Online Judge from Scratch(2) – Dispatcher

The dispatcher, as the name implies, fetches judge tasks from RabbitMQ, dispatches them to the sandbox workers and gets the results back synchronously. In Justice, the sandboxes are language-specific: If the submission is written in Java, we can sandbox it with Java Security Manager. If the submission is written in C/CPP, we need another sandbox … Continue reading "Online Judge from Scratch(2) – Dispatcher"

Read More

Online Judge from Scratch(1) – Frontend

The frontend of Justice contains two sites: the web UI for users and the admin panel for administrators, the main reason to choose Yii2 is the Advanced Application Template provides both succinct project structure and great convenience to share the same logic between the two sites: Besides, we improved Yii2’s MVC pattern by adding an … Continue reading "Online Judge from Scratch(1) – Frontend"

Read More

Online Judge from Scratch(0) – Architecture

An online judge system(like codeforces, leetcode, etc) contains a problem set of algorithms to solve, while users can compile a piece of code and execute the generated binary with pre-constructed data to test if the code is correct. However details of algorithms won’t be discussed here, we mainly focus on how to build an online judge … Continue reading "Online Judge from Scratch(0) – Architecture"

Read More

Higher-order functions in Javascript

In Javascript, functions are just like the other variables(AKA first-class citizen), and here are several interesting tricks implemented by treating functions as first-class citizen. currying Currying is for partial evaluation, a practical example is Function.prototype.bind() in Javascript: And we can implement bind()(under this circumstance only of course) by ourselves: trampolining Javascript(ES5) does not implement tail call optimization, … Continue reading "Higher-order functions in Javascript"

Read More

online judge sandbox 设计思路(2)

This article is deprecated, please see here for more details. seccomp() seccomp 是 Linux 内核提供的一种应用程序沙箱机制,seccomp 通过只允许应用程序调用 exit(), sigreturn(), read() 和 write() 四种系统调用来达到沙箱的效果。如果应用程序调用了除了这四种之外的系统调用, kernel 会向进程发送 SIGKILL 信号。 seccomp 很难在实际中得到推广,因为限制实在是太多了,Linus 本人也对它的应用持怀疑的态度,直到出现了 seccomp-bpf。seccomp-bpf 是 seccomp 的一个扩展,它可以通过配置来允许应用程序调用其他的系统调用。chrome 中第一个应用 seccomp-bpf 的场景是把 Flash 放到了沙箱里运行(实在是不放心),后续也把 render 的过程放到了沙箱里。 我们仍然先通过限制 unlink() 来看一下 seccomp 是如何工作的: 删除失败了。 下面,我们写一个程序 b.out,让 seccomp 允许调用 unlink() ,但是不允许调用 fork(): 编译运行下: 我们的目的达到了。 seccomp-nurse … Continue reading "online judge sandbox 设计思路(2)"

Read More