So you've been deploying Java in the cloud and are wondering how to handle the new world of containers, microservices, and memory constraints. Cold starts got you down? Come to this session to learn about how the OpenJ9 and the JVM in general can help you on your Cloud Native journey.
The document discusses the architecture of the Linux kernel. It describes the user space and kernel space components. In user space are the user applications, glibc library, and each process's virtual address space. In kernel space are the system call interface, architecture-independent kernel code, and architecture-dependent code. It then covers several kernel subsystems like process management, memory management, virtual file system, network stack, and device drivers.
Linux Binary Exploitation - Return-oritend ProgramingAngel Boy
The document discusses using return-oriented programming (ROP) to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It describes using the procedure linkage table (PLT) to leak the address of functions like puts to bypass ASLR. A ROP chain is then constructed to call read to read "/bin/sh" into memory and execute it, achieving arbitrary code execution.
Broken benchmarks, misleading metrics, and terrible tools. This talk will help you navigate the treacherous waters of Linux performance tools, touring common problems with system tools, metrics, statistics, visualizations, measurement overhead, and benchmarks. You might discover that tools you have been using for years, are in fact, misleading, dangerous, or broken.
The speaker, Brendan Gregg, has given many talks on tools that work, including giving the Linux PerformanceTools talk originally at SCALE. This is an anti-version of that talk, to focus on broken tools and metrics instead of the working ones. Metrics can be misleading, and counters can be counter-intuitive! This talk will include advice for verifying new performance tools, understanding how they work, and using them successfully.
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
The document compares eBPF, XDP and DPDK for packet inspection. It describes the speaker's experience using these tools to build a virtual machine that can handle 10Gbps of traffic and drop packets to mitigate DDoS attacks. It details how eBPF and XDP were able to achieve higher packet drop rates than iptables or a custom module. While DPDK could drop traffic at line rate, it required specialized hardware and expertise. Ultimately, XDP provided the best balance of performance, driver support and programmability using eBPF to drop millions of packets per second.
Android boot time optimization involves measuring boot times, analyzing the results, and reducing times. Key areas of focus include the bootloader, kernel initialization, zygote class preloading, and system service startup. Hibernation technologies like QuickBoot and Fast-On can improve resume speeds by saving a system image to flash. The "R-Loader" concept aims to minimize hardware re-initialization on resume by directly loading a suspended kernel image.
BPF (Berkeley Packet Filter) allows for safe dynamic program injection into the Linux kernel. It provides an in-kernel virtual machine and instruction set for running custom programs. The BPF infrastructure includes a verifier that checks programs for safety, helper functions to access kernel APIs, and maps for inter-process communication. BPF has become a core kernel subsystem and is used for applications like XDP, tracing, networking, and more.
Published on 11 may, 2018
Chainer is a deep learning framework which is flexible, intuitive, and powerful.
This slide introduces some unique features of Chainer and its additional packages such as ChainerMN (distributed learning), ChainerCV (computer vision), ChainerRL (reinforcement learning), Chainer Chemistry (biology and chemistry), and ChainerUI (visualization).
OpenStack DevStack Install - 2부 (Multi-nodes)Ian Choi
OLC 온라인 강좌 중 DevStack에 대한 두 번째 자료입니다.
( URL: http://olc.kr/course/course_online_view.jsp?id=480&cid=523 )
DevStack은 OpenStack을 실제 구성하는 대신, 개발 및 테스트 용도로 쉽게 설치 가능한 스크립트입니다.
2부에서는 Multi-nodes 모드 설치 과정을 설명하며, Icehouse Release 기반의 실습 내용을 포함하였습니다.
The document discusses the architecture of the Linux kernel. It describes the user space and kernel space components. In user space are the user applications, glibc library, and each process's virtual address space. In kernel space are the system call interface, architecture-independent kernel code, and architecture-dependent code. It then covers several kernel subsystems like process management, memory management, virtual file system, network stack, and device drivers.
Linux Binary Exploitation - Return-oritend ProgramingAngel Boy
The document discusses using return-oriented programming (ROP) to bypass address space layout randomization (ASLR) and data execution prevention (DEP). It describes using the procedure linkage table (PLT) to leak the address of functions like puts to bypass ASLR. A ROP chain is then constructed to call read to read "/bin/sh" into memory and execute it, achieving arbitrary code execution.
Broken benchmarks, misleading metrics, and terrible tools. This talk will help you navigate the treacherous waters of Linux performance tools, touring common problems with system tools, metrics, statistics, visualizations, measurement overhead, and benchmarks. You might discover that tools you have been using for years, are in fact, misleading, dangerous, or broken.
The speaker, Brendan Gregg, has given many talks on tools that work, including giving the Linux PerformanceTools talk originally at SCALE. This is an anti-version of that talk, to focus on broken tools and metrics instead of the working ones. Metrics can be misleading, and counters can be counter-intuitive! This talk will include advice for verifying new performance tools, understanding how they work, and using them successfully.
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
The document compares eBPF, XDP and DPDK for packet inspection. It describes the speaker's experience using these tools to build a virtual machine that can handle 10Gbps of traffic and drop packets to mitigate DDoS attacks. It details how eBPF and XDP were able to achieve higher packet drop rates than iptables or a custom module. While DPDK could drop traffic at line rate, it required specialized hardware and expertise. Ultimately, XDP provided the best balance of performance, driver support and programmability using eBPF to drop millions of packets per second.
Android boot time optimization involves measuring boot times, analyzing the results, and reducing times. Key areas of focus include the bootloader, kernel initialization, zygote class preloading, and system service startup. Hibernation technologies like QuickBoot and Fast-On can improve resume speeds by saving a system image to flash. The "R-Loader" concept aims to minimize hardware re-initialization on resume by directly loading a suspended kernel image.
