Develop your external procedures in protected mode, which is the default when you create a new external procedure. Protected and secure modes are states in which each instance of a procedure runs in a separate process. The difference between a protected mode server and a secure mode server is that a protected mode server process runs under the predefined OS user TDATSUSER, while a secure server process runs under the OS user specified by the UDF in its EXTERNAL SECURITY clause. The processes are otherwise identical.
Protected mode protects the system from programming errors that can stop the database, produce problems with memory leakage, or cause other potentially damaging results. Examples of such errors are invalid pointers, corrupted stacks, and illegal computations such as dividing by zero.
External procedures can cause the database to stop in protected and secure modes if they corrupt the shared data areas between the database and the protected or secure mode procedure.
- Testing all external procedures that are in development.
- Running any external procedures that cause the OS to consume system resources.
This includes anything that causes the OS to allocate system context, including open files, pipes, semaphores, tokens, threads (processes), and so on.
- Running Java procedures.
If a procedure does not perform operations that cause the OS to consume system resources, change its protection mode to EXECUTE NOT PROTECTED (see ALTER PROCEDURE (External Form)) after it has met your qualification standards for production use.
If a procedure does perform operations that cause the OS to consume system resources, run it in protected mode, even after it has been thoroughly debugged and meets all your production-level quality standards.
The following table summarizes this information for production-ready external procedures.
| External Procedure Characteristic | Mode to Use |
|---|---|
| Does not cause OS to consume system resources | Unprotected |
| Causes OS to consume system resources | One of the following:
|
| Written in Java | PROTECTED |
The best practice is to develop and test your methods on a nonproduction test system. Run newly created external procedures several hundred times to make sure they do not stop the system and to find performance issues that you can avoid with better design and coding.
Protected mode servers consume disk resources as follows.
In unprotected mode, an external procedure is called directly by the database rather than running as a separate process. Only alter a new procedure that does not require the OS to allocate system context to run in unprotected mode after you have thoroughly tested and evaluated its robustness and performance impact. When the newly created CPU-operations-only UDF has passed your quality measures and is ready to be put into production use, alter it to run in unprotected mode.
Each Java server for UDFs requires roughly 30 MB of memory for swap space, and there can be 2 such Java servers per node. A Java multithreaded server for non-secure mode Java procedures uses a minimum of an additional 30 MB (the amount required can be larger, depending on the size of the JARs for a user.), so each node requires approximately 100 MB of swap space if all server flavors are used.