Polyglot sandbox on GraalOS.

Author: tzezula

docs/reference-manual/embedding/embed-languages.md

@@ -745,6 +745,17 @@ public class PolyglotIsolate {
 }
 ```
 
+Starting from GraalVM 25.0, a polyglot isolate can be launched in a separate external sub-process by setting the `--engine.IsolateMode=external` option.
+This allows the isolate to run in a fully separate OS process, providing an additional level of isolation. The default mode remains `internal`, which uses a Native Image isolate embedded in the same process.
+
+```java
+Context context = Context.newBuilder("js")
+			  .allowHostAccess(HostAccess.SCOPED)
+			  .option("engine.SpawnIsolate", "true")
+			  .option("engine.IsolateMode", "external")
+			  .build()
+```
+
 Currently, the following languages are available as polyglot isolates:
 
 | Language                      | Available from |

sdk/CHANGELOG.md

@@ -11,6 +11,7 @@ This changelog summarizes major changes between GraalVM SDK versions. The main f
 * GR-61448 Compilation id (`CompId`) was added to the `opt done` truffle compilation logs. This id matches the compilation id in the output of deoptimization, compilation and code cache logs on HotSpot and SubstrateVM.
 * GR-31495 Added the ability to specify language and instrument specific options using `Source.Builder.option(String, String)`. See the language and or tool specific documentation for available options. Available source options may also be reflected using `Instrument.getSourceOptions()` and `Language.getSourceOptions()`.
 * GR-55223 The option sandbox.MaxStackFrames is no longer mandatory for the UNTRUSTED polyglot sandbox policy thanks to improved deoptimization handling of compiled code.
+* GR-22699(EE-only) Added the ability to spawn `Engine` or `Context` isolated in a separate process by setting `Context.Builder.option("engine.IsolateMode", "external").`.
 
 ## Version 24.2.0
 * GR-54905 When using Truffle NFI with the Panama backend, native access must now be granted to the Truffle module instead of the NFI Panama module. Use the `--enable-native-access=org.graalvm.truffle` Java command line option to enable the native access for the NFI Panama backend.

sdk/mx.sdk/mx_sdk.py

@@ -50,7 +50,10 @@
 import pathlib
 import mx_sdk_benchmark # pylint: disable=unused-import
 import mx_sdk_clangformat # pylint: disable=unused-import
+import argparse
 import datetime
+import shutil
+import tempfile
 from mx_bisect import define_bisect_default_build_steps
 from mx_bisect_strategy import BuildStepsGraalVMStrategy
 
@@ -366,3 +369,52 @@ def maven_deploy_public(args, licenses=None, deploy_snapshots=True):
     mx.maven_deploy(deploy_args)
     mx.log(f'Deployed Maven artefacts to {path}')
     return path
+
+@mx.command(_suite.name, 'nativebridge-benchmark')
+def nativebridge_benchmark(args):
+    parser = argparse.ArgumentParser(prog='mx nativebridge-benchmark', description='Executes nativebridge benchmarks',
+                            usage='mx nativebridge-benchmark [--target-folder <folder> | --isolate-library <isolate-library> | mode+]')
+    parser.add_argument('--target-folder', help='Folder where the benchmark isolate library will be generated.', default=None)
+    parser.add_argument('--isolate-library', help='Use the given isolate library.', default=None)
+    parsed_args, args = parser.parse_known_args(args)
+
+    jdk = mx.get_jdk(tag='graalvm')
+    benchmark_dist = mx.distribution('NATIVEBRIDGE_BENCHMARK')
+    isolate_library = parsed_args.isolate_library if parsed_args.isolate_library else None
+    try:
+        if not isolate_library:
+            native_image_path = jdk.exe_path('native-image')
+            if not os.path.exists(native_image_path):
+                native_image_path = os.path.join(jdk.home, 'bin', mx.cmd_suffix('native-image'))
+            if not os.path.exists(native_image_path):
+                mx.abort(f"No native-image installed in GraalVM {jdk.home}. Switch to an environment that has an installed native-image command.")
