[GR-48583] Use public runtime class initialization API

graalpython/com.oracle.graal.python.bouncycastle/src/com/oracle/graal/python/bouncycastle/BouncyCastleFeature.java

@@ -43,17 +43,15 @@
 import java.security.Security;
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.graalvm.nativeimage.ImageSingletons;
 import org.graalvm.nativeimage.hosted.Feature;
-import org.graalvm.nativeimage.impl.RuntimeClassInitializationSupport;
+import org.graalvm.nativeimage.hosted.RuntimeClassInitialization;
 
 public final class BouncyCastleFeature implements Feature {
     @Override
     public void afterRegistration(AfterRegistrationAccess access) {
-        RuntimeClassInitializationSupport support = ImageSingletons.lookup(RuntimeClassInitializationSupport.class);
-        support.initializeAtBuildTime("org.bouncycastle", "security provider");
-        support.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$Default", "RNG");
-        support.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV", "RNG");
+        RuntimeClassInitialization.initializeAtBuildTime("org.bouncycastle");
+        RuntimeClassInitialization.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$Default");
+        RuntimeClassInitialization.initializeAtRunTime("org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV");
         if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
             Security.addProvider(new BouncyCastleProvider());
         }

graalpython/com.oracle.graal.python.pegparser.generator/CMakeLists.txt

@@ -34,12 +34,12 @@ set(ASDL_STAMP "Python.asdl.stamp")
 
 add_custom_command(
     OUTPUT "${PARSER_TARGET}"
-    COMMAND ${PYTHON_EXE} "${CMAKE_CURRENT_LIST_DIR}/main_parser_gen.py" "${GRAMMAR}" "${TOKENS}" "${PARSER_TARGET}"
+    COMMAND "${PYTHON_EXE}" "${CMAKE_CURRENT_LIST_DIR}/main_parser_gen.py" "${GRAMMAR}" "${TOKENS}" "${PARSER_TARGET}"
     DEPENDS "${CMAKE_CURRENT_LIST_DIR}/main_parser_gen.py" "${GRAMMAR}" "${TOKENS}" ${PEGEN_FILES} ${PEGJAVA_FILES})
 
 add_custom_command(
     OUTPUT "${ASDL_STAMP}"
-    COMMAND ${PYTHON_EXE} "${CMAKE_CURRENT_LIST_DIR}/main_asdl_gen.py" "${ASDL}" --sst-path "${PEGPARSER_SRC_PATH}" --ast-path "${GRAALPY_SRC_PATH}" --stamp "${ASDL_STAMP}"
+    COMMAND "${PYTHON_EXE}" "${CMAKE_CURRENT_LIST_DIR}/main_asdl_gen.py" "${ASDL}" --sst-path "${PEGPARSER_SRC_PATH}" --ast-path "${GRAALPY_SRC_PATH}" --stamp "${ASDL_STAMP}"
     DEPENDS "${CMAKE_CURRENT_LIST_DIR}/main_asdl_gen.py" "${ASDL}" ${ASDL_FILES})
 
 add_custom_target(

graalpython/com.oracle.graal.python.test/src/tests/cpyext/test_memoryview_fromobject_error.py

@@ -69,70 +69,6 @@ def assert_script_succeeds(self, script):
         )
         self.assertEqual(process.returncode, 0, process.stdout + process.stderr)
 
-    def test_failing_getbuffer_does_not_leak_py_buffer(self):
-        self.assert_script_succeeds(r"""
-            import gc
-
-            import __graalpython__
-            from tests.cpyext import CPyExtType
-
-            TestType = CPyExtType(
-                "TestMemoryViewFailingGetBuffer",
-                r'''
-                PyAPI_FUNC(PyObject *) GraalPyPrivate_MemoryViewFromObject(PyObject *v, int flags);
-
-                // Advertise buffer support but fail every acquisition attempt.
-                static int getbuffer(TestMemoryViewFailingGetBufferObject *self, Py_buffer *view, int flags) {
-                    PyErr_SetString(PyExc_BufferError, "buffer export denied");
-                    return -1;
-                }
-
-                static PyBufferProcs as_buffer = {
-                    (getbufferproc)getbuffer,
-                    0,
-                };
-
-                // Keep the repeat loop in C so RSS reflects this native helper path,
-                // not Python-level memoryview or runtime overhead.
-                static PyObject* repeat_failing_memoryview_fromobject(PyObject* self, PyObject* args) {
-                    Py_ssize_t count;
-                    if (!PyArg_ParseTuple(args, "n", &count)) {
-                        return NULL;
-                    }
-                    for (Py_ssize_t i = 0; i < count; i++) {
-                        PyObject *mv = GraalPyPrivate_MemoryViewFromObject(self, PyBUF_FULL_RO);
-                        if (mv != NULL) {
-                            Py_DECREF(mv);
-                            PyErr_SetString(PyExc_AssertionError, "GraalPyPrivate_MemoryViewFromObject unexpectedly succeeded");
-                            return NULL;
-                        }
-                        if (!PyErr_ExceptionMatches(PyExc_BufferError)) {
-                            return NULL;
-                        }
-                        PyErr_Clear();
-                    }
-                    Py_RETURN_NONE;
-                }
-                ''',
-                tp_as_buffer='&as_buffer',
-                tp_methods='{"repeat_failing_memoryview_fromobject", repeat_failing_memoryview_fromobject, METH_VARARGS, ""}',
-            )
-
-            obj = TestType()
-            # Warm up CPyExtType compilation and one-time runtime allocations before measuring RSS.
-            obj.repeat_failing_memoryview_fromobject(1_000_000)
-            gc.collect()
-            baseline = __graalpython__.get_current_rss()
-
-            # A leaked Py_buffer is small, so use enough failed calls to make the leak visible in RSS.
-            obj.repeat_failing_memoryview_fromobject(150_000)
-            gc.collect()
-            growth = __graalpython__.get_current_rss() - baseline
-
-            if growth >= 10:
-                raise AssertionError(f"RSS grew by {growth} MiB after failed getbuffer calls")
-        """)
-
     def test_construction_failure_releases_acquired_buffer(self):
         self.assert_script_succeeds(r"""
             from tests.cpyext import CPyExtType

graalpython/com.oracle.graal.python.test/src/tests/test_entropy_subprocess.py

@@ -45,6 +45,8 @@
 import threading
 import unittest
 
+from tests.util import skip_if_sandboxed
+
 
 @unittest.skipUnless(sys.implementation.name == "graalpy" and sys.platform.startswith("linux"), "Linux GraalPy-specific test")
 class EntropySubprocessTests(unittest.TestCase):
@@ -277,13 +279,15 @@ def test_pyexpat_parsercreate_does_not_use_additional_initrandom(self):
             "xmlparser",
         )
 
+    @skip_if_sandboxed("Needs native extension support for sqlite3 in sandboxed runs")
     def test_sqlite3_import_does_not_use_additional_initrandom(self):
         self.assert_initrandom_bytes_used(
             self.HASH_SECRET_BYTES,
             "import _sqlite3; print(_sqlite3.__name__)",
             "_sqlite3",
         )
 
+    @skip_if_sandboxed("Needs native extension support for sqlite3 in sandboxed runs")
     def test_sqlite3_randomblob_does_not_use_initrandom(self):
         self.assert_initrandom_bytes_used(
             self.HASH_SECRET_BYTES,

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java

@@ -414,7 +414,7 @@ private static MessageDigest createDigest(String name, byte[] bytes, int bytesLe
         }
 
         private static boolean isBouncyCastleDigest(String name) {
-            return name.startsWith("BLAKE2B-") || name.startsWith("BLAKE2S-");
+            return name.startsWith("BLAKE2B-") || name.startsWith("BLAKE2S-") || name.equals("SHAKE128") || name.equals("SHAKE256");
         }
     }