BPF (Berkeley Packet Filter) allows for safe dynamic program injection into the Linux kernel. It provides an in-kernel virtual machine and instruction set for running custom programs. The BPF infrastructure includes a verifier that checks programs for safety, helper functions to access kernel APIs, and maps for inter-process communication. BPF has become a core kernel subsystem and is used for applications like XDP, tracing, networking, and more.
Published on 11 may, 2018
Chainer is a deep learning framework which is flexible, intuitive, and powerful.
This slide introduces some unique features of Chainer and its additional packages such as ChainerMN (distributed learning), ChainerCV (computer vision), ChainerRL (reinforcement learning), Chainer Chemistry (biology and chemistry), and ChainerUI (visualization).
OpenStack DevStack Install - 2부 (Multi-nodes)Ian Choi
OLC 온라인 강좌 중 DevStack에 대한 두 번째 자료입니다.
( URL: http://olc.kr/course/course_online_view.jsp?id=480&cid=523 )
DevStack은 OpenStack을 실제 구성하는 대신, 개발 및 테스트 용도로 쉽게 설치 가능한 스크립트입니다.
2부에서는 Multi-nodes 모드 설치 과정을 설명하며, Icehouse Release 기반의 실습 내용을 포함하였습니다.
The document describes how to build a virtual machine (VM). It discusses what a VM is and why we want one. The goal is to simulate a simple computer using bytecodes. An instruction set is defined including operations like add, subtract, branch, load, store, print. The bytecode format and a sample program are shown. The VM will fetch, decode and execute instructions in a cycle, operating on a stack. Implementing functions is also discussed.
Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg.
There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes.
This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.
Linux Native, HTTP Aware Network SecurityThomas Graf
Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel itself, Cilium security policies can be applied and updated without any changes to the application code or container configuration.
Android uses cgroups to monitor system memory usage via the Low Memory Killer daemon and to group processes for effective CPU sharing. Cgroups are used to create mount points for memory and CPU control groups. The LMK daemon uses cgroups to receive memory pressure events and kill processes as needed. Init.rc uses cgroups to create groups for real-time and background tasks and assign CPU shares. Android further groups processes by scheduling policy for scheduling priorities.
Here are some key things to practice with regular expressions using grep, sed and awk:
- Use grep to search files for patterns using basic regex metacharacters like ^, $, ., *, [, ], etc.
- Use sed for search and replace operations on files using regex to match patterns
- Use awk to parse files into fields based on delimiters like space, comma etc and perform operations on the fields stored in variables $1, $2 etc.
- Write simple awk scripts to print, filter and manipulate data from files. For example print certain fields, filter rows, perform calculations etc.
- Learn about more advanced regex features supported by tools like extended regex in grep, backreferences in sed etc
Embedded Systems are basically Single Board Computers (SBCs) with limited and specific functional capabilities. All the components that make up a computer like the Microprocessor, Memory Unit, I/O Unit etc. are hosted on a single board. Their functionality is subject to constraints, and is embedded as a part of the complete device including the hardware, in contrast to the Desktop and Laptop computers which are essentially general purpose (Read more about what is embedded system). The software part of embedded systems used to be vendor specific instruction sets built in as firmware. However, drastic changes have been brought about in the last decade driven by the spurt in technology, and thankfully, the Moore’s Law. New, smaller, smarter, elegant but more powerful and resource hungry devices like Smart-phones, PDAs and cell-phones have forced the vendors to make a decision between hosting System Firmware or full-featured Operating Systems embedded with devices. The choice is often crucial and is decided by parameters like scope, future expansion plans, molecularity, scalability, cost etc. Most of these features being inbuilt into Operating Systems, hosting operating systems more than compensates the slightly higher cost overhead associated with them. Among various Embedded System Operating Systems like VxWorks, pSOS, QNX, Integrity, VRTX, Symbian OS, Windows CE and many other commercial and open-source varieties, Linux has exploded into the computing scene. Owing to its popularity and open source nature, Linux is evolving as an architecturally neutral OS, with reliable support for popular standards and features
Presentation at Android Builders Summit 2012.
Based on the experience of working with ODM companies and SoC vendors, this session would discuss how to figure out the performance hotspot of certain Android devices and then improve in various areas including graphics and boot time. This session consists of the detailed components which seem to be independent from each other in traditional view. However, the situation changes a lot in Android system view since everything is coupled in a mass. Three frequently mentioned items in Android engineering are selected as the entry points: 2D/3D graphics, runtime, and boot time. Audience: Developers who work on Android system integration and platform enablement.
The future of RISC-V Supervisor Binary Interface(SBI)Atish Patra
The document discusses the RISC-V Supervisor Binary Interface (SBI), which provides an interface to access machine mode registers from supervisor mode. It notes limitations with the current SBI specification and proposes extensions to make it more extensible. This includes developing an OpenSBI project to provide a standardized open source SBI implementation that bootloaders can use.
Course 102: Lecture 25: Devices and Device Drivers Ahmed El-Arabawy
This lecture discusses the concept of Linux device Drivers and Kernel Loadable Modules in general. It shows how to handle them such as loading/unloading ,and querying for their info. It also discusses the role of device files and how it binds to device drivers in the Linux Kernel
Video for this lecture on youtube:
http://www.youtube.com/watch?v=5qhgMyPyvVE
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
Ahmed ElArabawy
- https://www.linkedin.com/in/ahmedelarabawy
This document discusses making Linux capable of hard real-time performance. It begins by defining hard and soft real-time systems and explaining that real-time does not necessarily mean fast but rather determinism. It then covers general concepts around real-time performance in Linux like preemption, interrupts, context switching, and scheduling. Specific features in Linux like RT-Preempt, priority inheritance, and threaded interrupts that improve real-time capabilities are also summarized.
