CN115168838A - Script language operation management method and system based on virtual machine safety sandbox - Google Patents

Script language operation management method and system based on virtual machine safety sandbox Download PDF

Info

Publication number
CN115168838A
CN115168838A CN202210619751.6A CN202210619751A CN115168838A CN 115168838 A CN115168838 A CN 115168838A CN 202210619751 A CN202210619751 A CN 202210619751A CN 115168838 A CN115168838 A CN 115168838A
Authority
CN
China
Prior art keywords
script
virtual machine
language
compiling
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210619751.6A
Other languages
Chinese (zh)
Inventor
戴冕
谢峥
高庆官
唐海均
王航
孙展飞
黄云
陈子昂
金正阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Cyber Peace Technology Co Ltd
Original Assignee
Nanjing Cyber Peace Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Cyber Peace Technology Co Ltd filed Critical Nanjing Cyber Peace Technology Co Ltd
Priority to CN202210619751.6A priority Critical patent/CN115168838A/en
Publication of CN115168838A publication Critical patent/CN115168838A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

The invention discloses a script language operation management method and a script language operation management system based on a virtual machine safety sandbox, wherein the script language operation management method comprises the following steps: storing a script file written by a scripting language in a file system of a server where the engineering project is located; when the script file under the corresponding path is called according to the script name, analyzing and disassembling characters in the script file, performing lexical analysis, and constructing a Token object set; wherein for function calls that do not meet the grammar specification or that have been unauthorized, a compilation exception is thrown; the authority for function call in the script file is preset in the engineering project; converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; and if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution. The invention supports the realization of service logic through the script language, is decoupled from the engineering code, and can ensure the safety of code execution.

