The Common Language Runtime CLR Mark Sapossnek CS

The Common Language Runtime (CLR) Mark Sapossnek CS 594 Computer Science Department Metropolitan College Boston University

Prerequisites w Overview of. NET

Learning Objectives w Understand the breadth of services that the Common Language Runtime provides

Agenda w w w What Is the CLR? Assemblies Execution Model Interoperability Security

What is the CLR? The. NET Platform Clients Applications Web Form Protocols: HTTP, HTML, XML, SOAP, UDDI Web Service . NET Framework CLR Tools: Visual Studio. NET, Notepad Windows Your Internal Web Service . NET Foundation Web Services Third-Party Web Services . NET Enterprise Servers

What Is the CLR? The. NET Framework w A set of technologies for developing and using components to create: n n n Web Forms Web Services Windows applications w Supports the software lifecycle n n Development Debugging Deployment Maintenance

What Is the CLR? The. NET Framework VB C++ C# JScript … ASP. NET: Web Services and Web Forms Windows Forms ADO. NET: Data and XML Base Classes Common Language Runtime Visual Studio. NET Common Language Specification

What Is the CLR? Overview w The CLR provides a run-time environment that manages the execution of code and provides services that improves development, deployment, and run time. w Code that targets the CLR is called managed code.

What Is the CLR? Goals w Development services n n Deep cross-language interoperability Increased productivity w Deployment services n n Simple, reliable deployment Fewer versioning problems – NO MORE ‘DLL HELL’ w Run-time services n n n Performance Scalability Availability

What Is the CLR? Goal: Simpler Development w Plumbing disappears n n Metadata Transparent proxies Memory management Consistent exception handling w Great WYSIWYG tool support n n n Designers and wizards Debuggers Profilers w Increased productivity

What Is the CLR? Goal: Simpler, Safer Deployment w No registration, zero-impact install n XCOPY deployment, incremental download w Side-by-side versions of shared components n n Capture version at compile time Administrative policy at run time w Evidence-based security policy n n n Based on code as well as user Code origin (location) Publisher (public key) DLL Hell

What Is the CLR? Goal: Scalability w Smart device to Web Farm w Automatic memory management n n Self-configuring Dynamically tuning w Thread pool w Asynchronous messaging n n Object remoting Events w Smart device version n n Multiple RTOSes Same tools used for desktop

What Is the CLR? Goal: Rich Web Clients, Safe Hosting w Win. Forms on the client w ASP. NET Web Forms on the server w Code is granted permissions n Evidence is used by policy to grant permissions w Application that starts runtime l n n n Like Internet Explorer, IIS, SQL Server™, Shell Provides some evidence Controls code loading Maps applications to processes

What Is the CLR? Goal: Converge Programming Models w COM, ASP, VB, C++ n n All services available Many services redesigned l l l Ease of use Scalability Consistent API w Consistent framework raises the abstraction layer w Gradual transition from simplicity to full power w Less training, greater productivity

What Is the CLR? Goal: Multiple Languages w Common Type System n n n Object-oriented in flavor Procedural languages well supported Functional languages possible w CLS guides frameworks design n n Rules for wide reach All. NET Framework functionality available w Over 15 languages investigated n n Most are CLS consumers Many are CLS extenders w Choose the right language for a particular job

What Is the CLR? Highlights w Common Type System n Mapping of data types: Programming language Framework w Just-in-time (JIT) compilers n n JIT compiles intermediate language (MSIL) into native code Highly optimized for platform or device w Garbage collector w Permission and policy-based security w Exceptions w Threading w Reflection w Diagnostics and profiling

What Is the CLR? Services w Code management w Memory management and isolation w Verification of type safety w Conversion of MSIL to native code w Loading and execution of managed code w Creation and management of metadata w Insertion and execution of security checks w Handling cross-language exceptions w Interoperation between. NET Framework objects and COM objects and Win 32 DLLs w Automation of object layout for late binding w Developer services (profiling, debugging, etc. )

What Is the CLR? Architecture Base Class Library (. NET Framework) Support Thread Support COM Marshaler Type Checker Exception Manager Security Engine Debug Engine MSIL to Native Compilers (JIT) Code Manager Class Loader Garbage Collector (GC)