Understanding of linux kernel memory modelSeongJae Park
SeongJae Park introduces himself and his work contributing to the Linux kernel memory model documentation. He developed a guaranteed contiguous memory allocator and maintains the Korean translation of the kernel's memory barrier documentation. The document discusses how the increasing prevalence of multi-core processors requires careful programming to ensure correct parallel execution given relaxed memory ordering. It notes that compilers and CPUs optimize for instruction throughput over programmer goals, and memory accesses can be reordered in ways that affect correctness on multi-processors. Understanding the memory model is important for writing high-performance parallel code.
OpenNMS is an open source network management platform that can monitor large, complex networks. It is enterprise-grade, supporting over 60,000 devices on a single instance. OpenNMS uses a modular architecture that allows for integration of other monitoring tools. It is published under the GPL license and all components are open source. OpenNMS focuses on provisioning, event and notification management, service assurance, and performance data collection across networks.
Falco is an open source runtime security monitor for containers that detects anomalous activity using rules. It builds on Sysdig by instrumenting the kernel and collecting system calls and events. Falco rules define suspicious behaviors and integrate signals from the kernel, containers, and Kubernetes. Falco detects threats by matching patterns in real time and alerts on suspicious activity, helping operators enforce policies and spot abnormal behavior.
Linux has become integral part of Embedded systems. This three part presentation gives deeper perspective of Linux from system programming perspective. Stating with basics of Linux it goes on till advanced aspects like thread and IPC programming.
This document provides 15 examples of using the Linux grep command to search files for text patterns. Some key examples include searching for a string in single or multiple files, ignoring case, using regular expressions to match patterns, displaying lines before/after/around matches, inverting matches, counting matches, and highlighting matched text. The examples demonstrate many useful grep options for finding text in files.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
This document discusses adding support for PCI Express and new chipset emulation to Qemu. It introduces a new Q35 chipset emulator with support for 64-bit BAR, PCIe MMCONFIG, multiple PCI buses and slots. Future work includes improving PCIe hotplug, passthrough and power management as well as switching the BIOS to SeaBIOS and improving ACPI table support. The goal is to modernize Qemu's emulation of PCI features to match capabilities of newer hardware.
Performance Analysis Tools for Linux Kernellcplcp1
Perf is a collection of Linux kernel tools for performance monitoring and profiling. It provides sampling and profiling of the system to analyze performance bottlenecks. Perf supports hardware events from the CPU performance counters, software events from the kernel, and tracepoint events from the kernel and loaded modules. It offers tools like perf record to sample events and store them, perf report to analyze stored samples, and perf trace to trace system events in real-time.
Often called as the Swiss Army Knife of Embedded Linux, BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It is written with size-optimization
and limited resources in mind. Here is a presentation that details about BusyBox.
PowerShell is an automation engine and scripting language that provides a shell environment and replaces CMD in Windows. It allows for variables, arrays, hashes, functions, classes, and cmdlets to be used for automation tasks and connecting commands through piping. PowerShell provides access to WMI, COM objects, .NET assemblies, and acts as a shell with aliases and drives that can be used to manage systems, filter and group command output, and write deployment scripts.
Red Teaming macOS Environments with Hermes the Swift MessengerJustin Bui
1. The document introduces Hermes, a Swift payload for the Mythic framework that provides post-exploitation functionality on macOS systems. It discusses the development of Hermes, including cross-compiling Swift from Linux, and its key capabilities like file operations, process interaction, and screenshotting.
2. It also covers considerations for detecting Hermes using Apple's Endpoint Security Framework, which allows monitoring of process execution, file access, and other events.
This document discusses IBM Semeru Runtimes for improving Java workloads in the cloud. It covers:
- Semeru Runtimes are optimized OpenJDK runtimes from IBM that provide smaller container images, faster startup times, and more efficient resource utilization for Java applications in cloud environments.
- Techniques used include using smaller base images, ahead-of-time compilation, shared class caching, and container awareness to size memory usage appropriately.
- Semeru Runtimes also provide tools for live debugging of containerized Java applications without restarting containers.
- Upcoming features will include support for the new cgroups version 2 for more advanced Linux container resource management.
The document describes how to build a virtual machine (VM). It discusses what a VM is and why we want one. The goal is to simulate a simple computer using bytecodes. An instruction set is defined including operations like add, subtract, branch, load, store, print. The bytecode format and a sample program are shown. The VM will fetch, decode and execute instructions in a cycle, operating on a stack. Implementing functions is also discussed.
Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg.
There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes.
This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.
Linux Native, HTTP Aware Network SecurityThomas Graf
Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel itself, Cilium security policies can be applied and updated without any changes to the application code or container configuration.
Android uses cgroups to monitor system memory usage via the Low Memory Killer daemon and to group processes for effective CPU sharing. Cgroups are used to create mount points for memory and CPU control groups. The LMK daemon uses cgroups to receive memory pressure events and kill processes as needed. Init.rc uses cgroups to create groups for real-time and background tasks and assign CPU shares. Android further groups processes by scheduling policy for scheduling priorities.
Here are some key things to practice with regular expressions using grep, sed and awk:
- Use grep to search files for patterns using basic regex metacharacters like ^, $, ., *, [, ], etc.
- Use sed for search and replace operations on files using regex to match patterns
- Use awk to parse files into fields based on delimiters like space, comma etc and perform operations on the fields stored in variables $1, $2 etc.
- Write simple awk scripts to print, filter and manipulate data from files. For example print certain fields, filter rows, perform calculations etc.
