'. '

FourthGraalAdventures

From APIDesign

(Difference between revisions)
Jump to: navigation, search
(Universal Secure Scripting API)
Line 19: Line 19:
The community tried to empower [[Rhino]], but at the end we settled with a secured solution based on [[Nashorn]] with the path paved to switch to [[Graal.js]] - the scripting engine based on [[GraalVM]] and [[Truffle]].
The community tried to empower [[Rhino]], but at the end we settled with a secured solution based on [[Nashorn]] with the path paved to switch to [[Graal.js]] - the scripting engine based on [[GraalVM]] and [[Truffle]].
-
[[Graal.js]] has been fully relicensed to benevolent UPL license. As such [[NetBeans]] 11 contains [[Graal.js]]. However to further stress the security part of the story, [[I]] decided to tighten up the [[JavaScript]] access to [[Java]] code by implementing
+
[[Graal.js]] has been fully relicensed to a benevolent Universal Public License. That allowed [[NetBeans]] 11 to include [[Graal.js]] and offer it as a [[JavaScript]] engine that one can request via the {{NB|org-netbeans-api-scripting|org/netbeans/api/scripting|Scripting}} [[API]]. The goal is to use the [[Graal.js]] engine everywhere instead of deprecated [[Nashorn]]. That however required me to further stress the security part of the story. [[I]] decided to tighten up the [[JavaScript]] access to [[Java]] code by implementing
{{truffle|org/graalvm/polyglot|HostAccess}}
{{truffle|org/graalvm/polyglot|HostAccess}}
-
and set the default to '''EXPLICIT'''. No more accidental access to [[Java]] methods. As a rule of ''least privilege'' one has to annotate the requested methods by '''@Explicit''' annotation.
+
and setting the default to '''EXPLICIT'''. That shall prevent accidental access to various [[Java]] methods by following the rule of ''least privilege''. E.g. only methods annotated by '''@Explicit''' annotation are exposed to the potentially vulnerable script.
 +
 
 +
The {{NB|org-netbeans-api-scripting|org/netbeans/api/scripting|Scripting}} is universal. E.g. it allows one to embed any language, not just [[JavaScript]] as the following tutorial in
 +
{{NB|org-netbeans-libs-graalsdk|org/netbeans/libs/graalsdk|package-summary}} shows.
Fixing the vulnerability, polishing [[Graal.js]] and [[Truffle]] for inclusion into [[NetBeans]] kept me busy for half a year. Switching [[NetBeans]] to the latest version of [[GraalVM]] still remains on my TODO list.
Fixing the vulnerability, polishing [[Graal.js]] and [[Truffle]] for inclusion into [[NetBeans]] kept me busy for half a year. Switching [[NetBeans]] to the latest version of [[GraalVM]] still remains on my TODO list.

Revision as of 06:01, 27 April 2019

Yet another year or two passed since TwoYearsWithTruffle article was written and it is time to summarize list of my recent Graal adventures again.

Collecting profiles for guided optimizations

SubstrateVM (enterprise edition) had an ability to instrument its code and dump profiling information to disk. While useful in a testing environment, the requirements of a cloud based deployments are different. The same application is supposed to be distributed among multiple docker containers running on multiple nodes. As such I was working on enhancing our central agent server - called **gemasrv** - to be able to request, obtain and track the PGO data over the wire from multiple applications.

However even this simplification wasn't good enough for projects like Helidon or FnProject. People don't want to debug and test the HotSpot version of the application, then build first (and slow) native image with profiling on to gather data about real usage from the VM and only then produce the production ready version. That is too complex and requires orchestration between developers, admins and operations. Rather than that let's collect the profiles in HotSpot mode of GraalVM EE! As such I introduced -Dgraal.ProfilesCollectExperimental=true option that collects the profiling data and exposes them via dedicated Graal compiler JMX bean. The option can even be turned on remotely, when needed.

With this kind of setup the whole orchestration of the containers is simplified. Developement produces JAR files of the application and operations can distribute them to [Docker]] containers. When needed, they can selectively enable the profiles gathering via a remote JMX connection. Later they can retrieve the collected data via the same JMX connection and provide them back to development to use them when generating the final NativeImage binary.

This all was working in GraalVM EE 1.0 RC14. Since RC15 it needs an additional option --jvmci:-UseNativeCompiler to (temporarily) disable the libgraal compiler.


Universal Secure Scripting API

Nashorn got deprecated in JDK11. As such the NetBeans community started to seek a replacement. I started to work on universal Scripting API. There was no need to hurry until CVE-2018-17191 was reported. Then we needed an immediate action. The community tried to empower Rhino, but at the end we settled with a secured solution based on Nashorn with the path paved to switch to Graal.js - the scripting engine based on GraalVM and Truffle.

Graal.js has been fully relicensed to a benevolent Universal Public License. That allowed NetBeans 11 to include Graal.js and offer it as a JavaScript engine that one can request via the Scripting API. The goal is to use the Graal.js engine everywhere instead of deprecated Nashorn. That however required me to further stress the security part of the story. I decided to tighten up the JavaScript access to Java code by implementing HostAccess and setting the default to EXPLICIT. That shall prevent accidental access to various Java methods by following the rule of least privilege. E.g. only methods annotated by @Explicit annotation are exposed to the potentially vulnerable script.

The Scripting is universal. E.g. it allows one to embed any language, not just JavaScript as the following tutorial in package-summary shows.

Fixing the vulnerability, polishing Graal.js and Truffle for inclusion into NetBeans kept me busy for half a year. Switching NetBeans to the latest version of GraalVM still remains on my TODO list.

Write JNI in Java with SubstrateVM

    • API improvement: StackValue.get(clazz)
    • Forget Go! Go, Java, go! - Panama now.
    • Matrix the Ultimate sample demonstrates interaction between JVM and Native Java
  • Graal.js maven archetype
Personal tools
buy