I am writing web app for java learning. Using which users may compile their code on my serwer + run that code. Compiling is easy with JavaCompiler:
JavaCompiler compiler = ToolProvider.getSystemJavaCompiler();
DiagnosticCollector<JavaFileObject> diagnostics = new DiagnosticCollector<JavaFileObject>();
CompilationTask task = compiler.getTask(null, null, diagnostics, null, null, prepareFile(nazwa, content));
task.call();
List<String> returnErrors = new ArrayList<String>();
String tmp = new String();
for (Diagnostic diagnostic : diagnostics.getDiagnostics()) {
tmp = String.valueOf(diagnostic.getLineNumber());
tmp += " msg: " + diagnostic.getMessage(null);
returnErrors.add(tmp.replaceAll("\n", " "));
}
I manage to load class with code:
JavaCompiler compiler = ToolProvider.getSystemJavaCompiler();
StandardJavaFileManager manager = compiler.getStandardFileManager(null, null, null);
try {
URL[] urls = {new URL("file:///root/"), new URL("file://C:\\serv\\Apache Tomcat 6.0.20\\bin\\")};
ClassLoader cl_old = Thread.currentThread().getContextClassLoader();
ClassLoader cl_new = new URLClassLoader(urls, cl_old);
Class compiledClass = cl_new.loadClass(CLASS_NAME);
Method myMethod = compiledClass.getMethod(METHOD_NAME);
Object tmp = myMethod.invoke(null);
} catch (Exception ex) {
Logger.getLogger(ITaskCompile.class.getName()).log(Level.SEVERE, null, ex);
}
How can i protect my app from endless loop, and evil students ;)
thx. Tzim
How can i protect my app from endless loop, and evil students ;)
You cannot in one JVM. Evil students are particularly difficult to deal with because the smart ones will figure out some way to subvert your control mechanisms.
1) is there any way to run that code with a lifetime ?
No, unless you run it in a separate JVM.
2) is there any risk with memory leaks, and what can i do to fix this.
Yes there is, and there is nothing you can do about it (apart from separate JVMs). In fact, this would be a problem even if you could kill off student programs that get stuck in loops, etc. There are probably many ways that an application can cause the Java class libraries to leak memory / resources ... even after the application itself has finished and been GC'ed.
3) is this good solution, or can you suggest something better ?
Run each student application in a separate JVM that you launch from your server using Process
and friends. You will need to write host operating system specific stuff to set execution time limits, and to kill of student applications that deadlock. Plus you've got all sorts of issues making sure that you don't accidentally trash the host machine performance by firing off too many JVMs.
A better answer is to provide each student a desktop computer or a virtual machine and let them do their own thing.
is there any way to run that code with a lifetime ?
Create a process which monitors child processes and terminates it if it takes too long.
is there any risk with memory leaks, and what can i do to fix this.
You should be able to do that, to some extent, by controlling how much memory is allocated (like the -Xmx
parameter to Sun's JVM).
is this good solution, or can you suggest something better ?
I'm not sure a solution has been proposed, but here's a thought. Install a SecurityManager that greatly restricts what the executed code can do, such as access the filesystem, spawn processes, etc. Combine that with a process that monitors for timeouts, limits the allocated memory, runs the application under a separate user account, etc., and I think you can have something workable.
What you're looking for is possible, but may not be entirely so if your restricted to only Java.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With