Native executable running in Docker does not detect container limits

[sophokles73]

I have built a native executable from a simple Java class using the native-image tool

The class prints cgroup related information to the console and then outputs the VM's max heap and number of available processors as reported by Runtime.getRuntime().maxMemory() and Runtime.getRuntime().availableProcessors(). I have then put the native executable into a Docker image and run it with memory and CPU limits set to 100m and 1.0 (CPUs) respectively. However, the native executable outputs the memory (25GB) and CPUs (8) available on my host computer instead of the expected < 100m memory and 1 CPU.

Steps to reproduce

run the pre-built Docker image

docker run -it --rm --memory 100m --memory-swap 100m --cpus 1.0 sophokles73/graal-test:22.0.0.DEV /opt/app/graal-test

or

build from source

1. git clone https://github.com/sophokles73/graal-test
2. follow the instructions in the README.md

My Environment

• OS: Ubuntu Linux 21.10 using cgroups v2
• Architecture: AMD64
• Docker: version 20.10.10
• JDK: OpenJDK 17
• GraalVM: 22.0.0-dev from https://github.com/graalvm/graalvm-ce-dev-builds/tree/22.0.0-dev-20211029_1932

Output from the native executable run in a container

This is the output when running the pre-built container on my machine

$ docker run -it --rm --memory 100m --memory-swap 100m --cpus 1.0 sophokles73/graal-test:22.0.0.DEV /opt/app/graal-test
/proc/self/mountinfo:
1275 950 0:72 / / rw,relatime - overlay overlay rw,lowerdir=/home/hak8fe/.local/share/docker/overlay2/l/ZM75ANKIU3TS2DY7DYAPWVOEC5:/home/hak8fe/.local/share/docker/overlay2/l/LSNH3RTDHHQAHFJLXHHFAVEQBQ:/home/hak8fe/.local/share/docker/overlay2/l/J4QYEKQZZWENMG2SS2QQESSDPP:/home/hak8fe/.local/share/docker/overlay2/l/OD56UXWKUJ7VLVBWVXIXG4I55L:/home/hak8fe/.local/share/docker/overlay2/l/ACIZWEHXS2F5TT7KZQJS67ERB6:/home/hak8fe/.local/share/docker/overlay2/l/4OSGVWBPGX6ONCKA6JLSBY2GGV:/home/hak8fe/.local/share/docker/overlay2/l/EPMOG6JHWDVUZEHSLX4DIYJBMT:/home/hak8fe/.local/share/docker/overlay2/l/O3KY6SD2NQV4EVPZMF3PJU6JQZ,upperdir=/home/hak8fe/.local/share/docker/overlay2/e71de9247592dab7748da271f5620c91d1b280eba12d191bed888a84e7c468e2/diff,workdir=/home/hak8fe/.local/share/docker/overlay2/e71de9247592dab7748da271f5620c91d1b280eba12d191bed888a84e7c468e2/work,userxattr
1276 1275 0:85 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
1277 1275 0:86 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,uid=1000,gid=1000,inode64
1278 1277 0:87 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666
1279 1275 0:88 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro
1280 1279 0:30 / /sys/fs/cgroup ro,nosuid,nodev,noexec,relatime - cgroup2 cgroup rw,nsdelegate,memory_recursiveprot
1281 1277 0:84 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
1282 1277 0:89 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k,uid=1000,gid=1000,inode64
1283 1275 253:1 /home/hak8fe/.local/share/docker/containers/cae83892252f5a2a56cf8237901a0b9a73f73dc0145ed88eee72109518f74f65/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
1284 1275 253:1 /home/hak8fe/.local/share/docker/containers/cae83892252f5a2a56cf8237901a0b9a73f73dc0145ed88eee72109518f74f65/hostname /etc/hostname rw,relatime - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
1285 1275 253:1 /home/hak8fe/.local/share/docker/containers/cae83892252f5a2a56cf8237901a0b9a73f73dc0145ed88eee72109518f74f65/hosts /etc/hosts rw,relatime - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
1286 1277 0:5 /null /dev/null rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1287 1277 0:5 /random /dev/random rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1288 1277 0:5 /full /dev/full rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1289 1277 0:5 /tty /dev/tty rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1290 1277 0:5 /zero /dev/zero rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1291 1277 0:5 /urandom /dev/urandom rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
951 1277 0:87 /0 /dev/console rw,nosuid,noexec,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666
970 1276 0:85 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
971 1276 0:85 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
972 1276 0:85 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
973 1276 0:85 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
974 1276 0:85 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
975 1276 0:90 / /proc/asound ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64
976 1276 0:91 / /proc/acpi ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64
977 1276 0:5 /null /proc/kcore rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
978 1276 0:5 /null /proc/keys rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
979 1276 0:5 /null /proc/timer_list rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
980 1276 0:92 / /proc/scsi ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64
981 1279 0:93 / /sys/firmware ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64

/proc/self/cgroup:
0::/

using cgroups v2 path: /sys/fs/cgroup

/sys/fs/cgroup/memory.events
low 0
high 0
max 0
oom 0
oom_kill 0

/sys/fs/cgroup/memory.events.local
low 0
high 0
max 0
oom 0
oom_kill 0

/sys/fs/cgroup/memory.swap.current
0

/sys/fs/cgroup/memory.swap.max
0

/sys/fs/cgroup/memory.swap.events
high 0
max 0
fail 0

/sys/fs/cgroup/memory.pressure
some avg10=0.00 avg60=0.00 avg300=0.00 total=0
full avg10=0.00 avg60=0.00 avg300=0.00 total=0

/sys/fs/cgroup/memory.current
1048576

/sys/fs/cgroup/memory.stat
anon 729088
file 0
kernel_stack 16384
pagetables 69632
percpu 288
sock 0
shmem 0
file_mapped 0
file_dirty 0
file_writeback 0
swapcached 0
anon_thp 0
file_thp 0
shmem_thp 0
inactive_anon 712704
active_anon 4096
inactive_file 0
active_file 0
unevictable 0
slab_reclaimable 96200
slab_unreclaimable 122488
slab 218688
workingset_refault_anon 0
workingset_refault_file 0
workingset_activate_anon 0
workingset_activate_file 0
workingset_restore_anon 0
workingset_restore_file 0
workingset_nodereclaim 0
pgfault 1496
pgmajfault 0
pgrefill 0
pgscan 0
pgsteal 0
pgactivate 0
pgdeactivate 0
pglazyfree 0
pglazyfreed 0
thp_fault_alloc 0
thp_collapse_alloc 0

/sys/fs/cgroup/memory.low
0

/sys/fs/cgroup/memory.swap.high
max

/sys/fs/cgroup/memory.numa_stat
anon N0=540672
file N0=0
kernel_stack N0=36864
pagetables N0=0
shmem N0=0
file_mapped N0=0
file_dirty N0=0
file_writeback N0=0
swapcached N0=0
anon_thp N0=0
file_thp N0=0
shmem_thp N0=0
inactive_anon N0=405504
active_anon N0=0
inactive_file N0=0
active_file N0=0
unevictable N0=0
slab_reclaimable N0=0
slab_unreclaimable N0=0
workingset_refault_anon N0=0
workingset_refault_file N0=0
workingset_activate_anon N0=0
workingset_activate_file N0=0
workingset_restore_anon N0=0
workingset_restore_file N0=0
workingset_nodereclaim N0=0

/sys/fs/cgroup/memory.min
0

/sys/fs/cgroup/memory.oom.group
0

/sys/fs/cgroup/memory.max
104857600

/sys/fs/cgroup/memory.high
max

/sys/fs/cgroup/cpu.weight
100

/sys/fs/cgroup/cpu.stat
usage_usec 79535
user_usec 58604
system_usec 20930
nr_periods 3
nr_throttled 0
throttled_usec 0

