问题描述
我正在设计一个使用C/C ++编写的系统,该系统可以通过各种插件扩展.有一个定义良好的C公共API,该API主要与(const) char*
和其他指针类型一起使用.插件被编译成.so或.dll文件,主应用程序在启动时将其加载,然后在请求后卸载或重新加载.
I am designing a system in C/C++ which is extendible with all sort of plugins. There is a well defined C public API which mostly works with (const) char*
and other pointer types. The plugins are compiled into .so or .dll files, and the main application loads them upon startup, and later unloads or reloads them upon request.
这些插件可能来自各种来源,无论是否值得信赖:)
The plugins might come in from various sources, trustable or not so :)
现在,我想确定的是,如果一个插件执行了一些愚蠢的操作(例如尝试释放他不应该释放的内存),则此操作不会导致整个系统崩溃,而只是注意到主系统,关于它的行为异常的插件,以便将其从队列中删除.
Now, I would like to make sure, that if one plugin does something stupid (such as tries to free a memory which he was not supposed to free), this action does not bring down the entire system, but merely notices the main system about the misbehaving plugin for it in order to remove it from the queue.
通过以下方式进行代码调用:
The code calls are being done in the following manner:
const char* data = get_my_data();
for(int i = 0; i<plugins; i++)
{
plugins[i]->execute(data);
}
,但是如果plugin[0]
意外"释放数据字符串或将其覆盖或错误地跳转到地址0x0,这将导致整个系统瘫痪,我不希望这样做.我如何避免这种灾难. (我知道,我可以复制data
字符串...这不能解决我的问题:))
but if plugin[0]
frees "by accident" the data string or overwrites it or by mistake jumps to address 0x0 this would bring down the entire system, and I don't want this. How can I avoid this kind of catastrophe. (I know, I can duplicate the data
string ... this does not solve my problem :) )
推荐答案
为插件创建包装程序,并通过IPC与该包装程序通信.万一插件失败,您的主要流程将保持不变
Make a wrapper process for plugin and communicate with that wrapper through IPC.In case of plugin failure your main process would be untouched
这篇关于在沙盒中运行插件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!