Description

Script language operation management method and system based on virtual machine safety sandbox
Technical Field
The invention relates to a script language operation management method and system based on a virtual machine safety sandbox, and belongs to the field of computer software.
Background
Java language, which is a programming language widely used in the internet technology at present, has a feature of "compile once, run everywhere", and the main implementation supporting this feature is its virtual machine (JVM). The Java virtual machine shields the bottom layer implementation of different operating systems, so that the compiled Java byte code file can run across platforms.
As Java language is widely used to build various large projects, the specific business logic involved in the project is becoming deeper and deeper. The problems that arise from this are: the engineering code is full of a large number of service codes, and complexity and maintenance difficulty rise steeply; in scenarios where business logic needs to be modified frequently (e.g., e-commerce promotion rules), the process of recompiling and restarting the entire project is time consuming, and frequent build and restart severely affects the stability of the service. In addition, in a highly specialized scenario (e.g., formula calculation in the financial and financial industries), the developers do not necessarily have a full understanding of the details of the actual business, and the business does not necessarily have sufficient development techniques, thereby incurring a significant amount of additional communication, modification, and debugging costs.
In summary, the following problems mainly exist in the current service system: 1. the engineering code contains too much business logic, which increases the code complexity and the maintenance difficulty. These business logics are interrelated and move the whole body in time, and any inadvertent modification may cause unexpected problems in program execution. 2. Frequent modifications of the business logic can also frequently lead to item recompilation and restart, which has a serious impact on the continuous and stable provision of services and cannot guarantee the timeliness of these modifications. 3. Business logic is actually implemented by developers, and business personnel lack control over this. The business problem can not be effectively checked in advance, and the exposure of the problem is likely to delay to the testing stage and even after the on-line release. 4. The business personnel use Java language to write business logic has certain learning threshold and is difficult to ensure the code security, and if other programming languages are used, even the problem of compatibility with engineering codes exists.
Disclosure of Invention
The invention aims to: in view of the problems in the prior art, an object of the present invention is to provide a script language operation management method and system based on a virtual machine security sandbox, which support realization of service logic through a script language, are decoupled from engineering codes, and can ensure the security of code execution.
The technical scheme is as follows: in order to achieve the purpose, the invention adopts the following technical scheme:
a script language operation management method based on a virtual machine safety sandbox comprises the following steps:
storing a script file written by a scripting language in a file system of a server where the engineering project is located; the script language supports basic grammar rules, script custom functions, floating point number operations, character string operations, date and time calculations and functions for calling engineering project development language custom;
when the script file under the corresponding path is called according to the script name, analyzing and disassembling characters in the script file, performing lexical analysis, and constructing a Token object set; wherein for non-compliance with the grammar specification or presence of unauthorized function calls, a compile exception is thrown; the authority of function calling in the script file is preset in the engineering project;
converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; and if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution.
Preferably, whether the compile time can determine the return value is determined according to the following method: in the process of converting the syntax tree, judging whether each operation character node is a literal quantity operation or not, and if not, determining a calculation result in a compiling period; after the judgment is that the operation is the literal volume operation, calling a corresponding execution method according to the operation character and the literal volume type; in the process of converting the grammar tree, nodes capable of calculating results are directly calculated, and if all the nodes are operated by literal quantities, the results are also calculated after the whole grammar tree is converted; even if the result can not be calculated in the compiling period, the number of nodes of the syntax tree can be reduced, and the efficiency of converting the syntax tree into the byte codes is improved.
Preferably, when the script file under the corresponding path is called according to the script name, the content of the script file is abstracted after being read to obtain a cache key, and if the corresponding cache result can be found according to the key in the cache, the cache is directly used without recompilation; otherwise, the compiling process is executed and the compiling result is written into the cache at the same time.
Preferably, the Token object includes a Token type and a value; the Token type is an enumeration type that enumerates all data types and syntax symbols that are allowed to appear in the script.
Preferably, the authority of the function call in the script file is configured in the configuration class file by the engineering project developer and is effective along with the starting of the engineering project.
A scripting language operation management system based on a virtual machine security sandbox comprising:
the script storage module is used for storing a script file compiled by the script language in a file system of a server where the engineering project is located; the script language supports basic grammar rules, script custom functions, floating point number operations, character string operations, date and time calculations and functions for calling engineering project development language custom;
the real-time compiling and running module is used for analyzing and disassembling characters in the script file when the script file under the corresponding path is called according to the script name, performing lexical analysis and constructing a Token object set; wherein for function calls that do not meet the grammar specification or that have been unauthorized, a compilation exception is thrown; the authority of function calling in the script file is preset in the engineering project; converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution.
Preferably, the system further comprises a compiling result caching module, which is used for reading the script file and then abstracting the content of the script file to obtain a caching key when the script file under the corresponding path is called according to the script name, and if the corresponding caching result can be found in the cache according to the key, the compiling is not carried out again after direct use; otherwise, the compiling process is executed and the compiling result is written into the cache at the same time.
Preferably, the system also comprises a script writing tool module which is used for writing a script language by service personnel, providing grammar rule description, supporting operation and function call description.
A computer system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, said computer program when loaded into the processor implementing the steps of said virtual machine security sandbox based scripting language operation management method.
A computer readable storage medium, storing a computer program which, when executed by a processor, implements the steps of the virtual machine security sandbox based scripting language operation management method.
Has the advantages that: the invention realizes a safe and easy-to-use scripting language sandbox, can make business personnel quickly get up by using simple grammar, writes the logic of actual business into a simple script, is compiled and then is executed by a virtual machine, and can stably run in the same environment with engineering codes while decoupling the business logic from the engineering codes. Meanwhile, a configured switch control mechanism can be provided for functions related to system calling, such as file reading and writing, network access and the like, the running range of the script is limited in the sandbox, and the safety of the script written by service personnel is guaranteed to the maximum extent. Compared with the prior art, the invention has the following advantages:
1. based on the engineering project management mode, variable and complex business logic can be extracted and decoupled from engineering codes, and is really controlled and maintained by professional personnel.
2. The invention can improve the updating and releasing efficiency of the project, and only the corresponding script needs to be uploaded again when the business logic is modified from the situation that the whole project needs to be reconstructed when the business logic is modified.
3. The invention provides a compiling and running environment for the script in a safe sandbox mode by configuratively controlling the access authority of the script to the service system, so as to prevent the script with security holes or malicious scripts from entering a production environment.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the present invention.
FIG. 2 is a diagram of an abstract syntax tree according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of an embodiment of the present invention after an equation is analyzed.
Detailed Description
The technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, an embodiment of the present invention discloses a script language operation management method based on a virtual machine security sandbox, which stores a script file written by a business person in a script language in a file system of a server where an engineering project is located; the script language adopts a self-defined grammar specification, can support basic grammar rules, script self-defined functions, floating point number operation, character string operation, date and time calculation and functions of calling engineering project development language self-defined, and can support business personnel to compile various business logics.
Providing an interface for calling the script file in the engineering project code, analyzing and disassembling characters in the script file when calling the script file under the corresponding path according to the script name, performing lexical analysis, and constructing a Token object set; where a compilation exception is thrown for non-compliance with the syntax specification or the presence of an unauthorized function call. Converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution.
The embodiment of the invention provides a script language solution which is easy to use, can be updated quickly, can shield system calls to ensure safety, and is compatible with Java programs (in the embodiment, common Java language is taken as a development language of engineering projects, and a Java virtual machine is taken as an example, but the implementation of the invention is not limited to the Java virtual machine, and other cross-platform languages based on the virtual machine are also applicable, such as C # language). Through simplified grammatical rules, non-technical personnel can quickly get on the hands. And (4) the developer introduces related code implementation in the engineering project in a third party dependent form (jar package) and can use the code implementation.
In specific implementation, the developed scripting language in the embodiment of the invention can refer to the specification of the existing scripting language, or make appropriate changes so as to better conform to the use habits of business personnel and be simpler. For example, for a function definition, it may be of the form:
# defines a test _ a function, which returns different string results after comparison based on the value of the parameter a
fn test_a(a){
if(a > 100 ) {
return "a is greater than 100."
} elsif (a > 10) {
return "a is greater than 10.";
} else {
return "a is less than 10.";
}
}
The present embodiment supports the specification and restriction of the behavior of scripts in a configured form. The developer writes a configuration class file (. Java file) in the project that will take effect as the project is started. The subsequent compiling and executing process aiming at the script file is executed according to the preset scope of the configuration, and if the compiling is beyond the scope, the compiling is refused. In this embodiment, a rich configuration scenario may be defined as an enumeration type, and for a certain configuration, only a corresponding enumeration type needs to be referred to, and an allow or a forbid is set. Providing limited library functions according to the configuration, and restricting the capability of the script for accessing the operating system; and after the script is compiled, loading the compiled script into a virtual machine through dynamically generating Java byte codes. One simple class of configuration is generally as follows:
public class SampleConfig {
public static void main(String[] args) {
Evaluator instance = Evaluator.newInstance();
ConfigSet configSet = new ConfigSet();
configSet.
allow(Config.File_IO). // turn on file read and write
forbid(Config.NET_IO). // disable network access
allow(Config.Integer_AS_DECIMAL). V/in Decimal form Physical integer
allow(Config.Float_AS_DECIMAL). Treatment in Decimal form Floating point number
allowClass("java.util.ArrayList"). // allowing use of the original java Raw ArrayList classes
forbidClass(new String[] {"java.nio.*"}); // explicit Disable All classes under java
instance.setConfigSet(configSet);
}
}
The language sandbox of the present invention defines a set of grammatical rules including: operators (e.g., +, -,/=), variable definitions, conditional statements, loop control statements, etc., and annotation functionality. These grammatical rules provide the basis for clearly expressing business rules. In addition, the sandbox also provides functions such as high-precision floating point operation, date and time calculation, character string operation, script custom function and the like so as to meet more complex and professional service scenes; the script files compiled by business personnel are uploaded and then stored in a file system of a server where the engineering project is located, when the scripts are called, the script files under the corresponding paths can be found according to script names, the files are read, then the contents of the files are abstracted to obtain cache keys, and if the corresponding cache results can be found in the cache according to the keys, the cache keys are directly used and are not compiled again. Otherwise, the compiling process is executed and the compiling result is written into the cache at the same time.
Under some more complex scenes, such as related operations related to file IO, database read-write, network communication and the like, developers can write custom functions in a Java code mode for business personnel to use. The custom function written by the developer is a Java file and needs to be incorporated into the engineering project and compiled, packaged and released along with the engineering project. When the service personnel uses the functions in the script, the reference to a certain function can be declared only by using a requirer keyword and an assignment statement in the script, for example, let func = requirer ("some _ java _ function"). The some _ Java _ function is a complete path of a Java function, or is mapped through a custom variable.
After compiling the script, the business personnel upload to the server for compiling, and the main compiling process is as follows:
1) Analyzing and disassembling characters in the script file, converting other people into a user-defined Token object in the sandbox, and converting a file stream of one script into a Token stream; a simple Token object need only contain two attributes, token type and value. Wherein tokenType is an enumeration type in which all data types and syntax symbols that may appear in the script are enumerated; value represents the character corresponding to the token. For example, there is a script statement: if a + b = = 1, which after Token transformation will become: a key Token (value = "if"), a variable Token (value = "a"), an operator Token (value = "+"), an operator Token (value = "), and a shaping Token (value ="1 "). The following are examples of Token and TokenType definitions:
