# Thursday, 28 December 2006
IKVM 0.32 Released

I released 0.32 to SourceForge (same bits as rc1).

Thursday, 28 December 2006 16:57:44 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]
Object Schizophrenia

Early on in the design of IKVM, I decided that I didn't want to use wrapper objects to bridge the Java and .NET type systems as this leads to either object identity problems (and I just found out that this is sometimes called object schizophrenia and that triggered this post) or horrible performance.

By contrast, J# does use wrapper objects in a least one case and this does indeed lead to object schizophrenia:

public class Program
{
  public static void main(String[] args)
  {
    String foo = "Foo";
    Comparable comp = foo;
    System.out.println(foo == comp);
  }
}

Compiling this Java code with Visual Studio 2005 and running it produces false, while it clearly should print true.

While IKVM doesn't suffer from this, there is a somewhat related problem to look out for when using IKVM ghost interfaces from a .NET language:

using System;
using java.lang;

public class Program
{
  static void Main(string[] args)
  {
    CharSequence seq = "foo";
    object obj1 = seq;
    object obj2 = seq;
    Console.WriteLine(obj1 == obj2);
  }
}

Running this C# app produces False. This is because CharSequence is a ghost interface and represented by a value type. Assigning it to a local variable of type object boxes the value type instead of giving the underlying string object. Note that this only applies to ghost interfaces (i.e. java.lang.CharSequence, java.lang.Cloneable and java.io.Serializable). To fix this problem, you have to explicitly unwrap the object from the value type:

CharSequence seq = "foo";
object obj1 = seq.ToObject();
object obj2 = seq.ToObject();
Console.WriteLine(obj1 == obj2);

Unfortunately .NET doesn't have any mechanism for a value type to prevent (implicit) boxing or defining a custom implicit object conversion operator.

Thursday, 28 December 2006 14:07:23 (W. Europe Standard Time, UTC+01:00)  #    Comments [2]
New Snapshot

A new development snapshot. Now that GNU Classpath generics support has been merged in the IKVM.GNU.Classpath.dll has become a little bigger again (mostly because of the metadata associated with generic types and methods). Additionally, because enums and annotations are now fully available I've been able to continue work to support those better (in particular the integration between .NET and Java). It is now possible to use most Java annotations as .NET attributes in a fairly natural way.

Here's an example of using some Java annotations in C#:

[Retention(RetentionPolicy.__Enum.RUNTIME)]
[Target(new ElementType.__Enum[] { ElementType.__Enum.FIELD, ElementType.__Enum.METHOD })]
[Documented]
[Inherited]
[AnnotationLib.MyClassAnnotation(typeof(string))]
[AnnotationLib.MyClassArrayAnnotation(new Type[] { typeof(string), typeof(test) })]
[AnnotationLib.MyIntAnnotation(42)]
[AnnotationLib.MyIntArrayAnnotation(new int[] { 42, 123 })]
[AnnotationLib.MyStringAnnotation("Foo")]
[AnnotationLib.MyStringArrayAnnotation(new string[] { "Foo", "Bar", "Baz" })]
[AnnotationLib.MyPropAnnotation(count = 3)]
[AnnotationLib.MyOptionalValueAnnotation]
interface IFoo
{
}

Note in particular that Java enums are represented as nested .NET enum types (automatically generated by ikvmc whenever it encounters a public enum) and that Java class literals are represented as .NET Type literals. These mappings are required because .NET attributes (like Java annotations) cannot have arbitrary types as parameters.

List of changes:

  • Updated to current GNU Classpath cvs version.
  • Many AWT improvements (done by Volker Berlin, who now has cvs commit access).
  • Fixed bug in handling of annotation parameters of type Class.
  • Changed System.mapLibraryName to look at os.name system property and support the Mac OS X naming convention (but note that os.name needs to be explicitly set to "Mac OS X" for this to work).
  • Implemented most of the support needed to use annotations as .NET attributes. This includes generating a nested .NET enum named __Enum for Java enums (to make them usable in .NET attributes). Using annotations as attribute parameters is not supported (i.e. in .NET languages, for Java code annotations work as specified.)

Binaries are available here. Source is available in cvs.

Thursday, 28 December 2006 09:20:20 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]
# Monday, 11 December 2006
IKVM 0.32 rc1

Here's the release candidate. Updated japi results are available here.

Changes since previous snapshot:

  • Integrated GNU Classpath 0.93.

Files are available here: ikvm-0.32.0.0.zip (sources + binaries), ikvmbin-0.32.0.0.zip (binaries), ikvmbin-generics-0.32.0.0.zip (binaries built from generics branch))

As usual the binaries in ikvmbin-0.32.0.0.zip are signed and the generics binaries are not signed (and should be considered experimental and are not as well tested as the signed binaries). Post 0.93 the GNU Classpath generics branch will go away and be merged into the main branch.

I going on vacation tomorrow and will be back on the 21st. Please test this rc in the mean time ;-) When I get back I will do the official release.

Update: As Andrew John Hughes points out in the comments, the GNU Classpath generics merge is now done. I've modified the ikvm build to support this and checked these changes in.

Monday, 11 December 2006 09:43:31 (W. Europe Standard Time, UTC+01:00)  #    Comments [2]
# Thursday, 07 December 2006
.NET Framework 2.0 Security Hole

Yesterday I discovered a bug in the JIT that not only causes incorrect results, but also allows the type system to be circumvented, which in turn leads to the possibility of arbitrary code execution. I have a proof-of-concept that executes arbitrary x86 code from a verifiable and partially trusted C# application.

I reported the bug to Microsoft and it turns out that it was independently discovered and reported by someone else in August (but who, I believe, did not understand the security implications of the bug). The bug was subsequently fixed in September and the fix made it into the Vista release of the .NET Framework 2.0 (so if you're running Vista, you're not vulnerable.)

They tell me that a fix will be distributed via Windows Update "sometime in the next few months". If you don't want to be vulnerable in the mean time, disable running .NET code in the browser and don't run any ClickOnce applications from untrusted sources.

I will publish my proof-of-concept and analysis after the patch is released.

Thursday, 07 December 2006 07:45:59 (W. Europe Standard Time, UTC+01:00)  #    Comments [2]
# Tuesday, 05 December 2006
New Snapshot

Final snapshot before the 0.32 release candidate (due after GNU Classpath 0.93 is released).

  • Integrated GNU Classpath 0.93 cvs branch.
  • Fixed type sealing optimization to take -privatepackage option into account.
  • Fixed line number table encoding bug (for line number deltas > 8191).
  • Fixed array to support internal accessibility (@ikvm.lang.Internal annotation or ikvmc -privatepackage option).
  • Switched to using NAnt-0.85 (release) for building.
  • Unforked gnu.classpath.Pointer. GNU Classpath native code that uses Pointer can now be used as-is.
  • Removed various gnu.classpath.Pointer hacks from compiler and runtime.
  • Removed handcoded DirectByteBufferImpl methods from map.xml
  • Forked DirectByteBufferImpl and merged in MappedByteBufferImpl functionality. DirectByteBufferImpl now uses .NET type System.Runtime.InteropServices.Marshal to do direct buffer manipulation and uses a PhantomReference to schedule cleanup.
  • Updated FileChannelImpl to use new DirectByteBufferImpl instead of MappedByteBufferImpl.
  • Changed FileChannelImpl to directly use win32 boolean instead of polymorphism, for the few platform specific operations.
  • Fixed regression introduced in previous snapshot. IsErasedOrBoxedPrimitiveOrRemapped should only return true for Java primitives, not all .NET primitives.
  • Added check to ikvmc to make sure that all assemblies required by referenced assemblies are available.
  • Added attempted workaround for c++/cli compiler bug https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=234167
  • Fixed Socket.soLingerOption(false) handling.
  • Added String.format() methods. (Note that they delegate to GNU Classpath's java.util.Formatter which isn't yet fully functional.)
  • Changed class file parser to accept version 50 (Java 6) class files (the StackMapTable attribute is still ignored though).
  • Fixed ikvmc to make the stub methods that exist to hide System.Object and System.Exception methods from java.lang.Object and java.lang.Throwable do a virtual call on the methods they hide, instead of a non-virtual call.
  • Removed public instancehelper_finalize() and instancehelper_clone() methods from java.lang.Object & java.lang.Throwable. This required some relatively ugly hacks, but having these protected methods callable by anyone was not acceptable from a security p.o.v. so hacks are a necessary evil. As a side effect, these hacks made it possible to implement clone() for types that extend cli.System.Object and cli.System.Exception (as long as they implement the java.lang.Cloneable interface to signal that they are OK with being cloned).
  • Enabled IKVM.AWT.WinForms.dll target on Linux.
  • Changed AssemblyClassLoader (Java code) to keep track of the Assembly it corresponds to.
  • Implemented some simple codegen optimizations in CountingILGenerator.
  • Implemented resource loading delegation for assembly class loaders.
  • Added support (albeit a little hacky) for generating class stubs for .NET generic type instances.
  • Added ikvmc -externalresource option to link external files as resources (i.e. instead of embedding the resource in the assembly, only a filename and hash are added to the assembly manifest.)
  • Pre-linked .NET method wrappers, to fix problem with .NET generic types in signatures.

Source is in cvs. Binaries: ikvmbin-0.31.2530.zip

Tuesday, 05 December 2006 08:57:09 (W. Europe Standard Time, UTC+01:00)  #    Comments [1]