-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reflection free mode: using sqlclient - possible options for obfuscation #96339
Comments
Tagging subscribers to this area: @dotnet/area-system-reflection Issue Details@MichalStrehovsky : now that it is possible with .NET 8 to run both the kestrel server and npgsql in reflection free mode (see https://github.com/TechEmpower/FrameworkBenchmarks/tree/master/frameworks/CSharp/appmpower) I am trying to close my last open item, running the sqlclient in:
This has been reported in other issues and I have seen that was omitted for a better way of dealing with reflection; would still be nice however to have this one
namespace System.Runtime.CompilerServices The goal here is purily obfuscation, where I don't mind having open source libraries un-obfuscated, but like to have some of my libraries obfuscated (reflection free).
|
Tagging subscribers to this area: @agocke, @MichalStrehovsky, @jkotas Issue Details@MichalStrehovsky : now that it is possible with .NET 8 to run both the kestrel server and npgsql in reflection free mode (see https://github.com/TechEmpower/FrameworkBenchmarks/tree/master/frameworks/CSharp/appmpower) I am trying to close my last open item, running the sqlclient in:
This has been reported in other issues and I have seen that was omitted for a better way of dealing with reflection; would still be nice however to have this one
The goal here is purily obfuscation, where I don't mind having open source libraries un-obfuscated, but like to have some of my libraries obfuscated (reflection free).
|
What is the stack that leads to type attributes being read? We don't really have a good way to produce the answer for this. We at most know if something is a class or interface, but depending on what SqlClient wants to get from this, the rest will likely be a wrong answer.
Support for this attribute was deleted from the product.
At this point, if you really don't use reflection, adding |
The stack is the following:
When I return nothing I can go a step further, but then similar errors come back; so not sure indeed whether it will be sufficient. Maybe a more important question: all internal/private classes, methods, properties -> are these included in the reflection data or only the public ones ? Any hint on how this might improve obfuscation ? |
Without being 100% sure, I think that if your library's APIs are not accessed via reflection, Native AOT will trim reflection metadata for them, even if reflection-free mode is not enabled. My understanding is that the reflection-free mode is not as valuable as in the past, and there were even talks to remove it. |
It is unlikely
The compiler by default keeps names of types. Names of methods are included if stack trace data is generated (the suggested |
You should strongly consider upgrading from the maintainance only System.Data.SqlClient to the modern replacement which is Microsoft.Data.SqlClient where work is being done to make things aot friendlier e.g. dotnet/SqlClient#2226 |
@MichalStrehovsky Would it be possible to list a number of namespaces in the csproj file that do not generate reflection data at all (even no names of types) ? This would allow to remove full disabling of reflection for obfuscation reasons. As I understand in such scenario only the reflection stack would be included and reflection info for referenced namespaces like System... and Microsoft... which is fine. This is a potential enhancement request for a future version. |
That would have the same problem as #88748 (comment) - there is no way to audit whether it's safe to do this. By definition we don't have information about whether reflection is used (or isn't used) with a certain type. If we had this information, we could optimize it out transparently. This would inject random failure modes, same way as IlcDisableReflection does. It's the main reason why we'll never productize it. |
@Wraith2 : based on your feedback, I made a fork of SqlClient and was able with the changes in:
I have done this on the 5.1-servicing branch, because the SqlClient main branch has some debugging issues on my Mac M1 while connecting to an Azure database: it tries to connect via the ip address which is not allowed. Besides of this, I am impressed by the few changes necessary to support this flow without reflection. |
@MichalStrehovsky I will describe the use case better in a separate issue (as this one is closed), which then might or might not be linked to issue #96511. Thanks for the info provided on this issue, it helps me to better explain the requirement in the next one. |
This is interesting. I believe the prior art for UWP and Mono AOT IOS apps is to have stack traces without symbols , have symbols uploaded and then have traces resymbolicated when displaying to developers in app stores or appcenter etc.. It sounds like this is not yet possible with NativeAOT but that the |
Stack traces work pretty much the same how they worked in uwp. If stack trace support is disabled, stack traces only have addresses one can symbolicate with the symbols file. I would think stack traces on Mono ios just work all the time since Mono requires the underlying il metadata to be present. |
@MichalStrehovsky : now that it is possible with .NET 8 to run both the kestrel server and npgsql in reflection free mode (see https://github.com/TechEmpower/FrameworkBenchmarks/tree/master/frameworks/CSharp/appmpower) I am trying to close my last open item, running the sqlclient in:
This has been reported in other issues and I have seen that was omitted for a better way of dealing with reflection; would still be nice however to have this one
The goal here is purily obfuscation, where I don't mind having open source libraries un-obfuscated, but like to have some of my libraries obfuscated (reflection free).
First step I would like to get working is:
The text was updated successfully, but these errors were encountered: