17 Repos
Constraints placed on the memory consumption of a virtual machine runtime to prevent resource exhaustion.
Distinct from Virtual Memory Management: Focuses on runtime memory capping for a VM, not system-level virtual memory or swap management.
Explore 17 awesome GitHub repositories matching operating systems & systems programming · Runtime Memory Limits. Refine with filters or upvote what's useful.
The Operator SDK is a framework for building, packaging, and managing custom controllers that extend the Kubernetes API. It serves as a toolset for defining new API types and implementing reconcile loops to automate the lifecycles of complex applications. The project provides specialized support for creating operators based on Helm charts or Ansible playbooks, allowing users to maintain a desired cluster state using existing automation tools. It includes a dedicated system for packaging controllers into standardized container image bundles for distribution via the Operator Lifecycle Manager.
Allows specifying CPU and memory limits in deployment manifests to ensure cluster stability.
Gopher-lua is a complete implementation of the Lua language and its standard libraries written natively in Go. It serves as an embedded scripting engine and virtual machine that allows Go applications to execute Lua scripts and exchange data between the host and the script environment. The project provides a bytecode compiler to transform source code into a binary format for faster execution. It enables deep integration between the two languages by allowing the registration of native Go functions to be called from scripts, and the invocation of script functions directly from Go. The engine c
Restricts the maximum amount of memory the virtual machine can use to prevent system resource exhaustion.
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Limits dataset memory consumption and drops oldest entries when the cap is reached to prevent resource exhaustion.
Holds memory for native API registration, execution stack, and threading support across the runtime's lifecycle.
GreptimeDB is a distributed, open-source time-series database built for unified observability. It stores and queries metrics, logs, and traces together in a single columnar engine, supporting both SQL and PromQL for analysis. The database is designed as a Kubernetes-native operator with a decoupled compute and storage architecture, enabling horizontal scaling and multi-region deployment. What distinguishes GreptimeDB is its role as a multi-protocol ingestion gateway, accepting data through OpenTelemetry, Prometheus Remote Write, InfluxDB, Loki, Elasticsearch, Kafka, and MQTT protocols without
Controls the total memory consumed by concurrent write requests across all ingestion protocols.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Sets a memory swap limit for containers as directed by the Kubelet through the CRI.
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
Configures CPU, memory, disk, and network limits on containers and virtual machines at creation or runtime.
CPython-Internals ist ein technischer Implementierungsleitfaden und eine Referenz für den CPython-Interpreter. Es bietet eine detaillierte Analyse des internen C-Quellcodes und der Architektur, wobei der Fokus auf der Logik liegt, die das Verhalten des Interpreters steuert. Das Projekt dokumentiert das Python-Objektmodell und die Kompilierungs-Pipeline und verfolgt den Prozess von der rohen Grammatik und den abstrakten Syntaxbäumen bis hin zum ausführbaren Bytecode. Es dient zudem als Referenz für die Entwicklung von C-Erweiterungen und erklärt, wie man mit internen Datenstrukturen interagiert und die C-API nutzt. Das Material deckt die Speicherverwaltung ab, einschließlich Referenzzählung und generationaler Garbage Collection, sowie die Funktion des Global Interpreter Lock.
Analyzes the internal implementation of reference counting, generational garbage collection, and the global interpreter lock.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Sets CPU, memory, and disk size limits on instances at creation or while running to protect host capacity.
goflyway ist ein verschlüsselter Traffic-Relay- und HTTP-TCP-Tunneling-Proxy. Er kapselt TCP-Traffic in HTTP-POST- oder WebSocket-Anfragen, um restriktive Firewalls und Netzwerk-Proxys zu umgehen. Das System bietet einen SOCKS5-Proxy-Server, der Traffic über ein WebSocket-Relay leitet, und enthält einen UDP-over-TCP-Tunnel, um den Transport über Netzwerke zu ermöglichen, die UDP-Traffic blockieren. Zudem fungiert es als TCP-Traffic-Interceptor zum Abfangen und Inspizieren von Daten, die durch weitergeleitete Verbindungen fließen. Die Funktionen decken Netzwerk-Tunneling und Traffic-Proxying über verschiedene Transportprotokolle ab, darunter HTTP POST, WebSocket und KCP. Das Ressourcenmanagement erfolgt über speicherbegrenzte Puffer für Clients und Server, während Datentransfergeschwindigkeiten mittels eines Token-Bucket-Rate-Limiting-Mechanismus reguliert werden.
Limits memory usage for data awaiting client retrieval to prevent resource exhaustion during asynchronous relays.
This project is a C language interpreter and a practical implementation of a programming language. It parses and executes C source code directly, removing the requirement for a separate compilation step. The interpreter is designed for self-hosting, meaning it is capable of interpreting its own source code to demonstrate recursive language processing and execution. The system covers the primary stages of language processing, including lexical analysis, recursive descent parsing, and tree-walk interpretation using an abstract syntax tree. It manages memory and scope through a dynamic symbol t
Handles variable storage and scope lifecycle dynamically during program execution without a separate compilation step.
MiniOB is an open-source educational relational database kernel designed for learning the internals of database systems. It implements a dual-engine storage architecture combining B+ Tree and LSM-Tree, supports SQL parsing and query execution, and provides transactional processing with multi-version concurrency control. The system communicates with clients using the MySQL wire protocol and includes a vector database extension for storing and querying high-dimensional vectors. The project distinguishes itself through its comprehensive coverage of core database concepts in a single, learnable c
Set a maximum memory threshold and terminate the process when the limit is exceeded.
earlyoom is a Linux OOM killer daemon that monitors system memory and terminates processes to prevent system freezes. It acts as a memory resource monitor and process termination manager, tracking available RAM and swap space to ensure the operating system remains responsive. The project distinguishes itself by selecting termination targets based on the largest resident set size rather than relying solely on kernel OOM scores. It provides granular control through regular expression-based process filtering to protect specific applications and can terminate entire process groups to ensure compl
Kills the largest process by resident set size to reclaim memory and maintain system responsiveness.
Memgraph is an in-memory, distributed graph database designed for high-performance labeled property graph management. It utilizes a Cypher query engine for declarative data retrieval and manipulation, providing a scalable knowledge graph backend that integrates vector search and graph traversals. The system distinguishes itself as a real-time graph analytics platform, employing native C++ and CUDA implementations to execute complex network analysis and dynamic community detection on streaming data. It provides specialized support for AI integration, including GraphRAG capabilities, the constr
Sets maximum memory allocation thresholds for instances, queries, or procedures to prevent system exhaustion.
Uptrace is an OpenTelemetry-based observability platform designed to collect, store, and analyze distributed traces, metrics, and logs. It functions as a centralized logging backend, a distributed tracing system, and a metrics engine to monitor application performance and system health. The platform is distinguished by AI-powered operational capabilities, allowing users to query telemetry data and manage monitoring dashboards using natural language. It specifically includes specialized monitoring for generative AI pipelines, tracking token usage and response quality for LLM interactions and r
Caps memory consumption of the telemetry pipeline and drops data when limits are exceeded.
dn ist ein lokales Browser-Datenarchiv und Web-Archivierer, der entwickelt wurde, um Webseiten aus Chromium-Browsern für die Offline-Ansicht und dauerhafte Speicherung zu sichern. Er fungiert als selbstgehostetes Repository für Browserverlauf und Seiteninhalte und arbeitet als Offline-Web-Content-Server, der gespeicherte Daten so hostet, als wären die Originalseiten noch online. Das System enthält eine Volltext-Suchmaschine, die alle gespeicherten Webseiten indiziert und die sofortige Wiederherstellung spezifischer Informationen innerhalb der lokalen Sammlung ermöglicht. Es nutzt ein domänenbasiertes Filtersystem, um spezifische Webseitenadressen über eine Blacklist von der Archivierung auszuschließen. Das Projekt deckt lokales Content-Serving durch Chromium-basiertes Seiten-Rendering und Web-Mirroring auf Dateisystemebene ab, um ursprüngliche visuelle Layouts beizubehalten. Es bietet zudem Tools zur Verwaltung von Systemressourcen, wie die Zuweisung von Speicher- und Speicherlimits für das Archiv.
Enforces memory caps on archived datasets to maintain system stability on the host device.
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Monitors memory footprints and triggers exits when predefined thresholds are exceeded to protect the host.