Skip to main content

System Architecture

Runtime is a secure code execution API service built with Spring Boot that runs user-submitted code snippets in isolated Docker containers. The system supports multiple programming languages and enforces strict resource limits to ensure security and stability.

Core Components

The architecture consists of three main layers:

API Layer

RESTful endpoints built with Spring Boot that handle incoming code execution requests

Execution Engine

Language-specific executors that prepare and manage code execution in Docker containers

Docker Runtime

Isolated container environment where code is compiled and executed

Request Flow

Here’s how a code execution request flows through the system:

Component Breakdown

ExecutionController

The entry point for all code execution requests. Location: ExecutionController.java:22-26 
@PostMapping("/api/execute")
public ApiResponse<ExecutionResult> execute(@RequestBody CodeExecutionRequest request)
{
    return executionService.execute(request);
}

ExecutionService

Orchestrates the execution process by delegating to the appropriate language executor. Location: ExecutionService.java:13-17 
public ApiResponse<ExecutionResult> execute(CodeExecutionRequest request)
{
    CodeExecutor ce = new CodeExecutor();
    return ce.execute(request.getCode(), request.getLanguage());
}

CodeExecutor

Manages language-specific executors using a strategy pattern. Location: CodeExecutor.java:16-22 
public CodeExecutor()
{
    executors.put("java", new GeneralDockerExecutor("java"));
    executors.put("python", new GeneralDockerExecutor("python"));
    executors.put("c", new GeneralDockerExecutor("c"));
    executors.put("cpp",new GeneralDockerExecutor("cpp"));
    executors.put("js",new GeneralDockerExecutor("javascript"));
}

DockerExecutorUtil

Handles all Docker interactions including container creation, execution, and cleanup. Location: DockerExecutorUtil.java:24-35 
public DockerExecutorUtil() {
    DefaultDockerClientConfig config = DefaultDockerClientConfig
            .createDefaultConfigBuilder()
            .withDockerHost("tcp://localhost:2375")
            .build();

    ApacheDockerHttpClient httpClient = new ApacheDockerHttpClient.Builder()
            .dockerHost(config.getDockerHost())
            .build();

    this.dockerClient = DockerClientImpl.getInstance(config, httpClient);
}

Supported Languages

The system supports five programming languages, each with its own Docker image and execution command:
Docker Image: eclipse-temurin:17Execution: Compiles with javac and runs with javaFile Naming: Extracts class name from public class ClassName pattern
Docker Image: python:3.11Execution: Runs directly with python main.pyFile Name: main.py
Docker Image: gcc:latestExecution: Compiles with gcc and executes binaryFile Name: main.c
Docker Image: gcc:latestExecution: Compiles with g++ and executes binaryFile Name: main.cpp
Docker Image: node:18Execution: Runs with node main.jsFile Name: main.js

Resource Management

Every Docker container is created with strict resource limits to prevent abuse: 
CreateContainerResponse container = dockerClient.createContainerCmd(dockerImage)
    .withCmd(command)
    .withHostConfig(HostConfig.newHostConfig()
        .withBinds(new Bind(tempDirPath, new Volume("/code")))
        .withMemory(128 * 1024 * 1024L)      // 128MB RAM
        .withNanoCPUs(500_000_000L))          // 0.5 CPU cores
    .withWorkingDir("/code")
    .exec();
These resource limits ensure fair usage and prevent individual executions from consuming excessive system resources.

Execution Lifecycle

  1. Temporary Directory Creation - A unique directory is created for each execution
  2. File Writing - Code is written to an appropriate file (e.g., Main.java, main.py)
  3. Container Creation - Docker container is created with language-specific image
  4. Container Start - Container starts and executes the compilation/run command
  5. Output Capture - Both stdout and stderr are captured
  6. Container Cleanup - Container is removed immediately after execution
  7. Directory Cleanup - Temporary directory is deleted
All resources are cleaned up automatically, even if execution fails. This prevents resource leaks and ensures system stability.

Next Steps

Docker Execution

Learn how Docker-based code execution works in detail

Security Features

Understand the security and isolation mechanisms

Build docs developers (and LLMs) love

Get started for freeTalk to us