I'm writing a online judge system, which let clients submit C++ codes, compile it locally, and then run it to generate results. But I encouter a problem.

the (client submitted)program should read a input file then do calculationg to generate result.
I'm using windows pipe to redirect input so the program doesn't really need to read a file.

there's some thing about security to be considered.
I want the user-submitted program to only do calculations, and do not do any other operations like file access, create multi-thread, etc.

what can I do to prevent the program from doing such operations?
Is there any APIs? or any machanism to achieve it?

So you are writing compiler kind of thing?
I dont think it's as easy to do parsing if C++ code, and discarding stuff that you dont need.
There are could be hundreds of ways to create file, thread or anything that can compromise security.

no, actually I cal g++.exe to compile the code.

and what I mean is to find a way to do sandboxing.

I wonder how to do sanboxing in windows??