What Is the CLR? Soon To Be a Standard w Microsoft, with HP and Intel, submitted proposal to ECMA to standardize: n n C# Common Language Infrastructure l Includes the Common Language Runtime and a subset of the. NET Framework classes w http: //msdn. microsoft. com/net/ecma/ w http: //www. ecma. ch

Agenda w w w What Is the CLR? Assemblies Execution Model Interoperability Security

Assemblies Overview w Contains code and metadata w Assemblies function as: n n n Unit of deployment Type boundary Security boundary Reference scope boundary Version boundary Unit of side-by-side execution

Assemblies Overview w Assemblies can be: n Static: DLL, EXE l Uses existing COFF binary format w Via existing extension mechanism n Dynamic w Create assemblies with n n n . NET Framework SDK Visual Studio. NET Your own code l Dynamic assemblies

Assemblies Components of an Assembly w Manifest n Metadata about the assembly itself w Type metadata n Completely describes all types defined in an assembly w Managed code n Microsoft Intermediate Language (MSIL) w Resources n For example, . bmp, . jpg

Assemblies Components of an Assembly Parcel. Tracker. DLL Manifest Type Metadata MSIL Resources

Assemblies Components of an Assembly w An assembly is a logical unit, not physical n It can consist of multiple modules (. DLL, . JPG, etc. ) In this figure, containment implies a 1: M relationship Assembly Module File Type

Assemblies Components of an Assembly A single-file assembly A multi-file assembly File 1. dll File 2. dll Graphic. jpg Logo. gif Manifest Metadata MSIL Resource File 3. dll Manifest

Assemblies Assembly Generation Tool: al. exe w Takes one or more files (containing either MSIL or resource files) and produces a file with an assembly manifest. w When compiling a C# file, you can specify that it create a module instead of an assembly by using /target: module.

Assemblies Manifest w Manifest contains: n Identity information l n n n List of files in the assembly Map of assembly types to files Dependencies l n n Name, version number, culture, strong name Other assemblies used by this assembly Exported types Security permissions needed to run

Assemblies Manifest and Metadata Manifest Type Descriptions Name Version Culture Other assemblies Security Permissions Exported Types Assembly Description Metadata Classes Base classes Implemented interfaces Data members Methods

Assemblies What’s In the Metadata w Description of types n n Name, visibility, base class, interfaces implemented Members l methods, fields, properties, events, nested types w Attributes n n n User-defined Compiler-defined Framework-defined

Assemblies Demo: ILDASM. EXE w Allows you to inspect the metadata and disassembled IL code in an assembly w Great way to see what’s really going on w Use ildasm /? to see the various options

Assemblies Metadata w Key to simpler programming model w Generated automatically n Stored with code in executable file (. dll or. exe)

Assemblies Metadata: Creation and Use noitcelfe. R Source Code srengise. D Other Compiler noitazilaire. S )PAOS. g. e( Compiler Debugger Assembly Type Browser Schema Generator (Manifest, metadata and code) Profiler Proxy Generator gnidocne LMX )LDSW(

Assemblies Compilers Use Metadata w For cross-language data type import w Emit metadata with output code n n n Describe types defined and used Record external assemblies referenced Record version information w Custom attributes can be used n n Obsolete CLS compliance Compiled for debugging Language-specific markers

Assemblies Other Tools Use Metadata w Designer behavior n Controlled by user-supplied attributes l l Category Description w Designer extensibility n User-supplied attributes specify code to use l l Type converters Editors w Web methods marked by custom attribute w Type viewer

Assemblies Global Assembly Cache w A set of assemblies that can be referenced by any application on a machine w Should be used only when needed n Private assemblies are preferred w Located at %System. Root%assembly n (c: winntassembly) w Add assemblies by n n n Installer program gacutil. exe Windows Explorer l n Assembly Cache Viewer (shfusion. dll) is a shell extension for GAC that is installed with the. NET Framework SDK . NET Framework Configuration Tool (mscorcfg. msc) w Assembly must have a strong name

Assemblies Strong Names w Strong names identify an assembly n Contains text name, version, culture, public key, and digital signature w Generated from an assembly using a private key w Benefits n n Guarantees name uniqueness Protect version lineage l n No one else can create a new version of your assembly Provides strong integrity check l Guarantees that contents of an assembly didn’t change since it was built

