Udooz!

Caching is one of the vital aspect for enterprise applications.  ASP.NET Cache is not enough and even not suitable for service layer which is now more predominantly occupied by WCF. A robustic and scalable memory caching solution is required to cache different types of data.  I’m the beliver of “RAM is disk” for service layer.  Enterprise Library Caching Application Block (CAB) from Microsoft PnP team provides an in-process memory caching, however it is not scalable and robust. But, its provider pattern is an elegant model for application design, so that you can plug any caching solutions.

Recently, I was in a situation to find out suitable caching solution for our WCF based service layer.  Although, Microsoft yet to avail its “Windows Server AppFabric” to the .NET/WCF world (which might be the filler of .NET peoples’ decade old expectation), there are some caching solutions available from third parties. 

I did a small evaluation on the following caching solutions:

• NCache Express
• Shared Cache
• Memcached
• Enterprise Library 4.1

Disclaimer: The test was done at very small scale and not included the scalability factors.  Memory and CPU consumption were not covered.

NCache supports different caching topologies and types with many features like Object Query Language, remote clustering, etc.  I’ve taken its express edition for this evaulation.  Shared Cache is 100% written in C# with distributed caching and three different topologies.  It supports WCF DataContractSerializer in addition with BinarySerializer.  Guys from *nux world knows the defacto caching solution “memcached“.  It has Win32/64 avatar too and some open source managed client libraries also available.  I used Danga Interactive 32-bit version of memcached 1.2.6 (http://code.jellycan.com/memcached/) and BeIT Memcached managed client (http://code.google.com/p/beitmemcached/).  64-bit Windows version is available at http://labs.northscale.com/memcached-packages/.

I’d done a small performance testing on the above solutions.  In addition to these, I’ve used Enterprise Library 4.1 CAB provider model and implement provider for these solutions.  So, following different solutions had been tested:

• Enterprise Library 4.1 CAB
• Memcached
• Enterprise Library 4.1 based Memcached
• Shared Cache
• Enterprise Library 4.1 based Shared Cache
• NCache Express
• Enterprise Library 4.1 based NCache Express

Following three different test had been done on every solutions, totally 21 test:

• Adding 1000 items & Getting these items
• Adding 1000 items & Getting 5th element
• Adding 1000 items & Getting 995th element

The testing was performed on Intel Pentium 4 3.2GHz, 2GB RAM running WinXP SP2.

Let us see the results and, pros and cons of these solutions.

Enterprise Library 4.1

Not surprisingly excellent performance due to in-process memory caching, however not suitable for enterprise scale.  This supports primitive and Serializable objects.

The “R” deonotes “Run”.  I did 4 runs for every test.

Memcached

Since, the OS calls for *nux memcached and Windows memcached is different, some bloggers cautioned memcached on windows is might not be a win-win.  But, I could not find any degrades in my testing.  It takes small memory foot-print and CPU usage.  It supports primitive and Serializable objects.  However, the Win32 service version does not have flexible configuration.

Shared Cache

Like Enterprise Library 4.1 CAB, this solution uses provider like model and come out with IndexusDistributionCache which supports WCF data contract serializer too in addition with binary serializer.

NCache

This is more matured and tailored solution for .NET world.  The best is the object is not necessarily Serializable.

The results shows Memcached performed better for its consistent performance and simplicity.  The surprising fact is that the above all solutions perform well in Enterprise Library 4.1 CAB provider model than their default mode.

Erik Meijer, the man behind LINQ is now come up with a framework called “Rx Framework” which contains API those decorates LINQ2Objects as mathematics dual.  Let us see in details.

LINQ2O and Mathematics Dual

Wikipedia says “A moprhism f:A->B is a monomorphism if  f.g=g.h implies g = h. Performing the dual operation, we get the statement that g.f = h.f  implies g = h. for a morphism f: B->A. This is precisely what is means for f to be an epimorphism. In short, the property of being a monomorphism is dual to the property of being an epimorphism.”