- Learn about more advanced regex features supported by tools like extended regex in grep, backreferences in sed etc
Embedded Systems are basically Single Board Computers (SBCs) with limited and specific functional capabilities. All the components that make up a computer like the Microprocessor, Memory Unit, I/O Unit etc. are hosted on a single board. Their functionality is subject to constraints, and is embedded as a part of the complete device including the hardware, in contrast to the Desktop and Laptop computers which are essentially general purpose (Read more about what is embedded system). The software part of embedded systems used to be vendor specific instruction sets built in as firmware. However, drastic changes have been brought about in the last decade driven by the spurt in technology, and thankfully, the Moore’s Law. New, smaller, smarter, elegant but more powerful and resource hungry devices like Smart-phones, PDAs and cell-phones have forced the vendors to make a decision between hosting System Firmware or full-featured Operating Systems embedded with devices. The choice is often crucial and is decided by parameters like scope, future expansion plans, molecularity, scalability, cost etc. Most of these features being inbuilt into Operating Systems, hosting operating systems more than compensates the slightly higher cost overhead associated with them. Among various Embedded System Operating Systems like VxWorks, pSOS, QNX, Integrity, VRTX, Symbian OS, Windows CE and many other commercial and open-source varieties, Linux has exploded into the computing scene. Owing to its popularity and open source nature, Linux is evolving as an architecturally neutral OS, with reliable support for popular standards and features
Presentation at Android Builders Summit 2012.
Based on the experience of working with ODM companies and SoC vendors, this session would discuss how to figure out the performance hotspot of certain Android devices and then improve in various areas including graphics and boot time. This session consists of the detailed components which seem to be independent from each other in traditional view. However, the situation changes a lot in Android system view since everything is coupled in a mass. Three frequently mentioned items in Android engineering are selected as the entry points: 2D/3D graphics, runtime, and boot time. Audience: Developers who work on Android system integration and platform enablement.
The future of RISC-V Supervisor Binary Interface(SBI)Atish Patra
The document discusses the RISC-V Supervisor Binary Interface (SBI), which provides an interface to access machine mode registers from supervisor mode. It notes limitations with the current SBI specification and proposes extensions to make it more extensible. This includes developing an OpenSBI project to provide a standardized open source SBI implementation that bootloaders can use.
Course 102: Lecture 25: Devices and Device Drivers Ahmed El-Arabawy
This lecture discusses the concept of Linux device Drivers and Kernel Loadable Modules in general. It shows how to handle them such as loading/unloading ,and querying for their info. It also discusses the role of device files and how it binds to device drivers in the Linux Kernel
Video for this lecture on youtube:
http://www.youtube.com/watch?v=5qhgMyPyvVE
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
Ahmed ElArabawy
- https://www.linkedin.com/in/ahmedelarabawy
This document discusses making Linux capable of hard real-time performance. It begins by defining hard and soft real-time systems and explaining that real-time does not necessarily mean fast but rather determinism. It then covers general concepts around real-time performance in Linux like preemption, interrupts, context switching, and scheduling. Specific features in Linux like RT-Preempt, priority inheritance, and threaded interrupts that improve real-time capabilities are also summarized.
Understanding of linux kernel memory modelSeongJae Park
SeongJae Park introduces himself and his work contributing to the Linux kernel memory model documentation. He developed a guaranteed contiguous memory allocator and maintains the Korean translation of the kernel's memory barrier documentation. The document discusses how the increasing prevalence of multi-core processors requires careful programming to ensure correct parallel execution given relaxed memory ordering. It notes that compilers and CPUs optimize for instruction throughput over programmer goals, and memory accesses can be reordered in ways that affect correctness on multi-processors. Understanding the memory model is important for writing high-performance parallel code.
OpenNMS is an open source network management platform that can monitor large, complex networks. It is enterprise-grade, supporting over 60,000 devices on a single instance. OpenNMS uses a modular architecture that allows for integration of other monitoring tools. It is published under the GPL license and all components are open source. OpenNMS focuses on provisioning, event and notification management, service assurance, and performance data collection across networks.
Falco is an open source runtime security monitor for containers that detects anomalous activity using rules. It builds on Sysdig by instrumenting the kernel and collecting system calls and events. Falco rules define suspicious behaviors and integrate signals from the kernel, containers, and Kubernetes. Falco detects threats by matching patterns in real time and alerts on suspicious activity, helping operators enforce policies and spot abnormal behavior.
Linux has become integral part of Embedded systems. This three part presentation gives deeper perspective of Linux from system programming perspective. Stating with basics of Linux it goes on till advanced aspects like thread and IPC programming.
This document provides 15 examples of using the Linux grep command to search files for text patterns. Some key examples include searching for a string in single or multiple files, ignoring case, using regular expressions to match patterns, displaying lines before/after/around matches, inverting matches, counting matches, and highlighting matched text. The examples demonstrate many useful grep options for finding text in files.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
This document discusses adding support for PCI Express and new chipset emulation to Qemu. It introduces a new Q35 chipset emulator with support for 64-bit BAR, PCIe MMCONFIG, multiple PCI buses and slots. Future work includes improving PCIe hotplug, passthrough and power management as well as switching the BIOS to SeaBIOS and improving ACPI table support. The goal is to modernize Qemu's emulation of PCI features to match capabilities of newer hardware.
Performance Analysis Tools for Linux Kernellcplcp1
Perf is a collection of Linux kernel tools for performance monitoring and profiling. It provides sampling and profiling of the system to analyze performance bottlenecks. Perf supports hardware events from the CPU performance counters, software events from the kernel, and tracepoint events from the kernel and loaded modules. It offers tools like perf record to sample events and store them, perf report to analyze stored samples, and perf trace to trace system events in real-time.
Often called as the Swiss Army Knife of Embedded Linux, BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It is written with size-optimization
and limited resources in mind. Here is a presentation that details about BusyBox.
PowerShell is an automation engine and scripting language that provides a shell environment and replaces CMD in Windows. It allows for variables, arrays, hashes, functions, classes, and cmdlets to be used for automation tasks and connecting commands through piping. PowerShell provides access to WMI, COM objects, .NET assemblies, and acts as a shell with aliases and drives that can be used to manage systems, filter and group command output, and write deployment scripts.
Red Teaming macOS Environments with Hermes the Swift MessengerJustin Bui
1. The document introduces Hermes, a Swift payload for the Mythic framework that provides post-exploitation functionality on macOS systems. It discusses the development of Hermes, including cross-compiling Swift from Linux, and its key capabilities like file operations, process interaction, and screenshotting.
