A high performance general purpose code execution engine.
MIT License
It's used in numerous places including:
The following are approved and endorsed extensions/utilities to the core Piston offering.
piston_rs
.When using the public Piston API, use the following two URLs:
GET https://emkc.org/api/v2/piston/runtimes
POST https://emkc.org/api/v2/piston/execute
Important Note: The Piston API is rate limited to 5 requests per second. Effective May 7, 2024, no additional unlimited keys will be granted and existing keys will be revoked on Jan 1, 2025. The public instance is at capacity and the public limit is already very generous. For usage beyond 5 requests/second, you should consider self hosting.
# clone and enter repo
git clone https://github.com/engineer-man/piston
# Start the API container
docker-compose up -d api
# Install all the dependencies for the cli
cd cli && npm i && cd -
The API will now be online with no language runtimes installed. To install runtimes, use the CLI.
docker run \
--privileged \
-v $PWD:'/piston' \
-dit \
-p 2000:2000 \
--name piston_api \
ghcr.io/engineer-man/piston
# Build the Docker containers
./piston start
# For more help
./piston help
The CLI is the main tool used for installing packages within piston, but also supports running code.
You can execute the cli with cli/index.js
.
# List all available packages
cli/index.js ppman list
# Install latest python
cli/index.js ppman install python
# Install specific version of python
cli/index.js ppman install python=3.9.4
# Run a python script using the latest version
echo 'print("Hello world!")' > test.py
cli/index.js run python test.py
# Run a python script using a specific version
echo 'print("Hello world!")' > test.py
cli/index.js run python test.py -l 3.9.4
cli/index.js run python test.py -l 3.x
cli/index.js run python test.py -l 3
If you are operating on a remote machine, add the -u
flag like so:
cli/index.js -u http://piston.server:2000 ppman list
The container exposes an API on port 2000 by default. This is used by the CLI to carry out running jobs and package management.
GET /api/v2/runtimes
This endpoint will return the supported languages along with the current version and aliases. To execute
code for a particular language using the /api/v2/execute
endpoint, either the name or one of the aliases must
be provided, along with the version.
Multiple versions of the same language may be present at the same time, and may be selected when running a job.
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"language": "bash",
"version": "5.1.0",
"aliases": [
"sh"
]
},
{
"language": "brainfuck",
"version": "2.7.3",
"aliases": [
"bf"
]
},
...
]
POST /api/v2/execute
This endpoint requests execution of some arbitrary code.
language
(required) The language to use for execution, must be a string and must be installed.version
(required) The version of the language to use for execution, must be a string containing a SemVer selector for the version or the specific version number to use.files
(required) An array of files containing code or other data that should be used for execution. The first file in this array is considered the main file.files[].name
(optional) The name of the file to upload, must be a string containing no path or left out.files[].content
(required) The content of the files to upload, must be a string containing text to write.files[].encoding
(optional) The encoding scheme used for the file content. One of base64
, hex
or utf8
. Defaults to utf8
.stdin
(optional) The text to pass as stdin to the program. Must be a string or left out. Defaults to blank string.args
(optional) The arguments to pass to the program. Must be an array or left out. Defaults to []
.compile_timeout
(optional) The maximum wall-time allowed for the compile stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to 10000
(10 seconds).run_timeout
(optional) The maximum wall-time allowed for the run stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to 3000
(3 seconds).compile_cpu_time
(optional) The maximum CPU-time allowed for the compile stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to 10000
(10 seconds).run_cpu_time
(optional) The maximum CPU-time allowed for the run stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to 3000
(3 seconds).compile_memory_limit
(optional) The maximum amount of memory the compile stage is allowed to use in bytes. Must be a number or left out. Defaults to -1
(no limit)run_memory_limit
(optional) The maximum amount of memory the run stage is allowed to use in bytes. Must be a number or left out. Defaults to -1
(no limit){
"language": "js",
"version": "15.10.0",
"files": [
{
"name": "my_cool_code.js",
"content": "console.log(process.argv)"
}
],
"stdin": "",
"args": ["1", "2", "3"],
"compile_timeout": 10000,
"run_timeout": 3000,
"compile_cpu_time": 10000,
"run_cpu_time": 3000,
"compile_memory_limit": -1,
"run_memory_limit": -1
}
A typical response upon successful execution will contain 1 or 2 keys run
and compile
.
compile
will only be present if the language requested requires a compile stage.
Each of these keys has an identical structure, containing both a stdout
and stderr
key, which is a string containing the text outputted during the stage into each buffer.
It also contains the code
and signal
which was returned from each process. It also includes a nullable human-readable message
which is a description of why a stage has failed and a two-letter status
that is either:
RE
for runtime errorSG
for dying on a signalTO
for timeout (either via timeout
or cpu_time
)OL
for stdout length exceededEL
for stderr length exceededXX
for internal errorHTTP/1.1 200 OK
Content-Type: application/json
{
"language": "js",
"version": "15.10.0",
"run": {
"stdout": "[\n '/piston/packages/node/15.10.0/bin/node',\n '/piston/jobs/9501b09d-0105-496b-b61a-e5148cf66384/my_cool_code.js',\n '1',\n '2',\n '3'\n]\n",
"stderr": "",
"output": "[\n '/piston/packages/node/15.10.0/bin/node',\n '/piston/jobs/9501b09d-0105-496b-b61a-e5148cf66384/my_cool_code.js',\n '1',\n '2',\n '3'\n]\n",
"code": 0,
"signal": null,
"message": null,
"status": null,
"cpu_time": 8,
"wall_time": 154,
"memory": 1160000
}
}
If a problem exists with the request, a 400
status code is returned and the reason in the message
key.
HTTP/1.1 400 Bad Request
Content-Type: application/json
{
"message": "html-5.0.0 runtime is unknown"
}
To interact with running processes in real time, you can establish a WebSocket connection at /api/v2/connect
. This allows you to both receive output and send input to active processes.
Each message is structured as a JSON object with a type
key, which indicates the action to perform. Below is a list of message types, their directions, and descriptions:
/execute
endpoint, except that stdin is discarded.An example of this endpoint in use is depicted below (< = client to server, > = server to client)
/api/v2/connect
{"type":"init", "language":"bash", "version":"*", "files":[{"content": "cat"}]}
{"type":"runtime","language": "bash", "version": "5.1.0"}
{"type":"stage", "stage":"run"}
{"type":"data", "stream":"stdin", "data":"Hello World!"}
{"type":"data", "stream":"stdout", "data":"Hello World!"}
{"type":"exit", "stage":"run", "code":null, "signal": "SIGKILL"}
Errors may return status codes as follows:
init
command is issued.init
command was sent within 1 second of connection.error
packet was transmitted.init
command was sent without a job context.signal
packet.awk
,
bash
,
befunge93
,
brachylog
,
brainfuck
,
bqn
,
c
,
c++
,
cjam
,
clojure
,
cobol
,
coffeescript
,
cow
,
crystal
,
csharp
,
csharp.net
,
d
,
dart
,
dash
,
dragon
,
elixir
,
emacs
,
emojicode
,
erlang
,
file
,
forte
,
forth
,
fortran
,
freebasic
,
fsharp.net
,
fsi
,
go
,
golfscript
,
groovy
,
haskell
,
husk
,
iverilog
,
japt
,
java
,
javascript
,
jelly
,
julia
,
kotlin
,
lisp
,
llvm_ir
,
lolcode
,
lua
,
matl
,
nasm
,
nasm64
,
nim
,
ocaml
,
octave
,
osabie
,
paradoc
,
pascal
,
perl
,
php
,
ponylang
,
powershell
,
prolog
,
pure
,
pyth
,
python
,
python2
,
racket
,
raku
,
retina
,
rockstar
,
rscript
,
ruby
,
rust
,
samarium
,
scala
,
smalltalk
,
sqlite3
,
swift
,
typescript
,
basic
,
basic.net
,
vlang
,
vyxal
,
yeethon
,
zig
,
Piston uses Isolate inside Docker as the primary mechanism for sandboxing. There is an API within the container written in Node which takes in execution requests and executes them within the container safely. High level, the API writes any source code and executes it inside an Isolate sandbox. The source file is either ran or compiled and ran (in the case of languages like c, c++, c#, go, etc.).
Piston uses Isolate which makes use of Linux namespaces, chroot, multiple unprivileged users, and cgroup for sandboxing and resource limiting. Code execution submissions on Piston shall not be aware of each other, shall not affect each other and shall not affect the underlying host system. This is ensured through multiple steps including:
:(){ :|: &}:;
, while True: os.fork()
, etc.)Piston is licensed under the MIT license.