 LINQ to Objects is set of extension methods which enables to manipulate on a IEnumerable<T>.  From a layman point of view, a collection is nothing but a data source from where we are pulling data using LINQ to Objects and/or ofcourse for…each.  From duality, this is f:A->B.

It is very common that we need to notify a data source when new items need to be added or existing item to be updated either.  The interaction is happened either sychronously, but in general asychronously.  Since, we are living in non-deterministic, disconnected programming world.

Updating a data source would be based on some user-interaction in an application through event.  Event is programming world idiom for asynchronous invocation, or if you take any non-user interaction application which is again based on “event” driven architecture.  This model is based on GoF’s observer pattern.

Observer Pattern

GoF says “Define a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically”.

The observer those want to be notified whenever the subject undergoes a change in state should attach themselves with subject.  If you take button click event, we can write one or more event handlers.  Whenever a button clicked, it sends EventArgs to its subscribed observers (event handlers).

Introducing IObservable and IObserver

Let us  come back to the actual problem.  Since, IEnumerable<T> can only be used to pull data from a data source as read-only i.e f:A->B, here A is data source and B is my IEnumerable<T>.  However If I want  f: B->A which means that I would like to send/push data from “B” to “A”.  Here, I treat the callback or event handlers as “A” and the events as “B”.  It means that I need to push data to a data source as like as IEnumerable which is for pull.

As part of Reactive Framework, Meijar introduced two interfaces IObservable<T> and IObserver<T>.  Based on observer pattern, IObservable<T> is source.  See the following figure.

The  Subscribe() method is used to register one or more IObservers for notification which is similar to Subject.Attach() in the observer pattern.  The IDisposable is .NET idiom which mimics Source.Detach().  To understand the fundamental objective of these objects think in reverse in place with IEnumerable.  To traverse through the IObservable, create an IObserver, give it to an IObservable, and the IObservable “pushes” data into the IObserver by invoking its methods.

OnNext() is used to iterate over data sources and push the argument “value”.  OnCompleted() is post-iteration handler.

An Example

Theory is enough.  Let us see an example in Silverlight 3.0.  I create a button with mouse move event which acts as IObservable and create a TextBox which acts as IObserver.  Whenver a mouse moved on the button, the textbox observer appends coordinates into TextBox.Text property.

To create a mouse move observable, I used System.Linq.Observable which is used to create IObservables.  I extend the System.Windows.Controls.Button with GetMouseMoves() which returns IObservable<Event>MouseEventArgs>> like the following:

public static class ButtonExtension
{
    public static IObservable>
      GetMouseMoves(this Button button)
    {
        return Observable.FromEvent((EventHandler genericHandler)
          => new MouseEventHandler(genericHandler),
            mouseHandler => button.MouseMove += mouseHandler,
            mouseHandler => button.MouseMove -= mouseHandler);
    }
}

 The FromEvent() overload takes three Action(s) as arguments. One to convert from a generic event handler (EventHandler) to MouseEventHandler.  Remaining two register/unregister.  For observers, I create a custom observer for handling mouse coordinates like

public class CoordinateObserver : IObserver<Event<MouseEventArgs>>
{
    public TextBox CoordinateTextBox { get; set; }
 

    #region IObserver<Event<MouseEventArgs>> Members

    public void OnCompleted()
    {

    }

    public void OnError(Exception exception)
    {

    }

    public void OnNext(Event<MouseEventArgs> value)
    {
        CoordinateTextBox.Text += (string.Format(&quot;Clicked at ({0},{1})\n&quot;,
          value.EventArgs.GetPosition(CoordinateTextBox).X,
          value.EventArgs.GetPosition(CoordinateTextBox).Y));
    }

    #endregion
}

I create an instance of CoordinateObserver and subscribes it to button’s GetMouseMoves()

rxButton.GetMouseMoves().Subscribe
  (new CoordinateObserver { CoordinateTextBox = this.rxResult });

The results would be

Download and Resources

Till now, there is no official release of Reactive Framework.  However, The Silverlight 3.0 Unit Test Framework uses this which comes as part of Silverlight 3.0 Toolkit.  Assembly Name: System.Reactive.dll, which unfortunately builds with Silverlight’s System.Core, Version=2.0.5.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e.  See the following image:

1. First download Silverlight 3.0 Toolkit and install it.
2. Extract source code from $Program Files$\Microsoft SDKs\Silverlight\v3.0\Toolkit\Jul09\Source\Source Code.zip.
3. Get the System.Reactive.dll from $Source Code Folder$\Binaries.

