Details
-
Improvement
-
Status: Open
-
Normal
-
Resolution: Unresolved
-
None
-
None
Description
CASSANDRA-9402 introduced a sandbox using a thread-pool to enforce security constraints and to detect "amok UDFs" - i.e. UDFs that essentially never return (e.g. while (true).
Currently the safest way to react on such an "amok UDF" is to fail-fast - to stop the C* daemon since stopping a thread (in Java) is just no solution.
CASSANDRA-9890 introduced further protection by inspecting the byte-code. The same mechanism can also be used to manipulate the Java-UDF byte-code.
By manipulating the byte-code I mean to add regular "is-amok-UDF" checks in the compiled code.
EDIT: These "is-amok-UDF" checks would also work for UNFENCED Java-UDFs.
Attachments
Issue Links
- supercedes
-
CASSANDRA-10395 Monitor UDFs using a single thread
- Resolved
- links to