-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it safe to modify byte code? #418
Comments
There is only one thing, that makes modifications trickier - |
The reason the byte code is represented as a []byte and not a string is to allow the interpreter's debugger (a work in very slow progress) to inject breakpoints. But otherwise there is no reason to modify the byte code, and client applications shouldn't even be looking at it: the details of the protocol could change at any moment. Be sure to produce and consume byte code using logic from the same version.
I plan that it will continue to evolve indefinitely and without warning. :)
No. |
@adonovan ok, got it. Alternative here is to add something like Or may be there is other way? I'm trying to find greedy scripts and abort them when possible. So far the options are:
All of this is just way too expensive either in implementation or at runtime. |
As I noted in #410 (comment), I don't think that approach is viable. In practice most allocations are done by application-defined functions called from Starlark, not from the interpreter itself, so the set of places to instrument is unbounded. Also, lifetime matters: it doesn't make sense to treat threads that allocates a ton of short-lived garbage the same as threads that allocate long-lived data structures. Also, runaway programs can allocate memory very rapidly, so if you want to defend against them, you would need to see all allocations as they happen, not some time after the fact. Go simply doesn't expose a way to do that.
I'm not convinced that's true. If "something" is an inherently misleading measure that adds complexity to the code and overhead to the runtime, then it could be worse than nothing. Looking at your options, a "custom interpreter" (a fork) would let you instrument every place that Starlark allocates memory, but you would need to instrument every allocation in every one of your application's built-in functions too. It seems like a lot of work, and fragile too. By contrast, "multi-process setup" and "containerization" are essentially the same: enlist the help of the operating system. This means you would need to have the Starlark interpreter component of your application live in a child process from the rest of it, and have the two communicate by sending messages, not by sharing memory. It's an invasive design change, but it's conceptually straightforward. |
Well, there are only a few obvious cases that can lead to runaway memory consumption, like def main():
x = "x"
for i in range(1000):
x = x + x # or x = x * 2
main() I'm more eager to catch those. Anything that's not so obvious and heavily depends on whatever happens in custom builtins is a problem of API developer. But I got your point. Thank you for response. |
Hi!
It's more of a question than anything else. Related to #410 and #304.
Starlark is a great scripting language with a great deal of isolation provided by default, but there is (understandably) no meaningful way to restrain amount of memory, consumed by a program. Including means for that into current implementation will make it slower for all people, even those, who are not interested in such a feature.
But, by analyzing and modifying byte-code of a program, one can track allocations. At least approximately, ignoring or approximating allocations in built-in functions.
So the questions are:
Thanks!
The text was updated successfully, but these errors were encountered: