CN117093323B - Method and system for realizing sandbox mechanism based on back-end execution engine - Google Patents
Method and system for realizing sandbox mechanism based on back-end execution engine Download PDFInfo
- Publication number
- CN117093323B CN117093323B CN202311069404.1A CN202311069404A CN117093323B CN 117093323 B CN117093323 B CN 117093323B CN 202311069404 A CN202311069404 A CN 202311069404A CN 117093323 B CN117093323 B CN 117093323B
- Authority
- CN
- China
- Prior art keywords
- output
- module
- result
- execution
- execution engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 244000035744 Hura crepitans Species 0.000 title claims abstract description 42
- 230000007246 mechanism Effects 0.000 title claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 15
- 230000002688 persistence Effects 0.000 claims abstract description 7
- 230000006870 function Effects 0.000 claims description 43
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000002045 lasting effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 12
- 230000005540 biological transmission Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 206010029412 Nightmare Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000036962 time dependent Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Abstract
The application provides a method and a system for realizing a sandbox mechanism based on a back-end execution engine, wherein the method for realizing the sandbox mechanism replaces an original version comprising an uncertainty output result with a new version with a determined output result through a version replacement module in the process of rewriting operation; setting a related module which does not meet preset execution logic as a third party module which is forbidden to be introduced in the sandbox through a limiting module; the control module rewrites the log output related information to avoid repeated output of the log; executing according to a preset arrangement sequence and outputting a finished result by a persistence related module; reading the completed result, skipping the corresponding step of the completed result, and continuing to execute the incomplete step; by the method, the execution engine only continues unfinished and/or unexecuted steps in the transaction retry and/or reentry scene, the safety and reliability of the execution engine in the distributed transaction and other scenes are ensured, and the execution efficiency and maintainability of the system are improved.
Description
Technical Field
The application relates to the technical field of distributed systems, in particular to a method and a system for realizing a sandbox mechanism based on a back-end execution engine.
Background
Existing back-end reliable execution engines typically use workflow engines to guarantee the reliability of transactions, for example in a distributed transaction scenario. These engines complete the entire workflow by orchestrating a series of steps, however, if an exception condition such as a program crash occurs during execution, it may result in an interruption of the workflow and require restarting and retrying the workflow to ensure consistency of the transaction.
In the prior art, based on a system retry or reentry mechanism during system execution, for example, when a program crashes and restarts, all steps may need to be retried from scratch, which may cause inconsistency of data, possible side effects, and the like; in addition, the orchestration process in the prior art may include some uncertainty factors, such as physical time, UUID, etc., which may cause inconsistent results during retry, etc., so that the system restarts and retries the workflow, and it is difficult to ensure the safety and reliability of the process.
Disclosure of Invention
In order to solve the defects that in the prior art, when a program crashes and is restarted, the process of restarting from the beginning is difficult to be carried out, the safety and the reliability of the process are difficult to ensure, and the like, the application provides a method and a system for realizing a sandbox mechanism in a back-end execution engine.
The first aspect of the present application proposes a method for implementing a sandbox mechanism in a back-end execution engine, where the method specifically may include:
replacing the original version comprising the uncertainty output result with a new version with the determined output result by a version replacement module in the overwriting operation;
setting a related module which does not meet preset execution logic as a third party module which is forbidden to be introduced in the sandbox through a limiting module;
the control module rewrites the log output related information to avoid repeated output of the log;
executing and lasting the new version and/or the third party module and/or the control module according to a preset arrangement sequence, and outputting a finished result;
reading the completed result, skipping the corresponding step of the completed result, and continuing to execute the incomplete step
In one possible implementation manner of the first aspect, replacing the original version including the uncertainty output result with the new version having the determined output result when the operation is rewritten includes:
under the condition that the uncertain output result corresponds to Random function output, the fixed seed is maintained, so that the output is a determined Random number;
under the condition that the uncertain output result corresponds to Date function output, the current time of the system is saved, so that the output is determined time information;
when the uncertain output result corresponds to setTimeout function output, fixedly maintaining the specified waiting time to enable the output to be the determined timing time;
and in the case that the uncertain output result corresponds to output as a UUID function, enabling the output to be a unique identifier through a fixed storage device.
