CN115373758A - Method for starting runtime instance, runtime namespace system and storage medium - Google Patents
Method for starting runtime instance, runtime namespace system and storage medium Download PDFInfo
- Publication number
- CN115373758A CN115373758A CN202210933111.2A CN202210933111A CN115373758A CN 115373758 A CN115373758 A CN 115373758A CN 202210933111 A CN202210933111 A CN 202210933111A CN 115373758 A CN115373758 A CN 115373758A
- Authority
- CN
- China
- Prior art keywords
- resource
- runtime
- namespace
- manager
- consumer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Abstract
The embodiment of the application discloses a method for starting a runtime instance, a runtime namespace system and a storage medium, which are used for a runtime instance level namespace. The method of the embodiment of the application is applied to a runtime namespace system, the runtime namespace system comprises a runtime, and the method can comprise the following steps: creating, by the runtime, a context object at a runtime instance level, the context object comprising a namespace; obtaining running code through the runtime; creating a runtime instance according to the running code through the runtime; launching the runtime instance using the context object by the runtime.
Description
Technical Field
The present application relates to the field of storage, and in particular, to a method for starting a runtime instance, a runtime namespace system, and a storage medium.
Background
The existing sandboxes (Sandbox), linux namespace, fuchsia namespace and the like have certain limitation on access resources more or less, and meanwhile, the access is not flexible enough because the access is realized by depending on an Application Programming Interface (API) provided by an operating system.
Disclosure of Invention
The embodiment of the application provides a method for starting a runtime instance, a runtime namespace system and a storage medium, which are used for a runtime instance level namespace.
A first aspect of the present application provides a method for starting a runtime instance, where the method is applied to a runtime namespace system, where the runtime namespace system includes a runtime, and the method may include:
creating, by the runtime, a context object at a runtime instance level, the context object comprising a namespace;
obtaining running code through the runtime;
creating a runtime instance according to the running code through the runtime;
launching the runtime instance using the context object by the runtime.
A second aspect of the present application provides a runtime namespace system, the runtime namespace system comprising a runtime;
the runtime is used for creating a context object at a runtime instance level, wherein the context object comprises a namespace; acquiring an operating code; creating a runtime instance according to the running code; launching the runtime instance using the context object.
Yet another aspect of the embodiments of the present application provides a computer-readable storage medium, comprising instructions, which when executed on a processor, cause the processor to perform the method of the first aspect of the present application.
In yet another aspect, embodiments of the present application disclose a computer program product, which when run on a computer, causes the computer to perform the method of the first aspect of the present application.
In yet another aspect, an application publishing platform is disclosed, which is configured to publish a computer program product, wherein when the computer program product runs on a computer, the computer is caused to perform the method of the first aspect of the present application.
According to the technical scheme, the embodiment of the application has the following advantages:
in an embodiment of the present application, a context object at runtime instance level is created by the runtime, the context object comprising a namespace; obtaining running code through the runtime; creating a runtime instance according to the running code through the runtime; launching the runtime instance using the context object by the runtime. The method is used for the runtime instance level namespace, can support wider use scenes compared with the existing process level namespace, and is suitable for the scenes that one process runs a plurality of runtime instances.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following briefly introduces the embodiments and the drawings used in the description of the prior art, and obviously, the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained according to the drawings.
FIG. 1A is a diagram illustrating a system architecture for using resource objects according to an embodiment of the present application;
FIG. 1B is a schematic flow chart illustrating the use of resource objects in the embodiment of the present application;
FIG. 2 is a schematic diagram of an embodiment of a method for launching a runtime instance in an embodiment of the present application;
FIG. 3 is a schematic diagram of another embodiment of a method for launching a runtime instance in an embodiment of the present application;
FIG. 4A is a system architecture diagram relating to resource abstraction, management, and access in an embodiment of the present application;
FIG. 4B is a diagram illustrating a Camera resource description in an embodiment of the present application;
FIG. 4C is a schematic diagram of a currently available Camera resource object in an embodiment of the present application;
FIG. 4D is a diagram illustrating resource management in an embodiment of the present application;
FIG. 4E is another diagram illustrating resource management in an embodiment of the present application;
FIG. 4F is a diagram illustrating resource object access servitization in an embodiment of the present application;
FIG. 4G is a schematic diagram of the organization of resource objects at runtime in an embodiment of the present application;
FIG. 4H is a schematic diagram of a data directory in an embodiment of the present application;
FIG. 4I is a schematic diagram of opening a service directory in the embodiment of the present application;
FIG. 5A is a schematic diagram of a runtime namespace system in an embodiment of the present application;
FIG. 5B is another diagram of a runtime namespace system in an embodiment of the present application;
FIG. 5C is another diagram of a runtime namespace system in an embodiment of the application.
Detailed Description
The embodiment of the application provides a method for starting a runtime instance, a runtime namespace system and a storage medium, which are used for a runtime instance-level namespace.
For a person skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. The embodiments in the present application shall fall within the protection scope of the present application.
Some of the terms referred to in this application will be briefly described as follows:
at runtime, a runtime is a piece of code that implements a portion of the programming language execution model. In this process, it allows the program to interact with the computing resources it needs to work on. Runtimes are typically components of a programming language and do not require separate installation. (Runtime is a piece of code that programs ports of a programming language's execution model. In doing this, it all the programs to the interfaces with the programming resources to the word. The runtimes of the programming language and the d't the programs to the embedded database.)
A namespace, a namespace (also sometimes referred to as a name range), is an abstract container or environment for holding logical groupings of unique identifiers or symbols (i.e., names). An identifier defined in a namespace is only associated with the namespace. The same identifier can be defined independently in multiple namespaces. (excipient in computer science (nanoparticles a name scope) is An absolute variant participant or floor a local grouping of unique identifiers or molecules (i.e. names.) the excipient is defined in a name space is associated with unique identifier with a same name, the excipient can be defined in An index space by a name polypeptide a name coordinates
Sandbox, in computer security, sandbox (Sandbox) is a security mechanism for isolating running programs, usually used to execute untested or untrusted programs or code, which creates a separate execution environment for the program to be executed, and the execution of internal programs does not affect the execution of external programs. (In computer security, a security is a security mechanism used to communicate programs, usage for the Execution of the unknown or unknown programs or code, it creates a security Execution environment, the Execution of internal programs with a non-after effect of the operation of external programs
Linux, is the most well-known and most commonly used open source operating system. As an operating system, linux is software that sits below all other software on a computer, receives requests from these programs and relays them to the computer's hardware. (Linux is the best-know and most-used source operating system As an operating system, linux is software that is not a subset all of the other software on a computer, receiving requests from the programs and playing the requests to the computer's hardware.)
Fuchsia, a modern open source operating system that is simple, secure, renewable, and high performance. Entry as a general purpose operating system, fuchsia is intended to provide support for a diverse hardware and software ecosystem. (Fuchsia a model open source operating system that is at's simple, secure, updatable, and performance. Get started As a general purpose operating system, fuchsia is designed to power a different operating system of hard ware and software.)
Heterogeneous resources, which are many different kinds of hardware and software used by distributed systems in computing processes, work together in a coordinated fashion to solve problems. (Heterogeneous resources in area differential engines of hardware and software used in the computing process of distributed systems, while work together in a collaborative manager to software systems.)
Handlers are mainly used for the processing of asynchronous messages: when a message is sent, the message is firstly sent into a message queue, the function of sending the message returns immediately, the other part takes out the messages one by one in the message queue, and then the message is processed, namely the message sending and the message receiving are not synchronous. Such mechanisms are typically used to handle relatively time-consuming operations.
Listener is used to listen for the occurrence of an event, a change in state.
1. Sandbox (Sandbox)
In computer security, a Sandbox (Sandbox) is a security mechanism for isolating running programs, typically for executing untested or untrusted programs or code. It can create an independent execution environment for the program to be executed, and the execution of the internal program can not affect the operation of the external program. Typical sandboxes are Javascript Sandbox, webAssembly Sandbox, and the like.
The following is a typical sandbox implementation schematic code:
a sandbox specifies resources that a program can access at runtime, typically including callable functions (ctx.func), accessible variables (ctx.val), and read-write host machine file directories (ctx.dir).
Multiple sandboxes may be created in a process. The programs running in different sandboxes of the same process are isolated from each other, and the programs running in the sandboxes of different processes are also isolated from each other. They cannot be mutually called unless functions and variables that can be mutually called are specified in the execution context object (ctx).
At the same time, sandboxing mechanisms are generally not dependent on a particular operating system. Because it is implemented in pure software in user space, it does not depend on Application Programming Interface (API) provided by the underlying operating system.
The sandbox mechanism provides an isolated environment for the running program. On one hand, host machine resources, such as files, which can be accessed by the running program are limited, and isolation between the program and the host is realized. On the other hand, the mutual access of the two running programs is limited, and the isolation between the programs is realized. However, there is a drawback with the existing sandbox mechanism: no uniform abstraction and access is provided to the different host resources. Different resources are accessed in different ways and lack uniform abstraction. Such as functions, variables, and files, all need to be accessed using different approaches.
2、Linux namespace
Linux namespace is an operating environment that creates (isolates) another process in the currently operating system environment, and virtualizes some necessary system global resources in this operating environment. Processes may run in a specified namespace, so each process in namespace thinks it owns all these virtualized global resources. Currently, linux already supports virtualization of 8 global resources:
cgroup namespace: the namespace can manage its own cgroup separately.
ipc namespace: the namespace has its own Inter-Process Communication (IPC), such as shared memory, semaphores, and the like.
network namespace: the namespace has its own network resources, including network protocol stack, network device, routing table, firewall, port, etc.
mount namespace: the namespace has mounting information of the namespace, namely has independent directory hierarchy.
pid namespace: the namespace has its own Process number, so that the Process PID (Process Identifier) in the namespace is individually numbered, for example, PID =1.
time namespace: the namespace has the starting time point information and the monotonous time, for example, the starting time point of a certain namespace can be set to be started before 1 year, and for example, the time which may elapse after different namespaces are created is different.
user namespace: the namespace has a User authority management mechanism (such as an independent User Identifier (UID)/Group Identifier (GID)), so that the namespace is more secure.
uts namespace: the namespace has its own host information, including host name (hostname), norton network Security domain name (NIS domain name).