2. It also covers considerations for detecting Hermes using Apple's Endpoint Security Framework, which allows monitoring of process execution, file access, and other events.
This document discusses IBM Semeru Runtimes for improving Java workloads in the cloud. It covers:
- Semeru Runtimes are optimized OpenJDK runtimes from IBM that provide smaller container images, faster startup times, and more efficient resource utilization for Java applications in cloud environments.
- Techniques used include using smaller base images, ahead-of-time compilation, shared class caching, and container awareness to size memory usage appropriately.
- Semeru Runtimes also provide tools for live debugging of containerized Java applications without restarting containers.
- Upcoming features will include support for the new cgroups version 2 for more advanced Linux container resource management.
Master your java_applications_in_kubernetesAndy Moncsek
Kubernetes, and containers in general, are more and more the preferred run-time environment for Java middleware applications. For Java, as we knew it until Java 8, this is not the ideal prerequisite, since containers are very volatile and resources are shared among other containers. Since Java 9, there are many efforts to optimize the JVM for container environments. In this session, you will learn different ways to optimize you Java application to run in containers. From enhanced class sharing, to native compilation. But also, how to build small Docker images and to run them with correct configurations, in respect to the resource-constraints of your environment.
Software Profiling: Java Performance, Profiling and FlamegraphsIsuru Perera
Guest lecture at University of Colombo School of Computing on 30th May 2018
Covers following topics:
Software Profiling
Measuring Performance
Java Garbage Collection
Sampling vs Instrumentation
Java Profilers. Java Flight Recorder
Java Just-in-Time (JIT) compilation
Flame Graphs
Linux Profiling
Software Profiling: Understanding Java Performance and how to profile in JavaIsuru Perera
Guest lecture at University of Colombo School of Computing on 27th May 2017
Covers following topics:
Software Profiling
Measuring Performance
Java Garbage Collection
Sampling vs Instrumentation
Java Profilers. Java Flight Recorder
Java Just-in-Time (JIT) compilation
Flame Graphs
Linux Profiling
This document provides an introduction to Java programming concepts including:
- Java is both a programming language and platform that is simple, architecture neutral, object-oriented, and portable.
- Java source code is written in .java files and compiled into .class files by javac before being executed by the Java Virtual Machine (JVM).
- The JVM allows Java programs to run on any platform without recompilation, providing platform independence.
- Key Java concepts covered include objects, classes, methods, variables, data types, operators, control flow, and arrays.
- Examples demonstrate how to write, compile, and run simple Java programs to illustrate these core programming concepts.
Are you ready for cloud-native java JavaCro2019Jamie Coleman
This document provides an overview of moving Java applications to a cloud-native approach. It begins with a quiz asking if cloud-native requires throwing out existing knowledge or if modern Java runtimes allow reusing and extending existing applications. It then discusses how the Java ME runtime was designed for constrained environments like mobile and how its traits like small footprint and fast startup apply to cloud environments where compute equals money. The document explores how OpenJDK and OpenJ9 provide cloud-native Java runtimes with improved performance and lower memory usage. It notes that while runtimes help, application architecture also matters for cloud and microservices introduce challenges like network latency and security. Finally, it discusses how the MicroProfile project provides specifications to help build cloud-
Java is finally elastic! OpenJDK improvements and new features in Garbage Collection technology resulted in enhancing Java vertical scaling and resource consumption. Now JVM can promptly return unused memory and, as result it can go up and down automatically. In this presentation, we cover the main achievements in vertical scaling direction, as well as share peculiarities and tuning details of different GCs. Find out how to make your Java environments more elastic to follow the load and lower down the total cost of ownership at a large scale.
Experiences from debugging ZFS in production in Illumos and Linux from Delphix. Introduction of the SDB debugger and how it can be used to debug ZFS on Linux.
This document discusses Docker and containers. It begins with an introduction to Docker and the container model. It explains that containers provide isolation using namespaces and cgroups. Containers deploy applications efficiently by sharing resources and deploying anywhere due to standardization. The document then covers building images with Dockerfiles for reproducible builds. It concludes by discussing Docker's future including networking, metrics, logging, plugins and orchestration.
Historically, sharing a Linux server entailed all kinds of untenable compromises. In addition to the security concerns, there was simply no good way to keep one application from hogging resources and messing with the others. The classic “noisy neighbor” problem made shared systems the bargain-basement slums of the Internet, suitable only for small or throwaway projects.
Serious use-cases traditionally demanded dedicated systems. Over the past decade virtualization (in conjunction with Moore’s law) has democratized the availability of what amount to dedicated systems, and the result is hundreds of thousands of websites and applications deployed into VPS or cloud instances. It’s a step in the right direction, but still has glaring flaws.
Most of these websites are just piles of code sitting on a server somewhere. How did that code got there? How can it can be scaled? Secured? Maintained? It’s anybody’s guess. There simply isn’t enough SysAdmin talent in the world to meet the demands of managing all these apps with anything close to best practices without a better model.
Containers are a whole new ballgame. Unlike VMs, you skip the overhead of running an entire OS for every application environment. There’s also no need to provision a whole new machine to have a place to deploy, meaning you can spin up or scale your application with orders of magnitude more speed and accuracy.
In this session Stephan Hartmann presents Metamesh's OpenCms Cloud eXtensions (OCCX) implementation, which is the foundation to provide a cloud-ready, distributable and cluster-ready version of OpenCms that implements an integration with Open Data Grid Platforms. Arash Kaffamanesh will present OCCX in action running on Eucalyptus Private Cloud and Amazon EC2 and shows you the first cloudified version of OpenCms with Auto-Scaling and Multi-Workplace support for your OpenCms SaaS initiatives.
Are you a Java developer wondering what it means to have your application running in the cloud. This session will provide a peek into how the JVM is adapting to running in the cloud and what Java developers need to be aware to ensure they get the most of running in the cloud.
