abort python script from trace function

[Chris Angelico]

On Sat, Jul 16, 2011 at 8:00 AM, Dave Stark <David.Stark at intusurg.com> wrote:
> Hello,
>
> I have a multithreaded application that uses embedded python extensively.
> The main thread creates python objects that interface test equipment, and
> users execute their own python scripts that run in a separate thread.

I did something extremely similar (but without the threading), and was
majorly burnt. Poke around on the archives and you'll find the extent
to which I (and my boss) got egg on our faces; I had thought that it
would be possible to sandbox Python enough for a user to be able to
submit code. It's not. If you're fortunate, someone from this list
will create a file in /tmp, read it back, and then email you showing
how easy it was to do. If you're not, it'll be utter and complete
p0wnage.

PyErr_SetInterrupt() raises KeyboardInterrupt. It works fine, as long
as the script catches that. I had the same issues with my system; I
wanted to administratively guarantee that the script WOULD NOT take
more than X ms of CPU time. Since a Python script can catch
KeyboardInterrupt, it could ignore the watchdog timer. In the end, I
created a second watchdog that, if triggered, would longjmp straight
out past all the Python code and back to a basic cleanup-and-terminate
routine.

There's no way, currently, to make an uncatchable exception. I already
asked. The general response is (and I should have listened, instead of
muffling on and hoping that we could sandbox Python "enough to get
by") that Python is not the right language for that sort of job. I was
advised to try Javascript/ECMAScript, and Google's V8 engine is fairly
good; not perfect, but decent. Alternatively, Lua works well, but it's
a lot more effort to embed (especially if you want heavy interfacing
between the script code and your application code - everything's done
with a stack).

Chris Angelico