The inventive subject matter relates to shared memory systems and particularly (though not exclusively) to shared usage of memory resources by many remote users.
It is known that in a JVM shared by many remote users, anyone of the users could individually exhaust all the memory available to the JVM. The JVM itself imposes limits on the memory usage by all users of that JVM. These limits are imposed by specifying a maximum heap size limit.
A ‘garbage collector’ analyses the live memory within the heap by starting from a set of root references on the stacks (in global references such as class statics) and by proceeding to mark all objects thus referenced.
However, this approach has the disadvantage(s) that the single JVM limit constrains all the potential users of a multi-user JVM to the same level and makes it possible for one user to mount a denial of service attack simply by over-consuming memory.
The techniques used by garbage collection to mark the live memory are effective but are not sufficient to identify the objects created by a given user and thus determine which user or users are over-consuming memory.
One possible solution to this problem would be to define the concept of an ‘Isolate’ which can be given some set of resources and allowed to consume them until it fails. If the isolate is implemented as a separate JVM then the scale of any resultant damage can be obviously limited. However, defining multiple ‘isolates’ would lead to poor utilization of resources since each isolate must be allowed to grow individually to the resource limits.