[jira] [Updated] (CASSANDRA-9954) Improve Java-UDF timeout detection

Sun, 02 Aug 2015 07:57:17 -0700 

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-9954?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Stupp updated CASSANDRA-9954:
------------------------------------
    Description: 
CASSANDRA-9402 introduced a sandbox using a thread-pool to enforce security 
constraints and to detect "amok UDFs" - i.e. UDFs that essentially never return 
(e.g. {{while (true)}}.

Currently the safest way to react on such an "amok UDF" is to _fail-fast_ - to 
stop the C* daemon since stopping a thread (in Java) is just no solution.

CASSANDRA-9890 introduced further protection by inspecting the byte-code. The 
same mechanism can also be used to manipulate the Java-UDF byte-code.

By manipulating the byte-code I mean to add regular "is-amok-UDF" checks in the 
compiled code.

EDIT: These "is-amok-UDF" checks would also work for _UNFENCED_ Java-UDFs.

  was:
CASSANDRA-9402 introduced a sandbox using a thread-pool to enforce security 
constraints and to detect "amok UDFs" - i.e. UDFs that essentially never return 
(e.g. {{while (true)}}.

Currently the safest way to react on such an "amok UDF" is to _fail-fast_ - to 
stop the C* daemon since stopping a thread (in Java) is just no solution.

CASSANDRA-9890 introduced further protection by inspecting the byte-code. The 
same mechanism can also be used to manipulate the Java-UDF byte-code.

By manipulating the byte-code I mean to add regular "is-amok-UDF" checks in the 
compiled code.


> Improve Java-UDF timeout detection
> ----------------------------------
>
>                 Key: CASSANDRA-9954
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9954
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Robert Stupp
>            Assignee: Robert Stupp
>             Fix For: 3.x
>
>
> CASSANDRA-9402 introduced a sandbox using a thread-pool to enforce security 
> constraints and to detect "amok UDFs" - i.e. UDFs that essentially never 
> return (e.g. {{while (true)}}.
> Currently the safest way to react on such an "amok UDF" is to _fail-fast_ - 
> to stop the C* daemon since stopping a thread (in Java) is just no solution.
> CASSANDRA-9890 introduced further protection by inspecting the byte-code. The 
> same mechanism can also be used to manipulate the Java-UDF byte-code.
> By manipulating the byte-code I mean to add regular "is-amok-UDF" checks in 
> the compiled code.
> EDIT: These "is-amok-UDF" checks would also work for _UNFENCED_ Java-UDFs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to