# go-judge
[![Go Reference](https://pkg.go.dev/badge/github.com/criyle/go-judge.svg)](https://pkg.go.dev/github.com/criyle/go-judge) [![Go Report Card](https://goreportcard.com/badge/github.com/criyle/go-judge)](https://goreportcard.com/report/github.com/criyle/go-judge) [![Release](https://img.shields.io/github/v/tag/criyle/go-judge)](https://github.com/criyle/go-judge/releases/latest) ![Build](https://github.com/criyle/go-judge/workflows/Build/badge.svg)
[中文文档](README.cn.md)
## Executor Service
Fast, Simple, Secure
### Prerequisite
- Linux Kernel Version >= 3.10
- Cgroup file system mounted at /sys/fs/cgroup. Usually done by systemd
### Architecture
```text
+----------------------------------------------------------------------------------+
| Transport Layer (HTTP / WebSocket / FFI / ...) |
+----------------------------------------------------------------------------------+
| Executor Worker (Environment Pool w/ Environment Builder ) |
+-----------------------------------------------------------+----------------------+
| EnvExec | File Store |
+--------------------+----------------+---------------------+---------------+------+
| Linux (go-sandbox) | Windows (winc) | macOS (app sandbox) | Shared Memory | Disk |
+--------------------+----------------+---------------------+---------------+------+
```
### REST API
A REST service to run program in restricted environment and it is basically a wrapper for `envexec` to run single / multiple programs.
- /run POST execute program in the restricted environment (examples below)
- /file GET list all cached file id to original name map
- /file POST prepare a file in the executor service (in memory), returns fileId (can be referenced in /run parameter)
- /file/:fileId GET downloads file from executor service (in memory), returns file content
- /file/:fileId DELETE delete file specified by fileId
- /ws WebSocket for /run
- /version gets build git version (e.g. `v1.4.0`) together with runtime information (go version, os, platform)
- /config gets some configuration (e.g. `fileStorePath`) together with some supported features
Monitor HTTP endpoint (default `:5052`, specified by `-monitor-addr`)
- /metrics prometheus metrics (specifies `ES_ENABLE_METRICS=1` environment variable to enable metrics)
- /debug (specifies `ES_ENABLE_DEBUG=1` environment variable to enable go runtime debug endpoint)
### Command Line Arguments
Server:
- The default binding address for the executor server is `:5050`. Can be specified with `-http-addr` flag.
- By default gRPC endpoint is disabled, to enable gRPC endpoint, add `-enable-grpc` flag.
- The default binding address for the gRPC executor server is `:5051`. Can be specified with `-grpc-addr` flag.
- The default log level is info, use `-silent` to disable logs or use `-release` to enable release logger (auto turn on if in docker).
- `-auth-token` to add token-based authentication to REST / gRPC
- By default, the GO debug endpoints are disabled, to enable, specifies `-enable-debug`, and it also enables debug log
- By default, the prometheus metrics endpoints are disabled, to enable, specifies `-enable-metrics`
- Monitoring HTTP endpoint is enabled if metrics / debug is enabled, the default addr is `:5052` and can be specified by `-monitor-addr`
Sandbox:
- The default concurrency equal to number of CPU, Can be specified with `-parallelism` flag.
- The default file store is in memory, local cache can be specified with `-dir` flag.
- The default CGroup prefix is `executor_server`, Can be specified with `-cgroup-prefix` flag.
- `-src-prefix` to restrict `src` copyIn path (need to be absolute path)
- `-time-limit-checker-interval` specifies time limit checker interval (default 100ms) (valid value: \[1ms, 1s\])
- `-output-limit` specifies size limit of POSIX rlimit of output (default 256MiB)
- `-extra-memory-limit` specifies the additional memory limit to check memory limit exceeded (default 16KiB)
- `-copy-out-limit` specifies the default file copy out max (default 64MiB)
- `-open-file-limit` specifies the max number of open files (default 256)
- `-cpuset` specifies `cpuset.cpus` cgroup for each container (Linux only)
- `-container-cred-start` specifies container `setuid` / `setgid` credential start point (default: 10000) (Linux only)
- for example, by default container 0 will run with 10001 uid & gid and container 1 will run with 10002 uid & gid...
