Open liebig opened 3 years ago
Thank you for your question.
This is how the instruction limit is calculated https://github.com/javadelight/delight-rhino-sandbox/blob/master/src/main/java/delight/rhinosandox/internal/SafeContext.java#L68 (by hooking into observeInstructionCount
from ContextFactory). Would it work better here to calculate this in a different way?
Thanks for the quick reply. I took a closer look at the implementation and now I understand it. I had wondered when the observeInstructionCount
was called. However, I would like the INSTRUCTION_STEPS variable to be configurable. Would that make sense?
So if I understand it correctly, we can set the interval in which Rhino will call observeInstructionCount
using Context.setInstructionObserverThreshold (see https://github.com/javadelight/delight-rhino-sandbox/blob/master/src/main/java/delight/rhinosandox/internal/SafeContext.java#L39). This is set in SafeContext to the same value that the instruction count is incremented by. That would explain why it is called in larger intervals.
I think the idea behind limiting instruction count is more around trying to prevent abusive scripts from running. So with that in mind, there shouldn't be a big difference between 10,000 and 100,000 steps etc because these should still execute very quickly. Only usecase I could think of for a smaller INSTRUCTIONS_STEPS setting would be if the sandbox is used to execute a very large number of scripts that should all be very small - but I think setup times etc may be a much larger factor here again than the 10,000 bytes instructions limit. What do you think? Do you have a particular usecase where we need to consider the no of instructions in a more fine grained way? If so, we can start with that and see how we can accommodate for this in the best possible way!
Yes, in itself it also really makes sense not to pause after each JavaScript step. My use case is to simply try to pause the JavaScript code at a certain point. Another use case would be to implement a simple debugger in Java that pauses the JavaScript code step by step.
Okay, let's maybe let us leave this issue open and see if there are further requirements for something like this, and we can take it from there?
When you say pause the JavaScript at a certain point, is that for debugging purposes?
Yes exactly, among other things for debugging.
In what unit or in what measure is InstructionLimit calculated? Unfortunately, I don't really understand how the value is measured.
Because with
sandbox.eval("app.js", "var i = 0; while (true) { logger.info(i++) }");
andsandbox.setInstructionLimit(1);
orsandbox.setInstructionLimit(19000);
the console looks likeBut with
sandbox.setInstructionLimit(19001);
the console looks like