In one possible implementation manner of the first aspect, the determining the basis of the original version of the uncertainty output result includes: the inclusion of uncertainty execution logic in the original version causes the output result to include an uncertainty output result.
In one possible implementation manner of the first aspect, the setting, by the limiting module, the related module that does not meet the preset execution logic as the third party module that prohibits the introduction in the sandbox includes:
judging whether the business side logic comprises a setting which does not meet the preset condition of the preset execution logic or not;
if not, setting all the third party modules as forbidden to be introduced by default;
if yes, setting the third party module with uncertain execution logic as forbidden to be introduced according to the preset condition.
In one possible implementation manner of the first aspect, rewriting, by the control module, the log output related information, and avoiding repeated output of the log includes: according to the instruction analysis of the execution engine in the process of interpreting/compiling the byte code instruction, acquiring the specific content of the current execution instruction;
in the case that the specific content of the execution instruction is the replay execution result, global marking is performed in an execution engine;
and executing the original log information output according to the global mark so as to avoid repeated output of the log when the flow is repeated.
In a possible implementation manner of the first aspect, in a case that the specific content of the execution instruction is "replay execution result", performing global marking in an execution engine includes:
judging that the current flow is in a flow reentry stage and/or a transaction retry stage under the condition that the specific content is a replay execution result;
global flags are made in the execution engine, including output flags that will skip the original log information.
In one possible implementation manner of the first aspect, reading the completed result includes:
and after the current program crashes or is abnormal, restarting the program and simultaneously reading the completed result.
A second aspect of the present application provides a system for implementing a sandbox mechanism in a back-end execution engine, where the system is applied to a method for implementing a sandbox mechanism in a back-end execution engine according to any one of the foregoing first possible aspects, where the system includes:
the version replacement module is used for replacing an original version comprising an uncertainty output result with a new version with a determined output result during the overwriting operation;
the limiting module is used for setting the related module which does not meet the preset execution logic as a third party module which is forbidden to be introduced in the sandbox through the limiting module;
the control module is used for rewriting the log output related information through the control module, so that repeated output of the log is avoided;
the persistence module is used for executing and persistence the new version according to a preset arrangement sequence and/or outputting a finished result by the third party module and/or the control module;
and the task execution module is used for reading the completed result, skipping the step corresponding to the completed result and continuing to execute the incomplete step.
A third aspect of the present application provides an apparatus for implementing a sandbox mechanism in a back-end execution engine, comprising:
a memory for storing a computer program;
a processor for implementing a method for implementing a sandbox mechanism in a back-end execution engine according to any one of the first aspects when executing said computer program
A fourth aspect of the present application provides a computer readable storage medium, wherein the computer readable storage medium has a computer program stored thereon, the computer program, when executed by a processor, implementing a method for implementing a sandbox mechanism in a back-end execution engine according to any one of the first aspects.
Through the technical scheme that this application put forward, possess following beneficial technical effect at least:
the present patent proposes a sandbox mechanism (CRE sandbox) in a general back-end reliable execution engine, in which the CRE sandbox does not re-execute completed steps after a program crashes and restarts, but records the results of completed steps and multiplexes the results of completed related steps, so that the execution engine skips the executed steps in the event of transaction retry and/or reentry, but only continues the steps that are not completed and/or have not been executed, so that the sandbox mechanism can ensure the security and reliability of the execution engine in the event of distributed transactions and the like, particularly in the event of transaction retry and/or reentry, and also improve the execution efficiency and maintainability of the system, which not only avoids possible side effects, but also ensures the consistency of data.
By the aid of the CRE sandbox implementation mechanism, reliability and safety of an execution engine are improved, efficiency of the execution engine is improved remarkably, and unnecessary calculation and storage expenses caused by repeated execution of completed steps after program crash restarting are avoided effectively; by eliminating uncertainty factors in the arranging process, the technical scheme of the application also further improves the data consistency and predictability of the execution engine under retry and reentry scenes.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, given with reference to the accompanying drawings in which:
FIG. 1 illustrates a flow diagram of a method for implementing a sandbox mechanism in a back-end execution engine, according to an embodiment of the present application;
FIG. 2 illustrates a system block diagram based on implementing a sandbox mechanism in a back-end execution engine, in accordance with an embodiment of the present application.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present invention.
In order to solve the technical defects that when a program crashes and is restarted in the prior art, all steps may need to be retried from the beginning, which may cause data inconsistency and possible side effects, and the existing orchestration flow may include some uncertainty factors, such as physical time, UUID and the like, which may cause inconsistent results during retries, the application provides a method and a system for implementing a sandbox mechanism in a back-end execution engine. According to the method for realizing the sandbox mechanism based on the back-end execution engine, after the program crashes and is restarted, the execution engine skips the executed steps under the scene of transaction retry and/or reentry, but only continues the steps which are not completed and/or executed yet, so that the safety and reliability of the execution engine in the scene of distributed transactions and the like, particularly in the scene of transaction retry and/or reentry, and the execution efficiency and the maintainability of a system are improved.
Specifically, fig. 1 is a flow chart illustrating a method for implementing a sandbox mechanism in a back-end execution engine according to an embodiment of the present application, which specifically includes:
step 100: the original version including the uncertainty output result is replaced by the version replacement module in the overwriting operation to a new version with the determined output result. It will be appreciated that the Non-deterministic function (Non-Deterministic Functions) has been a nightmare that affects the matching of the state of the stream processing system. For example, when a user defines a source table, a certain virtual column field invokes functions such as RAND (), nop (), UUID (), etc.; then the operation is restarted after each crash, and the output results are not necessarily identical even if the incoming data streams are identical. In addition, if the user uses the JOIN of the dimension table, and the external dimension table is updated at any time, the JOIN may also be different in result, in order to avoid inconsistent output results, code containing uncertainty factors is avoided in the arranging process by replacing modules and versions, so that the output results are guaranteed to be identical when input data streams are completely consistent, or the result before crash is directly saved, the output results before crash of the system are replaced by modules, the original version of the non-deterministic function including the uncertainty result is replaced by a new version with the determination result, and unnecessary calculation and storage cost caused by repeatedly executing completed steps after restarting the program crash can be effectively avoided when the process reenters.
Step 200: and setting the related modules which do not meet the preset execution logic as third party modules which are forbidden to be introduced in the sandbox through the limiting module. It will be appreciated that the user-defined function corresponds to a third party module, which may or may not be deterministic, and is not defined according to any parameter type, but rather according to the function of the function. A function is said to be deterministic if it returns the same result each time given a specific set of valid inputs. Each time it is called, a different value is always returned, and the function customized to the user can be deterministic or non-deterministic.
Step 300: and the control module rewrites the log output related information to avoid repeated output of the log. It can be understood that modules such as a control log control error and control log are rewritten, so that control log stdout output which has already occurred is skipped when the process is scheduled to reenter, and complex logs generated by reentry are avoided from being observed by an external log system.
Step 400: executing and lasting the new version and/or the third party module and/or the control module according to the preset arrangement sequence, and outputting the completed result. It will be appreciated that for each workflow, the executor performs and persists the results of each step in a programmed order, step by step.
Step 500: and reading the completed result, skipping the step corresponding to the completed result, and continuing to execute the incomplete step. It will be appreciated that after the program crashes and restarts, the executor reads the results of the completed steps from the database, skips over these steps, and continues to execute the incomplete steps.
In step 100 described above, replacing the original version including the uncertainty output result with the new version having the determined output result at the time of overwriting includes:
under the condition that the uncertain output result corresponds to Random function output, the fixed seed is maintained, so that the output is a determined Random number;
under the condition that the uncertain output result corresponds to Date function output, the current time of the system is saved, so that the output is determined time information;
in the case that the output result is not determined to be output as the setTimeout function, the specified waiting time is fixedly maintained, so that the output is determined to be the timing time;
in the case that the output result is not determined to correspond to the output as the UUID function output, the output is made to be the unique identifier by fixing the storage device.
In some embodiments of the present application, the basis for determining the original version of the uncertainty output result includes: the inclusion of uncertainty execution logic in the original version causes the output result to include an uncertainty output result.
It can be appreciated that Random class is responsible for generating pseudo-Random numbers; random () creates a new Random number generator, inside the reliable execution system, maintaining a fixed set of seed, so when the call position of math.
It will be appreciated that the Date class provides two constructors to instantiate a Date object; the first constructor uses the current date and time to initialize the object, considering that getdate returns different values at different times, which is described as uncertainty, but will return the same value for x for one query instruction get x from y where primary key equals z ", where z is the same value.
It will be appreciated that the setTimeout function functions like a timer, specifies a duration and a function, rewrites the result of the setTimeout (function callback, number delay, any rest function included in the already executed result, e.g., the specified function function callback callback function, one is the result of the specified duration, etc., and returns an id value or the number of the timer, etc., to be implemented to replay the past execution result, and then replaces it with a version with the determined result.
It will be appreciated that UUID (Universally Unique Identifier) as a globally unique identifier refers to a number generated on one machine that ensures that it is unique to all machines in the same space-time. The ethernet card address, nanosecond time, chip ID code and many possible digits are used according to standard calculations established by the Open Software Foundation (OSF). May comprise a combination of the following parts: the current date and time (the first part of the UUID is time dependent, and if you generate a UUID a few seconds later, then the first part is different and the rest is the same) is replaced by a version with a certain result by putting the latest UUID value into the execution result that makes it replay the past.
In some embodiments of the present application, when the input parameters are the same and the same time is performed or multiple calls are performed, different non-deterministic functions are obtained, when the system is in-process, even if the call is repeated, for any non-deterministic function, the non-deterministic function may actually have different values due to the non-deterministic function, so that the non-deterministic function does not need to be repeatedly performed again when the flow is in-process.
In the above step 200, setting, by the limiting module, the related module that does not satisfy the preset execution logic as the third party module that is prohibited from being introduced into the sandbox includes:
judging whether the business side logic comprises a setting which does not meet the preset condition of the preset execution logic or not;
if yes, setting the third party module with uncertain execution logic as forbidden to be introduced according to the preset condition;
if not, all the third party modules are set to be forbidden to be introduced by default.
It can be appreciated that the whitelist is decided by the developer of the business logic, and under the condition of no specification, all third party modules are forbidden to import by default, so that the existence of all nondeterministic functions is avoided as much as possible, and the result of uncertainty is output during restarting or reentry.
The white list is set up based on the developer confirming that the third party module does not have execution logic with uncertainty.
Correspondingly, the risk of introducing a third party module is that if there is "uncertainty execution logic" in the third party module that produces different results each time it is invoked, the "code execution has certainty" assumption for the entire reliable execution engine is destroyed, and there is also a risk of errors in subsequent replay.
In the above step 300, rewriting the log output related information by the control module, avoiding the repeated output of the log includes:
according to the instruction analysis of the execution engine in the process of interpreting/compiling the byte code instruction, acquiring the specific content of the current execution instruction;
in the case that the specific content of the execution instruction is the replay execution result, global marking is performed in an execution engine;
and executing the original log information output according to the global mark so as to avoid repeated output of the log when the flow is repeated.
Further, in the case where the specific content of the execution instruction is "replay execution result", globally tagging in the execution engine includes:
judging that the current flow is in a flow reentry stage and/or a transaction retry stage under the condition that the specific content is a replay execution result;
global flags are made in the execution engine, including output flags that will skip the original log information.
It will be appreciated that for a reliable execution engine it can be distinguished whether the current execution is "first execution" or has been playing back the past execution results ", and that when the execution is the latter, the reliable execution engine will make a global flag 'isReplay = true'.
Correspondingly, in the control log, the original method can be rewritten, and the code is exemplified:
the same method is used to process the methods of the con. Error, the con. Wave, etc. except for the con. Log module, and the details are not repeated here.
In the above step 500, reading the completed result includes: reading the completed result includes:
and after the current program crashes or is abnormal, restarting the program and simultaneously reading the completed result. It will be appreciated that if a program crash occurs during execution, it may result in an interruption of the workflow, and by reading the result of the execution having completed, it is not necessary to restart and retry the workflow, avoiding inconsistencies in transactions due to non-deterministic functions.
In some embodiments of the present application, there is also provided a system for implementing a sandbox mechanism in a back-end execution engine, the system comprising:
a version replacement module 001 for replacing the original version including the uncertainty output result with a new version having the determination output result at the time of overwriting by the version replacement module;
a limiting module 002, configured to set, by using the limiting module, a related module that does not satisfy a preset execution logic as a third party module that is prohibited from being introduced into the sandbox;
the control module 003 is used for rewriting the log output related information through the control module to avoid repeated output of the log;
the persistence module 004 is used for executing and persistence the new version and/or the third party module and/or the control module according to a preset arrangement sequence to output a completed result;
and the task execution module 005 is configured to read the completed result, skip the step corresponding to the completed result, and continue to execute the incomplete step.
It can be understood that each functional module in the system for implementing the sandbox mechanism in the back-end execution engine performs the same step flow as in the method for implementing the sandbox mechanism in the back-end execution engine, which is not described herein.
In some embodiments of the present application, an electronic device is also provided. The electronic equipment comprises a memory and a processor, wherein the memory is used for storing a processing program, and the processor executes the processing program according to the instruction. The processor, when executing the processing program, causes the secure electrification method in the foregoing embodiment to be implemented. For example, the electronic device may be an in-vehicle device including an in-vehicle image sensor, but may be other devices.
The technical solutions presented in the present application relate to a method, an apparatus, a system, a chip, an electronic device, a computer-readable storage medium and/or a computer program product. The computer program product may include computer readable program instructions for performing various aspects of the present disclosure.
The computer readable storage medium may be a tangible device that can hold and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: portable computer disks, hard disks, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static Random Access Memory (SRAM), portable compact disk read-only memory (CD-ROM), digital Versatile Disks (DVD), memory sticks, floppy disks, mechanical coding devices, punch cards or in-groove structures such as punch cards or grooves having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.
The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network interface card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in the respective computing/processing device.
Computer program instructions for performing the operations of the present disclosure can be assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, c++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may be executed entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present disclosure are implemented by personalizing electronic circuitry, such as programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), with state information of computer readable program instructions, which can execute the computer readable program instructions.
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer readable program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvements in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (8)
1. A method for implementing a sandbox mechanism in a back-end execution engine, the method comprising:
replacing the original version comprising the uncertainty output result with a new version with the determined output result by a version replacement module in the overwriting operation;
setting the related module which does not meet the preset execution logic as a third party module which is forbidden to be introduced in the sandbox through the limiting module, wherein the third party module comprises:
judging whether the business side logic comprises a setting which does not meet the preset condition of the preset execution logic or not;
if yes, setting the third party module with uncertain execution logic as forbidden to be introduced according to the preset condition;
if not, setting all the third party modules as forbidden to be introduced by default;
the control module is used for rewriting the log output related information to avoid repeated output of the log, and the method comprises the following steps:
according to the instruction analysis of the execution engine in the process of interpreting/compiling the byte code instruction, acquiring the specific content of the current execution instruction;
in the case that the specific content of the execution instruction is the replay execution result, global marking is performed in an execution engine;
according to the global mark, executing original log information output so as to avoid repeated output of the log when the flow is repeated;
executing a third party module and a first object according to a preset arrangement sequence, and lasting finished results output by the third party module and the first object, wherein the first object comprises the new version and/or the control module;
and reading the completed result, skipping the step corresponding to the completed result, and continuing to execute the incomplete step.
2. The method of claim 1, wherein replacing the original version including the uncertainty output result with the new version having the determined output result when the runtime is rewritten comprises:
under the condition that the uncertainty output result corresponds to Random function output, maintaining fixed seed so that the output is a determined Random number;
under the condition that the uncertainty output result corresponds to Date function output, the current time of the system is saved, so that the output is determined time information;
under the condition that the uncertainty output result corresponds to setTimeout function output, the specified waiting time is fixedly maintained, so that the output is a determined timing time;
and in the case that the uncertainty output result corresponds to output as a UUID function output, enabling the output to be a unique identifier through a fixed storage device.
3. The method for implementing a sandbox mechanism in a back-end execution engine of claim 1, wherein determining the basis of the original version of the uncertainty output result comprises:
the inclusion of uncertainty execution logic in the original version causes the output result to include an uncertainty output result.
4. A method for implementing a sandbox mechanism in a back-end execution engine as claimed in claim 3, wherein, in the case where the specific content of the currently executing instruction is "replay execution result", globally tagging in the execution engine comprises:
judging that the current flow is in a flow reentry stage and/or a transaction retry stage under the condition that the specific content is a replay execution result;
global flags are made in the execution engine, including output flags that will skip the original log information.
5. The method of claim 1, wherein reading the completed result comprises:
and after the current program crashes or is abnormal, restarting the program and simultaneously reading the completed result.
6. A system for implementing a sandbox mechanism based on a back-end execution engine, applied to a method for implementing a sandbox mechanism based on a back-end execution engine according to any one of claims 1 to 5, characterized in that the system comprises:
the version replacement module is used for replacing an original version comprising an uncertainty output result with a new version with a determined output result during the overwriting operation;
the limiting module is configured to set, by using the limiting module, a related module that does not satisfy preset execution logic as a third party module that is prohibited from being introduced into the sandbox, and includes: judging whether the business side logic comprises a setting which does not meet the preset condition of the preset execution logic or not; if yes, setting the third party module with uncertain execution logic as forbidden to be introduced according to the preset condition; if not, setting all the third party modules as forbidden to be introduced by default;
the control module is used for rewriting the log output related information through the control module, avoiding repeated output of the log, and comprises the following steps: according to the instruction analysis of the execution engine in the process of interpreting/compiling the byte code instruction, acquiring the specific content of the current execution instruction; in the case that the specific content of the execution instruction is the replay execution result, global marking is performed in an execution engine; according to the global mark, executing original log information output so as to avoid repeated output of the log when the flow is repeated;
the persistence module is used for executing the third party module and the first object according to a preset arrangement sequence and persistence the completed result output by the third party module and the first object, wherein the first object comprises the new version and/or the control module;
and the task execution module is used for reading the completed result, skipping the step corresponding to the completed result and continuing to execute the incomplete step.
7. An apparatus for implementing a sandbox mechanism in a back-end execution engine, comprising:
a memory for storing a computer program;
a processor for implementing a method of implementing a sandbox mechanism in a back-end execution engine as claimed in any one of claims 1 to 5 when executing said computer program.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements a method of implementing a sandbox mechanism in a back-end based execution engine according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311069404.1A CN117093323B (en) | 2023-08-23 | 2023-08-23 | Method and system for realizing sandbox mechanism based on back-end execution engine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311069404.1A CN117093323B (en) | 2023-08-23 | 2023-08-23 | Method and system for realizing sandbox mechanism based on back-end execution engine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117093323A CN117093323A (en) | 2023-11-21 |
| CN117093323B true CN117093323B (en) | 2024-03-26 |
Family
ID=88774617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311069404.1A Active CN117093323B (en) | 2023-08-23 | 2023-08-23 | Method and system for realizing sandbox mechanism based on back-end execution engine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117093323B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101937500A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Computer terminal security protection method and system |
| US8560887B2 (en) * | 2010-12-09 | 2013-10-15 | International Business Machines Corporation | Adding scalability and fault tolerance to generic finite state machine frameworks for use in automated incident management of cloud computing infrastructures |
