The Common Language Runtime (CLR)
advertisement
The Common Language
Runtime (CLR)
Mark Sapossnek
CS 594
Computer Science Department
Metropolitan College
Boston University
Prerequisites
Overview of .NET
Learning Objectives
Understand the breadth of services that the
Common Language Runtime provides
Agenda
What Is the CLR?
Assemblies
Execution Model
Interoperability
Security
What is the CLR?
The .NET Platform
Clients
Applications
Web Form
Protocols: HTTP,
HTML, XML,
SOAP, UDDI
Web Service
.NET Framework
CLR
Tools:
Visual Studio.NET,
Notepad
Windows
Your Internal
Web Service
.NET Foundation
Web Services
Third-Party
Web Services
.NET Enterprise
Servers
What Is the CLR?
The .NET Framework
A set of technologies for developing and using
components to create:
Web Forms
Web Services
Windows applications
Supports the software lifecycle
Development
Debugging
Deployment
Maintenance
What Is the CLR?
The .NET Framework
VB
C++
C#
JScript
…
ASP.NET: Web Services
and Web Forms
Windows
Forms
ADO.NET: Data and XML
Base Classes
Common Language Runtime
Visual Studio.NET
Common Language Specification
What Is the CLR?
Overview
The CLR provides a run-time environment that
manages the execution of code and provides
services that improves development, deployment, and run time.
Code that targets the CLR is called
managed code.
What Is the CLR?
Goals
Development services
Deep cross-language interoperability
Increased productivity
Deployment services
Simple, reliable deployment
Fewer versioning problems – NO MORE ‘DLL HELL’
Run-time services
Performance
Scalability
Availability
What Is the CLR?
Goal: Simpler Development
Plumbing disappears
Metadata
Transparent proxies
Memory management
Consistent exception handling
Great WYSIWYG tool support
Designers and wizards
Debuggers
Profilers
Increased productivity
What Is the CLR?
Goal: Simpler, Safer Deployment
No registration, zero-impact install
XCOPY deployment, incremental download
Side-by-side versions of shared components
Capture version at compile time
Administrative policy at run time
Evidence-based security policy
Based on code as well as user
Code origin (location)
Publisher (public key)
DLL Hell
What Is the CLR?
Goal: Scalability
Smart device to Web Farm
Automatic memory management
Self-configuring
Dynamically tuning
Thread pool
Asynchronous messaging
Object remoting
Events
Smart device version
Multiple RTOSes
Same tools used for desktop
What Is the CLR?
Goal: Rich Web Clients, Safe Hosting
WinForms on the client
ASP.NET Web Forms on the server
Code is granted permissions
Evidence is used by policy to grant permissions
Application that starts runtime
Like Internet Explorer, IIS, SQL Server™, Shell
Provides some evidence
Controls code loading
Maps applications to processes
What Is the CLR?
Goal: Converge Programming Models
COM, ASP, VB, C++
All services available
Many services redesigned
Ease of use
Scalability
Consistent API
Consistent framework raises the abstraction layer
Gradual transition from simplicity to full power
Less training, greater productivity
What Is the CLR?
Goal: Multiple Languages
Common Type System
Object-oriented in flavor
Procedural languages well supported
Functional languages possible
CLS guides frameworks design
Rules for wide reach
All .NET Framework functionality available
Over 15 languages investigated
Most are CLS consumers
Many are CLS extenders
Choose the right language for a particular job
What Is the CLR?
Highlights
Common Type System
Mapping of data types: Programming language Framework
Just-in-time (JIT) compilers
JIT compiles intermediate language (MSIL) into native code
Highly optimized for platform or device
Garbage collector
Permission and policy-based security
Exceptions
Threading
Reflection
Diagnostics and profiling
What Is the CLR?
Services
Code management
Memory management
and isolation
Verification of type safety
Conversion of MSIL to
native code
Loading and execution of
managed code
Creation and
management of metadata
Insertion and execution of
security checks
Handling cross-language
exceptions
Interoperation between
.NET Framework objects
and COM objects and
Win32 DLLs
Automation of object
layout for late binding
Developer services
(profiling, debugging, etc.)
What Is the CLR?
Architecture
Base Class Library (.NET Framework) Support
Thread Support
COM Marshaler
Type Checker
Exception Manager
Security Engine
Debug Engine
MSIL to Native
Compilers (JIT)
Code
Manager
Class Loader
Garbage
Collector (GC)
What Is the CLR?
Soon To Be a Standard
Microsoft, with HP and Intel, submitted proposal
to ECMA to standardize:
C#
Common Language Infrastructure
Includes the Common Language Runtime and a subset of the
.NET Framework classes
http://msdn.microsoft.com/net/ecma/
http://www.ecma.ch
Agenda
What Is the CLR?
Assemblies
Execution Model
Interoperability
Security
Assemblies
Overview
Contains code and metadata
Assemblies function as:
Unit of deployment
Type boundary
Security boundary
Reference scope boundary
Version boundary
Unit of side-by-side execution
Assemblies
Overview
Assemblies can be:
Static: DLL, EXE
Uses existing COFF binary format
Via existing extension mechanism
Dynamic
Create assemblies with
.NET Framework SDK
Visual Studio.NET
Your own code
Dynamic assemblies
Assemblies
Components of an Assembly
Manifest
Type metadata
Completely describes all types defined in
an assembly
Managed code
Metadata about the assembly itself
Microsoft Intermediate Language (MSIL)
Resources
For example, .bmp, .jpg
Assemblies
Components of an Assembly
ParcelTracker.DLL
Manifest
Type Metadata
MSIL
Resources
Assemblies
Components of an Assembly
An assembly is a logical unit, not physical
It can consist of multiple modules (.DLL, .JPG, etc.)
In this figure,
containment implies
a 1:M relationship
Assembly
Module
File
Type
Assemblies
Components of an Assembly
A single-file assembly
A multi-file assembly
File1.dll
File2.dll
Graphic.jpg
Logo.gif
Manifest
Metadata
MSIL
Metadata
MSIL
Resource
Resource
File3.dll
Manifest
Assemblies
Assembly Generation Tool: al.exe
Takes one or more files (containing either MSIL
or resource files) and produces a file with an
assembly manifest.
When compiling a C# file, you can specify that it
create a module instead of an assembly by
using /target:module.
Assemblies
Manifest
Manifest contains:
Identity information
List of files in the assembly
Map of assembly types to files
Dependencies
Name, version number, culture, strong name
Other assemblies used by this assembly
Exported types
Security permissions needed to run
Assemblies
Manifest and Metadata
Manifest
Type
Descriptions
Name
Version
Culture
Other assemblies
Security Permissions
Exported Types
Assembly Description
Metadata
Classes
Base classes
Implemented interfaces
Data members
Methods
Assemblies
What’s In the Metadata
Description of types
Name, visibility, base class, interfaces implemented
Members
methods, fields, properties, events, nested types
Attributes
User-defined
Compiler-defined
Framework-defined
Assemblies
Demo: ILDASM.EXE
Allows you to inspect the metadata and
disassembled IL code in an assembly
Great way to see what’s really going on
Use ildasm /? to see the various options
Assemblies
Metadata
Key to simpler programming model
Generated automatically
Stored with code in executable file (.dll or .exe)
Assemblies
Metadata: Creation and Use
Serialization
Source
Code
Reflection
(e.g. SOAP)
Designers
Other
Compiler
Compiler
Debugger
Assembly
Type Browser
Schema
Generator
(Manifest,
metadata
and code)
Profiler
Proxy Generator
XML encoding
(WSDL)
Assemblies
Compilers Use Metadata
For cross-language data type import
Emit metadata with output code
Describe types defined and used
Record external assemblies referenced
Record version information
Custom attributes can be used
Obsolete
CLS compliance
Compiled for debugging
Language-specific markers
Assemblies
Other Tools Use Metadata
Designer behavior
Controlled by user-supplied attributes
Category
Description
Designer extensibility
User-supplied attributes specify code to use
Type converters
Editors
Web methods marked by custom attribute
Type viewer
Assemblies
Global Assembly Cache
A set of assemblies that can be referenced by any
application on a machine
Should be used only when needed
Private assemblies are preferred
Located at %SystemRoot%\assembly
(c:\winnt\assembly)
Add assemblies by
Installer program
gacutil.exe
Windows Explorer
Assembly Cache Viewer (shfusion.dll) is a shell extension for
GAC that is installed with the .NET Framework SDK
.NET Framework Configuration Tool (mscorcfg.msc)
Assembly must have a strong name
Assemblies
Strong Names
Strong names identify an assembly
Contains text name, version, culture, public key, and
digital signature
Generated from an assembly using a private key
Benefits
Guarantees name uniqueness
Protect version lineage
No one else can create a new version of your assembly
Provides strong integrity check
Guarantees that contents of an assembly didn’t change since it
was built
Assemblies
Strong Names
To sign an assembly with a strong name:
Use Assembly Generation tool: al.exe
Use assembly attributes
(AssemblyKeyFileAttribute or
AssemblyKeyNameAttribute)
Requires a key pair (private and public)
To generate a key pair use the Strong Name tool:
sn.exe
Assemblies
Demo: Installing an Assembly in GAC
Create assembly
Sign assembly with key from sn.exe
Install into GAC via gacutil.exe, Assembly Cache
Viewer and .NET Framework Configuration Tool
Assemblies
Signcode
A strong name identifies an assembly but it does
not authenticate an assembly
Strong names do NOT imply a level of trust
Signcode allows the embedding of a certificate
in an assembly
Now your assembly can be authenticated
Assemblies
Signcode
To use signcode:
Obtain a Software Publisher Certificate (.spc)
Use signcode.exe to sign the assembly
Signcode can only sign one file at a time
For an assembly, you sign the file containing the
manifest
Assemblies
How Do You Obtain a Certificate?
Purchase one from a well known
Certificate Authority (such as Verisign)
Create your own
For testing purposes only
Use Makecert.exe to create a X.509 certificate
Use cert2spc.exe to generate an SPC from a
X.509 certificate
Assemblies
Strong Names and Signcode
Strong names and signcode provide different,
complimentary levels of protection
You can assign a strong name or assign a
signcode signature to an assembly, or both
When using both, the strong name must be
assigned first
Assemblies
Signcode
Specify what permissions your assembly needs
Only specify required permissions
Handle optional permissions dynamically
Set security policy on run-time machine
Assemblies
Deployment
Unit of deployment
One or more files, independent of packaging
Self-describing via manifest and metadata
Versioning
Captured by compiler
Policy per-application as well as per-machine
Security boundary
Assemblies are granted permissions
Methods can demand proof that a permission
has been granted to entire call chain
Mediate type import and export
Types named relative to assembly
Assemblies
Deployment
Applications are configurable units
One or more assemblies
Application-specific files or data
Assemblies are located based on:
Their logical name and the application that loads
them
Applications can have private versions of
assemblies
Private version preferred to shared version
Version policy can be per application
Assemblies
MSIL
Microsoft Intermediate Language
.assembly hello {}
.assembly extern mscorlib {}
.method static public void main() il managed {
.entrypoint
.maxstack 1
ldstr "Hello World from IL!"
call void [mscorlib]System.Console::WriteLine(class
System.String)
ret
}
Assemblies
MSIL
Compiled with ilasm.exe
MSIL was designed for the CLR
Object-oriented (primitives are not special)
Designed for the Common Type System
Does not embed type information
See documentation in
\FrameworkSDK\Tool Developers Guide\docs
Agenda
What Is the CLR?
Assemblies
Execution Model
Interoperability
Security
Execution Model
Create Assembly
Source Code
Assembly
Compiler
C++, C#, VB or any
.NET language
csc.exe or vbc.exe
DLL or EXE
Execution Model
Source
Code
MSIL
Ngen
Native
Code
VB
C#
C++
Compiler
Compiler
Compiler
Assembly
Assembly
Assembly
Common Language Runtime JIT Compiler
Managed
Code
CLR Services
Managed
CLR
Code
Managed
Code
Operating System Services
Unmanaged
Code
Execution Model
Compiling IL to Native Code
JIT compiler
Generates optimized native code
Compiled when a method is first called
Includes verification of IL code
Ngen.exe
Install-time native code generation
Used when assembly is installed on machine
Reduces start-up time
Native code has version checks and reverts
to run-time JIT if they fail
Execution Model
Run-Time Hosts
ASP.NET
Internet Explorer
Shell executables
More in future
For example: SQL Server (Yukon)
Can create your own run-time hosts
Execution Model
Binding to Assemblies
An application consists of one or more
assemblies.
How does one assembly bind to another?
Based upon metadata and policy
Local (preferred)
Assembly Global Cache
Multiple versions of an assembly may exist on
the same machine.
Easier software deployment, updates and removal
Multiple versions of an assembly can even be used
by the same application
Execution Model
Application Domains
Traditionally, processes were used to isolate
applications running on the same computer
Isolates failure of one application
Isolates memory
Problems
Uses more resources
If needed, inter-process calls can be expensive
Execution Model
Application Domains
.NET introduces Application Domains, which
allow you to run multiple applications within the
same process
Enabled by code verification
No code will crash the process
Managed by the System.AppDomain class
Common assemblies can be shared across
domains or can be specific to a domain
Execution Model
Application Domains
Benefits:
Application domains are isolated
Faults are isolated
Individual applications can be stopped without
stopping the process
Can configure each application domain independently
Can configure security for each domain
Cross-domain calls can be done through proxies
More efficient than cross-process calls
Execution Model
Application Domains
Thread
Shared class data
and native code
App.
Domain
(class data
and
native code)
App.
Domain
Process
Agenda
What Is the CLR?
Assemblies
Execution Model
Interoperability
Security
Interoperability
Cross Language
Common Type System (CTS)
Common Language Specification (CLS)
A superset of the data types used by most modern
programming languages
A subset of CTS that allows code written in different
languages to interoperate
What languages?
Microsoft: C++, Visual Basic, C#, JScript
Third-Party: Cobol, Eiffel, Smalltalk, Scheme, Oberon,
Haskell, Python, Perl, Java, …
Interoperability
Common Type System
Value types
Classes
Arrays
Interfaces
Delegates
Nested types
Enumerations
Pointers
Managed pointers, unmanaged pointers,
unmanaged function pointers
Interoperability
Common Type System
Members: fields, properties, methods, events
Abstract, virtual, final
Literal, initialize-only
Static, instance
Public, private, family, assembly
Newslot, override
Interoperability
Managed/Unmanaged
.NET provides interoperability mechanism to
permit managed code to call into unmanaged
code and vice versa
Why?
Existing code works, why rewrite it?
Calling Microsoft functionality not yet available as
.NET assemblies
For example, OLEDB server-side cursors
Calling 3rd party native code
Migrate your code incrementally
Interoperability
Managed/Unmanaged
Managed
C#
Unmanaged
VB
MFC/ATL
VB
MSVCRT
Delphi
C++
Interoperability
Managed/Unmanaged
.NET Framework
Type standard
Assemblies
Resilient
Type safe
Object based
Exceptions
Strong names
COM/DLL
Binary standard
Type libraries
Immutable
Type unsafe
Interface based
HResults
Guids
Interoperability
Managed/Unmanaged
.NET provides two mechanisms for
interoperability between managed and
unmanaged code:
P/Invoke – Platform Invocation
COM integration
Interoperability
P/Invoke
Provides access to static entry points in
unmanaged DLLs
Similar to:
VB Declare statement
C/C++ LoadLibrary / GetProcAddress
Requires method definition with custom attribute
Marshalls data across the boundary
Interoperability
P/Invoke
public class Win32API {
[DllImport(“User32.dll”, EntryPoint=“MessageBox”)]
public static extern Boolean MsgBox(…);
}
Interoperability
P/Invoke
[StructLayout(LayoutKind.Sequential)]
Public struct OSInfo (
uint MajorVersion;
uint MinorVersion;
String VersionString;
}
public class Win32API {
[DllImport(“User32.dll”)]
public static extern Boolean GetVersionEx(OSInfo osi);
}
Interoperability
P/Invoke
Transitions have overhead
Roughly 20-30 instructions per call
Data marshaling adds additional overhead
Depending on type and size of data
Isomorphic types (char, int, float, long,
double, etc.) are cheap
Make transitions wisely
Chunky calls as opposed to chatty
Interoperability
COM Integration
What is COM?
What is the relationship between
the CLR and COM?
Interoperability
What Is COM?
Application
Code and data
structures
Before COM, applications were
completely separate entities with
little or no integration
Interoperability
What Is COM?
COM provides a way for
components to integrate.
However, each component
must provide the “plumbing”
and objects cannot directly
interact.
Interoperability
COM Integration
With the .NET Framework Common
Language Runtime, components are
built on a common substrate. No
“plumbing” is needed and objects
can directly interact.
Interoperability
COM Integration
Provides a bridge between .NET Framework and COM
and vice versa
Maintains programming model consistency on both sides
Abstracts the inconsistencies between the two models
Different data types
Method signatures
Exception/HRESULTs
Use COM interoperability for
Backward compatibility
COM+ services
Interoperability
COM Integration
Using COM components from .NET
Use TlbImp.exe to generate an assembly (.DLL)
that is a wrapper for a COM component
Then just reference it, instantiate with new, call it,
derive classes from it, catch exceptions, use
reflection, etc.
Don’t have to know anything about COM
The CLR creates a Runtime Callable Wrapper (RCW)
that implements all the COM plumbing
Reference counting, marshalling data,
mapping HRESULTs to exceptions, etc.
Interoperability
COM Integration
Using .NET components from COM
Use RegAsm.exe to register all public classes in an
assembly
Can use TlbExp.exe to create a COM type library
Use the component from COM just like any other
COM component
The CLR creates a COM Callable Wrapper (CCW)
that implements the necessary COM interfaces
(IUnknown, IDispatch, ITypeInfo, etc.) and marshalls
data between managed and unmanaged code
Use RegSvcs.exe to register .NET classes in COM+
Will create COM+ Application or use an existing one
Agenda
What Is the CLR?
Assemblies
Execution Model
Interoperability
Security
Security
Why Care?
Security
Design Goals
Provide a robust security system for partiallytrusted, mobile code
Make it easy to:
Express fine-grained authorizations
Extend and customize the system
Perform security checks in user code
No end-user UI!
Never ask a user to make a security decision
“on the fly”
Security
Code Verification
Code can only perform legal operations
Encapsulation boundary is preserved
Can only call the exposed methods
No buffer overruns
Security
Code Access Security
Code may require permissions to run
Security policy determines what code is allowed
to run
By machine
Where did this code come from?
Who authored it?
By user
If no permission then a SecurityException is
thrown
Security
Code Access Security
Can specify the permissions needed by code
Declarative, with attributes
Imperative
See permissions classes in the namespace:
System.Security.Permissions
Create a permission object, then call Demand()
By default, the CLR will ensure that all code in
call chain has the necessary permissions
Security
Code Access Security
Security check
Varying levels of trust
Behavior constrained by least trustworthy
component
Call Chain
Assembly A1
G1
P
Assembly A2
G2
P
Assembly A3
G3
P
Assembly A4
G4
Security
Code Access Security
Can override security checks
Assert() lets you and the code you call perform
actions that you have permission to do, but your
callers may not.
Deny() lets you prevent downstream code from
performing certain actions
PermitOnly() is like Deny(), but you specify the
only permissions the downstream code will have.
Security
Permissions
Permission and permission set
XML representation of permissions
Code access permissions
Protect resources and operations
Identity permissions
Characteristics of an assembly‘s identity
Role-based permissions
Discover a user‘s role or identity
Custom permissions
Design and implement your own classes
Security
Policy
Process of determining permissions to grant
to code
Permissions granted to code, not user
Grants are on a per-assembly basis
Multiple levels of policy
Machine-wide, user-specific by default
Further restrictions allowed on a per applicationdomain basis
Security
Policy
Each policy level is a collection of code groups
Code has identity in the runtime, just like users have
identity in OS
Permissions are associated with each code group
Evidence determines group membership
In the group, get granted the related permissions
All Code
P
Publisher:
Microsoft
Name:
MS.Office
P
P
Name:
MS.Money
Zone:
Internet
P
P
Zone:
Local Intranet
Publisher:
Corp. Admin
P
P
Site:
XYZ.COM
Site:
localweb
P
P
Security
Policy
Policy levels: machine, user, application domain
user
machine
appdomain
Resulting
permission set
Security
Tools
Code access security tool
caspol.exe
Managing certificates
cert2spc.exe, certmgr.exe , makecert.exe ,
chktrust.exe
Managing assemblies
Shared Name utility: Sn.exe
Global Assembly Cache utility: gacutil.exe
permview.exe
View permissons requested by an assembly
Conclusion
What Is the CLR?
Assemblies
Execution Model
Interoperability
Security
Resources
.NET Framework and the CLR by Jeffrey Richter
http://msdn.microsoft.com/msdnmag/issues/0900/Framework
/Framework.asp
http://msdn.microsoft.com/msdnmag/issues/1000/Framework2
/Framework2.asp
Garbage Collection by Jeffrey Richter
http://msdn.microsoft.com/msdnmag/issues/1100/GCI/GCI.asp
http://msdn.microsoft.com/msdnmag/issues/1200/GCI2/GCI2.asp
Building, Packaging, Deploying by Jeffrey Richter
http://msdn.microsoft.com/msdnmag/issues/01/02/buildapps
/buildapps.asp
http://msdn.microsoft.com/msdnmag/issues/01/03/buildapps2
/buildapps2.asp
Resources
Security article by Keith Brown
http://msdn.microsoft.com/msdnmag/issues/01/02/CAS/CAS.asp
ECMA CLI Standardization
http://msdn.microsoft.com/net/ecma/
http://www.ecma.ch
