Java is one of the most popular languages and it's very important to understand the performance of Java servers. Modern JVMs compile the Java code in runtime using Just-In-Time (JIT) compiler and such JIT compiled code runs very close to optimized native code in terms of speed.
When understanding performance, it's important to know how Java works and we can also measure the performance using key metrics like Throughput and Latency. After measuring the performance, we can use profilers to understand the application behavior and find performance bottlenecks.
In this session, we will look at how Java manages the memory and how it optimizes the Java code using JIT compilation. We will also look at how we can use the Java Flight Recorder (JFR) to profile the JVM and find performance bottlenecks.
Finally, we can look at how "Flame Graphs" can be used to identify the most frequent code-paths quickly and accurately.
This document discusses various memory management techniques used in operating systems, including swapping, virtual memory, paging, and segmentation. It provides details on basic memory management concepts, paging implementation using page tables, different page replacement algorithms like FIFO, second chance, clock, and least recently used, and design issues related to paging systems. Examples are given to illustrate concepts like paging, page table structure, and working of page replacement algorithms like FIFO, second chance, and clock. Memory management aims to efficiently utilize limited physical memory and improve performance through techniques like swapping pages between main memory and disk.
Deadlock Detection in Distributed SystemsDHIVYADEVAKI
The document discusses deadlocks in computing systems. It defines deadlocks and related concepts like livelock and starvation. It presents various approaches to deal with deadlocks including detection and recovery, avoidance through runtime checks, and prevention by restricting resource requests. Graph-based algorithms are described for detecting and preventing deadlocks by analyzing resource allocation graphs. The Banker's algorithm is introduced as a static prevention method. Finally, it discusses ways to eliminate the conditions required for deadlocks, like mutual exclusion, hold-and-wait, and circular wait.
The document provides an overview of the OWASP Zed Attack Proxy (ZAP), an open-source web application security scanner. It discusses how ZAP can be used to automatically find vulnerabilities during development and testing. The document covers how to install ZAP and use its features like passive scanning, spidering, active scanning, fuzzing and brute forcing to analyze vulnerabilities. It also discusses ZAP's advantages in identifying issues and providing solutions, and potential disadvantages like lack of authentication.
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.
You'll learn:
How these attacks work and what you can do to protect your network
What data you need to collect to identify the warning signs of an attack
How to identify impacted assets so you can quickly limit the damage
How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence
Buffer overflow attacks can exploit vulnerabilities in C library functions like strcpy() that do not perform bounds checking on buffers. By passing in a string longer than the buffer size, an attacker can overwrite adjacent memory, such as the return address on the stack, allowing them to execute arbitrary code. Defenses include using type-safe languages, marking the stack as non-executable, static source code analysis, and runtime checks.
Maximizing Database Tuning in SAP SQL AnywhereSAP Technology
This session illustrates the different tools available in SQL Anywhere to analyze performance issues, as well as describes the most common types of performance problems encountered by database developers and administrators. We also take a look at various tips and techniques that will help boost the performance of your SQL Anywhere database.
This document discusses various memory management techniques used in operating systems, including swapping, virtual memory, paging, and segmentation. It provides details on basic memory management concepts, paging implementation using page tables, different page replacement algorithms like FIFO, second chance, clock, and least recently used, and design issues related to paging systems. Examples are given to illustrate concepts like paging, page table structure, and working of page replacement algorithms like FIFO, second chance, and clock. Memory management aims to efficiently utilize limited physical memory and improve performance through techniques like swapping pages between main memory and disk.
Deadlock Detection in Distributed SystemsDHIVYADEVAKI
The document discusses deadlocks in computing systems. It defines deadlocks and related concepts like livelock and starvation. It presents various approaches to deal with deadlocks including detection and recovery, avoidance through runtime checks, and prevention by restricting resource requests. Graph-based algorithms are described for detecting and preventing deadlocks by analyzing resource allocation graphs. The Banker's algorithm is introduced as a static prevention method. Finally, it discusses ways to eliminate the conditions required for deadlocks, like mutual exclusion, hold-and-wait, and circular wait.
The document provides an overview of the OWASP Zed Attack Proxy (ZAP), an open-source web application security scanner. It discusses how ZAP can be used to automatically find vulnerabilities during development and testing. The document covers how to install ZAP and use its features like passive scanning, spidering, active scanning, fuzzing and brute forcing to analyze vulnerabilities. It also discusses ZAP's advantages in identifying issues and providing solutions, and potential disadvantages like lack of authentication.
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.
You'll learn:
How these attacks work and what you can do to protect your network
What data you need to collect to identify the warning signs of an attack
How to identify impacted assets so you can quickly limit the damage
How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence
Buffer overflow attacks can exploit vulnerabilities in C library functions like strcpy() that do not perform bounds checking on buffers. By passing in a string longer than the buffer size, an attacker can overwrite adjacent memory, such as the return address on the stack, allowing them to execute arbitrary code. Defenses include using type-safe languages, marking the stack as non-executable, static source code analysis, and runtime checks.
Maximizing Database Tuning in SAP SQL AnywhereSAP Technology
This session illustrates the different tools available in SQL Anywhere to analyze performance issues, as well as describes the most common types of performance problems encountered by database developers and administrators. We also take a look at various tips and techniques that will help boost the performance of your SQL Anywhere database.
This document provides an introduction to object oriented programming concepts in Java. It discusses key topics like what a computer is, developer skills, memory management, and an introduction to Java. Object oriented programming principles like inheritance, abstraction, encapsulation, and polymorphism are defined. The document also covers exceptions in Java like defining exceptions, reasons they occur, and handling exceptions.
The document discusses gathering requirements for performance testing an application. It lists questions to ask about the application type and architecture, test environment, workload model, and performance goals. Key information needs include the application technology, database and server used, network details, protocols, user sessions and load over time, and goals for response times and system utilization under load. The requirements gathered will help determine the appropriate performance tests and pass/fail criteria.
Basic java important interview questions and answers to secure a jobGaruda Trainings
P2Cinfotech is one of the leading, Online IT Training facilities and Job Consultant, spread all over the world. We have successfully conducted online classes on various Software Technologies that are currently in Demand. To name a few, we provide quality online training for QA, QTP, Manual Testing, HP LoadRunner, BA, Java Technologies, SEO, Web Technologies, .NET, Oracle DBA etc.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Research Scope in Parallel Computing And Parallel ProgrammingShitalkumar Sukhdeve
Parallel computing involves performing multiple calculations simultaneously using large problems that can be divided into smaller sub-problems. There are different forms of parallelism at the bit-level, instruction-level, data-level, and task-level. Parallel programs can be challenging to write due to issues with communication and synchronization between subtasks. Software solutions for parallel programming include shared memory languages, distributed memory languages using message passing, and automatic parallelization tools.
This document provides an introduction to unit testing JavaScript code with Jasmine and Karma. It discusses the basics of Jasmine including test suites, specs, expectations, and matchers. It then covers how to set up and run tests with Karma, including configuring Karma, running tests in browsers, handling failures, and testing AngularJS code. Specific topics covered include spies, $httpBackend for mocking HTTP requests, and testing controllers and dependencies injection.
