Upload
adrian-peter-wheeler
View
223
Download
0
Embed Size (px)
DESCRIPTION
3 30 min Intro 45 min Visual C in Action Break 60 min Visual C Making Your Application Better 30 min Roadmap to Securing C++ Applications Lunch 30 min Roadmap for C++ Applications on Windows 60 minRoadmap to Managed Code Break 45 minRoadmap to Taking Advantage of Hardware 30 minGuidance and Conclusion 60 minQuestions
Citation preview
2
• Nikola Dudar, Program [email protected]
• April Reagan, Program [email protected]
• Ronald Laeremans, Group Program [email protected]
3
30 min Intro45 min Visual C++ 2005 in Action
Break60 min Visual C++ 2005 Making Your Application
Better30 min Roadmap to Securing C++ Applications
Lunch30 min Roadmap for C++ Applications on Windows60 min Roadmap to Managed Code
Break45 min Roadmap to Taking Advantage of Hardware30 min Guidance and Conclusion60 min Questions
4
• We are from the Visual C++ product development team
• Ask questions at any time during today’s presentation
• Further content relevant to this talk is available here:http://msdn.microsoft.com/visualc/tour05/
5
• The platform and hardware have advanced greatly over the past seven years and so has Visual Studio!
Visual C++ 6 Visual C++ 2002
Visual C++ 2003
Visual C++ 2005
Release Date 1998 2002 2003 2005Target Platforms
Windows 95 to Windows NT 4.0
Windows 98 to Windows XP
Windows 2000 to Windows Server 2003
Windows 2000 to Windows Server 2003
Libraries and Technologies
Win32, COM, MFC, ATL
Win32, COM, MFC, ATL, .NET, Web Services
Win32, COM, MFC, ATL, .NET, Web Services
Win32, COM, MFC, ATL, .NET, Web Services
Distinguishing Features
Introduced IntelliSense
Introduced support for .NET
Improved ISO C++ conformance
Improved support for .NET and Windows platforms
Support Extended support expires September 30, 2005
Extended support expires June 30, 2009
Extended support expires September 30, 2013
Not yet released
6
• Productivity– Enable you to effectively manage large projects– Give you tools to navigate large and unfamiliar code bases
• Security– Move your application to secure settings by default
• Performance– Speed up your application with new optimizations– Give your application an advantage by using latest and upcoming
hardware• Commitment to the Future of Your Source Code
– Make your code more standard conforming to benefit from advanced C++ techniques, growing C++ libraries, and code portability
– Access any existing or new Windows technology from your C++ source code
– Make breaking changes in your source base that result in long term benefit
7
• Upgrading to Visual C++ 2005 brings tremendous benefits– Applications built with Visual C++ 2005 are more secure– Visual C++ 2005 enables better productivity in the IDE– Code generated by Visual C++ 2005 is more efficient
• Visual C++ 2005 is the gateway to new technologies– Visual C++ 2005 targets new processor architectures than
ever before, including devices, 64-bit, and multi-core– Visual C++ 2005 enables your application to take
advantage of new .NET based Windows technologies like .NET Framework and WinFX
8
Team System
Lifecycle tools for better communication and collaboration among software teams
Professional Edition
Comprehensive tool for professional developersworking alone or in small teams,
including server development
Standard Edition
Entry point for professional developersbuilding Windows applications,
focused on client and component development
Express Editions
Easy to use, easy to learn, easy to acquire tool for hobbyists, enthusiasts and students
Moving Your Application Forward with Visual C++ 2005
Tour of new capabilities in the IDE
10
• Visual C++ 2005 invested heavily in the IDE to improve your daily productivity and long term project management– The IDE allows you to easily manage and build large
solutions– IntelliSense is more accurate and relevant to code in your
project– IntelliSense understands macros and templates– You can navigate and browse of large code projects without
building– The IDE can build separate projects on different processors– You can build projects and solutions from the command
prompt– The debugger simplifies tasks and information
Moving Your Application Forward with Visual C++ 2005
Optimizing your applicationAnalyzing your application codeVisual C++ libraries
13
• Use better tools to optimize your program– Use Visual Studio 2005 to get best performance with
minimal cost• Gain better understanding of your source code
– Use Visual Studio 2005 to identify trouble spots in source code
• Use new tools and libraries to make your program more reliable
• Ensure your customer is up to date– Be ready for servicing your applications
14
• Maximize optimization for each file– Without using new optimization features Visual C++
compiler helps getting the best code for each source code file individually
• Whole program optimization goes beyond individual files– Use information from many files to get most of the final
binary• Profile guided optimization specializes
optimizations specifically for your application– Improve user experience in common scenarios
15
• Compiler optimizes each source code file to get best runtime performance – The only type optimization available in Visual C++ 6
• Visual C++ 2005 has better optimization algorithms– Specialized support for newer processors such as Pentium 4– Improved speed and better precision of floating point
operations– New optimization techniques like loop unrolling
• Typical expectation for performance after rebuild– 10-20% improvement from Visual C++ 6 to Visual C++
2002– 20-30% improvement from Visual C++ 6 to Visual C++
2005
16
• Typically Visual C++ will optimize programs by generating code for object files seperately
• Introducing whole program optimization– First introduced with Visual C++ 2002 and has since improved– Compiler and linker set with new options (/GL and /LTCG)– Compiler has freedom to do additional optimizations
• Cross-module inlining• Custom calling conventions
– Visual C++ 2005 supports this on all platforms– Whole program optimizations is widely used for Microsoft
products such as SQL Server• Typically expect significant performance improvement
– About 30% improvement from Visual C++ 2003 to Visual C++ 2005
17
SpecINT (Visual C++ 6 Baseline)
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
20%
VC7 /O2 VC7 /O2 /GL VC7.1 /O2 /G7 VC7.1 /O2 /G7/arch:SSE2
VC7.1 /O2 /GL/G7
VC7.1 /O2 /GL/G7 /arch:SSE2
18
SpecFP (Visual C++ 6 Baseline)
0%
5%
10%
15%
20%
25%
30%
35%
40%
VC7 /O2 VC7 /O2 /GL VC7.1 /O2 /G7 VC7.1 /O2 /G7/arch:SSE2
VC7.1 /O2 /GL/G7
VC7.1 /O2 /GL/G7 /arch:SSE2
19
• Static analysis leaves many open optimization questions for the compiler, leading to conservative optimizations
• Visual C++ programs can be tuned for expected user scenarios by collecting information from running application
• Introducing profile guided optimization – Optimizing code by using program in a way how its
customer use it– Runs optimizations at link time like whole program
optimization– Available in Visual Studio 2005 – Widely adopted in Microsoft
if (p != NULL) { /* Perform action with p */} else { /* Error code */}
Is it common for p to be NULL?
If it is not common for p to be NULL, the error
code should be collected with other
infrequently used code
20
0
5
10
15
x64 x86
% Im
prov
emen
t ove
r Who
lePr
ogra
m O
ptim
izat
ion
SPECInt SPECfp
22
• Visual Studio Team System 2005 provides tools that help you understand defects and behavior of your source code
• Static code analysis– Finds defects in source code at build time
• Profiler– Determines where application spends time
• Code coverage– Verifies that code paths are used as expected
• Unit testing– Useful for test driven development
• Using tools from Visual Studio Team System builds more reliable applications with better performance
23
• Static code analysis helps developers find defects in code (/analyze)– Reports code defects– Warns about possible security vulnerabilities– Suggests ways to improve performance– Identifies possible design issues– Enforces best practices
• Warns about defects and displays path to a problemvoid vulnerable(char* p) { wchar_t buf[16]; int ret;
ret = MultiByteToWideChar(CP_ACP, 0, p, -1, buf, sizeof(buf)); printf("%d\n", ret);}
Do you see the buffer overrun?
This caused Code Red.
24
• Examine performance for entire application or for its specific parts
• Helps to find runtime bottlenecks of programs– Option of collecting information via sampling or
instrumentation– Collect up to 15 performance counters
• Significantly better than profiler in Visual C++ 6
25
• Facilitates building granular verification of your source code– Quick way to find missed checks– Saves time on building simple verification tests– Helps with code coverage
• Unit testing is useful for test driven development
26
• New Visual C++ libraries bring more reliable and safer functionality to your program– Runtime validation of parameters for values inside a
valid range– New set of functions with safer signatures helps you
build less vulnerable programs– Improved functionality in crucial user scenarios
27
• Prior to Visual C++ 2005, the Visual C++ libraries were susceptible to “DLL Hell”– Especially problematic with Visual C++ 6 libraries in
System32– Visual C++ 2002 and 2003 libraries could not have
emergency servicing• New servicing model enables emergency servicing
and side-by-side installation of Visual C++ libraries– Compliant with Windows Logo requirements– Libraries installed into one shared location– Applications are automatically bound to libraries using
manifest– Supported on Windows XP, Windows Server 2003 and later
• Applications must include manifests to use Visual C++ libraries
28
• New tools in Visual C++ 2005 help getting maximum performance with minimal cost
• Visual Studio Team System facilitates process of code review and finding trouble spots
• Use of new libraries makes your program more reliable and easier to maintain
• New deployment model for Visual C++ libraries ensures quick servicing of deployed applications
Moving Your Application Forward with Visual C++ 2005
Building security in layersVisual C++ features to improve securityVisual C++ features to detect security vulnerabilities
30
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
Block Attacker AccessBlock Attacker Accessto Machineto Machine
Windows FirewallWindows FirewallAuthentication for RPCAuthentication for RPC
31
Block Attacker AccessBlock Attacker Accessto Machineto Machine
Windows FirewallWindows FirewallAuthentication for RPCAuthentication for RPC
• Secure your development and end user environments
• Use newest versions of Windows– Windows XP SP2– Windows Server 2003 SP1
• Test your application with a least user privileges account– All applications must be secure to secure the platform
• Take advantage of .NET security services– Run in partial trust environment– Use web services as abstracted access layer– Sandbox plug-in modules
32
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
Block Attacker AccessBlock Attacker Accessto Machineto Machine
Windows FirewallWindows FirewallAuthentication for RPCAuthentication for RPC
33
• Visual C++ helps you build a more reliable, less vulnerable program with better performance
• Static code analysis– Defects of your code– Possible security vulnerabilities of your program– Suggest ways to improve performance– Identify possible design issues– Enforce best practices coding policies
• Warns about defects found in code and displays path to the problem
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
34
• Visual C++ 2005 provides more secure alternatives to historically risky libraries– Standard C library has vulnerabilities because it is not
reentrant, and does not check the size of destination buffers
• New extensions to C Runtime library (Safe CRT)– Provides new safer variants of CRT functions– Warns about risky functions in existing source code– Undercover improvements in implementation of existing
functions– Widely adopted inside Microsoft
• Microsoft is leading C and C++ communities in adoption of new extensions to C library
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
36
• Validating data passed to a function helps detecting problem upfront
• Parameter validation– C runtime functions validate their parameters– File sharing modes are enforced– Format specifications are validated– STL iterators are ensured to point inside containers– Common mechanism of reporting errors (invalid
parameter handler)• All Visual C++ libraries now detect invalid
parameters before using them
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
37
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
Block Attacker AccessBlock Attacker Accessto Machineto Machine
Windows FirewallWindows FirewallAuthentication for RPCAuthentication for RPC
38
• Buffer overruns are easy to exploit– Buffer overruns caused by unvalidated data corrupting
other values• Introducing security checks (/GS)
– Introduced in Visual C++ 2002 to prevent return address hijacking
– Improved in Visual C++ 2003 and Visual C++ 2005 to detect more sophisticated types of malicious exploits
– Cooperates with other technologies for best coverage (/SAFESEH)
– All Microsoft products are required to use security checks
• Windows Server 2003 did not propagate Blaster because it was built with security checks
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
40
• How security checks work – Insert a random cookie between the
locally declared buffer and the return address
– Test cookie value for corruption before using return address to end function call
– If test fails, terminate the process• Detects attack and prevents
execution of malicious code
Previous function’sPrevious function’sstack framestack frameFunction argumentsFunction argumentsReturn addressReturn addressFrame pointerFrame pointerCookieCookieEH frameEH frameLocally declaredLocally declaredbuffersbuffersLocal variables andLocal variables andcopies of vulnerablecopies of vulnerableparametersparametersCallee saveCallee saveregistersregistersUnused StackUnused Stack
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
41
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
Block Attacker AccessBlock Attacker Accessto Machineto Machine
Windows FirewallWindows FirewallAuthentication for RPCAuthentication for RPC
42
• Windows can collect information when an application crashes to facilitate investigation of problems
• One mechanism for all Visual C++ programs– Asserts in debug build allow developers to investigate
immediately– Windows Error Reporting invokes in release builds (Dr.
Watson)– Minidump created with context information to reproduce
issue– Specific information can be collected through minidump
APIs
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
43
• If security exploit found, it is important to deliver a patch quickly
• New deployment model in Visual C++ 2005 (Fusion)– All Visual C++ libraries are side-by-side assemblies
(DLLs)– By default Visual C++ applications are built as isolated
applications– Binding to DLLs can be controlled by the author and
administrator– One shared location to facilitate patching
• Visual C++ 2005 provides mechanism for efficient emergency servicing of applications using Visual C++ libraries
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
44
Service ReliablyService Reliably Collect information about buffer overrunsCollect information about buffer overrunsProvide mechanisms to patch vulnerable filesProvide mechanisms to patch vulnerable files
Mitigate VulnerabilitiesMitigate Vulnerabilities Antivirus monitoringAntivirus monitoringDetect and react to buffer overrunsDetect and react to buffer overruns
Prevent Security BugsPrevent Security BugsCode review with static analysis toolsCode review with static analysis toolsReplace risky libraries with secure alternativesReplace risky libraries with secure alternativesValidate data and limit test functionsValidate data and limit test functions
Block Attacker AccessBlock Attacker Accessto Machineto Machine
Windows FirewallWindows FirewallAuthentication for RPCAuthentication for RPC
Windows Error Reporting Tool (CRT, /GS)Windows Error Reporting Tool (CRT, /GS)New deployment of Visual C++ LibrariesNew deployment of Visual C++ Libraries
Buffer Overrun Detection (/GS)Buffer Overrun Detection (/GS)Safe Exception handling (/SAFESEH)Safe Exception handling (/SAFESEH)
Static Code Analysis ToolsStatic Code Analysis ToolsNew Visual C++ Libraries (CRT, STL, ATL, MFC)New Visual C++ Libraries (CRT, STL, ATL, MFC)
Windows XP SP2Windows XP SP2Windows Server 2003 SP1Windows Server 2003 SP1
Moving Your Application Forward with Visual C++ 2005
Looking aheadC++ Applications on WindowsRoadmap to Managed CodeRoadmap to Utilizing Hardware
46
• In the past two decades there have been several major inflection points on the Windows platform
• The Windows platform is about to experience the most significant inflection point ever
Windows 3.0 began the shift from MS-DOS
to graphical user interfaces
Windows 95 sparked the shift to 32-bit programming
The Internet inspired entirely new application
styles
Catalysts driving the next inflection pointHigh resolution displays64-bit architectures“Longhorn” release of WindowsThe WinFX API
47
• Two important considerations for large code base– Companies want intellectual property investments to last a
long time– Companies want to take advantage of the latest
technologies and hardware from existing code bases
• Visual C++ applications are maintainable and extensible, for the long-term preservation of your intellectual property investments
• Visual C++ applications give you the best user experience on Windows: integration, performance, access to all Windows technologies
48
• Standard Conformance guarantees longevity and portability– ISO Standard C++ – portability, advanced libraries etc.– Emerging C++/CLI Standard – managed code integration– Visual C++ is best development environment for cross-
platform code
• Single source base for multiple CPU targets– Visual C++ supports all Windows hardware platforms– x86, x64, IA64, CE devices etc.
Built with Visual C++
Microsoft WindowsMicrosoft Office
Microsoft SQL ServerMicrosoft Visual Studio
Microsoft Exchange Server
Microsoft Common Language Runtime
49
• Visual C++ is the only language that gives you full access to all Windows APIs– Win32, COM, DirectX, Speech, .NET Framework, WinFX,
DDK, etc.
• Applications built on existing Visual C++ libraries (MFC, ATL etc) will continue to evolve, take advantage of new Windows APIs and be first class applications on upcoming Windows releases
50
2005
2006
Beta
BetaBeta
Beta
51
• Version 1.0– “Avalon” Framework for Graphics and User Interface– “Indigo” Framework for Distributed Applications
• Built on CLR Component Model – Managed Code– Rich and consistent programming model– Easier than COM– Built on top of .NET Framework, DirectX, Win32
• Released with Longhorn– Redistributable on XP SP2, Windows Server 2003– Available on Windows Update
52
• Application Model– Composable component architecture– Layout engine– Two-way transformable data binding– Rich visual styling and theming– Browser hosting
• Graphics Model– 2D & 3D Graphics– Imaging– Text– Video and audio– Animation
• Document Model– Fixed, flow and adaptive layouts– Advanced typography– Container services– Rights management
Media IntegrationMedia IntegrationLayerLayer
Element ServicesElement Services
App
licat
ion
App
licat
ion
Mod
elM
odel
Doc
umen
tD
ocum
ent
Mod
elM
odel
Gra
phic
sG
raph
ics
Mod
elM
odel
Composition andComposition andRenderingRendering
.NET.NETFrameworkFramework DirectXDirectX
AvalonAvalon
Tool
s an
d La
ngua
ges
Tool
s an
d La
ngua
ges
53
• Avalon is the future of Windows presentation technology– Other technologies are often still better choices on Longhorn
• Recommended Avalon 1.0 usage– Web sites that want to push the limits of user experiences– Windows applications with complex data visualization
scenarios
• MFC/Win32 and Windows Forms are still the best solution for mainstream rich client Windows applications
• DirectX is still the platform for extremely intensive graphics (games, CAD applications)
• ASP.NET is the reach solution for server-based platform-agnostic applications
54
• The unified framework for building service-oriented applications on the Windows platform
– Unifies today’s distributed technology stacks– Composable functionality– Appropriate for use on-machine, cross
machine, and cross Internet
– Cross-platform interoperability– Integration across Microsoft products– Interoperability with today’s distributed
stacks
– Service-oriented programming model– Supports all features required by SOAs– Maximized productivity for building SOAs
55
• Single language to target all development scenarios
• Native Development– Cross Target Compilers: x86, x64, IA64– ISO Standard C++ language– ATL/MFC supporting native platform
• Managed Code Development– Integrate managed code seamlessly in existing code base– C++/CLI – First class .NET language– MFC integrating managed APIs
Moving Your Application Forward with Visual C++ 2005
What is managed code?Using new managed features in your source codeThree ways to use managed codeUsing multiple programming languages
57
ManagedManagedCodeCode
• Native code has many advantages– Achieves best performance and utilizes latest processor
techniques– Requires the fewest dependencies on other files
Pro
duct
ivity
Investment
Native CodeNative Code
• Introducing managed code– Leverages the advantages of native code– Targets high productivity solutions
• At some point, native code has diminishing returns– Secure programming requires ever increasing security reviews– Versioning data structures in different files is brittle– Programming patterns become very complicated
58
• The C runtime is another native library loaded by the Windows loader
EXEEXE
MachineMachineCodeCode
SourceSourceCodeCode CompilerCompiler
Native LibrariesNative Libraries
WindowsWindowsLoaderLoader
Native HeapNative Heap
59
• Running code on Windows without managed code is has limitations– Code could only be trusted based on digital signatures;
the system could not sandbox privileges for processes– Libraries targeted at different language developers had
to be written several times – once for each language– Applications written for one platform could not run on
other platforms such as devices without recompiling– Data structures could not be easily versioned between
DLLs– APIs had no rich type information for component models
• The Common Language Runtime (CLR) provides solutions for these problems
60
Frameworks
Assembly
Common Language RuntimeCommon Language RuntimeEXEEXE
Managed Runtime
GarbageGarbageCollectedCollected
HeapHeap
Native HeapNative Heap
SourceSourceCodeCode CompilerCompiler
VerifierVerifier
JIT CompilerJIT Compiler
Machine CodeMachine Code
Native LibrariesNative Libraries
MetadataMetadata
MSILMSIL
ManagedManagedLibrariesLibraries
P/Invoke
61
a.cppa.cpp
b.cppb.cpp
VisualVisualC++C++
CompilerCompiler
D:\>cl /c a.cpp
D:\>cl /c /clr b.cpp
EXEEXE
MetadataMetadataMSILMSIL
MachineMachineCodeCode
a.obja.obj
b.objb.obj
MetadataMetadataMSILMSIL
MachineMachineCodeCode
VisualVisualC++C++
CompilerCompiler
LinkerLinker
Skip P/Invokes by using machine code directly
Mixed Image
62
• The CLR makes a number of services available to applications– Garbage collection and resource management– Cross-language development– Security demands for partially trusted code– Reflection on assembly at run-time
• Making use of these CLR services requires additional language enhancements to C++ (enabled by /clr)– New type categories– Syntax for garbage collection– Syntax for properties and events
• All existing C++ code remains unchanged and continues without behavioral changes
63
• Managed assemblies describe themselves with metadata– Used instead of header files or type libraries
• C++ now has the #using directive
• A source file can make use of several kinds of libraries
#using <System.Windows.Forms.dll>#using <System.Xml.dll>#using <System.Data.dll>#using <System.Web.dll>
#using <System.Data.dll> // .NET library#import <msxml4.dll> // COM type library#include <iostream> // Standard C++ library
64
• New type categories provide specific semantics needed for interoperating with other languages– Ref classes are garbage collected and understood by all
programming languages– Value classes are lightweight; all fundamental types like
integers and floating-point numbers are value types– Native classes continue to have semantics and
advantages of native code even when compiling to MSIL• Types are declared “adjective class”
class N { /*…*/ }; // nativeref class R { /*…*/ }; // CLR reference type
value class V { /*…*/ }; // CLR value typeinterface class I { /*…*/ }; // CLR interface type
enum class E { /*…*/ }; // CLR enumeration type
65
• C++ now includes new syntax for first class support of garbage collection
• Pointers allow dynamic allocation on the native heap– Pointers are stable (can be cast to int), even during GC– Failure to explicitly call delete will leak memory
• Handles refer to objects on the CLR heap– Calling delete is optional
• Allocating with value semantics continues to work– Enables deterministic cleanup
T^ t = gcnew T; // gcnew constructs T on CLR heap
T* t = new T; // new constructs T on native heap
T t; // T constructed with value semantics
66
• Use .NET functionality in your application– Take a new library and use it from your application– Energize your application with a new look and feel– Leverage new tools that generate code for WinFX
• Expose your functionality as .NET object model– Expand your market to new language developers– Take advantage of core performance of your existing
code• Use managed code as a extensibility model
– Add control and security to your extensibility model– Make scripting as powerful as a general purpose
language
67
Your Application NowYour Application NowBuilt on top of native librariesBuilt on top of native libraries
Native LibrariesNative Libraries NativeNativeLibrariesLibraries
ManagedManagedLibrariesLibraries
New Application withNew Application withAdded FunctionalityAdded Functionality
Compile PiecesCompile Pieceswith /clrwith /clr
class Data { gcroot<XmlDocument^> xmlDoc;
public: void Load(std::string fileName) { XmlTextReader^ reader = gcnew XmlTextReader( marshal::to<String^>(fileName)); xmlDoc = gcnew XmlDocument(reader); }};
68
• Visual C++ 2005 allows you to use new Frameworks libraries in MFC Applications
• MFC includes many integration points– MFC views can host Windows Forms controls– Use your own Windows Forms dialog boxes– MFC lets you use Windows Forms as CView– Data exchange and eventing translation handled by MFC– MFC handles command routing
• Your MFC applications will be able to take advantage of current and future libraries directly with ease
70
• Embed native pointers in managed types• Use native types as method arguments and returns
Add a new layerAdd a new layer
built with /clrbuilt with /clrYour Library NowYour Library Now
Native LibrariesNative Libraries Native LibrariesNative Libraries
The Same LibraryThe Same Library
Managed API LayerManaged API Layer
ref class MyControl : UserControl { std::vector<std::string>* words;public: void Add(String^ s) { Add(marshal::to<std::string>(s)); }internal: void Add(std::string s) { words->push_back(s); }};
71
• DirectX 9.0 included a .NET object model written with Visual C++
• DirectX was looking to replace Visual Basic type library distribution and improve productivity– Wanted better coding productivity – fewer lines of code– Wanted easier memory management– Wanted to automate resource management with device
reset– Wanted to preserve performance, especially with Direct
3D• DirectX was able to achieve all goals by using C+
+ to wrap existing code
72
hr = g_pDPServer->EnumPlayersAndGroups( aPlayers, &dwNumPlayers, DPNENUM_PLAYERS);if (SUCCEEDED(hr)) /* iterate over players here */ break;SAFE_DELETE_ARRAY(aPlayers);if (FAILED(hr) && hr != DPNERR_BUFFERTOOSMALL) { DXTRACE_ERR_MSGBOX( TEXT("EnumPlayersAndGroups"), hr); return;}aPlayers = new DPNID[dwNumPlayers];if (NULL == aPlayers) { DXTRACE_ERR_MSGBOX( TEXT("DisplayPlayers"), E_OUTOFMEMORY); return;}
The above code written The above code written with C++/CLI syntaxwith C++/CLI syntax
for each(Player player in peer.Players) { /* Do Something */}
73
• Managed DirectX uses separate DLLs rather than include managed code in existing native DLLs– Simplified maintenance of both managed and native libraries
• Visual C++ was chosen to build Managed DirectX– Visual C++ understands COM directly, and thus avoided
unnecessary marshalling in performance critical scenarios– Visual C++ gave DirectX complete control over data marshalling– Visual C++ naturally understands header files and native
memory, which allowed DirectX to avoid code duplication– Visual C++ maintained type safety when interoperating
between the main DirectX library and the managed DirectX library
• DirectX successfully delivered a library that enabled real world development from a .NET object model
74
• The Common Language support in managed code makes it an ideal infrastructure for extensibility
• There are a number of ways to take advantage of managed code for plug-ins and scripting– Simply provide a .NET object model for your application and
it immediately becomes scriptable by full trust code– Isolate partially trusted plug-ins from each other by loading
them into separate AppDomains and demanding security privileges
– Host the CLR through COM to allow complete control over runtime characteristics of managed code in application
• In the future, Microsoft will deliver Visual Studio Tools for Applications which will replace VBA
• Managed code gives your application the full reach of all CLR services and programming languages
75
• Visual C++ allows you to include code from multiple languages in a single file assembly
a.cppa.cpp
c.csc.cs
C++C++CompilerCompiler
D:\>cl /c /clr a.cpp
D:\>csc /t:module c.cs
EXEEXE
C++C++CodeCode
C#C#CodeCode
a.obja.obj
c.netmodulec.netmodule
C#C#CompilerCompiler
C++C++LinkerLinker
76
• Visual C++ will always be a tool suited for accomplishing any task from low-level systems to high-level applications
• Using other languages is sometimes convenient; just make the decision based on your actual needs– If you have an existing C++ application, you will achieve best
results by continuing to use C++– New web applications are best suited with C# or Visual Basic– New application development should be in the language with
the best tools to support your developers and projects– If you need performance, always use C++– If you need tight integration with Windows, always use C++
• Understanding your project’s needs should drive adoption of language and tools
Moving Your Application Forward with Visual C++ 2005
Multiple processors64-bit computingDevice programming
78
• We are in the midst of a hardware revolution– Performance no longer doubles every 18 months
• Intel and AMD both plan to deal with this by giving you more cores – it is all about concurrency
– 64-bits is the architecture of the very near future• Huge move to 64-bit has begun
– Computing devices are going to be everywhere• The cell-phone is quickly becoming the most
important electronic consumer device in the world• Visual Studio 2005 is your one stop development
shop for everything… from big 64-bit systems to the smallest cell-phones
79
• Concurrency is the key to performance in the future• Concurrency: The Hardware
– Adding cores to chips is what will make them faster in the future, clock speed is slowing to a crawl
– Intel and AMD both will ship multicore this year – most CPUs shipped will be multicore in two years
• Concurrency: The Software– There are multiple types of concurrency for different tasks– Data parallelism – Algorithmic concurrency such as loops– Task parallelism – Traditional threading– Instruction level parallelism – Vectorization with SSE and
SSE2• If you are not taking advantage of the concurrency
your application performance will suffer– You’ll need to learn how to write parallel programs
80
• Data parallelism: OpenMP– A specification for writing multithreaded programs– It consists of a set of simple #pragmas and runtime
routines– Makes it very easy to parallelize loop-based code– Helps with load balancing, synchronization, etc…– In Visual Studio, only available in C++
• Task parallelism: Windows threading– Standard model of Windows threads and threadpool– Useful for invoking different threads to run different
functions• Instruction level parallelism: The profiler and C++
optimizer• Without Visual C++ 2005 you will lose
performance on future processors
81
• Can parallelize loops and straight-line code• Includes synchronization constructs
first = 1last = 1000
1 ≤ i ≤ 250 251 ≤ i ≤ 500 501 ≤ i ≤ 750 751 ≤ i ≤ 1000
void test(int first, int last) { #pragma omp parallel for for (int i = first; i <= last; ++i) { a[i] = b[i] + c[i]; }}
82
• The 64-bit Platform provides many benefits– Vastly increased address space– OS has more resources (buffer sizes, handles, etc…)– Enhanced 32-bit performance on x64 (maybe surprising, but
true)– Modern computer architecture – fewer limitations– Better programming model (No more PAE/AWE!)– Full use of 64-bit components