The full source code of the example is available at http://www.udooz.net/index.php?option=com_docman&task=doc_download&gid=5&Itemid=5.

Followed by F#, one more language is coming out from Microsoft .NET campus named “Axum”. 

Based on Concurrency and Coordination Runtime (CCR) in Microsoft Robotic Studio, Axium is a language which allows to define your application to do parallel computing in your .NET applications.

Axum comes into play for the following:

• Asynchronous behaviour
• Dealing with concurrency
• Dealing with partial failure

We know that asynchronous enables to scale our code better with greater responsiveness.  However, callback structure lacks the readability.  Concurrency is a way to utilizes the resources well to execute code in parallel with safe sharing of state.  Unlike typical OO languages, Axum is designed for modeling applications with concurrency behaviour, so it deviates from object-oriented programming.   

The core aspects in Axum are:

• Agent.  It is an autonomous entity which communicate with other agent via messages, act on the data received from other agents.  ConsoleApplication is one such agent for representing System.Console.
• Channel.  This is medium for transmitting messages from one agent to another.
• Ports.  This is used to specify the direction of messages.  A channel consists of input and output port.
• Domain. This enables to group agents so that state can be shared between the agents.

Let us see a sample code taken from Axum Programing Guide.

 

using System;
using System.Concurrency;
using Microsoft.Axum;

namespace HelloAxum
{
    public domain Program
    {
        channel Adder
        {
            input int Num1;
            input int Num2;
            output int Sum;
        }
       
        agent AdderAgent : channel Adder
        {
            public AdderAgent()
            {
                int result = receive(PrimaryChannel::Num1) +
                receive(PrimaryChannel::Num2);
                PrimaryChannel::Sum <-- result;
            }
        }
       
        agent MainAgent : channel Microsoft.Axum.Application
        {
            public MainAgent()
            {
                var adder = AdderAgent.CreateInNewDomain();
                adder::Num1 <-- 10;
                adder::Num2 <-- 20;
    
                var sum = receive(adder::Sum);
               Console.WriteLine(sum);
               Console.ReadLine();
              PrimaryChannel::ExitCode <-- 0;
            }
        }
    }
}

Adder is a channel which contains two input port and one output port.  AdderAgent implements Adder channel.  It receives the two input port values, add these two and set the result into PrimaryChannel.  The primary channel actually refers Adder in AdderAgent.  MainAgent is another agent which is actually a main Axum application.  It creates AdderAgent and send the message to it.  The result is received on “sum”.

Download and drive Axum from https://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=cfe70d5d-37aa-4c4c-8eeb-d4576c41baa2

Though it is an uncommon attack, but it highlights the backdoor of Virtual Machine such as .NET, JVM.

Rootkit is a system which consists of programs designed to hide or obscure the fact that a system has been compromised.  – Wikipedia

 .NET-Sploit is a tool which is used to build MSIL rootkit that enables the user to inject malicious behavior to the framework DLLs (See the following picture).  The only challenge for the hacker is to compromise the particular system with administrator rights.

What does it actually mean?

After the compromising a target system, a hacker can modify .NET framework DLL those are normally located in GAC by assembling and dessembling with regular .NET tools.  This approach does not need to touch .NET applications.  All the application invoke required tampered framework DLLs which will behave strangely.  For example, using the rootkit, you can always print “Hacked” message in

System.Console.WriteLine(string v)

irrespective of any string value.  Worst part is, if a hacker is tampered  “Authenticate()” in System.Web.dll and he can capture the username and password.  Ofcourse, he can send the details to someone else using SendToUrl().

What can you do with framework rootkit?

• API hooking
• Method code modification
• Method parameter manipulation
• Object member manipulation
• Exe dynamic forking
• Metada tampering
• Return value modification

How is it possible?

Manually you can attack the framework by the following steps:

1. Locate DLL in the GAC
2. Decompile the DLL (using ILDASM)
3. Modify the IL code
4. Recompile to a new DLL (new version!)
5. Bypass the GAC strong name protection (very simple than expected)
6. Override the existing DLL with new one.

 A surprising fact is GAC does not perform any additional check for verifying strong name of a DLL when coping the modified framework DLL into the actual folder path.  For example, you can modify mscorlib.dll version 2.0 and place it  into c:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089.

What is .NET-Sploit?

A generic framework modification tool to inject code.  You can download at http://www.applicationsecurity.co.il/english/NETFrameworkRootkits/tabid/161/Default.aspx.

When I was downloading the SP1 of .NET 3.5 months before, I did not realized that there are some CLR improvements in that release apart from some new features such as ADO.NET data services, improved WCF, etc.  The improvements are expected to be in .NET 4.0 (CLR 4.0?), however .NET 3.5 SP1 has some CLR improvements:

• Improved application start-up performance (good news for WinForm applications).
• JIT code optimizations which improves end-to-end application performance.
• Opting managed code run in ASLR mode.
• Improved NGen.
• 20-45% performance improvements of WPF applicaiton without any code change.
• ClickOnce improvements.

I am more instrested in JIT optimization done in SP1.  Let us see those improvements.

Inlining and Structs

Inline Method: Place a method’s body into the body of its callers and remove the method (function pointer).  This is an explicit option in C++, however C# (.NET) doesn’t has, because it is in CLR’s hand.

For those, who don’t know about inline method, here the example:

int add(int a, int b)
{
  return a+b;
}

int c = add(5, 6);

// CLR actually inline "add"
int c = 5+6;

The major benefit of the above inline method is the number of IL code generated for “inline” method which inherently give performance benefit.  Since, inline is in CLR’s control, it does not treat a method as inline for the following:

• Methods greater than 32 bytes of IL.
• Methods with “while”/”switch”.
• Methods with “struct” argument(s).
• Virtual methods.
• Methods handling exception-handling.

In 3.5SP1, methods with “struct” argument are treated as “inline” if it satisfies other 4 constraints.

Improved Assertions

Null and range check, typeof check and comparisons have been improved.

Branch Straightening

JIT compiler now able to straighten the code branch based on common code path and fall-through code path justification.  Based on this, fall-through codes are moved further down.  Based on Surupas Biswas article, there was 10% improvement in throughput in some ASP.NET benchmarks.

Let us see more about NGen improvements and ASLR mode usage in another post.

Problem

Consume the application logic from presentation tier with domain entities those are specialized for this tier with minimal plumbing.

Forces

• Set of code (validation, authentication, etc) to be written specific to presentation tier and the same needs to be written specific to business tier.
• Automated way to share the logic between the tiers with trusted boundaries.
• Agile way to consume business logics to RIA (particularly Silverlight) applications.
• Line of RIA based business application those are not required to scale of SOA.
• Data driven applications those are again not required to scale of SOA.

Solution

.NET RIA Services framework supports end-to-end use of data from DAL (data access layer) of your choice to presentation tier.  The data can be shaped for presentation tier.  This framework was built on ASP.NET to define and support a pattern for exposing a set of operations on your domain object to presentation tier particularly Silverlight.  A domain object contains set of CRUD and custom business operations with domain entities.  In this framework, the domain object is called as “DomainService”.  Once you define a DomainService at business tier based on the data from database using ADO.NET Entity Framework or LINQ2SQL, this framework generates code corresponding client tier code that can be used for data binding, validation, authentication, etc.

The following image which was taken from .NET RIA Services guide gives you to understand how this framework is designed to scale across different presentation technologies and DAL components.

References

• Download .NET RIA Services and walk-through manual at http://www.microsoft.com/downloads/details.aspx?FamilyID=76bb3a07-3846-4564-b0c3-27972bcaabce&displayLang=en
• Expect article related to .NET RIASservices in this blog.