-
Enhancement
-
Resolution: Won't Fix
-
P4
-
None
-
7
-
x86
-
linux
A DESCRIPTION OF THE REQUEST :
Currently, the only way to handle the possibility of runaway scripts is to run every script in a new thread and call the deprecated stop() method on the thread when you have determined the script has run too long.
JUSTIFICATION :
1. Runaway scripts compromise the reliability of any application using the ScriptEngine API
2. Script engines should not be allowed to bring down their parent application
3. The only work around involves using deprecated and potentially dangerous thread functionality (i.e., Thead.stop())
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
1. The API documentation for ScriptEngine must be updated to indicate whether ScriptEngine.eval() is thread-safe. The fact that put() and get() exist imply that it is not. The fact that you can call eval() with a ScriptContext or Bindings imply that it could be.
2a. If we assume that ScriptEngine.eval() can only evaluate one script at a time, then a ScriptEngine.terminate(), ScriptEngine.abort() or ScriptEngine.stop() method should exist that will safely terminate the running eval(). eval() can then throw a ScriptException indicating it was terminated before the script completed.
2b. If that approach is not suitable (or some versions of ScriptEngine.eval() are in fact defined to be thread-safe), then a mechanism that is similar to java.util.concurrent.Future should be utilized. Future is not sufficient, however, because cancel() does not guarantee termination.
ACTUAL -
You can't terminate a running javax.script.ScriptEngine.
---------- BEGIN SOURCE ----------
import javax.script.*;
ScriptEngine engine = new ScriptEngineManager().getEngineByExtension("js");
engine.eval("while(true);");
// This code is unreachable
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Running every script in a new thread and using Thread.stop().
Currently, the only way to handle the possibility of runaway scripts is to run every script in a new thread and call the deprecated stop() method on the thread when you have determined the script has run too long.
JUSTIFICATION :
1. Runaway scripts compromise the reliability of any application using the ScriptEngine API
2. Script engines should not be allowed to bring down their parent application
3. The only work around involves using deprecated and potentially dangerous thread functionality (i.e., Thead.stop())
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
1. The API documentation for ScriptEngine must be updated to indicate whether ScriptEngine.eval() is thread-safe. The fact that put() and get() exist imply that it is not. The fact that you can call eval() with a ScriptContext or Bindings imply that it could be.
2a. If we assume that ScriptEngine.eval() can only evaluate one script at a time, then a ScriptEngine.terminate(), ScriptEngine.abort() or ScriptEngine.stop() method should exist that will safely terminate the running eval(). eval() can then throw a ScriptException indicating it was terminated before the script completed.
2b. If that approach is not suitable (or some versions of ScriptEngine.eval() are in fact defined to be thread-safe), then a mechanism that is similar to java.util.concurrent.Future should be utilized. Future is not sufficient, however, because cancel() does not guarantee termination.
ACTUAL -
You can't terminate a running javax.script.ScriptEngine.
---------- BEGIN SOURCE ----------
import javax.script.*;
ScriptEngine engine = new ScriptEngineManager().getEngineByExtension("js");
engine.eval("while(true);");
// This code is unreachable
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Running every script in a new thread and using Thread.stop().