The Mixed DLL Loading Problem

From Kate Gregory's Codeguru column, "Using Visual C++ .NET".

-->

The Mixed DLL Loading Problem

On Friday, March 14th, Microsoft announced a potentially serious bug that affects only Visual C++ developers using Visual Studio .NET 2002 and Visual Studio .NET 2003. This bug cannot affect C# and Visual Basic .NET programmers. In addition 90 to 95% of Visual C++ .NET programmers cannot be affected. Of the 5-10% of Visual C++ programmers who are developing code that is vulnerable to the bug, only a handful have actually experienced the problem that the bug may cause. Nevertheless, all Visual C++ programmers should be aware of it, and know what to do to prevent problems in mixed DLLs.

What is a mixed DLL?

Visual C++ .NET, as I've mentioned before, is unique among the .NET-supported languages from Microsoft: it can generate both intermediate language (IL) and native code. When you create a "Managed C++ application", the build product is an assembly of IL with an .exe extension. When you create an MFC application, the build product is a Windows executable file of native code, also with a .exe extension. The internal layout of the two files is utterly different.

When you create a class library, the file has a .dll extension. When you create an MFC DLL, the file contains only native code. When you create a Managed C++ Class Library, the file usually contains a mixture of native code and intermediate language. This bug can only affect these mixed DLLs. It is quite simple to arrange for your Managed C++ Class Library project to have an IL-only file as the build output, and in fact that is the workaround for this bug.

You may be wondering if there's such a thing as mixed EXE files. There are, and they are unaffected by this bug. Of the six kinds of build outputs Visual C++ can create (IL, native, and mixed DLLs; IL, native, and mixed EXEs) only mixed DLLs are affected.

What's the problem?

Every DLL has a special function called DllMain(). It's called when the DLL is first loaded and when it is unloaded, and it takes care of initialization and then cleanup. Until it has run, the loader (part of the operating system that controls interactions between running code) will not let any other function in the DLL run. We say that DllMain holds a loader lock. This lock will also not let any other DLL be loaded while a DllMain is in process.

There are several actions that are not allowed inside DllMain. Neither the compiler nor the operating system will warn you if you perform these actions, and typically the end result of performing these actions is that your process will hang. You are not allowed to load another DLL, to access the registry, to call a function from another DLL (with the exeption of Kernel32.dll which is always available) or to touch another thread, including threads in other processes. Get in, initialize your variables, and get out.

Visual C++ .NET developers need to add another item to their mental list of DllMain no-nos: you can't run any MSIL. That means, of course, that DllMain can't be written in managed code, and it can't call any function that is written in managed code — directly or indirectly. Life is made even more complicated for the writers of mixed-mode DLLs by the runtime's ability to do things unexpectedly, such as running the garbage collector, or without an explicit request, such as loading a DLL because you are trying to access a method in the DLL and it hasn't been loaded yet. Normally this behavior is considered a feature, but when unexpected or unrequested work is done inside DllMain, you're heading for a deadlock and a hung process.

Actually, it's a little worse than that. If you were guaranteed a hung process, you'd discover this problem during the most elementary testing cycle, and you'd be really motivated to make it stop. But this problem is intermittent, and more likely to happen if your system is under stress — a horrible time for a bug to appear.

What should you do?

Let's start with the first thing. Your DllMain should not be written in managed code. If you're creating a Managed C++ Class Library, by default all your methods are in managed code. Even if you mark DllMain as unmanaged with a pragma, there will be a bit of managed code around it anyway. Even if you don't write a DllMain, the compiler will generate an unmanaged entry point and then call various other methods from it. You must suppress that entry point with the /noentry option in your project properties. This option is reasonably well disguised. Here's how to set it:

  1. In Solution Explorer, right-click the project name and choose Properties
  2. Expand the Linker folder on the properties sheet
  3. Select the Advanced sub-section
  4. Change the Resource Only Dll property to Yes.



Click here for larger image

Using the /noentry option in Visual Studio .NET 2002 and 2003 does not completely eliminate every chance of this bug hurting you. The CLR itself needs to be changed to squash the bug completely, and version 1.1 of the Windows .NET Framework is too close to release to implement such a change. In a future version, assemblies built with /noentry will be protected from this bug entirely.

It's natural, at this point, to wonder how you will initialize static variables if you don't have a DllMain to initialize them in. And how can you call out to ATL, MFC, or C Runtime Library code? Those libraries need to have some statics initialized before you use them. There is a new Knowledge Base article to work you through the process — it's not quick or simple, be warned. You can find it at http://support.microsoft.com/?id=814472. The article starts by referring to a number of linker errors, including a new one that has been added to Visual Studio .NET 2003 to draw attention to the potential problem for a developer. Whenever you create a managed code DLL, you should follow the instructions in the Knowledge Base article even if you are using Visual Studio .NET 2002 and did not receive a linker error. Be sure to read to the very end of the Knowledge Base article before you start to type and click, because there is a convenient header file provided (it's been added to Visual Studio .NET 2003) to reduce the workload a little.

Should you be worried?

Well, I'm not. I've created a handful of Managed C++ Class Library projects, mostly to run on lightly-stressed machines, and this problem has never bitten me. In fact, you can count the folks it has bitten on the fingers of one hand. It's stressful, though, to imagine a time bomb in your code, waiting to freeze a process just when the largest number of people want it, so you should understand the problem and take steps to prevent it.

Remember:

  • Projects built in Visual Basic .NET, Visual C# .NET, and any other .NET language except Visual C++ are immune to this problem since they cannot emit unmanaged code.

  • Projects that create exe files are immune to this problem.

  • Projects that create DLLs that consist entirely of unmanaged (native) code are immune to this problem.

  • Projects that create managed-code DLLs require a linker option (/noentry) to prevent the compiler from creating an unmanaged entry point, and may require a fair amount of manual work to initialize unmanaged libraries that are to be called from the DLL.

  • Projects that appear to be working fine may harbor the vulnerability and hang or freeze at a very inconvenient time, so be sure to revise all your managed-code DLL projects as soon as you can.

If you're looking for even more details on this, be sure to read the Knowledge Base article referred to above, http://support.microsoft.com/?id=814472, and a technical whitepaper at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/vcconMixedDLLLoadingProblem.asp that contains the marvelous understatement, "The Visual C++ and common language runtime teams made engineering choices for mixed (managed and native) DLL loading and initialization that they have since decided to revisit." Once you understand the reason the problem occurs, you'll be ready to fix up your projects, and you won't be worried about the magnitude of this problem any more.

About the Author

Kate Gregory is a founding partner of Gregory Consulting Limited (www.gregcons.com). In January 2002, she was appointed MSDN Regional Director for Toronto, Canada. Her experience with C++ stretches back to before Visual C++ existed. She is a well-known speaker and lecturer at colleges and Microsoft events on subjects such as .NET, Visual Studio, XML, UML, C++, Java, and the Internet. Kate and her colleagues at Gregory Consulting specialize in combining software develoment with Web site development to create active sites. They build quality custom and off-the-shelf software components for Web pages and other applications. Kate is the author of numerous books for Que, including Special Edition Using Visual C++ .NET.




Comments

  • the with greatest satisfaction price you can go for the clarisonic notable

    Posted by iouwanzi on 06/06/2013 06:20pm

    [url=http://www.australiaclarisonic.com/clarisonic-classic]clarisonic classic[/url] Effort prolongé de la chanteuse Katy Perry pour ne pas mentionner la fille préférée de faire GHD. Juste pour Noël 2011, tous les verrous de ghd de Globe référence quantité offrent l’idée cadeau réelle qui puisse satisfaire à d’innombrables : tous le ghd Galerie écarlate. Cette approche unique raisonnablement limitée format ghd stylerintemporelle Platinum réinventé en ajoutant pourpre et reconnues et en outre les nombreux glitz avec glamour appartenant à la vingtaine : toutes les plus fascinante de mouvement appartenant à l’année. [url=http://www.australiaclarisonic.com/]clarisonic mia[/url] Nous n’avons jamais perdu pour protéger mes propres cheveux sauvage à l’aide d’un jet clean. Je veux partager avec vous une autre section de mon propre régime cheveux (traitement).Avec mon vieux métal bon personnel, nous requise pour élever la température à 100 °, conçu pour la chevelure lisse, bien que je ne savais jamais même la présence de squirt résistant à la chaleur en ! Cela va sans la nécessité d’énoncer dans lequel mes cheveux sauvage était une bonne affaire cassé ! [url=http://www.miaclarisonicaustralia.org/]clarisonic australia[/url] Vous le trouverez légitimes, la plupart d’entre nous ne considérerons pas un facteur de que chacun d’entre nous n’ont aucune idée après la plupart des ! Conçu pour (certains) exactement qui ne connaissent pas le véritable label, que ne devrait pas la touche panique, comme je l’expliquerai avec plusieurs phrases ce qu’il arrive à être. Mon partenaire et moi est contacté par ghd pas cher à savoir dans le cas que je voulais partager avec vous leurs marchandises et sont utilisées pour n’hésitez ne pas nécessairement 1 plus loin que j’ai votre am loyal pour les années.

    Reply
  • gque mulig kan nyte beats by dr. dre

    Posted by mantouhmmm on 06/04/2013 06:21pm

    [url=http://www.beatsdrenorge.webgarden.com/]beats by dre norge[/url] En av de viktigste funksjonene i denne musikken maker er den har gratis video tutorials som viser deg hvordan du bruker musikk maker programvare. Veiledningene vil veilede deg om vennlig brukergrensesnitt av programvaren. Vil du være godt på vei til å lage beats på et blunk. Det eneste som holder deg tilbake er deg, så la de kunstneriske ferdigheter kommer out.Dub Turbo vil hjelpe alle som er seriøse om å lage beats, eller for den personen som er bare ute etter noe å fordrive tiden. Hovedsakelig er det for omtrent alle som er interessert i å lage musikk. [url=http://www.beatsbynopro.manifo.com/]Beats By Dre[/url] Designet for imponerende lyd, K551 50 mm drivere (nesten 2 inches, for de som er på keiserlige målinger) som støttes av Engineering ekte AKG bilde. Disse referansen førsteklasses hodetelefonene er utformet for å gi et fullt realistisk og naturtro gjengivelse av livet, og de gode sjåfører er grunnlaget for gjennomføring av lyden. Fast Image Engineering er utformet for å gi klarhet, dybde og avstand i musikk lytting. Lukkede tilbake beatsbre1 SJD gir støyisolering å holde uønsket støy fra mens lær innpakket, polstrede øreklokker hindre lyd lekker ut. AKG design er ikke bare verdifullt for ørene, men øynene samt lette og portable hodetelefoner er laget i klassisk stil med tidløs vinkler Andre funksjoner inkluderer. [url=http://www.beatsbydrestudio.moonfruit.com/]beats by dre studio[/url] Beats nær Dre Tour ControlTalk inear Hodetelefoner Purple98.00 billige beats Purple er screechy kvalitet, og ingen verdt shipping.Jul 25, rød-farget hodetelefoner grunn riktig er for sleazy kostnaden allot grade bare én kvalitet. Hugeness Dr Dre Solo HD rød-farget hodetelefonene er monster beats nær dre solo hd hodetelefoner sted salg, slår alle monster solo hd sted øret hodetelefoner markedet hugeness slår av Dr Dre solo hd hugeness slår nær dre solo hd stor Definition Sound, behagelig passform , Light allot Compact handel hver enkelt Lifestyle, ControlTalk.ColorWare gir tilpasse tjenestene sted Beats Solo HD. monster beats tour nær Dre. Beats Solo HD-hodetelefoner er lilje innenfor av dalen ny kompakt utgave av Beats nærheten av Dr. Dre.

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • With JRebel, developers get to see their code changes immediately, fine-tune their code with incremental changes, debug, explore and deploy their code with ease (both locally and remotely), and ultimately spend more time coding instead of waiting for the dreaded application redeploy to finish. Every time a developer tests a code change it takes minutes to build and deploy the application. JRebel keeps the app server running at all times, so testing is instantaneous and interactive.

  • Instead of only managing projects organizations do need to manage value! "Doing the right things" and "doing things right" are the essential ingredients for successful software and systems delivery. Unfortunately, with distributed delivery spanning multiple disciplines, geographies and time zones, many organizations struggle with teams working in silos, broken lines of communication, lack of collaboration, inadequate traceability, and poor project visibility. This often results in organizations "doing the …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds