-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
System.Runtime.CompilerServices.AsynUnsafeAttribute - .NET7 Security #72711
Comments
Tagging subscribers to this area: @dotnet/area-system-runtime-compilerservices Issue DetailsBackground and motivationFor security reasons and to avoid lots of code for security checks, it would be helpful to have an
|
Author: | c-ohle |
---|---|
Assignees: | - |
Labels: |
|
Milestone: | - |
Can't it be implemented with an analyzer? |
@teo-tsirpanis |
I haven't written an analyzer but I think it's possible to do what you want to do. Another mocu more approachable idea is to make this type a |
@teo-tsirpanis |
Your way to go then is to make the type a |
@teo-tsirpanis I'll try, interesting to see what happens. |
It seems like the core concern is a type that's using or relying on thread-related state across method invocations. If that's the issue, this is in no way limited to async: any code that, e.g., stored the instance into a static to be accessed by another thread, or passed the instance to a method like ThreadPool.QueurUserWorkItem (either explicitly in a boxed state object or captured implicitly in a lambda), etc. You used Windows Forms as an example; the constraint that a control only be used from the thread with which it's associated long predates async/await. I see this issue stems from a BigRational proposal. I'm skeptical we'd ship a BigRational implementation that had these kinds of constraints. But if we did, it'd be done as @teo-tsirpanis says by making it a ref struct, which has all of the constraints that limit it to the stack. |
@stephentoub |
@tannergooding is the right person to discuss it with, and I see they're already involved in that other issue. I'll go ahead and close this one. Thanks. |
Background and motivation
For security reasons and to avoid lots of code for security checks, it would be helpful to have an
Attribute
like[System.Runtime.CompilerServices.AsyncUnsafeAttribute]
.This attribute should be applicable to class and value types or specific functions and properties.
The compiler should then simply forbid using the functions in asynchronous code.
Many classes and functions use ThreadStatic content and using it in an asynchronous context makes no sense anyway.
Doesn't make any sense like for example calling
Windows.Forms
functions directly, knowing that it leads to anException
.For .NET7 developments, in discussion with other dotnet-devs, we have to make core solutions absolutely end user save.
In our case, for example, this requires millions of relatively slow
AsyncLocal<T>
requests at runtime - just to catch a possible programming error - just to raise a runtimeException
.Not only does it slow the computations down, it also requires a lot of extra code and additional static root objects.
How it could look like:
This could help make C# more secure and faster.
API Proposal
API Usage
A .NET 6 / .NET 7 project where it would really helpful:
https://github.com/c-ohle/RationalNumerics
Alternative Designs
No response
Risks
No response
The text was updated successfully, but these errors were encountered: