Re: Deadly Libs

Volker Raum wrote:
I got a main functionality coded in a Java program. (JSE or JEE doesnt matter, i think)
To extend this functionality i will give 3rd parties the opportunity to develop extensions.
Those are called from the main program via a methodcall within the same virtual machine.
Maybe the 3rd party did a mistake or simply coded malware like

public void aMethod()
{
while(true) {
}
}

Calling this method will cause a severe CPU Utilisation problem.

The simple question is: how do i avoid this?
An extra thread will not help i think, because the method still causes CPU utilisation.
And what do i do with such a "never ending" thread? i cant kill it from "extern" after started.

The 3rd party could do the same thing in code not extended from your library, too.

You are asking how to prevent others from writing bad code.

You really can't.

You can create a sandbox (perhaps using a combination of ClassLoaders and Threads) to run others's code for certain applications, such as for instructors grading programming assignments. Monitoring threads can "decide" if a thread has gone on "too long" and interrupt it.

When writing APIs for extension one can do certain things to restrict clients' abuse. You can declare methods final, preventing them from being overridden. Keep all instance variables private. Do not call overridable methods in constructors. Make them derive from an abstract class that ensures key invariants.

You cannot generally prevent bad code, but you can mitigate it by firing bad programmers and continuing to train the good ones.

--
Lew
.