graalvm 2021-07-01 | Slack Archive

or maybe that's the wrong kind of class to be instrumenting, but same idea wherever

^^ better

Thanks, I'm playing around with this now. I'm not entirely sure what this patch is measuring. I changed ms to nanoseconds and also recorded the total nanoseconds. It looks like it doesn't count the static blocks in the __init.class, right?

borkdude09:07:12

Like here:

borkdude09:07:09

Now added the calls to the static block in the init classes:

borkdude10:07:31

The total probably isn't correct, I'm counting 18 seconds in total while the entire program takes 4. https://gist.github.com/borkdude/8472055bd5b5e3108b9dbb69debc3137

Alex Miller (Clojure team)13:07:59

it was counting the static initializer (clinit), which wraps the calls to the initN methods so you shouldn't count both

borkdude13:07:37

yes, I commented that out

borkdude13:07:52

you can see the edited patch at the bottom of the gist

Chris Lowe16:07:47

Hello all Any advice for registering BouncyCastle security providers? I’m attempting to use sshj with HolyLambda. I’m using HL’s `agent/in-context` mechanism to hit some ssh code which just performs an ls on a target machine. The image builds fine, but I get this at runtime:

Exception in thread "main" com.oracle.svm.core.jdk.UnsupportedFeatureError: Trying to verify a provider that was not registered at build time: BC version 1.68. All providers must be registered and verified in the Native Image builder.

I’ve seen this https://www.graalvm.org/reference-manual/native-image/JCASecurityServices/ that mentions a param called AdditionalSecurityProviders , but this is reported as not being a valid parameter name: my option:

-H:AdditionalSecurityProviders=org.bouncycastle.jce.provider.BouncyCastleProvider

Error: Could not find option 'AdditionalSecurityProviders'. Use -H:PrintFlags= to list all available options.

Is there anything else I can try?

borkdude16:07:09

@chris.lowe.uk You probably need the dev version for this new parameter.

borkdude16:07:22

https://github.com/graalvm/graalvm-ce-dev-builds/releases

borkdude16:07:11

Asking directly in the native image channel on the GraalVM slack may get you better info

borkdude16:07:19

@chris.lowe.uk > Can you try putting Provider bc = Security.getProvider("BC"); in a class initialized at build time, so it's detected and included automatically.

Chris Lowe17:07:37

@U04V15CAJ thank you for the suggestions I added this just below the ns definition:

(java.security.Security/addProvider (BouncyCastleProvider.))

(let [bcProvider (java.security.Security/getProvider "BC")]
  (println "BC" bcProvider)
  (java.security.Security/insertProviderAt bcProvider 1))

And I could see the output from BC during the build:

[output:23]    classlist:   6,816.77 ms,  2.04 GB
[output:23]        (cap):     592.64 ms,  2.04 GB
[output:23]        setup:   2,486.59 ms,  2.04 GB
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See  for further details.
BC #object[org.bouncycastle.jce.provider.BouncyCastleProvider 0x1474f301 BC version 1.68]
[output:23]     (clinit):   1,062.73 ms,  3.59 GB
[output:23]   (typeflow):  32,105.20 ms,  3.59 GB

But still no joy when executing in AWS:

Exception in thread "main" com.oracle.svm.core.jdk.UnsupportedFeatureError: Trying to verify a provider that was not registered at build time: BC version 1.68. All providers must be registered and verified in the Native Image builder.

borkdude17:07:32

I think it's better to ask directly in the native image channel on the GraalVM slack

borkdude17:07:43

https://graalvm.slack.com/archives/CN9KSFB40/p1625156929201300?thread_ts=1625154997.199200&cid=CN9KSFB40

Chris Lowe18:07:23

Will do. Thank you for the advice

borkdude16:07:35

How you can do this in Clojure: just make a top level def with this thing

👍 2

2021-07-01

Channels