+
+            target_dir = parsed_args.target_folder if parsed_args.target_folder else tempfile.mkdtemp()
+            target = os.path.join(target_dir, "bench")
+            native_image_args = mx.get_runtime_jvm_args(benchmark_dist, jdk=jdk) + [
+                '--shared',
+                '--initialize-at-build-time=org.graalvm.processisolate.api,org.graalvm.processisolate.common,org.graalvm.processisolate.impl',
+                '',
+                '-o',
+                target
+            ]
+            mx.run([native_image_path] + native_image_args)
+            for n in os.listdir(target_dir):
+                _, ext = os.path.splitext(n)
+                if ext in ('.so', '.dylib', '.dll'):
+                    isolate_library = os.path.join(target_dir, n)
+                    break
+
+        launcher_project = mx.project('org.graalvm.nativebridge.launcher')
+        launcher = next(launcher_project.getArchivableResults(single=True))[0]
+        java_args = mx.get_runtime_jvm_args(benchmark_dist, jdk=jdk) + [
+            '--enable-native-access=ALL-UNNAMED',
+            'org.graalvm.nativebridge.benchmark.Main',
+            launcher,
+            isolate_library
+        ] + args
+        mx.run_java(java_args, jdk=jdk)
+    finally:
+        if not parsed_args.isolate_library and not parsed_args.target_folder:
+            shutil.rmtree(target_dir)
+

sdk/mx.sdk/suite.py

@@ -622,6 +622,51 @@
       "testProject" : True,
       "graalCompilerSourceEdition": "ignore",
     },
+    "org.graalvm.nativebridge.benchmark": {
+      "subDir" : "src",
+      "sourceDirs" : ["src"],
+      "dependencies" : [
+        "NATIVEBRIDGE",
+      ],
+      "annotationProcessors" : [
+        "NATIVEBRIDGE_PROCESSOR",
+      ],
+      "checkstyle" : "org.graalvm.word",
+      "javaCompliance" : "17+",
+      "workingSets" : "Graal,Test",
+      "jacoco" : "exclude",
+      "testProject" : True,
+      "graalCompilerSourceEdition": "ignore",
+    },
+    "org.graalvm.nativebridge.launcher": {
+      "subDir": "src",
+      "native": "executable",
+      "deliverable": "launcher",
+      "use_jdk_headers": True,
+      "buildDependencies": [
+      ],
+      "os_arch": {
+        "windows": {
+          "<others>": {
+            "cflags": ["/std:c++17"]
+          }
+        },
+        "linux": {
+          "<others>": {
+            "toolchain": "sdk:LLVM_NINJA_TOOLCHAIN",
+            "cflags": ["-std=c++17", "-g", "-Wall", "-Werror", "-D_GNU_SOURCE", "-stdlib=libc++"],
+            "ldlibs": ["-ldl", "-pthread", "-stdlib=libc++", "-static-libstdc++", "-l:libc++abi.a"],
+          },
+        },
+        "darwin": {
+          "<others>": {
+            "cflags": ["-std=c++17", "-g", "-Wall", "-Werror", "-pthread", "-ObjC++"],
+            "ldlibs": ["-ldl", "-pthread", "-framework", "Foundation"],
+          },
+        },
+      },
+      "graalCompilerSourceEdition": "ignore",
+    },
     "org.graalvm.toolchain.test" : {
       "class" : "ToolchainTestProject",
       "subDir" : "src",
@@ -1192,6 +1237,24 @@ class UniversalDetector {
       "distDependencies" : [],
       "maven": False,
     },
+    "NATIVEBRIDGE_LAUNCHER_RESOURCES": {
+      "type": "dir",
+      "platformDependent": True,
+      "platforms": [
+          "linux-amd64",
+          "linux-aarch64",
+          "darwin-amd64",
+          "darwin-aarch64",
+          "windows-amd64",
+          "windows-aarch64",
+      ],
+      "layout": {
+        "external_isolate/": "dependency:org.graalvm.nativebridge.launcher",
+      },
+      "description": "Contains a launcher for process isolated polyglot.",
+      "maven": False,
+      "graalCompilerSourceEdition": "ignore",
+    },
     "NATIVEBRIDGE_PROCESSOR_TEST" : {
       "subDir" : "src",
       "dependencies" : [
@@ -1210,6 +1273,18 @@ class UniversalDetector {
       "testDistribution" : True,
       "graalCompilerSourceEdition": "ignore",
     },
+    "NATIVEBRIDGE_BENCHMARK": {
+      "subDir" : "src",
+      "dependencies" : [
+        "org.graalvm.nativebridge.benchmark"
+      ],
+      "distDependencies" : [
+        "NATIVEBRIDGE"
+      ],
+      "maven": False,
+      "testDistribution" : True,
+      "graalCompilerSourceEdition": "ignore",
+    },
     "RESOURCECOPY" : {
       "subDir" : "src",
       "dependencies" : [

sdk/src/org.graalvm.nativebridge.benchmark/src/META-INF/native-image/jni-config.json

@@ -0,0 +1,6 @@
+[
+  {
+	  "name": "org.graalvm.nativebridge.benchmark.ProcessIsolate",
+          "allDeclaredMethods": true
+  }
+]

sdk/src/org.graalvm.nativebridge.benchmark/src/META-INF/native-image/native-image.properties

@@ -0,0 +1 @@
+Args = --features=org.graalvm.nativebridge.benchmark.BenchmarkFeature

sdk/src/org.graalvm.nativebridge.benchmark/src/org/graalvm/nativebridge/benchmark/BenchmarkFactory.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * The Universal Permissive License (UPL), Version 1.0
+ *
+ * Subject to the condition set forth below, permission is hereby granted to any
+ * person obtaining a copy of this software, associated documentation and/or
+ * data (collectively the "Software"), free of charge and under any and all
+ * copyright rights in the Software, and any and all patent rights owned or
+ * freely licensable by each licensor hereunder covering either (i) the
+ * unmodified Software as contributed to or provided by such licensor, or (ii)
+ * the Larger Works (as defined below), to deal in both
+ *
+ * (a) the Software, and
+ *
+ * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+ * one is included with the Software each a "Larger Work" to which the Software
+ * is contributed by such licensors),
+ *
+ * without restriction, including without limitation the rights to copy, create
+ * derivative works of, display, perform, and distribute the Software and make,
+ * use, sell, offer for sale, import, export, have made, and have sold the
+ * Software and the Larger Work(s), and to sublicense the foregoing rights on
+ * either these or other terms.