/sys/fs/cgroup/cpu.weight.nice
0

/sys/fs/cgroup/cpu.pressure
some avg10=0.00 avg60=0.00 avg300=0.00 total=882
full avg10=0.00 avg60=0.00 avg300=0.00 total=882

/sys/fs/cgroup/cpu.max
100000 100000

/sys/fs/cgroup/cpu.uclamp.min
0.00

/sys/fs/cgroup/cpu.uclamp.max
max

running on Java VM [version: 17, name: Substrate VM, vendor: Oracle Corporation, max memory: 25567MiB, processors: 8]

Output from the class when run in a container using OpenJDK 17

$ docker run -it --rm --memory 100m --memory-swap 100m --cpus 1.0 sophokles73/graal-test:22.0.0.DEV java -jar graal-test.jar
/proc/self/mountinfo:
1275 950 0:72 / / rw,relatime - overlay overlay rw,lowerdir=/home/hak8fe/.local/share/docker/overlay2/l/D34ATOUVV32LOH3W25NFY75LAO:/home/hak8fe/.local/share/docker/overlay2/l/LSNH3RTDHHQAHFJLXHHFAVEQBQ:/home/hak8fe/.local/share/docker/overlay2/l/J4QYEKQZZWENMG2SS2QQESSDPP:/home/hak8fe/.local/share/docker/overlay2/l/OD56UXWKUJ7VLVBWVXIXG4I55L:/home/hak8fe/.local/share/docker/overlay2/l/ACIZWEHXS2F5TT7KZQJS67ERB6:/home/hak8fe/.local/share/docker/overlay2/l/4OSGVWBPGX6ONCKA6JLSBY2GGV:/home/hak8fe/.local/share/docker/overlay2/l/EPMOG6JHWDVUZEHSLX4DIYJBMT:/home/hak8fe/.local/share/docker/overlay2/l/O3KY6SD2NQV4EVPZMF3PJU6JQZ,upperdir=/home/hak8fe/.local/share/docker/overlay2/2963fb0fe153540564b9b0c7459513e3b24dffd80ed960c6f9b67b9fca75fdcd/diff,workdir=/home/hak8fe/.local/share/docker/overlay2/2963fb0fe153540564b9b0c7459513e3b24dffd80ed960c6f9b67b9fca75fdcd/work,userxattr
1276 1275 0:85 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
1277 1275 0:86 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,uid=1000,gid=1000,inode64
1278 1277 0:87 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666
1279 1275 0:88 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro
1280 1279 0:30 / /sys/fs/cgroup ro,nosuid,nodev,noexec,relatime - cgroup2 cgroup rw,nsdelegate,memory_recursiveprot
1281 1277 0:84 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
1282 1277 0:89 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k,uid=1000,gid=1000,inode64
1283 1275 253:1 /home/hak8fe/.local/share/docker/containers/c853a9dd4b4a28c07ee9e406a82534630064fff68146d93dc816fc72977ebad4/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
1284 1275 253:1 /home/hak8fe/.local/share/docker/containers/c853a9dd4b4a28c07ee9e406a82534630064fff68146d93dc816fc72977ebad4/hostname /etc/hostname rw,relatime - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
1285 1275 253:1 /home/hak8fe/.local/share/docker/containers/c853a9dd4b4a28c07ee9e406a82534630064fff68146d93dc816fc72977ebad4/hosts /etc/hosts rw,relatime - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro
1286 1277 0:5 /null /dev/null rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1287 1277 0:5 /random /dev/random rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1288 1277 0:5 /full /dev/full rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1289 1277 0:5 /tty /dev/tty rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1290 1277 0:5 /zero /dev/zero rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
1291 1277 0:5 /urandom /dev/urandom rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
951 1277 0:87 /0 /dev/console rw,nosuid,noexec,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666
970 1276 0:85 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
971 1276 0:85 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
972 1276 0:85 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
973 1276 0:85 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
974 1276 0:85 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
975 1276 0:90 / /proc/asound ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64
976 1276 0:91 / /proc/acpi ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64
977 1276 0:5 /null /proc/kcore rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
978 1276 0:5 /null /proc/keys rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
979 1276 0:5 /null /proc/timer_list rw,nosuid,relatime master:2 - devtmpfs udev rw,size=16305404k,nr_inodes=4076351,mode=755,inode64
980 1276 0:92 / /proc/scsi ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64
981 1279 0:93 / /sys/firmware ro,relatime - tmpfs tmpfs ro,uid=1000,gid=1000,inode64

/proc/self/cgroup:
0::/

using cgroups v2 path: /sys/fs/cgroup

/sys/fs/cgroup/memory.events
low 0
high 0
max 0
oom 0
oom_kill 0

/sys/fs/cgroup/memory.events.local
low 0
high 0
max 0
oom 0
oom_kill 0

/sys/fs/cgroup/memory.swap.current
0

/sys/fs/cgroup/memory.swap.max
0

/sys/fs/cgroup/memory.swap.events
high 0
max 0
fail 0

/sys/fs/cgroup/memory.pressure
some avg10=0.00 avg60=0.00 avg300=0.00 total=0
full avg10=0.00 avg60=0.00 avg300=0.00 total=0

/sys/fs/cgroup/memory.current
14708736

/sys/fs/cgroup/memory.stat
anon 10010624
file 3624960
kernel_stack 229376
pagetables 278528
percpu 288
sock 0
shmem 0
file_mapped 237568
file_dirty 32768
file_writeback 0
swapcached 0
anon_thp 0
file_thp 0
shmem_thp 0
inactive_anon 9932800
active_anon 4096
inactive_file 32768
active_file 3592192
unevictable 0
slab_reclaimable 162768
slab_unreclaimable 222064
slab 384832
workingset_refault_anon 0
workingset_refault_file 877
workingset_activate_anon 0
workingset_activate_file 877
workingset_restore_anon 0
workingset_restore_file 0
workingset_nodereclaim 0
pgfault 4308
pgmajfault 32
pgrefill 0
pgscan 0
pgsteal 0
pgactivate 0
pgdeactivate 0
pglazyfree 0
pglazyfreed 0
thp_fault_alloc 0
thp_collapse_alloc 0

/sys/fs/cgroup/memory.low
0

/sys/fs/cgroup/memory.swap.high
max

/sys/fs/cgroup/memory.numa_stat
anon N0=9461760
file N0=3244032
kernel_stack N0=184320
pagetables N0=0
shmem N0=0
file_mapped N0=270336
file_dirty N0=0
file_writeback N0=0
swapcached N0=0
anon_thp N0=0
file_thp N0=0
shmem_thp N0=0
inactive_anon N0=9596928
active_anon N0=0
inactive_file N0=0
active_file N0=3244032
unevictable N0=0
slab_reclaimable N0=0
slab_unreclaimable N0=0
workingset_refault_anon N0=0
workingset_refault_file N0=792
workingset_activate_anon N0=0
workingset_activate_file N0=792
workingset_restore_anon N0=0
workingset_restore_file N0=0
workingset_nodereclaim N0=0

/sys/fs/cgroup/memory.min
0

/sys/fs/cgroup/memory.oom.group
0

/sys/fs/cgroup/memory.max
104857600

/sys/fs/cgroup/memory.high
max

/sys/fs/cgroup/cpu.weight
100

/sys/fs/cgroup/cpu.stat
usage_usec 233669
user_usec 190397
system_usec 43272
nr_periods 4
nr_throttled 1
throttled_usec 12350

