17 repositorios
Constraints placed on the memory consumption of a virtual machine runtime to prevent resource exhaustion.
Distinct from Virtual Memory Management: Focuses on runtime memory capping for a VM, not system-level virtual memory or swap management.
Explore 17 awesome GitHub repositories matching operating systems & systems programming · Runtime Memory Limits. Refine with filters or upvote what's useful.
The Operator SDK is a framework for building, packaging, and managing custom controllers that extend the Kubernetes API. It serves as a toolset for defining new API types and implementing reconcile loops to automate the lifecycles of complex applications. The project provides specialized support for creating operators based on Helm charts or Ansible playbooks, allowing users to maintain a desired cluster state using existing automation tools. It includes a dedicated system for packaging controllers into standardized container image bundles for distribution via the Operator Lifecycle Manager.
Allows specifying CPU and memory limits in deployment manifests to ensure cluster stability.
Gopher-lua is a complete implementation of the Lua language and its standard libraries written natively in Go. It serves as an embedded scripting engine and virtual machine that allows Go applications to execute Lua scripts and exchange data between the host and the script environment. The project provides a bytecode compiler to transform source code into a binary format for faster execution. It enables deep integration between the two languages by allowing the registration of native Go functions to be called from scripts, and the invocation of script functions directly from Go. The engine c
Restricts the maximum amount of memory the virtual machine can use to prevent system resource exhaustion.
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Limits dataset memory consumption and drops oldest entries when the cap is reached to prevent resource exhaustion.
Holds memory for native API registration, execution stack, and threading support across the runtime's lifecycle.
GreptimeDB is a distributed, open-source time-series database built for unified observability. It stores and queries metrics, logs, and traces together in a single columnar engine, supporting both SQL and PromQL for analysis. The database is designed as a Kubernetes-native operator with a decoupled compute and storage architecture, enabling horizontal scaling and multi-region deployment. What distinguishes GreptimeDB is its role as a multi-protocol ingestion gateway, accepting data through OpenTelemetry, Prometheus Remote Write, InfluxDB, Loki, Elasticsearch, Kafka, and MQTT protocols without
Controls the total memory consumed by concurrent write requests across all ingestion protocols.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Sets a memory swap limit for containers as directed by the Kubelet through the CRI.
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
Configures CPU, memory, disk, and network limits on containers and virtual machines at creation or runtime.
CPython-Internals es una guía técnica de implementación y referencia para el intérprete CPython. Proporciona un análisis detallado del código fuente en C interno y su arquitectura, centrándose en la lógica que gobierna el comportamiento del intérprete. El proyecto documenta el modelo de objetos de Python y el pipeline de compilación, rastreando el proceso desde la gramática cruda y los árboles de sintaxis abstracta hasta el bytecode ejecutable. También sirve como referencia para el desarrollo de extensiones en C, explicando cómo interactuar con estructuras de datos internas y utilizar la API de C. El material cubre la gestión de memoria, incluyendo el conteo de referencias y la recolección de basura generacional, así como la función del Global Interpreter Lock (GIL).
Analyzes the internal implementation of reference counting, generational garbage collection, and the global interpreter lock.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Sets CPU, memory, and disk size limits on instances at creation or while running to protect host capacity.
goflyway es un relé de tráfico cifrado y proxy de túnel HTTP TCP. Encapsula el tráfico TCP dentro de solicitudes HTTP POST o WebSocket para eludir firewalls restrictivos y proxies de red. El sistema proporciona un servidor proxy SOCKS5 que enruta el tráfico a través de un relé WebSocket e incluye un túnel UDP sobre TCP para permitir el transporte a través de redes que bloquean el tráfico UDP. También funciona como un interceptor de tráfico TCP para capturar e inspeccionar los datos que pasan a través de conexiones retransmitidas. Las capacidades cubren el túnel de red y el proxy de tráfico a través de varios protocolos de transporte, incluyendo HTTP POST, WebSocket y KCP. La gestión de recursos se maneja a través de búferes con límite de memoria para clientes y servidores, mientras que las velocidades de transferencia de datos se regulan mediante un mecanismo de limitación de tasa de cubo de tokens.
Limits memory usage for data awaiting client retrieval to prevent resource exhaustion during asynchronous relays.
This project is a C language interpreter and a practical implementation of a programming language. It parses and executes C source code directly, removing the requirement for a separate compilation step. The interpreter is designed for self-hosting, meaning it is capable of interpreting its own source code to demonstrate recursive language processing and execution. The system covers the primary stages of language processing, including lexical analysis, recursive descent parsing, and tree-walk interpretation using an abstract syntax tree. It manages memory and scope through a dynamic symbol t
Handles variable storage and scope lifecycle dynamically during program execution without a separate compilation step.
MiniOB is an open-source educational relational database kernel designed for learning the internals of database systems. It implements a dual-engine storage architecture combining B+ Tree and LSM-Tree, supports SQL parsing and query execution, and provides transactional processing with multi-version concurrency control. The system communicates with clients using the MySQL wire protocol and includes a vector database extension for storing and querying high-dimensional vectors. The project distinguishes itself through its comprehensive coverage of core database concepts in a single, learnable c
Set a maximum memory threshold and terminate the process when the limit is exceeded.
earlyoom es un demonio OOM killer de Linux que monitorea la memoria del sistema y termina procesos para evitar bloqueos del sistema. Actúa como un monitor de recursos de memoria y gestor de terminación de procesos, rastreando la RAM disponible y el espacio de intercambio (swap) para garantizar que el sistema operativo permanezca receptivo. El proyecto se distingue por seleccionar objetivos de terminación basados en el mayor tamaño de conjunto residente (RSS) en lugar de depender únicamente de las puntuaciones OOM del kernel. Proporciona un control granular a través del filtrado de procesos basado en expresiones regulares para proteger aplicaciones específicas y puede terminar grupos de procesos completos para garantizar una limpieza completa de la aplicación. El sistema incluye un framework de notificación que envía alertas d-bus cuando la memoria alcanza umbrales críticos y admite ganchos (hooks) de terminación personalizados. Estos ganchos permiten la ejecución de scripts y binarios externos antes o después de que se elimine un proceso. También se integra con el OOM killer nativo del kernel de Linux para diferir la selección de víctimas al SO cuando se solicita. El demonio extrae estadísticas de procesos y datos de memoria analizando el pseudo-sistema de archivos del kernel y registra eventos operativos a través del registro de eventos del sistema.
Kills the largest process by resident set size to reclaim memory and maintain system responsiveness.
Memgraph is an in-memory, distributed graph database designed for high-performance labeled property graph management. It utilizes a Cypher query engine for declarative data retrieval and manipulation, providing a scalable knowledge graph backend that integrates vector search and graph traversals. The system distinguishes itself as a real-time graph analytics platform, employing native C++ and CUDA implementations to execute complex network analysis and dynamic community detection on streaming data. It provides specialized support for AI integration, including GraphRAG capabilities, the constr
Sets maximum memory allocation thresholds for instances, queries, or procedures to prevent system exhaustion.
Uptrace is an OpenTelemetry-based observability platform designed to collect, store, and analyze distributed traces, metrics, and logs. It functions as a centralized logging backend, a distributed tracing system, and a metrics engine to monitor application performance and system health. The platform is distinguished by AI-powered operational capabilities, allowing users to query telemetry data and manage monitoring dashboards using natural language. It specifically includes specialized monitoring for generative AI pipelines, tracking token usage and response quality for LLM interactions and r
Caps memory consumption of the telemetry pipeline and drops data when limits are exceeded.
dn is a local browser data archive and web archiver designed to save and render web pages from Chromium browsers for offline viewing and permanent storage. It functions as a self-hosted repository for browsing history and page content, operating as an offline web content server that hosts saved data as if the original sites were still online. The system includes a full-text search engine that indexes all saved web pages, enabling the instant recovery of specific information across the local collection. It utilizes a domain-based filtering system to block specific website addresses from being
Enforces memory caps on archived datasets to maintain system stability on the host device.
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Monitors memory footprints and triggers exits when predefined thresholds are exceeded to protect the host.