Ryan Newton
It sounds like you're interested in running just one client computation at once?
Actually, I was hoping for a more general solution, which is also applicable to e.g. a web-server running with `+RTS -N8`, where each HTTP request spawns a new thread, and multiple requests are supposed to run in parallel and concurrently.
Hence you don't have a disambiguation problem -- if the total memory footprint crosses a threshold you know who to blame.
I could use that, but then I'd have to clone the process (or start the processes multiple times requiring to duplicate all in-memory data-structures), and I'd have the problem that the amount of parallelism/concurrency is limited by the number of cloned unix processes. Alas, this works only for some use-cases (like e.g. a single-user GHCi REPL)
At least this seems easier than needing a per-computation or per-IO-thread caps.
How hard would per-IO-thread caps be?
By the way, the folks who implement Second Life did an interesting job of that -- they hacked Mono to be able to execute untrusted code with resource bounds.