任何从事www.sychzs.cn开发的人都不得不承认,在其职业生涯中曾经遇到过应用程序安全问题,开发人员常常被迫尽快交付代码,平台的复杂性和各种配置选项让应用程序的安全总达不到预期,此外,调试和生产环境的配置要求可能会不同,因此,一个常见的问题是将调试配置引入到生产环境,从而造成各种问题。
经过多年的发展,www.sychzs.cn平台已经成熟,MSDN和社区博客也产生了大量优秀的文档,但确定使用哪些功能或配置往往是件麻烦事,即使开发人员有着良好的安全意识和安全技能,错误总是在所难免,程序中的漏洞仍然很多。同行代码审查是一个有用的过程,也是早期捕捉问题的很好方法,但不是每个人都有时间或预算做同行评审。
自Visual Studio 2005引入代码分析功能以来,开发人员可以自动分析他们的代码,查看是否遵守了设计、可维护性、性能和安全性的最佳实践,虽然代码分析是个好东西,但它一直未为www.sychzs.cn提供最佳安全实践指南,直到现在。本文将向你介绍新的www.sychzs.cn代码分析规则,包括Visual Studio代码分析功能和独立的FxCop提高www.sychzs.cn应用程序的安全性。
概述 你可以从www.sychzs.cn/-?linkid=9750555下载Visual Studio 2010 www.sychzs.cn安全代码分析规则包和FxCop v10.0,安装程序包含下面三个新的规则包: ASP.NET.Security:它重点在www.sychzs.cn属性初始化相关的最佳安全实践。 ASP.NET.MVC.Security:它重点在如何使用www.sychzs.cn MVC相关的安全最佳实践。 ASP.NET.Security.Configuration:它重点在web.config文件下的配置元素相关的安全最佳实践。
规则包安装好后,点击“生成”菜单下“网站”按钮上的“运行代码分析”,开始自动分析Web应用程序的安全,这个过程会分析应用程序的每个Page类和web.config文件,与www.sychzs.cn应用程序最佳安全实践进行对比,给出综合性的分析结果。例如,一个常见的Web应用程序安全漏洞是跨站请求伪造,它允许攻击者以其他用户的身份执行命令,修复这个漏洞的方法是使用Page.ViewStateUserKey属性,你也可以使用www.sychzs.cn MVC中的AntiForgeryToken,这两种技术都可以预防对应用程序的恶意重放攻击,代码分析将有助于确定使用正确的修复方法。
我从许多开发人员那里得到的反馈是,首次运行代码分析功能时将会得到许多警告,如图1所示,不过这些都是很好解决的问题。
图 1 在错误列表警告标签中列出的警告信息
为了消除这些警告,每个规则包含一个清晰的指令指出必须修复的地方,以及如何修复,如果需要更多信息还应该列出一些参考内容,如图2所示。
图 2 警告列表中的详细信息
代码分析也可以配置为每次生成操作时运行,点击“网站”*“配置代码分析”,然后选中“启用生成时代码分析(定义CODE_ANALYSIS常量)”选项,如图3所示。
图 3 开启生成期间的代码分析功能
使用FxCop进行代码分析
代码分析功能仅在Visual Studio Premium和Ultimate版中提供,此外,你还可以使用独立的FxCop工具执行www.sychzs.cn代码分析,FxCop是Windows SDK的一部分,最新的Windows SDK 7.1可从这里下载,使用标准的FxCop工具执行分析时需要多做一点工作。
正常情况下,当你编译Web项目时,页面标记 - 代码隐藏文件中未包括的页面代码 - 不会被编译,它们会原封不动地停留在应用程序的根目录下,当第一个用户请求页面时,标记被编译进独立的程序集,这样更新网站时就不用重新编译所有代码。
因为不是所有代码全部自动编译,在分析期间有的代码是不可见的,因此一些重要的安全问题可能被错过,为了确保所有的代码在分析过程中可见,你需要强制预编译所有页面,可以使用“发布网站”工具实现预编译,点击“生成”*“发布网站”即可,这个工具允许你配置如何发布网站,以及开启预编译功能,取消“允许预编译网站以更新”选项,点击“确定”,如图4所示,这样就会完整编译整个网站进行分析。
图 4 使用预编译发布网站