Load Testing Best Practices: Application complexity is increasing, yet the stringent requirements for web performance is increasing exponentially. Learn more about the three major types of load testing, determine which you need and how to conduct them.
Platform independence means a program yields the same result on every machine, as the language it is written in can be executed on different systems or platforms without changes. For example, Java is considered platform independent as a Java program can run on Windows, Linux, and Mac without modification. Platform independence allows software to reach a wider audience without needing to be rewritten for specific operating systems or hardware.
This document discusses ways to optimize web application performance. It defines performance as completing tasks within known standards for accuracy, completeness, speed and cost. Good performance for web applications is generally a load time between 5-8 seconds. The key steps to optimize performance are to measure performance, diagnose bottlenecks, and fix issues at the JavaScript, code, database, server and network levels. Commonly used tools to diagnose performance include slow query logs, Yslow, PageSpeed and Webpagetest. Specific fixes involve techniques such as minifying files, using content delivery networks, improving code and database optimization, employing caching, and upgrading server hardware.
About real time system task scheduling basic concepts.It deals with task, instance,data sharing and their types.It also covers various important terminologies regarding scheduling algorithms.
Java is a programming language and computing platform first released by Sun Microsystems in 1995.Java is fast, secure, and reliable programming platform.
Improving Performance of Micro-Frontend Applications through Error MonitoringScyllaDB
Complexity breeds complexity. In complex applications, finding root cause errors and which application is at fault can be like finding a needle in a haystack. Often we allow them to "fall through" to a console which is even worse. Error monitoring our production code can help us find root cause errors, deploy fixes and reduce performance impacting bugs fast. Let's walk through some of the dos and don'ts I've learned when trying to reduce errors and improve performance in micro-frontend applications. In a microservices architecture, where a mobile or web app can be pulling data from up to 15 different microservice applications, troubleshooting performance issues is a complex task. Learn lessons from practical experience.
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
Applying testing mindset to software developmentAndrii Dzynia
Software Development is a creative activity that requires focus. During coding session you as a programmer tends to make so many decision that sometimes force you to neglect 'unimportant details' that might sounds like specific use cases, unclear statements or somethings that won't gonna happen. In most cases the system even so complex that is not that easy to step out and see the whole picture, even from user's point of view. Historically software developers used to trust other people called testers to verify those 'details' from user's perspective before deploying into production. In order to have proper alignment inside the team dedicated 'QA step' added to the process. That obvious solution have some quick-wins with outcome of found bugs before releasing the software. But there are some tradeoffs, such as: slower delivery cycle, extra test documentation and GUI automated tests that are not that easy to maintain. During my talk I would like to share some insight and lessons we learned @ Spotify that helps us improving team's development productivity without losing quality of the product. Hopefully that will help your team as well or at least show one of the directions you might want to follow.
Spotify Engineering Culture:
https://labs.spotify.com/2014/03/27/spotify-engineering-culture-part-1/
https://labs.spotify.com/2014/09/20/spotify-engineering-culture-part-2/
Introduction to Java programming - Java tutorial for beginners to teach Java ...Duckademy IT courses
Check out the course: https://www.duckademy.com/course/java-programming Learn Java from scratch in an easy and entertaining way. The Easy-to-follow Java programming course on Duckademy was made for beginners. In this course we start at the very basics (from zero) and go through lots of interesting exercises and analogies that will take you to an advanced level. By the end of the course you will have all the knowledge needed to move on and specialize in Java. The course is easy to follow and things are well explained. Furthermore, to make your learning easier and more enjoyable throughout the course we will develop a nostalgic, text-based fantasy game.
The course is recommended to anyone who wants to learn Java. Ideal for those who are new to programming, but it can be useful and enjoyable for people who want to switch to Java from a different programming language.
By the end of the course you will be able to build simple, but fully functional programs. You will also gain all the knowledge needed to specialize in Java and become a well-payed Java expert later on.
Check out the course: https://www.duckademy.com/course/java-programming
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Monica Beckwith
Learn what you need to know to experience nirvana in the evaluation of G1 GC even if your are migrating from Parallel GC to G1, or CMS GC to G1 GC
You also get a walk through of some case study data
G1 GC
This document discusses implementing a parallel merge sort algorithm using MPI (Message Passing Interface). It describes the background of MPI and how it can be used for communication between processes. It provides details on the dataset used, MPI functions for initialization, communication between processes, and summarizes the results which show a decrease in runtime when increasing the number of processors.
G1 Garbage Collector: Details and TuningSimone Bordet
This document provides an overview and details about the G1 garbage collector in Java. It begins with introductions of the author and an overview of G1. Key points include that G1 is designed to provide low pause times, works well with large heap sizes, and will become the default collector in JDK 9. The document then discusses various aspects of G1 including its memory layout using regions, young generation collection, remembered set and write barrier for tracking references, and concurrent marking approach for old generation collection. It provides advice on G1 logging, tuning and common issues. An example migration from CMS to G1 for an online chess application is also summarized.
This document provides an overview of the Metasploit framework, including what it is used for, its key capabilities, and basic terminology. Metasploit is an open-source penetration testing framework that contains exploits and tools to test vulnerabilities. It allows identifying security weaknesses without needing deep technical knowledge. The document defines common terms like vulnerabilities, exploits, and payloads, and outlines the basic steps of an attack using Metasploit such as gathering target information, selecting an exploit, and executing it.
Every enterprise has a multitude of existing systems - including on-premise as well as cloud solutions - that perform critical functions. Integrating data and services across these systems is critical for an enterprise to successfully implement its digital transformation efforts. Therefore, most often than not, enterprise integration is at the heart of any organization’s digital transformation strategy.
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2
Verifone's new payment terminal, called "Carbon", is an Android-based tablet that allows third-party app development and management of merchant devices. WSO2's open-source Enterprise Mobility Management (EMM) solution was chosen to monitor and manage the Carbon devices due to its flexibility and ability to customize the mobile device management agent and server. The EMM solution provides APIs to get device information, perform remote commands like locking devices and sending notifications, and scales horizontally across worker nodes for increased capacity.
This document provides an introduction to object oriented programming concepts in Java. It discusses key topics like what a computer is, developer skills, memory management, and an introduction to Java. Object oriented programming principles like inheritance, abstraction, encapsulation, and polymorphism are defined. The document also covers exceptions in Java like defining exceptions, reasons they occur, and handling exceptions.
The document discusses gathering requirements for performance testing an application. It lists questions to ask about the application type and architecture, test environment, workload model, and performance goals. Key information needs include the application technology, database and server used, network details, protocols, user sessions and load over time, and goals for response times and system utilization under load. The requirements gathered will help determine the appropriate performance tests and pass/fail criteria.
Basic java important interview questions and answers to secure a jobGaruda Trainings
P2Cinfotech is one of the leading, Online IT Training facilities and Job Consultant, spread all over the world. We have successfully conducted online classes on various Software Technologies that are currently in Demand. To name a few, we provide quality online training for QA, QTP, Manual Testing, HP LoadRunner, BA, Java Technologies, SEO, Web Technologies, .NET, Oracle DBA etc.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Research Scope in Parallel Computing And Parallel ProgrammingShitalkumar Sukhdeve
Parallel computing involves performing multiple calculations simultaneously using large problems that can be divided into smaller sub-problems. There are different forms of parallelism at the bit-level, instruction-level, data-level, and task-level. Parallel programs can be challenging to write due to issues with communication and synchronization between subtasks. Software solutions for parallel programming include shared memory languages, distributed memory languages using message passing, and automatic parallelization tools.
This document provides an introduction to unit testing JavaScript code with Jasmine and Karma. It discusses the basics of Jasmine including test suites, specs, expectations, and matchers. It then covers how to set up and run tests with Karma, including configuring Karma, running tests in browsers, handling failures, and testing AngularJS code. Specific topics covered include spies, $httpBackend for mocking HTTP requests, and testing controllers and dependencies injection.
Load Testing Best Practices: Application complexity is increasing, yet the stringent requirements for web performance is increasing exponentially. Learn more about the three major types of load testing, determine which you need and how to conduct them.
Platform independence means a program yields the same result on every machine, as the language it is written in can be executed on different systems or platforms without changes. For example, Java is considered platform independent as a Java program can run on Windows, Linux, and Mac without modification. Platform independence allows software to reach a wider audience without needing to be rewritten for specific operating systems or hardware.
This document discusses ways to optimize web application performance. It defines performance as completing tasks within known standards for accuracy, completeness, speed and cost. Good performance for web applications is generally a load time between 5-8 seconds. The key steps to optimize performance are to measure performance, diagnose bottlenecks, and fix issues at the JavaScript, code, database, server and network levels. Commonly used tools to diagnose performance include slow query logs, Yslow, PageSpeed and Webpagetest. Specific fixes involve techniques such as minifying files, using content delivery networks, improving code and database optimization, employing caching, and upgrading server hardware.
About real time system task scheduling basic concepts.It deals with task, instance,data sharing and their types.It also covers various important terminologies regarding scheduling algorithms.
Java is a programming language and computing platform first released by Sun Microsystems in 1995.Java is fast, secure, and reliable programming platform.
Improving Performance of Micro-Frontend Applications through Error MonitoringScyllaDB
Complexity breeds complexity. In complex applications, finding root cause errors and which application is at fault can be like finding a needle in a haystack. Often we allow them to "fall through" to a console which is even worse. Error monitoring our production code can help us find root cause errors, deploy fixes and reduce performance impacting bugs fast. Let's walk through some of the dos and don'ts I've learned when trying to reduce errors and improve performance in micro-frontend applications. In a microservices architecture, where a mobile or web app can be pulling data from up to 15 different microservice applications, troubleshooting performance issues is a complex task. Learn lessons from practical experience.
binder-for-linux is an experimental project to evaluate the feasibility of porting Android Binder IPC subsystem to Ubuntu Linux.
GitHub: https://github.com/hungys/binder-for-linux
Applying testing mindset to software developmentAndrii Dzynia
Software Development is a creative activity that requires focus. During coding session you as a programmer tends to make so many decision that sometimes force you to neglect 'unimportant details' that might sounds like specific use cases, unclear statements or somethings that won't gonna happen. In most cases the system even so complex that is not that easy to step out and see the whole picture, even from user's point of view. Historically software developers used to trust other people called testers to verify those 'details' from user's perspective before deploying into production. In order to have proper alignment inside the team dedicated 'QA step' added to the process. That obvious solution have some quick-wins with outcome of found bugs before releasing the software. But there are some tradeoffs, such as: slower delivery cycle, extra test documentation and GUI automated tests that are not that easy to maintain. During my talk I would like to share some insight and lessons we learned @ Spotify that helps us improving team's development productivity without losing quality of the product. Hopefully that will help your team as well or at least show one of the directions you might want to follow.
Spotify Engineering Culture:
https://labs.spotify.com/2014/03/27/spotify-engineering-culture-part-1/
https://labs.spotify.com/2014/09/20/spotify-engineering-culture-part-2/
Introduction to Java programming - Java tutorial for beginners to teach Java ...Duckademy IT courses
Check out the course: https://www.duckademy.com/course/java-programming Learn Java from scratch in an easy and entertaining way. The Easy-to-follow Java programming course on Duckademy was made for beginners. In this course we start at the very basics (from zero) and go through lots of interesting exercises and analogies that will take you to an advanced level. By the end of the course you will have all the knowledge needed to move on and specialize in Java. The course is easy to follow and things are well explained. Furthermore, to make your learning easier and more enjoyable throughout the course we will develop a nostalgic, text-based fantasy game.
The course is recommended to anyone who wants to learn Java. Ideal for those who are new to programming, but it can be useful and enjoyable for people who want to switch to Java from a different programming language.
By the end of the course you will be able to build simple, but fully functional programs. You will also gain all the knowledge needed to specialize in Java and become a well-payed Java expert later on.
Check out the course: https://www.duckademy.com/course/java-programming
Garbage First Garbage Collector (G1 GC) - Migration to, Expectations and Adva...Monica Beckwith
Learn what you need to know to experience nirvana in the evaluation of G1 GC even if your are migrating from Parallel GC to G1, or CMS GC to G1 GC
You also get a walk through of some case study data
G1 GC
This document discusses implementing a parallel merge sort algorithm using MPI (Message Passing Interface). It describes the background of MPI and how it can be used for communication between processes. It provides details on the dataset used, MPI functions for initialization, communication between processes, and summarizes the results which show a decrease in runtime when increasing the number of processors.
G1 Garbage Collector: Details and TuningSimone Bordet
This document provides an overview and details about the G1 garbage collector in Java. It begins with introductions of the author and an overview of G1. Key points include that G1 is designed to provide low pause times, works well with large heap sizes, and will become the default collector in JDK 9. The document then discusses various aspects of G1 including its memory layout using regions, young generation collection, remembered set and write barrier for tracking references, and concurrent marking approach for old generation collection. It provides advice on G1 logging, tuning and common issues. An example migration from CMS to G1 for an online chess application is also summarized.
This document provides an overview of the Metasploit framework, including what it is used for, its key capabilities, and basic terminology. Metasploit is an open-source penetration testing framework that contains exploits and tools to test vulnerabilities. It allows identifying security weaknesses without needing deep technical knowledge. The document defines common terms like vulnerabilities, exploits, and payloads, and outlines the basic steps of an attack using Metasploit such as gathering target information, selecting an exploit, and executing it.
Every enterprise has a multitude of existing systems - including on-premise as well as cloud solutions - that perform critical functions. Integrating data and services across these systems is critical for an enterprise to successfully implement its digital transformation efforts. Therefore, most often than not, enterprise integration is at the heart of any organization’s digital transformation strategy.
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2
Verifone's new payment terminal, called "Carbon", is an Android-based tablet that allows third-party app development and management of merchant devices. WSO2's open-source Enterprise Mobility Management (EMM) solution was chosen to monitor and manage the Carbon devices due to its flexibility and ability to customize the mobile device management agent and server. The EMM solution provides APIs to get device information, perform remote commands like locking devices and sending notifications, and scales horizontally across worker nodes for increased capacity.
WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...WSO2
At Proximus, the Enabling Company initiative (EnCo, https://www.enabling.be) is building a comprehensive ecosystem to support the connected business. The initiative integrates Proximus’ powerful telco assets and state-of-the-art networks to shape tomorrow’s business. Proximus EnCo enables companies by connecting the dots between things, telecommunications, cloud and big data.
This session will explore how RealDolmen designed the architecture for the EnCo platform. It will discuss how
The core of the platform is powered by two key products from WSO2’s offering: WSO2 API Manager and WSO2 Identity Server
These were specifically selected with the objective of realizing an ecosystem that should serve an API-driven economy, and support Identity-as-a-Service (IDaaS)
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...WSO2
“Think big, act small” – Its easy to develop a vision, but the path to achieve it from wherever you are right now often has many technical and non-technical barriers. WSO2, as an open source technology provider, helps many enterprises transform to provide better digital experiences to consumers, both internally and externally. In this closing keynote Asanka Abeysinghe, vice president of solutions architecture at WSO2, will share his experiences as a consultant and evangelist of digital transformation, and discuss a practical implementation model using an iterative approach.
WSO2Con USA 2017: Positioning WSO2 for Quicker UptakeWSO2
WSO2’s product packaging, positioning, and go-to-market activities are undergoing some significant evolution to make it easier to explain how WSO2 satisfies business needs. In this session we’ll share what motivated these changes and how we expect to bring new business with a fine tuned presentation of products, platforms, and subscription services.
WSO2Con USA 2017: Building a Successful Delivery Team for Customer SuccessWSO2
Ensuring customer success is the the highest priority when we engage with customers. We need to strive to get the customers into production within the shortest time possible to make sure they have sustainable use of WSO2 products. The key to success is to understand the right products for the solution, define an iterative architecture, come up with an agile engagement model and define clarity in terms of scope and acceptance.
The WSO2 Delivery team is well experienced in ensuring customer success with their experiences in the support and services space. Join this session to learn how to best position WSO2 products and learn some best practices in the engagement models.
WSO2Con USA 2017: DevOps Best Practices in 7 StepsWSO2
DevOps is increasingly becoming popular in the space of digital transformation and organizations are adotping DevOps practices to improve agility and reduce delivery time. Over the years when working with customers we understood some challenges they go through when implementing DevOps in their organizations. We also learnt many secrets on how to overcome challenges when implementing DevOps at WSO2.
During this talk Chamith will share things he learnt at WSO2 while engaging with Public Cloud and Managed Cloud operations in the form of 7 important areas or steps to consider when implementing DevOps in your enterprise.
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
This document discusses building a secure enterprise identity and access management system using WSO2 Identity Server. It covers the architecture of WSO2 Identity Server and how it implements standards like SAML, OAuth, OpenID Connect, XACML and SCIM. It describes how single sign-on and access control work across multiple service providers. It also discusses how to manage user identities across different systems using federated provisioning and integrating external user stores.
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2
The goal of West’s project is to provide a centralized identity and access management solution within West’s Interactive Services division that can be leveraged by the customer facing portal and several other web applications developed within the company. Apart from the several out-of-the-box features that West benefited from, WSO2 Identity Server had to be extended for certain other requirements. This session will go into the details of these extensions as it relates to multi-tenancy, role-based permissions and access control by product, as well as tenant subscription and entitlements.
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2
Customer experience is a key pillar of digital transformation. Nutanix is a leader in hyperconverged systems and the enterprise Cloud platform. Nutanix maintains multiple web portals for customer support, partner support, and the community. One of our top priorities is making the customer experience as simple and seamless as possible. We realized that we needed to create a more seamless sign-on experience for our portals and mobile apps if we wanted to maintain growth. Having a product that is open source, supported multiple security protocols, and can scale was key. This talk will focus on how WSO2 Identity Server checked all those requirements.
Identity and Access Management in the Era of Digital TransformationWSO2
Solutions for strong identity and access management (IAM), whether the user is a person or a device, is critical to the success of a digital business. And, because a variety of digital apps and services now span many ecosystems, federated identity management is that much more important for ensuring robust security without compromising usability and the customer’s experience.
The more systems you integrate while using a single identity, the weaker security becomes, creating high demand for multi-factor authentication and authorization. This makes IAM a necessity rather than an option when transforming digitally.
In this session, Prabath Siriwardena, director of security architecture at WSO2, explored the challenges of IAM that needs to be addressed when preparing your enterprise for digital transformation. He also explains why these are important considerations.
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2WSO2
The document summarizes WSO2's partner program, which aims to engage systems integrators and other partners. It outlines the different partnership levels and requirements, as well as the enablement, certification, marketing support, and sales engagement processes available to partners. The goal is for partners to help expand WSO2's reach and generate new opportunities through joint solutions, services, and large transformational projects. Suggestions from partners on how to improve the program are also requested.
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2
The middleware market has been constantly growing to address various technology challenges and business demands. The current demand of digital transformation requires advanced middleware capabilities (such as high performance enterprise service buses [ESBs] and API gateways). However, the legacy integration approach doesn’t provide features required to fulfill these digital needs. At the same time, integration modernization has its own challenge of retiring the existing solution without impacting the business operations. This session will tell the story of successful middleware modernization with the help of WSO2 ESB platform.
The take-away of this session would be on common challenges, strategy, processes, architecture frameworks, lessons learned and final achievements.
WSO2Con USA 2017: Keynote - The Blockchain’s Digital DisruptionWSO2
Almost a decade ago, little-known open-source cryptocurrency called Bitcoin made its debut with little fanfare. Its underlying technological innovation has now caught the world’s attention; developers, startups, corporations, academic institutions, and governments are all examining what blockchain technology can solve. Currency, assets, identity, trade settlement, cross-border payments, privacy and regulation are areas being explored. This session will explore the past, present, and future of blockchain technology and how it may influence your business.
Ballerina, announced at WSO2Con 2017 in San Francisco, is a brand new programming language built from the ground to make it easier to design, describe and develop programs. It uses a unique visual approach allows you to create programs and integrate services and apps via sequence diagrams. In this slide deck, Sanjiva Weerawarana, CEO of WSO2, explains the workings of Ballerina and how it'll impact the future of integration.
Try it now and experience its capabilities at: http://ballerinalang.org/
This document summarizes new features introduced in Java 7 and 8. In Java 7, key additions included underscores in numeric literals to improve readability, using strings in switch statements, the diamond operator to reduce generics syntax, multi-catch exception handling, and try-with-resources to automatically close resources. Java 8 focused on lambda expressions to concisely represent interfaces, default methods to add interface methods without breaking existing implementations, and method references to reference methods without executing them.
WSO2Con US 2013 - Unleashing your Connected BusinessWSO2
This document discusses WSO2's vision and strategy for helping enterprises become connected businesses. It summarizes WSO2's history of building middleware from scratch using an open source component-based approach. WSO2 offers their middleware stack for on-premise, private cloud, and public cloud deployments so that businesses can develop applications once and deploy them anywhere. The document outlines how WSO2 helps break down legacy systems into APIs and services to facilitate internal and external connectivity. It also introduces their cloud products and strategies to provide a self-service environment for composing and executing business processes on-demand across deployment models.
Using GPUs to Achieve Massive Parallelism in Java 8Dev_Events
Adam Roberts, IBM Spark Team Lead – Runtimes, IBM Cloud
Graphic processing units (GPUs) are not limited to traditional scene rendering tasks. They can play a
huge role in accelerating applications that have a large number of parallelizable tasks.
Learn how Java can exploit the power of GPUs to optimize high-performance enterprise and technical
computing applications such as big data and analytics workloads, through both explicit GPU
programming and letting the Java JIT compiler transparently off-load work to the GPU.
This presentation covers the principles and considerations for GPU programming from Java and looks at
the software stack and developer tools available. After this talk you will be ready to extract the full
power of GPUs from your own application. We will present a demo showing GPU acceleration and
discuss what is coming in the future.
This document discusses key concepts in WSO2 Enterprise Service Bus including mediators, sequences, endpoints, proxy services, and API management. It describes how mediators can transform and route messages through a sequence. Endpoints define references to services and set constraints. Proxy services receive and route client requests to backend services. APIs expose resources through HTTP and can be restricted with URI templates.
Java Performance and Using Java Flight RecorderIsuru Perera
Slides used for an internal training. Explains why throughput and latency are important when measuring performance. How Java Flight Recording can be used to analyze performance issues.
Software Profiling: Java Performance, Profiling and FlamegraphsIsuru Perera
Guest lecture at University of Colombo School of Computing on 30th May 2018
Covers following topics:
Software Profiling
Measuring Performance
Java Garbage Collection
Sampling vs Instrumentation
Java Profilers. Java Flight Recorder
Java Just-in-Time (JIT) compilation
Flame Graphs
Linux Profiling
Software Profiling: Understanding Java Performance and how to profile in JavaIsuru Perera
Guest lecture at University of Colombo School of Computing on 27th May 2017
Covers following topics:
Software Profiling
Measuring Performance
Java Garbage Collection
Sampling vs Instrumentation
Java Profilers. Java Flight Recorder
Java Just-in-Time (JIT) compilation
Flame Graphs
Linux Profiling
Profiling is a technique used to analyze the performance and behavior of software applications. It involves measuring aspects like memory usage, CPU time, disk I/O, and counting function calls of a program during execution. This helps identify bottlenecks and optimize applications. There are various Java profiling tools available like Java VisualVM, Java Mission Control, and JProfiler that help analyze performance metrics and JIT compilation logs. Profiling is important for improving software performance by reducing latency and increasing throughput through optimizations informed by profiling results.
This document provides an overview and agenda for the "Busy Java Developer's Guide to WebSphere Debugging & Troubleshooting" presentation. The presentation covers various WebSphere Application Server components, troubleshooting tools like IBM Support Assistant, JVM troubleshooting tools, problem determination tools, common problem scenarios, how customers run into trouble, and includes a demo and Q&A section. It provides an in-depth look at debugging and resolving issues with WebSphere Application Server.
DevoxxUK: Optimizating Application Performance on KubernetesDinakar Guniguntala
Now that you have your apps running on K8s, wondering how to get the response time that you need ? Tuning a polyglot set of microservices to get the performance that you need can be challenging in Kubernetes. The key to overcoming this is observability. Luckily there are a number of tools such as Prometheus that can provide all the metrics you need, but here is the catch, there is so much of data and metrics that is difficult make sense of it all. This is where Hyperparameter tuning can come to the rescue to help build the right models.
This talk covers best practices that will help attendees
1. To understand and avoid common performance related problems.
2. Discuss observability tools and how they can help identify perf issues.
3. Look closer into Kruize Autotune which is a Open Source Autonomous Performance Tuning Tool for Kubernetes and where it can help.
Spark Streaming Recipes and "Exactly Once" Semantics RevisedMichael Spector
This document discusses stream processing with Apache Spark. It begins with an overview of Spark Streaming and its advantages over other frameworks like low latency and rich APIs. It then covers core Spark Streaming concepts like windowing and achieving "exactly once" semantics through checkpointing and write ahead logs. The document presents two examples of using Spark Streaming for analytics and aggregation with transactional and snapshotted approaches. It concludes with notes on deployment with Mesos/Marathon and performance tuning Spark Streaming jobs.
Google App Engine is a PaaS that allows developers to build and host web applications in the Google cloud. The document summarizes a workshop on using the Java runtime environment on GAE. It discusses the SDKs, deploying and managing apps on GAE, data storage using the datastore, and limitations like the 30-second request limit. The biggest benefits of GAE are scalability and low startup costs, while the hardest limit is the 30-second request processing time.
Performance Tuning Oracle Weblogic Server 12cAjith Narayanan
The document summarizes techniques for monitoring and tuning Oracle WebLogic server performance. It discusses monitoring operating system metrics like CPU, memory, network and I/O usage. It also covers monitoring and tuning the Java Virtual Machine, including garbage collection. Specific tools are outlined for monitoring servers like the WebLogic admin console, and command line JVM tools. The document provides tips for configuring domain and server parameters to optimize performance, including enabling just-in-time starting of internal applications, configuring stuck thread handling, and setting connection backlog buffers.
WebSphere Technical University: Introduction to the Java Diagnostic ToolsChris Bailey
IBM provides a number of free tools to assist in monitoring and diagnosing issues when running
any Java application - from Hello World to IBM or third-party, middleware-based applications. This
session introduces attendees to those tools, highlights how they have been extended with IBM
middleware product knowledge, how they have been integrated into IBM’s development tools,
and how to use them to investigate and resolve real-world problem scenarios
Presented at the WebSphere Technical University 2014, Dusseldorf
This presentation was given to the system adminstration team to give them an idea of how GC works and what to look for when there is abottleneck and troubles.
The objective of this article is to describe what to monitor in and around Alfresco in order to have a good understanding of how the applications are performing and to be aware of potential issues.
With tens of thousands of Java servers running in production in enterprise, Java has become a language of choice for building production systems. If our machines are to exhibit acceptable performance, they require regular tuning.This talk takes a detailed look at techniques for tuning a Java Server.
Boosting spark performance: An Overview of TechniquesAhsan Javed Awan
This document provides an overview of techniques to boost Spark performance, including:
1) Phase 1 focused on memory management, code generation, and cache-aware algorithms which provided 5-30x speedups
2) Phase 2 focused on whole-stage code generation and columnar in-memory support which are now enabled by default in Spark 2.0+
3) Additional techniques discussed include choosing an optimal garbage collector, using multiple small executors, exploiting data locality, disabling hardware prefetchers, and keeping hyper-threading on.
This document discusses various tools and techniques for optimizing Android app performance. It describes tools in Android Studio like Lint, DDMS, Developer Options, Hierarchy Viewer and Systrace that can help detect and fix issues like memory leaks, GPU overdraw and inefficient code. It also provides code snippets and tips to write optimized code through best practices like using static final for constants and avoiding unnecessary object creation. The goal is to analyze, improve and smooth out an app's performance through optimization.