The session will pick an example spring application and tune it stage by stage at the end of which we have an application that is fully optimized and takes advantage of every aspect of the running in a cloud
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
Lightweight Virtualization with Linux Containers and Docker | YaC 2013dotCloud
This document provides an overview of lightweight virtualization using Linux containers and Docker. It begins by explaining the problems of deploying applications across different environments and targets, and how containers can help solve this issue similarly to how shipping containers standardized cargo transportation. It then discusses what Linux containers are, how they provide isolation using namespaces and cgroups. It introduces Docker and how it builds on containers to further simplify deployment by allowing images to be easily built, shared, and run anywhere through standard formats and tools.
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Docker, Inc.
Docker provides a standardized way to build, ship, and run Linux containers. It uses Linux kernel features like namespaces and cgroups to isolate containers and make them lightweight. Docker allows building container images using Dockerfiles and sharing them via public or private registries. Images can be pulled and run anywhere. Docker aims to make containers easy to use and commoditize the container technology provided by Linux containers (LXC).
This document provides a quick reference guide for J2SE (Core Java). It covers various topics related to Java programming including Java history, features, programming structure, data types, control structures, OOP concepts, exceptions, threads, GUI programming and more. The guide was written by A.R. Kishore Kumar and is intended to be a concise yet comprehensive overview of the Java language.
Liberty InstantOn is a technology from IBM that provides fast startup times for Java applications running in containers without compromising features or developer experience. It uses checkpoint and restore to save the state of a pre-initialized Java runtime so new instances can start up almost instantly. This makes Java more suitable for serverless and microservices workloads that require quick startups and the ability to scale to zero. Liberty InstantOn provides the benefits of fast startup times without limiting Java features or requiring changes to how developers build and test applications.
The document discusses Rapid Application Development (RAD) features in Cocoon including auto-compiling and reloading of classes, JavaFlow, and components. It describes the Jakarta Commons Incubator Java Compiler Interface (JCI) and JavaFlow projects which enable compiling and reloading classes as well as Java continuations through bytecode instrumentation. Potential future plans are mentioned such as removing limitations, improving optimization, and releasing within a few months.
JavaOne 2017: Eclipse OpenJ9: Under the hood of the JVMDanHeidinga
An updated version of my "OpenJ9: Under the hood of the next open source JVM" that covers where it was open sourced (github.com/eclipse/openj9), how to build it, and then deep dives into the ROM/RAM divide before touching on interpreter, JIT and AOT.
Covers the common issues seen when migrating from Java 8 to Java 9. This deck shows simplified examples of the issues and code snippets of how to address them.
J9: Under the hood of the next open source JVMDanHeidinga
A description of how bytecodes are loaded into the J9VM and how bytecode execution occurs, plus IBM's plans to open source J9.
Session is the "new hire" talk given to all new J9 VM team members.
invokedynamic: Evolution of a Language FeatureDanHeidinga
This session explores how the Java ecosystem is evolving, by following the lifecycle of the java.lang.invoke package and the invokedynamic bytecode. From its origins in dynamic language optimization to providing the underpinnings of Java 8’s lambda expression, invokedynamic has become a powerful tool for language design.
Come hear about how IBM's J9 JVM approaches MethodHandle compilation. The MethodHandle architecture and the transitions from interpreted to compiled and finally to customized will be described. Recent performance optimizations will be touched on along with hints on how to aid the JVM to optimize your MethodHandle code.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
5. 5
Java in the Cloud requirements
§ Fast startup
–Faster scaling for increased demand
§ Small footprint
–Improves density for providers
–Improves cost for applications
§ Quick / immediate rampup
–GB/hr is key, if you run for less time you pay less money
9. Don’t use –Xmx for containers to avoid rebuilds
9
§ -XX:InitialRAMPercentage=N
– Set initial heap size as a percentage of total memory
§ -XX:MaxRAMPercentage=N
– Set maximum heap size as a percentage of total memory
§ Running in containers with set memory limits?
– OpenJ9 will base the default heap size on that limit:
10. Out of the box idle tuning
§ When’s the best time to schedule a GC?
When your apps idle!
§ OpenJ9 enables -XX:+IdleTuningGcOnIdle
when running in a container
– When the VM detects your app is idle for a
configurable length of time, it can GC
– Both scavenge and global collections can
occur based on heuristics
10
12. -Xverify:none never again!
12
§ Use -XX:[+|-]ClassRelationshipVerifier instead for fast and safe startup
public class A {
public static void main(String[] args) {
B b = new B();
acceptC(b);
}
public void acceptC(C c) {}
}
19. 19
ShareClasses and AOT
§ Distinction between ‘cold’ and ‘warm’ runs
§ Dynamic AOT compilation
–Relocatable format
–AOT loads are ~100 times faster than JIT compilations
–More generic code à slightly less optimized
§ Generate AOT code only during start-up
§ Recompilation helps bridge the gap
21. Problem 1: Modifying pre-existing files creates copies.
FROM scratch
RUN echo “Class A” >myscc
21
22. Problem 1: Modifying pre-existing files creates copies.
FROM scratch
RUN echo “Class A” >myscc
FROM Image_1
RUN echo “Class B” >>myscc
22
23. Problem 1: Modifying pre-existing files creates copies.
FROM scratch
RUN echo “Class A” >myscc
FROM Image_1
RUN echo “Class B” >>myscc
23
Class A
24. Problem 1: Modifying pre-existing files creates copies.
FROM scratch
RUN echo “Class A” >myscc
FROM Image_1
RUN echo “Class B” >>myscc
24
Class A
Class A
Class B
25. Problem 1: Modifying pre-existing files creates copies.
FROM scratch
RUN echo “Class A” >myscc
FROM Image_1
RUN echo “Class B” >>myscc
FROM Image_2
RUN echo “Class C” >>myscc
25
Class A
Class A
Class B
Class A
Class B
Class C
26. Problem 2: We need to leave space in the cache for other
images.
