The Common Language Runtime (CLR)

1
The Common Language Runtime (CLR)

• Mark SapossnekCS 594
• Computer Science Department
• Metropolitan College
• Boston University

2
Prerequisites

• Overview of .NET

3
Learning Objectives

• Understand the breadth of services that the
  Common Language Runtime provides

4
Agenda

• What Is the CLR?
• Assemblies
• Execution Model
• Interoperability
• Security

5
What is the CLR?The .NET Platform
Protocols HTTP,HTML, XML, SOAP, UDDI
ToolsVisual Studio.NET,Notepad
6
What Is the CLR?The .NET Framework

• A set of technologies for developing and using
  components to create
• Web Forms
• Web Services
• Windows applications
• Supports the software lifecycle
• Development
• Debugging
• Deployment
• Maintenance

7
What Is the CLR?The .NET Framework
VB
C
C
JScript

Common Language Specification
ASP.NET Web Services and Web Forms
WindowsForms
Visual Studio.NET
ADO.NET Data and XML
Base Classes
Common Language Runtime
8
What Is the CLR?Overview

• The CLR provides a run-time environment that
  manages the execution of code and provides
  services that improves development, deploy-ment,
  and run time.
• Code that targets the CLR is called managed code.

9
What Is the CLR?Goals

• Development services
• Deep cross-language interoperability
• Increased productivity
• Deployment services
• Simple, reliable deployment
• Fewer versioning problems NO MORE DLL HELL
• Run-time services
• Performance
• Scalability
• Availability

10
What Is the CLR?Goal Simpler Development

• Plumbing disappears
• Metadata
• Transparent proxies
• Memory management
• Consistent exception handling
• Great WYSIWYG tool support
• Designers and wizards
• Debuggers
• Profilers
• Increased productivity

11
What Is the CLR?Goal Simpler, Safer Deployment

• No registration, zero-impact install
• XCOPY deployment, incremental download
• Side-by-side versions of shared components
• Capture version at compile time
• Administrative policy at run time
• Evidence-based security policy
• Based on code as well as user
• Code origin (location)
• Publisher (public key)

12
What Is the CLR?Goal Scalability

• Smart device to Web Farm
• Automatic memory management
• Self-configuring
• Dynamically tuning
• Thread pool
• Asynchronous messaging
• Object remoting
• Events
• Smart device version
• Multiple RTOSes
• Same tools used for desktop

13
What Is the CLR?Goal Rich Web Clients, Safe
Hosting

• WinForms on the client
• ASP.NET Web Forms on the server
• Code is granted permissions
• Evidence is used by policy to grant permissions
• Application that starts runtime
• Like Internet Explorer, IIS, SQL Server, Shell
• Provides some evidence
• Controls code loading
• Maps applications to processes

14
What Is the CLR?Goal Converge Programming Models

• COM, ASP, VB, C
• All services available
• Many services redesigned
• Ease of use
• Scalability
• Consistent API
• Consistent framework raises the abstraction layer
• Gradual transition from simplicity to full power
• Less training, greater productivity

15
What Is the CLR?Goal Multiple Languages

• Common Type System
• Object-oriented in flavor
• Procedural languages well supported
• Functional languages possible
• CLS guides frameworks design
• Rules for wide reach
• All .NET Framework functionality available
• Over 15 languages investigated
• Most are CLS consumers
• Many are CLS extenders
• Choose the right language for a particular job

16
What Is the CLR?Highlights

• Common Type System
• Mapping of data types Programming language ?
  Framework
• Just-in-time (JIT) compilers
• JIT compiles intermediate language (MSIL) into
  native code
• Highly optimized for platform or device
• Garbage collector
• Permission and policy-based security
• Exceptions
• Threading
• Reflection
• Diagnostics and profiling

17
What Is the CLR?Services

• Code management
• Memory management and isolation
• Verification of type safety
• Conversion of MSIL to native code
• Loading and execution of managed code
• Creation and management of metadata
• Insertion and execution of security checks

• Handling cross-language exceptions
• Interoperation between .NET Framework objects and
  COM objects and Win32 DLLs
• Automation of object layout for late binding
• Developer services (profiling, debugging, etc.)