The document discusses the importance of performance and load testing web applications. It defines performance as how fast, robust, and resource-effective a system is. Load testing involves stressing an application with simulated user load to determine its capacity and stability under heavy usage. The document outlines best practices for load testing methodology, tooling, and interpreting results to optimize performance. It promotes using an asynchronous, non-blocking tool like Gatling for efficient, maintainable load testing that provides meaningful reports.
Flink Forward SF 2017: Malo Deniélou - No shard left behind: Dynamic work re...Flink Forward
The Apache Beam programming model is designed to support several advanced data processing features such as autoscaling and dynamic work rebalancing. In this talk, we will first explain how dynamic work rebalancing not only provides a general and robust solution to the problem of stragglers in traditional data processing pipelines, but also how it allows autoscaling to be truly effective. We will then present how dynamic work rebalancing works as implemented in the Google Cloud Dataflow runner and which path other Apache Beam runners link Apache Flink can follow to benefit from it.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
Home security is of paramount importance in today's world, where we rely more on technology, home
security is crucial. Using technology to make homes safer and easier to control from anywhere is
important. Home security is important for the occupant’s safety. In this paper, we came up with a low cost,
AI based model home security system. The system has a user-friendly interface, allowing users to start
model training and face detection with simple keyboard commands. Our goal is to introduce an innovative
home security system using facial recognition technology. Unlike traditional systems, this system trains
and saves images of friends and family members. The system scans this folder to recognize familiar faces
and provides real-time monitoring. If an unfamiliar face is detected, it promptly sends an email alert,
ensuring a proactive response to potential security threats.
Supermarket Management System Project Report.pdfKamal Acharya
Supermarket management is a stand-alone J2EE using Eclipse Juno program.
This project contains all the necessary required information about maintaining
the supermarket billing system.
The core idea of this project to minimize the paper work and centralize the
data. Here all the communication is taken in secure manner. That is, in this
application the information will be stored in client itself. For further security the
data base is stored in the back-end oracle and so no intruders can access it.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
2. Measuring Performance
We need a way to measure the performance:
o To understand how the system behaves
o To see performance improvements after doing
any optimizations
There are two key performance metrics.
o Latency
o Throughput
3. What is Throughput?
Throughput measures the number of messages
that a server processes during a specific time
interval (e.g. per second).
Throughput is calculated using the equation:
Throughput = number of requests / time to
complete the requests
6. Tuning Java Applications
We need to have a very high throughput and very low
latency values.
There is a tradeoff between throughput and latency. With
more concurrent users, the throughput increases, but the
average latency will also increase.
Usually, you need to achieve maximum throughput while
keeping latency within some acceptable limit. For eg: you
might choose maximum throughput in a range where
latency is less than 10ms
8. Latency Distribution
When measuring latency, it’s important to look at
the latency distribution: min, max, avg, median,
75th percentile, 98th percentile, 99th percentile
etc.
9. Longtail latencies
When high percentiles
have values much
greater than the average
latency
Source:
https://engineering.linkedin.com/performance/who-moved-m
y-99th-percentile-latency
10. Latency Numbers Every Programmer
Should Know
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
Read 1 MB sequentially from memory 250,000 ns 250 us
Round trip within same datacenter 500,000 ns 500 us
Read 1 MB sequentially from SSD* 1,000,000 ns 1,000 us 1 ms ~1GB/sec SSD, 4X memory
Disk seek 10,000,000 ns 10,000 us 10 ms 20x datacenter roundtrip
Read 1 MB sequentially from disk 20,000,000 ns 20,000 us 20 ms 80x memory, 20X SSD
Send packet CA->Netherlands->CA 150,000,000 ns 150,000 us 150 ms
11. Java Garbage Collection
Java automatically allocates memory for our
applications and automatically deallocates
memory when certain objects are no longer
used.
"Automatic Garbage Collection" is an important
feature in Java.
12. Marking and Sweeping Away Garbage
GC works by first marking all used objects in the
heap and then deleting unused objects.
GC also compacts the memory after deleting
unreferenced objects to make new memory
allocations much easier and faster.
13. GC roots
o JVM references GC roots, which refer the
application objects in a tree structure. There are
several kinds of GC Roots in Java.
o Local Variables
o Active Java Threads
o Static variables
o JNI references
o When the application can reach these GC roots,
the whole tree is reachable and GC can
determine which objects are the live objects.
14. Java Heap Structure
Java Heap is divided into generations based on
the object lifetime.
Following is the general structure of the Java
Heap. (This is mostly dependent on the type of
collector).
15. Young Generation
o Young Generation usually has Eden and
Survivor spaces.
o All new objects are allocated in Eden Space.
o When this fills up, a minor GC happens.
o Surviving objects are first moved to survivor
spaces.
o When objects survives several minor GCs
(tenuring threshold), the relevant objects are
eventually moved to the old generation.
16. Old Generation
o This stores long surviving objects.
o When this fills up, a major GC (full GC)
happens.
o A major GC takes a longer time as it has to
check all live objects.
17. Permanent Generation
o This has the metadata required by JVM.
o Classes and Methods are stored here.
o This space is included in a full GC.
18. Java 8 and PermGen
In Java 8, the permanent generation is not a part
of heap.
The metadata is now moved to native memory to
an area called “Metaspace”
There is no limit for Metaspace by default
19. "Stop the World"
o For some events, JVM pauses all application
threads. These are called Stop-The-World
(STW) pauses.
o GC Events also cause STW pauses.
o We can see application stopped time with GC
logs.
20. GC Logging
o There are JVM flags to log details for each GC.
o -XX:+PrintGC - Print messages at garbage collection
o -XX:+PrintGCDetails - Print more details at garbage
collection
o -XX:+PrintGCTimeStamps - Print timestamps at garbage
collection
o -XX:+PrintGCApplicationStoppedTime - Print the
application GC stopped time
o -XX:+PrintGCApplicationConcurrentTime - Print the
application GC concurrent time
o The GCViewer is a great tool to view GC logs
21. Java Memory Usage
Init - initial amount of memory that the JVM
requests from the OS for memory management
during startup.
Used - amount of memory currently used
Committed - amount of memory that is
guaranteed to be available for use by the JVM
Max - maximum amount of memory that can be
used for memory management.
22. JDK Tools and Utilities
o Basic Tools (java, javac, jar)
o Security Tools (jarsigner, keytool)
o Java Web Service Tools (wsimport, wsgen)
o Java Troubleshooting, Profiling, Monitoring and
Management Tools (jcmd, jconsole, jmc,
jvisualvm)
23. Java Troubleshooting, Profiling, Monitoring
and Management Tools
o jcmd - JVM Diagnostic Commands tool
o jconsole - A JMX-compliant graphical tool for
monitoring a Java application
o jvisualvm – Provides detailed information about the
Java application. It provides CPU & Memory profiling,
heap dump analysis, memory leak detection etc.
o jmc – Tools to monitor and manage Java applications
without introducing performance overhead
24. Java Experimental Tools
o Monitoring Tools
o jps – JVM Process Status Tool
o jstat – JVM Statistics Monitoring Tool
o Troubleshooting Tools
o jmap - Memory Map for Java
o jhat - Heap Dump Browser
o jstack – Stack Trace for Java
jstat -gcutil <pid>
sudo jmap -heap <pid>
sudo jmap -F -dump:format=b,file=/tmp/dump.hprof <pid>
jhat /tmp/dump.hprof
25. Java Ergonomics and JVM Flags
Java Virtual Machine can tune itself depending on
the environment and this smart tuning is referred
to as Ergonomics.
When tuning Java, it's important to know which
values were used as default for Garbage
collector, Heap Sizes, Runtime Compiler by Java
Ergonomics
26. Printing Command Line Flags
We can use "-XX:+PrintCommandLineFlags" to
print the command line flags used by the JVM.
This is a useful flag to see the values selected by
Java Ergonomics.
eg:
$ java -XX:+PrintCommandLineFlags -version
-XX:InitialHeapSize=128884992 -XX:MaxHeapSize=2062159872 -XX:+PrintCommandLineFlags
-XX:+UseCompressedClassPointers -XX:+UseCompressedOops -XX:+UseParallelGC
java version "1.8.0_102"
Java(TM) SE Runtime Environment (build 1.8.0_102-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.102-b14, mixed mode)
27. Use following command to see the default values
java -XX:+PrintFlagsInitial -version
Use following command to see the final values.
java -XX:+PrintFlagsFinal -version
The values modified manually or by Java
Ergonomics are shown with “:=”
java -XX:+PrintFlagsFinal -version |
grep ':='
http://isuru-perera.blogspot.com/2015/08/java-ergonomics-and-jvm-flags.html
Printing Initial & Final JVM Flags
28. What is Profiling?
Here is what wikipedia says:
In software engineering, profiling ("program profiling",
"software profiling") is a form of dynamic program
analysis that measures, for example, the space
(memory) or time complexity of a program, the usage of
particular instructions, or the frequency and duration of
function calls. Most commonly, profiling information
serves to aid program optimization.
https://en.wikipedia.org/wiki/Profiling_(computer_programming)
29. What is Profiling?
Here is what wikipedia says:
Profiling is achieved by instrumenting either the program
source code or its binary executable form using a tool
called a profiler (or code profiler). Profilers may use a
number of different techniques, such as event-based,
statistical, instrumented, and simulation methods.
https://en.wikipedia.org/wiki/Profiling_(computer_programming)
30. Why do we need Profiling?
o Improve throughput (Maximizing the
transactions processed per second)
o Improve latency (Minimizing the time taken to
for each operation)
o Find performance bottlenecks
31. Java Profiling Tools
Survey by RebelLabs in 2016:
http://pages.zeroturnaround.com/RebelLabs-Developer-Productivity-Report-2016.html
32. Java Profiling Tools
Java VisualVM - Available in JDK
Java Mission Control - Available in JDK
JProfiler - A commercially licensed Java profiling
tool developed by ej-technologies
Honest Profiler - Open Source Sampling CPU
profiler
33. How Profilers Work?
Generic profilers rely on the JVMTI spec
JVMTI offers only safepoint sampling stack trace
collection options
34. Safepoints
A safepoint is a moment in time when a thread’s
data, its internal state and representation in the
JVM are, well, safe for observation by other
threads in the JVM.
● Between every 2 bytecodes (interpreter mode)
● Backedge of non-’counted’ loops
● Method exit
● JNI call exit
35. Measuring Methods for CPU Profiling
Sampling: Monitor running code externally and
check which code is executed
Instrumentation: Include measurement code into
the real code
36. Profiling Applications with Java VisualVM
CPU Profiling: Profile the performance of the
application.
Memory Profiling: Analyze the memory usage of
the application.
37. Java Mission Control
o A set of powerful tools running on the Oracle
JDK to monitor and manage Java applications
o Free for development use (Oracle Binary Code
License)
o Available in JDK since Java 7 update 40
o Supports Plugins
o Two main tools
o JMX Console
o Java Flight Recorder
38. Sampling vs. Instrumentation
Sampling:
o Overhead depends on the sampling interval
o Can see execution hotspots
o Can miss methods, which returns faster than
the sampling interval.
Instrumentation:
o Precise measurement for execution times
o More data to process
39. Sampling vs. Instrumentation
o Java VisualVM uses both sampling and
instrumentation
o Java Flight Recorder uses sampling for hot
methods
o JProfiler supports both sampling and
instrumentation
40. Problems with Profiling
o Runtime Overhead
o Interpretation of the results can be difficult
o Identifying the "crucial“ parts of the software
o Identifying potential performance improvements
41. Java Flight Recorder (JFR)
o A profiling and event collection framework built
into the Oracle JDK
o Gather low level information about the JVM and
application behaviour without performance
impact (less than 2%)
o Always on Profiling in Production Environments
o Engine was released with Java 7 update 4
o Commercial feature in Oracle JDK
42. JFR Events
o JFR collects data about events.
o JFR collects information about three types of
events:
o Instant events – Events occurring instantly
o Sample (Requestable) events – Events with a user
configurable period to provide a sample of system
activity
o Duration events – Events taking some time to occur.
The event has a start and end time. You can set a
threshold.
43. Java Flight Recorder Architecture
JFR is comprised of the following components:
o JFR runtime - The recording engine inside the
JVM that produces the recordings.
o Flight Recorder plugin for Java Mission Control
(JMC)
44. Enabling Java Flight Recorder
Since JFR is a commercial feature, we must
unlock commercial features before trying to run
JFR.
So, you need to have following arguments.
-XX:+UnlockCommercialFeatures
-XX:+FlightRecorder
45. Dynamically enabling JFR
If you are using Java 8 update 40 (8u40) or later,
you can now dynamically enable JFR.
This is useful as we don’t need to restart the
server.
46. Improving the accuracy of JFR Method
Profiler
o An important feature of JFR Method Profiler is
that it does not require threads to be at safe
points in order for stacks to be sampled.
o Generally, the stacks will only be walked at safe
points.
o HotSpot JVM doesn’t provide metadata for
non-safe point parts of the code. Use following
to improve the accuracy.
o -XX:+UnlockDiagnosticVMOptions
-XX:+DebugNonSafepoints
47. JFR Event Settings
o There are two event settings by default in
Oracle JDK.
o Files are in $JAVA_HOME/jre/lib/jfr
o Continuous - default.jfc
o Profiling - profile.jfc
48. JFR Recording Types
o Time Fixed Recordings
o Fixed duration
o The recording will be opened automatically in JMC
at the end (If the recording was started by JMC)
o Continuous Recordings
o No end time
o Must be explicitly dumped
49. Running Java Flight Recorder
There are few ways we can run JFR.
o Using the JFR plugin in JMC
o Using the command line
o Using the Diagnostic Command
50. Running Java Flight Recorder
You can run multiple recordings concurrently and
have different settings for each recording.
However, the JFR runtime will use same buffers
and resulting recording contains the union of all
events for all recordings active at that particular
time.
This means that we might get more than we
asked for. (but not less)
51. Running JFR from JMC
o Right click on JVM and select “Start Flight
Recording”
o Select the type of recording: Time fixed /
Continuous
o Select the “Event Settings” template
o Modify the event options for the selected flight
recording template (Optional)
o Modify the event details (Optional)
52. Running JFR from Command Line
o To produce a Flight Recording from the
command line, you can use “-
XX:StartFlightRecording” option. Eg:
o -XX:StartFlightRecording=delay=20s,dura
tion=60s,name=Test,filename=recording.j
fr,settings=profile
o Settings are in $JAVA_HOME/jre/lib/jfr
o Use following to change log level
o -XX:FlightRecorderOptions=loglevel=info
53. Continuous recording from Command Line
o You can also start a continuous recording from
the command line using
-XX:FlightRecorderOptions.
o -XX:FlightRecorderOptions=defaultrecord
ing=true,disk=true,repository=/tmp,maxa
ge=6h,settings=default
54. The Default Recording
o Use default recording option to start a
continuous recording
o -XX:FlightRecorderOptions=defaultrecord
ing=true
o Default recording can be dumped on exit
o Only the default recording can be used with the
dumponexit and dumponexitpath parameters
o -XX:FlightRecorderOptions=defaultrecord
ing=true,dumponexit=true,dumponexitpath
=/tmp/dumponexit.jfr
55. Running JFR using Diagnostic Commands
o The command “jcmd” can be used
o Start Recording Example:
o jcmd <pid> JFR.start delay=20s duration=60s
name=MyRecording
filename=/tmp/recording.jfr
settings=profile
o Check recording
o jcmd <pid> JFR.check
o Dump Recording
o jcmd <pid> JFR.dump filename=/tmp/dump.jfr
name=MyRecording
56. Analyzing Flight Recordings
o JFR runtime engine dumps recorded data to
files with *.jfr extension
o These binary files can be viewed from JMC
o There are tab groups showing certain aspects
of the JVM and the Java application runtime
such as Memory, Threads, I/O etc.
57. JFR Tab Groups
o General – Details of the JVM, the system, and
the recording.
o Memory - Information about memory & garbage
collection.
o Code - Information about methods, exceptions,
compilations, and class loading.
58. JFR Tab Groups
o Threads - Information about threads and locks.
o I/O: Information about file and socket I/O.
o System: Information about environment
o Events: Information about the event types in the
recording
59. Java Just-In-Time (JIT) compiler
Java code is usually compiled into platform
independent bytecode (class files)
The JVM is able to load the class files and
execute the Java bytecode via the Java
interpreter.
Even though this bytecode is usually interpreted,
it might also be compiled into native machine
code using the JVM's Just-In-Time (JIT)
compiler.
60. Java Just-In-Time (JIT) compiler
Unlike the normal compiler, the JIT compiler
compiles the code (bytecode) only when required.
With JIT compiler, the JVM monitors the methods
executed by the interpreter and identifies the “hot
methods” for compilation. After identifying the Java
method calls, the JVM compiles the bytecode into
a more efficient native code.
62. JITWatch
The JITWatch tool can analyze the compilation
logs generated with the “-XX:+LogCompilation”
flag.
The logs generated by LogCompilation are
XML-based and has lot of information related to
JIT compilation. Hence these files are very large.
https://github.com/AdoptOpenJDK/jitwatch
63. Flame Graphs
o Flame graphs are a visualization of profiled
software, allowing the most frequent code-paths
to be identified quickly and accurately.
o Flame Graphs can be generated using
https://github.com/brendangregg/FlameGraph
o This creates an interactive SVG
http://www.brendangregg.com/flamegraphs.html
64. Types of Flame Graphs
o CPU
o Memory
o Off-CPU
o Hot/Cold
o Differential
65. Flame Graph: Definition
o The x-axis shows the stack profile population, sorted alphabetically
o The y-axis shows stack depth
o The top edge shows what is on-CPU, and beneath it is its ancestry
o Each rectangle represents a stack frame.
o Box width is proportional to the total time a function was profiled directly or
its children were profiled
66. Flame Graphs with Java Flight Recordings
o We can generate CPU Flame Graphs from a
Java Flight Recording
o Program is available at GitHub:
https://github.com/chrishantha/jfr-flame-graph
o The program uses the (unsupported) JMC
Parser
67. Generating a Flame Graph using JFR dump
o JFR has Method Profiling Samples
o You can view those in “Hot Methods” and “Call Tree”
tabs
o A Flame Graph can be generated using these
Method Profilings Samples
68. Profiling a Sample Program
o Get Sample “highcpu” program from
https://github.com/chrishantha/sample-jav
a-programs
o Checkout v0.0.1 tag and build
o Get a Profiling Recording
o java -XX:+UnlockDiagnosticVMOptions -XX:+DebugNonSafepoints -XX:+UnlockCommercialFeatures
-XX:+FlightRecorder
-XX:StartFlightRecording=delay=20s,duration=1m,name=Profiling,filename=highcpu_profiling.jfr,settings=
profile -jar target/highcpu-0.0.1.jar
70. Java Mixed-Mode Flame Graphs
o With Java Profilers, we can get information
about Java process only.
o However with Java Mixed-Mode Flame Graphs,
we can see how much CPU time is spent in
Java methods, system libraries and the kernel.
o Mixed-mode means that the Flame Graph
shows profile information from both system
code paths and Java code paths.
72. The Problem with Java and Perf
o perf needs the Java symbol table
o JVM doesn’t preserve frame pointers by default
o Run sample program
o java -jar target/highcpu-0.0.1.jar --exit-timeout 600
o Run perf record
o sudo perf record -F 99 -g -p `pgrep -f highcpu`
o Display trace output
o sudo perf script
73. Preserving Frame Pointers in JVM
o Run java program with the JVM flag
"-XX:+PreserveFramePointer"
o java -XX:+PreserveFramePointer -jar
target/highcpu-0.0.1.jar --exit-timeout 600
o This flag is working only on JDK 8 update 60
and above.
74. How to generate Java symbol table
o Use a java agent to generate method mappings
to use with the linux `perf` tool
o Clone & Build
https://github.com/jrudolph/perf-map-agent
o Create symbol map
o ./create-java-perf-map.sh `pgrep -f highcpu`
75. Generate Java Mixed Mode Flame Graph
o Run perf
o sudo perf record -F 99 -g -p `pgrep -f highcpu` --
sleep 60
o Create symbol map
o Generate Flame Graph
o sudo perf script > out.stacks
o $FLAMEGRAPH_DIR/stackcollapse-perf.pl
out.stacks | $FLAMEGRAPH_DIR/flamegraph.pl
--color=java --hash --width 1680 >
java-mixed-mode.svg
76. Java Mixed-Mode Flame Graphs
o Helps to understand
Java CPU Usage
o With Flame Graphs, we
can see both java and
system profiles
o Can profile GC as well
77. Does profiling matter?
Yes!
Most of the performance issues are in the
application code.
Early performance testing is key. Fix problems
while developing.