Hi all, I'm trying to use the PyPy sandbox to execute student code on a server. I've got it all working, but it takes a few seconds to start the sandbox process, so the response time from the server is poor. There are a few issues: 1) The sandbox makes a lot of system calls as part of the Python startup. I understand how to reduce these somewhat by creating dummy resources. 2) The sandbox invokes the C compiler to determine system characteristics. I got a patch from Geoff Thomas as MIT (they used the sandbox for labs in a security course). He found that this change got rid of his C compiler invocation: --- clean/pypy-pypy-release-1.6/pypy/rlib/rmarshal.py 2011-08-15 11:10:35.000000000 -0400 +++ pypy-pypy-release-1.6/pypy/rlib/rmarshal.py 2011-09-27 19:32:51.339470297 -0400 @@ -195,7 +195,7 @@ def dump_float(buf, x): buf.append(TYPE_FLOAT) - s = formatd(x, 'g', 17) + s = '%f' % (x) buf.append(chr(len(s))) buf += s add_dumper(annmodel.SomeFloat(), dump_float) I tried this change, and it reduced the number of compiler calls from three to one. Before the change: [platform:execute] gcc -c -O3 -pthread -fomit-frame-pointer -Wall -Wno-unused /tmp/usession-default-4/platcheck_7.c -o /tmp/usession-default-4/platcheck_7.o Warning: cannot find your CPU L2 cache size in /proc/cpuinfo [platform:execute] gcc -c -O3 -pthread -fomit-frame-pointer -Wall -Wno-unused -I/home/ned/pypy/pypy/translator/c /tmp/usession-default-4/module_cache/module_0.c -o /tmp/usession-default-4/module_cache/module_0.o [platform:execute] gcc -shared /tmp/usession-default-4/module_cache/module_0.o -pthread -lrt -Wl,--export-dynamic,--version-script=/tmp/usession-default-4/dynamic-symbols-0 -o /tmp/usession-default-4/shared_cache/externmod.so After the change: [platform:execute] gcc -c -O3 -pthread -fomit-frame-pointer -Wall -Wno-unused /tmp/usession-default-3/platcheck_7.c -o /tmp/usession-default-3/platcheck_7.o Warning: cannot find your CPU L2 cache size in /proc/cpuinfo I think this compile is to determine the size of floats? I don't understand why the sandbox needs to determine this dynamically every time it's run, and I don't understand how to get it not to, and I don't know what bad effects the patch has. I also don't know what the remaining compile does or how to disable it. If someone could mentor me through this process, I would appreciate it. Email or IRC are fine channels for me. --Ned.