- `-enable-cpu-rate` enabled `cpu` cgroup to control cpu rate using cfs_quota & cfs_period control (Linux only)
- `-cpu-cfs-period` specifies cfs_period if cpu rate is enabled (default 100ms) (valid value: \[1ms, 1s\])
- `-seccomp-conf` specifies `seecomp` filter setting to load when running program (need build tag `seccomp`) (Linux only)
- for example, by `strace -c prog` to get all `syscall` needed and restrict to that sub set
- however, the `syscall` count in one platform(e.g. x86_64) is not suitable for all platform, so this option is not recommended
- the program killed by seccomp filter will have status `Dangerous Syscall`
- `-pre-fork` specifies number of container to create when server starts
- `-tmp-fs-param` specifies the tmpfs parameter for `/w` and `/tmp` when using default mounting (Linux only)
- `-file-timeout` specifies maximum TTL for file created in file store (e.g. `30m`)
- `-mount-conf` specifies detailed mount configuration, please refer `mount.yaml` as a reference (Linux only)
- `-container-init-path` specifies path to `cinit` (do not use, debug only) (Linux only)
### Environment Variables
Environment variable will be override by command line arguments if they both present and all command line arguments have its correspond environment variable (e.g. `ES_HTTP_ADDR`). Run `executorserver --help` to see all the environment variable configurations.
### Install & Run
Download compiled executable from [Release](https://github.com/criyle/go-judge/releases) and run.
Or, by docker
```bash
docker run -it --rm --privileged --shm-size=256m -p 5050:5050 criyle/executorserver
```
#### Build Executor Server
Build by your own `docker build -t executorserver -f Dockerfile.exec .`
The `executorserver` need root privilege to create `cgroup`. Either creates sub-directory `/sys/fs/cgroup/cpuacct/executor_server`, `/sys/fs/cgroup/memory/executor_server`, `/sys/fs/cgroup/pids/executor_server` and make execution user readable or use `sudo` to run it.
#### Build Shared object
Build container init `cinit`:
`go build -o cinit ./cmd/cinit`
Build `executor_server.so`:
`go build -buildmode=c-shared -o executor_server.so ./cmd/ffi/`
For example, in JavaScript, run with `ffi-napi` (seems node 14 is not supported yet):
### Build Executor Proxy
Build `go build ./cmd/executorproxy`
Run `./executorproxy`, connect to gRPC endpoint expose as a REST endpoint.
### Build Executor Shell
Build `go build ./cmd/executorshell`
Run `./executorshell`, connect to gRPC endpoint with interactive shell.
### Return Status
- Accepted: Program exited with status code 0 within time & memory limits
- Memory Limit Exceeded: Program uses more memory than memory limits
- Time Limit Exceeded:
- Program uses more CPU time than cpuLimit
- Or, program uses more clock time than clockLimit
- Output Limit Exceeded:
- Program output more than pipeCollector limits
- Or, program output more than output-limit
- File Error:
- CopyIn file is not existed
- Or, CopyIn file too large for container file system
- Or, CopyOut file is not existed after program exited
- Non Zero Exit Status: Program exited with non 0 status code within time & memory limits
- Signalled: Program exited with signal (e.g. SIGSEGV)
- Dangerous Syscall: Program killed by seccomp filter
- Internal Error:
- Program is not exist
- Or, container create not successful (e.g. not privileged docker)
- Or, other errors
### Container Root File
没有合适的资源?快使用搜索试试~ 我知道了~
基于SpringBoot和SpringCloud和Vue的在线代码评委系统(OJ).zip
共4003个文件
svg:1877个
js:672个
java:311个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
5星 · 超过95%的资源 1 下载量 166 浏览量
2023-06-27
11:18:50
上传
评论 1
收藏 17.05MB ZIP 举报
温馨提示
本资源中的源码都是经过本地编译过可运行的,下载后按照文档配置好环境就可以运行。资源项目的难度比较适中,内容都是经过助教老师审定过的,应该能够满足学习、使用需求,如果有需要的话可以放心下载使用。有任何问题也可以随时私信博主,博主会第一时间给您解答!!! 本资源中的源码都是经过本地编译过可运行的,下载后按照文档配置好环境就可以运行。资源项目的难度比较适中,内容都是经过助教老师审定过的,应该能够满足学习、使用需求,如果有需要的话可以放心下载使用。有任何问题也可以随时私信博主,博主会第一时间给您解答!!! 本资源中的源码都是经过本地编译过可运行的,下载后按照文档配置好环境就可以运行。资源项目的难度比较适中,内容都是经过助教老师审定过的,应该能够满足学习、使用需求,如果有需要的话可以放心下载使用。有任何问题也可以随时私信博主,博主会第一时间给您解答!!!
