Modern language characteristics using Visual C ++ 2005 to write faster code (transfer)

xiaoxiao2021-03-06  94

C topic uses Visual C 2005 Modern language character to prepare faster code original: Stephen Toub Translation: floatingns Oria: C : Write Faster Code with the Modern Lanugage Features of Visual C 2005 This article is based on the release of Microsoft Visual Studio 2005 Originally codenamed "whidbey". All information contained herein may change. This article discusses:

.NET C / CLI syntax

Interopement technology

Optimization of configuration file guidance

MSIL optimization

OpenMP support

Enhanced buffer safety check

This article uses the following techniques: Visual C .NET 2003 and Visual C .NET 2005 For C language enthusiasts, the launch of the C compiler in Visual Studio .NET 2003 is absolutely coveted. The 98% ingredients in Visual C .NET 2003 are consistent with C standards, which makes it more close to these standards than ever, and it also has integrated language support like some template. He also added enhanced buffer safety checks and improved compiler diagnostics. The C language developers are like C # and Visual Basic .NET developers, you can use drag and drop form designers to generate a robust Windows Form. The compiler of Visual C .NET 2003 also includes optimization of Pentium 4 and AMD Athlon processors. If you are excited about Visual C .Net 2003, you may be crazy in love with its next version Visual C 2005. Visual C 2005 provides elegant and powerful grammar support for .NET development. Its latest optimization technology allows Microsoft's software product running speed by 30%. Its new compilation mode ensures that the General Language Framework (CLI) is compatible and verified by Microsoft .NET architecture, and it is a seamless connection to the collaborative work, but also provides a seamless connection between the unit and the hosted environment, but also provides a mix The fully controlled ability of the environment. This compiler retains buffer security check functions provided in the first two versions and enhances them, including a new security enhancement version of the library commonly used by C applications. It provides support for OpenMP standards and 64-bit platforms such as Intel and AMD Athlon. It solves the load problem of hybrid dynamic connection libraries and provides automatic clearance of Double P and called performance defects at runtime. There are still a lot of enhanced features and improvements in this compiler. Just like a development engineer in the C development group tells me, "Brothers, C finally found itself!" How many people in our people hate the first two versions in our people C hosted expansion syntax and think it is wrong? How many people think that Visual C is not treated as a .NET-based number one programming language? Obviously, most people in us think this (this includes Visual C developing group people, you will know that they will know). The Visual C team listened to our complaint, so they began to develop Visual C 2005. The C hosted extension provided with Visual Studio .NET is like a dinosaur that disappears, and then launched a ponderful language definition standard and attractive new language rules. The design team of the new language has several important goals for this version in terms of language design. First (this may be especially important for people who think that the code is also an art). They want to ensure that the programmers should feel natural when writing C code, and the language itself should provide an elegant grammar, it Should be a pure expansion of ISO C standards. They want programmers to easily write reliable code to support part of the trusted scenes in SQL Server 2005, with "ClickOnce" deployment, form design support, and managed code support.

They don't want to give anything more space than the C . They want to bring all the powerful functions of .NET to C , while also bringing the powerful function of C to .NET. They have achieved impressive success in all aspects. The new extension rule is called C / CLI and is now standardized. To learn more about new language extensions, you can download the trial version of the trial version of the trial version of 21 September 21, 2003 at the C / CLI language standard. For anyone who reads the code written in the new grammar, the most obvious is that the dual downlines used in the hosted expansion to define garbage disposal classes, attributes, and other things have become the past. Some such keywords are still preserved, and some new keywords are also included, but they are now not often used, and they do not affect the readability of the code. These double underscores keywords are replaced by two new keywords: context-sensitive keywords and combined keywords. Context-sensitive keywords are keywords used in a context (translator Note: the context), and the combined keyword is the keyword used with its keywords. For example, the __property keyword in the hosted extension will be replaced by Property (not only the case, but also to define all the syntax rules of the attribute and its access mechanism have dramatic optimization, making its statement look very similar to C #'s grammar (See Figure 1) This does not affect the name "Property" as a variable when encoding. In the statement that a type of property is declared, the logo parsing to "Property" is only It is deemed to be a keyword. In the new language rule, the type is declared in the form of "modified". In such a statement, use a "adjective" to describe which type of class you created, as shown below: Class: Class N {/ * * /}; // Native REF CLASS R {/ * * /}; // CLR reference type

Value Class V {/ * * /}; // CLR value type

Interface Class I {/ * * /}; // CLR interface type

ENUM CLASS E {/ * * /}; // CLR enumeration type

In the previous language versions, the type can be determined when the type is declared. Only the type of this machine or structure and the hosted value can be created on the stack. The hosted reference class always exists in the hosted stack. In Visual C 2005, all types, whether this machine or hosted, will be created on the stack, which uses the stack-based thorough clearing syntax to complete this feature. To instantiate an object of Type T on this machine, you can use the "New T" method. This can return the address pointer of this object on this unit (this is a concept called __nogc pointer mentioned in Visual Studio .NET 2002 and Visual Studio .NET 2003). To instantiate the type T of Type T on the hosted pile, Visual C 2005 introduces this keyword, which is the same as the New keyword. Calling "GCNew T" can return a handle pointing to the entire object in the hosted stack. The handle is a new structure introduced in Visual C 2005, which is similar to the __gc pointer in the hosted extension. Want to instantiate T type objects on the stack, the standard "T T;" is already enough. For fairness, I will introduce how I define instantiation. The managed reference class always exists in the hosted stack, and the local type always exists in the stack or native stack. When a managed reference is declared to existing in the stack, the compiler is actually instantiated on the hosted stack. See Figure 2. Figure 2 The hosted reference type on the stack will have some problems. What happens when I am in the stack exceeds it? How will this instance cleared? Many C # developers have been complaining that C # language cannot completely remove garbage. C # provides a keyword method that makes it easy to clean the IDisposable object, but this requires more code, and it is especially awkward compared to the destructor familiar to C developers. In C #, the security cleanup work cannot be performed by default. Clean up work requires a special code implementation. We take the first C # code section in Figure 3 as an example. StreamReader objects are declared as created on the hosted stack. When this method is executed, the instance of StreamReader does not have any references. However, this object will be cleaned up until the garbage collection program is running. Until the time, the file used will be closed. Before this, this application will always take up the handle of this file. In order to add a thorough rubbish cleaning, you must implement the IDisposable interface in class using the unmanaged resource. The second code example in Figure 3 represents a sample of C # new code. In fact, this method has not been tasted, but also has a certain readability. But when you start adding more code objects that need to be cleaned, your code will become increasingly difficult, and any object you have forgotten will give the finals when the final garbage collection program is running. The thread increases the burden. Before this, you may have a lock with some valuable resources. This is especially unbearable in the code implementation of Visual Basic .NET (although Visual Basic 2005 added Using statements similar to C # phase) Visual C 2005 now provides any type to destructor and / or the finishing module. Whether it is hosted or a unit. In this type of hosted, the compiler maps the despic function to the idisposable :: Dispose method. This means you can write the same method with the C language. As shown in the fourth code segment of Figure 3, the destructive function / dispose method of reading the program here will be called automatically, just like using the "Using" statement in C #.

