1. The document describes a communication system for the Singularity OS that uses message passing over channels as the sole means of inter-process communication.
2. Channels are bidirectional and consist of two endpoints that are statically typed. Channel contracts specify valid message types and sequences.
3. Safety is ensured through the use of a type-safe language and static verification that guarantees each block of shared memory is owned by only one thread at a time.
Simplify Distributed Systems with Frameworks from Enea Element - a whitepaper on how to design systems that are scalable, manageable, and highly available.
The document introduces distributed systems, defining them as collections of independent computers that appear as a single system to users, discusses the goals of transparency, openness, and scalability in distributed systems, and describes three main types - distributed computing systems for tasks like clustering and grids, distributed information systems for integrating applications, and distributed pervasive systems for mobile and embedded devices.
This study guide provides information to help students prepare for the CCNA exam through approximately 15-20 hours of study and memorization of concepts, questions, and answers. It covers key topics like the 7 layers of the OSI model and differences between connection-oriented and connectionless communication. The guide guarantees reimbursement for the purchase price if the student still fails the exam after following the provided instructions.
This document provides information on a distributed systems course, including its objectives, learning outcomes, synopsis, content outline, assessment, and grading points. The course aims to provide understanding of distributed systems and emphasize problems, principles, techniques, infrastructure, and applications. Key topics covered include communication, distributed objects, web services, security, naming/trading, time/coordination, concurrency control, transactions, and fault tolerance. Students will be assessed through coursework, a midterm, project, and final exam.
This document provides an overview of secure multimedia communications. It discusses various formats for images, audio, and video and considerations for securing multimedia content, including encryption, steganography, and watermarking. It also addresses challenges of multimedia security such as bandwidth requirements, throughput, packet loss, delay, and jitter. The document compares encryption, steganography, and watermarking and criteria for evaluating them such as visibility, robustness, and fragility.
How to Develop True Distributed Simulations? HLA & DDS InteroperabilityJose Carlos Diaz
Ā
This document discusses two publish/subscribe communication standards for distributed simulations: HLA and DDS. It introduces NCWare, a middleware developed by Nextel Engineering that unifies HLA and DDS. NCWare allows applications to interoperate between HLA and DDS by mapping data between their models and providing a single API. It also improves performance over HLA by using DDS as the underlying transport protocol while maintaining HLA semantics and services. NCWare provides a simple interface and real-time QoS capabilities to enable true distributed simulations using both HLA and DDS standards.
The real time publisher subscriber inter-process communication model for dist...yancha1973
Ā
1) The document proposes a real-time publisher/subscriber model for inter-process communication in distributed real-time systems.
2) In the model, processes publish and subscribe to messages using logical handles called distribution tags, without knowledge of senders/receivers.
3) An application programming interface is presented that allows processes to create/destroy tags, publish/receive messages, and query senders/receivers.
4) The model is fault-tolerant, supporting applications like clock synchronization across nodes and allowing processes to be upgraded online.
1. The document proposes an efficient Group Based Multicast Hierarchy (GBMH) algorithm using a Secure Ad hoc On Demand Distance Vector (SAODV) routing protocol to provide secure multicast communication in ad hoc networks.
2. The GBMH algorithm forms a multicast hierarchy by electing local controllers who manage subgroups and are responsible for local key management. This reduces the effect of membership changes.
3. Periodic updates of node join and leave information across the multicast hierarchy helps overcome issues of end-to-end delay and fault tolerance in multicast transmissions resulting from node mobility.
Simplify Distributed Systems with Frameworks from Enea Element - a whitepaper on how to design systems that are scalable, manageable, and highly available.
The document introduces distributed systems, defining them as collections of independent computers that appear as a single system to users, discusses the goals of transparency, openness, and scalability in distributed systems, and describes three main types - distributed computing systems for tasks like clustering and grids, distributed information systems for integrating applications, and distributed pervasive systems for mobile and embedded devices.
This study guide provides information to help students prepare for the CCNA exam through approximately 15-20 hours of study and memorization of concepts, questions, and answers. It covers key topics like the 7 layers of the OSI model and differences between connection-oriented and connectionless communication. The guide guarantees reimbursement for the purchase price if the student still fails the exam after following the provided instructions.
This document provides information on a distributed systems course, including its objectives, learning outcomes, synopsis, content outline, assessment, and grading points. The course aims to provide understanding of distributed systems and emphasize problems, principles, techniques, infrastructure, and applications. Key topics covered include communication, distributed objects, web services, security, naming/trading, time/coordination, concurrency control, transactions, and fault tolerance. Students will be assessed through coursework, a midterm, project, and final exam.
This document provides an overview of secure multimedia communications. It discusses various formats for images, audio, and video and considerations for securing multimedia content, including encryption, steganography, and watermarking. It also addresses challenges of multimedia security such as bandwidth requirements, throughput, packet loss, delay, and jitter. The document compares encryption, steganography, and watermarking and criteria for evaluating them such as visibility, robustness, and fragility.
How to Develop True Distributed Simulations? HLA & DDS InteroperabilityJose Carlos Diaz
Ā
This document discusses two publish/subscribe communication standards for distributed simulations: HLA and DDS. It introduces NCWare, a middleware developed by Nextel Engineering that unifies HLA and DDS. NCWare allows applications to interoperate between HLA and DDS by mapping data between their models and providing a single API. It also improves performance over HLA by using DDS as the underlying transport protocol while maintaining HLA semantics and services. NCWare provides a simple interface and real-time QoS capabilities to enable true distributed simulations using both HLA and DDS standards.
The real time publisher subscriber inter-process communication model for dist...yancha1973
Ā
1) The document proposes a real-time publisher/subscriber model for inter-process communication in distributed real-time systems.
2) In the model, processes publish and subscribe to messages using logical handles called distribution tags, without knowledge of senders/receivers.
3) An application programming interface is presented that allows processes to create/destroy tags, publish/receive messages, and query senders/receivers.
4) The model is fault-tolerant, supporting applications like clock synchronization across nodes and allowing processes to be upgraded online.
1. The document proposes an efficient Group Based Multicast Hierarchy (GBMH) algorithm using a Secure Ad hoc On Demand Distance Vector (SAODV) routing protocol to provide secure multicast communication in ad hoc networks.
2. The GBMH algorithm forms a multicast hierarchy by electing local controllers who manage subgroups and are responsible for local key management. This reduces the effect of membership changes.
3. Periodic updates of node join and leave information across the multicast hierarchy helps overcome issues of end-to-end delay and fault tolerance in multicast transmissions resulting from node mobility.
Wireless systems have been under an evolutionary process along the time, in order
to satisfy the demanding user needs of these types of systems. Those needs and inquiries
of wireless markets have grown considerably in a short time. This fast market growth
has pushed companies to employ state of the art technology in order to use and share
trustworthy databases in an instantaneous and imperceptible way for the *nal user.
Ad Hoc mobile networks are being developed and implemented in order to solve and
satisfy the needs and problems of mobile users. This technology can be an actual solution
in which users demands good quality of service (QoS) in their personal communications
and internet devises, according to the current and future market needs.
Code Division Multiple Access (CDMA) seems to be the future wireless interface and,
because of its characteristics, it could play an important role in future communications
systems. Operational characteristics allow CDMA to be considered an adequate access
method for conventional and Ad Hoc networking systems. As a mentioned above, this work
will base its access method on CDMA, where the main limiting factor is the interference,
so here we will characterize the interference and the outage probability for an ad hoc linear
network for di*erent scenarios and di*erent physical conditions.
This document contains slides related to Chapter 3 of the textbook "Distributed Systems: Concepts and Design" covering networking and internetworking concepts. The slides include diagrams of network performance over distance, conceptual layering of protocol software, encapsulation in layered protocols, the OSI reference model layers, examples of protocols for each OSI layer, internetwork layers, routing in wide area networks, routing tables, a routing algorithm pseudocode, examples of network topologies, IP addressing structures, IP packet layout, network address translation, IPv6 improvements, mobile IP routing, and firewall configurations.
The document provides an overview of computer networks and networking concepts. It discusses what a network is, different types of networks including local area networks (LANs), metropolitan area networks (MANs), and wide area networks (WANs). It also describes the Open Systems Interconnection (OSI) model and its seven layers. Finally, it discusses reference models for networking including the OSI model and TCP/IP model, and provides examples of different types of networks.
The document provides an introduction to computer networks. It discusses what a network is, why networks are needed, and how they are classified based on scale, connection method, and relationship. The key types of networks covered are personal area networks, local area networks, campus area networks, metropolitan area networks, wide area networks, and virtual private networks. Basic network hardware components are also introduced.
The document summarizes key concepts about networking and internetworking:
1. It discusses important network performance parameters like latency, data transfer rate, and bandwidth that affect the speed of message transmission.
2. It describes how networks are layered with different protocols at each layer, and how messages are encapsulated as they pass through layers.
3. It explains the basic concepts of internetworking like addressing schemes, routing, and protocols that allow integration of multiple interconnected networks.
4. It provides an overview of TCP/IP layers and protocols, and how messages are encapsulated as they are transmitted over networks.
A DDS-Based Scalable and Reconfigurable Framework for Cyber-Physical Systemsijseajournal
Ā
Cyber-Physical Systems (CPSs) involve the interconnection of heterogeneous computing devices which are
closely integrated with the physical processes under control. Often, these systems are resource-constrained
and require specific features such as the ability to adapt in a timeliness and efficient fashion to dynamic
environments. Also, they must support fault tolerance and avoid single points of failure. This paper
describes a scalable framework for CPSs based on the OMG DDS standard. The proposed solution allows
reconfiguring this kind of systems at run-time and managing efficiently their resources.
The document discusses error detection and correction techniques for improving memory reliability. It introduces decimal matrix code (DMC) which uses decimal integer addition and subtraction to detect errors, providing enhanced memory reliability with lower overhead compared to other codes. DMC divides the data word into a matrix and adds check bits to rows and columns. This allows it to detect and correct multiple bit errors caused by phenomena like cosmic rays, providing reliability for applications like space systems and deep sub-micron technologies vulnerable to soft errors. The document reviews challenges to memory cell reliability from technology scaling and existing error correcting codes, motivating the proposed DMC technique.
HANDLING CROSS-LAYER ATTACKS USING NEIGHBORS MONITORING SCHEME AND SWARM INTE...Editor IJCATR
Ā
The standard MAC protocol widely used for Mobile Adhoc Networks (MANETs) is IEEE 802.11.
When attacks in MAC layer are left as such without paying attention, it could possibly disturb channel access and
consequently may cause wastage of resources in terms of bandwidth and power. In this paper, a swarm based detection
and defense technique is proposed for routing and MAC layer attacks in MANET. Using forward and backward ants,
the technique obtains mean value of nodes between the first received RREQ and RREP packets. Based on this
estimation, the source node decides the node as valid or malicious. Moreover the MAC layer parameters namely
number of neighbors identified by the MAC layer, number of neighbors identified by the routing layer, the number of
recent MAC receptions and the number of recent routing protocol receptions are used to determine the node state. The
source node uses these two node state estimation techniques to construct the reliable path to the destination. This
proposed technique improves the network performance and at the same time prevents attackers intelligently.
The document discusses implementing the Delay Tolerant Networking (DTN) architecture. It describes developing a reference implementation of DTN that serves both as a research platform and deployable system. This posed challenges, as some aspects of the DTN model were underspecified. The document clarifies treatment of mobile nodes and regions in the network model. It represents data mules that transport messages physically as nodes rather than links in the network graph.
This document summarizes various software complexity measures. It discusses code-based complexity measures like Halstead's software metrics and McCabe's cyclomatic complexity measure. It also examines cognitive complexity measures that consider human factors like KLCID, cognitive functional size, and cognitive information complexity. Code-based measures evaluate complexity based on attributes like program size, flow, and module interfaces. Cognitive measures attempt to quantify the effort required for a person to understand software based on inputs, outputs, and internal processing. The document provides definitions and formulas for calculating several complexity metrics and compares their approaches to measuring software complexity.
This document summarizes a research paper that proposes a replica placement scheme called MAXDISJOINT for tree-based routing distributed hash tables (DHTs). MAXDISJOINT aims to create route diversity between replicas to improve routing robustness against node failures or attacks. The paper proves that MAXDISJOINT creates disjoint routes and evaluates its performance using simulations of the Pastry DHT. Simulation results show that with MAXDISJOINT placement, lookups can still succeed with a high probability even when a significant portion of the network is compromised. The paper also explores using a technique called neighbor set routing to further increase route diversity.
Advancements in Complementary Metal Oxide Semiconductor (CMOS) technology have enabled Wireless Sensor Networks (WSN) to gather, process and transport multimedia (MM) data as well and not just limited to handling ordinary scalar data anymore. This new generation of WSN type is called Wireless Multimedia Sensor Networks (WMSNs). Better and yet relatively cheaper sensors ā sensors that are able to sense both scalar data and multimedia data with more advanced functionalities such as being able to handle rather intense computations easily - have sprung up. In this paper, the applications, architectures, challenges and issues faced in the design of WMSNs are explored. Security and privacy issues, over all requirements, proposed and implemented solutions so far, some of the successful achievements and other related works in the field are also highlighted. Open research areas are pointed out and a few solution suggestions to the still persistent problems are made, which, to the best of my knowledge, so far havenāt been explored yet.
CURRENT TRENDS AND FUTURE ASPECTS IN CROSSLAYER DESIGN FOR THE WIRELESS NETWORKScscpconf
Ā
Computer network today are becoming popular day by day in our day to day life. The users are
looking forward to use wireless technologies such as Bluetooth, WLANs based on the IEEE
802.11 Standards etc. that allow them to share information via wireless media. The user can
access the network to communicate with each other anywhere and anytime using the
communication devices. The wireless network has several advantages over the wired technologies like flexibility, mobility, cheaper and faster deployment, easier maintenance and upgrade procedures. Cross-layer design refers to protocol design done by actively exploiting the dependence between the protocol layers to obtain better network performance in terms of throughput, average end to end delay etc.. In this paper, we are providing a survey of different cross-layer proposals for wireless networks taking in account the ongoing research in this hot area. This article brief the readers an overview of cross-layer concept while discussing different cross-layer proposals given by researchers.
Designing Application over mobile environmentMaulik Patel
Ā
This document discusses various paradigms for distributed applications over mobile environments. It begins by introducing abstractions and some key characteristics of distributed systems like inter-process communication and event synchronization. It then covers several common paradigms like publish/subscribe, message passing using point-to-point messaging or message queues, shared spaces, and remote procedure calls. For each paradigm, it discusses concepts like decoupling, message passing, and how they apply to distributed systems and mobility.
Indirect communication allows entities in a distributed system to communicate through an intermediary with no direct coupling. It provides space uncoupling, where senders and receivers do not need to know each other's identities, and time uncoupling, where they can have independent lifetimes. Group communication offers message delivery to all members of a group, with the sender unaware of receiver identities. Publish-subscribe systems allow asynchronous, heterogeneous communication through event notifications, decoupling publishers and subscribers. Message queues also provide asynchronous communication but are more tightly coupled with guaranteed message delivery.
Strategies and Metric for Resilience in Computer Networksdmarinojr
Ā
The document discusses strategies and metrics for resilience in computer networks. It proposes a resilience factor to measure a network's ability to withstand targeted attacks. It also proposes two strategies, called PropAdd and PropRew, to improve network resilience by preferentially adding links or rewiring existing links based on centrality metrics. Experimental results on real network topologies confirm the effectiveness of the proposed approach.
Cassandra framework a service oriented distributed multimediaJoĆ£o Gabriel Lima
Ā
This document describes the CASSANDRA framework, a distributed multimedia content analysis system. It uses a service-oriented architecture that allows individual analysis components to be integrated and upgraded easily. The system is modular, self-organizing, and real-time. It can dynamically distribute workloads across available devices. The framework allows for flexible integration of new analysis algorithms and coordination of existing algorithms from different domains.
ITT Project Information Technology BasicMayank Garg
Ā
The document discusses operating system concepts including time sharing systems, file management, file access methods, OS structure, kernels, and monolithic vs microkernels. It provides details on:
1) The main idea of time sharing systems is to allow multiple users to interact with a single computer concurrently using multi-programming and CPU scheduling.
2) File management involves activities like structuring, accessing, naming, sharing and protecting files through operations like create, delete, open, close, read, write, seek, rename and copy.
3) OS structure can use a layered approach with different privilege levels or organize components into layers with each layer building on lower layers.
EXPOSURE AND AVOIDANCE MECHANISM OF BLACK HOLE AND JAMMING ATTACK IN MOBILE A...ijcseit
Ā
Mobile ad hoc network (MANETs) is an infrastructure-less/self-configurable system in which every node
carries on as host or router and every node can participate in the transmission of packets. Because of its
dynamic behaviour such system is more susceptible against various sorts of security threats, for example,
Black hole, Wormhole , Jamming , Sybil, Byzantine attack and so on which may block the transmission of
the system. Black hole attack and Jamming attack is one of them which promote itself has shortest or new
fresh route to the destination while jamming attack which make activity over the system. This paper
introduces the thorough literature study for the Black hole attack and jamming attack of both the attack by
various researchers.
The document discusses the relational model of data for large shared data banks. It introduces the concept of n-ary relations and the universal data sublanguage as an alternative to tree-structured files or network models. The relational model provides independence between data representation and programs/queries by removing ordering, indexing, and access path dependencies from the user's data model. This allows changes to the internal data representation without affecting user activities.
This document provides an overview of Akka fundamentals including:
- The actor model which uses message passing between encapsulated state and behavior units to achieve concurrency
- The Akka actor API for building fault tolerant distributed applications in Scala and Java
- Fault tolerance techniques in Akka like supervision which allows actors to monitor and respond to failures of child actors
- Routing which provides abstractions for distributing messages to multiple receiver actors
At Hootsuite, we've been transitioning from a single monolithic PHP application to a set of scalable Scala-based microservices. To avoid excessive coupling between services, we've implemented an event system using Apache Kafka that allows events to be reliably produced + consumed asynchronously from services as well as data stores.
In this presentation, I talk about:
- Why we chose Kafka
- How we set up our Kafka clusters to be scalable, highly available, and multi-data-center aware.
- How we produce + consume events
- How we ensure that events can be understood by all parts of our system (Some that are implemented in other programming languages like PHP and Python) and how we handle evolving event payload data.
Wireless systems have been under an evolutionary process along the time, in order
to satisfy the demanding user needs of these types of systems. Those needs and inquiries
of wireless markets have grown considerably in a short time. This fast market growth
has pushed companies to employ state of the art technology in order to use and share
trustworthy databases in an instantaneous and imperceptible way for the *nal user.
Ad Hoc mobile networks are being developed and implemented in order to solve and
satisfy the needs and problems of mobile users. This technology can be an actual solution
in which users demands good quality of service (QoS) in their personal communications
and internet devises, according to the current and future market needs.
Code Division Multiple Access (CDMA) seems to be the future wireless interface and,
because of its characteristics, it could play an important role in future communications
systems. Operational characteristics allow CDMA to be considered an adequate access
method for conventional and Ad Hoc networking systems. As a mentioned above, this work
will base its access method on CDMA, where the main limiting factor is the interference,
so here we will characterize the interference and the outage probability for an ad hoc linear
network for di*erent scenarios and di*erent physical conditions.
This document contains slides related to Chapter 3 of the textbook "Distributed Systems: Concepts and Design" covering networking and internetworking concepts. The slides include diagrams of network performance over distance, conceptual layering of protocol software, encapsulation in layered protocols, the OSI reference model layers, examples of protocols for each OSI layer, internetwork layers, routing in wide area networks, routing tables, a routing algorithm pseudocode, examples of network topologies, IP addressing structures, IP packet layout, network address translation, IPv6 improvements, mobile IP routing, and firewall configurations.
The document provides an overview of computer networks and networking concepts. It discusses what a network is, different types of networks including local area networks (LANs), metropolitan area networks (MANs), and wide area networks (WANs). It also describes the Open Systems Interconnection (OSI) model and its seven layers. Finally, it discusses reference models for networking including the OSI model and TCP/IP model, and provides examples of different types of networks.
The document provides an introduction to computer networks. It discusses what a network is, why networks are needed, and how they are classified based on scale, connection method, and relationship. The key types of networks covered are personal area networks, local area networks, campus area networks, metropolitan area networks, wide area networks, and virtual private networks. Basic network hardware components are also introduced.
The document summarizes key concepts about networking and internetworking:
1. It discusses important network performance parameters like latency, data transfer rate, and bandwidth that affect the speed of message transmission.
2. It describes how networks are layered with different protocols at each layer, and how messages are encapsulated as they pass through layers.
3. It explains the basic concepts of internetworking like addressing schemes, routing, and protocols that allow integration of multiple interconnected networks.
4. It provides an overview of TCP/IP layers and protocols, and how messages are encapsulated as they are transmitted over networks.
A DDS-Based Scalable and Reconfigurable Framework for Cyber-Physical Systemsijseajournal
Ā
Cyber-Physical Systems (CPSs) involve the interconnection of heterogeneous computing devices which are
closely integrated with the physical processes under control. Often, these systems are resource-constrained
and require specific features such as the ability to adapt in a timeliness and efficient fashion to dynamic
environments. Also, they must support fault tolerance and avoid single points of failure. This paper
describes a scalable framework for CPSs based on the OMG DDS standard. The proposed solution allows
reconfiguring this kind of systems at run-time and managing efficiently their resources.
The document discusses error detection and correction techniques for improving memory reliability. It introduces decimal matrix code (DMC) which uses decimal integer addition and subtraction to detect errors, providing enhanced memory reliability with lower overhead compared to other codes. DMC divides the data word into a matrix and adds check bits to rows and columns. This allows it to detect and correct multiple bit errors caused by phenomena like cosmic rays, providing reliability for applications like space systems and deep sub-micron technologies vulnerable to soft errors. The document reviews challenges to memory cell reliability from technology scaling and existing error correcting codes, motivating the proposed DMC technique.
HANDLING CROSS-LAYER ATTACKS USING NEIGHBORS MONITORING SCHEME AND SWARM INTE...Editor IJCATR
Ā
The standard MAC protocol widely used for Mobile Adhoc Networks (MANETs) is IEEE 802.11.
When attacks in MAC layer are left as such without paying attention, it could possibly disturb channel access and
consequently may cause wastage of resources in terms of bandwidth and power. In this paper, a swarm based detection
and defense technique is proposed for routing and MAC layer attacks in MANET. Using forward and backward ants,
the technique obtains mean value of nodes between the first received RREQ and RREP packets. Based on this
estimation, the source node decides the node as valid or malicious. Moreover the MAC layer parameters namely
number of neighbors identified by the MAC layer, number of neighbors identified by the routing layer, the number of
recent MAC receptions and the number of recent routing protocol receptions are used to determine the node state. The
source node uses these two node state estimation techniques to construct the reliable path to the destination. This
proposed technique improves the network performance and at the same time prevents attackers intelligently.
The document discusses implementing the Delay Tolerant Networking (DTN) architecture. It describes developing a reference implementation of DTN that serves both as a research platform and deployable system. This posed challenges, as some aspects of the DTN model were underspecified. The document clarifies treatment of mobile nodes and regions in the network model. It represents data mules that transport messages physically as nodes rather than links in the network graph.
This document summarizes various software complexity measures. It discusses code-based complexity measures like Halstead's software metrics and McCabe's cyclomatic complexity measure. It also examines cognitive complexity measures that consider human factors like KLCID, cognitive functional size, and cognitive information complexity. Code-based measures evaluate complexity based on attributes like program size, flow, and module interfaces. Cognitive measures attempt to quantify the effort required for a person to understand software based on inputs, outputs, and internal processing. The document provides definitions and formulas for calculating several complexity metrics and compares their approaches to measuring software complexity.
This document summarizes a research paper that proposes a replica placement scheme called MAXDISJOINT for tree-based routing distributed hash tables (DHTs). MAXDISJOINT aims to create route diversity between replicas to improve routing robustness against node failures or attacks. The paper proves that MAXDISJOINT creates disjoint routes and evaluates its performance using simulations of the Pastry DHT. Simulation results show that with MAXDISJOINT placement, lookups can still succeed with a high probability even when a significant portion of the network is compromised. The paper also explores using a technique called neighbor set routing to further increase route diversity.
Advancements in Complementary Metal Oxide Semiconductor (CMOS) technology have enabled Wireless Sensor Networks (WSN) to gather, process and transport multimedia (MM) data as well and not just limited to handling ordinary scalar data anymore. This new generation of WSN type is called Wireless Multimedia Sensor Networks (WMSNs). Better and yet relatively cheaper sensors ā sensors that are able to sense both scalar data and multimedia data with more advanced functionalities such as being able to handle rather intense computations easily - have sprung up. In this paper, the applications, architectures, challenges and issues faced in the design of WMSNs are explored. Security and privacy issues, over all requirements, proposed and implemented solutions so far, some of the successful achievements and other related works in the field are also highlighted. Open research areas are pointed out and a few solution suggestions to the still persistent problems are made, which, to the best of my knowledge, so far havenāt been explored yet.
CURRENT TRENDS AND FUTURE ASPECTS IN CROSSLAYER DESIGN FOR THE WIRELESS NETWORKScscpconf
Ā
Computer network today are becoming popular day by day in our day to day life. The users are
looking forward to use wireless technologies such as Bluetooth, WLANs based on the IEEE
802.11 Standards etc. that allow them to share information via wireless media. The user can
access the network to communicate with each other anywhere and anytime using the
communication devices. The wireless network has several advantages over the wired technologies like flexibility, mobility, cheaper and faster deployment, easier maintenance and upgrade procedures. Cross-layer design refers to protocol design done by actively exploiting the dependence between the protocol layers to obtain better network performance in terms of throughput, average end to end delay etc.. In this paper, we are providing a survey of different cross-layer proposals for wireless networks taking in account the ongoing research in this hot area. This article brief the readers an overview of cross-layer concept while discussing different cross-layer proposals given by researchers.
Designing Application over mobile environmentMaulik Patel
Ā
This document discusses various paradigms for distributed applications over mobile environments. It begins by introducing abstractions and some key characteristics of distributed systems like inter-process communication and event synchronization. It then covers several common paradigms like publish/subscribe, message passing using point-to-point messaging or message queues, shared spaces, and remote procedure calls. For each paradigm, it discusses concepts like decoupling, message passing, and how they apply to distributed systems and mobility.
Indirect communication allows entities in a distributed system to communicate through an intermediary with no direct coupling. It provides space uncoupling, where senders and receivers do not need to know each other's identities, and time uncoupling, where they can have independent lifetimes. Group communication offers message delivery to all members of a group, with the sender unaware of receiver identities. Publish-subscribe systems allow asynchronous, heterogeneous communication through event notifications, decoupling publishers and subscribers. Message queues also provide asynchronous communication but are more tightly coupled with guaranteed message delivery.
Strategies and Metric for Resilience in Computer Networksdmarinojr
Ā
The document discusses strategies and metrics for resilience in computer networks. It proposes a resilience factor to measure a network's ability to withstand targeted attacks. It also proposes two strategies, called PropAdd and PropRew, to improve network resilience by preferentially adding links or rewiring existing links based on centrality metrics. Experimental results on real network topologies confirm the effectiveness of the proposed approach.
Cassandra framework a service oriented distributed multimediaJoĆ£o Gabriel Lima
Ā
This document describes the CASSANDRA framework, a distributed multimedia content analysis system. It uses a service-oriented architecture that allows individual analysis components to be integrated and upgraded easily. The system is modular, self-organizing, and real-time. It can dynamically distribute workloads across available devices. The framework allows for flexible integration of new analysis algorithms and coordination of existing algorithms from different domains.
ITT Project Information Technology BasicMayank Garg
Ā
The document discusses operating system concepts including time sharing systems, file management, file access methods, OS structure, kernels, and monolithic vs microkernels. It provides details on:
1) The main idea of time sharing systems is to allow multiple users to interact with a single computer concurrently using multi-programming and CPU scheduling.
2) File management involves activities like structuring, accessing, naming, sharing and protecting files through operations like create, delete, open, close, read, write, seek, rename and copy.
3) OS structure can use a layered approach with different privilege levels or organize components into layers with each layer building on lower layers.
EXPOSURE AND AVOIDANCE MECHANISM OF BLACK HOLE AND JAMMING ATTACK IN MOBILE A...ijcseit
Ā
Mobile ad hoc network (MANETs) is an infrastructure-less/self-configurable system in which every node
carries on as host or router and every node can participate in the transmission of packets. Because of its
dynamic behaviour such system is more susceptible against various sorts of security threats, for example,
Black hole, Wormhole , Jamming , Sybil, Byzantine attack and so on which may block the transmission of
the system. Black hole attack and Jamming attack is one of them which promote itself has shortest or new
fresh route to the destination while jamming attack which make activity over the system. This paper
introduces the thorough literature study for the Black hole attack and jamming attack of both the attack by
various researchers.
The document discusses the relational model of data for large shared data banks. It introduces the concept of n-ary relations and the universal data sublanguage as an alternative to tree-structured files or network models. The relational model provides independence between data representation and programs/queries by removing ordering, indexing, and access path dependencies from the user's data model. This allows changes to the internal data representation without affecting user activities.
This document provides an overview of Akka fundamentals including:
- The actor model which uses message passing between encapsulated state and behavior units to achieve concurrency
- The Akka actor API for building fault tolerant distributed applications in Scala and Java
- Fault tolerance techniques in Akka like supervision which allows actors to monitor and respond to failures of child actors
- Routing which provides abstractions for distributing messages to multiple receiver actors
At Hootsuite, we've been transitioning from a single monolithic PHP application to a set of scalable Scala-based microservices. To avoid excessive coupling between services, we've implemented an event system using Apache Kafka that allows events to be reliably produced + consumed asynchronously from services as well as data stores.
In this presentation, I talk about:
- Why we chose Kafka
- How we set up our Kafka clusters to be scalable, highly available, and multi-data-center aware.
- How we produce + consume events
- How we ensure that events can be understood by all parts of our system (Some that are implemented in other programming languages like PHP and Python) and how we handle evolving event payload data.
"'Capture all changes to an application state as a sequence of events' is what Martin Fowler said about Event Sourcing in 2005 and what is the starting point into that topic for this talk.
I will demonstrate how you can store events using Akka Persistence and then distribute them via AWS to be consumed by your other services.
An event based architecture has lots of technical and organisational benefits for your development team. It can be a huge gain for your development process, but can also be difficult to implement as there are lots of challenges.
I will discuss the good as well as the bad things and provide solutions to overcome common pitfalls and aforementioned challenges."
The document discusses implementing domain events with Akka. It introduces domain events and their benefits, such as loose coupling and scalability. It then provides an overview of Akka and how it can be used to build reactive applications. The presentation demonstrates how to model domain events and implement event handling using Akka actors and event buses. Finally, it briefly discusses reactive application principles and examples of systems using this approach.
Message-based communication patterns in distributed Akka applicationsAndrii Lashchenko
Ā
The document discusses various message-based communication patterns in Akka distributed applications, including tell, ask, pipeTo, and composing futures. It provides code examples of actor implementations demonstrating these patterns and how to handle responses, failures, timeouts, and combining multiple futures. The tell pattern is fire-and-forget messaging. The ask pattern uses a future to represent a possible response. PipeTo pipes a future to the original sender. Examples show how to handle successful, failed, and delayed futures through composing and combining them.
Messaging Brokers are intrinsic part of our infrastructure and our experience with HornetQ has not been really great.
We have experienced issues that forced us to perform restarts multiple times a day and sometimes they weren't sufficient to fix the issue and data cleanup was needed resulting in loss of important messages.
Lack of documentation, lack of proper support and lack of stability of HornetQ broker are some of the reasons for looking into new Messaging Brokers.
During this session I will present the path we have taken to Prioritize Features -> Compare Brokers -> Eliminate -> Benchmark and the findings together with recommendations.
This task resulted in implementation of generic messaging broker benchmarking tool in Java, called Benchmark.io which we are intending to open source.
Akka persistence == event sourcing in 30 minutesKonrad Malawski
Ā
Akka 2.3 introduces akka-persistence, a wonderful way of implementing event-sourced applications. Let's give it a shot and see how DDD and Akka are a match made in heaven :-)
The document introduces Akka, an open-source toolkit for building distributed, concurrent applications on the JVM. It provides a programming model called the actor model that makes it easier to build scalable and fault-tolerant systems. Actors process messages asynchronously and avoid shared state, providing a simpler approach to concurrency than traditional threads and locks. Akka allows actors to be distributed across a network, enabling applications to scale out elastically.
Seeing O S Processes To Improve Dependability And Safetyalanocu
Ā
This document proposes and evaluates a sealed process architecture as an alternative to the traditional open process architecture used in most modern operating systems. The key aspects of a sealed process architecture are:
1. Code within a process cannot change once execution begins (fixed code invariant).
2. A process's state cannot be directly accessed by other processes (state isolation invariant).
3. All communication between processes is explicit, with sender and receiver control (explicit communication invariant).
4. The kernel API respects the above invariants and does not allow them to be subverted (closed API invariant).
The document describes an implementation of sealed processes in the Singularity operating system and presents preliminary benchmarks showing competitive performance compared to open
Orleans: Cloud Computing for Everyone - SOCC 2011Jorgen Thelin
Ā
Orleans is a software framework for building reliable, scalable, and elastic cloud applications. Its programming model encourages the use of simple concurrency patterns that are easy to understand and employ correctly. It is based on distributed actor-like components called grains, which are isolated units of state and computation that communicate through asynchronous messages. Within a grain, promises are the mechanism for managing both asynchronous messages and local task-based concurrency. Isolated state and a constrained execution model allow Orleans to persist, migrate, replicate, and reconcile grain state. In addition, Orleans provides lightweight transactions that support a consistent view of state and provide a foundation for automatic error handling and failure recovery.
We implemented several applications in Orleans, varying from a messaging-intensive social networking application to a data- and compute-intensive linear algebra computation. The programming model is a general one, as Orleans allows the communications to evolve dynamically at runtime. Orleans enables a developer to concentrate on application logic, while the Orleans runtime provides scalability, availability, and reliability.
A computer cluster is a group of loosely coupled computers that work together as a single system. Clusters provide improved speed, reliability, and cost effectiveness over single computers. There are three main types of clusters: high availability clusters which provide uninterrupted services if a node fails; load balancing clusters which distribute work across nodes; and parallel processing clusters which break problems into sub-problems to solve simultaneously. The basic components of clusters are nodes, networks, and applications. Clusters provide benefits like high availability, improved performance, and scalability.
Clustercomputingpptl2 120204125126-phpapp01Ankit Soni
Ā
A computer cluster is a group of loosely coupled computers that work together as a single system. Clusters provide improved speed, reliability, and cost effectiveness over single computers. There are three main types of clusters: high availability clusters which provide uninterrupted services if a node fails; load balancing clusters which distribute work across nodes; and parallel processing clusters which solve problems faster through distributed processing. The basic components of clusters are nodes, networks, and applications. Clusters provide benefits like high availability, improved performance, and scalability.
Introduction
Distributed Operating system
Evaluation of distributed computing system
Models
Gaining Popularity
Operating system
Issues in designing DOS
DCE
DCE component
Computer networks
Network types
Lan Technologies
tan technologies
wan technologies
WAN Switching Techniques
Communication Protocols
Protocols for DOS
Internetworking
Interconnection technique
Network management techniques
ATM technologies
Resist Dictionary Attacks Using Password Based Protocols For Authenticated Ke...IJERA Editor
Ā
A parallel file system is a type of distributed file system that distributes file data across multiple servers and
provides for concurrent access by multiple tasks of a parallel application. In many to many communications or
multiple tasks, key establishments are a major problem in parallel file system. So we propose a variety of
authenticated key exchange protocols that are designed to address the above issue. In this paper, we also study
the password-based protocols for authenticated key exchange (AKE) to resist dictionary attacks. Password-based
protocols for authenticated key exchange (AKE) are designed to work to resist the use of passwords drawn from
a space so small that attacker might well specify, off line, all possible passwords. While many such protocols
have been suggested, the elemental theory has been lagging. We commence by interpreting a model for this
problem, to approach password guessing, forward secrecy, server compromise, and loss of session keys.
High Availability of Services in Wide-Area Shared Computing NetworksMƔrio Almeida
Ā
(Check my blog @ http://www.marioalmeida.eu/ )
Highly available distributed systems have been widely used and have proven to be resistant to a wide range of faults. Although these kind of services are easy to access, they require an investment that developers might not always be willing to make. We present an overview of Wide-Area shared computing networks as well as methods to provide high availability of services in such networks. We make some references to highly available systems that are being used and studied at the moment this paper was written (2012).
SBGC provides IEEE projects for students in various domains including Java, J2ME, J2EE, .NET and MATLAB. It offers projects in categories 1) with new ideas/papers and 2) selecting from their project list. They ensure projects are fully implemented and students understand all aspects. SBGC provides latest IEEE projects for students in many engineering and technology fields as well as business and science. It has training and R&D divisions to help students become job ready. Project deliverables include abstracts, papers, materials, presentations, reports, procedures, explanations and certificates.
The document discusses various types of transparency in distributed systems including access transparency, location transparency, concurrency transparency, replication transparency, failure transparency, mobility transparency, performance transparency, scaling transparency, and parallelism transparency. It provides examples for each type of transparency. The document also compares synchronous and asynchronous communication, listing their differences. Finally, it discusses four important goals for building an efficient distributed system: connecting users and resources, transparency, openness, and scalability.
This document describes ADAPTIVE, an object-oriented framework for flexible and adaptive communication protocols. ADAPTIVE aims to address the lack of flexibility in traditional transport systems to support the diverse requirements of multimedia applications and heterogeneous networks. It applies object-oriented design principles to build a framework for protocol specification, composition, prototyping and experimentation. The key components of ADAPTIVE are: (1) MANTTS, which maps application requirements to transport system configurations; (2) TKO, which implements transport sessions using reusable protocol mechanisms; and (3) UNITES, which provides monitoring, evaluation and instrumentation of protocols.
This document summarizes a talk on designing distributed systems. It discusses distributed computing paradigms like microservices and cloud computing. It also covers reactive system principles from the Reactive Manifesto like being responsive, resilient and message-driven. It then explains the actor model used in frameworks like Akka, where actors communicate asynchronously through message passing. It provides examples of using actors for concurrency and fault tolerance.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
Ā
We would send hard copy of Journal by speed post to the address of correspondence author after online publication of paper.
We will dispatched hard copy to the author within 7 days of date of publication
Truly dependable software systems should be built with structuring techniques able to decompose the software complexity without
hiding important hypotheses and assumptions such as those regarding
their target execution environment and the expected fault- and system
models. A judicious assessment of what can be made transparent and
what should be translucent is necessary. This paper discusses a practical
example of a structuring technique built with these principles in mind:
Reflective and refractive variables. We show that our technique offers
an acceptable degree of separation of the design concerns, with limited
code intrusion; at the same time, by construction, it separates but does
not hide the complexity required for managing fault-tolerance. In particular, our technique offers access to collected system-wide information
and the knowledge extracted from that information. This can be used
to devise architectures that minimize the hazard of a mismatch between
dependable software and the target execution environments.
This document provides an introduction to distributed systems including definitions, characteristics, motivation, and models. It discusses key topics such as message passing vs shared memory, synchronous vs asynchronous execution, and challenges in distributed system design. Models of distributed computation and logical time frameworks are also introduced.
This document summarizes the key points of the paper "End-to-End Arguments in System Design". It discusses how the end-to-end principle states that application-specific functions should be implemented in end systems rather than intermediate systems when possible. Examples like file transfers and transaction management are provided. The history and application of these arguments to other areas like operating systems are also covered.
Effectual Routine for Trilateral Authentication in Ad-hoc Networks using Mult...IOSR Journals
Ā
This document proposes a protocol for trilateral authentication in ad-hoc networks using multicast conventions. It introduces a central authority that manages key authentication and certification to increase security and reliability. Nodes are grouped into clusters, each with a cluster head. For similar clusters, authentication uses time asymmetry based on TESLA. For cross-cluster traffic, it uses secret information asymmetry where the source sends packets to cluster heads, which relay to members. Evaluation shows the central authority uses less memory than previous methods and the protocol has higher efficiency.
The document discusses several network configuration protocols:
- NETCONF uses XML and RPC to install, manipulate, and delete configurations on network devices. It operates over SSH.
- YANG is a data modeling language used to define configuration and state data for NETCONF in XML format.
- RESTCONF provides RESTful operations on NETCONF datastores containing YANG data, using HTTP.
The document provides an introduction to distributed systems, including definitions, goals, types, and challenges. It defines a distributed system as a collection of independent computers that appear as a single system to users. Distributed systems aim to share resources and data across multiple computers for availability, reliability, scalability, and performance. There are three main types: distributed computing systems, distributed information systems, and distributed pervasive systems. Developing distributed systems faces challenges around concurrency, security, partial failures, and heterogeneity.
Virtual machines are popular because of their efficiency, ease of use, and flexibility. There has been an increasing demand for the deployment of a robust distributed network for maximizing the performance of such systems and minimizing the infrastructural cost. In this study, we have discussed various levels at which virtualization can be implemented for distributed computing, which can contribute to increased efficiency and performance of distributed computing. The study gives an overview of various types of virtualization techniques and their benefits. For example, server virtualization helps to create multiple server instances from one physical server. Such techniques will decrease the infrastructure costs, make the system more scalable, and help in the full utilization of available resources.
Similar to Language Support For Fast And Reliable Message Based Communication In Singularity O S (20)
The document is a collection of photos and captions describing street children and those living in poverty in various locations around the world, primarily in Brazil. The photos were taken by different photographers and foundations working to help at-risk children and families living in poverty. The captions provide context about the hardships faced by those living in extreme poverty, especially children, in places like Brazil, India, the Philippines, and Rwanda.
This document features a collection of 35 smoke photographs from various photographers. Dry ice was used to create interesting smoke effects in bottles. Other techniques included using lightbulbs, incense, and Photoshop to shape smoke into artistic forms like waves, figures, and symmetrical patterns. Experimenting with the movement and shapes of smoke can produce unexpected and imaginative images.
Cia World Factbook Reference Map Middle Eastalanocu
Ā
This map shows the Middle East region, including countries such as Turkey, Syria, Iraq, Iran, Saudi Arabia, Yemen, Israel, and others. Key geographical features are labeled, such as the Black Sea, Caspian Sea, Persian Gulf, and Red Sea. Major cities throughout the region are also indicated on the map.
The central Balkan region document provides a map showing key cities and rivers in central Balkan countries. The map shows locations in Slovenia, Croatia, Serbia, Hungary, Romania, and Bosnia and Herzegovina. Major rivers depicted include the Drava, Tisza, Danube, Sava, and Mures. Cities labeled on the map include Zagreb, Osijek, Novi Sad, Szeged, Timisoara, and Arad.
Cia World Factbook Reference Map Time Zonesalanocu
Ā
This document outlines the standard time zones of the world. It shows the 24 time zones ranging from -12 to +14, along with place names and time differences noted within many of the zones. The time zones are centered on the 0 line which represents the Greenwich Meridian, with negative numbers to the west and positive to the east.
This document provides a map of Asia showing major geographic features and political boundaries. Key details shown on the map include major cities, islands, seas, mountain ranges, and borders between countries. The map extends from Europe in the west to the Pacific Ocean in the east and from the Arctic Ocean in the north to the Indian Ocean in the south. Country labels and capital cities are included to help identify the different nations.
Cia World Factbook Reference Map North Americaalanocu
Ā
1. The document is a map of North America that shows the physical features and political boundaries of the continent.
2. Major cities, bodies of water, and mountain ranges are labeled on the map, which spans from the Arctic Ocean in the north to Central America in the south.
3. Political boundaries include national borders between countries like the United States, Canada, Mexico, and smaller Central American countries.
This map shows the geographic locations of various islands and island groups in the Oceania region of the world, including:
- Major island countries like Australia, New Zealand, Indonesia, Philippines, Japan.
- Small island nations of the Pacific Ocean like Fiji, Tonga, Samoa, Tuvalu, Marshall Islands and others.
- Unincorporated territories of countries in the region labeled on the map.
Cia World Factbook Reference Map South Americaalanocu
Ā
The document is a map of South America that shows the countries, major cities, rivers, and seas. It displays political boundaries and place names for countries like Colombia, Venezuela, Guyana, Suriname, Brazil, and others. Major geographical features like the Andes Mountains, Amazon River, and Orinoco River are indicated on the map.
The Arctic region document provides a map showing key geographical features of the Arctic. It notes that the Kuril Islands were occupied by the Soviet Union in 1945 and are currently administered by Russia but claimed by Japan. Sakhalin Island faces similar territorial disputes between Russia and Japan.
This document provides an overview of the Singularity project, which aims to build a new operating system and software platform from scratch with a primary goal of dependability. The Singularity system uses software-isolated processes (SIPs) that provide information hiding, failure isolation, and strong interfaces to encapsulate application and system components. SIPs differ from conventional processes by being closed object and code spaces, communicating through typed channels, and having low overhead for creation and communication. The goal of the Singularity system is to demonstrate how new programming languages, compilers, and analysis tools can enable more robust and dependable software architectures.
Cia World Factbook Reference Map United Statesalanocu
Ā
1. The document is a map of the United States showing state boundaries and capital cities.
2. Key features include the contiguous 48 states, Alaska, Hawaii, Washington D.C., and some surrounding international locations.
3. Labels indicate state names, capital cities, and major bodies of water or land features.
Cia World Factbook Reference Map Time Zonesalanocu
Ā
This document displays the standard time zones of the world, with longitude lines indicating the boundaries of each zone. The time zones range from -12 to +14 hours relative to Greenwich Mean Time. Major cities and political borders are labeled on the map to show how time zones correspond with geographic locations around the globe.
The document describes the Singularity project, which aims to redesign operating system architectures and software stacks to improve dependability and trustworthiness. The key architectural features of Singularity systems are software-isolated processes (SIPs) for isolation, contract-based channels for communication between SIPs, and manifest-based programs (MBPs) for verification of system properties. SIPs provide lightweight process isolation through type safety instead of hardware protection. Communication between SIPs occurs via channels defined by message contracts. MBPs specify the code and behavior of processes.
The "Google generation" not so hot at Googling, after allalanocu
Ā
A new UK report on the habits of the "Google Generation" finds that kids born since 1993 aren't quite the Internet super-sleuths they're sometimes made out to be.
This document provides instructions for assembling paper airplane models without images or diagrams. It lists the steps to glue identical parts together, attach the wings and fuselage, insert the tail parts, glue on the engines for the Fokker model, and attach the completed display. The models include a Douglas DC-3, Constellation, and Fokker 100.
1. The document provides assembly instructions for a cardboard skatepark model.
2. The skatepark model includes features like banks, quarterpipes, halfpipes, pyramids, stairs, slopes, and curbs.
3. The instructions explain how to cut out and assemble each part, starting with gluing the bottom pieces to cardboard and then assembling and attaching the other pieces like slopes and stairs to complete the skatepark.
Print the 12 pages with over 100 parts on thick (80 grams) paper and start cutting and glueing and make your own personal Bert. See the end result at http://www.bertsimons.nl/zenphoto/paperworks/clone/
This document provides information about Project Gutenberg, including its goals and operations. It discusses Project Gutenberg's mission to distribute one trillion free ebooks by 2001. It also provides contact information and guidelines for donating or communicating with Project Gutenberg.
Top mailing list providers in the USA.pptxJeremyPeirce1
Ā
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Best practices for project execution and deliveryCLIVE MINCHIN
Ā
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoftās Digital Transformation Framework
McKinseyās Ten Guiding Principles of Digital Transformation
Forresterās Digital Transformation Framework
IDCās Digital Transformation MaturityScape
MITās Digital Transformation Framework
Gartnerās Digital Transformation Framework
Accentureās Digital Strategy & Enterprise Frameworks
Deloitteās Digital Industrial Transformation Framework
Capgeminiās Digital Transformation Framework
PwCās Digital Transformation Framework
Ciscoās Digital Transformation Framework
Cognizantās Digital Transformation Framework
DXC Technologyās Digital Transformation Framework
The BCG Strategy Palette
McKinseyās Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
ā¼ā·āæāŗā»ā·ā½ā·ā¼ā½ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
Part 2 Deep Dive: Navigating the 2024 Slowdownjeffkluth1
Ā
Introduction
The global retail industry has weathered numerous storms, with the financial crisis of 2008 serving as a poignant reminder of the sector's resilience and adaptability. However, as we navigate the complex landscape of 2024, retailers face a unique set of challenges that demand innovative strategies and a fundamental shift in mindset. This white paper contrasts the impact of the 2008 recession on the retail sector with the current headwinds retailers are grappling with, while offering a comprehensive roadmap for success in this new paradigm.
Structural Design Process: Step-by-Step Guide for BuildingsChandresh Chudasama
Ā
The structural design process is explained: Follow our step-by-step guide to understand building design intricacies and ensure structural integrity. Learn how to build wonderful buildings with the help of our detailed information. Learn how to create structures with durability and reliability and also gain insights on ways of managing structures.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
Ā
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Å tancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
Building Your Employer Brand with Social MediaLuanWise
Ā
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement ā helping to position your organization as an employer of choice in today's competitive talent landscape.
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Ā
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
The Genesis of BriansClub.cm Famous Dark WEb PlatformSabaaSudozai
Ā
BriansClub.cm, a famous platform on the dark web, has become one of the most infamous carding marketplaces, specializing in the sale of stolen credit card data.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
Ā
āAfter being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.ā
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...Aleksey Savkin
Ā
The Strategy Implementation System offers a structured approach to translating stakeholder needs into actionable strategies using high-level and low-level scorecards. It involves stakeholder analysis, strategy decomposition, adoption of strategic frameworks like Balanced Scorecard or OKR, and alignment of goals, initiatives, and KPIs.
Key Components:
- Stakeholder Analysis
- Strategy Decomposition
- Adoption of Business Frameworks
- Goal Setting
- Initiatives and Action Plans
- KPIs and Performance Metrics
- Learning and Adaptation
- Alignment and Cascading of Scorecards
Benefits:
- Systematic strategy formulation and execution.
- Framework flexibility and automation.
- Enhanced alignment and strategic focus across the organization.
Digital Marketing with a Focus on Sustainabilitysssourabhsharma
Ā
Digital Marketing best practices including influencer marketing, content creators, and omnichannel marketing for Sustainable Brands at the Sustainable Cosmetics Summit 2024 in New York
How MJ Global Leads the Packaging Industry.pdfMJ Global
Ā
MJ Global's success in staying ahead of the curve in the packaging industry is a testament to its dedication to innovation, sustainability, and customer-centricity. By embracing technological advancements, leading in eco-friendly solutions, collaborating with industry leaders, and adapting to evolving consumer preferences, MJ Global continues to set new standards in the packaging sector.
Navigating the world of forex trading can be challenging, especially for beginners. To help you make an informed decision, we have comprehensively compared the best forex brokers in India for 2024. This article, reviewed by Top Forex Brokers Review, will cover featured award winners, the best forex brokers, featured offers, the best copy trading platforms, the best forex brokers for beginners, the best MetaTrader brokers, and recently updated reviews. We will focus on FP Markets, Black Bull, EightCap, IC Markets, and Octa.
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
Ā
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Understanding User Needs and Satisfying ThemAggregage
Ā
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
ā¢ Introduce a taxonomy for user goals with real world examples
ā¢ Present the Onion Diagram, a tool for contextualizing task-level goals
ā¢ Illustrate how customer journey maps capture activity-level and task-level goals
ā¢ Demonstrate the best approach to selection and prioritization of user-goals to address
ā¢ Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
Authentically Social by Corey Perlman - EO Puerto Rico
Ā
Language Support For Fast And Reliable Message Based Communication In Singularity O S
1. Language Support for Fast and Reliable Message-based
Communication in Singularity OS
Manuel Fahndrich, Mark Aiken, Chris Hawblitzel,
ĀØ
Orion Hodson, Galen Hunt, James R. Larus, and Steven Levi
Microsoft Research
ABSTRACT 1. INTRODUCTION
Message-based communication oļ¬ers the potential beneļ¬ts Process isolation and inter-process communication are among
of providing stronger speciļ¬cation and cleaner separation the central services that operating systems provide. Isola-
between components. Compared with shared-memory in- tion guarantees that a process cannot access or corrupt data
teractions, message passing has the potential disadvantages or code of another process. In addition, isolation provides
of more expensive data exchange (no direct sharing) and clear boundaries for shutting down a process and reclaim-
more complicated programming. ing its recources without cooperation from other processes.
In this paper we report on the language, veriļ¬cation, and Inter-process communication allows processes to exchange
run-time system features that make messages practical as data and signal events.
the sole means of communication between processes in the There is a tension between isolation and communication,
Singularity operating system. We show that using advanced in that the more isolated processes are, the more compli-
programming language and veriļ¬cation techniques, it is pos- cated and potentially expensive it may be for them to com-
sible to provide and enforce strong system-wide invariants municate. For example, if processes are allowed to share
that enable eļ¬cient communication and low-overhead soft- memory (low isolation), they can communicate in appar-
ware-based process isolation. Furthermore, speciļ¬cations on ently simple ways just by writing and reading memory. If,
communication channels help in detecting programmer mis- on the other hand, processes cannot share memory, the op-
takes earlyānamely at compile-timeāthereby reducing the erating system must provide some form of communication
diļ¬culty of the message-based programming model. channels, which typically allow transmission of streams of
The paper describes our communication invariants, the scalar values.
language and veriļ¬cation features that support them, as well In deference to performance considerations, these trade-
as implementation details of the infrastructure. A number oļ¬s are often resolved in the direction of shared memory,
of benchmarks show the competitiveness of this approach. even going as far as to co-locate components within the same
process. Examples of such co-location are device drivers,
browser extensions, and web service plug-ins. Eschewing
Categories and Subject Descriptors process isolation for such components makes it diļ¬cult to
D.4.4 [Operating Systems]: Communications Manage- provide failure isolation and clear resource management.
ment; D.3.3 [Programming Languages]: Language Con- When one component fails, it leaves shared memory in in-
structs and Features consistent or corrupted states that may render the remaining
components inoperable.
At the other end of the spectrum, truly isolated processes
General Terms communicating solely via messages have the advantage of
independent failure, but at the costs of 1) a more compli-
Languages, Performance, Reliability cated programming model (message passing or RPC) and 2)
the overhead of copying data.
This paper describes how we overcome these costs in the
Keywords
Singularity OS [22, 23] through the use of strong system-
channels, asynchronous communication, static checking, wide invariants that are enforced by the compiler and run-
protocols, data ownership time system. The main features of the communication in-
frastructure are:
ā¢ Data is exchanged over bidirectional channels, where
Permission to make digital or hard copies of all or part of this work each channel consists of exactly two endpoints (called
for personal or classroom use is granted without fee provided that Imp and Exp). At any point in time, each channel
copies are not made or distributed for proļ¬t or commercial advantage endpoint is owned by a single thread.
and that copies bear this notice and the full citation on the ļ¬rst page.
To copy otherwise, to republish, to post on servers or to redistribute ā¢ Buļ¬ers and other memory data structures can be trans-
to lists, requires prior speciļ¬c permission and/or a fee.
EuroSysā06, April 18ā21, 2006, Leuven, Belgium. ferred by pointer, rather than by copying. These trans-
Copyright 2006 ACM 1-59593-322-0/06/0004 ..$5.00. fers pass ownership of blocks of memory. Such trans-
2. fers do not permit sharing between the sender and re- 1. Isolation among processes and the kernel is achieved
ceiver since static veriļ¬cation prevents a sender from via the statically veriļ¬ed type safety of the program-
accessing memory it no longer owns. ming language rather than hardware memory protec-
tion. Software based isolation allows all code to run
ā¢ Channel communication is governed by statically ver- in the highest privileged processor mode and in a sin-
iļ¬ed channel contracts that describe messages, mes- gle virtual address space, thereby removing the cost
sage argument types, and valid message interaction of changing VM protections and processor mode on
sequences as ļ¬nite state machines similar to session process transitions.
types [17, 21].
2. The eļ¬cient communication technique described in
ā¢ Channel endpoints can be sent in messages over chan- this paper enables the exchange of data over channels
nels. Thus, the communication network can evolve without copying. Such an approach is hard to make
dynamically. safe in traditional systems not based on type safe lan-
ā¢ Sending and receiving on a channel requires no mem- guages. In our setting, we obtain safety via compile-
ory allocation. time veriļ¬cation guaranteeing that threads only access
memory they own. The static veriļ¬cation of this prop-
ā¢ Sends are non-blocking and non-failing. erty is vital to the integrity of process isolation.
The next section provides context for the present work by 3. All code of a processes is known on startup (no dy-
describing Singularity. Section 2 presents channels and how namic code loading), enabling the compiler to perform
programs use them. Section 3 describes the programming a whole program analysis on each process during com-
model allowing static veriļ¬cation of resource management. pilation to machine code. Global program optimiza-
The implementation of channels is described in Section 4 tions can eliminate many of the costs incurred with
along with some extensions in Section 5. Section 6 discusses high-level object-oriented languages, such as for in-
benchmarks and experience with the system. Finally, Sec- stance crossing many levels of abstraction and object-
tions 7 and 8 discuss related and future work. oriented dispatch. Additionally, since each process has
its own runtime system and garbage collector, pro-
1.1 Singularity cesses do not have to agree on common object layouts
The Singularity project combines the expertise of researchers and GC algorithms. Each process can be compiled
in operating systems, programming language and veriļ¬ca- with the object layout (including the removal of unsed
tion, and advanced compiler and optimization technology ļ¬elds) and GC algorithm best suited to its needs.
to explore novel approaches in architecting operating sys-
The Singularity operating system prototype consists of
tems, services, and applications so as to guarantee a higher
roughly 300K lines of commented Sing# code. It runs on
level of dependability without undue cost.
x86 hardware and contains a number of drivers for network
The increased reliability we are seeking stems in good part
cards, IDE disks, sound and keyboard devices, a TCP/IP
from the following design and architectural decisions:
network stack, and a ļ¬le system. All drivers and services are
1. All code, with the exception of the hardware abstrac- separate processes communicating via channels. Thus, even
tion layer and parts of the trusted runtime, is writ- network packets and disk blocks are transmitted between
ten in an extension of C# called Sing#, a type-safe, drivers, the network stack, and the ļ¬le systems as messages.
object-oriented, and garbage collected language. Sing#
provides support for message-based communication. 2. CHANNELS
Using a type and memory safe language gurantees that A channel is a bi-directional message conduit consisting of
memory cannot be corrupted and that all failures of exactly two endpoints, called the channel peers. A channel is
the code are explicit and manifest as high-level ex- loss-less, messages are delivered in order, and they can only
ceptions (possibly uncaught), not random crashes or be retrieved in the order they were sent. Semantically, each
failures. endpoint has a receive queue, and sending on an endpoint
2. The operating system itself is structured as a micro- enqueues a message on the peerās queue.
kernel in which most services and drivers are separate Channels are described by channel contracts (Section 2.3).
processes communicating with other processes and the The two ends of a channel are not symmetric. We call one
kernel solely via channels. Processes and the kernel endpoint the importing end (Imp) and the other the export-
do not share memory. This promotion of smaller inde- ing end (Exp). They are distinguished at the type level with
pendent components allows for independent failure of types C.Imp and C.Exp respectively, where C is the channel
smaller parts of the system. Failure can be detected contract governing the interaction. The next sections de-
reliably and compensating actions can be taken, for scribe in more detail what data is exchanged through chan-
example restarting of services. nels, how channel contracts govern the conversation on a
channel, and what static properties are enforced by veriļ¬ca-
Implemented naively, these design decisions lead to an inef- tion.
ļ¬cient system due to the high frequency of process boundary
crossings implied by the large number of small isolated com- 2.1 The Exchange Heap
ponents, the cost of copying message data from one process Processes in Singularity maintain independent heaps and
to another, and the overhead imposed by a high-level lan- share no memory with each other. If we are to pass data
guage and garbage collection. Singularity avoids these costs from one process to another, that data cannot come from
using the following techniques: a processā private heap. Instead, we use a separate heap,
3. P1 Pn C++. Section 3 shows why this cannot lead to dangling
pointer accesses or leaks.
Endpoints themselves are represented as pointers to rep
structs in the exchangeable heap so that they can be ex-
changed via messages as well. Section 4 describes in more
ExHeap detail how endpoints are implemented.
2.3 Channel Contracts
Channel contracts in Sing# consist of message declarations
and a set of named protocol states. Message declarations
state the number and types of arguments for each message
and an optional message direction. Each state speciļ¬es the
Figure 1: Process heaps and the exchange heap possible message sequences leading to other states in the
state machine.
We explain channel contracts via a simpliļ¬ed contract for
network device drivers.
called the exchange heap, to hold data that can move be-
tween processes. Figure 1 shows how process heaps and the contract NicDevice {
exchange heap relate. Processes can contain pointers into out message DeviceInfo (...);
their own heap and into the exchange heap. The exchange in message RegisterForEvents(NicEvents.Exp:READY evchan);
in message SetParameters (...);
heap only contains pointers into the exchange heap itself.
out message InvalidParameters (...);
Although all processes can hold pointers into the exchange out message Success();
heap, every block of memory in the exchange heap is owned in message StartIO();
(accessible) by at most one process at any time during the in message Conļ¬gureIO();
execution of the system. Note that it is possible for processes in message PacketForReceive(byte[] in ExHeap pkt);
to have dangling pointers into the exchange heap (pointers out message BadPacketSize(byte[] in ExHeap pkt, int mtu);
in message GetReceivedPacket();
to blocks that the process does not own), but the static
out message ReceivedPacket(NetworkPacketā in ExHeap pkt);
veriļ¬cation will prevent the process from accessing memory out message NoPacket();
through dangling references.
To make the static veriļ¬cation of the single owner prop- state START: one {
erty of blocks in the exhange heap tractable, we actually en- DeviceInfo ! ā IO CONFIGURE BEGIN;
force a stronger property, namely that each block is owned }
by at most one thread at any time. The fact that each block
state IO CONFIGURE BEGIN: one {
in the exchange heap is accessible by a single thread at any RegisterForEvents ? ā
time also provides a useful mutual exclusion guarantee. SetParameters? ā IO CONFIGURE ACK;
}
2.2 Exchangeable Types
Exchangeable types encompass the type of all values that state IO CONFIGURE ACK: one {
InvalidParameters ! ā IO CONFIGURE BEGIN;
can be sent from one process to another. They consist Success ! ā IO CONFIGURED;
of scalars, rep structs (structs of exchangeable types), and }
pointers to exchangeable types. Pointers can either point to
a single exchangeable value or to a vector of values. Below, state IO CONFIGURED: one {
we explain in more detail how these types are declared. StartIO ? ā IO RUNNING;
Conļ¬gureIO? ā IO CONFIGURE BEGIN;
rep struct NetworkPacket { }
byte [] in ExHeap data;
int bytesUsed; state IO RUNNING: one {
} PacketForReceive? ā (Success ! or BadPacketSize!)
ā IO RUNNING;
NetworkPacketā in ExHeap packet; GetReceivedPacket? ā (ReceivedPacket! or NoPacket!)
ā IO RUNNING;
The code above declares a rep struct consisting of two ļ¬elds: ...
data holds a pointer to a vector of bytes in the exchange heap }
}
and bytesUsed is an integer. The type of variable packet spec-
iļ¬es that it holds a pointer into the exchange heap pointing A channel contract is written from the exporting view point
to a NetworkPacket struct. and starts in the ļ¬rst listed state. Message sequences consist
Allocation in the exchange heap takes the following forms: of a message tag and a message direction sign (! for Exp to
byte [] in ExHeap vec = new[ExHeap] byte[512];
Imp), and (? for Imp to Exp). The message direction signs
are not necessary if message declarations already contain
NetworkPacketā in ExHeap pkt = new[ExHeap] NetworkPacket(...); a direction ( in ,out), but the signs make the state machine
more human-readable.
The syntax for new is retained from C#, but the ExHeap In our example, the ļ¬rst state is START and the net-
modiļ¬er makes it clear that the allocation is to be perfomed work device driver starts the conversation by sending the
in the exchange heap. Blocks in the exchangeable heap are client (probably the netstack) information about the device
deleted explicitly via the statement delete ptr , modeled after via message DeviceInfo . After that the conversation is in
4. rep struct Imp {
void SendAckEvent();
NicDevice
Imp Exp void RecvNicEvent(out NicEventType eventType);
NetStack NIC Driver }
NicEvents
Imp Exp rep struct Exp {
void SendNicEvent(NicEventType eventType);
void RecvAckEvent();
}
Figure 2: Channels between network driver and netstack
Listing 1: Methods on endpoints
the IO CONFIGURE BEGIN state, where the client must send
message RegisterForEvents to register another channel for re- code is used:
ceiving events and set various parameters in order to get C.Imp imp;
the conversation into the IO CONFIGURED state. If some- C.Exp exp;
thing goes wrong during the parameter setting, the driver C.NewChannel(out imp, out exp);
can force the client to start the conļ¬guration again by send-
ing message InvalidParameters . Once the conversation is in Two variables imp and exp of the corresponding endpoint
the IO CONFIGURED state, the client can either start IO types are declared. These variables are then initialized via
(by sending StartIO ), or reconļ¬gure the driver (Conļ¬gureIO). a call to C.NewChannel which creates the new channel and
If IO is started, the conversation is in state IO RUNNING. returns the endpoints by initializing the out parameters.1
In state IO RUNNING, the client provides the driver with Endpoint types contain method deļ¬nitions for sending
packet buļ¬ers to be used for incoming packets (message and receiving messages described in the contract. For ex-
PacketForReceive ). The driver may respond with BadPacketSize, ample, the endpoints of the NicEvents contract contain the
returning the buļ¬er and indicating the size expected. This method declarations shown in Listing 1. The semantics of
way, the client can provide the driver with a number of these methods is as follows. Send methods never block and
buļ¬ers for incoming packets. The client can ask for packets only fail if the endpoint is in a state in the conversation
with received data through message GetReceivedPacket and where the message cannot be sent. Receive operations check
the driver either returns such a packet via ReceivedPacket or that the expected message is at the head of the queue and
states that there are no more packets with data (NoPacket). if so, return the associated data. If the queue is empty, re-
Similar message sequences are present for transmitting pack- ceives block until a message has arrived. If the message at
ets, but we elide them in the example. the head of the queue is not the expected message or the
From the channel contract it appears that the client polls channel is closed by the peer, the receive fails.
the driver to retrieve packets. However, we havenāt ex- As is apparent from these declarations, there is no need
plained the argument of message RegisterForEvents yet. The to allocate a message object and ļ¬ll it with the message
argument of type NicEvents.Exp:READY describes an Exp chan- data. Only the message arguments are actually transmitted
nel endpoint of contract NicEvents in state READY. This end- along with a tag identifying the message. The sender and
point argument establishes a second channel between the receiver only manipulate the message arguments, never an
client and the network driver over which the driver notiļ¬es entire message. This property is desirable, for it avoids the
the client of important events (such as the beginning of a possibility of failure on sends. Furthermore, as we discuss
burst of packet arrivals). The client retrieves packets when in Section 2.6, it simpliļ¬es the implementation.
it is ready through the NicDevice channel. Figure 2 shows the Direct calls to the receive methods are not useful in gen-
conļ¬guration of channels between the client and the network eral, since a program has to be ready to receive one of a num-
driver. The NicEvents contract is shown below. ber of possible messages. Sing# provides the switch receive
statement for this purpose. Hereās an example of using the
contract NicEvents { NicDevice channel endpoint in the server:
enum NicEventType {
NoEvent, ReceiveEvent, TransmitEvent, LinkEvent NicDevice.Exp:IO RUNNING nicClient ...
}
switch receive {
out message NicEvent(NicEventType eventType); case nicClient .PacketForReceive(buf ):
in message AckEvent(); // add buf to the available buļ¬ers , reply
...
state READY: one {
NicEvent! ā AckEvent? āREADY; case nicClient .GetReceivedPacket():
} // send back a buļ¬er with packet data if available
} ...
So far we have seen how channel contracts specify messages case nicClient .ChannelClosed():
and a ļ¬nite state machine describing the protocol between // client closed channel
the Imp and Exp endpoints of the channel. The next section ...
}
describes how programs use channels.
1
In C# an out parameter is like a C++ by-ref parameter,
2.4 Channel Operations but with the guarantee that it will be initialized on all nor-
To create a new channel supporting contract C, the following mal code paths.
5. In general, each case can consist of a conjunction of patterns message. As we will describe in Section 4, this rule allows us
of the form to layout all necessary buļ¬ers in the endpoints themselves
and pre-allocate them as the endpoints are allocated. Al-
patternāconjunction :ā pattern [ && patternāconjunction ] though the rule seems restrictive, we have not yet seen a
| unsatisļ¬able
pattern :ā var .M(id ,...)
need to relax this rule in practice.
The second property enforced on channels is that they
A pattern describes a message M to be received on an end- transfer only values of exchangeable types. Allowing a refer-
point in variable var and a sequence of identiļ¬ers id ,... that ence to an object in the GCāed heap to be transferred would
will be bound to the message arguments in the case body. violate the property that no processes contain pointers into
A pattern is satisifed if the expected message is at the any other processes heap. Thus, enforcing this property
head of the endpointās receive queue. The execution of a statically is vital to the integrity of processes.
switch receive statement proceeds as follows. Each case is The third and ļ¬nal send-state property concerns end-
examined in order and the ļ¬rst case for which all pattern points transferred in messages. Such endpoints must be
conjuncts are satisļ¬ed executes. The messages of the match- in a state of the conversation where the next operation is
ing case are removed from the corresponding endpoints and a send on the transferred endpoint, rather than a receive.
the message arguments are bound to the identiļ¬ers before This property is motivated by implementation considera-
execution continues with the case block. Blocks must end tions. As we will discuss in Section 4, each block in the
in a control transfer, typically a break. exchange heap (thus each endpoint) contains a header indi-
If no case is satisļ¬ed, but some cases could be satisļ¬ed cating which process owns it at the moment. In order for
if more messages arrive, the switch receive will block until send operations to update this information correctly, one has
the arrival of new messages. If on the other hand, none of to avoid the following scenario: process A sends endpoint e
the cases could be satisļ¬ed by more message arrivals, the to process B. Before it has transferred eās ownership to B,
switch receive continues with the unsatisļ¬able block. process C, holding the peer f of e tries to send a block m
on f . C ļ¬nds that the peer is owned by A. After that, A
2.5 Channel Closure transfers e to B, but C still thinks it needs to make A the
Channels are the only ties between processes and thus act owner of m, whereas B should be the owner.
as the unique failure points between them. We adopted the This scenario is essentially a race condition that could be
design that channel endpoints can be closed at any time, attacked using various locking schemes. But such locking
either because a process explicitly closes an endpoint via would involve multiple channels, is likely to cause contention
delete ep, or because the process terminates (normally or
and is diļ¬cult to implement without deadlocks. The send-
abruptly) and the kernel reclaims the endpoint. Each end- state property rules out this race statically and allows for a
point is closed independently but a channelās memory is re- simple lock-free implementation of transfers.
claimed only when both ends have been closed.
This independent closure of endpoints makes it easier to
provide a clean failure semantics and a single point where 3. RESOURCE VERIFICATION
programs determine if a channel peer has closed its endpoint. One of the goals for the Singularity project is to write code in
As we mentioned above, sends to endpoints never fail if the a high-level garbage-collected language, thereby ruling out
endpoint is in the correct state in the conversation, even if errors such as referencing memory through dangling point-
the peer endpoint is already closed. However, on receives a ers. However, garbage collection is local to a process and
special message ChannelClosed appears in the receive queue ownership of memory blocks transferred through channels
once all preceeding messages have been received and the requires the reintroduction of explicit memory management
peer has closed its end. Once an endpoint has been closed, into the language.
the compiler veriļ¬es that no more sends or receives can be Consider the operation ep.SendPacketForReceive(ptr) from
performed on that endpoint. The ChannelClosed messages are the NicDevice contract. The ptr argument points to a vector
implicit in the channel contracts. in the exchange heap (type byte [] in ExHeap). After the send
operation, the sending process can no longer access this byte
2.6 Channel Properties vector. From the senderās perspective, sending the vector is
A main requirement of the channel implementation for Sin- no diļ¬erent than calling delete on the vector. In both cases,
gularity is that sends and receives perform no memory al- the value of ptr constitutes a dangling reference after these
location. The requirement has three motivations: 1) since operations.
channels are ubiquitous and even low-level parts of the ker- Avoiding errors caused by manual memory management
nels use channels, we must be able to send and receive in in C/C++ programs is a long standing problem. Thus, it
out-of-memory situations, and 2) if memory allocation oc- would appear that adopting an ownership transfer model
curred on sends, programs would have to handle out of mem- for message data would set us back in our quest for more
ory situations at each send operation, which is onerous, and reliable systems.
3) make message transfers as eļ¬cient as possible. Fortunately, the programming language community has
In order to achieve this no-allocation semantics of chan- made important progress in statically verifying explicit re-
nel operations, we enforce a ļ¬niteness property on the queue source management in restricted contexts [10, 12, 32]. The
size of each channel. The rule we have adopted, and which is rules described in this section for handling blocks in the
enforced by Sing#, is that each cycle in the state transitions exchange heap allow a compiler to statically verify that 1)
of a contract C contains at least one receive and one send processes only access memory they own, 2) processes never
action. This simple rule guarantees that no end can send leak a block of memory, and 3) send and receive operations
an unbounded amount of data without having to wait for a on channels are never applied in the wrong protocol state.
6. 3.1 Tracked Data With these insights, it is simple to track the status of each
In order to make the static veriļ¬cation of block ownership pointer value at each program point of the method, via a
tractable, we segregate data on the GC heap from data on data-ļ¬ow analysis, to determine whether a pointer is deļ¬-
the exchange heap. This segregation is explicit at the type nitely owned. A complication is that the analysis must keep
level, where pointers into the exchange heap always have track of local aliases. This issue can be dealt with using alias
the form Rā in ExHeap or R [] in ExHeap. Any other type is types [34, 15] and we wonāt comment on it further. Below
either a scalar or must live in the GC heap. We use the term is a well-typed example.
tracked pointer to refer to pointers (including vectors) to the
1 static void Main() {
exchange heap because the veriļ¬cation tracks ownership of 2 int [] in ExHeap vec = GetVector();
such pointers precisely at compile time. Pointers into the 3 for ( int i =0; i<vec.Length; i++) { vec[i] = i ; }
GCāed heap need not be tracked generally, since the lack of 4 Reverse(vec );
explicit freeing and presence of garbage collection guarantee 5 Consume(vec);
memory safety for those objects. 6 }
7
In the following sections, we ļ¬rst present a very restricted,
8 static int [] in ExHeap GetVector() {
but simple method of tracking ownership, and then gradu- 9 int [] in ExHeap vec = new[ExHeap] int[512];
ally relax it to allow more programming idioms to be ex- 10 return vec;
pressed and veriļ¬ed. 11 }
12
3.1.1 Basic tracking 13 static void Reverse( int [] in ExHeap vec) {
14 for ( int i =0; i<(vec.Length+1)/2; i++) {
The simplest form of ownership tracking restricts tracked 15 int peer = vec.Lengthā1āi;
pointers to appear only on the stack (i.e., as method pa- 16 int tmp = vec[i ];
rameters, return values, and local variables). The com- 17 vec[ i ] = vec[peer ];
piler simply rejects tracked pointer types in any other po- 18 vec[peer] = tmp;
sition. With these restrictions, GCāed objects never point 19 }
to tracked blocks, and tracked blocks themselves only con- 20 }
21
tain scalars. Now it is fairly easy to classify which pointers 22 static void Consume([Claims] int [] in ExHeap vec) {
are owned within the context of a method by considering 23 delete vec;
how ownership is acquired and is lost. There are three ways 24 }
ownership of a tracked block is acquired by a method:
Letās consider the ownership information inferred by the ver-
1. A pointer to the block is passed in as a parameter iļ¬cation at each program point of the above program. At
line 1 no blocks are owned since Main has no parameters. Af-
2. A pointer to the block is the result of a method call ter line 2, the method owns the block pointed to by vec (case
2 of acquiring ownership). On line 3, the checker can cor-
3. A pointer to the block is the result of new operation rectly verify that the method owns the vector being indexed.
At line 4, we check that the method owns the argument to
Similarly, there are three ways a method can lose ownership
the call, since that is what the method Reverse assumes of its
of a tracked block:
parameter. This check passes. After the call to Reverse, the
1. A pointer to the block is passed as an actual parameter method still owns the block pointed to by vec, since Reverse
in a call only took temporary ownership of its parameter. Thus at
line 5, we can verify that the method owns the argument
2. A pointer to the block is a result of the method to Consume. Since the parameter of Consume is claimed, the
method does not own any more blocks at line 6. We have
3. A pointer to the block is the argument to delete reached the return point of the method without any owned
blocks and can thus conclude that Main does not leak any
Letās look more closely at how ownership of blocks is trans- blocks.
ferred from a caller to a callee. There are two common cases Method GetVector starts out without any owned blocks
when passing a tracked pointer to a method: (it has no tracked parameters). After line 9, the method
owns the newly allocated block pointed to by vec (case 3 of
ā¢ The ownership of the block pointed to by the parame- acquiring ownership). At line 10, ownership of this block is
ter is passed to the callee temporarily, i.e., upon re- consumed by virtue of returning it from the method (case 2
turn, ownership reverts back to the caller. In the of consumption). After that, no more blocks are owned and
classiļ¬cation above, we consider that as two transfers: thus no leaks are present.
from caller to callee as a parameter, and then as an The reasoning for Reverse is very simple. On entry, the
implicit result from callee to caller upon return. We method owns the block pointed to by vec. We can thus
consider this the default case for method parameters verify that all index operations act on an owned vector in
(including this ). lines 14ā18. At the return of Reverse, the method must still
own the block that was pointed to by vec on entry (since
ā¢ The ownership of the block pointed to by the parame- it is obliged to return ownership to the caller). It does, so
ter is passed to the callee permanently (e.g., arguments ownership is reclaimed, leaving the method with no more
to Send methods). We say that ownership of such pa- owned blocks and thus proving that Reverse does not leak.
rameters is claimed and use the annotation [Claims] on Finally, on entry, method Consume owns the block pointed
such parameters. to by parameter vec. The delete correctly operates on an
7. owned block at line 23 and consumes ownership (case 3 of The semantics of a TCell is it can be either full (containing a
consuming ownership). The method ends without any out- tracked pointer) or empty. On construction, a cell consumes
standing blocks and thus has no leaks. the argument pointer and thus starts out as full. An Acquire
To illustrate the kinds of errors that the veriļ¬cation will operation blocks until the cell is full and then returns the
detect, suppose that the Main method calls Consume and tracked pointer, leaving the cell empty. A Release blocks
Reverse in opposite order: until the cell is empty and then stores the argument pointer
in the cell, leaving it full. TCells can thus be used to pass
4 Consume(vec);
5 Reverse(vec );
ownership of a tracked block from one thread to another
within the same process.
The Sing# compiler emits the following error on that code. As mentioned above, static veriļ¬cation of memory man-
agement is turned into dynamic checking by a TCell. For ex-
(5,11): error CS6084: Accessing dangling reference ample, if a thread tries to acquire a cell twice and no other
āTest.GetVector.returnValueā thread ever releases into the cell, then the thread blocks for-
The call to Consume consumes ownership of the block (since ever. Furthermore, TCells rely on the GC ļ¬nalizer to delete
the formal parameter is annotated with [Claims] ) and thus at the contained block if the cell becomes unreachable.
the call to Reverse, the veriļ¬cation fails, since the argument 3.1.3 Tracked structs
pointer does not point to an owned block.
As another potential error, suppose we omit line 23 which So far we only have pointers from the stack and special cells
deletes the vector in the Consume method. Sing# emits the into the exchange heap. But it is useful for pointers to link
following error in that case. from the exchange heap to other blocks in the exchange
heap as well. For example, the struct NetworkPacket used
(24,1): error CS6095: Leaking owned reference āvecā in the NicDevice contract contains a byte vector in a ļ¬eld.
To verify code involving such ļ¬elds we restrict how these
To complete our discussion of the basic ownership checking,
ļ¬elds are accessed: to access ļ¬elds of tracked structs, the
we need to address aliasing. If a method takes more than
struct must be exposed using an expose statement as in the
one tracked pointer, the assumption is that the pointers are
following example.
distinct. The veriļ¬cation checks each call site to make sure
no aliasing of parameters arises. 1 void DoubleBuļ¬erSize(NetworkPacketā in ExHeap pkt) {
Also, ref and out parameters are handled in the obvious 2 expose(pkt) {
way. A ref parameter of tracked type requires ownership 3 byte [] in ExHeap old = pktādata;
4 pktādata = new[ExHeap] byte[old.Lengthā2];
of the contents of the ref parameter on entry and returns
5 delete old ;
ownership of the ptr in the ref parameter on exit of the 6 }
method. For out parameters, no ownership transfer occurs 7 }
on entry.
In practice, the veriļ¬cation needs to handle null specially, In order to check this construct, the veriļ¬cation must track
since no memory and thus no ownership is associated with whether tracked structs are exposed or unexposed. An un-
such pointers. We use a āmust-be-nullā analysis before check- exposed struct pointer satisļ¬es the invariant that it owns
ing ownership in order to handle idioms such as: all memory blocks it points to. When the struct is ex-
posed, ownership of the pointed-to blocks is transferred to
1 void Consume([Claims] Tā in ExHeap ptr) {
2 if ( ptr != null ) {
the method context doing the expose. At the end of the
3 delete ptr ; expose block, ownership of the current pointers in the ļ¬elds
4 } of the exposed struct is transferred from the method to the
5 } struct.
Thus, in the example above, at line 2, the method owns
The analysis needs to know that ptr is null on the control the block pointed to by pkt and it is unexposed. After line
ļ¬ow edge that skips the conditional block. This knowledge 2, the same block is now exposed and the method also owns
lets us determine at the merge point after the conditional the block pointed to by pktādata. After line 3, the method
(line 4) that no more resources are held. still owns the same blocks, but old points to the same block
as pktādata. After line 4, the method owns three blocks
3.1.2 Tracked pointers in the GC heap
pointed to by old , pkt, and pktādata. After line 5, ownership
The basic tracking is suļ¬cient if all tracked pointers live on of old is consumed. At line 6, we unexpose the struct pointed
the stack. However, there are situations, in which one needs to by pkt which consumes the contained pointer pktādata.
to escape the static checking of ownership or truly share Thus, at line 7, the method owns only the block pointed to
some endpoint or other block in the exchange heap among by pkt, and its status is unexposed. Since ownerhips of this
multiple threads in the same process. To this end, Sing# block passes back to the caller at this point, we managed to
provides a predeļ¬ned class TCell<T> that is a GC wrapper verify this method. If the delete statement were omitted, the
for a tracked pointer. A TCell turns static veriļ¬cation of checker would complain that the old byte vector is leaking.
memory management into dynamic checking. Its interface
is as follows: 3.2 Vectors of tracked data
class TCell<T> { The ļ¬nal extension we present here is supporting vectors of
TCell ([ Claims ] Tā in ExHeap ptr); tracked data. The problem in this setting is that the veriļ¬er
Tā in ExHeap Acquire(); cannot track the ownership status of an unbounded number
void Release ([ Claims ] Tā in ExHeap ptr); of elements in a vector. Thus, we restrict access to the vector
} to one element at a time, requiring an expose of the vector
8. element in the same way as we exposed an entire struct. P Q
Below is an example showing the manipulation of a vector imp exp
of network packets, using the previously deļ¬ned method to
double the buļ¬er in each packet.
void DoubleAll(NetworkPacketā[] in ExHeap vec) { ExHeap
for ( int i =0; i<vec.Length; i++) {
expose(&vec[i ]) { C.Exp* peer; C.Imp* peer;
DoubleBuļ¬erSize(vec[ i ]); WH waithandle; WH waithandle;
} int state; int state;
} int Tag0; int Tag0;
} C.M Msg_M0; C.E Msg_E0;
C.N Msg_N0; C.F Msg_F0;
Note that expose always acts on the slot of the vector, not
the content of the slot. The invariant of a vector is that if Figure 3: Channel representation in memory
the vector has no exposed slot, all the contents of all slots
is owned. When exposing a slot, ownership of that slotās
contents is transferred to the method, which can then act
on it. On exit of the expose block, the ownership of the slotās 4. IMPLEMENTATION
contents is transferred back to the vector in order to satisfy This section describes the runtime data and code represen-
its invariant. tation for channels and switch receive statements.
3.2.1 Discussion
4.1 Channel representation
The expose blocks shown in the previous sections have no
impact on the generated code or the instructions executed Channel endpoints are represented as rep structs in the ex-
at runtime. The exposing and unexposing of vectors and change heap. Each endpoint struct has a general part man-
structs are only hints for the static analysis on how to prove aged by the kernel and a contract-speciļ¬c part. The kernel
the code safe. All checking of ownership invariants is per- managed part contains a pointer to the channel peer, a spe-
formed statically at compile time. The only runtime opera- cial waithandle for signalling message arrival, and a boolean
tions in conjunction with ownership are acquires and releases indicating whether this end of the channel has been closed.
of TCells . A channel contract C is compiled into two rep structs C.Exp
As mentioned earlier, channel endpoints are just point- and C.Imp. Besides the kernel managed part, these structs
ers into the exchange heap and are thus tracked like other contain a numeric ļ¬eld capturing the current protocol state
blocks in the exchage heap. Additionally, the veriļ¬er stat- of the endpoint, tag ļ¬elds, and message argument buļ¬ers.
ically tracks the protocol state of each endpoint. This is Figure 3 shows a channel in memory.
again a relatively simple matter if we specify the protocol The messages and protocol states of a channel (including
state of each endpoint whenever a message acquires own- implicit intermediate states in message sequences) are as-
ership of them. Thus, we require endpoint arguments and signed numeric values. Then we compute maps C QI Exp and
C QI Imp mapping protocol states to a queue index, thereby
results of methods to specify the protocol state of the end-
point. Similarly, message declarations must specify the state capturing how many messages are (maximally) waiting to
of endpoints they transport and TCells specify the state of be received at that protocol state. The queue index is com-
the endpoints they encapsulate. puted by examining the protocol state machine and noting
The veriļ¬er computes for each program point and each the maximal number of message receipts since the last send
owned endpoint the possible protocol states of the endpoint. in the state machine.
At Send calls, the veriļ¬er checks that the endpoint is in a For each queue index i, the endpoint contains a tag ļ¬eld
Tagi . The tag ļ¬elds describe whether messages are present in
state where the message can be sent. At Select calls, the
veriļ¬er determines if the cases are exhaustive, i.e., whether the queue as follows: if a C.Exp endpoint is in protocol state
there is a case for every message combination on the end- X and C QI Exp(X) = i, we can determine whether a message
points. has arrived on it by examining ļ¬eld Tagi . If the ļ¬eld is 0,
In summary, the static tracking ensures the following system- no message is ready. Otherwise, the ļ¬eld value indicates the
wide invariants: message tag that is present. Thus, if we are to send message
m in state X on endpoint C.Imp, the sending code uses the
ā¢ Each block in the exchange heap has at most one own- queue index C QI Exp(X) = i for the peer endpoint, and then
ing thread at any point in time. stores the message tag for m in the peerās Tagi ļ¬eld. After
storing the tag, the sender signals the waithandle on the peer.
ā¢ Blocks in the exchange heap are only accessed by their The reasoning in the other direction is symmetric.
owner. (thus no access after free or transfer of owner- The message data is handled similarly to the message
ship) tag. The compiler emits a struct type C.M for each mes-
sage m whose ļ¬elds are the message arguments. For each
ā¢ A block not owned by a thread is owned by a TCell queue index i in an endpoint, if message m could be re-
and thus eļ¬ectively by the garbage collectorās ļ¬nalizer ceived in a state mapping to i, we add a message buļ¬er
thread. ļ¬eld Msg Mi in the endpoint structure. Sending message
m now involves also storing the message arguments in the
ā¢ The sequence of messages observed on channels corre- peers Msg Mi ļ¬eld, prior to setting the message tag Tagi .
spond to the channel contract. On multi-processors/cores, a memory barrier is needed af-
9. ter storing the message arguments and prior to setting the point. The entryās value is the tag for message m. Each row
message tag. thus indicates which messages must be received on which
endpoints for that case to be enabled. Given this pattern
4.2 Channel teardown matrix, the compiler compiles the switch receive statement
As is apparent from Figure 3, channel endpoints are partially into the following schematic code:
shared, since the sender needs to access the peer endpoint
Endpoint ā[] endpoints = new Endpointā[]{ep1 ,..., epn};
to store message tags and message arguments, as well as int enabled case = Endpoint.Select(pattern , endpoints );
to signal the waithandle . In fact, the cross-linked endpoint switch ( enabled case ) {
structure forming a channel is the sole mechanism for trans- case 0:
fering information from one process to another. // declare locals for bound message arguments
In order to implement the desired failure semantics where // receive messages for case 0 on endpoints
...
sends can occur as long as the sending endpoint is not closed,
break;
we need to keep the channel data structure alive as long
as there is at least one of the two parties still using the case 1:
channel. We thus reference-count the endpoint structures. // declare locals for bound message arguments
The ref-count starts at 2 for both ends, since there are ex- // receive messages for case 1 on endpoints
actly two references from the user processes, one to each ...
break;
endpoint, and one reference from each endpoint to its peer.
The reference count never goes beyond two. When one side ...
deletes an endpoint, we decrement its reference count and }
also that of its peer. When the reference count of an end-
point drops to 0, its memory and the associated waithandle To make this more concrete, letās see how the following ex-
are reclaimed. This scheme makes has the advantage that ample is compiled:
beyond the atomic decrement, no thread synchronization is
needed during sends/receives or tear-down. switch receive {
case a.M(int x) && b.Q(char[] in ExHeap vec):
block0
4.3 Block accounting
Normally terminating processes are guaranteed to free all ex- case b.R(int y ):
change heap memory owned by the process by virtue of the block1
static veriļ¬cation that accounts for every block manipulated
case a.ChannelClosed():
and thus prevents such blocks from leaking. However, a sys- block2
tem needs to be able to shutdown a process abruptly without
letting the process clean up. Thus, in order to reclaim the case b.ChannelClosed():
blocks in the exchange heap that the process owned at the block3
moment of its abrupt demise, the system must be able to }
ļ¬nd these blocks.
Our implementation uses a short header per block in the The patterns mention 2 endpoints a and b. Assuming the
exchange heap containing its size and the owning process id. compiler numbers them in that order, the pattern matrix
The size is used for vector operations in determining how for the switch is:
many elements are in the vector. The owning process id a b
is maintained by channel send operations as follows: When case 0 M tag Q tag
sending on an endpoint e, we determine the owning pro- case 1 0 R tag
cess pid of the peer f of e. Note that there is no race in case 2 -1 0
determining the receivers pid , since the invariant discussed case 3 0 -1
in Section 2.6 guarantees that an endpoint that is about
to receive cannot be sent itself and thus its owning process The special ChannelClosed patterns are given tag -1. The code
cannot change. Once the receiverās identity is known, the generated is shown in Listing 2. On line 1, we construct
sending thread changes the owning process id of all mes- an array containing the endpoints involved in the pattern.2
sage arguments recursively. This traversal code is generated Then we call a static method Select , passing the pattern ma-
automatically by the compiler. trix and the endpoint array. This call will block until either
Additionally, the memory manager for exchange heap blocks a case is satisļ¬ed, returning the case number, or until it de-
keeps a list of all used blocks. The list is traversed by a termines that none of the cases can be satisļ¬ed, returning -1.
background clean-up thread to reclaim blocks owned by non- Note that the RecvX calls on lines 7,8, and 13 will not block,
existant processes. since the Select call will only return that case if the neces-
sary messages are present at the head of the corresponding
4.4 Switch receive endpoints.
For each switch receive statement, the compiler generates a The implementation of Select is relatively simple. For
static 2-dimensional integer array representing the message each row of the pattern matrix, it queries each endpoint for
patterns that make up the cases. The matrix has k rows and which there is a non-null entry in the row for the status of
n columns, where k is the number of cases in the switch, and the endpoint. The endpoint returns either the tag of the ļ¬rst
n is the number of distinct endpoints used overall the cases. 2
Our implementation avoids the allocation by reusing a
The matrix contains a non-zero entry in position (i, j), if the thread-local array after the ļ¬rst switch receive of a given
ith case contains a pattern for message m on the jth end- size.
10. 1 Endpoint ā[] endpoints = new Endpointā[]{a,b}; Kiwi Barnowl
2 int enabled case = Endpoint.Select(pattern , endpoints ); C C
3 switch ( enabled case ) { P proxyQ proxyP Q
4 case 0:
5 int x;
6 char [] in ExHeap vec;
NetStack NetStack
7 a.RecvM(out x);
8 b.RecvQ(out vec);
9 block0
10 NIC NIC
11 case 1:
12 int y;
13 b.RecvR(out y);
14 block1 Figure 4: Cross machine channel via TCP proxy
15
16 case 2:
17 block2 endpoints, and use these sets in switch receive statements to
18 wait for messages on any of the endpoint in a set. When an
19 case 3: endpoint has a matching message, the endpoint is removed
20 block3 from the set and bound in the case branch.
21
Endpoint maps are similar to sets, but associate arbitrary
22 default :
23 throw new Exception(ā Unsatisļ¬able switch receive ā ); data with each endpoint in the set.
24 }
5.2 Channel contract hierarchies
Listing 2: Generated code for switch receive Channel contracts can form hierarchies such that a contract
can extend another contract by adding more message se-
message, or -1 if there is no message and the peer endpoint quences than the parent contract. In order for this to be
is closed, or 0, if there is no message and the peer endpoint sound, restrictions must be in place for when such exten-
is not closed. Given this information, Select can determine if sions are allowed and how the corresponding types of end-
a case is satisļ¬ed and whether the case can still be satisļ¬ed points can be cast to each other. A formal study of channel
by the arrival of new messages. contract inheritance is the topic of an upcoming paper.
If no case is satisļ¬ed, but some cases are still satisļ¬able in 5.3 Process local channels
the future, Select waits on the waithandles of all endpoints
involved in the switch. When woken due to a new message The channel implementation described does not require the
arrival or channel closure, the patterns are scanned again.3 two channel endpoints to be in diļ¬erent processes. The
Note that the implementation uses no locking or other channels work just as well between threads of the same pro-
synchronization beyond the signalling of new messages via cess. If such intra-process channels are declared as such,
the waithandles. This lock-free implementation is again en- they can support a wider range of exchangeable types, since
abled by the global invariants provided by our ownership GCāed objects could be safely transmitted over such chan-
model: only a single thread can use a given endpoint in a nels.
switch receive at any time. Thus, we are guaranteed that 5.4 Cross machine channels
when Select determines a case is satisļ¬able, the state of
its endpoints wonāt change until the thread enters the cor- The Singularity OS includes a TCP/IP stack and network
responding case and removes the messages at the head of interface drivers. Thus, communicating with other machines
the endpoints involved. If multiple threads were to be able on the network is no diļ¬erent than on Unix or Windows. An
to receive on a single endpoint, the implementation would obvious question though is whether the strongly typed Sin-
be much more involved, since it must atomically determine gularity channels can be extended to cross machine bound-
which case is satisļ¬ed and dequeue the corresponding mes- aries. Although we havenāt implemented this feature, we
sages. believe it to be straight-forward as depicted in Figure 4. A
process P on machine Kiwi wants to talk to a process Q on
machine Barnowl using channel contract C. From the con-
5. EXTENSIONS tract C we should be able to automatically produce proxy
In practice, we use a couple of extensions to the channel processes proxyQ and proxyP that marshall and unmarshall
mechanisms described so far. In this section, we brieļ¬y men- messages to and from the network and dynamically check the
tion them as well as other ongoing work. protocol of incoming network messages. The clients P and
Q talk to the proxies over strongly typed channels, oblivi-
5.1 Endpoint sets and maps ous (up to latency) to the fact that they are communicating
Threads often need to handle an apriori unknown number of remotely. The semantics of our channels poses no immedi-
endpoints. This arises most frequently in services that have ate problem due to the fact that sends never block and that
numerous connections to clients. In order to handle these the channel failure is communicated only on receives. Thus,
situations, Sing# provides an endpoint set abstraction. An when proxies determine that the TCP connection has failed,
endpoint set contains endpoints that are all of the same type they can just close the channel the their clients.
and in the same prototol state. Threads can create sets, add 5.5 Running unveriļ¬ed code
3
Only the pattern column of the endpoint that caused the To run on Singularity, applications must currently be ex-
wakeup is scanned in practice. pressible in veriļ¬able MSIL. This requirement makes it im-
11. Cost (CPU Cycles) Singularity Linux 2.6.11 Windows XP SP2
Singularity Linux Windows 1000000
Process-kernel 78 324 445
call
Cycles per send-receive
Thread yield 401 900 763 100000
2 thread wait-set 2,156 2,390 3,554
ping pong 10000
2 thread message 2,462 10,758 12,806
ping pong
1000
Table 1: Micro benchmark performance
100
1
2
4
8
16
32
64
128
256
512
1024
2048
4096
8192
16384
32768
65536
Message size in bytes
practical to port existing software written in C++ or other
unveriļ¬able languages. We are currently investigating the Figure 5: Send-receive cost vs. buļ¬er size
combination of language-based safety with hardware pro-
tected address spaces in order to isolate unveriļ¬ed code from
veriļ¬ed code using hardware sandboxes.
PerSecond(). All these calls operate on a readily available
6. EXPERIENCE data structure in the respective kernels. The Linux thread
test ran on user-space scheduled pthreads. Kernel sched-
The channel implementation described in this paper has uled threads performed signiļ¬cantly worse. The āwait-set
been in use in Singularity for the last 8 months. The code ping pongā test measured the cost of switching between two
base relies on 43 diļ¬erent channel contracts with roughly threads in the same process through a synchronization ob-
500 distinct messages, and 135 diļ¬erent protocol states. ject. The ā2 message ping pongā measured the cost of send-
Passing ownership of memory blocks and endpoints over ing a 1-byte message from one process to another and then
channels is used frequently. Among the 500 messages, 146 back to the original process. On Linux, we used sockets,
carry pointers into the exchange heap, and 42 messages carry on Windows, we used a named pipe, and on Singularity, we
channel endpoints themselves. Thus, the ability to conļ¬g- used a channel.
ure the communication network dynamically by transferring As the numbers show, Singularity is quite competitive
endpoints is quite important. with systems that have been tuned for years. Particularly
The static veriļ¬cation of ownership has so far delivered on encouraging are the message ping pong numbers on Singu-
the promise of eliminating errors related to dangling pointer larity as they show that the cost of using a channel between
accesses and leaks of exchange heap blocks. We use two distinct processes is only about 15% slower than the cost
redundant veriļ¬ers checking the ownership: one running as of the wait-set ping pong on two threads of the same pro-
part of compilation of the source language to MSIL [1], and cess. Channels on Singularity outperform the mechanisms
a second veriļ¬er checking the MSIL. This redunancy helps available on other systems by factors of 4 to 5. These im-
shake out errors in the veriļ¬cation itself that would allow provements donāt even factor in the ability to pass pointers
ownership errors to pass the compilation undetected. rather than copies of memory blocks.
One serious shortcoming of our current implementation is Figure 5 shows the cost in cycles for sending and receiving
that we do not check exceptional program paths. This short- a block of memory ranging from 1 byte to 64K. As expected,
coming stems from the fact that we donāt have exception the cost on Singularity is constant around 1200 cycles. On
speciļ¬cations in our code base. Without exception speciļ¬- the other systems, the cost starts to increase around buļ¬er
cations on methods, the analysis of exceptional paths would sizes of 1K. These measurements do not show the perfor-
lead to too many programs being rejected. We are actively mance improvements possible if buļ¬ers of page size or larger
working on specifying exceptional behaviors and integrating (4K on x86) are remapped rather than copied. Such an
them with the ownership programming model and veriļ¬ca- optimization would of course require another IPC interface
tion. rather than sockets and named pipes.
6.1 Performance
This section contains micro benchmarks comparing the per- 7. RELATED WORK
formance of Singularity channel operations against other There is a long history in the systems community of drawing
systems. All systems ran on AMD Athlon 64 3000+ (1.8 on programming languages and safety guarantees to make
GHz) on an NVIDIA nForce4 Ultra chipset and 1GB RAM. systems more reliable, maintainable, and/or more perfor-
We used Red Hat Fedora Core 4 (kernel version 2.6.11- mant. For example, SOLO was written in concurrent Pas-
1.1369 FC4), and Windows XP (SP2). Singularity ran with cal instead of assembly [19]. Early work around the Mesa
a concurrent mark-sweep collector in the kernel, a non-con- language focused on memory safety through garbage collec-
current mark-sweep collector in processes (including drivers), tion, type safety, and modularity as well as features such
and a minimal round-robin scheduler. as coroutines and recursion that would be burdensome to
Table 1 reports the cost of simple operations in Singularity implement without runtime and language support [18, 30,
and two other systems. On the Linux system, the process- 35]. The SPIN micro-kernel used Modula-3 to grant appli-
kernel call was getpid(), on Windows, it was GetProces- cation speciļ¬c extensions to run directly in the kernel to
sId(), and on Singularity, it was ProcessService.GetCycles- optimize performance [7]. These systems had very weak iso-
12. lation guarantees between processes, usually sharing a single proportional to the size of transferred buļ¬ers. Compared
heap managed by a single VM. In contrast, our processes are with measurements for L4 on the Alpha, our message round
strongly isolated and can be killed and reclaimed individu- trip times are faster than L4ās for all transfer sizes above 64
ally. bytes (which L4 passes in registers).
Many systems and languages support channel-based inter- The lack of read-only sharing in our system is one of its
process communication. An early system using messages to main drawbacks at the moment. We plan to address this
communicate between tasks is DEMOS [6] on the CRAY-1. issue in future work by incorporating ideas from IO-Lite
Channels (links in DEMOS) were unidirectional and could while retaining a purely software based protection approach.
be passed over other channels. Hardware protection and Ennals et al. use linear types to pass ownership of buļ¬ers
copying was used to prevent inappropriate access and shar- in a language for packet processing compiled to network pro-
ing rather than compile-time checking. cessors [14], thereby proving isolation between the sender
Channels in programming languages are typically uni- and receiver statically as we do. Our resource tracking is
directional streams of uniform type, for example in the lan- rather similar to linear types and can be formalized using
guage OCCAM [26]. Other examples of languages with separation logic [32].
stream based communication types are CML [31], Newsqueak Supporting safe, explicit memory management in program-
[29], and Limbo [13]. However, in contrast to the present ming languages has been studied in Vault [12] and Cyclone
work, none of the above cited work attempts to statically [25]. The veriļ¬cation technique employed in Sing# builds
verify that exchanged data blocks are unshared without the on this earlier work. Type systems based on ownership hi-
need to copy memory. erarchies [9] or lexically-scoped regions [36] are not strong
Recent work on writing an operating system in OCCAM enough to prove the necessary non-aliasing properties at ar-
[4] has extended the language to support mobile data, which bitrary ownership transfer points, e.g., when memory must
corresponds to what we call tracked data in this paper [5]. be freed or transferred to other processes.
The main diļ¬erence with the present work is that we have in- Real-time Java [8] is a version of Java for real-time con-
tegrated mobile semantics into a main-stream OO-language strained systems. It provides programers with memory ar-
without compromising safety or aliasing. Furthermore, the eas that have a stack based lifetime. The explicit mem-
OCCAM channels are synchronous, uni-directional, and uni- ory management in RTSJ is runtime veriļ¬ed, not statically
formly typed, whereas the channels described here are asyn- checked as in our work, i.e., storing a pointer to an object
chronous, bi-directional and governed by channel protocols. in a memory area might cause a runtime error as opposed
Their reported message transfer times are extremely eļ¬cient to a compile-time error if the target object lives beyond the
(ā¼ 80 cycles). The factor of 20 in increased performance over memory areaās lifetime. Scoped types [37] proposes a set of
our approach is achieved by exploiting further invariants rules that statically guarantee the absence of such errors.
their system has over ours. The scheduling in their kernel is Still, life-times of memory areas have lexical scopes whereas
purely cooperative and assumes a single processor, whereas in our work, a block can get allocated by a process, get trans-
we assume a pre-emptive scheduler in a multicore/multi-cpu ferred to another process, and live beyond the lifetime of the
environment. Furthermore, an OCCAM thread waits on a allocating process. Furthermore, our memory model guar-
single channel, whereas our threads can be blocked on any antees that every block is accessed by at most one thread at
number of wait conditions, which causes more accounting on a time, thus providing statically enforced mutual exclusion.
waking a thread. Our implementation also has to cooperate RTSJ to the best of our knowledge does not provide such
with two garbage collectors, the processā own, and the ker- features.
nelās. On process-kernel boundaries, we push special stack Guava [3] is a Java dialect providing statically guaranteed
markers that allow the respective GCās to avoid scanning mutual exclusion through true monitors. Guavaās stronger
stack frames they donāt own. Finally, their implementation exclusion guarantees over Java enable compilers to optmize
uses the channel as the synchronization event itself, whereas code more aggressively. Guava achieves mutual exclusion
we currently use primitive events to implement the channel through hierarchical ownership domains [9] called regions.
synchronization. We believe that we can further improve As discussed above, these techniques do not allow true own-
our channel performance by careful optimizations for the ership transfer as described in this paper. As a result, Guava
common case. relies on deep copying of data structures. It also does not ad-
On the systems side, much research has gone into tech- dress the cross process transmission of data, nor does it have
niques to avoid copying of memory in the IO-system. For ex- any notion of message passing. As such, the ideas in Guava
ample, IO-Lite [28], uses read-only buļ¬ers accessed through are very much orthogonal to those presented here and one
mutable buļ¬er aggregates to allow wide sharing of the buļ¬ers could imagine combining these system, so that e.g., tracked
among diļ¬erent parts of the system. Buļ¬er aggregates al- data could be transferred between ownership domains with-
low splicing together various regions of buļ¬ers. The IO- out the need to copy it.
Lite approach uses VM pages and page protection to enforce The Erlang language has been successfully used in the
read-only access. The main drawback of IO-Lite appears to telecommunication industry [2]. It is based on a purely func-
be the need to know, during buļ¬er allocation, which other tional programming model in which all data is read-only and
processes will share the page in order to avoid remapping sharing cannot cause unwanted side eļ¬ects. Depending on
of pages and fragmentation. In comparison, the statically the runtime system employed [33], message data is either
enforced mutual exclusion of access to buļ¬ers described in copied or processes share pointers into shared heaps. The
this paper does not suļ¬er from page granularity restrictions. latter scenario makes garbage collection a global aļ¬air. Er-
Similarly, the IPC mechanism in L4 micro kernel [20] is lang runtime systems can beneļ¬t from the tracked data ap-
based on hardware protection and is only zero-copy if entire proach of Sing# by keeping garbage collection process-local
pages are transferred by remapping. Otherwise, the cost is without the need to copy messages.
13. Compared to the channels described in this paper, Erlang REFERENCES
uses port based communication and messages can be re- [1] Partition III: CIL Instruction Set. ECMA Standard
ceived out of order. The language does not statically guard 335 http://www.ecma-
against āmessage not understood errorsā, but a global static international.org/publications/standards/Ecma-
analysis ensuring that processes handle all messages sent to 335.htm.
them is described in [11].
[2] Joe Armstrong, Robert Virding, Claes WikstrĀØm, and
o
Specifying and statically checking the interaction among
Mike Williams. Concurrent Programming in Erlang.
communicating threads via protocols is the subject of nu-
Prentice-Hall, second edition, 1996.
merous studies [24, 21, 17, 27, 16]. From a theoretical view
point, the work on session types for inter-process commu- [3] David F. Bacon, Robert E. Strom, and Ashis
nication by Gay et al. [17] is closely related to ours. The Tarafdar. Guava: A Dialect of Java without Data
session types have the same expressive power as our channel Races. In Proceedings of 2000 ACM SIGPLAN
contracts and their type system also keeps track of aliases Conference on Object-Oriented Programming,
Systems, Languages, and Applications (OOPSLAā00),
to determine proper ownership management of endpoints.
pages 382ā400, October 2000.
[4] F.R.M. Barnes, C.L. Jacobsen, and B. Vinter. RMoX:
8. CONCLUSION
a Raw Metal occam Experiment. In Communicating
To our knowledge, this work is the ļ¬rst to integrate a full- Process Architectures 2003, WoTUG-26, Concurrent
ļ¬edged garbage-collected language with statically veriļ¬ed Systems Engineering, ISSN 1383-7575, pages 269ā288,
channel contracts and safe zero-copy passing of memory September 2003. ISBN: 1-58603-381-6.
blocks. The main novelty of the work is the enabling of [5] F.R.M. Barnes and P.H. Welch. Mobile Data,
simple and eļ¬cient implementation techniques for channel Dynamic Allocation and Zero Aliasing: an occam
communication due to the system-wide invariants guaran- Experiment. In Communicating Process Architectures
teed by the static veriļ¬cation. Our channel contracts are 2001, number 59 in Concurrent Systems Engineering
expressive and support passing channel endpoints and other Series, pages 243ā264. IOS Press, Amsterdam, The
memory blocks as message arguments with zero-copy over- Netherlands, September 2001.
head. [6] Forest Baskett, John H. Howard, and John T.
The message-based programming model is well supported
Montague. Taks communication in DEMOS. In
by the language through a switch receive statement which
Proceedings of the Sixth ACM Symposium on
allows blocking on complicated message patterns. The static Operating Systems Principles, pages 23ā31, 1977.
checking prevents ownership errors and helps programmers
[7] Brian N. Bershad, Craig Chambers, Susan Eggers,
handle all possible message combinations, thereby avoiding
Chris Maeda, Dylan McNamee, Przemyslaw Pardyak,
āmessage not-understood errorsā. The runtime semantics
Stefan Savage, and Emin GĀØn Sirer. SPIN: An
u
restricts channel failure to be observed on receives only, thus
Extensible Microkernel for Application-speciļ¬c
eliminating handling of error conditions at send operations
Operating System Services. In Proceedings of the 6th
where it is inconvenient.
ACM SIGOPS European Workshop, pages 74ā77,
Our programming experience with the language and chan-
1994.
nel implementation has been positive. Programmers on the
team, initially skeptical of the value of contracts, now ļ¬nd [8] Greg Bollella, James Gosling, Ben Brosgol, Peter
them useful in preventing or detecting mistakes. The chan- Dribble, Steve Furr, and Mark Turnbull. The
nel contracts provide a clean separation of concerns between Real-Time Speciļ¬cation for Java. Addison-Wesley,
interacting components and help in understanding the sys- June 2000.
tem architecture at a higher level. [9] David G. Clarke, James Noble, and John Potter.
Simple Ownership Types for Object Containment. In
8.1 Future Work 15th European Conference on Object-Oriented
We already mentioned the need to deal with exceptional Programming (ECOOP 2001), volume 2072. Lecture
control ļ¬ow in the static veriļ¬cation. We are also develop- Notes in Computer Science, 2001.
ing extensions to the channel contracts that enable static [10] Karl Crary, David Walker, and Greg Morrisett. Typed
prevention of deadlock in the communication of processes. memory management in a calculus of capabilities. In
Finally, we are investigating how to build abstractions over Conference Record of the 26th Annual ACM
channel objects and communication while retaining their SIGPLAN-SIGACT Symposium on Principles of
asynchronous nature and the static checking of the protocol. Programming Languages. ACM Press, January 1999.
[11] Fabien Dagnat and Marc Pantel. Static analysis of
Acknowledgments communications for Erlang. In Proceedings of 8th
The present work would not have been possible without the International Erlang/OTP User Conference, 2002.
eļ¬ort of a large number of people. We would like to thank [12] Robert DeLine and Manuel FĀØhndrich. Enforcing
a
Paul Barham, Nick Murphy, and Ted Wobber for feedback High-Level Protocols in Low-Level Software. In
and putting up with a research compiler and experimental Proceedings of the ACM SIGPLAN 2001 Conference
static analysis. Thanks to Qunyan Mangus, Mark Plesko, on Programming Language Design and
Bjarne Steensgaard, David Tarditi, and Brian Zill for imple- Implementation (PLDI ā01), pages 59ā69, 2001.
menting support for the exchange heap in the Kernel and the [13] Sean Dorward, Rob Pike, and Phil Winterbottom.
Bartok native code compiler. Special thanks goes to Her- Programming in Limbo. In Proceedings of
man Venter for providing the inital compiler infrastructure COMPCON. IEEE, 1997.
and support.