www.sychzs.cn分析只需要FxCop命令行版本的功能,打开命令提示符窗口,切换到FxCop安装目录,如果你是32位Windows,则可能是:C:\Program Files (x86)\Microsoft FxCop 10.0,如果是64位Windows,则可能是:C:\Program Files\Microsoft FxCop 10.0。从FxCop安装目录运行Fxcop-cmd.exe开始代码分析,对于一个www.sychzs.cn网站,使用下面这样的命令:
图5
/file参数指出要分析的程序集,在这个例子中,我预编译的网站程序集在H:\MSDN\PrecompiledWeb\MSDNSampleSite\bin下。 /rule参数指定分析期间使用的规则,对于这个例子,我只使用了三个www.sychzs.cn安全规则:AspNetConfigurationSecurityRules.dll,AspNetMvcSecurity-Rules.dll和ASPNetSecurityRules.dll。 /aspnet参数表示开启www.sychzs.cn分析,/console参数指出分析结果输出到命令行窗口。
结语
让www.sychzs.cn网站更安全是一项艰巨的任务,www.sychzs.cn安全代码分析规则算是帮了一个大忙,至少你帮你确定一些重大的威胁,正如你从这篇文章看到的,其分析过程很简单,可以配置为每次生成时运行,让你可以及早发现问题。
我建议将规则部署到每个开发人员的机器上,也将它们作为TFS(Team Foundation Sever)或其它代码仓库检入(check in)策略的一部分,以便每个开发人员都可以在生成时执行代码分析和策略。你也可以定制自己的代码分析规则,如果你想就此做进一步学习和研究,建议去由Duke Kamstra维护的代码分析团队博客逛逛,此外,在Tatham Oddie的博客中也有很多优秀的文章。
转载于:https://www.sychzs.cn/HeroBeast/archive/2010/12/22/1913362.html
这是正常现象。你可以说这是VC的BUG,也可以说是多字符集考虑。资源文件rc中,对每个部分都有关于字符集的设定,大部分资源都是单一属性的,不能在其它字符集下使用。如果需要多字符集,甚至多国语言,你需要对每种字符集定制单独的资源。如果你的一个资源在所有字符集下都使用,其实是无法保障正确显示的。如果是新建项目的时候选择了多字节的话,那么运行前后设计的窗口风格会不一样,如下:?
那么怎么做使得在多字节下对话框运行前后都是一样的风格呢?
方法一就是把stdAfx.h中的代码做如下修改即可:
?
#ifdef _UNICODE
#if defined _M_IX86
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
#elif defined _M_IA64
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='ia64' publicKeyToken='6595b64144ccf1df' language='*'\"")
#elif defined _M_X64
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
#else
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
#endif
#endif
?
修改成如下:
?
#if defined _M_IX86
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
#elif defined _M_IA64
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='ia64' publicKeyToken='6595b64144ccf1df' language='*'\"")
#elif defined _M_X64
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
#else
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
#endif
?
其实就是把
#if _UNICODE
#endif
注释掉,否则你把
#if _UNICODE
A code
#endif
中间的A code 拿出来也可以的,即变成这样:
#if _UNICODE
#endif
A code
?
方法二采用manifest来辅助修改界面风格
1. 将下面这段XML保存到你的工程目录下,文件名为XPStyle.manifest(注意后缀不是xml)
version="1.0.0.0"
processorArchitecture="X86"
name="XP style manifest"
type="Win32"
/>
type="Win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
? 2. 在VC中点添加资源, 将XPStyle.manifest文件作为资源文件加入到你的工程中, 填资源类型号为24(这是因为manifest格式文件不是VC的常规资源文件), 资源ID为IDR_XP_STYLE. (1).如果是dll工程,则在Resource.h中修改: #define IDR_XP_STYLE??????????????????? 2 并在StdAfx.h中添加 #define ISOLATION_AWARE_ENABLED 1 (2).如果是exe工程,则在Resource.h中修改: #define IDR_XP_STYLE??????????????????? 1 3. 点击全部编译,运行你的程序看看,是不是很酷. Visual C++ Exploring New C++ and MFC Features in Visual Studio 2010 Sumit Kumar Visual Studio 2010 presents huge benefits for C++ developers. From the ability to employ the new features offered by Windows 7 to the enhanced productivity features for working with large code bases, there is something new and improved for just about every C++ developer. In this article, I will explain how Microsoft has addressed some of the broad problems faced by C++ developers. Specifically, ?Visual Studio 2010 enables a more modern programming model by adding core language features from the upcoming C++0x standard, and by overhauling the standard library to take advantage of the new language features. There are new parallel programming libraries and tools to simplify the creation of parallel programs. You’ll also find enhanced overall performance and developer productivity thanks to IntelliSense and code-understanding features that scale to large code bases. And you’ll benefit from the improved? performance of libraries and other features across ?design time, build time, compile time and link time. Visual Studio 2010 migrates the build system to MSBuild to make it more customizable and to support native multi-targeting. And enhancements in the MFC library harness the power of new Windows 7 APIs, enabling you to write great Windows 7 applications. Let’s take a closer look at these C++-focused advancements in Visual Studio 2010. C++0x Core Language Features The next C++ standard is inching closer to being finalized. To help you get started with the C++0x extensions, the Visual C++ compiler in Visual Studio 2010 enables six C++0x core language features: lambda expressions, the auto keyword, rvalue references, static_assert, nullptr and decltype. Lambda expressions implicitly define and construct unnamed function objects. Lambdas provide a lightweight natural syntax to define function objects where they are used, without incurring performance overhead. Function objects are a very powerful way to customize the behavior of Standard Template Library (STL) algorithms, and can encapsulate both code and data (unlike plain functions). But function objects are inconvenient to define because of the need to write entire classes. Moreover, they are not defined in the place in your source code where you’re trying to use them, and the non-locality makes them more difficult to use. Libraries have attempted to mitigate some of the problems of verbosity and non-locality, but don’t offer much help because the syntax becomes complicated and the compiler errors are not very friendly. Using function objects from libraries is also less efficient since the function objects defined as data members are not in-lined. Lambda expressions address these problems. The following code snippet shows a lambda expression used in a program to remove integers between variables x and y from a vector of integers. Copy Code v.erase(remove_if(v.begin(),
v.end(), [x, y](int n) {
return x < n && n < y; }),
v.end()); The second line shows the lambda expression. Square brackets, called the lambda-introducer, indicate the definition of a lambda expression. This lambda takes integer n as a parameter and the lambda-generated function object has the data members x and y. Compare that to an equivalent handwritten function object to get an appreciation of the convenience and time-saving lambdas provide: Copy Code class LambdaFunctor {
public:
LambdaFunctor(int a, int b) : m_a(a), m_b(b) { }
bool operator()(int n) const {
return m_a < n && n < m_b; }
private:
int m_a;
int m_b;
};
v.erase(remove_if(v.begin(), v.end(),
LambdaFunctor(x, y)), v.end()); The auto keyword has always existed in C++, but it was rarely used because it provided no additional value. C++0x repurposes this keyword to automatically determine the type of a variable from its initializer. Auto reduces verbosity and helps important code to stand out. It avoids type mismatches and truncation errors. It also helps make code more generic by allowing templates to be written that care less about the types of intermediate expressions and effectively deals with undocumented types like lambdas. This code shows how auto saves you from typing the template type in the for loop iterating over a vector: Copy Code vector for (auto i = v.begin(); i != v.end(); ++i) {
// code
