tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Delian Krustev <>
Subject Re: Limit infinite loop damage
Date Wed, 09 Feb 2005 17:50:08 GMT
Garthfield Carter wrote:

> Sorry I posted this earlier but it joined the wrong thread.
> I'm using Tomcat 5.0.27 with Sun SDK 1.4.2. A user managed to bring the
> whole server to a grinding halt for 6 hours after he created a Servlet
> which had an infinite loop. The piece of code that contained the
> infinite loop had a MySQL connect statement which added to the problem
> greatly.
> I've searched extensively for various answers in how to limit the
> damage of infinite loops in Java but have found nothing. The memory
> allocated to the JVM is set to a maximum of 24MB. This had little
> effect in keeping the damage down. Any pointers would be greatly
> appreciated. I've toyed with the idea of using ulimit on CPU time but
> then Tomcat would die depending on what time limit I set and not the
> Servlet thread. 

>From getrlimit(2):
              CPU time limit in seconds.  When the  process  reaches  the
              soft  limit,  it  is  sent  a  SIGXCPU signal.  The default
              action for this signal is to terminate the  process.   How-
              ever,  the signal can be caught, and the handler can return
              control to the main program.  If the process  continues  to
              consume  CPU  time, it will be sent SIGXCPU once per second
              until the hard limit is reached, at which time it  is  sent
              SIGKILL.   (This  latter  point describes Linux 2.2 through
              2.6 behaviour.  Implementations vary in how they treat pro-
              cesses  which  continue  to consume CPU time after reaching
              the soft limit.  Portable applications that need  to  catch
              this  signal  should  perform  an  orderly temination upon

I think the parent should receive SIGCHLD only. Additionally it might depend
on the type of threading You're using. I'm not sure. However You could 
easily test this out. If You plan to use this in production You should 
probably consider using s.t. like supervise from daemontools.

Random thoughts:
Actually there's nothing illegal in the endless loops. One thing You might 
consider is changing task schedulers. E.g a scheduler which performs s.t. 

"Give penalty to threads/processes which have taken more than X time in the 
last Y minutes"

I'm sorry I couldn't recommend a scheduler, but the available for your 
platform should be well documented.

> I'm hoping there's some admin settings perhaps I can use with Tomcat
> itself or in the JVM to automatically kill a rogue Servlet.

AFAIK there isn't.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message