SandboxPolicy.UNTRUSTED can't be used in multi-module SpringBoot based application with Oracle GraalVM

[KaminskiDaniel0]

Describe GraalVM and your environment :

• GraalVM version 23.1.2
• Java(TM) SE Runtime Environment Oracle GraalVM 21.0.2+13.1 (build 21.0.2+13-LTS-jvmci-23.1-b30)
• Apache Maven 3.8.7 (b89d5959fcde851dcb1c8946a785a163f14e1e29)
• Java version: 21.0.2, vendor: Oracle Corporation, runtime: /home/daniel/.sdkman/candidates/java/21.0.2-graal
• Default locale: de_DE, platform encoding: UTF-8
• OS name: "linux", version: "6.5.0-18-generic", arch: "amd64", family: "unix"
• The output of java -Xinternalversion:

  Java HotSpot(TM) 64-Bit Server VM (21.0.2+13-LTS-jvmci-23.1-b30) for linux-amd64 JRE (21.0.2+13-LTS-jvmci-23.1-b30), built on 2024-01-06T13:26:26Z by "buildslave" with gcc 11.2.0

Have you verified this issue still happens when using the latest snapshot? Yes, I am currently using the latest version of GraalVM

Describe the issue When running the Application.java an IllegalArgumentException occurs on building the engine that was configured to use the SandboxPolicy.UNTRUSTED.

This issue is also being discussed in this Slack-Thread.

Code snippet or code repository that reproduces the issue reproducer project Github repository

Steps to reproduce the issue Please include both build steps as well as run steps

1. Run base/src/main/java/com/dkaminski/base/Application.java Used with these VM-options:

   -Dspring.cloud.zookeeper.connect-string=localhost:2181
   -Dspring.data.mongodb.uri=mongodb://localhost:27017/base
   -Dspring.profiles.active=develop
   -Dtruffle.TruffleRuntime=com.oracle.truffle.api.impl.DefaultTruffleRuntime
   --module-path
   /home/daniel/github/graalvm-untrusted-sandboxpolicy-issue/base/target/graalvm-dependencies
   --add-modules
   org.graalvm.truffle.runtime
   --add-exports
   org.graalvm.truffle.compiler/com.oracle.truffle.compiler=org.graalvm.truffle.runtime
   -Dspring.threads.virtual.enabled=true
   -Djdk.tracePinnedThreads=full

   To ease reproducing this issue the zookeeper and mongodb arguments and application.properties can probably be removed. I locally have them running in a docker container but wanted to include them here anyways in order to setup the reproducer project as close to the original as possible.

Expected behavior The expected behavior is that the application runs without error and uses an engine with SandboxPolicy.UNTRUSTED.

Additional context Add any other context about the problem here. Specially important are stack traces or log output. Feel free to link to gists or to screenshots if necesary

Details

``` java.lang.IllegalArgumentException: The Builder.sandbox(SandboxPolicy) is set to UNTRUSTED, but the GraalVM community edition supports only sandbox policy TRUSTED or CONSTRAINED.In order to resolve this switch to a less strict sandbox policy using Builder.sandbox(SandboxPolicy). at org.graalvm.truffle/com.oracle.truffle.polyglot.PolyglotEngineException.illegalArgument(PolyglotEngineException.java:129) ~[truffle-api-23.1.2.jar:na] at org.graalvm.truffle/com.oracle.truffle.polyglot.PolyglotImpl.validateSandbox(PolyglotImpl.java:412) ~[truffle-api-23.1.2.jar:na] at org.graalvm.truffle/com.oracle.truffle.polyglot.PolyglotImpl.buildEngine(PolyglotImpl.java:293) ~[truffle-api-23.1.2.jar:na] at org.graalvm.polyglot/org.graalvm.polyglot.Engine$Builder.build(Engine.java:756) ~[polyglot-23.1.2.jar:na] at com.dkaminski.base.Application.run(Application.java:43) ~[classes/:na] at org.springframework.boot.SpringApplication.lambda$callRunner$4(SpringApplication.java:786) ~[spring-boot-3.2.2.jar:3.2.2] at org.springframework.util.function.ThrowingConsumer$1.acceptWithException(ThrowingConsumer.java:83) ~[spring-core-6.1.3.jar:6.1.3] at org.springframework.util.function.ThrowingConsumer.accept(ThrowingConsumer.java:60) ~[spring-core-6.1.3.jar:6.1.3] at org.springframework.util.function.ThrowingConsumer$1.accept(ThrowingConsumer.java:88) ~[spring-core-6.1.3.jar:6.1.3] at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:798) ~[spring-boot-3.2.2.jar:3.2.2] at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786) ~[spring-boot-3.2.2.jar:3.2.2] at org.springframework.boot.SpringApplication.lambda$callRunners$3(SpringApplication.java:774) ~[spring-boot-3.2.2.jar:3.2.2] at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184) ~[na:na] at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357) ~[na:na] at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510) ~[na:na] at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[na:na] at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151) ~[na:na] at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174) ~[na:na] at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[na:na] at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596) ~[na:na] at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:774) ~[spring-boot-3.2.2.jar:3.2.2] at org.springframework.boot.SpringApplication.run(SpringApplication.java:341) ~[spring-boot-3.2.2.jar:3.2.2] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1354) ~[spring-boot-3.2.2.jar:3.2.2] at org.springframework.boot.SpringApplication.run(SpringApplication.java:1343) ~[spring-boot-3.2.2.jar:3.2.2] at com.dkaminski.base.Application.main(Application.java:23) ~[classes/:na] ```

[KaminskiDaniel0]

The issue was caused by using a non-optimized runtime via -Dtruffle.TruffleRuntime=com.oracle.truffle.api.impl.DefaultTruffleRuntime s. https://graalvm.slack.com/archives/CP6RTC4LT/p1708531143862819?thread_ts=1708435622.691359&cid=CP6RTC4LT