I found and fixed a code generation bug, so a new release candidate. The bug has been around since the very early days, but a change in 2010 made it more likely to surface. It showed up while debugging the Derby problem reported by Dash in the comments here.

Changes (relative to rc 1):

• Updated version to 7.1.4532.2
• Fixed a code analysis bug that under specific circumstances caused incorrect local variable types or null reference loads from local variables.

When the final release is done, it will include the full release notes.

Binaries available here: ikvmbin-7.1.4532.2.zip

Sources: ikvmsrc-7.1.4532.2.zip, openjdk-7u4-stripped.zip

I've added support for generating Windows Runtime assemblies with IKVM.Reflection. This is still experimental because it is mostly based on reverse engineering as there currently is virtually no documentation on this.

The code for generating a trivial component is available here. It doesn't require .NET 4.5 or any Windows Runtime metadata assemblies.

The IKVM.Reflection code is available in cvs.

BTW, I did this mostly because I was curious about what's involved. Don't read anything into this wrt IKVM.NET itself. It's unlikely to ever support running in WinRT.

On October 24 of last year I reported an ASP.NET Medium Trust vulnerability. This eventually resulted in KB 2698981 where Microsoft essentially deprecated ASP.NET Partial Trust.

The problem I reported was that it is possible to abuse Thread.Abort() to create an inconsistent TypedReference that violates type safety.

TypedReference is an interesting type and I've been on the lookout for a way to abuse it for a long time. It's purpose is to allow type safe references to be used in a generic way. To implement this a TypedReference contains both a pointer and a type and all operations it allows make sure that type safety isn't violated. It's a primitive type, so the runtime knows about it and treats it specially. It can be used from partially trusted code and because it can contain a reference to a location on the stack, the runtime enforces that TypedReference values can only be used from a single thread (by disallowing boxing or storing it in arrays or fields).

However, by having one thread repeatedly overwriting a TypedReference location on the stack with two different values and a second thread aborting the first thread at the right moment, you can end up with a TypedReference that combines the pointer from one value and the type from another value and thus violating type safety.

The source of the PoC is available here.

Past patch Tuesday Microsoft released MS12-038 that updated System.Windows.Forms.dll. It fixes a vulnerability in clipboard handling.

To compare the unpatched and patched versions of the assembly, I added an option to ikdasm to supress some of the irrelevant differences. For example, it replaces all uses of the '<PrivateImplementationDetails>{nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn}' class (that the C# compiler generates) where nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn is the module version GUID with the literal string (i.e. it replaces the GUID digits with n-characters). Another change is that some metadata items are sorted by name. Specifically, property and event accessors and custom attributes tend to be ordered differently between different builds.

It's likely that I'll add more in the future.

The option is named -diffmode. Usage is straight forward:

    ikdasm -diffmode -out:System.Windows.Forms.il System.Windows.Forms.dll

Updated ikdasm sources are available here: ikdasm-v0.2.zip

Ten years ago today I started blogging about IKVM.NET. It's been an amazing journey and when I started it I never would have guessed I'd still be on it ten years later.

Some of the highlights include making many new friends, meeting industry luminaries, speaking at conferences, working with the GNU Classpath community (and the fun FOSDEM weekends), working with the Mono community and, of course, the open sourcing of OpenJDK.

The end of the journey is not yet in sight as I still have enormous amounts of fun and both Java and .NET keep adding new features that keep things interesting.

Some statistics:

• 540 blog entries
• 739 blog comments
• 22 releases
• Over 200000 downloads
• 3637 messages to the ikvm-developers mailing list
• 4577 messages to the ikvm-commit mailing list
• 10 security vulnerabilities reported
• 9 CLR JIT bugs encountered.
• 2 name changes (from I<<K.VM.NET to IK.VM.NET to IKVM.NET)

The second release candidate is available. Unlike the previous rc, this one is buildable on Linux again (tested with Mono 2.10.5). It also fixes a regression in final field handling.

Changes (relative to rc 0):

• Updated version to 7.1.4532.1
• Fixed Linux build issue due to assembly.class filename case error in tools.rsp
• Updated copyright years in LICENSE
• Merged in OpenJDK 7u4 changes in THIRD_PARTY_README.
• Bug fix. AssemblyClassLoader.InternalsVisibleToImpl() would crash with NRE if it got called on a single assembly class loader, because it should call GetLoader(Assembly) to get the AssemblyLoader instead of GetLoaderForExportedAssembly().
• Bug fix. When resolving properties corresponding to fields with type 2 access stubs, unloadable types with the same name should compare as equal.
• Bug fix. When a final field is wrapped in a property, any assemblies that are concurrently compiled with the declaring assembly will access the backing field directly and hence the declaring assembly will need an InternalsVisibleToAttribute to allow them access. This fix makes sure that this attribute is applied when the field is accessed from another (concurrently compiled) assembly.
• IKVM.Reflection: Added workaround for Mono 2.10 bug in AssemblyName (public key token for ECMA public key is not created correctly).
• IKVM.Reflection: Added workaround for Mono to StrongNameKeyPair.
• IKVM.Reflection: Disallow key container constructor of StrongNameKeyPair when running on Mono on Windows.
• IKVM.Reflection: Bug fix. Type.GetInterfaces() should work for unbaked types.

When the final release is done, it will include the full release notes.

Binaries available here: ikvmbin-7.1.4532.1.zip

Sources: ikvmsrc-7.1.4532.1.zip, openjdk-7u4-stripped.zip