MC++ Mixed DLLs: how to create pure IL (really) and other issues

T

Ted Miller

Hi folks,

I'm looking at moving a large base of C++ code to .Net under tight time
constraints. The code runs in mission-critical environments, and I am
extremely concerned about the loader lock problem and the potential for
deadlocks.

After pouring over the available information, and trying a few experiments,
I am still left with a few questions and issues I hope someone out there can
shed some light on.

1) Is it even possible to create a DLL using MC++ that is not subject to the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit __check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute -- all per
the instructions on MSDN for creating pure IL Managed C++ assemblies. The
result was still not pure IL; peverify complains about an "unverifiable PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only" flag in
the clr header, so I used ildasm and ilasm to reconstitute the assembly with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code? In any
case, manually removing from the il and assembling with ilasm then made the
assembly verify.

So I'm left wondering what all of this means. How can I remove whatever is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't possibly be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock problem. Is is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock problem can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really is all
managed code. No CRTs, no unmanaged code, etc. What happens if I then make a
native Win32 API call (note: *not* P/Invoke)? Does that automatically force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given that I am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!
 
M

mk

Hi,
Unfortunately it seems as though you're a caught a
little, at least regarding loader lock issues. Its a
known bug, check the following:

http://www.devx.com/DevX/HTML/11470

watch out for word wrap...

http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/dv_vstechart/html/vcconMixedDLLLoadingProblem.asp

You've probably seen this one already, but just in case:

http://www.codeguru.com/cpp_managed/kmg19.html


I find that using a managed core, loading native elements
at runtime can help to ameloriate these issues - sure,
its not exactly a 'pure' solution, but it may help, I
appreciate that you're upgrading pre-existing code, but
some architectural review can be extremely helpful -
assuming you can get the time and the budget.

Hope this helps,

martin


-----Original Message-----
Hi folks,

I'm looking at moving a large base of C++ code to .Net under tight time
constraints. The code runs in mission-critical environments, and I am
extremely concerned about the loader lock problem and the potential for
deadlocks.

After pouring over the available information, and trying a few experiments,
I am still left with a few questions and issues I hope someone out there can
shed some light on.

1) Is it even possible to create a DLL using MC++ that is not subject to the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit
__check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute -- all per
the instructions on MSDN for creating pure IL Managed C++ assemblies. The
result was still not pure IL; peverify complains about an "unverifiable PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only" flag in
the clr header, so I used ildasm and ilasm to reconstitute the assembly with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code? In any
case, manually removing from the il and assembling with ilasm then made the
assembly verify.

So I'm left wondering what all of this means. How can I remove whatever is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't possibly be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock problem. Is is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock problem can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really is all
managed code. No CRTs, no unmanaged code, etc. What happens if I then make a
native Win32 API call (note: *not* P/Invoke)? Does that automatically force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given that I am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!


.
 
T

Ted Miller

Thanks for the reply -- I was hoping to get commentary from someone "in the
know" about whether I can truly produce pure IL with MC++, whether it's
feasible to maintain a project that does so (given that the compiler doesn't
produce any warnings when you do something that violates "pure il' rules),
and whether calling a Win32 API is a violation of "pure il" rules.

Anyone?

mk said:
Hi,
Unfortunately it seems as though you're a caught a
little, at least regarding loader lock issues. Its a
known bug, check the following:

http://www.devx.com/DevX/HTML/11470

watch out for word wrap...

http://msdn.microsoft.com/library/default.asp?
url=/library/en-
us/dv_vstechart/html/vcconMixedDLLLoadingProblem.asp

You've probably seen this one already, but just in case:

http://www.codeguru.com/cpp_managed/kmg19.html


I find that using a managed core, loading native elements
at runtime can help to ameloriate these issues - sure,
its not exactly a 'pure' solution, but it may help, I
appreciate that you're upgrading pre-existing code, but
some architectural review can be extremely helpful -
assuming you can get the time and the budget.

Hope this helps,

martin


-----Original Message-----
Hi folks,

I'm looking at moving a large base of C++ code to .Net under tight time
constraints. The code runs in mission-critical environments, and I am
extremely concerned about the loader lock problem and the potential for
deadlocks.

After pouring over the available information, and trying a few experiments,
I am still left with a few questions and issues I hope someone out there can
shed some light on.

1) Is it even possible to create a DLL using MC++ that is not subject to the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit
__check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute -- all per
the instructions on MSDN for creating pure IL Managed C++ assemblies. The
result was still not pure IL; peverify complains about an "unverifiable PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only" flag in
the clr header, so I used ildasm and ilasm to reconstitute the assembly with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code? In any
case, manually removing from the il and assembling with ilasm then made the
assembly verify.

So I'm left wondering what all of this means. How can I remove whatever is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't possibly be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock problem. Is is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock problem can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really is all
managed code. No CRTs, no unmanaged code, etc. What happens if I then make a
native Win32 API call (note: *not* P/Invoke)? Does that automatically force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given that I am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!


.
 
P

Pent

http://msdn.microsoft.com/library/en-us/vcsample/html/vcsamsetilonlysamplesetilonlybit.asp

http://msdn.microsoft.com/library/e...producingverifiablecomponentswithmanagedc.asp

check all the points on last list.

Yes, it is possible to produce verifiable image.

Ted Miller said:
Hi folks,

I'm looking at moving a large base of C++ code to .Net under tight time
constraints. The code runs in mission-critical environments, and I am
extremely concerned about the loader lock problem and the potential for
deadlocks.

After pouring over the available information, and trying a few experiments,
I am still left with a few questions and issues I hope someone out there can
shed some light on.

1) Is it even possible to create a DLL using MC++ that is not subject to the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit __check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute -- all per
the instructions on MSDN for creating pure IL Managed C++ assemblies. The
result was still not pure IL; peverify complains about an "unverifiable PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only" flag in
the clr header, so I used ildasm and ilasm to reconstitute the assembly with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code? In any
case, manually removing from the il and assembling with ilasm then made the
assembly verify.

So I'm left wondering what all of this means. How can I remove whatever is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't possibly be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock problem. Is is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock problem can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really is all
managed code. No CRTs, no unmanaged code, etc. What happens if I then make a
native Win32 API call (note: *not* P/Invoke)? Does that automatically force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given that I am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!
 
T

Ted Miller

Thanks for the info.

Click the "Download Sample" link on the SetILOnly sample page -- broken
link. I cannot find this sample or the exe anywhere.

I followed all the points on the last list (except setilonly, which does not
seem to actually exist) -- see my original post. I got an image that still
had vtablefixups.

Also I want to understand the relationship between "verifiable" and
"triggers the mixed dll loading problem".

So does anyone have any info?

Thanks!


Pent said:
http://msdn.microsoft.com/library/e...producingverifiablecomponentswithmanagedc.asp

check all the points on last list.

Yes, it is possible to produce verifiable image.

Ted Miller said:
Hi folks,

I'm looking at moving a large base of C++ code to .Net under tight time
constraints. The code runs in mission-critical environments, and I am
extremely concerned about the loader lock problem and the potential for
deadlocks.

After pouring over the available information, and trying a few experiments,
I am still left with a few questions and issues I hope someone out there can
shed some light on.

1) Is it even possible to create a DLL using MC++ that is not subject to the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit __check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute -- all per
the instructions on MSDN for creating pure IL Managed C++ assemblies. The
result was still not pure IL; peverify complains about an "unverifiable PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only" flag in
the clr header, so I used ildasm and ilasm to reconstitute the assembly with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code? In any
case, manually removing from the il and assembling with ilasm then made the
assembly verify.

So I'm left wondering what all of this means. How can I remove whatever is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't possibly be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock problem.
Is
is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock problem can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really is all
managed code. No CRTs, no unmanaged code, etc. What happens if I then
make
a
native Win32 API call (note: *not* P/Invoke)? Does that automatically force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given that
I
am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!
 
P

Pent

I have SetILOnly source in local msdn install.

You didn't follow ALL the steps outlined in original article.

Because if you did, then you wouldn't have gotten vtfixups.

/clr:initialAppDomain doesn't add vtfixups

"Furthermore, even DLLs linked with the /noentry option may deadlock on
versions 1.0 and 1.1 of the common language runtime. DLLs linked with the
/noentry option should not deadlock on the next version of the runtime"
http://msdn.microsoft.com/library/en-us/dv_vstechart/html/vcconmixeddllloadingproblem.asp

http://msdn.microsoft.com/msdnmag/issues/03/03/VisualCNET/
"With version 1.1 of the .NET Framework, the vtable includes a flag that
indicates to the runtime that if the call comes into the assembly from
native code, the application domain that's used will be that of the last
application domain used to call into native code. If you look at an assembly
with ILDasm, you'll see that there is a directive to perform the fixups on
the vtable called .vtfixup. For the new behavior, the .vtfixup directive
will have the flag retainappdomain, which is the default when using the /clr
switch."

I've created a simple MC++ .NET library project.

Left all options at its defaults.

Copied your code and added compiler options:

/clr:initialAppDomain /Od

Linker options:

/noentry /fixed:no /opt:ref

Removed nochclr.obj

Added in .cpp file:
#ifdef __cplusplus
extern "C" {
#endif
int _fltused=1;
void _cdecl _check_commonlanguageruntime_version(){}
#ifdef __cplusplus
}
#endif

using namespace System::Security::permissions;
[assembly:SecurityPermissionAttribute(
SecurityAction::RequestMinimum, SkipVerification=false)];

Then:
Silo.exe -s Test.lib.dll

Then:
peverify TestLib.dll

The result is:
Microsoft (R) .NET Framework PE Verifier Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

[MD]: .NET Framework Internal error: 0x8013129d [token:0x04000001]
[MD]: .NET Framework Internal error: 0x8013129d [token:0x06000001]
All Classes and Methods in testlib.dll Verified
(2 Warnings)

Adding call to win32 api MessageBox doesn't break the verifiability.

All on Visual Studio 2003.

http://support.microsoft.com/?id=814472


Ted Miller said:
Thanks for the info.

Click the "Download Sample" link on the SetILOnly sample page -- broken
link. I cannot find this sample or the exe anywhere.

I followed all the points on the last list (except setilonly, which does not
seem to actually exist) -- see my original post. I got an image that still
had vtablefixups.

Also I want to understand the relationship between "verifiable" and
"triggers the mixed dll loading problem".

So does anyone have any info?

Thanks!


"Pent" <pent> wrote in message news:[email protected]...http://msdn.microsoft.com/library/e...producingverifiablecomponentswithmanagedc.asp
check all the points on last list.

Yes, it is possible to produce verifiable image.

there
can to
the
"unverifiable
flag
in
the clr header, so I used ildasm and ilasm to reconstitute the
assembly
with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code? In any
case, manually removing from the il and assembling with ilasm then
made
the
assembly verify.

So I'm left wondering what all of this means. How can I remove
whatever
is prevent
the Is make
that
 
T

Ted Miller

Dude, you rule. I will try this out. That second link was most helpful!
Thanks!

--

Pent said:
I have SetILOnly source in local msdn install.

You didn't follow ALL the steps outlined in original article.

Because if you did, then you wouldn't have gotten vtfixups.

/clr:initialAppDomain doesn't add vtfixups

"Furthermore, even DLLs linked with the /noentry option may deadlock on
versions 1.0 and 1.1 of the common language runtime. DLLs linked with the
/noentry option should not deadlock on the next version of the runtime"
http://msdn.microsoft.com/library/en-us/dv_vstechart/html/vcconmixeddllloadingproblem.asp

http://msdn.microsoft.com/msdnmag/issues/03/03/VisualCNET/
"With version 1.1 of the .NET Framework, the vtable includes a flag that
indicates to the runtime that if the call comes into the assembly from
native code, the application domain that's used will be that of the last
application domain used to call into native code. If you look at an assembly
with ILDasm, you'll see that there is a directive to perform the fixups on
the vtable called .vtfixup. For the new behavior, the .vtfixup directive
will have the flag retainappdomain, which is the default when using the /clr
switch."

I've created a simple MC++ .NET library project.

Left all options at its defaults.

Copied your code and added compiler options:

/clr:initialAppDomain /Od

Linker options:

/noentry /fixed:no /opt:ref

Removed nochclr.obj

Added in .cpp file:
#ifdef __cplusplus
extern "C" {
#endif
int _fltused=1;
void _cdecl _check_commonlanguageruntime_version(){}
#ifdef __cplusplus
}
#endif

using namespace System::Security::permissions;
[assembly:SecurityPermissionAttribute(
SecurityAction::RequestMinimum, SkipVerification=false)];

Then:
Silo.exe -s Test.lib.dll

Then:
peverify TestLib.dll

The result is:
Microsoft (R) .NET Framework PE Verifier Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

[MD]: .NET Framework Internal error: 0x8013129d [token:0x04000001]
[MD]: .NET Framework Internal error: 0x8013129d [token:0x06000001]
All Classes and Methods in testlib.dll Verified
(2 Warnings)

Adding call to win32 api MessageBox doesn't break the verifiability.

All on Visual Studio 2003.

http://support.microsoft.com/?id=814472


Ted Miller said:
Thanks for the info.

Click the "Download Sample" link on the SetILOnly sample page -- broken
link. I cannot find this sample or the exe anywhere.

I followed all the points on the last list (except setilonly, which does not
seem to actually exist) -- see my original post. I got an image that still
had vtablefixups.

Also I want to understand the relationship between "verifiable" and
"triggers the mixed dll loading problem".

So does anyone have any info?

Thanks!


"Pent" <pent> wrote in message news:[email protected]...
http://msdn.microsoft.com/library/e...producingverifiablecomponentswithmanagedc.asp subject
to
the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and
added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit __check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute --
all
per
the instructions on MSDN for creating pure IL Managed C++
assemblies.
The
result was still not pure IL; peverify complains about an
"unverifiable
PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only"
flag
in
the clr header, so I used ildasm and ilasm to reconstitute the assembly
with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code?
In
any
case, manually removing from the il and assembling with ilasm then made
the
assembly verify.

So I'm left wondering what all of this means. How can I remove
whatever
is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these
don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent
the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't
possibly
be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock
problem.
Is
is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock
problem
can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really
is
all
managed code. No CRTs, no unmanaged code, etc. What happens if I
then
make
a
native Win32 API call (note: *not* P/Invoke)? Does that automatically
force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader
lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given
that
I
am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!
 
T

Ted Miller

Thanks again for taking the time to reply. I was finally able to locate the
source for silo.exe. However I'm afraid calling Win32 APIs does in fact
break verifiability and I guess forces a mixed dll.

x.h:

#include <windows.h>
using namespace System;
namespace Test {
public __gc class Class1 {
int TestMethod(int i) { return(i); }
};
}

x.cpp

#include "t.h"
extern "C" {
int _fltused=1;
void __cdecl _check_commonlanguageruntime_version(){}
}

using namespace System::Security::permissions;
[assembly:SecurityPermissionAttribute(
SecurityAction::RequestMinimum, SkipVerification=false)];

Make /noentry, add /clr:initialAppDomain, /opt:ref, /fixed:no etc as per the
instructions.

Then silo -s x.dll, the image verifies (thanks for the help!!!).

But: now change TestMethod to

int TestMethod(int i) { MessageBoxW(NULL,L"",L"",0); return(i); }

Then silo -s x.dll. PEVerify says

[IL]: Error: Unverifiable PE Header/native stub
[IL]: Error: Unverifiable image '' can not be run
2 Errors Verifying debug\x.dll

Sigh. Sadly I think I am forced to C# (with unsafe code and p/invoke as
necessary) -- just cannot risk triggering the deadlock due to the mixed dll
problem.

Pent said:
I have SetILOnly source in local msdn install.

You didn't follow ALL the steps outlined in original article.

Because if you did, then you wouldn't have gotten vtfixups.

/clr:initialAppDomain doesn't add vtfixups

"Furthermore, even DLLs linked with the /noentry option may deadlock on
versions 1.0 and 1.1 of the common language runtime. DLLs linked with the
/noentry option should not deadlock on the next version of the runtime"
http://msdn.microsoft.com/library/en-us/dv_vstechart/html/vcconmixeddllloadingproblem.asp

http://msdn.microsoft.com/msdnmag/issues/03/03/VisualCNET/
"With version 1.1 of the .NET Framework, the vtable includes a flag that
indicates to the runtime that if the call comes into the assembly from
native code, the application domain that's used will be that of the last
application domain used to call into native code. If you look at an assembly
with ILDasm, you'll see that there is a directive to perform the fixups on
the vtable called .vtfixup. For the new behavior, the .vtfixup directive
will have the flag retainappdomain, which is the default when using the /clr
switch."

I've created a simple MC++ .NET library project.

Left all options at its defaults.

Copied your code and added compiler options:

/clr:initialAppDomain /Od

Linker options:

/noentry /fixed:no /opt:ref

Removed nochclr.obj

Added in .cpp file:
#ifdef __cplusplus
extern "C" {
#endif
int _fltused=1;
void _cdecl _check_commonlanguageruntime_version(){}
#ifdef __cplusplus
}
#endif

using namespace System::Security::permissions;
[assembly:SecurityPermissionAttribute(
SecurityAction::RequestMinimum, SkipVerification=false)];

Then:
Silo.exe -s Test.lib.dll

Then:
peverify TestLib.dll

The result is:
Microsoft (R) .NET Framework PE Verifier Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

[MD]: .NET Framework Internal error: 0x8013129d [token:0x04000001]
[MD]: .NET Framework Internal error: 0x8013129d [token:0x06000001]
All Classes and Methods in testlib.dll Verified
(2 Warnings)

Adding call to win32 api MessageBox doesn't break the verifiability.

All on Visual Studio 2003.

http://support.microsoft.com/?id=814472


Ted Miller said:
Thanks for the info.

Click the "Download Sample" link on the SetILOnly sample page -- broken
link. I cannot find this sample or the exe anywhere.

I followed all the points on the last list (except setilonly, which does not
seem to actually exist) -- see my original post. I got an image that still
had vtablefixups.

Also I want to understand the relationship between "verifiable" and
"triggers the mixed dll loading problem".

So does anyone have any info?

Thanks!


"Pent" <pent> wrote in message news:[email protected]...
http://msdn.microsoft.com/library/e...producingverifiablecomponentswithmanagedc.asp subject
to
the
mixed dll/loader lock issue -- or at least. is it actually doable in a
real-world development environment?

To wit: I created a project using the .Net Class Library template and
added
a trivial class with a single trivial method.

namespace Test {
class TestClass {
public: int foo() { return(0); }
};
}

I then made sure /noentry was there; removed nochkclr.obj from the link
targets; added the explicit __check_commonlanguageruntime_version and
_flt_used definitions; and added the SkipVerification attribute --
all
per
the instructions on MSDN for creating pure IL Managed C++
assemblies.
The
result was still not pure IL; peverify complains about an
"unverifiable
PE
header/stub." I searched for the mythical SetILOnly.exe that is also
referenced in MSDN to no avail (even the link to it on MSDN online is
broken). OK, a little research turned up that there's an "IL Only"
flag
in
the clr header, so I used ildasm and ilasm to reconstitute the assembly
with
that flag set. Peverify still complained about "unverifiable PS
header/stub."

Then I noticed that there was a VTableFixup:

.vtfixup [1] int32 retainappdomain at D_00003004 // 06000001

Why is this? In such a trivial project that is purely managed code?
In
any
case, manually removing from the il and assembling with ilasm then made
the
assembly verify.

So I'm left wondering what all of this means. How can I remove
whatever
is
causing that fixup to get generated in the first place? And is there
anything I can do as general programming practice to ensure that these
don't
creep into my code? And are there other constructs besides vtable fixups
(and unmanaged exports) that could creep into my code that would prevent
the
assembly from being pure IL?

2) What actually triggers the loader lock problem -- it can't
possibly
be
that the DLL is unverifyable. Because C# unsafe code also produces an
unverifiable dll, but which is not subject to the loader lock
problem.
Is
is
the simple absence of the "pure IL" flag in the clr header? Is that enough
to trigger the "mixed" loading behavior where the loader lock
problem
can
occur?

3) Where is setilonly.exe?

4) Let's say I solve all of the above and produce a dll that really
is
all
managed code. No CRTs, no unmanaged code, etc. What happens if I
then
make
a
native Win32 API call (note: *not* P/Invoke)? Does that automatically
force
me back into being a mixed dll, i.e., can a dll that calls a routine in
kernel32.dll legitimately set the "pure IL" flag in the CLR header?

Thanks for any information that anyone can provide. Note that I am not
interested in debating the likelihood of encountering the loader
lock/mixed
dll problem. I am interested in hard facts about how I can use MC++ to
create assemblies that are guaranteed to be 100% free of it, given
that
I
am
willing to forego use of the CRTs and adhere to other restrictive
guidelines.

Thanks!
 
P

Pent

However I'm afraid calling Win32 APIs does in fact
break verifiability and I guess forces a mixed dll.

I don't know for sure, maybe someone from MS will comment later.

[...]
Sigh. Sadly I think I am forced to C# (with unsafe code and p/invoke as
necessary) -- just cannot risk triggering the deadlock due to the mixed dll
problem.

That's what i would do given that you don't need to link in any
crt/clibs/etc
to your assembly. I think Win32 API is pretty doable with dllimport.
Assuming
you don't need tons of it.

Hmm i tried:
int TestMethod(int i) { MessageBoxW(NULL,L"",L"",0); return(i); }
But it still verifies.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top