public class Token {private TokenType _tokenType;private String _value; }
public enum TokenType {
KEYWORD,// Key word
VARIABLE,V/variables
OPERATOR,// operator
BRACKET,// parentheses
/**
* The following are data types
*/
STRING,// character string
FLOAT,// floating point number
BOOLEAN,v/Boolean value
INTEGER// INTEGER
}
2) The process of constructing Token objects one by one is also a process of lexical analysis according to grammar logic. The appearance order of Token should conform to the logical rules in syntax. For example, after an operator token, what should appear is a variable token or token of some data type, such as a + b or a +1. While if an operator token is followed by another operator token, it is clearly a syntax error, e.g., a + -b. When lexical analysis is performed by a lexical analyzer (Expression mixer) implemented inside a sandbox, a script file that does not meet a grammar specification or has unsafe calls (i.e., unauthorized calls, such as a method that a file read-write class library is attempted to be called in a script but a file read-write operation is not authorized in a preset configuration) will cause a lexical analysis failure and a compilation exception will be thrown. A lexical analyzer is implemented roughly by exhausting the next Token following each Token object to meet the rules, entering different processing logic, and in other cases, all of them are considered as syntax errors, and throwing out compiling exceptions. The final result of lexical analysis is to return a Token set.
public class Lexer {
public ArrayList<Token> analyse(Stream<Character> source) throws LexicalException {
PeekIterator<Character> iterator = new PeekIterator<Character>(source);
ArrayList<Token> tokens = new ArrayList<>();
while (iterator.hasNext()) {
Character next = iterator.next();
if (next == ' ' || next == '\n') {
continue;
} else if (SymbolHelper.isNumber(next)) {
...
} else if (SymbolHelper.isBracket(next)) {
...
} else if (SymbolHelper.isLetter(next)) {
...
} else if (next == '"' || next == '\'') {
...
} else if (SymbolHelper.isOperator(next)) {
...
}
}
return tokens;
}
}
3) After the lexical analysis is passed, the Token stream is converted into an Abstract Syntax Tree (AST) by a Parser (Parser) implemented inside the sandbox, and the general structure of the abstract syntax tree is as shown in fig. 2. The function of the method is to construct expressions by using the operator Token and other associated Token to form a tree structure. The data structure processed by the Parser (Parser) is shown in FIG. 3, taking 1+1 as an example.
The specific implementation of the lexical analyzer (Expression pointer), the Parser (Parser), etc. may be implemented by referring to the compiling tool of the existing language, or may be adjusted according to the customized grammar rule. After the compiling is successful, the compiling result is cached, so that unnecessary performance loss caused by compiling the same script for multiple times is avoided, and the cache expiration time and the deletion strategy support flexible customization in a configuration mode.
The compile time can determine the script of the return value, which will output the return value directly when called. For example, the script content is 1+2+3, no variable exists in the expression, the accurate determination result is necessarily 6, and the result 6 is directly output without being handed over to the virtual machine for execution, so that the mechanism can improve the operation efficiency and reduce the operation load of the virtual machine. The method for judging whether the compiling period can determine the return value is as follows:
a. in the process of converting the syntax tree, judging whether each operator node is a literal operation, for example, 1+2, + is taken as an operator, and the joined 1 and 2 are both literal, which belongs to the literal operation; a + b is not because a and b are variables and the values cannot be determined at compile time.
b. And after the judgment is the literal operation, calling an internal execution method according to the operator and the literal type. For example, + a literal quantity of two numbers connected, means summing, i.e., invoking a summing method; and + connecting the literal quantities of the two character string types, meaning the splicing of the character strings, namely calling the splicing method of the character strings.
c. Based on the above thought, in the process of converting the syntax tree, the nodes capable of calculating the result are directly calculated. After the conversion of the whole syntax tree is finished, the result is calculated, and subsequent steps of converting byte codes and executing by a virtual machine are not needed. On the other hand, even if the result cannot be calculated in the compiling period, the number of nodes of the grammar tree after the whole conversion is finished can be reduced, even the height of the tree is reduced, and when the grammar tree is converted into byte codes subsequently, the efficiency can be improved.
The script of the return value can not be directly determined in the compiling period, the Java byte codes are dynamically generated and loaded into the virtual machine, and the return value is output after the virtual machine executes in calling.
From the syntax tree to the process of generating Java bytecodes, open source ASM techniques are utilized. ASM is a class library that operates on Java bytecodes. The class library supports the generation of a new Java bytecode from scratch. According to the information of methods, variables, symbols and the like recorded in the syntax tree, a Java byte code is created through an ASM technology, and the attributes of the method, the member variables and the like of the byte code are correspondingly set to form a string of complete binary byte code data. The Java byte code generated based on the mode accords with the specification of a Java virtual machine on the byte code, and has no essential difference with the compiled result of the common Java code. Therefore, the binary byte code data can be directly loaded into the virtual machine for execution through the class loading mechanism of Java.
Based on the same inventive concept, the script language operation management system based on the virtual machine safety sandbox disclosed by the embodiment of the invention comprises the following steps: the script storage module is used for storing script files compiled by the script language in a file system of a server where the engineering project is located; the real-time compiling and running module is used for analyzing and disassembling characters in the script file when the script file under the corresponding path is called according to the script name, carrying out lexical analysis and constructing a Token object set; wherein for non-compliance with the grammar specification or presence of unauthorized function calls, a compile exception is thrown; the authority of function calling in the script file is preset in the engineering project; converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; and if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution. The compiling result caching module is used for abstracting the content of the script file to obtain a caching key after reading the script file when the script file under the corresponding path is called according to the script name, and if the corresponding caching result can be found in the cache according to the key, the compiling result is directly used without recompiling; otherwise, executing the compiling process and writing the compiling result into the cache; and the script writing tool module is used for writing a script language by service personnel, and providing syntax rule explanation, operation support and function calling explanation.
Based on the same inventive concept, the embodiment of the invention discloses a computer system, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is loaded to the processor, the steps of the script language running management method based on the virtual machine safety sandbox are realized.
Based on the same inventive concept, the embodiment of the present invention discloses a computer-readable storage medium, which stores a computer program, and the computer program, when executed by a processor, implements the steps of the script language operation management method based on the virtual machine security sandbox.

Claims (10)

1. A script language operation management method based on a virtual machine safety sandbox is characterized by comprising the following steps:
storing a script file written by a script language in a file system of a server where an engineering project is located; the script language supports basic grammar rules, script self-defined functions, floating point number operation, character string operation, date and time calculation and functions for calling engineering project development language self-defined;
when the script file under the corresponding path is called according to the script name, analyzing and disassembling characters in the script file, performing lexical analysis, and constructing a Token object set; wherein for function calls that do not meet the grammar specification or that have been unauthorized, a compilation exception is thrown; the authority of function calling in the script file is preset in the engineering project;
converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution.
2. The method for managing execution of a script language based on a secure sandbox of a virtual machine according to claim 1, wherein the determination of whether the compile time can determine the return value is performed according to the following method: in the process of converting the syntax tree, judging whether each operator node is a literal operation or not, and if not, determining a calculation result in a compiling period; after the word size operation is judged, calling a corresponding execution method according to the operational character and the word size type; in the process of converting the syntax tree, nodes capable of calculating results are directly calculated, and if all the nodes are literal operation, the results are also calculated after the conversion of the whole syntax tree is finished; even if the result can not be calculated in the compiling period, the number of nodes of the syntax tree can be reduced, and the efficiency of converting the syntax tree into the byte codes is improved.
3. The scripting language operation management method based on the virtual machine safety sandbox according to claim 1, characterized in that when the script file under the corresponding path is called according to the script name, the content of the script file is abstracted after being read to obtain a cache key, and if the corresponding cache result can be found according to the key in the cache, the cache is directly used without recompilation; otherwise, the compiling process is executed and the compiling result is written into the cache at the same time.
4. The scripting language operation management method based on the virtual machine safety sandbox according to claim 1, characterized in that the Token object comprises a Token type and a value; the Token type is an enumeration type that enumerates all data types and syntax symbols that are allowed to appear in the script.
5. The method for managing the running of the scripting language based on the virtual machine safety sandbox as claimed in claim 1, wherein the authority of function calling in the script file is configured in the configuration class file by engineering project developers and becomes effective when the engineering project is started.
6. A scripting language operation management system based on a virtual machine security sandbox is characterized by comprising the following components:
the script storage module is used for storing a script file compiled by the script language in a file system of a server where the engineering project is located; the script language supports basic grammar rules, script self-defined functions, floating point number operation, character string operation, date and time calculation and functions for calling engineering project development language self-defined;
the real-time compiling and running module is used for analyzing and disassembling characters in the script file when the script file under the corresponding path is called according to the script name, carrying out lexical analysis and constructing a Token object set; wherein for function calls that do not meet the grammar specification or that have been unauthorized, a compilation exception is thrown; the authority of function calling in the script file is preset in the engineering project; converting the Token object set into an abstract syntax tree through a parser; the script of the return value can be determined in the compiling period, and the return value is directly output; if the script of the return value cannot be determined, generating byte codes according to the abstract syntax tree, and loading the byte codes into the virtual machine for execution.
7. The scripting language operating system based on the virtual machine safety sandbox as claimed in claim 6, further comprising a compiling result caching module, configured to, when calling a script file under a corresponding path according to a script name, abstract contents of the script file after reading the script file to obtain a caching key, and if a corresponding caching result can be found in the cache according to the key, the compiling is not performed again after direct use; otherwise, the compiling process is executed and the compiling result is written into the cache at the same time.
8. The scripting language running system based on the virtual machine safety sandbox according to claim 6, further comprising a scripting tool module for a service person to write scripting language and provide syntax rule description, support operation and function call description.
9. A computer system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the computer program, when loaded into the processor, implements the steps of the virtual machine security sandbox based scripting language operation management method according to any one of claims 1-5.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of the virtual machine security sandbox based scripting language operation management method according to any one of claims 1-5.
CN202210619751.6A 2022-06-02 2022-06-02 Script language operation management method and system based on virtual machine safety sandbox Pending CN115168838A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210619751.6A CN115168838A (en) 2022-06-02 2022-06-02 Script language operation management method and system based on virtual machine safety sandbox

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210619751.6A CN115168838A (en) 2022-06-02 2022-06-02 Script language operation management method and system based on virtual machine safety sandbox

Publications (1)

Publication Number Publication Date
CN115168838A true CN115168838A (en) 2022-10-11

Family

ID=83483194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210619751.6A Pending CN115168838A (en) 2022-06-02 2022-06-02 Script language operation management method and system based on virtual machine safety sandbox

Country Status (1)

Country Link
CN (1) CN115168838A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117234622A (en) * 2023-11-16 2023-12-15 中国电子科技集团公司第十五研究所 Multi-language runtime on-demand calling method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117234622A (en) * 2023-11-16 2023-12-15 中国电子科技集团公司第十五研究所 Multi-language runtime on-demand calling method and system
CN117234622B (en) * 2023-11-16 2024-02-27 中国电子科技集团公司第十五研究所 Multi-language runtime on-demand calling method and system

Similar Documents

Publication Publication Date Title
US7614044B2 (en) Attempting runtime retranslation of unresolvable code
US8850414B2 (en) Direct access of language metadata
US20140189662A1 (en) Extending A Development Environment
Watt et al. Two mechanisations of WebAssembly 1.0
Soldevila et al. Decoding Lua: Formal semantics for the developer and the semanticist
CN115168838A (en) Script language operation management method and system based on virtual machine safety sandbox
Tanaka et al. Safe low-level code generation in Coq using monomorphization and monadification
Pfenning et al. Twelf user’s guide
Wang Type system for resource bounds with type-preserving compilation
Valliappan et al. Typing the wild in Erlang
US11023214B2 (en) System and method for eliminating runtime out-of-bounds errors and exceptions
Husák et al. PeachPie: Mature PHP to CLI compiler
Soldevila et al. From specification to testing: semantics engineering for Lua 5.2
McNamara Rust in Action
Lin Operational semantics for Featherweight Lua
Ekblad A distributed haskell for the modern web
Afanasyev et al. Kotlin from the point of view of static analysis developer
García-Garland et al. Attribute grammars fly first-class... safer! dealing with DSL errors in type-level programming
Di Giacomo et al. Metacasanova: an optimized meta-compiler for Domain-Specific Languages
Wassermann et al. Tracing Algorithmic Primitives in RSqueak/VM
Naudziuniene An infrastructure for tractable verification of JavaScript programs
Soldevila Raffa et al. From specification to testing: semantics engineering for Lua 5.2
Berling Parser for Go Programs and Specification
Zhou et al. A HAT Trick: Automatically Verifying Representation Invariants Using Symbolic Finite Automata
Kwon et al. Translation Validation for JIT Compiler in the V8 JavaScript Engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination