Hi all,

I'm trying to use the PyPy sandbox to execute student code on a server.  I've got it all working, but it takes a few seconds to start the sandbox process, so the response time from the server is poor.  There are a few issues:

1) The sandbox makes a lot of system calls as part of the Python startup.  I understand how to reduce these somewhat by creating dummy resources.
2) The sandbox invokes the C compiler to determine system characteristics.  I got a patch from Geoff Thomas as MIT (they used the sandbox for labs in a security course).  He found that this change got rid of his C compiler invocation:
--- clean/pypy-pypy-release-1.6/pypy/rlib/rmarshal.py  2011-08-15 11:10:35.000000000 -0400
+++ pypy-pypy-release-1.6/pypy/rlib/rmarshal.py    2011-09-27 19:32:51.339470297 -0400
@@ -195,7 +195,7 @@
 
 def dump_float(buf, x):
     buf.append(TYPE_FLOAT)
-    s = formatd(x, 'g', 17)
+    s = '%f' % (x)
     buf.append(chr(len(s)))
     buf += s
 add_dumper(annmodel.SomeFloat(), dump_float)
I tried this change, and it reduced the number of compiler calls from three to one.  Before the change:
[platform:execute] gcc -c -O3 -pthread -fomit-frame-pointer -Wall -Wno-unused /tmp/usession-default-4/platcheck_7.c -o /tmp/usession-default-4/platcheck_7.o
Warning: cannot find your CPU L2 cache size in /proc/cpuinfo
[platform:execute] gcc -c -O3 -pthread -fomit-frame-pointer -Wall -Wno-unused -I/home/ned/pypy/pypy/translator/c /tmp/usession-default-4/module_cache/module_0.c -o /tmp/usession-default-4/module_cache/module_0.o
[platform:execute] gcc -shared /tmp/usession-default-4/module_cache/module_0.o -pthread -lrt -Wl,--export-dynamic,--version-script=/tmp/usession-default-4/dynamic-symbols-0 -o /tmp/usession-default-4/shared_cache/externmod.so
After the change:
[platform:execute] gcc -c -O3 -pthread -fomit-frame-pointer -Wall -Wno-unused /tmp/usession-default-3/platcheck_7.c -o /tmp/usession-default-3/platcheck_7.o
Warning: cannot find your CPU L2 cache size in /proc/cpuinfo
I think this compile is to determine the size of floats?  I don't understand why the sandbox needs to determine this dynamically every time it's run, and I don't understand how to get it not to, and I don't know what bad effects the patch has.  I also don't know what the remaining compile does or how to disable it.

If someone could mentor me through this process, I would appreciate it.  Email or IRC are fine channels for me.

--Ned.