Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > interpreter limits

Reply
Thread Tools

interpreter limits

 
 
Joseph T. Bore
Guest
Posts: n/a
 
      04-13-2004

I'm embedding python in my app, and I'm using it as a scripting
language for it, everything works great.

My only concern is how to handle the possibility that a user
accidentally puts an infinite loop in the code that gets called by the
app.

Something as simple as a function that has as it's body:

while 1:
pass

would require the application to be killed. Hopefully this will
rarely happen, but it's a *real* and unacceptable possibility.

Looking around, it seems that this has occasionally been brought up by
others, but no solution has been arrived at. I even looked at grail,
figuring that perhaps there were some controls put in for the python
applets it would load, but no luck there either it seems.

I dont know a heck of a lot about the implementation of the
interpreter/vm but would it be possible to implement exec or eval with
an optional argument, that argument would be a maximum number of byte
codes the interpreter would execute before throwing an exception.

this would eliminate the out of control case where a function runs
the above code and never returns. you could make the value large
enough to handle just about everything except for infinite loops.

something like:

try:
exec(codeToExecute, maxTicks = 100000)
except InterpreterLimitReached:
print "your code ran too long"

Anyone have any idea if this is at all implementable?

jbore

 
Reply With Quote
 
 
 
 
Irmen de Jong
Guest
Posts: n/a
 
      04-13-2004
Joseph T. Bore wrote:

> I dont know a heck of a lot about the implementation of the
> interpreter/vm but would it be possible to implement exec or eval with
> an optional argument, that argument would be a maximum number of byte
> codes the interpreter would execute before throwing an exception.


Interesting. I know it's not of any help but 'back then',
most MUD engines did exactly this (at least, LP and MudOS did).
When a user-written module ran too long, it was aborted, to
avoid hanging the mud

--Irmen
 
Reply With Quote
 
 
 
 
Joseph T. Bore
Guest
Posts: n/a
 
      04-13-2004

Irmen de Jong <(E-Mail Removed)> writes:

> Interesting. I know it's not of any help but 'back then',
> most MUD engines did exactly this (at least, LP and MudOS did).
> When a user-written module ran too long, it was aborted, to
> avoid hanging the mud


Indeed. In my case MOO is where I got the idea from. moop is also a
side interest of mine where this becomes very important.

Any idea if it's possible? should I write a PEP?

jb


 
Reply With Quote
 
Irmen de Jong
Guest
Posts: n/a
 
      04-13-2004
Joseph T. Bore wrote:

> Any idea if it's possible? should I write a PEP?


Can't you do something smart with signals, threads, alarm() and kill() ?
Like running the code in a worker thread, where the main thread
keeps track of how long it has been running and if not finished
within a certain time, kill() it.
Or use alarm() to get signaled after some time, then kill it in
the signal handler.

--Irmen
 
Reply With Quote
 
Joseph T. Bore
Guest
Posts: n/a
 
      04-13-2004

Irmen de Jong <(E-Mail Removed)> writes:
> Or use alarm() to get signaled after some time, then kill it in
> the signal handler.


I hadnt thought about using alarm like that, I have to experiment

jb

 
Reply With Quote
 
Paul Rubin
Guest
Posts: n/a
 
      04-13-2004
Irmen de Jong <(E-Mail Removed)> writes:
> Can't you do something smart with signals, threads, alarm() and kill() ?
> Like running the code in a worker thread, where the main thread
> keeps track of how long it has been running and if not finished
> within a certain time, kill() it.


How do you kill a thread from another thread? I don't know of any way
to do that.

Maybe it's safest to run the user script in a separate process and
communicate through a socket or through shm. That allows using the
normal OS features for resource limits, file protection, etc.
 
Reply With Quote
 
=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=
Guest
Posts: n/a
 
      04-13-2004
Joseph T. Bore wrote:

>
> Indeed. In my case MOO is where I got the idea from. moop is also a
> side interest of mine where this becomes very important.
>
> Any idea if it's possible? should I write a PEP?


You can impose such limits with a trace hook in the thread running the
code.

HTH,
Martin

 
Reply With Quote
 
djw
Guest
Posts: n/a
 
      04-14-2004
Paul Rubin wrote:

> Irmen de Jong <(E-Mail Removed)> writes:
>
>>Can't you do something smart with signals, threads, alarm() and kill() ?
>>Like running the code in a worker thread, where the main thread
>>keeps track of how long it has been running and if not finished
>>within a certain time, kill() it.

>
>
> How do you kill a thread from another thread? I don't know of any way
> to do that.
>
> Maybe it's safest to run the user script in a separate process and
> communicate through a socket or through shm. That allows using the
> normal OS features for resource limits, file protection, etc.

My exploration into threads indicated that you can't kill one thread
from another.

-Don
 
Reply With Quote
 
Peter Hansen
Guest
Posts: n/a
 
      04-14-2004
djw wrote:

> Paul Rubin wrote:
>
>> Irmen de Jong <(E-Mail Removed)> writes:
>>
>>> Can't you do something smart with signals, threads, alarm() and kill() ?
>>> Like running the code in a worker thread, where the main thread
>>> keeps track of how long it has been running and if not finished
>>> within a certain time, kill() it.

>>
>>
>>
>> How do you kill a thread from another thread? I don't know of any way
>> to do that.
>>
>> Maybe it's safest to run the user script in a separate process and
>> communicate through a socket or through shm. That allows using the
>> normal OS features for resource limits, file protection, etc.

>
> My exploration into threads indicated that you can't kill one thread
> from another.


http://www.strakt.com/docs/os03_threads_interrupt.pdf has some info
about an approach (via a C extension only) which can be used in 2.3
to do it.
 
Reply With Quote
 
Joseph T. Bore
Guest
Posts: n/a
 
      04-14-2004

There is probably a better solution but this worked for me, thanks
Irmen!

jb

----------------------------------------
import signal

def alarmHandler(signum, frame):
raise TimeExceededError, "Your command ran too long"

def infinite():
while 1:
pass

#
# code to wrap a function call which may take too long...
#
signal.signal(signal.SIGALRM, alarmHandler)
signal.alarm(1)
try:
# call a function that never returns
infinite()
except TimeExceededError:
print "code must have gone crazy..."
signal.alarm(0)
----------------------------------------


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Limits on MLPPP Vincent C Jones Cisco 7 11-12-2009 05:36 PM
Python embedded interpreter: how to initialize the interpreter ? ycollet@freesurf.fr Python 3 01-03-2007 01:00 AM
A process serving application pool 'DefaultAppPool' exceeded time limits during start up. The process id was '216'. jack ASP .Net 0 08-01-2004 09:49 PM
Cisco 1605 Access List Entry Limits AC Cisco 6 06-24-2004 09:05 PM
Aironet 1400 multipoint topology - arc limits ? indaba Cisco 0 10-29-2003 07:38 AM



Advertisments