+ *
+ * This license is subject to the following condition:
+ *
+ * The above copyright notice and either this complete permission notice or at a
+ * minimum a reference to the UPL must be included in all copies or substantial
+ * portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package org.graalvm.nativebridge.benchmark;
+
+import org.graalvm.nativebridge.GenerateHotSpotToNativeFactory;
+import org.graalvm.nativebridge.GenerateNativeToNativeFactory;
+import org.graalvm.nativebridge.GenerateProcessToProcessFactory;
+import org.graalvm.nativebridge.IsolateCreateException;
+import org.graalvm.nativebridge.NativeIsolateConfig;
+import org.graalvm.nativebridge.ProcessIsolateConfig;
+
+@GenerateHotSpotToNativeFactory(marshallers = BenchmarkMarshallerConfig.class, initialService = ForeignService.class)
+@GenerateNativeToNativeFactory(marshallers = BenchmarkMarshallerConfig.class, initialService = ForeignService.class)
+@GenerateProcessToProcessFactory(marshallers = BenchmarkMarshallerConfig.class, initialService = ForeignService.class, services = {
+                ForeignService.class
+})
+final class BenchmarkFactory {
+
+    static Service createNonIsolated() {
+        return new ServiceImplementation();
+    }
+
+    public static ForeignService createInternallyIsolated(NativeIsolateConfig config) throws IsolateCreateException {
+        return BenchmarkFactoryGen.create(config);
+    }
+
+    public static ForeignService createExternallyIsolated(ProcessIsolateConfig config) throws IsolateCreateException {
+        return BenchmarkFactoryGen.create(config);
+    }
+}

sdk/src/org.graalvm.nativebridge.benchmark/src/org/graalvm/nativebridge/benchmark/BenchmarkFeature.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * The Universal Permissive License (UPL), Version 1.0
+ *
+ * Subject to the condition set forth below, permission is hereby granted to any
+ * person obtaining a copy of this software, associated documentation and/or
+ * data (collectively the "Software"), free of charge and under any and all
+ * copyright rights in the Software, and any and all patent rights owned or
+ * freely licensable by each licensor hereunder covering either (i) the
+ * unmodified Software as contributed to or provided by such licensor, or (ii)
+ * the Larger Works (as defined below), to deal in both
+ *
+ * (a) the Software, and
+ *
+ * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+ * one is included with the Software each a "Larger Work" to which the Software
+ * is contributed by such licensors),
+ *
+ * without restriction, including without limitation the rights to copy, create
+ * derivative works of, display, perform, and distribute the Software and make,
+ * use, sell, offer for sale, import, export, have made, and have sold the
+ * Software and the Larger Work(s), and to sublicense the foregoing rights on
+ * either these or other terms.
+ *
+ * This license is subject to the following condition:
+ *
+ * The above copyright notice and either this complete permission notice or at a
+ * minimum a reference to the UPL must be included in all copies or substantial
+ * portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package org.graalvm.nativebridge.benchmark;
+
+import org.graalvm.jniutils.NativeBridgeSupport;
+import org.graalvm.nativeimage.ImageSingletons;
+import org.graalvm.nativeimage.hosted.Feature;
+
+public final class BenchmarkFeature implements Feature {
+
+    @Override
+    public void afterRegistration(AfterRegistrationAccess access) {
+        ImageSingletons.add(NativeBridgeSupport.class, new NativeBridgeSupportImpl());
+    }
+
+}