Skip to main content

ExecutionMonitor

hyperlight_js::sandbox::monitor

Trait ExecutionMonitor 

Source 
pub trait ExecutionMonitor: Send + Sync {
    // Required methods
    fn get_monitor(&self) -> Result<impl Future<Output = ()> + Send + 'static>;
    fn name(&self) -> &'static str;
}
Expand description

A monitor that enforces execution limits on handler invocations.

Implementations watch handler execution and signal termination when limits are exceeded (time limits, CPU usage, resource quotas, etc.).

This is the only trait users need to implement. The sealed MonitorSet trait is automatically derived via a blanket impl. See the module docs for the full architecture rationale.

§Why fn returning impl Future instead of async fn

The method body executes synchronously on the calling thread and returns an opaque Future that will be spawned on the shared monitor runtime. This two-phase design lets monitors capture thread-local state (e.g., [CpuTimeMonitor]’s pthread_getcpuclockid) before the future migrates to a tokio worker thread.

§Contract

  • Method body (sync): Runs on the calling thread. Capture thread-local state here. Return Err to fail closed (handler never runs).
  • Returned future (async): Will be spawned on the monitor runtime. Stays pending while within limits. Completes when execution should be terminated. Will be aborted if the handler finishes first.

§Example

use hyperlight_js::ExecutionMonitor;
use hyperlight_host::Result;
use std::future::Future;

struct TimeoutMonitor { timeout: std::time::Duration }

impl ExecutionMonitor for TimeoutMonitor {
    fn get_monitor(&self) -> Result<impl Future<Output = ()> + Send + 'static> {
        let timeout = self.timeout;
        Ok(async move {
            hyperlight_js::monitor::sleep(timeout).await;
            tracing::warn!("Timeout exceeded");
        })
    }

    fn name(&self) -> &'static str { "timeout" }
}

Required Methods§

Source

fn get_monitor(&self) -> Result<impl Future<Output = ()> + Send + 'static>

Prepare and return a monitoring future for a single handler invocation.

The method body runs synchronously on the calling thread — use it to capture thread-local state (e.g., CPU clock handles). The returned future will be spawned on the shared monitor runtime.

The future should stay pending while execution is within limits and complete (return ()) when execution should be terminated. It will be aborted if the handler finishes normally before the monitor fires.

§Errors

Return Err if the monitor cannot initialize (e.g., OS API failure). This will prevent the handler from executing (fail-closed semantics).

Source

fn name(&self) -> &'static str

Human-readable name for logging and metrics.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§