Based on Java SE (Standard Edition), GraalVM Enterprise Edition provides performance and security capabilities for running enterprise applications. It is positioned for use in cloud environments, with programs compiled ahead of time to improve startup times and minimize memory footprints. GraalVM Enterprise also supports microservices, functions-as-a-service, and service mesh.
Security functions in GraalVM Enterprise address issues including buffer overflows in native code. Most real-world applications in managed languages like Java include native libraries to improve performance of compute-intensive code, but these libraries may form a back door to enable an attacker to bypass VM-level isolation features. GraalVM Enterprise includes a safe mode for native libraries, compiling portions of applications implemented in C code to use managed memory, garbage collection, and bounds checks to protect against vulnerabilities.
GraalVM Enterprise core capabilities include:
- A native image that allows scripted applications to be compiled ahead of time into a native machine code binary.
- A compiler that generates compiled code to run applications on a JVM, standalone, or embedded in another system.
- A language implementation framework for implementing any language for the GraalVM.
- An LLVM runtime to permit native code to run in a managed environment. LLVM features modular, reusable compiler and toolchain technologies.
GraalVM Enterprise is free for evaluation and development usage from the Oracle Technology Network. It also is available for purchase. It also is free on Oracle Cloud.