资源推荐
资源详情
资源评论
收起资源包目录
基于SpringBoot和SpringCloud和Vue的在线代码评委系统(OJ).zip (4003个子文件)
Dockerfile.alpine 452B
QuestionBankServiceImpl.class 20KB
BlogServiceImpl.class 19KB
UserServiceImpl.class 14KB
ContestSerivceImpl.class 10KB
ProctorServiceImpl.class 9KB
QuestionBankController.class 9KB
QuestionAopImpl.class 9KB
CompetitionInfoServiceImpl.class 9KB
OnlineJudgeServiceImpl.class 8KB
SubmmitionCodeInContestSerivceImpl.class 8KB
ProctorAopImpl.class 7KB
ProctorController.class 7KB
UserControllerAopImpl.class 7KB
AcContestQuestionSerivceImpl.class 7KB
QuestionCaseSerivceImpl.class 7KB
StudentServiceImpl.class 7KB
UserController.class 7KB
CompetitionInfoAopImpl.class 6KB
CompetitionQuestionBankAopImpl.class 6KB
BlogController.class 6KB
User.class 6KB
QuestionBankBo.class 6KB
QuestionBankVo.class 6KB
CreateArticleBo.class 6KB
QuestionAnswerServiceImpl.class 6KB
StudentCertification.class 6KB
AcContestQuestionAopImpl.class 6KB
ArticleVo.class 6KB
ConTest.class 6KB
BlogAopImpl.class 6KB
DetailedArticleVo.class 5KB
Article.class 5KB
DetailedArticleJSON.class 5KB
OnlineJudgeApplicationTests.class 5KB
OnlineJudgeServiceImpl.class 5KB
RedisUtil.class 5KB
ContestQuestionVo.class 5KB
ProgramBo.class 5KB
CodeInContest.class 5KB
ArticleJSON.class 5KB
AcContestQuestionController.class 5KB
QuestionCaseAopImpl.class 5KB
ConTestController.class 5KB
ProblemLimit.class 5KB
AcContestQuestion.class 5KB
ConTestServiceAopImpl.class 5KB
BusinessApplicationTests.class 5KB
QuestionDiscussServiceImpl.class 5KB
QuestionBank.class 5KB
CompetitionQuestionBankController.class 5KB
CompetitionInfoController.class 5KB
Blogroll.class 5KB
QuestionDiscuss.class 5KB
TopArticleServiceImpl.class 4KB
SubmmitionCodeInContestAopImpl.class 4KB
Lesson.class 4KB
SystemVerifyServiceImpl.class 4KB
College.class 4KB
Major.class 4KB
QuestionCase.class 4KB
GetStudentInfoVo.class 4KB
StudentAopImpl.class 4KB
SystemServiceImpl.class 4KB
CompetitionInfo.class 4KB
Universty.class 4KB
LanguageCommand.class 4KB
SubmmitionCodeInContestController.class 4KB
ProgrammingLanguage.class 4KB
InitializerApplication.class 4KB
Invigilator.class 4KB
StudentController.class 4KB
QuestionCaseController.class 4KB
CodeInContestServiceImpl.class 3KB
ProctorInfo.class 3KB
Proctor.class 3KB
CompetitionQuestionBankSerivceImpl.class 3KB
ArticleDiscussionRepositoryTest.class 3KB
JwtUtil.class 3KB
UpdateQuestion.class 3KB
RedisSchedulingTask.class 3KB
ElementOfQueryLogBo.class 3KB
Organize.class 3KB
QuestionDiscussController.class 3KB
InvigilatorServiceImpl.class 3KB
ProblemLimitServiceImpl.class 3KB
FilterQueryMatchSaveCodeBo.class 3KB
BlogMapper.class 3KB
TopArticleController.class 3KB
CompetitionInfoInContest.class 3KB
DiscussImpl.class 3KB
SystemController.class 3KB
CompetitionInfoMapper.class 3KB
AdminGetProctorsByPaginBo.class 3KB
UpdateQuestionCaseBo.class 3KB
AdminFindUserByRoleBo.class 3KB
UserGetMyselfArticleBo.class 3KB
QuestionBankAttribute.class 3KB
QuestionAnswerController.class 2KB
AddQuestionCaseBo.class 2KB
共 4003 条
- 1
- 2
- 3
- 4
- 5
- 6
- 41
资源评论
- gytvumjf1102024-02-13资源很不错,内容和描述一致,值得借鉴,赶紧学起来!
白话机器学习
- 粉丝: 8723
- 资源: 7682
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于 SpringCloud 和 Vue3 的OA系统
- 软考高级项目管理师-项目采购管理思维导图
- WordsVector (1).ipynb
- yolov7 车牌检测 车牌识别 中文车牌识别 检测 支持双层车牌 支持12种中文车牌
- 20240429_112025.m4a
- "麦嘟学编程"似乎是一个与编程学习相关的品牌或社区名称,它可能是一个在线教育平台、博客、论坛或社交媒体群组等,旨在帮助人们学习编
- OpenCV(Open Source Computer Vision Library)是一个开源的计算机视觉和机器学习软件库,由
- Redis入门基础篇+源码(springboot、maven)
- ChatGPT-4是由OpenAI开发的人工智能模型,是GPT(Generative Pre-trained Transform
- 91fdd461elb59a4ce8dfcfc46bc283a7.msi
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功