| US9369475B2 (en) * | 2008-11-03 | 2016-06-14 | Sizmek Technologies Ltd. | System and method for securing a third party communication with a hosting web page |
| CN106126350A (en) * | 2009-11-27 | 2016-11-16 | 谷歌公司 | Client-server input method editor architecture |
| CN109726549A (en) * | 2017-09-29 | 2019-05-07 | 英特尔公司 | The technology that insincere code for being supported using processor sandbox is executed |
| CN110968361A (en) * | 2019-11-04 | 2020-04-07 | 上海交通大学 | Isolation sandbox loading method |
| CN115408411A (en) * | 2022-09-01 | 2022-11-29 | 阿里云计算有限公司 | Data writing method and device, electronic equipment and storage medium |
| CN115438335A (en) * | 2022-11-07 | 2022-12-06 | 上海特高信息技术有限公司 | A safe sandbox system for consolidating intelligent contract safe operation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180032393A1 (en) * | 2016-08-01 | 2018-02-01 | International Business Machines Corporation | Self-healing server using analytics of log data |
-
2023
- 2023-08-23 CN CN202311069404.1A patent/CN117093323B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9369475B2 (en) * | 2008-11-03 | 2016-06-14 | Sizmek Technologies Ltd. | System and method for securing a third party communication with a hosting web page |
| CN101937500A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Computer terminal security protection method and system |
| CN106126350A (en) * | 2009-11-27 | 2016-11-16 | 谷歌公司 | Client-server input method editor architecture |
| US8560887B2 (en) * | 2010-12-09 | 2013-10-15 | International Business Machines Corporation | Adding scalability and fault tolerance to generic finite state machine frameworks for use in automated incident management of cloud computing infrastructures |
| CN109726549A (en) * | 2017-09-29 | 2019-05-07 | 英特尔公司 | The technology that insincere code for being supported using processor sandbox is executed |
| CN110968361A (en) * | 2019-11-04 | 2020-04-07 | 上海交通大学 | Isolation sandbox loading method |
| CN115408411A (en) * | 2022-09-01 | 2022-11-29 | 阿里云计算有限公司 | Data writing method and device, electronic equipment and storage medium |
| CN115438335A (en) * | 2022-11-07 | 2022-12-06 | 上海特高信息技术有限公司 | A safe sandbox system for consolidating intelligent contract safe operation |
Non-Patent Citations (3)
| Title |
|---|
| 基于沙盒的Android恶意软件动态分析方案;赵洋;胡龙;熊虎;秦志光;;信息网络安全(12);全文 * |
| 确定性并行技术;周旭;卢凯;陈沉;;计算机学报(05);全文 * |
| 面向组合服务动态自适应的事务级主动伺机服务替换算法;印莹;张斌;张锡哲;;计算机学报(11);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117093323A (en) | 2023-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108228188B (en) | View component processing method, electronic device and readable storage medium | |
| US9063766B2 (en) | System and method of manipulating virtual machine recordings for high-level execution and replay | |
| US9274768B2 (en) | Runtime code hooking for print driver and functionality testing | |
| US7647584B2 (en) | Automation and isolation of software component testing | |
| CN110008113B (en) | Test method and device and electronic equipment | |
| US10585785B2 (en) | Preservation of modifications after overlay removal from a container | |
| US10891120B2 (en) | Performing a compiler optimization pass as a transaction | |
| US10338910B2 (en) | Multi-tenant upgrading | |
| CN110659256A (en) | Multi-computer room synchronization method, computing device and computer storage medium | |
| CN109766139B (en) | Configuration method and device of configuration file | |
| CN111538659B (en) | Interface testing method, system, electronic equipment and storage medium of business scene | |
| CN114217787A (en) | Development method and device of modular application program and storage medium | |
| CN110990051B (en) | Maintenance method, device, medium and equipment for software package dependency relationship | |
| CN117093323B (en) | Method and system for realizing sandbox mechanism based on back-end execution engine | |
| CN108241543B (en) | Method, service server and system for executing service operation breakpoint | |
| CN111625225A (en) | Program specified data output method and device | |
| CN111897738A (en) | Automatic testing method and device based on atomic service | |
| CN113672465A (en) | Method, system, medium, terminal and unmanned aerial vehicle for generating process log system by process name | |
| CN113504904A (en) | User-defined function implementation method and device, computer equipment and storage medium | |
| CN114115982A (en) | Code issuing method, device, equipment and storage medium | |
| CN111880775A (en) | Multi-module layered architecture implementation method and device, electronic equipment and storage medium | |
| Padaryan et al. | Methods and software tools to support combined binary code analysis | |
| US10146529B2 (en) | Monitoring rules declaration and automatic configuration of the monitoring rules | |
| CN115543486B (en) | Server-free computing oriented cold start delay optimization method, device and equipment | |
| KR100352500B1 (en) | Method for automation of form controls generation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |