result is simply a reference to whichever value was the largest.
It has zero allocations.
13. Reduce casting and boxing
Warning: Casting to generic interfaces is sloooow!
https://www.danielcrabtree.com/blog/191/casting-to-ienumerable-t-is-two-orders-of-
magnitude-slower
Boxing operations create invisible allocations. Some boxing operations are hard to spot.
14. LINQ & Closures
class Symbol { public string Name { get; private set; } /*...*/
}
class Compiler {
private List<Symbol> symbols;
public Symbol FindMatchingSymbol(string name) {
return symbols.FirstOrDefault(s => s.Name == name);
}
}
private class Lambda1Environment {
public string capturedName;
public bool Evaluate(Symbol s) {
return s.Name == this.capturedName;
}
}
Lambda1Environment l = new Lambda1Environment
capturedName = name };
var predicate = new Func<Symbol, bool>(l.Evaluate);
Func<Symbol, bool> predicate = s => s.Name == name;
return symbols.FirstOrDefault(predicate);
Boxing operation.
FirstOrDefault() is an extension
method on IEnumerable<T>
Compiles to…
15. Alternative implementation?
Not as pretty, but no allocations.
foreach will use the List<T> iterator. No casting and no hidden lambda code.
public Symbol FindMatchingSymbol(string name)
{
foreach (Symbol s in symbols)
{
if (s.Name == name) return s;
}
return null;
}
16. MemoryMarshal (helps with Spans)
public Span<byte> FloatsToSpanOfBytes() => MemoryMarshal.Cast<float, byte>(arrayOfFloats);
----
[StructLayout(LayoutKind.Explicit)]
public struct Bid {
[FieldOffset(0)] public float Value;
[FieldOffset(4)] public long ProductId;
[FieldOffset(12)] public long UserId;
[FieldOffset(20)] public DateTime Time;
}
…
public Bid Deserialize(ReadOnlySpan<byte> serialized) => MemoryMarshal.Read<Bid>(serialized);
17. stackalloc Keyword
Allows you to directly allocate memory on the stack
Don’t overdo it and keep it for short-lived usage
Beware: It’s easy to misuse this and make things worse
Span<byte> bytes = length <= 128 ?
stackalloc byte[length] :
new byte[length];
18. Platform Instrinsics
System.Runtime.Intrinsics – let you use hardware accelerated SIMD specific to ARM, x64, etc.
https://bits.houmus.org/2018-08-18/netcoreapp3.0-instrinsics-in-real-life-pt1
For general use the platform independent Vector SIMD instructions are preferred.
(check System.Numerics.Vector.IsHardwareAccelerated)
19. Theory Time is Over
LET’S IMPROVE THE PERFORMANCE OF “SOMETHING”
23. Let’s work with some real code!
Our target library: PdfPig
Features:
* Targets .NET Standard 2.0
* Port of Apache PDFBox to C#
* Has lots of tests
(And it’s not something I’d seen before prepping this session)
25. What we’ll do
Measure current performance (using .NET Core 2.2)
Upgrade to .NET Core 3.0 prev. 7 & compare performance
Analyse performance using PerfView
Run microbenchmarks to measure specific performance areas
26. What you’ll do
Clone https://github.com/rbanks54/PdfPig
◦ use the benchmarks branch
Identify an area you want to improve
Go ahead. Try and improve it. And prove it.
Suggested developer loop:
1. Ensure all unit tests pass & baseline current performance
2. Make a change
3. Check unit tests still pass
4. Measure new performance and compare with baseline
5. Repeat from step 2 until happy