Assemblies Strong Names w To sign an assembly with a strong name: n n Use Assembly Generation tool: al. exe Use assembly attributes (Assembly. Key. File. Attribute or Assembly. Key. Name. Attribute) w Requires a key pair (private and public) n To generate a key pair use the Strong Name tool: sn. exe

Assemblies Demo: Installing an Assembly in GAC w Create assembly w Sign assembly with key from sn. exe w Install into GAC via gacutil. exe, Assembly Cache Viewer and. NET Framework Configuration Tool

Assemblies Signcode w A strong name identifies an assembly but it does not authenticate an assembly n Strong names do NOT imply a level of trust w Signcode allows the embedding of a certificate in an assembly n Now your assembly can be authenticated

Assemblies Signcode w To use signcode: n n Obtain a Software Publisher Certificate (. spc) Use signcode. exe to sign the assembly w Signcode can only sign one file at a time n For an assembly, you sign the file containing the manifest

Assemblies How Do You Obtain a Certificate? w Purchase one from a well known Certificate Authority (such as Verisign) w Create your own n For testing purposes only Use Makecert. exe to create a X. 509 certificate Use cert 2 spc. exe to generate an SPC from a X. 509 certificate

Assemblies Strong Names and Signcode w Strong names and signcode provide different, complimentary levels of protection w You can assign a strong name or assign a signcode signature to an assembly, or both w When using both, the strong name must be assigned first

Assemblies Signcode w Specify what permissions your assembly needs n n Only specify required permissions Handle optional permissions dynamically w Set security policy on run-time machine

Assemblies Deployment w Unit of deployment n n One or more files, independent of packaging Self-describing via manifest and metadata w Versioning n n Captured by compiler Policy per-application as well as per-machine w Security boundary n n Assemblies are granted permissions Methods can demand proof that a permission has been granted to entire call chain w Mediate type import and export n Types named relative to assembly

Assemblies Deployment w Applications are configurable units n n One or more assemblies Application-specific files or data w Assemblies are located based on: n Their logical name and the application that loads them w Applications can have private versions of assemblies n n Private version preferred to shared version Version policy can be per application

Assemblies MSIL w Microsoft Intermediate Language. assembly hello {}. assembly extern mscorlib {}. method static public void main() il managed {. entrypoint. maxstack 1 ldstr "Hello World from IL!" call void [mscorlib]System. Console: : Write. Line(class System. String) ret }

Assemblies MSIL w Compiled with ilasm. exe w MSIL was designed for the CLR n n n Object-oriented (primitives are not special) Designed for the Common Type System Does not embed type information w See documentation in Framework. SDKTool Developers Guidedocs

Agenda w w w What Is the CLR? Assemblies Execution Model Interoperability Security

Execution Model Create Assembly Source Code Assembly Compiler C++, C#, VB or any. NET language csc. exe or vbc. exe DLL or EXE

Execution Model Source Code MSIL Ngen Native Code VB C# C++ Compiler Assembly Common Language Runtime JIT Compiler Managed Code CLR Services Managed CLR Code Managed Code Operating System Services Unmanaged Code

Execution Model Compiling IL to Native Code w JIT compiler n n n Generates optimized native code Compiled when a method is first called Includes verification of IL code w Ngen. exe n n Install-time native code generation Used when assembly is installed on machine Reduces start-up time Native code has version checks and reverts to run-time JIT if they fail

Execution Model Run-Time Hosts w w ASP. NET Internet Explorer Shell executables More in future n For example: SQL Server (Yukon) w Can create your own run-time hosts

Execution Model Binding to Assemblies w An application consists of one or more assemblies. w How does one assembly bind to another? n Based upon metadata and policy l l Local (preferred) Assembly Global Cache w Multiple versions of an assembly may exist on the same machine. n n Easier software deployment, updates and removal Multiple versions of an assembly can even be used by the same application

Execution Model Application Domains w Traditionally, processes were used to isolate applications running on the same computer n n Isolates failure of one application Isolates memory w Problems n n Uses more resources If needed, inter-process calls can be expensive

Execution Model Application Domains w. NET introduces Application Domains, which allow you to run multiple applications within the same process w Enabled by code verification n No code will crash the process w Managed by the System. App. Domain class w Common assemblies can be shared across domains or can be specific to a domain