FROM scratch
RUN echo “Class A” >myscc
26
-Xscmx?
How big?
27. Solution: Create new cache layers in new files.
FROM scratch
RUN echo “Class A” >myscc.L0
FROM Image_1
RUN echo “Class B” >myscc.L1
FROM Image_2
RUN echo “Class C” >myscc.L2
27
28. Solution: Create new cache layers in new files.
FROM scratch
RUN echo “Class A” >myscc.L0
FROM Image_1
RUN echo “Class B” >myscc.L1
FROM Image_2
RUN echo “Class C” >myscc.L2
28
29. Solution: Create new cache layers in new files.
FROM scratch
RUN echo “Class A” >myscc.L0
FROM Image_1
RUN echo “Class B” >myscc.L1
FROM Image_2
RUN echo “Class C” >myscc.L2
29
Class A
Class B
Class C
30. Bonus: We can specify –Xscmx per layer. We don’t need to
leave any extra space.
FROM scratch
RUN echo “Class A” >myscc.L0
FROM Image_1
RUN echo “Class B” >myscc.L1
FROM Image_2
RUN echo “Class C” >myscc.L2
30
How Big?
Doesn’t
matter.
31. Bonus: We can specify –Xscmx per layer. We don’t need to
leave any extra space.
FROM scratch
RUN echo “Class A” >myscc.L0
FROM Image_1
RUN echo “Class B” >myscc.L1
FROM Image_2
RUN echo “Class C” >myscc.L2
31
How Big?
Doesn’t
matter.
-XscmxA
-XscmxB
-XscmxC
33. Example of Docker layers
Container
Layer
(Read-Write)
DayTrader
Image Layer
(Read-only)
Open Liberty
Image Layer
(Read-only)
OpenJ9
Image Layer
(Read-only)
Ubuntu 16.04
33
34. Example of Docker layers
Read-write OpenJ9
Read-only Ubuntu 16.04
SCC
OpenJ9 layer data
34
35. Example of Docker layers
Read-write Open Liberty
Read-only OpenJ9
Read-only Ubuntu 16.04
SCC
OpenJ9 layer data
SCC
OpenJ9 layer data Liberty layer data
SCC tuned on
Load OpenJ9 layer data/add Open Liberty
Layer data Docker CoW
35
36. Example of Docker layers
Read-write DayTrader
Read-only Open Liberty
Read-only OpenJ9
Read-only Ubuntu 16.04
SCC
OpenJ9 layer data
SCC
OpenJ9 layer + Liberty layer data
SCC
OpenJ9 layer + Liberty layer + DayTrader layer data
36
37. Multi-layer SCC
Read-write Open Liberty
Read-only OpenJ9
Read-only Ubuntu 16.04
SCC
OpenJ9 layer data
Cannot write to a lower layer
SCC
Liberty layer data
Write SCC in top layer
37
38. Multi-layer SCC
Read-write Open Liberty
Read-only OpenJ9
Read-only Ubuntu 16.04
SCC_L0
OpenJ9 layer data
SCC_L1
Liberty layer data
Cannot write to a lower layer Write SCC in top layer SCC becomes layered
38
40. Example
• Create a shared cache named "demo"
• Use –Xshareclasses:listAllCaches to find the shared cache. By default, the cache is layer 0
40
41. Example
• Traditionally if you are running on a single layer cache:
Simply use the same -Xshareclasses option to start up the JVM again.
Traditional single cache is equivalent to Mutli-layer SCC case with layer number 0.
41
42. Example
• If you want to create a new layer for cache named "demo":
42
43. Example
• Find the new layer cache. Cache named "demo" has layer 0 and layer 1 now (two files).
• Future run with –Xshareclasses:cacheDir=/tmp/,name=demo starts up all existing layers.
43
44. Command line options on Multi-layer SCC
§ -Xshareclasses:createLayer
– Create a new shared cache layer
§ -Xshareclasses:layer=<number>
– Specify the top layer number. Create a new shared cache layer if the
specified layer does not exist.
§ Some applications launch multiple JVMs simultaneously
– If each’s running with –Xshareclasses:createLayer, N new layers created
– Use layer=<number> to ensure only one layer created.
44
46. 46
Out of the Box: OpenJ9 uses roughly half the memory
Footprint is 60% smaller with OpenJ9
Hotspot OpenJ9 OpenJ9 -Xshareclasses -
Xquickstart
Hotspot OpenJ9 OpenJ9 -Xshareclasses -Xquickstart
47. Sidebar: Life of a running Java application
”Big bang”
(java process
created)
Time
47
48. Sidebar: Life of a running Java application
”Big bang”
(java process
created)
Application
ready to do
work, can be
1000s classes
100s class
loaders
Code paths
& profile
stabilizes
Size and
Complexity
of
Class Hierarchy
48
Ready to run
main
~ 750 classes
~ 3 class loaders
RampupStartup
Time
Steady state
49. Sidebar: Life of a running Java application
”Big bang”
(java process
created)
Application
ready to do
work, can be
1000s classes
100s class
loaders
Code paths
& profile
stabilizes
Size and
Complexity
of
Class Hierarchy
49
Startup
Time
Steady state
JITAOT Rampup
Ready to run
main
~ 750 classes
~ 3 class loaders
50. Challenges with AOT compilation
• Native code is not platform neutral
• Different AOT code needed for each deployment platform (Linux, Mac, Windows)
• Other usability issues
• Some deployment options decided at build time, e.g. GC policy, ability to re-JIT, etc.
• Different platforms: different classes load and methods compiled?
• Curate lists of classes/modules, methods to compile as your application and its
dependencies evolve
• What about classes that aren’t available until the run starts?
• What methods to compile?
