Isolated program execution environment

摘要

Embodiments relate to an isolated program execution environment. An aspect includes receiving, by the isolated program execution environment on a computer comprising a processor and a memory, a request to run a program. Another aspect includes wrapping program code corresponding to the program as a function. Another aspect includes cloning a real global object of the isolated program execution environment to create a fake global object. Another aspect includes passing the fake global object to the function. Another aspect includes executing the function, such that the function executes the program.

主权项

1. A computer implemented method for an isolated program execution environment, the method comprising:
receiving, by the isolated program execution environment on a computer comprising a processor and a memory, a request to run a program, wherein the program comprises a JavaScript program, and wherein the program is executed in a strict mode; wrapping program code corresponding to the program as a function; cloning a real global object of the isolated program execution environment to create a fake global object; passing the fake global object to the function; and executing the function, such that the function executes the program, wherein the program accesses data or a variable in the fake global object during execution, and does not access the real global object; discarding the fake global object after execution of the program is completed; determining that the program requires an external module; determining whether the external module is stored in an immutable module cache of the isolated program execution environment; based on determining that the external module is stored in the immutable module cache, passing a reference to a cache entry corresponding to the external module to the program;
executing the external module by the program, wherein the program does not modify the external module during execution; wherein, based on determining that the external module is not stored in the immutable module cache:
retrieving program code corresponding to the external module from a memory;compiling the retrieved program code to create a compiled module;sealing the compiled module so that the sealed compiled module is immutable;storing the sealed compiled module in the immutable module cache; executing a plurality of programs simultaneously by the isolated program execution environment, wherein each of the plurality of programs has a respective fake global object.