Linux namespace acts at the process level, that is, all code running in a process is subject to the same restrictions and can access the same resources. The access mode of different resources follows the API specification of the operating system, for example, the access network passes through network APIs such as socket/send/recv (receive), and the read-write file passes through file operation APIs such as open/read/write/close.
Linux namespace limits, on the one hand, the host resources that can be accessed by running programs, such as the Central Processing Unit (CPU) and the internal quota, which can be used by a cgroup namespace-limited program. On the other hand, two running programs are isolated, for example, through mount namespace, the same virtual file path can point to two different real files. However, linux namespace has two disadvantages:
(1) No uniform abstraction and access is provided to the different host resources. Different resources are accessed in different ways and lack uniform abstraction. For example, the access network passes through network APIs such as socket/send/recv, and the read-write file passes through file operation APIs such as open/read/write/close.
(2) The method acts at a process level, cannot provide isolation environments for different codes running in the same process, and cannot realize cross-platform by relying on an API provided by an operating system.
3、Fuchsia namespace
Fuchsia namespace is a comprehensive hierarchy of files, directories, sockets, services, devices, and other named objects that are provided by its environment to components for use:
1) File: an object containing binary data.
2) Catalog: objects that contain other objects.
3) And (3) socket jointing: objects that can establish a connection after opening, like named pipes.
4) Service: an object that provides FIDL (Fuchsia Interface Definition Language) service after opening.
5) Equipment: an object is provided that accesses a hardware resource.
The object name consists of a binary 8-bit group character (byte order arbitrary), subject to the following constraints:
1) A minimum length of 1 byte.
2) The maximum length is 255 bytes.
3) No NULs (zero value bytes) are included.
4) Do not include/.
5) Is not equal to.
6) Always comparable byte equations (meaning letter case differentiation).
To access an object in a namespace, another object must already be owned. Typically, during a namespace transfer, a component will receive a channel handle for an object within the scope of its namespace. Given an object's path, the path of its child object can be opened by sending it a FIDL message whose contents contain a relative path expression indicating the child object that is desired to be opened.
Typical Fuchsia namespace directory structure:
1) pkg/. Content of the current package
(1) bin: an executable binary within a packet;
(2) lib:sharedlibraries within a package;
(3) data/: data in the package, such as assets.
2) data/: local persistent storage (read-write, package private)
3) tmp/: temporary storage (readable and writable, bag private)
4) svc/: service provided to component
(1) Process, launcher, load process;
(2) Log information;
(3) vendor-defined service.
5) dev/: device tree (parts visible to privileged component as needed)
(1)class/,…。
6) hub/introspection system
(1) config/. The configuration data of the component.
Fuchsia namespace acts at the process level, i.e., all code running in a process is subject to the same restrictions and has access to the same resources. Fuchsia namespace abstracts the different resources uniformly as objects and accesses them uniformly through FIDL messages.
Fuchsia namespace also limits the host resources that the running program can access. Meanwhile, the method carries out uniform named object abstraction on host resources which can be accessed by the program, namely, each resource is an object, each object has a name, and a uniform access mode is provided through FIDL on the basis. However, fuchsia namespace has a disadvantage: the method is applied to the process level, cannot provide isolation environments for different codes running in the same process, depends on API (application programming interface) implementation provided by an operating system, and cannot cross-platform.
In the embodiment of the application, the access limitation of the host resource at the runtime instance level can be realized based on a Namespace (Namespace), and a uniform abstraction, organization and access mode is provided for heterogeneous resources. On the basis, multi-device fusion calculation is realized. FIG. 1A is a diagram illustrating a system architecture for using resource objects according to an embodiment of the present application. Fig. 1B is a schematic flow chart illustrating the use of resource objects in the embodiment of the present application.
The Host application program (Host App) migrates the application program Logic B (App Logic B) into the access Device (Guest Device) for execution, and migrates the User Interface Object B (User Interface Object B, UI Object B) into the Guest Device for display. App Logic B needs to access a data directory of the Host App during running. The user's input on UI Object B is also passed to App Logic A processing. This example involves (1) computational fusion, (2) data fusion, and (3) peripheral fusion.
(4) The method comprises the following steps The Host App creates a new runtime instance in the Guest Device through a CPU Consumer (Consumer) in the namespace, to run App Logic B, and limits the CPU quota through the cgroup/CPU, CPU technique.
(5) The method comprises the following steps The Host App limits the Memory quota via a runtime instance created in the Guest Device for (1) by a MEM Consumer (Memory Consumer) in a namespace, based on the cgroup/Memory technology.
(6) The method comprises the following steps A new INPUT (INPUT) resource object is added to the runtime instance namespace of App Logic A, and App Logic A establishes a control channel with App Logic B by accessing the INPUT resource object.
(7) The method comprises the following steps And (4) creating a data channel by using the control channel in the step (3), and adding a personal information. App Logic B writes the User Input event into an App-Logic-a file, namely, the event can be transmitted to App Logic A through a newly created data channel, and the later obtains the transmitted User Input (User Input) through reading the App-Logic-B file.
(8) The method comprises the following steps The data directory of the runtime instance namespace of App Logic B is a mount point (mount point), and when the data directory is accessed, the data directory is redirected to the data directory in App Logic A through a remote file system.
The following further describes the technical solution of the present application by way of an embodiment, and as shown in fig. 2, is a schematic diagram of an embodiment of a method for starting a runtime instance in the embodiment of the present application, where the method is applied to a runtime namespace system, the runtime namespace system includes a runtime, and the method may include:
201. creating, by the runtime, a context object at a runtime instance level, the context object including a namespace.
202. And acquiring the running code through the runtime.
203. And creating a runtime instance according to the running code through the runtime.
204. Launching the runtime instance using the context object by the runtime.
Illustratively, a Runtime (Runtime) instance level context object may be created using a sandbox mechanism and a namespace initialized in the context object to implement a Runtime instance level namespace as follows:
in an embodiment of the present application, a context object at runtime instance level is created by the runtime, the context object comprising a namespace; obtaining running code through the runtime; creating a runtime instance according to the running code through the runtime; launching the runtime instance using the context object by the runtime. The method is used for the runtime instance level namespace, can support wider use scenes compared with the existing process level namespace, and is suitable for the scene that one process runs a plurality of runtime instances.
As shown in fig. 3, a schematic diagram of another embodiment of a method for starting a runtime instance in an embodiment of the present application, the method being applied to a runtime namespace system, the runtime namespace system including a runtime, a resource provider, a resource manager, a resource consumer, a resource service manager, and an application, may include:
301. creating, by the runtime, a context object at a runtime instance level, the context object including a namespace.
302. And acquiring the running code through the runtime.
303. And creating a runtime instance according to the running code through the runtime.
304. Launching the runtime instance using the context object by the runtime.
Steps 301-304 refer to steps 201-204 in the embodiment shown in FIG. 2, and are not described herein again.
305. Creating a resource object by the resource provider for addition to the resource manager.
FIG. 4A is a block diagram of a system architecture for resource abstraction, management, and access in an embodiment of the present application. Illustratively, (1) the Resource Provider (Resource Provider) creates a Resource object, adds it to the Resource manager (Resource manager), i.e., adds the Resource object description (add Resource description). A resource object is herein understood to be an available resource object. The resource providers may include cloud resources and other device resources.
306. And distributing the resource object to a corresponding resource controller according to the resource type through the resource manager.
Exemplarily, (2) the Resource Manager (Resource Manager) distributes (dispatch) the Resource object (Resource) to the corresponding Resource Controller (Resource Controller) for processing according to the Resource type.
307. And analyzing the resource object through the resource controller, and starting a corresponding resource consumer.
Exemplarily, (3) the Resource Controller (Resource Controller) parses the Resource object, and starts a corresponding Resource Consumer (Resource Consumer), i.e., starts a service (start service).
308. Registering, by the resource consumer, the resource consumer with the resource service manager.
Exemplarily, (4) the Resource Consumer (Resource Consumer) registers itself in the Resource Service Manager (Resource Service Manager), i.e., adds a Service (add Service).
309. Obtaining, by the application, a resource consumer interface from the resource service manager using the runtime; establishing a control channel with a resource provider using the resource consumer interface; creating a data channel using the control channel; accessing a resource object created by the resource provider using the data channel.
Exemplarily, (5) the application acquires a Resource Consumer interface (interface) from a Resource Service Manager (Resource Service Manager) through runtime, that is, acquires a Service (get Service); (6) establishing (truncated) control channel by using Resource Consumer and cloud Resource (Resource Provider); (7) establishing (truncated) control channels with other equipment resources (Resource Provider) by using a Resource Consumer; (8) applications create dedicated data channels (data channels) through the control channel to directly access remote (cloud and other devices) resources.
1. The resource abstraction is illustrated as follows:
optionally, the method is applied to a heterogeneous resource, and the heterogeneous resource is characterized by a resource abstraction, where the resource abstraction includes a resource description and a resource object;
the resource description comprises a version, a type, metadata and a specification;
the resource objects include version, type, metadata, specification, and state.
It will be appreciated that a resource abstraction consists of two parts, a resource description and a resource object.
A resource description represents a resource type, supporting standard resource types (e.g., CPU, memory, storage, microphone (Mic), display (Display), camera (Camera), mouse (Mouse), keyboard (Keyboard), etc.) and custom resource types. A resource description is divided into four parts, version (version), type (kind), metadata (metadata) and specification (spec), each part being composed of a series of key value values.
Fig. 4B is a schematic diagram illustrating a Camera resource description in the embodiment of the present application.
In the illustration of FIG. 4B, a Camera resource is described as follows:
version (version): 1.0
Type (kind): resource definition (resource definition)
Metadata (metadata):
namespace (namespace): "default"
name (name): camera
creationTime (creation time): "2022-03-31T02:56:25Z "
Specification (spec):
names (name):
kid (type): camera
plural (plural): camera as
singular (singular): camera
A resource object represents a currently available resource and is divided into five parts of version, type, metadata, specification and state, wherein each part consists of a series of key value values. Wherein the state may be dynamically updated.
Fig. 4C is a schematic diagram of a currently available Camera resource object in the embodiment of the present application. In the illustration of FIG. 4C, one currently available Camera resource object is as follows:
version (version): 1.0
Type (kid): camera (Camera)
Metadata (metadata):
namespace (namespace): "Default"
name (name): remote-camera "
creationTime (creation time): "2022-03-31T02:56:25Z "
Specification (spec):
vendor (brand): "Sony (Sony)"
model (type): "IMX179"
resolution: "1980X 1024"
interface: "common.
Status (status):
enabled:true
used:false
2. the resource management is explained as follows:
optionally, each resource controller processes a resource type; the method may further comprise: registering a corresponding resource description with the resource manager when the resource controller is initialized; and under the condition that the resource controller stops running, logging off the corresponding resource description to the resource manager.
Optionally, after the resource controller registers the corresponding resource description with the resource manager during initialization, the method may further include: distributing, by the resource manager, a resource event to the resource controller.
Optionally, the resource event includes an add resource object event, an update resource object event, and a delete resource object event.
Optionally, the resource controller includes a listener and a processor; the method may further comprise:
monitoring the resource events distributed by the resource manager through the monitor, and placing the monitored resource events in an event queue;
checking the event queue by the handler, processing an add resource object event using an add event function, processing an update resource object event using an update event function, and processing a delete resource object event using a delete event function.
Fig. 4D is a schematic diagram of resource management in this embodiment. In fig. 4D, (1) and (2) are respectively: resource controllers use a modular design, each handling one Resource type. When the Resource Controller is initialized, it needs to register a Resource description with the Resource Manager, which indicates the type of Resource it can process. When the Resource Controller stops running, which can also be called as ending, the corresponding Resource description is logged out of the Resource Manager. In this way, in addition to supporting standard resources, custom resource extensions are also supported.
Illustratively, as shown in fig. 4E, another schematic diagram of resource management in the embodiment of the present application is shown. In fig. 4E, (3), (4) and (5) are respectively: after the Resource Controller registers a Resource description with the Resource Manager, the latter can distribute the Resource event to the former. The method is divided into three events of adding, updating and deleting resource objects. The Resource Controller internally contains a Listener (Listener) and a Handler (Handler). Listener is responsible for listening to Resource events distributed by Resource Manager and will be placed in an event queue (EventQueue). The Handler checks the event queue (EventQueue) through SyncLoop and processes resource object addition, update, and deletion events through an add event (AddFunc) function, an update event (UpdateFunc) function, and a delete event (DelFunc) function, respectively. (6) Comprises the following steps: resource Manager provides a Get (Get) interface for other modules to query for currently available Resource objects.
3. The resource object access service is explained as follows:
optionally, the method may further include: initiating, by the resource controller, a corresponding first resource consumer using an add event function, the first resource consumer being registered, by the first resource consumer, in the resource service manager; updating the state of the resource object by using an updating event function, and informing a corresponding resource consumer; and stopping running the corresponding second resource consumer by using a deletion event function, and logging off the second resource consumer from the resource service manager through the second resource consumer.
Optionally, a service list is maintained in the resource service manager, where the service list includes a name of each registered resource consumer and an agent, and the agent is used for interacting with the registered resource consumer.
Optionally, the name includes an interface name implemented by the resource object.
Illustratively, as shown in fig. 4F, a schematic diagram of resource object access service in the embodiment of the present application is shown. (1) The Resource Controller starts a corresponding Resource Consumer in AddFunc, which registers itself in the Resource Service Manager.
(2) The Resource Controller updates the state of the Resource object in the UpdateFunc and notifies the corresponding Resource Consumer.
(3) The Resource Controller stops the corresponding Resource Consumer in DelFunc, which logs itself out of the Resource Service Manager.
(4) The Resource Service Manager internally maintains a Service list (Service Table), and each registered Resource provider consists of a name and an agent. Where the name consists of < interface >/< name >, and the Resource Consumer can be interacted with through a proxy (proxy). Interface > represents the interface of the resource object implementation, and name > represents the resource object name (with uniqueness).
As shown in Table 1, an example of maintaining a Service list for the Resource Service Manager internally is as follows:
| <interface>/<name>interface/resource object name | Handler Handler |
| pantanal.resource.Camera/remote-camera-1 | <<proxy>> |
| pantanal.resource.Camera/remote-camera-2 | <<proxy>> |
| pantanal.resource.Audio/remote-audio | <<proxy>> |
TABLE 1
4. The organization of resource objects in runtime is explained as follows:
optionally, each application runs in one runtime instance; each runtime instance includes a namespace that is created at runtime instance startup and dynamically adjusted during runtime.
Optionally, the namespace exists in a file tree structure.
Optionally, the data directory in the namespace represents storage accessed by an application; and the service directory under the name space represents the resource object accessed by the application.
Optionally, the resource objects of the same type are located in the same parent directory, and the file name is the name of the corresponding resource object; the parent directory name is the interface name implemented by the resource object.
Illustratively, as shown in fig. 4G, a schematic diagram of the organization of the resource object in the runtime in the embodiment of the present application is shown. (1) And (2): each application (1) runs in a runtime instance (2), such as a WebAssembly runtime.
(3) The method comprises the following steps Each runtime instance has a namespace, like Linux and Fuchsia's namespace. Created at runtime instance start-up and can be dynamically adjusted during runtime. The namespace exists in a file tree structure.
(4) The method comprises the following steps A data (data) directory under a namespace representing storage accessible to an application. Which may be a mount point (mount point) pointing to a directory of remote devices. For example, a cloud storage directory, or a directory of another device.
(5) The method comprises the following steps Service (svc) directories under the command space represent Resource objects which can be accessed by the application, and are agents obtained from Resource Service Manager, and the agents can be obtained by opening corresponding files. Resource objects that can be accessed by an application are declared in the application description and are subject to user consent. The resource objects of the same type are located in the same parent directory, and the file name is the name of the resource object. The parent directory name is the interface name implemented by the resource object. When there are a plurality of resource objects of the same type, different resource objects are stored in subdirectories named as integers or decimals. For example: the integer can be from 0 or 1, and the smaller the value is, the more preferential the resource is to be used for the currently running application; alternatively, a larger value indicates that the resource is preferentially used by the currently running application. This is decided by the intelligent allocation of resources according to the user's intention.
Optionally, the data directory is a directory of a real file system, and includes at least one of a local file system directory or a remote file system directory;
the service directory points to a FUSE file system directory, and files in the FUSE file system directory are mapped with resource objects in a resource service manager one by one.
Illustratively, as shown in fig. 4H, it is a schematic diagram of the data directory in the embodiment of the present application. The "/data" directory in the namespace is a directory of the real file system. It can be a local file system directory, or a remote file system directory, and an overlayFS file system directory fusing the local file system and the remote file system.
The "/svc" in the namespace points to a FUSE file system directory. The files in the FUSE file system directory are mapped with the Resource objects in the Resource Service Manager one by one.
Optionally, the runtime namespace system further includes a runtime manager; the method may further comprise:
when opening a file under a service directory by using an opening function provided by the runtime manager through the application, entering the runtime manager through FUSH;
checking, by the runtime manager, whether a resource interface called by the application exists in a service list in a resource service manager; if yes, constructing a file object, and returning a file descriptor fd to the application; if not, an ENOENT error is returned to the application.
Illustratively, as shown in fig. 4I, a schematic diagram of opening a service directory in the embodiment of the present application is shown. Procedure for opening/svc files under directory:
(1) When the application opens/svc files under the directory through the open function provided by libc, the files finally enter namespaces through FUSE.
(2) Namespaces uses the file name to be opened as the interface name, and checks whether a Resource interface which can be called by an application exists in the Service Table of the Resource Service Manager. If so, a file object is constructed and its file descriptor fd is returned, representing the proxy object < < proxy > of the resource interface to be accessed. If not, an ENOENT error is returned.
(3) Namespacefs returns the file descriptor fd or ENOENT to the application.
In a traditional sandbox implementation, a unified description and access method is not provided for heterogeneous resources; traditional namespace implementations provide no instance-level support at the process level for runtime, and rely on specific operating system interfaces, and are not capable of cross-platform support. According to the technical scheme, the runtime-level name space is realized, the name space and the namespaces are organized through unified resource abstract description and a namespaces file system, a consistent mode is provided for access of heterogeneous resources, and management of the heterogeneous resources is simplified.
In an embodiment of the application, a context object at runtime instance level is created by the runtime, the context object comprising a namespace; obtaining running code through the runtime; creating a runtime instance according to the running code through the runtime; launching the runtime instance using the context object by the runtime. The method is used for the runtime instance level namespace, can support wider use scenes compared with the existing process level namespace, and is suitable for the scene that one process runs a plurality of runtime instances. Compared with the process-level namespace, the runtime instance-level namespace is independent of a specific mechanism of an operating system, and can realize cross-platform support, such as Android, linux, windows, macOS and other platforms. Through resource description abstractions, namely versions, types, metadata, specifications and states, uniform abstraction of heterogeneous resources is achieved for resources running on different platforms, such as CPU, memory, storage, mic, display, camera, mouse, keyboard and the like, and expansion of custom resources is supported. Through the name space and file abstraction, the uniform organization of the heterogeneous resources is realized, and the access mode of the heterogeneous resources is simplified.
As shown in fig. 5A, which is a schematic diagram of a runtime namespace system in an embodiment of the present application, a runtime 501 namespace system includes a runtime 501;
a runtime 501 for creating a runtime instance level context object, the context object comprising a namespace; acquiring an operating code; creating a runtime instance according to the running code; the runtime instance is launched using the context object.
Optionally, as shown in fig. 5B, the diagram is another schematic diagram of the namespace system during runtime in the embodiment of the present application; the runtime namespace system further includes a resource provider 502, a resource manager 503, a resource controller 504, a resource consumer 505, a resource service manager 506, and an application 507;
a resource provider 502 for creating a resource object to be added to the resource manager 503;
the resource manager 503 is configured to distribute the resource object to the corresponding resource controller 504 according to the resource type;
a resource controller 504, configured to parse the resource object and start a corresponding resource consumer;
a resource consumer 505 for registering the resource consumer 505 in the resource service manager 506;
an application 507 for obtaining a resource consumer interface from the resource service manager 506 using the runtime 501; establishing a control channel with a resource provider 502 using the resource consumer interface; creating a data channel using the control channel; the data channel is used to access the resource object created by resource provider 502.
Optionally, the method is applied to a heterogeneous resource, and the heterogeneous resource is characterized by a resource abstraction, where the resource abstraction includes a resource description and a resource object;
the resource description comprises a version, a type, metadata and a specification;
the resource objects include version, type, metadata, specification, and state.
Optionally, each resource controller 504 handles one resource type;
a resource controller 504, configured to register a corresponding resource description with the resource manager 503 in a case that the resource controller 504 is initialized; in the case where the resource controller 504 is out of service, the corresponding resource description is logged off to the resource manager 503.
Optionally, the resource controller 504, upon initialization, after registering the corresponding resource description with the resource manager 503,
a resource manager 503 for distributing the resource events to the resource controller 504.
Optionally, the resource event includes an add resource object event, an update resource object event, and a delete resource object event.
Optionally, the resource controller 504 includes a listener and a processor;
the listener is configured to listen to the resource event distributed by the resource manager 503, and place the resource event that is listened to in an event queue;
the processor is used for checking the event queue, processing the added resource object event by using an added event function, processing the updated resource object event by using an updated event function, and processing the deleted resource object event by using a deleted event function.
Optionally, the resource controller 504 is configured to start a corresponding first resource consumer using an add event function, and register the first resource consumer with the resource service manager 506 through the first resource consumer; updating the state of the resource object by using an update event function, and informing a corresponding resource consumer; the delete event function is used to stop running the corresponding second resource consumer, which is logged off from resource service manager 506 by the second resource consumer.
Optionally, a service list is maintained in the resource service manager 506, the service list including a name of each registered resource consumer and an agent for interacting with the registered resource consumer.
Optionally, the name includes an interface name of the resource object implementation.
Optionally, each application 507 runs in one runtime instance; each runtime instance includes a namespace that is created at runtime instance startup and dynamically adjusted during runtime.
Optionally, the namespace exists in a file tree structure.
Optionally, the data directory in the namespace represents storage accessed by the application 507;
the service directory under the namespace represents the resource objects accessed by the application 507.
Optionally, the resource objects of the same type are located in the same parent directory, and the file name is the name of the corresponding resource object; the parent directory name is the interface name implemented by the resource object.
Optionally, the data directory is a directory of a real file system, and includes at least one of a local file system directory or a remote file system directory;
the service directory points to a FUSE file system directory, where the files in the FUSE file system directory are mapped one-to-one with the resource objects in the resource service manager 506.
Optionally, as shown in fig. 5C, the diagram is another schematic diagram of the namespace system during runtime in the embodiment of the present application; the runtime namespace system further includes a runtime manager 508;
an application 507, configured to enter the runtime manager 508 through FUSH when opening a file in the service directory using an open function provided by the runtime manager 508;
a runtime manager 508 for checking whether there is a resource interface called by the application 507 in the service list in the resource service manager 506; if so, constructing a file object and returning a file descriptor fd to the application 507; if not, an ENOENT error is returned to the application.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (18)
1. A method for launching a runtime instance, the method being applied to a runtime namespace system, the runtime namespace system including a runtime, the method comprising:
creating, by the runtime, a context object at a runtime instance level, the context object comprising a namespace;
obtaining running code through the runtime;
creating a runtime instance according to the running code through the runtime;
launching the runtime instance using the context object by the runtime.
2. The method of claim 1, wherein the runtime namespace system further comprises a resource provider, a resource manager, a resource consumer, a resource service manager, and an application; the method further comprises the following steps:
creating a resource object by the resource provider to add to the resource manager;
distributing the resource object to a corresponding resource controller according to the resource type through the resource manager;
analyzing the resource object through the resource controller, and starting a corresponding resource consumer;
registering, by the resource consumer, the resource consumer with the resource service manager;
obtaining, by the application, a resource consumer interface from the resource service manager using the runtime; establishing a control channel with a resource provider using the resource consumer interface; creating a data channel using the control channel; and accessing the resource object created by the resource provider by using the data channel.
3. The method of claim 2, wherein the method is applied to heterogeneous resources, and the heterogeneous resources are characterized by resource abstractions, and the resource abstractions comprise resource descriptions and resource objects;
the resource description comprises a version, a type, metadata and a specification;
the resource objects include version, type, metadata, specification, and state.
4. The method of claim 3, wherein each resource controller processes a resource type; the method further comprises the following steps:
registering a corresponding resource description with the resource manager when the resource controller is initialized;
and under the condition that the resource controller stops running, logging off the corresponding resource description to the resource manager.
5. The method of claim 4, wherein the resource controller, upon initialization, after registering the corresponding resource description with the resource manager, further comprises:
distributing, by the resource manager, a resource event to the resource controller.
6. The method of claim 5, wherein the resource events include an add resource object event, an update resource object event, and a delete resource object event.
7. The method of any of claims 2-6, wherein the resource controller comprises a listener and a processor; the method further comprises the following steps:
monitoring the resource events distributed by the resource manager through the monitor, and placing the monitored resource events in an event queue;
checking the event queue by the handler, processing an add resource object event using an add event function, processing an update resource object event using an update event function, and processing a delete resource object event using a delete event function.
8. The method according to any one of claims 2-6, further comprising:
initiating, by the resource controller, a corresponding first resource consumer using an add event function, the first resource consumer being registered, by the first resource consumer, in the resource service manager; updating the state of the resource object by using an update event function, and informing a corresponding resource consumer; and stopping running the corresponding second resource consumer by using a deletion event function, and logging off the second resource consumer from the resource service manager through the second resource consumer.
9. The method of any of claims 2-6, wherein a service list is maintained in the resource service manager, the service list including a name of each registered resource consumer and an agent for interacting with the registered resource consumer.
10. The method of claim 9, wherein the name comprises an interface name of the resource object implementation.
11. The method of any of claims 1-10, wherein each application runs in one runtime instance;
each runtime instance includes a namespace that is created at runtime instance startup and dynamically adjusted during runtime.
12. The method of claim 11, wherein the namespace exists in a file tree structure.
13. The method of claim 11 or 12, wherein the data directory under the namespace represents a store accessed by an application;
and the service directory under the name space represents the resource object accessed by the application.
14. The method of claim 13, wherein resource objects of the same type are located in the same parent directory, and the file name is the name of the corresponding resource object; the parent directory name is the interface name implemented by the resource object.
15. The method of claim 13,
the data directory is a directory of a real file system and comprises at least one of a local file system directory or a remote file system directory;
the service directory points to a FUSE file system directory, and files in the FUSE file system directory are mapped with resource objects in a resource service manager one by one.
16. The method of claim 15, wherein the runtime namespace system further comprises a runtime manager; the method further comprises the following steps:
when a file under a service directory is opened by using an opening function provided by the runtime manager through the application, the file enters the runtime manager through FUSH;
checking, by the runtime manager, whether a resource interface called by the application exists in a service list in a resource service manager; if yes, constructing a file object, and returning a file descriptor fd to the application; if not, an ENOENT error is returned to the application.
17. A runtime namespace system, the runtime namespace system comprising a runtime;
the runtime is used for creating a context object at a runtime instance level, wherein the context object comprises a namespace; acquiring an operating code; creating a runtime instance according to the running code; launching the runtime instance using the context object.
18. A computer-readable storage medium comprising instructions that, when executed on a processor, cause the processor to perform the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210933111.2A CN115373758A (en) | 2022-08-04 | 2022-08-04 | Method for starting runtime instance, runtime namespace system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210933111.2A CN115373758A (en) | 2022-08-04 | 2022-08-04 | Method for starting runtime instance, runtime namespace system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115373758A true CN115373758A (en) | 2022-11-22 |
Family
ID=84063064
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210933111.2A Pending CN115373758A (en) | 2022-08-04 | 2022-08-04 | Method for starting runtime instance, runtime namespace system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115373758A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117130721A (en) * | 2023-08-04 | 2023-11-28 | 北京中电华大电子设计有限责任公司 | WebAssemblely code execution method and device |
-
2022
- 2022-08-04 CN CN202210933111.2A patent/CN115373758A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117130721A (en) * | 2023-08-04 | 2023-11-28 | 北京中电华大电子设计有限责任公司 | WebAssemblely code execution method and device |
| CN117130721B (en) * | 2023-08-04 | 2024-03-29 | 北京中电华大电子设计有限责任公司 | WebAssemblely code execution method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10839254B2 (en) | Supporting manifest list for multi-platform application container images | |
| JP6771650B2 (en) | Methods, devices, and systems for virtual machines to access physical servers in cloud computing systems | |
| US10007534B2 (en) | Methods and apparatus to manage asset capabilities in a computing environment using a common agent framework | |
| US8549517B2 (en) | Address assignment method, computer, and recording medium having program recorded therein | |
| JP6316694B2 (en) | Cloud-scale heterogeneous data center management infrastructure | |
| US20100313256A1 (en) | Virtual computer system, access control method and communication device for the same | |
| TWI752412B (en) | Computer implement method, computer system and computer program product for secure interface control secure storage hardware tagging | |
| US10983849B2 (en) | Container application for android-based devices | |
| Khajehei | Role of virtualization in cloud computing | |
| CN103685608A (en) | Method and device for automatically configuring IP (Internet Protocol) address of security virtual machine | |
| US11474749B2 (en) | Configuring host access for virtual volumes | |
| US11366727B2 (en) | Distributed storage access using virtual target portal groups | |
| US20140067864A1 (en) | File access for applications deployed in a cloud environment | |
| US20120011284A1 (en) | Direct provisioning of storage devices to virtual os partitions | |
| US11513830B2 (en) | Introspection into workloads running within virtual machines | |
| CN111083166A (en) | Method and device for setting white list in cloud database and computer storage medium | |
| CN115373758A (en) | Method for starting runtime instance, runtime namespace system and storage medium | |
| WO2022170946A1 (en) | Access control method and related apparatus | |
| CN112491794A (en) | Port forwarding method, device and related equipment | |
| US11805030B1 (en) | Techniques for network packet event related script execution | |
| KR101943936B1 (en) | Integrated external interconnection system and method for web standard application development | |
| CN111669358B (en) | Method and device for processing vrouter network isolation spaces in batch | |
| US20200364076A1 (en) | Agentless Personal Network Firewall in Virtualized Datacenters | |
| US20210326150A1 (en) | Integrated network boot operating system installation leveraging hyperconverged storage | |
| US11175969B2 (en) | Extensible systematic representation of objects and operations applied to them |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |