Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

A method and system for identifying garbage data, an electronic device, and a storage medium. The method includes: uploading an object to a distributed object storage system (S101); acquiring a head object identifier in an index storage pool of the distributed object storage system (S102); querying a data storage pool for a target data group corresponding to the head object identifier (S103); marking a tail object corresponding to a tail object identifier in the target data group as a target tail object (S104); and marking tail objects in the data storage pool other than the target tail object as garbage data (S105). The method can identify garbage data in a distributed object storage system.

A computing device performs initial processing of sensor data. The computing device performs obtaining sensor data, writing the sensor data to first addresses of a dynamically allocated buffer associated with the computing device, encoding the sensor data, writing the encoded sensor data to second addresses of the dynamically allocated buffer, in response to completing the writing of the encoded sensor data, indicating that the writing of the encoded sensor data has been completed, receiving, from a computing resource, a polling request to read the encoded sensor data, transmitting, to the computing resource, a status that the writing of the encoded sensor data to the second addresses has been completed, reading, to a memory of the computing resource, the encoded sensor data, receiving, from the computing resource, a second status that the encoded sensor data has been read, and removing, from the dynamically allocated buffer, the encoded sensor data.

In an approach for improving data access performance in memory, a processor monitors each data access to a data element in the memory from an application, wherein the application has a plurality of functions. A processor records, during runtime, each data access into a monitoring element table, wherein the record for each data access includes an identity, a start address, an end address, and a memory page number. A processor clusters recorded data accesses for each function based on a distance between data elements accessed in sequence. A processor allocates, based on the data element clustering result, the data elements in a same cluster into a same memory unit in the memory.

Memory allocation circuitry allocate a memory region in memory, and bounded pointer generation circuitry generates bounded pointers including a revocable bounded pointer that provides a pointer value and range information identifying an address range of the memory region. The memory allocation circuitry provides, at a header location in the memory, a header for the memory region with a first token field which is initialized to a first token value associated with the memory region. The memory allocation circuitry is responsive to the deallocation of the memory region to modify the stored value in the first token field of the header. In response to a request to generate a memory address using the revocable bounded pointer, a use authentication check prevents generation of the memory address when it is determined that the stored value in the first token field has been changed.

Memory allocation techniques may provide improved security and performance. A method may comprise mapping a block of memory, dividing the block of memory into a plurality of heaps, dividing each heap into a plurality of sub-heaps, wherein each sub-heap is associated with one thread of software executing in the computer system, dividing each sub-heap into a plurality of bags, wherein each bag is associated with one size class of objects, creating an allocation buffer and a deallocation buffer for each bag, storing a plurality of objects in at least some of the bags, wherein each object is stored in a bag having size class corresponding to a size of the object, storing in the allocation buffer of each bag information relating to available objects stored in that bag, and storing in the deallocation buffer of each bag information relating to freed objects that were stored in that bag.

A technique is introduced for applying multi-level caching to deploy various types of physical memory to service captured memory calls from an application. The various types of physical memory can include local volatile memory (e.g., dynamic random-access memory), local persistent memory, and/or remote persistent memory. In an example embodiment, a user-space page fault notification mechanism is used to defer assignment of actual physical memory resources until a memory buffer is accessed by the application. After populating a selected physical memory in response to an initial user-space page fault notification, page access information can be monitored to determine which pages continues to be accessed and which pages are inactive to identify candidates for eviction.

A computing system providing virtual computing services may maintain a fleet of servers that host virtual machine instances having a wide variety of types and configurations. A service provider may rent processor and memory capacity by defining and offering various virtual machine instances to clients. Each virtual machine instance may include one or more virtual CPUs and a fixed amount of virtualized memory allocated to each virtual CPU, dependent on a predefined ratio between virtual CPU capacity and virtualized memory capacity for the instance type. Each server may include a custom, non-standard sized physical memory module containing memory devices of multiple technologies, types, or sizes on the same printed circuit board. By including custom memory modules, rather than relying only on standard memory modules, the service provider system may implement virtual machines having finer grained options for processor and memory capacity combinations, and may avoid stranding rentable resources.

A method for providing an asynchronous execution queue for accelerator hardware includes replacing a malloc operation in an execution queue to be sent to an accelerator with an asynchronous malloc operation that returns a unique reference pointer. Execution of the asynchronous malloc operation in the execution queue by the accelerator allocates a requested memory size and adds an entry to a look-up table accessible by the accelerator that maps the reference pointer to a corresponding memory address.

A method and apparatus of a device for resource management by using a hierarchy of resource management techniques with dynamic resource policies is described. The device terminates several misbehaving application programs when available memory on the device is running low. Each of those misbehaving application programs consumes more memory space than a memory consumption limit assigned to the application program. If available memory on the device is still low after terminating those misbehaving application programs, the device further sends memory pressure notifications to all application programs. If available memory on the device is still running low after sending the memory pressure notifications, the device further terminates background, idle, and suspended application programs. The device further terminates foreground application programs when available memory on the device is still low after terminating the background, idle, and suspended application programs.