Deep Dive: GraalVM in Practice (recording)
-
GraalVM components π°
-
Migrating an app to GraalVM π€ π©βπ» spring-petclinic
- π©βπ» use Native Build Tools π οΈ
- π©βπ» basic performance measurements with
timeπ
-
Reflection and Using libraries π
- Basic Use: configuration not needed or automatically provided
- A library might be designed to be Native-Image friendly out of the box;
- A library might add config files to its source code;
- Library configuration can be provided via GraalVM Reachability Metadata Repository;
- Recommended: use
-H:Preserve - Recommended: Use Dynamic Access Report
- Advanced use: programatic or semi-automatic configuration registration
- You can programmatically generate configuration via framework annotations, such as
@ReflectiveAccessπ©βπ» native-micronaut-reflection - You can use Native Image's Tracing Agent (
java -agentlib:native-image-agent -jar ./target/demo.jar) - You can provide configuration manually via json
- You can programmatically generate configuration via framework annotations, such as
- Crema
- Basic Use: configuration not needed or automatically provided
-
Performance optimizations π
- Overview of compiler optimization levels
- π©βπ» PGO π©βπ» spring-petclinic
- ML-enabled PGO (in
-O3)
- ML-enabled PGO (in
- G1 GC π©βπ»
-march=native- Memory management (
xmx) - Demo: spring-petclinic
- Advanced level
- Flamegraph in build reports π©βπ»
- You can use LCOV tooling to visualize PGO profiles
- Build with
--pgo-instrument -H:+ProfilingLCOV - Run with
./target/spring-petclinic-instrumented-lcov - Visualize in the tooling of your choice, e.g.
genhtml
- Build with
-
perf stat./target/spring-petclinic-optimized`
-
Testing π¨βπ¬
- You can your tests in the native mode
- Fine-grained JUnit support for flexibility:
@EnabledInNativeImage,@DisabledInNativeImage - Specifically test in your CI/CD and when adding new dependencies
- Look at framework modules, such as Micronaut Test Resources or Quarkus Dev Services
-
Deployment π¦
- π©βπ» Packaging and linking options
- Dynamic linking: smallest binaries, fastest builds, no special toolchain. Needs shared libs provided by the excution platform.
- Mostly-static: statically links everything except the C standard library (libc). Fewer runtime dependencies, smaller than fully static, but still requires libc and not as portable as fully static.
- Fully static: fully self-contained, runs on scratch, highly portable. Larger binaries, requires recompiling for both code & patch updates.
- Demo: π©βπ» native-spring-boot
docker images | grep "native-spring"
- Recipe for the smallest container images: Native | Static | From scratch | Optimize for size
- You can scan the images for vulnerabilities & packages π‘οΈ
- Buildpacks
- GitHub actions
- π©βπ» Packaging and linking options
-
Monitoring π
- Micrometer, for example Micronaut Micrometer
jvmstat- JFR, JMX,
jcmd - Cloud vendors solutions
-
GraalVM 25 π°
- Zero configuration migration with
-H:Preserve=all - Taking it one step further: use the new tracing agent to produce precise configuration with
-XX:TraceMetadata=path= - Security π‘οΈ
- Security by design and by default
- SBOM options:
--enable-sbom=[embed|export|classpath|class-level]- π©βπ» Vulnerability Scanning
grype:native-image-inspect --sbom ./target/demo-sbom | grype -v
- π©βπ» SBOM support: exposing in Spring Actuator
- Demo: native-spring-boot-sbom
- Adavanced obfuscation:
-H:AdvancedObfuscation=
- Tooling: Build reports π οΈ
- Refined ML profile inference for even higher performance out of the box, on by default in
-03- Enable in
-O2:-H:+MLProfileInferenceUseGNNModel
- Enable in
- Use ML for smaller executables:
-H:+MLCallCountProfileInference - Fast PIE with
-H:+RelativeCodePointersnative-micronaut-reflection - FFM and Vector API support updates
- DX updates π οΈ
- Embedding Python π©βπ» airline-demo
- Zero configuration migration with
-
Future work π©βπ¬