/sys/fs/cgroup/cpu.weight.nice
0

/sys/fs/cgroup/cpu.pressure
some avg10=0.00 avg60=0.00 avg300=0.00 total=7834
full avg10=0.00 avg60=0.00 avg300=0.00 total=7827

/sys/fs/cgroup/cpu.max
100000 100000

/sys/fs/cgroup/cpu.uclamp.min
0.00

/sys/fs/cgroup/cpu.uclamp.max
max

running on Java VM [version: 17, name: OpenJDK 64-Bit Server VM, vendor: Eclipse Adoptium, max memory: 48MiB, processors: 1]

Output of native-image when creating the native executable

Executing: /home/hak8fe/graalvm-ce-java17-22.0.0-dev/bin/native-image -cp /home/hak8fe/git/graal-test/target/graal-test-0.0.1-SNAPSHOT.jar --native-image-info --no-fallback --verbose --static --libc=glibc -H:Class=io.bosch.graal.GraalTest -H:Name=graal-test
Executing [
/home/hak8fe/graalvm-ce-java17-22.0.0-dev/bin/java \
-XX:+UseParallelGC \
-XX:+UnlockExperimentalVMOptions \
-XX:+EnableJVMCI \
-Dtruffle.TrustAllTruffleRuntimeProviders=true \
-Dtruffle.TruffleRuntime=com.oracle.truffle.api.impl.DefaultTruffleRuntime \
-Dgraalvm.ForcePolyglotInvalid=true \
-Dgraalvm.locatorDisabled=true \
-Dsubstratevm.IgnoreGraalVersionCheck=true \
--add-exports=java.base/com.sun.crypto.provider=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.access.foreign=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.event=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.loader=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.logger=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.misc=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.module=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.org.xml.sax.helpers=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.perf=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.platform=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.ref=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.reflect=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.util.xml.impl=ALL-UNNAMED \
--add-exports=java.base/jdk.internal.util.xml=ALL-UNNAMED \
--add-exports=java.base/sun.invoke.util=ALL-UNNAMED \
--add-exports=java.base/sun.nio.ch=ALL-UNNAMED \
--add-exports=java.base/sun.reflect.annotation=ALL-UNNAMED \
--add-exports=java.base/sun.reflect.generics.reflectiveObjects=ALL-UNNAMED \
--add-exports=java.base/sun.reflect.generics.repository=ALL-UNNAMED \
--add-exports=java.base/sun.reflect.generics.tree=ALL-UNNAMED \
--add-exports=java.base/sun.security.jca=ALL-UNNAMED \
--add-exports=java.base/sun.security.provider=ALL-UNNAMED \
--add-exports=java.base/sun.security.util=ALL-UNNAMED \
--add-exports=java.base/sun.text.spi=ALL-UNNAMED \
--add-exports=java.base/sun.util.calendar=ALL-UNNAMED \
--add-exports=java.base/sun.util.locale.provider=ALL-UNNAMED \
--add-exports=java.base/sun.util.resources=ALL-UNNAMED \
--add-exports=java.management/sun.management=ALL-UNNAMED \
--add-exports=java.xml.crypto/org.jcp.xml.dsig.internal.dom=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.aarch64=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.amd64=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.code.site=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.code.stack=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.code=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.common=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.hotspot.aarch64=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.hotspot.amd64=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.hotspot=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.meta=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.runtime=ALL-UNNAMED \
--add-exports=jdk.internal.vm.ci/jdk.vm.ci.services=ALL-UNNAMED \
--add-exports=jdk.jfr/jdk.jfr.events=ALL-UNNAMED \
--add-exports=jdk.jfr/jdk.jfr.internal.consumer=ALL-UNNAMED \
--add-exports=jdk.jfr/jdk.jfr.internal.handlers=ALL-UNNAMED \
--add-exports=jdk.jfr/jdk.jfr.internal.jfc=ALL-UNNAMED \
--add-exports=jdk.jfr/jdk.jfr.internal=ALL-UNNAMED \
-XX:+UseJVMCINativeLibrary \
-Xss10m \
-Xms1g \
-Xmx14g \
-Duser.country=US \
-Duser.language=en \
-Djava.awt.headless=true \
-Dorg.graalvm.version=22.0.0-dev \
-Dorg.graalvm.config=CE \
-Dcom.oracle.graalvm.isaot=true \
-Djava.system.class.loader=com.oracle.svm.hosted.NativeImageSystemClassLoader \
-Xshare:off \
-Djdk.internal.lambda.disableEagerInitialization=true \
-Djdk.internal.lambda.eagerlyInitialize=false \
-Djava.lang.invoke.InnerClassLambdaMetafactory.initializeLambdas=false \
-javaagent:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/svm.jar \
-cp \
/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/llvm-wrapper-shadowed.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/javacpp-shadowed.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/native-image-base.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/svm-llvm.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/llvm-platform-specific-shadowed.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/svm.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/pointsto.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/builder/objectfile.jar \
--module-path \
/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/truffle/truffle-api.jar \
'com.oracle.svm.hosted.NativeImageGeneratorRunner$JDK9Plus' \
-watchpid \
43610 \
-imagecp \
/home/hak8fe/git/graal-test/target/graal-test-0.0.1-SNAPSHOT.jar:/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/library-support.jar \
-H:Path=/home/hak8fe/git/graal-test/target \
-H:+DumpTargetInfo \
-H:FallbackThreshold=0 \
-H:+StaticExecutable \
-H:UseLibC=glibc \
-H:Class=io.bosch.graal.GraalTest \
-H:Name=graal-test \
-H:CLibraryPath=/home/hak8fe/graalvm-ce-java17-22.0.0-dev/lib/svm/clibraries/linux-amd64
]
[graal-test:43633]    classlist:   1,083.16 ms,  0.96 GB
[graal-test:43633]        (cap):     576.08 ms,  0.96 GB
[graal-test:43633]        setup:   2,288.49 ms,  0.96 GB
# Printing compilation-target information to: /home/hak8fe/git/graal-test/target/reports/target_info_20211105_171708.txt
[graal-test:43633]     (clinit):     209.58 ms,  2.34 GB
# Printing native-library information to: /home/hak8fe/git/graal-test/target/reports/native_library_info_20211105_171721.txt
[graal-test:43633]   (typeflow):   3,892.75 ms,  2.34 GB
[graal-test:43633]    (objects):   8,083.45 ms,  2.34 GB
[graal-test:43633]   (features):     575.43 ms,  2.34 GB
[graal-test:43633]     analysis:  13,339.85 ms,  2.34 GB
[graal-test:43633]     universe:     990.22 ms,  2.34 GB
[graal-test:43633]      (parse):     815.24 ms,  2.34 GB
[graal-test:43633]     (inline):   1,431.44 ms,  2.35 GB
[graal-test:43633]    (compile):  11,585.43 ms,  4.63 GB
[graal-test:43633]      compile:  14,728.54 ms,  4.63 GB
[graal-test:43633]        image:   1,492.04 ms,  4.63 GB
[graal-test:43633]        write:     331.78 ms,  4.63 GB
[graal-test:43633]      [total]:  34,489.88 ms,  4.63 GB
# Printing build artifacts to: /home/hak8fe/git/graal-test/target/graal-test.build_artifacts.txt

Docker environment

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 170
 Server Version: 20.10.10
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
  userxattr: true
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  rootless
  cgroupns
 Kernel Version: 5.13.0-20-generic
 Operating System: Ubuntu 21.10
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 31.21GiB
 Name: luke
 ID: YFE6:UTDO:BULL:Z4OC:UXHD:6TH7:JCYD:YEML:PLHU:5WGS:MD72:JRTT
 Docker Root Dir: /home/hak8fe/.local/share/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

[oubidar-Abderrahim]

Thank you for reporting this, we will take a look into it and get back to you

[sophokles73]

@oubidar-Abderrahim any news on this?

[jerboaa]

You can assign this bug to me @oubidar-Abderrahim if you want.

[jerboaa]

This seems to be related to build time initialization of certain container/cgroup classes. ContainerInfo seems to be one candidate which would need runtime init instead. It looks to me the quota/period settings (which --cpus translates to) are being looked up on the hosted platform which seems incorrect.

[jerboaa]

Yep:

$ sudo podman run --rm -ti --memory 100m --memory-swap 100m --cpus 1.0 -v $(pwd):/opt/test:z fedora:35
[root@a3b0e269d3ff /]# /opt/test/testcontainerlimits 
running on Java VM [version: 11.0.13, name: Substrate VM, vendor: Oracle Corporation, max memory: 80MiB, processors: 1]

[oubidar-Abderrahim]

Sorry I had some issues with docker and reproducing the issue and it took to long, Thanks @jerboaa I'll assign it to you

[jerboaa]

This is sufficient to reproduce:

$ cat TestContainerLimits.java
public class TestContainerLimits {
    public static void main(String[] args) {
        System.out.printf("running on Java VM [version: %s, name: %s, vendor: %s, max memory: %dMiB, processors: %d]%s",
                System.getProperty("java.version"),
                System.getProperty("java.vm.name"),
                System.getProperty("java.vm.vendor"),
                Runtime.getRuntime().maxMemory() >> 20,
                Runtime.getRuntime().availableProcessors(),
                System.lineSeparator());
    }
}
$ javac TestContainerLimits
$ native-image TestContainerLimits
[...]
$ ./testcontainerlimits 
running on Java VM [version: 11.0.13, name: Substrate VM, vendor: Oracle Corporation, max memory: 3836MiB, processors: 4]
$ sudo podman run --rm -ti --memory 100m --memory-swap 100m --cpus 1.0 -v $(pwd):/opt/test:z fedora:35
[root@074e0336c0da test]# /opt/test/testcontainerlimits 
running on Java VM [version: 11.0.13, name: Substrate VM, vendor: Oracle Corporation, max memory: 3836MiB, processors: 4]

The last line is supposed to report [...] processors: 1 but it reports the same as outside the container (with no limits).

[sophokles73]

@jerboaa yes, and it should also report the limited amount of memory (100m) instead of the 4GB outside of the container ...

[jerboaa]

@jerboaa yes, and it should also report the limited amount of memory (100m) instead of the 4GB outside of the container ...

Yes, thanks. Note that Runtime.getRuntime().maxMemory() is not a good indicator of that, though. The container limit is supposed to represent the total available memory (including native), while maxMemory() is the maximum heap size. Thus, it'll always be less than that in the reporting.

[jerboaa]

This is a cgroup v2 specific issue where the container detection code ported from OpenJDK contained a bug. I'll see if I can craft a regression test for this.

[jerboaa]

Suggested fix with regression test in: https://github.com/oracle/graal/pull/4195

[jerboaa]

@oubidar-Abderrahim Could you please help find reviewers for the suggested PR, please?

[jerboaa]

Ah, nvm, Paul assigned Aleksandar.

[jerboaa]

@sophokles73 Feel free to try your reproducer with the latest 22.0 dev builds from here:

https://github.com/graalvm/graalvm-ce-dev-builds/releases/tag/22.1.0-dev-20220126_0118

Issue should be fixed. Please let me know if not.

[sophokles73]

@jerboaa I have tested the latest 22.1.0 dev graal vm with my reproducer and this works as expected :-)

Thanks a lot!

[jerboaa]

@jerboaa I have tested the latest 22.1.0 dev graal vm with my reproducer and this works as expected :-)

Thanks a lot!

Anytime. Thanks for verifying. Appreciate it!