} Rvalue references are a new reference type introduced in C++0x that help solve the problem of unnecessary copying and enable perfect forwarding. When the right-hand side of an assignment is an rvalue, then the left-hand side object can steal resources from the right-hand side object rather than performing a separate allocation, thus enabling move semantics. Perfect forwarding allows you to write a single function template that takes n arbitrary arguments and forwards them transparently to another arbitrary function. The nature of the argument (modifiable, const, lvalue or rvalue) is preserved in this forwarding process. Copy Code template functionB(std::forward } A detailed explanation of rvalue references is out of scope for this article, so check the MSDN documentation at www.sychzs.cn/library/dd293668(VS.100) for more information. Static_assert allows testing assertions at compile time rather than at execution time. It lets you trigger compiler errors with custom error messages that are easy to read. Static_assert is especially useful for validating template parameters. For example, compiling the following code will give the error “error C2338: custom assert: n should be less than 5”: Copy Code template static_assert(n < 5, "custom assert: n should be less than 5");
};
int _tmain(int argc, _TCHAR* argv[]) {
StructA<4> s1;
StructA<6> s2;
return 0;
} Nullptr adds type safety to null pointers and is closely related to rvalue references. The macro NULL (defined as 0) and literal 0 are commonly used as the null pointer. So far that has not been a problem, but they don’t work very well in C++0x due to potential problems in perfect forwarding. So the nullptr keyword has been introduced particularly to avoid mysterious failures in perfect forwarding functions. Nullptr is a constant of type nullptr_t, which is convertible to any pointer type, but not to other types like int or char. In addition to being used in perfect forwarding functions, nullptr can be used anywhere the macro NULL was used as a null pointer. A note of caution, however: NULL is still supported by the compiler and has not yet been replaced by nullptr. This is mainly to avoid breaking existing code due to the pervasive and often inappropriate use of NULL. But in the future, nullptr should be used everywhere NULL was used, and NULL should be treated as a feature meant to support backward compatibility. Finally, decltype allows the compiler to infer the return type of a function based on an arbitrary expression and makes perfect forwarding more generic. In past versions, for two arbitrary types T1 and T2, there was no way to deduce the type of an expression that used these two types. The decltype feature allows you to state, for example, an expression that has template arguments, such as sum Standard Library Improvements Substantial portions of the standard C++ library have been rewritten to take advantage of new C++0x language features and increase performance. In addition, many new algorithms have been introduced. The standard library takes full advantage of rvalue references to improve performance. Types such as vector and list now have move constructors and move assignment operators of their own. Vector reallocations take advantage of move semantics by picking up move constructors, so if your types have move constructors and move assignment operators, the library picks that up automatically. You can now create a shared pointer to an object at the same time you are constructing the object with the help of the new C++0x function template make_shared Copy Code auto sp =
make_shared (args); In Visual Studio 2008 you would have to write the following to get the same functionality: Copy Code shared_ptr sp(new map Using make_shared The library now contains a new, safer smart pointer type, unique_ptr (which has been enabled by rvalue references). As a result, auto_ptr has been deprecated; unique_ptr avoids the pitfalls of auto_ptr by being movable, but not copyable. It allows you to implement strict ownership semantics without affecting safety. It also works well with Visual C++ 2010 containers that are aware of rvalue references. Containers now have new member functions—cbegin and cend—that provide a way to use a const_iterator for inspection regardless of the type of container: Copy Code vector
for (auto i = v.cbegin(); i != v.cend(); ++i) {
// i is vector } Visual Studio 2010 adds most of the algorithms proposed in various C++0x papers to the standard library. A subset of the Dinkumware conversions library is now available in the standard library, so now you can do conversions like UTF-8 to UTF-16 with ease. The standard library enables exception propagation via exception_ptr. Many updates have been made in the header Concurrent Programming Improvements Visual Studio 2010 introduces the Parallel Computing Platform, which helps you to write high-performance parallel code quickly while avoiding subtle concurrency bugs. This lets you dodge some of the classic problems relating to concurrency. The Parallel Computing Platform has four major parts: the Concurrency Runtime (ConcRT), the Parallel Patterns Library (PPL), the Asynchronous Agents Library, and parallel debugging and profiling. ConcRT is the