FifthGraalAdventures

From APIDesign

Fifth year has passed since I joined OracleLabs and it is time to look back and summarize.

Contents 1 Designing for Security 2 PGO 3 Helidon co-operation 4 Graal.js & Maven & IGV 5 Designing APIs at full speed 6 GraalVM Insight

Designing for Security

This item has already appeared in last year's report, but it is important to remind it again in the light of new consequences. In summer 2019 Oracle ethical hacker team decided to attack GraalVM. They succeeded and managed to escape the Truffle framework scripting sandbox. However they were testing an older GraalVM release candidate and meanwhile I was working on secure scripting API which made it into the first customer release of GraalVM. It turned out that the attack vector was fully eliminated by my secure fixes!

Being a good architect is an InvisibleJob, but when you predict future problems, address them and then a hacking attack proves you were right, then you deserve to be called an architect!

PGO

Published https://medium.com/graalvm/improving-performance-of-graalvm-native-images-with-profile-guided-optimizations-9c431a834edb,

Helidon co-operation

Helidon guys can use Ruby, JavaScript, Helidon can use WELD. Polyglot Context can be in the native-image.

Graal.js & Maven & IGV

Published archetypes and wizard.

Nashorn removed - using it in NetBeans more. Online BIGV Analyzer. GraalVM downhill edition, interested?

IGV as best debugger for compiler developers: Graal Compiler Visualizer: reported JIRA issues for the enhancements

Defending API design: https://issues.apache.org/jira/browse/NETBEANS-4222

Designing APIs at full speed

heap language, intern, and everything, gradle support, language neutral way to represent iterator - e.g. virtual growing array

GraalVM Insight

tooling on steroids, speed of EE vs. CE. Improving Espresso.