• The world is moving to 64-bits– The Windows platform is moving to 64-bit
• 64-bit Windows OS available today for both x64 and Itanium
• Some Windows SKUs are going to ONLY be 64-bit– AMD and Intel will be shipping 64-bit exclusively on the
desktop in a year’s timeframe• Are you ready for this? Visual C++ 2005 is the tool to
make this transition easy
83
• Targeting 64-bit is easy with Visual C++ 2005– Visual C++ 2005 has full support for targeting 64-bit
(managed and native)– It is just Windows – same Win32 API you already know– The biggest change is pointer size (pointers are now 64-
bit)• Experience shows that porting to 64-bit is not as
hard as you may think– In developer labs at Microsoft we have seen teams port
5 million lines of a code in a week
84
• Devices are increasingly capable devices– At Visual C++ 6 launch the top processor was Pentium II 400MHz
OS Windows Mobile™ 2003 software - Premium Edition
Processor Intel® PXA270 Processor 624 MHz Connectivi
ty, std.Integrated WLAN 802.11b, Bluetooth® 1.2,
IrDA (FIR), USB and SerialExpansion
slotIntegrated SD slot - supports 1-bit and 4-bit
SDSDIO/MMC type standard, CF slot - Type II
Memory, std.
192 MB total memory (128 MB ROM and 64 MB SDRAM); Up to 135 MB user available memory
Dimensions
5.17 x 3.03 x .59 in.
Weight 6.6 oz
85
• Devices are now first class citizens in Visual Studio 2005– Same IDE as desktop platforms– Same source base for compilers and native libraries– Ability to target multiple platforms– Managed and Native projects in same solution– Debugging is like the desktop debugger
• The improvements in the desktop tools are reflected in the device tools, plus everything needed to target devices!
87
• Visual C++ 2005 gives a great unified experience across the platforms– Unified IDE for all Visual C++ development– Single language supported for all platforms– Common libraries for all platforms– Best code generation for every architecture– New features enabled for new scenarios
• Visual C++ 2005 gives you tools to make concurrency easier• Visual C++ 2005 makes 64-bit like the programming you’ve
done for the past decade• Visual C++ 2005 makes devices simply another platform to
target• As the hardware continues to march along, Visual C++ 2005
enables your code to march along with it
Moving Your Application Forward with Visual C++ 2005
89
• Productivity– Manage large solutions with property sheets– All features work on live code, no build required– Improved IntelliSense fully understands macros,
templates– Navigate with references, call trees, go to definitions– Debug with trace points and STL container visualization– And much more…
90
• If you do only one thing…– Install Visual Studio 2005 Beta 2
• Actions to take with your application– Upgrade before Visual C++ 6 has no more support– If your application is shipping before 2006, upgrade to
Visual Studio 2003– Otherwise, upgrade directly to Visual Studio 2005– Use new optimization options
91
• If you do only one thing…– Use security checks in your application to mitigate buffer
overruns• Actions to take with your application
– Install XP SP2 on your development machine– Design and test your application for a limited user
account– Replace deprecated C library calls with Safe C library
calls– Fix defects found by static analysis– Run your application under Application Verifier– Ship libraries built with a newer compiler to deliver
security benefits to your customers
92
• If you do only one thing…– Compile your application with the /clr compiler option
• Actions to take with your application– If you need to use your application as a component
model, wrap existing APIs with managed code– If a library from the .NET Framework has functionality
you need, use it in your application– If your application needs a plug-in model, consider a
partial trust approach with managed code
93
• If you do only one thing…– Compile your application with a 64-bit compiler
• Actions to take with your application– Build a strategy for using devices with your application– Build a strategy for shipping a 64-bit version of your
application– If you deliver libraries, build 64-bit versions for your
customers– Identify the best way to parallelize your application for
multicore processors
94
• Application development is nearing an inflection point– C++ is twenty years old and is continuing to evolve– New hardware technologies are broadening the scope of
development– New libraries and programming models are broadening what
can be developed– New versions of Windows are optimized for upcoming
applications• Visual C++ 2005 provides the tools to capitalize on all of
these technologies driving the inflection point• This is the best time to upgrade to be ready; take advantage
of the opportunity before getting caught off guard• Visual C++ 6 is out of mainstream support and will have no
support at all after September
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.