lowest software layer that talks to the OS and arbitrates among multiple concurrent components competing for resources. Because it is a user mode process, it can reclaim resources when its cooperative blocking mechanisms are used. ConcRT is aware of locality and avoids switching tasks between different processors. It also employs Windows 7 User Mode Scheduling (UMS) so it can boost performance even when the cooperative blocking ?mechanism is not used. PPL supplies the patterns for writing parallel code. If a computation can be decomposed into sub-computations that can be represented by functions or function objects, each of these sub-computations can be represented by a task. The task concept is much closer to the problem domain, unlike threads that take you away from the problem domain by making you think about the hardware, OS, critical sections and so on. A task can execute concurrently with the other tasks independent of what the other tasks are doing. For example, sorting two different halves of an ?array can be done by two different tasks concurrently. PPL includes parallel classes (task_handle, task_group and structured_task_group), parallel algorithms (parallel_invoke, parallel_for and parallel_for_each), parallel containers (combinable, concurrent_queue, and concurrent_vector), and ConcRT-aware synchronization primitives (critical_section, event and reader_writer_lock), all of which treat tasks as a first-class concept. All components of PPL live in the concurrency namespace. Task groups allow you to execute a set of tasks and wait for them all to finish. So in the sort example, the tasks handling two halves of the array can make one task group. You are guaranteed that these two tasks are completed at the end of the wait member function call, as shown in the code example of a recursive quicksort written using parallel tasks and lambdas: Copy Code void quicksort(vector vector if (last - first < 2) { return; }
int pivot = *first;
auto mid1 = partition(first, last, [=](int elem) {
return elem < pivot; });
auto mid2 = partition( mid1, last, [=](int elem) {
return elem == pivot; });
task_group g;
www.sychzs.cn([=] { quicksort(first, mid1); });
www.sychzs.cn([=] { quicksort(mid2, last); });
g.wait();
} This can be further improved by using a structured task group enabled by the parallel_invoke algorithm. It takes from two to 10 function objects and executes all of them in parallel using as many cores as ConcRT provides and waits for them to finish: Copy Code parallel_invoke(
[=] { quicksort(first, mid1); },
[=] { quicksort(mid2, last); } );
parallel_invoke(
[=] { quicksort(first, mid1); },
[=] { quicksort(mid2, last); } ); There could be multiple subtasks created by each of these tasks. The mapping between tasks and execution threads (and ensuring that all the cores are optimally utilized) is managed by ConcRT. So decomposing your computation into as many tasks as possible will help take advantage of all the available cores. Another useful parallel algorithm is parallel_for, which can be used to iterate over indices in a concurrent fashion: Copy Code parallel_for(first, last, functor);
parallel_for(first, last, step, functor); This concurrently calls function objects with each index, starting ?with first and ending with last. The Asynchronous Agents Library gives you a dataflow-based programming model where computations are dependent on the required data becoming available. The library is based on the concepts of agents, message blocks and message-passing functions. An agent is a component of an application that does certain computations and communicates asynchronously with other agents to solve a bigger computation problem. This communication between agents is achieved via message-passing functions and message blocks. Agents have an observable lifecycle that goes through various stages. They are not meant to be used for the fine-grained parallelism achieved by using PPL tasks. Agents are built on the scheduling and resource management components of ConcRT and help you avoid the issues that arise from the use of shared memory in concurrent applications. You do not need to link against or redistribute any additional components to take advantage of these patterns. ConcRT, PPL and the Asynchronous Agents Library have been implemented within msvcr100.dll, msvcp100.dll and libcmt.lib/libcpmt.lib alongside the standard library. PPL and the Asynchronous Agents Library are mostly header-only implementations. The Visual Studio debugger is now aware of ConcRT and makes it easy for you to debug concurrency issues—unlike Visual Studio 2008, which had no awareness of higher-level parallel concepts. Visual Studio 2010 has a concurrency profiler that allows you to visualize the behavior of parallel applications. The debugger has new windows that visualize the state of all tasks in an application and their call stacks. Figure 1 shows the Parallel Tasks and Parallel Stacks windows. Figure 1 Parallel Stacks and Parallel Tasks Debug Windows IntelliSense and Design-Time Productivity A brand-new IntelliSense and browsing infrastructure is included in Visual Studio 2010. In addition to helping with scale and responsiveness on projects with large code bases, the infrastructure improvements have enabled some fresh design-time productivity features. IntelliSense features like live error reporting and Quick Info tooltips are based on a new compiler front end, which parses the full translation unit to provide rich and accurate information about code semantics, even while the code files are being modified. All of the code-browsing features, like class view and class hierarchy, now use the source code information stored in a SQL database that enables indexing and has a fixed memory footprint. Unlike previous releases, the Visual Studio 2010 IDE is always responsive and you no longer have to wait while compilation units get reparsed in response to changes in a header file. IntelliSense live error reporting (the familiar red squiggles) displays compiler-quality syntax and semantic errors during browsing and editing of code. Hovering the mouse over the error gives you the error message (see Figure 2). The error list window also shows the error from the file currently being viewed, as well as the IntelliSense errors from elsewhere in the compilation unit. All of this information is available to you without doing a build. Figure 2 Live Error Reporting Showing IntelliSense Errors In addition, a list of relevant include files is displayed in a dropdown while typing #include, and the list refines as you type. The new Navigate To (Edit | Navigate To or Ctrl+comma) feature will help you be more productive with file or symbol search. This feature gives you real-time search results, based on substrings as you type, matching your input strings for symbols and files across any project (see Figure 3). This feature also works for C# and Visual Basic files and is extensible. Figure 3 Using the Navigate To Feature Call Hierarchy (invoked using Ctrl+K, Ctrl+T or from the right-click menu) lets you navigate to all functions called from a particular function, and from all functions that make calls to a particular function. This is an improved version of the Call Browser feature that existed in previous versions of Visual Studio. The Call Hierarchy window is much better organized and provides both calls from and calls to trees for any function that appears in the same window. Note that while all the code-browsing features are available for both pure C++ and C++/CLI, IntelliSense-related features like live error reporting and Quick Info will not be available for C++/CLI in the final release of Visual Studio 2010.? Other staple editor features are improved in this release, too. For example, the popular Find All References feature that is used to search for references to code elements (classes, class members, functions and so on) inside the entire solution is now more flexible. Search results can be ?further refined using a Resolve Results option from the right-click context menu. Inactive code now retains semantic information by maintaining colorization (instead of becoming gray). Figure 4 shows how the inactive code is dimmed but still shows different colors to convey the semantic information. Figure 4 Inactive Code Blocks Retain Colorization In addition to the features described already, the general editor experience is enhanced in Visual Studio 2010. The new Windows Presentation Foundation (WPF)-based IDE has been redesigned to remove clutter and improve readability. Document windows such as the code editor and Design view can now float outside the main IDE window and can be displayed on multiple monitors. It is easier to zoom in and out in the code editor window using the Ctrl key and the mouse wheel. The IDE also has improved support for extensibility. Build and Project Systems Visual Studio 2010 also boasts substantial improvements in the build system and the project system for C++ projects. The most important change is that MSBuild is now used to build C++ projects. MSBuild is an extensible, XML-based build orchestration engine that has been used for C# and Visual Basic projects in previous versions of Visual Studio. MSBuild is now the common Microsoft build system for all languages. It can be used both in the build lab and on individual developer machines. C++ build processes are now defined in terms of MSBuild target and task files and give you a greater degree of customizability, control and transparency. The C++ project type has a new extension: .vcxproj. Visual Studio will automatically upgrade old .vcproj files and solutions to the new format. There is also a command-line tool, vcupgrade.exe, to upgrade single projects from the command line. In the past, you could only use the toolset (compiler, libraries and so on) provided with your current version of Visual Studio. You had to wait until you were ready to migrate to the new toolset before you could start using the new IDE. Visual Studio 2010 solves that problem by allowing you to target multiple toolset versions to build against. For