Hermetic Java (static image packaging/formatting) investigation and proposal
Jiangli Zhou
jianglizhou at google.com
Mon Feb 13 20:50:01 UTC 2023
On Mon, Feb 13, 2023 at 4:01 AM Florian Weimer <fweimer at redhat.com> wrote:
> * Alan Bateman:
>
> > On 13/02/2023 09:58, Florian Weimer wrote:
> >> :
> >>> Yeah, the loadLibrary and friends need to be able look up built-in
> >>> libraries in the executable (within the image ELF section). The
> >>> existing JDK code is already able to handle built-in libraries
> >>> (partially). Please see more details for built-in native support in
> >>> earlier comments.
> >> I believe that will require a custom glibc patch that has not been
> >> upstreamed.
>
> > JEP 178 [1] added support for statically linking native libs. It might
> > be that this proposal builds on that.
>
> I was under the impression that it's about loading a separate DSO
> embedded in the main executable file, without copying out to the file
> system first. As far as I understand it, there is a mechanism that
> deals with this for the JAR case, but it requires the extra copy.
>
Florian,
The current proposal is built on top of the existing OpenJDK static
support. We did prototyping for the file embedded DSO approach (it worked
experimentally for Java in my test) and had multiple rounds of internal
discussions with the folks involved in C++ tool chain, profiling tools (and
kernel). We've determined that was not a desirable solution. Please see the
previous email for more details on the issues with file embedded DSOs
approach.
We also considered startup-time/install-time extraction. Based on the
feedback from other language usages in real production, extraction has real
production challenges in many cases, including (tmpfs) file system
configuration/management issues, possible security vulnerabilities, temp
space pollution, extraction conflicts, and etc. (thanks to the feedback
from other language experts from their experiences!). Those make the
extraction approach unattractive.
Best,
Jiangli
> Thanks,
> Florian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/leyden-dev/attachments/20230213/6916a448/attachment.htm>
More information about the leyden-dev
mailing list