0

I'm working on a small weekend project, which is basically an online IDE that allows you to run PHP, Ruby or Python code from the browser. I have everything setup and working, but the way i created the system, if a user runs a badly-written script, or a script with heavy-calculation, the system might slow down for everyone until i reach the timeout (15 seconds).

My system does not pass the fibonacci test. How can i run the process in isolation, that would allow users to create:

while (true) { fibonacci() } // pseudo-code

Without crashing the server? I have considered the following courses of action:

  • Running each process inside a Docker (https://www.docker.io) container, but i'm not sure how docker deals with slow containers
  • Running each process inside a VM
  • Running each process in an instantly-created EC2 instance (which is not really an option, since this is slow and expensive)
vinnylinux
  • 7,050
  • 13
  • 61
  • 127
  • Why not run the script on the client side? – rlms Aug 18 '13 at 16:03
  • 3
    Running PHP/Ruby on the client side, in an online IDE? This does not make any sense. – vinnylinux Aug 18 '13 at 16:07
  • The IDE could be online, but when the execute button is pressed, a process on the client machine is started. The client machine pipes output to the server, which displays it. – rlms Aug 18 '13 at 16:14

2 Answers2

0

You should spawn another process using the multiprocessing module, then run the users code within that spawned process, thus keeping the inputted code "isolated" in another process. However, you should still keep in mind, you should always run this in a virtual machine because running it outside of one is unsafe on many levels.

Using this method, you can lower the processes priority, since you are in linux, and this should keep each proc. from slowing down your overall machine while the timeout runs. This is assuming that you are indeed running a linux system.

IT Ninja
  • 6,174
  • 10
  • 42
  • 65
  • he just said it does not work because it will consume all resources. – Antti Haapala -- Слава Україні Aug 18 '13 at 16:21
  • Yes, that's what i'm doing with PHP and Python right now. However, even if the process is "isolated", a badly-written script (like the fibonacci code i mentioned) can slow down the entire machine until the timeout. – vinnylinux Aug 18 '13 at 16:21
  • Exactly. The problem is: i can't just tell people not to run CPU-intensive code, it's an online IDE after all. There must be a way to run a container with a memory/CPU limit or something. – vinnylinux Aug 18 '13 at 16:25
0

Try limiting the process to just one of your CPU cores.

You can use taskset to do that:

http://linux.die.net/man/1/taskset

You can also isolate one of your CPU cores using isolcpus (and your system processes won't use that core), and use taskset to run PHP/Ruby/Python code in that CPU core.

Learn more about isolcpus:

Whole one core dedicated to single process

https://askubuntu.com/questions/165075/how-to-get-isolcpus-kernel-parameter-working-with-precise-12-04-amd64

Community
  • 1
  • 1
Mohammad Javad Naderi
  • 486
  • 1
  • 4
  • 14