18
What Is the CLR? Architecture
Base Class Library (.NET Framework) Support
Class Loader
19
What Is the CLR? Soon To Be a Standard

• Microsoft, with HP and Intel, submitted proposal
  to ECMA to standardize
• C
• Common Language Infrastructure
• Includes the Common Language Runtime and a subset
  of the .NET Framework classes
• http//msdn.microsoft.com/net/ecma/
• http//www.ecma.ch

20
Agenda

• What Is the CLR?
• Assemblies
• Execution Model
• Interoperability
• Security

21
AssembliesOverview

• Contains code and metadata
• Assemblies function as
• Unit of deployment
• Type boundary
• Security boundary
• Reference scope boundary
• Version boundary
• Unit of side-by-side execution

22
AssembliesOverview

• Assemblies can be
• Static DLL, EXE
• Uses existing COFF binary format
• Via existing extension mechanism
• Dynamic
• Create assemblies with
• .NET Framework SDK
• Visual Studio.NET
• Your own code
• Dynamic assemblies

23
AssembliesComponents of an Assembly

• Manifest
• Metadata about the assembly itself
• Type metadata
• Completely describes all types defined in an
  assembly
• Managed code
• Microsoft Intermediate Language (MSIL)
• Resources
• For example, .bmp, .jpg

24
AssembliesComponents of an Assembly
ParcelTracker.DLL
Manifest
Type Metadata
MSIL
Resources
25
AssembliesComponents of an Assembly

• An assembly is a logical unit, not physical
• It can consist of multiple modules (.DLL, .JPG,
  etc.)

In this figure, containment implies a 1M
relationship
26
AssembliesComponents of an Assembly
A single-file assembly
A multi-file assembly
27
AssembliesAssembly Generation Tool al.exe

• Takes one or more files (containing either MSIL
  or resource files) and produces a file with an
  assembly manifest.
• When compiling a C file, you can specify that it
  create a module instead of an assembly by using
  /targetmodule.

28
AssembliesManifest

• Manifest contains
• Identity information
• Name, version number, culture, strong name
• List of files in the assembly
• Map of assembly types to files
• Dependencies
• Other assemblies used by this assembly
• Exported types
• Security permissions needed to run

29
AssembliesManifest and Metadata
Type Descriptions
Manifest
Assembly Description
Classes Base classes Implemented interfaces Data
members Methods
Metadata
30
AssembliesWhats In the Metadata

• Description of types
• Name, visibility, base class, interfaces
  implemented
• Members
• methods, fields, properties, events, nested types
• Attributes
• User-defined
• Compiler-defined
• Framework-defined

31
AssembliesDemo ILDASM.EXE

• Allows you to inspect the metadata and
  disassembled IL code in an assembly
• Great way to see whats really going on
• Use ildasm /? to see the various options

32
AssembliesMetadata

• Key to simpler programming model
• Generated automatically
• Stored with code in executable file (.dll or
  .exe)

33
AssembliesMetadata Creation and Use
Reflection
Source Code
Serialization (e.g. SOAP)
Designers
Compiler
Other Compiler
Debugger
Assembly (Manifest, metadata and code)
Profiler
Type Browser
Proxy Generator
Schema Generator
XML encoding (WSDL)
34
AssembliesCompilers Use Metadata

• For cross-language data type import
• Emit metadata with output code
• Describe types defined and used
• Record external assemblies referenced
• Record version information
• Custom attributes can be used
• Obsolete
• CLS compliance
• Compiled for debugging
• Language-specific markers

35
AssembliesOther Tools Use Metadata

• Designer behavior
• Controlled by user-supplied attributes
• Category
• Description
• Designer extensibility
• User-supplied attributes specify code to use
• Type converters
• Editors
• Web methods marked by custom attribute
• Type viewer

36
AssembliesGlobal Assembly Cache

• A set of assemblies that can be referenced by any
  application on a machine
• Should be used only when needed
• Private assemblies are preferred
• Located at SystemRoot\assembly
• (c\winnt\assembly)
• Add assemblies by
• Installer program
• gacutil.exe
• Windows Explorer
• Assembly Cache Viewer (shfusion.dll) is a shell
  extension for GAC that is installed with the .NET
  Framework SDK
• .NET Framework Configuration Tool (mscorcfg.msc)
• Assembly must have a strong name

37
AssembliesStrong Names

• Strong names identify an assembly
• Contains text name, version, culture, public key,
  and digital signature
• Generated from an assembly using a private key
• Benefits
• Guarantees name uniqueness
• Protect version lineage
• No one else can create a new version of your
  assembly
• Provides strong integrity check
• Guarantees that contents of an assembly didnt
  change since it was built

38
AssembliesStrong Names

• To sign an assembly with a strong name
• Use Assembly Generation tool al.exe
• Use assembly attributes (AssemblyKeyFileAttribute
  or AssemblyKeyNameAttribute)
• Requires a key pair (private and public)
• To generate a key pair use the Strong Name tool
  sn.exe

39
AssembliesDemo Installing an Assembly in GAC

• Create assembly
• Sign assembly with key from sn.exe
• Install into GAC via gacutil.exe, Assembly Cache
  Viewer and .NET Framework Configuration Tool

40
AssembliesSigncode

• A strong name identifies an assembly but it does
  not authenticate an assembly
• Strong names do NOT imply a level of trust
• Signcode allows the embedding of a certificate in
  an assembly
• Now your assembly can be authenticated

41
AssembliesSigncode

• To use signcode
• Obtain a Software Publisher Certificate (.spc)
• Use signcode.exe to sign the assembly
• Signcode can only sign one file at a time
• For an assembly, you sign the file containing the
  manifest

42
AssembliesHow Do You Obtain a Certificate?

• Purchase one from a well known Certificate
  Authority (such as Verisign)
• Create your own
• For testing purposes only
• Use Makecert.exe to create a X.509 certificate
• Use cert2spc.exe to generate an SPC from a X.509
  certificate

43
AssembliesStrong Names and Signcode

• Strong names and signcode provide different,
  complimentary levels of protection
• You can assign a strong name or assign a signcode
  signature to an assembly, or both
• When using both, the strong name must be assigned
  first

44
AssembliesSigncode

• Specify what permissions your assembly needs
• Only specify required permissions
• Handle optional permissions dynamically
• Set security policy on run-time machine

45
AssembliesDeployment

• Unit of deployment
• One or more files, independent of packaging
• Self-describing via manifest and metadata
• Versioning
• Captured by compiler
• Policy per-application as well as per-machine
• Security boundary
• Assemblies are granted permissions
• Methods can demand proof that a permission has
  been granted to entire call chain
• Mediate type import and export
• Types named relative to assembly

46
AssembliesDeployment

• Applications are configurable units
• One or more assemblies
• Application-specific files or data
• Assemblies are located based on
• Their logical name and the application that loads
  them
• Applications can have private versions of
  assemblies
• Private version preferred to shared version
• Version policy can be per application

47
AssembliesMSIL

• Microsoft Intermediate Language

.assembly hello .assembly extern mscorlib
.method static public void main() il managed
.entrypoint .maxstack 1 ldstr "Hello
World from IL!" call void mscorlibSystem.Conso
leWriteLine(class
System.String)
ret
48
AssembliesMSIL

• Compiled with ilasm.exe
• MSIL was designed for the CLR
• Object-oriented (primitives are not special)
• Designed for the Common Type System
• Does not embed type information
• See documentation in \FrameworkSDK\Tool
  Developers Guide\docs

49
Agenda

• What Is the CLR?
• Assemblies
• Execution Model
• Interoperability
• Security

50
Execution ModelCreate Assembly
Compiler
csc.exe or vbc.exe
51
Execution Model
Source Code
VB
C
C
Compiler
Compiler
Compiler
Assembly
Assembly
Assembly
MSIL
Common Language Runtime JIT Compiler
Ngen
CLR
Native Code
Managed Code
Managed Code
Managed Code
Unmanaged Code
CLR Services
Operating System Services
52
Execution ModelCompiling IL to Native Code

• JIT compiler
• Generates optimized native code
• Compiled when a method is first called
• Includes verification of IL code
• Ngen.exe
• Install-time native code generation
• Used when assembly is installed on machine
• Reduces start-up time
• Native code has version checks and reverts to
  run-time JIT if they fail

53
Execution ModelRun-Time Hosts

• ASP.NET
• Internet Explorer
• Shell executables
• More in future
• For example SQL Server (Yukon)
• Can create your own run-time hosts

54
Execution ModelBinding to Assemblies

• An application consists of one or more
  assemblies.
• How does one assembly bind to another?
• Based upon metadata and policy
• Local (preferred)
• Assembly Global Cache
• Multiple versions of an assembly may exist on
  the same machine.
• Easier software deployment, updates and removal
• Multiple versions of an assembly can even be used
  by the same application

55
Execution ModelApplication Domains

• Traditionally, processes were used to isolate
  applications running on the same computer
• Isolates failure of one application
• Isolates memory
• Problems
• Uses more resources
• If needed, inter-process calls can be expensive

56
Execution ModelApplication Domains

• .NET introduces Application Domains, which allow
  you to run multiple applications within the same
  process
• Enabled by code verification
• No code will crash the process
• Managed by the System.AppDomain class
• Common assemblies can be shared across domains or
  can be specific to a domain

57
Execution ModelApplication Domains

• Benefits
• Application domains are isolated
• Faults are isolated
• Individual applications can be stopped without
  stopping the process
• Can configure each application domain
  independently
• Can configure security for each domain
• Cross-domain calls can be done through proxies
• More efficient than cross-process calls

58
Execution ModelApplication Domains
Shared class dataand native code
Thread
Process
App.Domain(class dataandnative code)
App.Domain
59
Agenda

• What Is the CLR?
• Assemblies
• Execution Model
• Interoperability
• Security

60
InteroperabilityCross Language

• Common Type System (CTS)
• A superset of the data types used by most modern
  programming languages
• Common Language Specification (CLS)
• A subset of CTS that allows code written in
  different languages to interoperate
• What languages?
• Microsoft C, Visual Basic, C, JScript
• Third-Party Cobol, Eiffel, Smalltalk, Scheme,
  Oberon, Haskell, Python, Perl, Java,

61
InteroperabilityCommon Type System

• Value types
• Classes
• Arrays
• Interfaces
• Delegates
• Nested types
• Enumerations
• Pointers
• Managed pointers, unmanaged pointers, unmanaged
  function pointers

62
InteroperabilityCommon Type System

• Members fields, properties, methods, events
• Abstract, virtual, final
• Literal, initialize-only
• Static, instance
• Public, private, family, assembly
• Newslot, override

63
InteroperabilityManaged/Unmanaged

• .NET provides interoperability mechanism to
  permit managed code to call into unmanaged code
  and vice versa
• Why?
• Existing code works, why rewrite it?
• Calling Microsoft functionality not yet available
  as .NET assemblies
• For example, OLEDB server-side cursors
• Calling 3rd party native code
• Migrate your code incrementally

64
InteroperabilityManaged/Unmanaged
Managed
Unmanaged
C
VB
MFC/ATL
VB
Delphi
MSVCRT
C
65
InteroperabilityManaged/Unmanaged

• COM/DLL
• Binary standard
• Type libraries
• Immutable
• Type unsafe
• Interface based
• HResults
• Guids

• .NET Framework
• Type standard
• Assemblies
• Resilient
• Type safe
• Object based
• Exceptions
• Strong names

66
InteroperabilityManaged/Unmanaged

• .NET provides two mechanisms for interoperability
  between managed and unmanaged code
• P/Invoke Platform Invocation
• COM integration

67
InteroperabilityP/Invoke

• Provides access to static entry points in
  unmanaged DLLs
• Similar to
• VB Declare statement
• C/C LoadLibrary / GetProcAddress
• Requires method definition with custom attribute
• Marshalls data across the boundary

68
InteroperabilityP/Invoke
public class Win32API DllImport(User32.dll,
EntryPointMessageBox) public static extern
Boolean MsgBox()
69
InteroperabilityP/Invoke
StructLayout(LayoutKind.Sequential) Public
struct OSInfo ( uint MajorVersion uint
MinorVersion String VersionString public
class Win32API DllImport(User32.dll)
public static extern Boolean GetVersionEx(OSInfo
osi)
70
InteroperabilityP/Invoke

• Transitions have overhead
• Roughly 20-30 instructions per call
• Data marshaling adds additional overhead
• Depending on type and size of data
• Isomorphic types (char, int, float, long,
  double, etc.) are cheap
• Make transitions wisely
• Chunky calls as opposed to chatty

71
InteroperabilityCOM Integration

• What is COM?
• What is the relationship between the CLR and COM?

72
InteroperabilityWhat Is COM?
Application
Code and data structures
Before COM, applications were completely separate
entities with little or no integration
73
InteroperabilityWhat Is COM?
COM provides a way for components to integrate.
However, each component must provide the
plumbing and objects cannot directly interact.
74
InteroperabilityCOM Integration
With the .NET Framework Common Language Runtime,
components are built on a common substrate. No
plumbing is needed and objects can directly
interact.
75
InteroperabilityCOM Integration

• Provides a bridge between .NET Framework and COM
  and vice versa
• Maintains programming model consistency on both
  sides
• Abstracts the inconsistencies between the two
  models
• Different data types
• Method signatures
• Exception/HRESULTs
• Use COM interoperability for
• Backward compatibility
• COM services

76
InteroperabilityCOM Integration

• Using COM components from .NET
• Use TlbImp.exe to generate an assembly (.DLL)
  that is a wrapper for a COM component
• Then just reference it, instantiate with new,
  call it, derive classes from it, catch
  exceptions, use reflection, etc.
• Dont have to know anything about COM
• The CLR creates a Runtime Callable Wrapper (RCW)
  that implements all the COM plumbing
• Reference counting, marshalling data, mapping
  HRESULTs to exceptions, etc.

77
InteroperabilityCOM Integration

• Using .NET components from COM
• Use RegAsm.exe to register all public classes in
  an assembly
• Can use TlbExp.exe to create a COM type library
• Use the component from COM just like any other
  COM component
• The CLR creates a COM Callable Wrapper (CCW) that
  implements the necessary COM interfaces
  (IUnknown, IDispatch, ITypeInfo, etc.) and
  marshalls data between managed and unmanaged code
• Use RegSvcs.exe to register .NET classes in COM
• Will create COM Application or use an existing
  one

78
Agenda

• What Is the CLR?
• Assemblies
• Execution Model
• Interoperability
• Security

79
SecurityWhy Care?
80
SecurityDesign Goals

• Provide a robust security system for
  partially-trusted, mobile code
• Make it easy to
• Express fine-grained authorizations
• Extend and customize the system
• Perform security checks in user code
• No end-user UI!
• Never ask a user to make a security decision on
  the fly

81
SecurityCode Verification

• Code can only perform legal operations
• Encapsulation boundary is preserved
• Can only call the exposed methods
• No buffer overruns

82
SecurityCode Access Security

• Code may require permissions to run
• Security policy determines what code is allowed
  to run
• By machine
• Where did this code come from?
• Who authored it?
• By user
• If no permission then a SecurityException is
  thrown

83
SecurityCode Access Security

• Can specify the permissions needed by code
• Declarative, with attributes
• Imperative
• See permissions classes in the namespace
  System.Security.Permissions
• Create a permission object, then call Demand()
• By default, the CLR will ensure that all code in
  call chain has the necessary permissions

84
SecurityCode Access Security

• Security check
• Varying levels of trust
• Behavior constrained by least trustworthy
  component

Call Chain
Assembly A1
G1
P
Assembly A2
G2
P
Assembly A3
G3
P
Assembly A4
G4
85
SecurityCode Access Security

• Can override security checks
• Assert() lets you and the code you call perform
  actions that you have permission to do, but your
  callers may not.
• Deny() lets you prevent downstream code from
  performing certain actions
• PermitOnly() is like Deny(), but you specify the
  only permissions the downstream code will have.

86
SecurityPermissions

• Permission and permission set
• XML representation of permissions
• Code access permissions
• Protect resources and operations
• Identity permissions
• Characteristics of an assemblys identity
• Role-based permissions
• Discover a users role or identity
• Custom permissions
• Design and implement your own classes

87
SecurityPolicy

• Process of determining permissions to grant to
  code
• Permissions granted to code, not user
• Grants are on a per-assembly basis
• Multiple levels of policy
• Machine-wide, user-specific by default
• Further restrictions allowed on a per
  application-domain basis

88
SecurityPolicy

• Each policy level is a collection of code groups
• Code has identity in the runtime, just like users
  have identity in OS
• Permissions are associated with each code group
• Evidence determines group membership
• In the group, get granted the related permissions
  

89
SecurityPolicy

• Policy levels machine, user, application domain

machine
user
Resulting permission set
appdomain
90
SecurityTools

• Code access security tool
• caspol.exe
• Managing certificates
• cert2spc.exe, certmgr.exe , makecert.exe ,
  chktrust.exe
• Managing assemblies
• Shared Name utility Sn.exe
• Global Assembly Cache utility gacutil.exe
• permview.exe
• View permissons requested by an assembly

91
Conclusion

• What Is the CLR?
• Assemblies
• Execution Model
• Interoperability
• Security

92
Resources

• .NET Framework and the CLR by Jeffrey Richter
• http//msdn.microsoft.com/msdnmag/issues/0900/Fram
  ework/Framework.asp
• http//msdn.microsoft.com/msdnmag/issues/1000/Fram
  ework2/Framework2.asp
• Garbage Collection by Jeffrey Richter
• http//msdn.microsoft.com/msdnmag/issues/1100/GCI/
  GCI.asp
• http//msdn.microsoft.com/msdnmag/issues/1200/GCI2
  /GCI2.asp
• Building, Packaging, Deploying by Jeffrey Richter
• http//msdn.microsoft.com/msdnmag/issues/01/02/bui
  ldapps/buildapps.asp
• http//msdn.microsoft.com/msdnmag/issues/01/03/bui
  ldapps2/buildapps2.asp

93
Resources

• Security article by Keith Brown
• http//msdn.microsoft.com/msdnmag/issues/01/02/CAS
  /CAS.asp
• ECMA CLI Standardization
• http//msdn.microsoft.com/net/ecma/
• http//www.ecma.ch