example, you could target the Visual C++ 9.0 compiler and libraries while working in Visual Studio 2010. Figure 5 shows the native multi-targeting settings on the property page. Figure 5 Targeting Multiple Platform Toolsets Using MSBuild makes the C++ build system far more extensible. When the default build system is not sufficient to meet your needs, you can extend it by adding your own tool or any other build step. MSBuild uses tasks as reusable units of executable code to perform the build operations. You can create your own tasks and extend the build system by defining them in an XML file. MSBuild generates the tasks from these XML files on the fly. Existing platforms and toolsets can be extended by adding .props and .targets files for additional steps into ImportBefore and ImportAfter folders. This is especially useful for providers of libraries and tools who would like to extend the existing build systems. You can also define your own platform toolset. Additionally, MSBuild provides better diagnostic information to make it easier for you to debug build problems, which also makes incremental builds more reliable. Plus, you can create build systems that are more closely tied to source control and the build lab and less dependent on developer machine configuration. The project system that sits on top of the build system also takes advantage of the flexibility and extensibility provided by MSBuild. The project system understands the MSBuild processes and allows Visual Studio to transparently display information made available by MSBuild. Customizations are visible and can be configured through the property pages. You can configure your project system to use your own platform (like the existing x86 or x64 platforms) or your own debugger. The property pages allow you to write and integrate components that dynamically update the value of properties that depend on context. The Visual Studio 2010 project system even allows you to write your own custom UI to read and write properties instead of using property pages. Faster Compilation and Better Performance In addition to the design-time experience improvements described so far, Visual Studio 2010 also improves the compilation speed, quality and performance for applications built with the Visual C++ compiler, as a result of multiple code generation enhancements to the compiler back end. The performance of certain applications depends on the working set. The code size for the x64 architecture has been reduced in the range of 3 percent to 10 percent by making multiple optimizations in this release, resulting in a performance improvement for such applications. Single Instruction Multiple Data (SIMD) code generation—which is important for game, audio, video and graphics developers—has been optimized for improved performance and code quality. Improvements include breaking false dependencies, vectorization of constant vector initializations, and better allocation of XMM registers to remove redundant loads, stores and moves. In addition, the__mm_set_**, __mm_setr_** and __mm_set1_** intrinsic family has been optimized. For improved performance, applications should be built using Link Time Code Generation (LTCG) and Profile Guided Optimization (PGO). Compilation speed on x64 platforms has been improved by making optimizations in x64 code generation. Compilation with LTCG, recommended for better optimization, usually takes longer than non-LTCG compilation especially in large applications. In Visual Studio 2010, the LTCG compilation has been improved by up to 30 percent. A dedicated thread to write PDB files has been introduced in this release, so you will see link time improvements when you use the /DEBUG switch. PGO instrumentation runs have been made faster by adding support for no-lock versions of instrumented binaries. There is also a new POGO option, PogoSafeMode, that enables you to specify whether to use safe mode or fast mode when you optimize an application. Fast mode is the default behavior. Safe mode is thread-safe, but slower than fast mode. The quality of compiler-generated code has been improved. There is now full support for Advanced Vector Extensions (AVX), which are very important for floating-point-intensive applications in AMD and Intel processors via intrinsic and /arch:AVX options. Floating-point computation is more precise with /fp:fast option. Building Applications for Windows 7 Windows 7 introduced a number of exciting new technologies and features and added new APIs, and Visual Studio 2010 provides access to all the new Windows APIs. The Windows SDK components needed to write code for native Windows APIs are included in Visual Studio 2010. You can take advantage of innovations like Direct3D 11, DirectWrite, Direct2D and Windows Web Service APIs by using the SDK headers and libraries available in Visual Studio 2010. In addition to making all the Windows APIs available to developers, this release of Visual Studio also makes it easier for you to write applications for Windows with the help of a beefed up MFC. You get access to substantial Windows 7 functionality through MFC libraries without having to write directly to native APIs. Your existing MFC applications will light up on Windows 7 just by recompiling. And your new applications can take full advantage of the new features. MFC now includes improved integration with the Windows shell. Your application’s integration with Windows Explorer can now be much better by making use of the file handlers for preview, thumbnails and search that have been added in this release. These features are provided as options in the MFC Application Wizard as shown in Figure 6. MFC will automatically generate the ATL DLL project that implements these handlers. Figure 6 MFC Application Wizard with File Handler Options One of the most noticeable user interface changes in Windows 7 is the new taskbar. MFC allows you to quickly take advantage of features like jump lists, tabbed thumbnails, thumbnail preview, progress bars, icon overlay and so on. Figure 7 shows thumbnail previews and tabbed thumbnails for a tabbed MDI MFC application. Figure 7 Tabbed Thumbnail and Thumbnail Preview in an MFC Application The ribbon UI now has a Windows 7-style ribbon, too, and your application can swap the UI on the fly any time during development from several Office-style ribbons to the Windows 7 ribbon by using the style dropdown as shown in Figure 8. Figure 8 Ribbon-Style Dropdown in an MFC Application MFC enables your applications to become multi-touch aware and calls appropriate messages for you to handle when the various touch events occur. Just registering for touch and gesture events will route those events for your application. MFC also makes applications high-DPI-aware by default so they adapt to high-DPI screens and do not look pixelated or fuzzy. MFC internally scales and changes fonts and other elements to make sure your UI continues to look sharp on high DPI displays. In addition to the new Windows 7 features, some other Windows features that have existed since Windows Vista but were not included in previous releases of MFC have been included now. For example, Restart Manager is a useful feature introduced in Windows Vista that enables an application to perform an application save before terminating. The application can invoke this feature and then restore its state when restarting. You can now take full advantage of Restart Manager in your MFC application to handle crashes and restarts more elegantly. Simply add a line of code to enable restart and recovery in your existing application: Copy Code CMyApp::CMyApp() {
m_dwRestartManagerSupportFlags =
AFX_RESTART_MANAGER_SUPPORT_RESTART;
// other lines of code ...
} New MFC applications get this functionality automatically by using the MFC Application Wizard. The auto-save mechanism is available to applications that save documents, and the auto-save interval can be defined by the user. Applications can choose only restart support or application recover start (applicable to Doc/View type applications) in the MFC Application Wizard. Another addition is the Windows Task dialog, which is an improved type of message box (see Figure 9). MFC now has a wrapper for the Task dialog that you can use in your applications. Figure 9 Task Dialog MFC Class Wizard Is back Not only has new functionality been added in the MFC library, this release also makes it easier to work with MFC in the Visual Studio IDE. One of the most commonly requested features, the MFC Class Wizard (shown in Figure 10), has been brought back and improved. You can now add classes, event handlers and other elements to your application using the MFC Class Wizard. Figure 10 MFC Class Wizard? Another addition is the Ribbon Designer, which allows you to graphically design your ribbon UI (instead of defining it in code as in Visual Studio 2008) and store it as an XML resource. This designer is obviously useful for creating new applications, but existing applications can also take advantage of the designer to update their UIs. The XML definition can be created just by adding a line of code temporarily to the existing code definition of the ribbon UI: Copy Code m_wndRibbonBar.SaveToXMLFile(L"YourRibbon.mfcribbon-ms"); The resulting XML file can then be consumed as a resource file and further modifications can be made using the Ribbon Designer. Wrapping Up Visual Studio 2010 is a major release in the evolution of Visual C++ and makes lives of developers easier in many ways. I have barely scratched the surface of various C++-related improvements in this article. For further discussion on different features, please refer to the MSDN documentation and to the Visual C++ team’s blog at www.sychzs.cn/vcblog, which was also used as the basis for some of the sections in this article.??? Sumit Kumar?is a program manager in the Visual C++ IDE team. He holds an MS degree in Computer Science from the University of Texas at Dallas. Thanks to the following technical experts: Stephan T. Lavavej, Marian Luparu and Tarek Madkour ? ? ? Current Issue ? ? Browse All MSDN Magazines ?
0条大神的评论