When a type is created on the stack, its destructor is called when it exceeds its use range. One of the biggest issues of hosted extensions is the use of pointers. The pointers are used for a wide variety of tasks, and their condition is also complex and more variable, and pointer behavior like this is difficult to understand. In a particular code segment, you want to interpret yourself and which pointer to deal to a certain extent. This complexity will be removed in the next version. In Visual C 2005, the pointer is originally originally the original pointer. They point to stable objects, and you can use pointers to arractive operations. The survival period of the pointer to the object must be dominated and managed by the developer. When using a pointer, the running library will not be responsible for cleaning the garbage from the pointer. Let us now look at how Visual C 2005 designers solve this problem. Unlike Visual Studio .NET 2003 and Visual Studio 2005, the "GCNEW" operator returns a "handle" - a new type of structure, represented by "^" symbol in syntax. This handle references the entire object in the hosted stack. That is, they cannot be used to point to the inside of the type, and the compiler has a series of restrictions on handles to ensure their behavior, and this can also help developers use the handle. The handle does not allow arithmetic operations, nor can it be mapped to an empty pointer or any complete type. However, the asterisk and arrow operators are still used to reference their objects. This doesn't mean that you can't get a pointer to the garbage collection program. And using the "&" operator in C # similar to a fixed keyword consortium, in Visual C 2005, the PIN_PTR abstract type allows you to get a fixed pointer to the object on the hosted stack. As long as this pointer exists, the object in the hosted stack is fixed, which prevents the garbage collection program from moving it during the collection process. Visual C 2005 also joined the tracking reference operator, annotated with a percent (%). When the developer understands the "&" reference operator of this unit, most people know that it is a pointer to the object, and is made by the compiler when used. In most cases,% is like & pairs *. In the hosted environment, native reference points to managed objects are just as dangerous as the host pointer to managed objects. The basic truth behind the pointer and reference is: the object being referenced does not move around. Tracking references and native references are very similar, except, the tracking reference references the objects on the hosted hosted stack, and "tracking", even they are removed by the garbage collection program. The percentage operator is also used to take the "address" of the target, so it is like the & operator application returns a pointer to that object, and the% operator is used to return a target when the cursor reference type is returned. Handle. Overall, when C developers know that they will be relieved when they are controlling their programming languages. To this end, the third party promotes the adoption of this standard, and guarantees the stability of the language itself to advance, this new grammar rule collects the length of the company to become a proposed standard for C / CLI. In October 2003, ECMA has organized a special task group by voting, named TG5, its purpose is to analyze and adopt this standard, just like WG21 as an ISO C management group. In fact, key characters in WG21 are also working in TG5. Their plan is to standardize its (translator Note: C / CLI) at the end of 2004.

Interope Options Visual C 7.1 provides the best Interop function in all members of Visual Studio .NET 2003. It has practical ability to realize the interh interop scene in the real world. This is an illustration in the migration of the QUAKE II to the .NET frame, (see http://www.vertigosoftware.com/quake2.htm), Visual C 2005 further expands this feature. In managed and native environments, there are four main ways to use .NET INTEROP: COM Interop can be implemented by Runtime Callable Wrappers (RCW) to COM CALLABLE WRAPPERS (CCW). General Language Runtime (CLR) is responsible for type encapsulation (unless the customized feeding mechanism is used in very few cases), and the overhead of these calls is large. You need to avoid the exports too often, otherwise it will have a serious performance issue. You also need to guarantee that your packaging has always been consistent with its underlying components. That is, when you have a lot of this machine COM code, COM Interop is very useful when you use some simple Interop applications. The second Interop option is to use P / Invoke. This is done by using the DLLIMPORT property, where you should indicate the functionality of the function to introduce the properties. The package process is processed in accordance with how it is defined at the statement. However, DLLIMPORT is only available when you have a code to get functions from the DLL export. When you need to call managed code in this machine code, the CLR host is also a method. In this case, the machine application must drive all tasks: establish a host, bind the host, run the host, get the appropriate AppDomain, create a call environment, find the needs, and call it in the target class The method of the next method. In terms of control, when this is what happens, this is undoubtedly one of the most complete solutions, but this will also bring unimaginable boring and need many custom code. The fourth approach, it is also possible to be the simplest and most feasible method, which is the use of C intero. By setting the / CLR switch, the compiler generates MSIL instead of this machine code. The only code that is generated as this codes cannot be compiled as MSIL, which includes functions such as inherent CPU inherent characteristics with internal assembly blocks and use (ASM) and Streaming SIMD EXTENSIS (SSE). The operation of the code. Quake II is turned to .NET using / CLR switch. The Vertigo Software Team took a day time to successfully convert the original game code written by C to C code, and then set the / CLR switch. Soon, their code can run on the .NET framework without problem. There is no need to add any excess binaries but simply contain the appropriate header file, managed C and local C to call each other without any developer's participation. The compiler handles the creation of the appropriate code to freely swim in both environments. This brings some questions to C developers. One of the questions is that the list of mixed DLLs listed in reputation, Visual Studio .NET 2002 and Visual Studio .NET 2003 are affected by this issue.