Execution Model Application Domains w Benefits: n n n Application domains are isolated Faults are isolated Individual applications can be stopped without stopping the process Can configure each application domain independently Can configure security for each domain Cross-domain calls can be done through proxies l More efficient than cross-process calls

Execution Model Application Domains Thread Shared class data and native code App. Domain (class data and native code) App. Domain Process

Agenda w w w What Is the CLR? Assemblies Execution Model Interoperability Security

Interoperability Cross Language w Common Type System (CTS) n A superset of the data types used by most modern programming languages w Common Language Specification (CLS) n A subset of CTS that allows code written in different languages to interoperate w What languages? n n Microsoft: C++, Visual Basic, C#, JScript Third-Party: Cobol, Eiffel, Smalltalk, Scheme, Oberon, Haskell, Python, Perl, Java, …

Interoperability Common Type System w w w w Value types Classes Arrays Interfaces Delegates Nested types Enumerations Pointers n Managed pointers, unmanaged function pointers

Interoperability Common Type System w Members: fields, properties, methods, events n n n Abstract, virtual, final Literal, initialize-only Static, instance Public, private, family, assembly Newslot, override

Interoperability Managed/Unmanaged w. NET provides interoperability mechanism to permit managed code to call into unmanaged code and vice versa w Why? n n Existing code works, why rewrite it? Calling Microsoft functionality not yet available as. NET assemblies l n n For example, OLEDB server-side cursors Calling 3 rd party native code Migrate your code incrementally

Interoperability Managed/Unmanaged Managed C# Unmanaged VB MFC/ATL VB MSVCRT Delphi C++

Interoperability Managed/Unmanaged. NET Framework w Type standard w Assemblies w Resilient w Type safe w Object based w Exceptions w Strong names w w w w COM/DLL Binary standard Type libraries Immutable Type unsafe Interface based HResults Guids

Interoperability Managed/Unmanaged w. NET provides two mechanisms for interoperability between managed and unmanaged code: n n P/Invoke – Platform Invocation COM integration

Interoperability P/Invoke w Provides access to static entry points in unmanaged DLLs w Similar to: n n VB Declare statement C/C++ Load. Library / Get. Proc. Address w Requires method definition with custom attribute w Marshalls data across the boundary

Interoperability P/Invoke public class Win 32 API { [Dll. Import(“User 32. dll”, Entry. Point=“Message. Box”)] public static extern Boolean Msg. Box(…); }

Interoperability P/Invoke [Struct. Layout(Layout. Kind. Sequential)] Public struct OSInfo ( uint Major. Version; uint Minor. Version; String Version. String; } public class Win 32 API { [Dll. Import(“User 32. dll”)] public static extern Boolean Get. Version. Ex(OSInfo osi); }

Interoperability P/Invoke w Transitions have overhead n Roughly 20 -30 instructions per call w Data marshaling adds additional overhead n n Depending on type and size of data Isomorphic types (char, int, float, long, double, etc. ) are cheap w Make transitions wisely n Chunky calls as opposed to chatty

Interoperability COM Integration w What is COM? w What is the relationship between the CLR and COM?

Interoperability What Is COM? Application Code and data structures Before COM, applications were completely separate entities with little or no integration

Interoperability What Is COM? COM provides a way for components to integrate. However, each component must provide the “plumbing” and objects cannot directly interact.

Interoperability COM Integration With the. NET Framework Common Language Runtime, components are built on a common substrate. No “plumbing” is needed and objects can directly interact.

Interoperability COM Integration w Provides a bridge between. NET Framework and COM and vice versa w Maintains programming model consistency on both sides w Abstracts the inconsistencies between the two models n n n Different data types Method signatures Exception/HRESULTs w Use COM interoperability for n n Backward compatibility COM+ services

Interoperability COM Integration w Using COM components from. NET n n Use Tlb. Imp. exe to generate an assembly (. DLL) that is a wrapper for a COM component Then just reference it, instantiate with new, call it, derive classes from it, catch exceptions, use reflection, etc. Don’t have to know anything about COM The CLR creates a Runtime Callable Wrapper (RCW) that implements all the COM plumbing l Reference counting, marshalling data, mapping HRESULTs to exceptions, etc.

Interoperability COM Integration w Using. NET components from COM n n n Use Reg. Asm. exe to register all public classes in an assembly Can use Tlb. Exp. exe to create a COM type library Use the component from COM just like any other COM component The CLR creates a COM Callable Wrapper (CCW) that implements the necessary COM interfaces (IUnknown, IDispatch, IType. Info, etc. ) and marshalls data between managed and unmanaged code Use Reg. Svcs. exe to register. NET classes in COM+ l Will create COM+ Application or use an existing one

Agenda w w w What Is the CLR? Assemblies Execution Model Interoperability Security

Security Why Care?

Security Design Goals w Provide a robust security system for partiallytrusted, mobile code w Make it easy to: n n n Express fine-grained authorizations Extend and customize the system Perform security checks in user code w No end-user UI! n Never ask a user to make a security decision “on the fly”

Security Code Verification w Code can only perform legal operations w Encapsulation boundary is preserved n Can only call the exposed methods w No buffer overruns

Security Code Access Security w Code may require permissions to run w Security policy determines what code is allowed to run n By machine l l n Where did this code come from? Who authored it? By user w If no permission then a Security. Exception is thrown

Security Code Access Security w Can specify the permissions needed by code n n Declarative, with attributes Imperative l l See permissions classes in the namespace: System. Security. Permissions Create a permission object, then call Demand() w By default, the CLR will ensure that all code in call chain has the necessary permissions

Security Code Access Security w Security check w Varying levels of trust w Behavior constrained by least trustworthy component Call Chain Assembly A 1 G 1 P Assembly A 2 G 2 P Assembly A 3 G 3 P Assembly A 4 G 4

Security Code Access Security w Can override security checks n n n Assert() lets you and the code you call perform actions that you have permission to do, but your callers may not. Deny() lets you prevent downstream code from performing certain actions Permit. Only() is like Deny(), but you specify the only permissions the downstream code will have.

Security Permissions w Permission and permission set n XML representation of permissions w Code access permissions n Protect resources and operations w Identity permissions n Characteristics of an assembly‘s identity w Role-based permissions n Discover a user‘s role or identity w Custom permissions n Design and implement your own classes

Security Policy w Process of determining permissions to grant to code n n Permissions granted to code, not user Grants are on a per-assembly basis w Multiple levels of policy n n Machine-wide, user-specific by default Further restrictions allowed on a per applicationdomain basis

Security Policy w Each policy level is a collection of code groups n n Code has identity in the runtime, just like users have identity in OS Permissions are associated with each code group w Evidence determines group membership n In the group, get granted the related permissions All Code P Publisher: Microsoft Name: MS. Office P P Name: MS. Money Zone: Internet P P Zone: Local Intranet Publisher: Corp. Admin P P Site: XYZ. COM Site: localweb P P

Security Policy w Policy levels: machine, user, application domain user machine appdomain Resulting permission set

Security Tools w Code access security tool n caspol. exe w Managing certificates n cert 2 spc. exe, certmgr. exe , makecert. exe , chktrust. exe w Managing assemblies n n Shared Name utility: Sn. exe Global Assembly Cache utility: gacutil. exe w permview. exe n View permissons requested by an assembly

Conclusion w w w What Is the CLR? Assemblies Execution Model Interoperability Security

Resources w. NET Framework and the CLR by Jeffrey Richter n http: //msdn. microsoft. com/msdnmag/issues/0900/Framework. asp n http: //msdn. microsoft. com/msdnmag/issues/1000/Framework 2. asp w Garbage Collection by Jeffrey Richter n http: //msdn. microsoft. com/msdnmag/issues/1100/GCI. asp n http: //msdn. microsoft. com/msdnmag/issues/1200/GCI 2. asp w Building, Packaging, Deploying by Jeffrey Richter n http: //msdn. microsoft. com/msdnmag/issues/01/02/buildapps. asp n http: //msdn. microsoft. com/msdnmag/issues/01/03/buildapps 2. asp

Resources w Security article by Keith Brown n http: //msdn. microsoft. com/msdnmag/issues/01/02/CAS. asp w ECMA CLI Standardization n http: //msdn. microsoft. com/net/ecma/ n http: //www. ecma. ch