Hi Laurent,
No, "sandboxing" isn't what I want - at least not usually. I want to be
able to limit the VM process itself ... particularly the heap size but
occasionally other things as well. I often have the need to squeeze a
Racket application into the corner of a small cloud VM, and I would like
is more fine-grained control over Racket processes.
Also, sandboxing only notices the overrun when it's too late. If the
memory is known limited from the beginning, it would be used
differently, e.g., GC'd more often.
Without a lot of details about the memory use of various features[*],
"ulimit -H -d ..." at best is a guess. "ulimit -H -m ..." works to
limit memory use, but it can't be used without swap, and without
limiting the data segment as well, it's easy to start thrashing code vs
data and kill performance.
"cgroups" helps with multiprocess applications, but it is complicated to
set up properly.
But in Windows there is no built-in user control for resource use ...
there are some 3rd party utilities, but many admins won't permit using
them. I work a lot with various DBMS, and things may get easier as SQL
Server is available for Linux, but most people who run it still run it
on Windows.
And, of course, containers can limit (at least) memory and CPU, but they
have their own sets of issues, and the container system itself can
require substantial resources. Generally I prefer to avoid containers
and run on the bare machine wherever possible.
YMMV,
George
[*] particularly JIT: e.g., application mapped files are "data" from
the POV of the OS regardless of whether the mapping is executable. So
JIT'd code really is data for "ulimit" purposes.
On 7/23/2020 12:47 PM, Laurent wrote:
Just in case (not sure how relevant this is to you):
https://docs.racket-lang.org/reference/Sandboxed_Evaluation.html?q=with-limits#%28form._%28%28lib._racket%2Fsandbox..rkt%29._with-limits%29%29
Works pretty well, but there are some caveats: if an object can be
reached outside of the `with-limits` scope, it's not counted.
On Thu, Jul 23, 2020 at 5:42 PM George Neuner <gneun...@comcast.net
<mailto:gneun...@comcast.net>> wrote:
Limits on resources used by individual VMs. ulimit works only at the
process level (so only indirectly affects in-process "thread"
places),
and Windows has no simple equivalent: I am aware of Windows "job
objects", but there are no user controls for them.
--
You received this message because you are subscribed to the Google Groups "Racket
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/racket-users/7ef2f992-076d-1f0e-a36c-243fd810ad3d%40comcast.net.