Re: Deadly Libs

From:

Lew <lew@nospam.lewscanon.com>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 08 May 2007 08:51:35 -0400

Message-ID:

<LJOdnZnI1qnK793bnZ2dnUVZ_s2vnZ2d@comcast.com>

Volker Raum wrote:

I got a main functionality coded in a Java program. (JSE or JEE doesnt
matter, i think)
To extend this functionality i will give 3rd parties the opportunity to
develop extensions.
Those are called from the main program via a methodcall within the same
virtual machine.
Maybe the 3rd party did a mistake or simply coded malware like

public void aMethod()
{
while(true) {
}
}

Calling this method will cause a severe CPU Utilisation problem.

The simple question is: how do i avoid this?
An extra thread will not help i think, because the method still causes
CPU utilisation.
And what do i do with such a "never ending" thread? i cant kill it from
"extern" after started.

The 3rd party could do the same thing in code not extended from your library, too.

You are asking how to prevent others from writing bad code.

You really can't.

You can create a sandbox (perhaps using a combination of ClassLoaders and
Threads) to run others's code for certain applications, such as for
instructors grading programming instructors. Monitoring threads can "decide"
if a thread has gone on "too long" and interrupt it.

When writing APIs for extension one can do certain things to restrict clients'
abuse. You can declare methods final, preventing them from being overridden.
Keep all instance variables private. Do not call overridable methods in
constructors. Make them derive from an abstract class that ensures key
invariants.

You cannot generally prevent bad code, but you can mitigate it by firing bad
programmers and continuing to train the good ones.

--
Lew