FifthGraalAdventures

From APIDesign

(Difference between revisions)
Jump to: navigation, search
(New page: Fifth year has passed since I joined OracleLabs and it is time to look back and summarize. === Designing for Security === This item has already appeared in [[FourthGraalAdventur...)
Current revision (11:29, 1 July 2020) (edit) (undo)
(AOTMadeFaster)
 
(8 intermediate revisions not shown.)
Line 4: Line 4:
This item has already appeared in [[FourthGraalAdventures|last year's report]], but it is important to remind it again in the light of new consequences. In summer 2019 [[Oracle]] ethical hacker team decided to attack [[GraalVM]]. They succeeded and managed to escape the [[Truffle]] framework scripting sandbox. However they were testing an older [[GraalVM]] release candidate and meanwhile [[I]] was working on [[FourthGraalAdventures#Universal_Secure_Scripting_API|secure scripting API]] which made it into the first customer release of [[GraalVM]]. It turned out that the attack vector was fully eliminated by my secure fixes!
This item has already appeared in [[FourthGraalAdventures|last year's report]], but it is important to remind it again in the light of new consequences. In summer 2019 [[Oracle]] ethical hacker team decided to attack [[GraalVM]]. They succeeded and managed to escape the [[Truffle]] framework scripting sandbox. However they were testing an older [[GraalVM]] release candidate and meanwhile [[I]] was working on [[FourthGraalAdventures#Universal_Secure_Scripting_API|secure scripting API]] which made it into the first customer release of [[GraalVM]]. It turned out that the attack vector was fully eliminated by my secure fixes!
 +
 +
Being a [[good]] architect is an [[InvisibleJob]], but when you predict future problems, address them and then a hacking attack proves you were right, then you deserve to be called an architect!
 +
 +
=== [[AOTMadeFaster]] ===
 +
 +
[[HotSpot]] based PGO profiles gathering has made it into [[GraalVM]] 19.2. To conclude [[FourthGraalAdventures#Collecting_profiles_for_guided_optimizations|my previous year's work]] on profile guided optimizations I published my [https://medium.com/graalvm/improving-performance-of-graalvm-native-images-with-profile-guided-optimizations-9c431a834edb first Medium post] about [[AOTMadeFaster|AOT and PGO]]. Then it was time to pass the system on to do some machine learning and artificial intelligence research on top of it. With a few bugfixes everything seems to be working.
 +
 +
=== [[Helidon]] MP 2.0 supports [[GraalVM]] [[NativeImage]] ===
 +
 +
[[Helidon]] is a microservices framework developed ''four meters away from me'' (my seat in [[Oracle]] Prague office). As such [[I]] felt as the natural fit for solving complex tasks that require understanding of both sides - the [[JavaEE]] landscape as well as the [[GraalVM]] internals.
 +
 +
[[Helidon]] MP implements the [[MicroProfile]] specification based on various other standard [[JavaEE]] subspecifications including [[CDI]]. Getting [[Weld]] (the reference [[CDI]] specification) running on top of [[NativeImage]] is particularly tricky. Not only [[Weld]] dynamically scans for various annotations, but it also dynamically emits [[bytecode]] for its helper classes during runtime. Solving this required more insight into [[JavaEE]] than available among compiler engineers - not that [[I]] had it initially, but the close co-operation with Tomáš Langer (the [[Helidon]] lead engineer) helped us move forward. Tomáš prepared various trivial [[CDI]] sample projects and [[I]] was then able to get them running on [[NativeImage]] by writing a dedicated '''WeldFeature'''. Once the initial road block was gone the [[Helidon]] team was able to move forward on their own and get their enhanced [[Weld]] running on top of [[NativeImage]].
 +
 +
[[Helidon]] 2.0 [https://medium.com/helidon/announcing-helidon-2-0-19c245f5488a was released] on June 24, 2020. It's [[MicroProfile]] edition (including compatible [[CDI]] implementation) works with [[NativeImage]].
 +
 +
 +
=== Graal.js & Maven & IGV ===
 +
 +
Published archetypes and wizard.
 +
 +
Nashorn removed - using it in NetBeans more. Online BIGV Analyzer. GraalVM downhill edition, interested?
 +
 +
IGV as best debugger for compiler developers: Graal Compiler Visualizer: reported JIRA issues for the enhancements
 +
 +
Defending API design: https://issues.apache.org/jira/browse/NETBEANS-4222
 +
 +
=== Designing [[API]]s at full speed ===
 +
 +
heap language, intern, and everything, gradle support, language neutral way to represent iterator - e.g. virtual growing array
 +
 +
=== [[GraalVM]] [[Insight]] ===
 +
 +
tooling on steroids, speed of EE vs. CE. Improving Espresso.

Current revision

Fifth year has passed since I joined OracleLabs and it is time to look back and summarize.

Contents

Designing for Security

This item has already appeared in last year's report, but it is important to remind it again in the light of new consequences. In summer 2019 Oracle ethical hacker team decided to attack GraalVM. They succeeded and managed to escape the Truffle framework scripting sandbox. However they were testing an older GraalVM release candidate and meanwhile I was working on secure scripting API which made it into the first customer release of GraalVM. It turned out that the attack vector was fully eliminated by my secure fixes!

Being a good architect is an InvisibleJob, but when you predict future problems, address them and then a hacking attack proves you were right, then you deserve to be called an architect!

AOTMadeFaster

HotSpot based PGO profiles gathering has made it into GraalVM 19.2. To conclude my previous year's work on profile guided optimizations I published my first Medium post about AOT and PGO. Then it was time to pass the system on to do some machine learning and artificial intelligence research on top of it. With a few bugfixes everything seems to be working.

Helidon MP 2.0 supports GraalVM NativeImage

Helidon is a microservices framework developed four meters away from me (my seat in Oracle Prague office). As such I felt as the natural fit for solving complex tasks that require understanding of both sides - the JavaEE landscape as well as the GraalVM internals.

Helidon MP implements the MicroProfile specification based on various other standard JavaEE subspecifications including CDI. Getting Weld (the reference CDI specification) running on top of NativeImage is particularly tricky. Not only Weld dynamically scans for various annotations, but it also dynamically emits bytecode for its helper classes during runtime. Solving this required more insight into JavaEE than available among compiler engineers - not that I had it initially, but the close co-operation with Tomáš Langer (the Helidon lead engineer) helped us move forward. Tomáš prepared various trivial CDI sample projects and I was then able to get them running on NativeImage by writing a dedicated WeldFeature. Once the initial road block was gone the Helidon team was able to move forward on their own and get their enhanced Weld running on top of NativeImage.

Helidon 2.0 was released on June 24, 2020. It's MicroProfile edition (including compatible CDI implementation) works with NativeImage.


Graal.js & Maven & IGV

Published archetypes and wizard.

Nashorn removed - using it in NetBeans more. Online BIGV Analyzer. GraalVM downhill edition, interested?

IGV as best debugger for compiler developers: Graal Compiler Visualizer: reported JIRA issues for the enhancements

Defending API design: https://issues.apache.org/jira/browse/NETBEANS-4222

Designing APIs at full speed

heap language, intern, and everything, gradle support, language neutral way to represent iterator - e.g. virtual growing array

GraalVM Insight

tooling on steroids, speed of EE vs. CE. Improving Espresso.

Personal tools
buy