If you are running the local code in the loader lock and you quote a managed type in the program that has not been loaded, the CLR will be very friendly to load this assembly. It is achieved by calling LoadLibrary. Of course, LoadLibrary will try to get the load lock, which will make you encounter a deadlock problem. If a class of developers and product managers, if he heard that this problem will be solved in the upcoming version, it will be very happy. / CLR switch is an excellent tool for C developers, but it also has some shortcomings. As I mentioned earlier, the mirror generated by the / CLR switch includes both the local code and the hosting code, which sometimes causes problems. First, these mixed mirrored are not compatible with CLI (for example, they cannot run on ROTOR). They have the entrance of this machine, and when you frequently cross the hosted boundary, it will bring great overhead due to conversion. But most importantly, the presence of these native entrances will bring great harm to the tools that include the code including the map. In order to check a mirror, you must load the code set and execute it. The mapping can only be checked for metadata when all initialization is executed. Unfortunately, the mapping cannot be properly loaded into a hosted code set containing the native entry. In addition, Visual Studio .NET 2003 rarely generates a validated code. Even if it can, it costs more time it takes more than other important issues. MSIL's first-class support from non-verification code (you can make pointer arithmetic operations, indirect load and access the machine you), the test code allows you to handle some of the needs of some trust, where you can use Visual Studio 2005 provides a rich feature. Since the hosting code host in SQL Server 2005 depends on partial trust, a click deployment is true. A primary goal of the Visual C 2005 Development Team is to help the compiler can help when developers develop non-mixed and proven mirrored products. They achieve this by introducing two new compiler switches: / CLR: Pure and / CLR: Safe, I need to introduce how C intersation is working before I explain how to use these new switches. "Running is normal" in Visual Studio .NET 2003, C Interop technology is called IJW or "running normal". In the upcoming version, this is changed to a more descriptive name "InteroP Technology". So how do it "run normally"? For each native method used by the application, the compiler also created a managed entry and an unmanaged entry. One of them has a practical code implementation, and the other is a forwarding code block that creates appropriate transformation and performs any necessary encapsulation processing. The hosted entrance is often used to do actually code implementation unless the code of this method cannot use the MSIL representation or the developer uses the "#pragma unmanaged" compiler parameters to force the native entry to be implemented. When using an IJW forwarding module (for an example, when the entry is forwarding the module), the compiler is provided to the module to be implemented and passed through an offset or an introduction address table (IAT) to transfer. The actual code is implemented. The estimation of the time complexity of the IJW module is about 50 to 300 clock cycles (although carefully selected testing can make this number to only 10). When the forwarding module is MSIL, the hosted P / Invoke will be used. P / Invoke contains only a declaration without practical way; the CLR provides features that support the runtime of the module.

These forwarding modules are usually slightly slower than the local machines of the same function. As mentioned above, the result of using IJW has two portions, a hosted and an unmanaged. However, some structures need to fill these inlets when compiling (give an example, like function pointer and virtual table vtable). And if we are compiled, we cannot know the hosted state of the address when running time, then how should the compiler determine Which entry? In Visual Studio .NET2003, the compiler always selects a non-hosting entry. Of course, this will cause trouble when the call function is really hosted, this problem is Double P / Invoke issue. (See Figure 4) In this case, the call to the non-hosting module will only result in the call to the managed code, such an operation causes several large unnecessary overhead. Figure 4 Double P / Invoke Problem Visual C 2005 proposes several solutions. The first solution is to use it to make you declare a keyword: __ clrcall, it determines if a non-hosting entrance is placed on the basis of the French wheel. Use this keyword to declare the function, prevent a non-hosting entry (one of the disadvantages to do is that this function cannot be called directly by the local code). __clrcall keywords can also be placed on a function pointer so that the pointer is mounted in the case where the compiler has selected. Visual C 2005 provides a second solution to solve the Double P / Invoke problem allows it to use runtime checks and a cookie to help the run library to decide whether the non-hosting module can be ignored, thereby directly forwarding the call to the managed entry. However, this feature does not necessarily solve the problem. The third solution is pure MSIL. The new / CLR: PURE compiler tag tells the place to generate a pure host mirror image without a native structure. This not only produces a block, which is compatible with the CLI, but also solves the Double P / Invoke issue by preventing the generated unmanaged module from resolving the Double P / Invoke issue. As a result, each function has only one entry (hosted entrance), so that the virtual table vtable and the function pointer will not be mounted by the non-managed entry. However, just because the code is compatible with the CLI, it does not represent it is verified, which is a particularly important indicator for considerable code is from the shared file. In another extreme, Microsoft introduces a more stringent compiler sign: / CLR: SAFE. This can be said to be a Verify code for C developers. Quote This switch will make the compiler to ensure that the generated assembly is fully verified; any verified structure will throw compile time errors. For example, when you try to compile a interaction into a variable, you will generate: "int * = this type is not verifiable"

The mistake, meaning "int * = this type has not been verified" and marks the code line containing the invalid structure. There are some cases to use this extreme practice. For example, all C code that runs in SQL Server 2005 for stored procedures should be compiled with this flag. Figure 5 Compatible Mode Figure 5 describes the managed and unmanaged environment of data and code, and shows which environment is an object of different compiler logos. Does not include any / CLR flag will result in a full native mirror image. Using the / CLR flag will form a mixed mirror of homing and non-hosting code and data. Pure MSIL generated by using / clr: Pure flag will not contain any non-managed code, although this is not guaranteed to be verified, and may contain native types. Safe MSIL is the final state of the verification, its target is just the .NET framework. In a word, these two new compilation patterns will change the previous or unlikely or difficult to achieve multiple situations. Optimizing all excellent software developers want their software products have a good performance, compiler writing staff is a special developer; their code is not only good performance, but also the code they write The code must also be as efficient as possible. For this reason, there must be a good optimization support behind any successful compiler. In this regard, Visual C 2005 is impeccable. Visual Studio .NET 2002 and Visual Studio .NET 2003 have made a lot of work in the performance improvement of this machine code, and they have joined some amazing optimizations for C compilers. While joining the SSE and SSE2 frames, they also provide support for Intel Pentium 4 chips. The most significant is to join the Whole Program Optimization (Translator Note: Global Program Optimization], which allows the linker to optimize the entire program when each compiled .cpp file is turned .Obj file. These target files are different from those of ordinary target files because it contains this unit code, it is better to contain intermediate languages ​​used to communicate with each other at the front end of the compiler and the rear end. Then the linker can optimize these files into a large unit, which provides more inline opportunities, better stacks to select and custom call specifications in other different situations. Visual C 2005 uses new features to improve this new feature from bottom to, but larger improvements are made by Profile Guided Optimization (POGO) [Translator Note: Configuration Guide Optimization] An emerged. This new feature provided in the compiler will be improved. For a compiler, static analysis of source code will leave many open problems. If two variables are compared in an IF statement, the first variable is much higher than the frequency of the second variable? In a switch statement, which case is selected in the number of times? Those functions use the most, which code is most often used? If the compiler is compiled, you know how to use the code at runtime, it can be optimized in most cases. This is exactly what the Visual C compiler can do. Figure 6 The compilation process of the optimized POGO is shown in Figure 6, and the first step contains the compiled code and links it into a tool-constructed structure, which has a set of configuration information detectors. When using global optimization, the compiler is generated and imported into the target file of the linker, which is composed of an intermediate language instead of a native code. These detectors have two: value detectors and count detectors.

Value detectors are used to construct a histogram of variable control, and count detectors are used to track the number of times you travel to and from a special path in the application, when the application runs, data from all these probes Collection and written to a configuration database. This configuration data is imported into the linker along with the original target file. The linker can analyze the configuration data, decide the special optimizations that should be adopted, and generate a new non-standardized application structure. This is just a version of the compiled version instead of a specification that can be used to publish it to the customer. Pogo (Optimization of Configuration Guidance) is a lot of optimization. Based on the count detector, inline can be used at each function call. Value detectors reorganize the Switch and IF-ELSE statements to remove the highest frequency of frequencies and avoid excessive unnecessary attempts before finding a common case. The code segment will be rearranged, so the most common code is row, rather than compulsive, unnecessary jumps within the code. This avoids Translation Lookaside Buffer (TLB) [Translator Note: Translation Finding Buffers] High overhead throughput and page exchange. The code that is not commonly used can be placed in a special paragraph of this module, which will help to avoid these issues. By using virtual calls, it is often caused to avoid lookups for virtual tables in most cases of virtual calls to a particular type of virtual call. By using partial interloquies to ensure that only the code segments that are often used in the function are inline, this is determined by calling functions based. In addition, some code segments are compiled with some optimization, while others compile them in other different purposes. For example, frequently used and / or small functions can be compiled (/ o2) according to maximum performance angles; not often used and / or larger functions are compiled into minimal space (/ O1). If you can understand your actual work environment and put your application in use, the performance of the program will get the maximum extension. Recently, SQL Server uses POGO to recompile, in many commonly used cases, 30% performance soar. In this way, you may guess Microsoft will start using this technology to re-compile it. It should be noted that when you establish a specification version configuration, don't try to overwrite all the code, this is very important. The pan of POGO is how to optimize the situation. If you perform POGO optimization on all code, you may have to get lost. Visual C 2005 has also joined OpenMP support, which is an open standard for establishing multithreaded programs. It contains a series of PRAGMAs to tell the compiler which code segments can be processed in parallel. Some large cyclic structures that are not large with the previous cycle is best suited for OpenMP. Look at the simple copy function below, it adds the values ​​of the arguments A and B and stores them and stores in the array c. Void Copy (int A [】, int b [], int C [], int layth) {

#pragma omp Parallel

For (INT i = 0; I

{

C [i] = a [i] b [i];

}

} On the machine with multiple processors, the compiler generates multithreading to perform each cycle, and each thread will perform a subset of replication actions. It is worth noting that the compiler cannot confirm whether this loop relies on other code, so it does not prevent you from using these Pragma in inappropriate. If there is dependency, you are very likely to get different errors with you, although this is correct. Although the maximum benefit when using OpenMP is the case of parallel processing cycles in the above example, use it in linear code, which will also make performance to improve the "#pragma omp section" parameter can be used to non-dependence in a piece of code. The part makes a mark, which allows the developer to specify the area that can be run in parallel. The compiler can then generate multithreaded to perform these sections on different processors. For all people developed using .NET, an important change is that the Visual C 2005 optimizer is optimized for MSIL and the optimization of the machine platform, although the optimizer is passed Different adjustment options are done, and today's real-time (JIT) compiler is analyzed and optimized, which allows the C compiler to optimize when compiling, which can also provide great performance The advantage (C compiler has more time to analyze instead of JIT). The Visual C 2005 compiler optimizes managed types: optimization, expression optimization and inline. However, some local compilers are unable to optimize .NET-based code. For example, due to the problem of pointer arithmetic operation, it has some powerless, and some code cannot inline due to the rules of CLR on strict types and regulations of members, although the compiler is indeed A large number of analyzes were conducted to legally inline opportunities. In addition, optimizing MSIL needs to balance the impact on JIT. For example, you wanted to unlock a loop to produce too much variables to the JIT compiler, so the JIT compiler must be registered (a problem with NP completion). The Visual C team is studying these issues and will receive a properly adjusted solution when publishing throughout the system. Safety In 2002, Bill Gats advocated the development of high-reliance computer software, which had unbearable impact on all products developed by Microsoft. The developers of the Windows operating system spent months of safety training and code discussing, which makes Windows Server 2003 have the company's highest security operating system. Microsoft Office 2003 also includes many security features, such as information management (IRM), better macro security, and HTML download mask in Outlook. The compiler team also stepped more securely to develop their compilers and their creations. Visual Studio .NET 2002 introduces a buffer security check / GS compiler option. This marker causes the compiler to allocate space on the stack before returning the address suspected of buffering attack. After entering the function, a security cookie with a calculated value will be placed in this buffer, while the compiler checks and guarantees that the value of this cookie is not modified when exiting the function. Changing the Cookie value means that the return address of the function has the likelihood of overwriting other addresses, which will generate an error and cause the application to terminate. Of course, this does not prevent all buffer overflow attacks. Visual Studio .NET 2003 has reinforced / gs. It allows these local variables to prevent these local variables from other local variables by organizing local variables on the stack. This will prevent the virtual table VTABLE hijacking attack and other pointers based attacks.

Figure 7 The original / GS Visual C 2005 has been updated again for this powerful feature. When a function is called, the activation record of the function is emissions like Figure 7. If a partial buffer has overflow, an aggressor may override all things on its stack address, including exception handler records, security cookies, frame pointers, return addresses, and functions. All of these values ​​are protected by various mechanisms (like a security exception handler), however, in a function that is used as a parameter with a function pointer, it is still possible to buffer overflow. If a function is a function pointer (or a structure or class containing a function pointer or class), the attack program may overwrite the value of this pointer and cause the code to perform any function he / she wants to run. To prevent this, Visual C 2005 analyzes all function parameters to find this weakness and emissions the function activation record image. Those of the vulnerable parameters will create a copy under the stack address of the local variable, and use these copies instead of the parameters itself. Once the parameter itself occurs, they will still maintain the original value due to the use of a copy, so there will be no destructive power. Figure 8 The new / GS is consistent with the "default is secure" this high reliability calculation orientation that the Visual C 2005 compiler makes the buffer security check option for default activation. This will help all products compiled with Visual C more secure. In fact, Microsoft is now generating all of this activation option, including Windows, Office, and SQL Server. The other advances in Visual C 2005 is to ensure that the code is based on security considerations. Most C applications are dependent on the C run library (CRT) and standard template library (STL). When designing these things first, the security of the code will not be prioritized, and many popular attack gaps will also be ignored. The result of this is that many features provided by these libraries are mostly used in an insecure manner, making the application to some potential attacks. In the recently launched Michael Howard, "Safety Code" (Microsoft Publishing House 2002), he emphasized the importance of not using these libraries in some cases. In Visual C 2005, Microsoft launched a new version of these libraries, which is committed to identifying a function that can lead to general security issues and provide additional more secure versions. The long-term goal of this effort is not recommended to use all "unsafe" versions to promote the use of some of the same features and more complete replacement versions. Just a new CRT running library, you will reference more than 400 new "security" functions, which make sure that all pointer parameters are checked for empty pointers, and all functions to make memory copy operations are known. Outside the target address and source buffer, you must know how many bytes will be copied.

转载请注明原文地址:https://www.9cbs.com/read-123400.html

New Post(0)