.NET跨组件的性能损失 [英] .NET Cross-Assembly Performance Hit

问题描述

我读条例草案瓦格纳的书的有效的C＃的。在32项他倡导开发人员能够创建可更容易地重复使用更小，更具凝聚力的组件。然而，在相同的项目，他说：

I am reading Bill Wagner's book Effective C#. In Item 32 he is advocating for developers to create smaller, more cohesive assemblies that can be reused more readily. However, in that same item he says:

...额外的安全检查也有   跨越边界的组装完成。所有   从同一个程序集code   同样具有信任的相同的水平（未   不一定相同的访问权限，   但同样的道理水平）。该   CLR执行某些安全检查   每当code流穿过装配   边界。越少的时候你   程序流程穿越总成   边界，更有效它将   是...没有这些性能   问题应劝阻你从   分手过于组件   大。性能刑罚   次要的。

... Extra Security checks also are done across assembly boundaries. All code from the same assembly same has the same level of trust (not necessarily the same access rights, but the same truth level). The CLR performs some security checks whenever code flow crosses an assembly boundary. The fewer times your program flow crosses assembly boundaries, the more efficient it will be... None of these performance concerns should dissuade you from breaking up assemblies that are too large. The performance penalties are minor.

我的问题是有没有在每次调用方法为Foo.dll，或仅在第一次大会加载执行额外的安全检查？

My question is are there extra security checks performed for every method call into Foo.dll, or only the first time the assembly is loaded?

感谢

推荐答案

在.NET中的安全系统是相当复杂的。我不知道答案很简单，因为它听起来乍看之下。即使你有一个程序集的情况下，安全检查仍在进行。当您启动了所有的逻辑在一个.exe文件的应用程序，你就不能绕过.NET安全检查装配载荷和验证，你也不绕过类型继承检查。然而，一旦安全性得到了一个给定的范围验证，它通常不会再出现（可能有一些减轻处罚的情节，这将迫使重新确认的证据。）

The security system in .NET is quite complex. I am not sure the answer is as simple as it may sound at first glance. Even in the event that you have a single assembly, security checks are still performed. When you start an application that has all logic in a single .exe, you don't bypass the .NET security checks for assembly load and verification, nor do you bypass the type inheritance checks. However, once security has been verified for a given scope, it usually does not occur again (there may be some mitigating circumstances that would force re-verification of evidence.)

多个组件都不会表现任何不同。可能有一些额外的装配载荷成本和初始型接入成本，因为每个新的组件将需要那些最初的安全检查。然而，这些检查一般会比较苍白到JITting的code本身的过程。

Multiple assemblies are not going to behave any differently. There may be some additional assembly load cost and initial type access cost, as each new assembly will require those initial security checks. However, those checks will generally pale in comparison to the process of JITting the code itself.

除了基本的装配载荷和类型安全检查，你可能也有明确的权限要求。微软的系统命名空间充满了需求和的LinkDemand安全检查验证所有呼叫者堆栈（需求）或直接调用方（链接请求）有权限拨打电话。 （您code也应包括这种检查是适当的，以验证调用者有适当的权限了。）这些安全检查会发生无论在哪里code生活......在当地，在另一个组件，或者即使在在另一个应用程序域的组件。但是，一旦你进入，甚至是服务和其他服务器的其他应用程序域或进程的调用，封送处理这些调用，使连接的开销是数量级更贵。

Beyond the basic assembly load and type security checks, you may also have explicit permission demands. Microsofts System namespaces are riddled with Demand and LinkDemand security checks that verify all callers up the stack (demand) or the immediate caller (link demand) have permission to make the call. (Your code should also include such checks were appropriate to validate callers have the appropriate permission, too.) These security checks will happen regardless of where the code lives...locally, in another assembly, or even in an assembly in another app domain. However, once you get into calls made to other app domains or processes, or even to services and other servers, the overhead of marshaling those calls and making connections is orders of magnitude more expensive.

这甚至不是当谈到.NET安全的全貌。某些安全检查比其他的更昂贵。有些需要凭据，则需要证据等安全性是不是你可以推脱......现代软件开发的一个必不可少的重要组成部分。我不会太在乎安全性的代价......因为它是很好的实施，并很好的优化，在.NET框架和CLR。我把你的精力，确保您的应用程序正确设计和组织。如果分离code OUT成多个组件是合乎逻辑的，减少了维护，部署和重构工作，那么它值得小额外费用的安全性。

This isn't even the whole picture when it comes to .NET security. Some security checks are more costly than others. Some require a credential, others require evidence, etc. Security isn't something you can shirk...its an essential and critical component of modern software development. I would not worry so much about the cost of security...as it is well implemented and well optimized in the .NET framework and CLR. I would put your effort into ensuring that your application is properly architected and organized. If separating code out into multiple assemblies is logical, reduces maintenance, deployment, and refactoring effort, then its WELL worth the small additional cost to security.

这篇关于.NET跨组件的性能损失的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！