• Performance: AOT compilers can only reason about what happens at runtime
• Unlike JIT compiler which sees it happening
50
51. Profile Directed Feedback (PDF) may help?
• BUT: AOT code must run all possible user executions
• No longer compiling for “this” user on “this” run
• Really important to use representative input data when collecting profile for AOT
• Risk: can be misleading to use only a few input data sets
• AOT compiler can specialize to one data set and then run well on it
• But PDF can lead compiler astray if data isn’t properly representative
• Monomorphic in one runtime instance ≠ Monomorphic across all runtime instances
• Benchmarks may not stress AOT compilers properly (not many input sets)
• Cross training critically important
• Input data sets need to be curated and maintained as application and users evolve
• Profile data collection and curation responsibility is on the application provider
• Observation: PDF has not really been a huge success for static languages
51
52. Strengths and Weaknesses
52
JIT AOT
Code Performance (steady state)
Runtime: adapt to changes
Ease of use
Platform neutral deployment
Start up (ready to handle load)
Ramp up (until steady state)
Runtime: CPU & Memory
53. Strengths and Weaknesses
JIT AOT AOT +JIT
Code Performance (steady state)
Runtime: adapt to changes
Ease of use
Platform neutral deployment
Start up (ready to handle load)
Ramp up (until steady state)
Runtime: CPU & Memory
53
55. Caching JIT Compiles
• Basic idea:
• Store JIT compiled code (JIT) in a cache for loading by other JVMs (“AOT”)
• Goal: JIT compiled code performance levels earlier
• Also: reduce JIT compiler’s transient CPU and memory overheads
• Really different than AOT ? No and Yes
• From perspective of second+ JVM: code loads as if it was AOT compiled
• First JVM: JIT compiles while app runs but generates code that can be cached
• Need meta data to validate later runs match first (i.e. same classes loaded same way)
• If invalid, don’t use cached code: instead do JIT or even more AOT recompilations
• Return to platform neutrality!
• Different users still get compiled code tailored for their environment
55
56. OpenJ9: Caching JIT code accelerates start-up
• OpenJ9 Shared Class Cache (SCC)
• Memory mapped file for caching:
• Class files*
• AOT compiled code
• Profile data, hints
• Population of the cache happens
naturally and transparently at runtime
• Also -Xtune:virtualized
• Caches JIT code even more aggressively
to accelerate ramp-up (under load)
• Maybe slight (5-10%) performance drop
24
0
20
40
60
80
100
120
OpenJ9 no
SCC
OpenJ9
default
SCC
OpenJ9
full SCC
HotSpot
Normalizedstart-uptime
Apache Tomcat 8 Start-up Time
28%
43%
19%
• SCC for JCL bootstrap classes enabled by default
• Use -Xshareclasses option for full sharing
* Technically an internal format that can load faster than a .class file
57. Strengths and Weaknesses
57* After first run
JIT AOT AOT +JIT Cache
JIT
Code Performance (steady state)
Runtime: adapt to changes
Ease of use
Platform neutral deployment
Start up (ready to handle load) *
Ramp up (until steady state) *
Runtime: CPU & Memory *
58. Still some “not green” boxes there
…even for caching JITs…
L
58
59. What if the JIT became a JIT Server
JIT
JVM
JIT
Server
JIT
JVM
JIT
JVM
Orchestrator
load balancing,
affinity, scaling,
reliability
JIT
Server
JVM client identifies methods to compile, but asks server to do the actual compilation
• JIT server asks questions to the client JVM (about classes, environment, etc.)
• Sends generated code & meta data back to be installed in client’s code cache 59
60. Benefits of an independent JIT server
• Move much of JIT induced CPU and memory spikes away from client
• Client CPU and memory consumption dictated by application
• JIT server connected to client JVM at runtime, so:
• Theoretically no loss in performance using same profile and class hierarchy info
• Still adaptable to changing conditions
• JVM client still platform neutral
60
62. Could that work?
62
AcmeAir rampup with JIT Server using
–Xshareclasses
All JVMs run in containers, client and server on different machines with direct cable connection
Note: Hotspot takes twice as long as OpenJ9 to ramp up to about the same performance level
0
1000
2000
3000
4000
5000
6000
0 100 200 300 400 500 600
Throughput(pages/sec)
Time (sec)
AcmeAir with -Xshareclasses (Cold Run)
Container limits: 1P, 150M
JITServer-cold OpenJ9-cold
0
1000
2000
3000
4000
5000
6000
0 100 200 300 400 500 600
Throughput(pages/sec)
Time (sec)
AcmeAir with -Xshareclasses (Warm Run)
Container limits: 1P, 150M
JITServer-warm OpenJ9-warm
31
66. Strengths and Weaknesses
66* After first run ** After first run across cluster
JIT AOT AOT +JIT Cache
JIT
JIT
Server
Code Performance (steady state)
Runtime: adapt to changes
Ease of use
Platform Neutral deployment
Start up (ready to handle load) * **
Ramp up (until steady state) * **
Runtime: CPU & Memory *
67. JIT Server Current Status
• Code is fully open source at Eclipse Open J9
• Has now been merged into our master branch
• Now available in AdoptOpenJDK January 2020 update releases for JDK8 and 11 on Linux x86-64
platform
• Simple options lend well to all kinds of Java workload deployments
• Server: jitserver –XX:JITServerPort=<port> -XX:JITServerAddress=<host>
• Client: java -XX:+UseJITServer -XX:JITServerPort=<port>
-XX:JITServerAddress=<host> YourJavaApp
• We are seeking feedback on how well it works in real user environments!
• Try it now:
• E.g. https://adoptopenjdk.net/releases.html?variant=openjdk8&jvmVariant=openj9
• E.g. Docker pull adoptopenjdk:8-jdk-openj9 (on Linux x86-64 platform)
67
68. We are really just at the beginning…
• Primary focus has been on mechanics to move JIT compilation to a server
• Once compilation work is redirected to server :
• Do that work more efficiently across a cluster of JVMS (think microservices)
• Classify and categorize JVM clients using machine learning
• Optimize groups of microservices together
• …
68