Today, we are releasing the .NET Core February 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included reliability fixes.

• .NET Core 2.2.2 and .NET Core SDK 2.2.104 ( Download | Release Notes )
• .NET Core 2.1.8 and .NET Core SDK 2.1.504 ( Download | Release Notes )
• .NET Core 1.1.11 and .NET Core SDK 1.1.12 ( Download | Release Notes )
• .NET Core 1.0.14 and .NET Core SDK 1.1.12 ( Download | Release Notes )

Security

Microsoft Security Advisory CVE-2019-0657: .NET Core Domain Spoofing Vulnerability

A domain spoofing vulnerability exists in .NET Framework and .NET Core which causes the meaning of a URI to change when International Domain Name encoding is applied. An attacker who successfully exploited the vulnerability could redirect a URI. This issue effects .NET Core 1.0, 1.1 2.1 and 2.2.

The security update addresses the vulnerability by not allowing certain Unicode characters from the URI.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.0.21 (.NET Core 1.0 and 1.1) and 15.9.7 (.NET Core 1.0, 1.1 and 2.1) updates, which is also releasing today.

See the .NET Core release notes ( 1.0.14 | 1.1.11 | 2.1.8 | 2.2.2 ) for details on the release including a issues fixed and affected packages.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

microsoft/dotnet (includes the latest aspnetcore release)
microsoft/dotnet-samples
microsoft/aspnetcore (aspnetcore version 1.0 and 1.1)

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Azure App Services deployment

Deployment of these updates Azure App Services has begun. We’ll keep this section updated as the regions go live. Deployment to all regions is expected to complete in a few days.

Lifecycle Information

The following lifecycle documents describe Microsoft support policies and should be consulted to ensure that you are using supported .NET Core versions.

• .NET Core Support Policy
• .NET Core Supported OS Lifecycle Policy
• .NET Core 2.0 has reached end-of-life

Updated: February 15, 2019

• A new Advisory on February 2019 Security update for Windows 10 update 1809 has been released today for issues customers have reported with .NET 4.8 Preview and this security update for Windows 10 update 1809 installed.

Updated: February 14, 2019

• Added the previously released previous release update information in quality and reliability for easier reference.

Yesterday, we released the February 2019 Security and Quality Rollup.

Security

CVE-2019-0613 – Remote Code Execution Vulnerability

This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who have administrative user rights.

CVE-2019-0657 – Domain Spoofing Vulnerability

This security update resolves a vulnerability in certain .NET Framework APIs that parse URLs. An attacker who successfully exploits this vulnerability could use it to bypass security logic that’s intended to make sure that a user-provided URL belonged to a specific host name or a subdomain of that host name. This could be used to cause privileged communication to be made to an untrusted service as if it were a trusted service.

CVE-2019-0657

Quality and Reliability

This release contains the following previously released quality and reliability improvements, January 2019 Preview of Quality Rollup.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+ versions.

The following table is for earlier Windows and Windows Server versions.

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

• microsoft/aspnet
• microsoft/dotnet-framework
• microsoft/dotnet-framework-samples

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

• January 22, 2018 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
• January 2019 Preview of Quality Rollup
• January 2019 Security and Quality Rollup
• December 2018 Security and Quality Rollup
• November 2018 Preview of Cumulative Update for Windows 10 version 1809 and Windows Server 2019

Take the survey now! 

Update 2/15/19 @3:35 PM (PST): As we continue our investigation, we are finding the issue to be restricted to a limited and isolated set of test-only systems that are using non-official versions of the .NET 4.8 Preview. As of 2/15/19 around 12:00 pm (PST) we further tightened our delivery mechanisms to ensure that the February .NET security updates are only deployed to their expected target systems.

The February 2019 Security and Quality Rollup for Windows 10 update 1809 was released earlier this week. We have received multiple customer reports of issues when a customer has installed .NET Framework 4.8 Preview then installed the February security update, 4483452. These reports are specific to only to the scenario when a customer has installed both .NET Framework 4.8 Preview and the February security update.

We are actively working on investigating and addressing this issue. If you installed the February 2019 security update and have not seen any negative behavior, we recommend that you leave your system as-is but closely monitor it and ensure that you apply upcoming .NET Framework updates.

We will continue to update this post as we have new information.

Guidance

We are working on guidance and will update this post and as we have new information.

Workaround

There are no known workarounds at this time.

Symptoms

After installing .NET Framework 4.8 Preview then the February 2019 security update, 4483452, Visual Studios will crash with this error message:

“Exception has been thrown by the target of an invocation.”

.NET Core 1.0 was released on June 27, 2016 and .NET Core 1.1 was released on November 16, 2016. As an LTS release, .NET Core 1.0 is supported for three years. .NET Core 1.1 fits into the same support timeframe as .NET Core 1.0. .NET Core 1.0 and 1.1 will reach end of life and go out of support on June 27, 2019, three years after the initial .NET Core 1.0 release.

After June 27, 2019, .NET Core patch updates will no longer include updated packages or container images for .NET Core 1.0 and 1.1. You should plan your upgrade from .NET Core 1.x to .NET Core 2.1 or 2.2 now.

Upgrade to .NET Core 2.1

The supported upgrade path for .NET Core 1.x applications is via .NET Core 2.1 or 2.2. Instructions for upgrading can be found in the following documents:

• Migrate to .NET Core 2.1
• Migrate to ASP.NET Core 2.1

Note: The migration documents are written for .NET Core 2.0 to 2.1 migration, but equally apply to .NET Core 1.x to 2.1 migration.

.NET Core 2.1 is a long-term support (LTS) release. We recommend that you make .NET Core 2.1 your new standard for .NET Core development, particularly for apps that are not updated often.

.NET Core 2.0 has already reached end-of-life, as of October 1, 2018. It is important to migrate applications to at least .NET Core 2.1.

Microsoft Support Policy

Microsoft has a published support policy for .NET Core. It includes policies for two release types: LTS and Current.

.NET Core 1.0, 1.1 and 2.1 are LTS releases. .NET Core 2.0 and 2.2 are Current releases.

• LTS releases are designed for long-term support. They included features and components that have been stabilized, requiring few updates over a longer support release lifetime. These releases are a good choice for hosting applications that you do not intend to update.
• Current releases include new features that may undergo future change based on feedback. These releases are a good choice for applications in active development, giving you access to the latest features and improvements. You need to upgrade to later .NET Core releases more often to stay in support.

Both types of releases receive critical fixes throughout their lifecycle, for security, reliability, or to add support for new operating system versions. You must stay up to date with the latest patches to qualify for support.

The .NET Core Supported OS Lifecycle Policy defines which Windows, macOS and Linux versions are supported for each .NET Core release.

Today, we released the February 2019 Preview of Quality Rollup.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR

• Addresses an issue in System.Threading.Timer where a single global queue that was protected by a single process-wide lock causing a issues with scalability where Timers are used frequently on multi-CPU machine.  The fix can be opted into with an AppContext switch below.  See instructions for enabling the switch.  [750048]
  • Switch name: Switch.System.Threading.UseNetCoreTimer
  • Switch value to enable: true
    Don’t rely on applying the setting programmatically – the switch value is read only once per AppDomain at the time when the System.Threading.Timer type is loaded.

SQL

• Addresses an issue that caused compatibility breaks seen in some System.Data.SqlClient usage scenarios. [721209]

WPF

• Improved the memory allocation and cleanup scheduling behavior of the weak-event pattern.   The fix can be opted into with an AppContext switch below.  See instructions for enabling the switch.  [676441]
  • Switch name: Switch.MS.Internal.EnableWeakEventMemoryImprovements
  • Switch name: Switch.MS.Internal.EnableCleanupSchedulingImprovements
  • Switch value to enable: true

Getting the Update

The Preview of Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10 update 1607, Windows 10 update 1703, Windows 10 update 1709 and Windows update 1803, the .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+ versions.

The following table is for earlier Windows and Windows Server versions.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

• February 2019 Security and Quality Rollup
• January 22, 2018 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
• January 2019 Preview of Quality Rollup
• January 2019 Security and Quality Rollup

We are getting closer to the final version now! This release includes several accessibility, performance and reliability fixes across the major framework libraries. We will continue to stabilize this release and take more fixes over the coming weeks and we would greatly appreciate it if you could help us ensure Build 3734 is a high-quality release by trying it out and providing feedback on the new features via the .NET Framework Early Access GitHub repository.

Supported Windows Client versions: Windows 10 version 1809, Windows 10 version 1803, Windows 10 version 1709, Windows 10 version 1703, Windows 10 version 1607, Windows 8.1, Windows 7 SP1

Supported Windows Server versions: Windows Server 2019, Windows Server version 1803, Windows Server version 1709, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 SP1

This build includes an updated .NET 4.8 runtime as well as the .NET 4.8 Developer Pack (a single package that bundles the .NET Framework 4.8 runtime, the .NET 4.8 Targeting Pack and the .NET Framework 4.8 SDK). Please note: this build is not supported for production use.

Next steps:
To explore the new build, download the .NET 4.8 Developer Pack. Instead, if you want to try just the .NET 4.8 runtime, you can download either of these:

• .NET 4.8 Web Installer – requires an internet connection during installation
• .NET 4.8 Offline installer – can be downloaded and installed later in a disconnected state

You can checkout the fixes included in this preview build or if you would like to see the complete list of improvements in 4.8 so far, please go here.

.NET Framework build 3734 is also included in the next update for Windows 10. You can sign up for Windows Insiders to validate that your applications work great on the latest .NET Framework included in the latest Windows 10 releases.

Thanks!

The post Announcing .NET Framework 4.8 Early Access Build 3734 appeared first on .NET Blog.

.NET Core 1.0 was released on June 27, 2016 and .NET Core 1.1 was released on November 16, 2016. As an LTS release, .NET Core 1.0 is supported for three years. .NET Core 1.1 fits into the same support timeframe as .NET Core 1.0. .NET Core 1.0 and 1.1 will reach end of life and go out of support on June 27, 2019, three years after the initial .NET Core 1.0 release.

After June 27, 2019, .NET Core patch updates will no longer include updated packages or container images for .NET Core 1.0 and 1.1. You should plan your upgrade from .NET Core 1.x to .NET Core 2.1 or 2.2 now.

Upgrade to .NET Core 2.1

The supported upgrade path for .NET Core 1.x applications is via .NET Core 2.1 or 2.2. Instructions for upgrading can be found in the following documents:

• Migrate to .NET Core 2.1
• Migrate to ASP.NET Core 2.1

Note: The migration documents are written for .NET Core 2.0 to 2.1 migration, but equally apply to .NET Core 1.x to 2.1 migration.

.NET Core 2.1 is a long-term support (LTS) release. We recommend that you make .NET Core 2.1 your new standard for .NET Core development, particularly for apps that are not updated often.

.NET Core 2.0 has already reached end-of-life, as of October 1, 2018. It is important to migrate applications to at least .NET Core 2.1.

Microsoft Support Policy

Microsoft has a published support policy for .NET Core. It includes policies for two release types: LTS and Current.

.NET Core 1.0, 1.1 and 2.1 are LTS releases. .NET Core 2.2 is a Current releases.

• LTS releases are designed for long-term support. They included features and components that have been stabilized, requiring few updates over a longer support release lifetime. These releases are a good choice for hosting applications that you do not intend to update.
• Current releases include new features that may undergo future change based on feedback. These releases are a good choice for applications in active development, giving you access to the latest features and improvements. You need to upgrade to later .NET Core releases more often to stay in support.

Both types of releases receive critical fixes throughout their lifecycle, for security, reliability, or to add support for new operating system versions. You must stay up to date with the latest patches to qualify for support.

The .NET Core Supported OS Lifecycle Policy defines which Windows, macOS and Linux versions are supported for each .NET Core release.

The post .NET Core 1.0 and 1.1 will reach End of Life on June 27, 2019 appeared first on .NET Blog.

Today, we released the February 2019 Preview of Quality Rollup.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR

• Addresses an issue in System.Threading.Timer where a single global queue that was protected by a single process-wide lock causing a issues with scalability where Timers are used frequently on multi-CPU machine.  The fix can be opted into with an AppContext switch below.  See instructions for enabling the switch.  [750048]
  • Switch name: Switch.System.Threading.UseNetCoreTimer
  • Switch value to enable: true
    Don’t rely on applying the setting programmatically – the switch value is read only once per AppDomain at the time when the System.Threading.Timer type is loaded.

SQL

• Addresses an issue that caused compatibility breaks seen in some System.Data.SqlClient usage scenarios. [721209]

WPF

• Improved the memory allocation and cleanup scheduling behavior of the weak-event pattern.   The fix can be opted into with an AppContext switch below.  See instructions for enabling the switch.  [676441]
  • Switch name: Switch.MS.Internal.EnableWeakEventMemoryImprovements
  • Switch name: Switch.MS.Internal.EnableCleanupSchedulingImprovements
  • Switch value to enable: true

Getting the Update

The Preview of Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10 update 1607, Windows 10 update 1703, Windows 10 update 1709 and Windows update 1803, the .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+ versions.

The following table is for earlier Windows and Windows Server versions.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

• February 2019 Security and Quality Rollup
• January 22, 2018 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
• January 2019 Preview of Quality Rollup
• January 2019 Security and Quality Rollup

The post .NET Framework February 2019 Preview of Quality Rollup appeared first on .NET Blog.

As we get closer to the final version, our efforts are focused on stabilizing the release over the coming weeks. Please keep up the support by trying out our latest preview 3745 and provide any feedback you may have for the build or for .NET 4.8 overall, via the .NET Framework Early Access GitHub repository.

Supported Windows Client versions: Windows 10 version 1809, Windows 10 version 1803, Windows 10 version 1709, Windows 10 version 1703, Windows 10 version 1607, Windows 8.1, Windows 7 SP1

Supported Windows Server versions: Windows Server 2019, Windows Server version 1803, Windows Server version 1709, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2 SP1

This build includes an updated .NET 4.8 runtime as well as the .NET 4.8 Developer Pack (a single package that bundles the .NET Framework 4.8 runtime, the .NET 4.8 Targeting Pack and the .NET Framework 4.8 SDK). Please note: this build is not supported for production use.

Next steps:
To explore the new build, download the .NET 4.8 Developer Pack. Instead, if you want to try just the .NET 4.8 runtime, you can download either of these:

• .NET 4.8 Web Installer – requires an internet connection during installation
• .NET 4.8 Offline installer – can be downloaded and installed later in a disconnected state

You can checkout the fixes included in this preview build or if you would like to see the complete list of improvements in 4.8 so far, please go here.

This preview build is also included in the next update for Windows 10. You can sign up for Windows Insiders to validate that your applications work great on the latest .NET Framework included in the latest Windows 10 releases.

Thanks!

The post Announcing .NET Framework 4.8 Early Access Build 3745 appeared first on .NET Blog.

The post Microsoft’s Developer Blogs are Getting an Update appeared first on .NET Blog.

In this post, I will describe how to port a desktop application from .NET Framework to .NET Core. I picked a WinForms application as an example. Steps for WPF application are similar and I’ll describe what needs to be done different for WPF as we go.

The post How to port desktop applications to .NET Core 3.0 appeared first on .NET Blog.

Starting with Visual Studio 2019 Preview 4, we’ll be adjusting how C# versions are treated in .NET tooling.

Summary of changes

Firstly, we’re adding two new Language Version (LangVersion) values: LatestMajor and Preview. Here’s how they stack up with the currently supported list of values:

When no LangVersion is specified, the default meaning is now determined by the target framework of your project. When you target a preview framework that also has a corresponding preview C# version, that preview version is the default. If you do not target a preview framework, then Latest is chosen.

Experience when C# 8.0 is in preview

The following scenarios explain how the default C# version will be interpreted while C# 8.0 is still in preview.

Targeting netcoreapp3.0 preview or netstandard2.1 preview

The default language version chosen in this scenario is Preview. The C# 8.0 features you have access to are based entirely on the version of the compiler (and thus the .NET SDK) that you are using. As you use future previews, you may get more (or slightly tweaked) features. When you build a project, the .NET SDK will emit a warning that this is all still in preview.

Targeting .NET Framework

The default language version chosen in this scenario is Latest. Any use of a C# 8.0 feature is a compile error. Visual Studio tooling will prompt you with a quick fix that can change the language version for the project or solution when one of these errors is encountered. Because some features require underlying types or runtime features that are not available on .NET Framework, such as Default Interface Members, you may still get an error for those features when targeting .NET Framework.

Multi-targeting netcoreapp3.0 preview or netstandard2.1 preview and .NET Framework

For the netcoreapp3.0/netstandard2.1 preview targets, the language version is Preview. A warning is emitted on build from the .NET SDK. For the .NET Framework target, the language version is Latest.

Explicit LangVersion is used

If you explicitly set a LangVersion value, that will be respected and the previously mentioned default behavior is ignored.

Experience when C# 8.0 and .NET Core 3.0 are GA

Eventually, C# 8.0 and .NET Core 3.0 will ship in a GA-quality release. Here’s what the relevant LangVersion values will map to at that time:

Projects that do not specify a LangVersion will be treated as if they are Latest when C# 8.0 is GA.

If you created a project for C# 8.0 preview targeting .NET Core 3.0 preview or .NET Standard 2.1 preview, and also did not specify a LangVersion, it will be as if Latest is chosen. You will not be opted into Preview under any scenario once C# 8.0 and .NET Core 3.0 are GA.

At the time of writing, there is no plan for a preview of C# when C# 8.0 is GA. Eventually, a preview will ship and we’ll have a blog post explaining it.

Rationale

Up until this point, the default C# version used in Visual Studio was equivalent to LatestMajor. This has been problematic for two reasons:

1. C# now evolves between Visual Studio release cycles, but new projects in Visual Studio would still default to an older version of C#.
2. C# 8.0 preview is a better choice for projects that target .NET Core 3.0 preview, but there was no way to make it a default without also making it the default for projects that weren’t targeting .NET Core 3.0 preview.

More generally, as we evolve C# and continue to release more features that align with a future .NET Core version, we want to make sure that you can use these features as seamlessly as possible. This also allows you to use features earlier in their development lifecycle, increasing the window of time that actionable feedback on a feature could influence its design.

Support and compatibility for preview features

The way to think about support is also a bit different. To allow the use of C# 8.0 preview features within a released Visual Studio 2019, support and compatibility concerns are distinguished by preview vs. released features:

• Any C# 7.3 and lower feature or behavior is fully supported and fully compatible. No change from what currently exists today.
• Any C# 8.0 preview feature is unsupported.
• There is no compatibility guarantee from one C# 8.0 preview to another.

In short, if you use C# 8.0 preview in Visual Studio 2019, some features and behavior may change between now and when C# 8.0 fully releases.

Happy hacking!

The post An update to C# versions and C# tooling appeared first on .NET Blog.

Today, March 1, we released the February 2019 Cumulative Update for Windows 10 version 1809 and Windows Server 2019.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR

• Addresses an issue in System.Threading.Timer where a single global queue that was protected by a single process-wide lock causing a issues with scalability where Timers are used frequently on multi-CPU machine. The fix can be opted into with an AppContext switch below. See instructions for enabling the switch. [750048]
  • Switch name: Switch.System.Threading.UseNetCoreTimer
  • Switch value to enable: true
    Don’t rely on applying the setting programmatically – the switch value is read only once per AppDomain at the time when the System.Threading.Timer type is loaded.

SQL

• Addresses an issue that caused compatibility breaks seen in some System.Data.SqlClient usage scenarios. [721209]

Winforms

• Addresses an issue in .NET 3.5 Windows Forms applications that may not be able to render the application UI and, instead, render a white screen that contains a red “X” symbol. Additionally, it addresses a double prompt for file save dialogue and folder browser dialogue.” [676441]

WPF

• Improved the memory allocation and cleanup scheduling behavior of the weak-event pattern. The fix can be opted into with an AppContext switch below. See instructions for enabling the switch. [676441]
  • Switch name: Switch.MS.Internal.EnableWeakEventMemoryImprovements
  • Switch name: Switch.MS.Internal.EnableCleanupSchedulingImprovements
  • Switch value to enable: true

Getting the Update

The Preview of Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10 update 1809, the .NET Framework updates are part of the Windows 10 .NET Framework Cumulative Update.

Previous Monthly Rollups

The last few .NET Framework Cumulative updates are listed below for your convenience:

• February 2019 Security and Quality Rollup
• January 22, 2018 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
• January 2019 Security and Quality Rollup

The post .NET Framework March 1, 2019 Cumulative Update for Windows 10 version 1809 and Windows Server 2019 appeared first on .NET Blog.

Introduction

In recent years, containerization has gained popularity in DevOps due to its valuable capacities, including more efficient resource utilization and better agility. Microsoft and Docker have been working together to create a great experience for running .NET applications inside containers. See the following blog posts for more information:

• Using .NET and Docker Together
• Using .NET and Docker Together – DockerCon 2018 Update

When there’s a performance problem, analyzing the problem often requires detailed information about what was happening at the time. Perfcollect is the recommended tool for gathering .NET Core performance data on Linux. The .NET Team introduced EventPipe feature in .NET Core 2.0 and has been continuously improving the usability of the feature for the end users. The goal of EventPipe is to make it very easy to profile .NET Core applications.

However, currently EventPipe has limitations:

• Only the managed parts of call stacks are collected. If a performance issue is in native code, or in the .NET Core runtime it can only trace it to the boundary.
• it does not work for earlier versions of .NET Core.

In these cases perfcollect is still the preferred tools. Containers bring challenges in using perfcollect. There are several ways to use perfcollect to gather performance traces .NET Core application running in a Linux container, each has its cons:

• Collecting from the host
  • Process Ids and file system in the host don’t match those in the containers.
  • perfcollect cannot find container’s files under host paths (what is /usr/share/dotnet/?)
  • Some container operating systems (for example, CoreOS) don’t support installing common packages/tools, for examples, linux-tools and lttng which are required by perfcollect tool.
• Collecting from the container running the application.
  • Installation of profiling tools bloat the container and increase the attack surface.
  • Profiling affects the application performance in the same container (for example, its resource consumption is counted against quota).
  • perf tool needs capabilities to run from a container, which defeats the security features of containers.
• Collecting from another “sidecar” container running on the same host.
  • Possible environment mismatches between sidecar container and application container.

Tim Gross published a blog post on debugging python containers in production. His approach is to run tools inside another (sidecar) container on the same host as the application container. The idea can be applied to profiling/debugging .NET Core Linux containers. This approach has the following benefits:

• Application containers don’t need elevated privileges.
• Application container images remain mostly unchanged. They are not bloated by tool packages that are not required to run applications.
• Profiling doesn’t consume application container resources, which are usually throttled by a quota.
• Sidecar container can be built as close to the application container as possible, so tools used by perfcollect, such as crossgen and objcopy, could operate on files of the same versions at the same paths, even they are in different containers.

This article only describes the manual/one-off performance investigation scenario. However, with additional effort the approach could work in an automated way and/or under an orchestrator. See this tutorial for an example on profiling with a sidecar container in a Kubernetes environment.

Note: tracing .NET Core events using LTTng is not supported in this sidecar approach due to how LTTng works (using shared memory and CPU buffer) so this approach cannot be used to collect events from the .NET Core runtime.

The rest of this doc gives a step-by-step guide of using a sidecar container to collect CPU trace of an ASP.NET application running in a Linux container.

Building Container Images

1. We use a single Dockerfile and the multi-stage builds feature introduced in Docker 17.05 to build the application and sidecar container images.
   The sample project used is the output of dotnet new webapi. A dotnet restore step is used to download matching version of crossgen from nuget.org. This step is just a convenient way to download matching crossgen. It does adds time to the docker build process. If this becomes a concern, there are other ways to add crossgen too, for example, copying a pre-downloaded version from a cached location. However, we must ensure that the cached crossgen is from the same version of the .NET Core runtime because crossgen doesn’t always work properly across versions. In the future, the .NET team might make improvements in this area to make the experience better, for example, shipping a stable crossgen tool that works across different versions.In the example, the most important packages are:
   • linux-tools,
   • lttng-tools,
   • liblttng-ust-dev,
   • zip,
   • curl,
   • binutils (for objcopy/objdump commands),
   • procps (for ps command).

   The perfcollect script is downloaded and saved to /tools directory. Other tools (gdb/vim/emacs-nox/etc.) can be installed as needed for diagnosing and debugging purposes.

2. Build the application image with the following command:

   user@host ~/project/webapi $ docker build . --target application -f Dockerfile -t application

3. Build the sidecar image with the following command:

   user@host ~/project/webapi $ docker build . --target sidecar -f Dockerfile -t sidecar

Running Docker Containers

4. Use a shared docker volume for /tmp.The Linux perf tool needs to access the perf*.map files that are generated by the .NET Core application. By default, containers are isolated thus the *.map files generated inside the application container are not visible to perf tool running inside of the sidecar container. We need to make these *.map files available to perf tool running inside the sidecar.In this example, a shared docker volume is mapped to the /tmp directory of both the application container and the sidecar container. Since both of their /tmp directories are backed by the same volume, the sidecar container can access files written into the tmp directory by the application container.Run the application container with a name (application in this example) since it’s easier to refer to the container using its name. Map the /tmp folder to a volume named shared-tmp. Docker will create the volume if it does not exist yet.

   user@host ~/project/webapi $ docker run -p 80:80 -v shared-tmp:/tmp --name application application

   Volume mount might not be desirable in some cases. Another option is to run the application container without the -v options and then use docker cp commands to copy the /tmp/perf*.map files from the running application container to the running sidecar container’s /tmp folder before starting the perfcollect tool.

5. Run the sidecar using the pid and net namespaces of the application container, and with /tmp mapped to the same host folder for tmp. Give this container a name (sidecar in this example).Linux namespaces isolate containers and make resources they are using invisible to other containers by default, however we can make docker containers to share namespaces using the options like --pid, --net, etc. Here’s a wiki link to read more about Linux namespaces.The following command lets the sidecar container share the same pid and net namespaces with the application container so that it is allowed to debug or profile processes in the application container from the sidecar container. The --cap-add ALL --privileged switches grant the sidecar container permissions to collect performance traces.

   user@host ~/project/webapi $ docker run -it --pid=container:application --net=container:application -v shared-tmp:/tmp --cap-add ALL --privileged --name sidecar sidecar

Collection CPU Performance Traces

6. Inside the sidecar container, collect CPU traces for the dotnet process (or your .NET Core application process if it is published as self-contained), which usually has PID of 1, but may vary depending on what else you are running in the application container before running the application.

   root@7eb78f190ed7:/tools# ps -aux

   Output should be similar to the following:

   USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
   root          1  1.1  0.5 7511164 82576 pts/0   SLsl+ 18:25   0:03 dotnet webapi.dll
   root        104  0.0  0.0  18304  3332 pts/0    Ss   18:28   0:00 bash
   root        198  0.0  0.0  34424  2796 pts/0    R+   18:31   0:00 ps -aux

   In this example, the dotnet process has PID of 1 so when running the perfcollect script, pass the PID of the 1 to the -pid option.

   root@7eb78f190ed7:/tools# ./perfcollect collect sample -nolttng -pid 1

   By using the -pid 1 option perfcollect only captures performance data for the dotnet process. Remove the -pid option to collect performance data for all processes.

   Now generate some requests to the webapi service so that it is consuming CPU. This can be done manually using curl, or with load testing tool like Apache Benchmarking from another machine.

   user@another-host ~/test $ ab -n 200 -c 10 http://10.1.0.4/api/values

   Press Ctrl+C to stop collecting after the service has processed some requests.

7. After collection is stopped, view the report using the following command:

   root@7eb78f190ed7:/tools# ./perfcollect view sample.trace.zip

8. Verify that the trace includes the map files by listing contents in the zip file.

   root@7eb78f190ed7:/tools# unzip -l sample.trace.zip

   You should see perf-1.map and perfinfo-1.map in the zip, along with other *.maps files.

   If anything went wrong during the collection, check out perfcollect.log file inside the zip for more details.

   root@7eb78f190ed7:/tools# unzip sample.trace.zip sample.trace/perfcollect.log
   root@7eb78f190ed7:/tools# tail -100 sample.trace/perfcollect.log

   Messages like the following near the end of the log file indicate that you hit a known issue. Please check out the Potential Issues section for a workaround.

   Running /usr/bin/perf_4.9 script -i perf.data.merged -F comm,pid,tid,cpu,time,period,event,ip,sym,dso,trace > perf.data.txt
   'trace' not valid for hardware events. Ignoring.
   'trace' not valid for software events. Ignoring.
   'trace' not valid for unknown events. Ignoring.
   'trace' not valid for unknown events. Ignoring.
   Samples for 'cpu-clock' event do not have CPU attribute set. Cannot print 'cpu' field.
   
   Running /usr/bin/perf_4.9 script -i perf.data.merged -f comm,pid,tid,cpu,time,event,ip,sym,dso,trace > perf.data.txt
     Error: Couldn't find script `comm,pid,tid,cpu,time,event,ip,sym,dso,trace'
   
    See perf script -l for available scripts.

9. On the host, retrieve the trace from the running sidecar container.

   user@host ~/project/webapi $ docker cp sidecar:/tools/sample.trace.zip ./

10. Transfer the trace from the host machine to a Windows machine for further investigation using PerfView.PerfView supports analyzing perfcollect traces from Linux. Open sample.trace.zip then follow the usual workflow of working with PerfView.
    For more information on analyzing CPU traces from Linux using PerfView, see this blog post and Channel 9 series by Vance Morrison.

Potential Issues

• In some configurations, the collected cpu-clock events don’t have the cpu field. This causes a failure at the ./perfcollect collect step when the script tries to merge trace data. Here is a workaround:Open perfcollect in an editor, find the line that contains “-F” (capital F), then remove “cpu” from the $perfcmd lines:

  LogAppend "Running $perfcmd script -i $mergedFile -F comm,pid,tid,time,period,event,ip,sym,dso,trace > $outputDumpFile"
  $perfcmd script -i $mergedFile -F comm,pid,tid,time,period,event,ip,sym,dso,trace > $outputDumpFile 2>>$logFile
  LogAppend

  After applying the workaround and collecting the traces, be aware of a known PerfView issue when viewing the traces whose cpu field is missing. This issue has been fixed already and will be available in the future releases of PerfView.

• If there are problems resolving .NET symbols, you can also use two additional settings. Note that this affects the application start-up performance.

  COMPlus_ZapDisable=1
  COMPlus_ReadyToRun=0

  Setting COMPlus_ZapDisabl=1 tells the .NET Core runtime to not use the precompiled framework code. All the code will be Just-in-Time compiled thus crossgen is no longer needed, which means the steps to run dotnet restore -r linux-x64 and copy crossgen in the Dockerfile can be removed. For more details, check out the relevant section at Performance Tracing on Linux.

Conclusion

This document describes a sidecar approach to collect CPU performance trace for .NET Core application running inside of a container. The step-by-step guide here describes a manual/on-demand investigation. However, most of steps above may be automated by container orchestrator or infrastructure.

References and Useful Links

1. Linux Container Performance Analysis, talk by Brendan Gregg, inventor of FlameGraph
2. Examples and hands-on labs for Linux tracing tools workshops by Sasha Goldshtein goldshtn/linux-tracing-workshop.
3. Debugging and Profiling .NET Core Apps on Linux, slides from Sasha Goldshtein assets.ctfassets.net/9n3x4rtjlya6/1qV39g0tAEC2OSgok0QsQ6/fbfface3edac8da65fd380cc05a1a028/Sasha-Goldshtein_Debugging-and-profiling-NET-Core-apps-on-Linux.pdf
4. Debugging Python Containers in Production http://blog.0x74696d.com/posts/debugging-python-containers-in-production
5. perfcollect source code dotnet/corefx-tools:src/performance/perfcollect/perfcollect@master
6. Documentation on Performance Tracing on Linux for .NET Core. dotnet/coreclr:Documentation/project-docs/linux-performance-tracing.md@master
7. PerfView tutorials on Channel9 channel9.msdn.com/Series/PerfView-Tutorial

The post Collecting .NET Core Linux Container CPU Traces from a Sidecar Container appeared first on .NET Blog.

Starting back with the .NET Core 2.1 release, we were making iterative improvements to the floating-point parsing and formatting code in .NET Core. Now, in .NET Core 3.0 Preview 3, we are nearing completion of this work and would like to share more details about these changes and some of the differences you might see in your applications.

The primary goals of this work were to ensure correctness and standards compliance with IEEE 754-2008. For those unfamiliar with the standard, it defines the underlying format, base operations, and behaviors for binary floating-point types such as System.Single (float) and System.Double (double). The majority of modern processors and programming languages support some version of this standard, so it is important to ensure it is implemented correctly. The standard does not impact the integer types, such as System.Int32 (int), nor does it impact the other floating-point types, such as System.Decimal (decimal).

Initial Work

We started with parsing changes, as part of the .NET Core 2.1 release. Initially, this was just an attempt to fix a perf difference between Windows and Unix and was done by @mazong1123 in dotnet/coreclr#12894, which implements the Dragon4 algorithm. @mazong1123 also made a follow up PR which improved perf even more by implementing the Grisu3 algorithm in dotnet/coreclr#14646. However, in reviewing the code we determined that existing infrastructure had a number of issues that prevented us from always doing the right thing and that it would require significantly more work to make correct.

Porting to C#

The first step in fixing these underlying infrastructure issues was porting the code from native to managed. We did this work in dotnet/coreclr#19999 and dotnet/coreclr#20080. The result was we made the code more portable, allowed it to be shared with the other frameworks/runtimes (such as Mono and CoreRT), made it possible to easily debug the code with the .NET Debugger, and made it available through SourceLink.

Making the parser IEEE compliant

We did some additional cleanup in dotnet/coreclr#20619 by removing various bits of duplicated code that was shared between the different parsers. Finally, we made the double and float parsing logic mostly IEEE compliant in dotnet/coreclr#20707 and this made available in the first .NET Core 3.0 Preview.

These changes fixed three primary issues:

• dotnet/coreclr#1316
• dotnet/coreclr#16783
• dotnet/coreclr#17467

The fixes ensured that double.Parse/float.Parse would return the same result as the C#, VB, or F# compiler for the corresponding literal value. Producing the same result as the language compilers is important for determinism of runtime and compile time expressions. Up until the change, this was not the case.

To elaborate, every floating-point value requires between 1 and X significant digits (i.e. all digits that are not leading or trailing zeros) in order to roundtrip the value (that is, in order for double.Parse(value.ToString()) to return exactly value). This is at most 17 digits for double and at most 9 digits for float. However, this only applies to strings that are first formatted from an existing floating-point value. When parsing from an arbitrary string, you may have to instead consider up to Y digits to ensure that you produce the “nearest” representable value. This is 768 digits for double and 113 digits for float. We have tests validating such strings parse correctly in RealParserTestsBase.netcoreapp.cs and dotnet/corefx#35701. More details on this can be found on Rick Regan’s Exploring Binary blog.

An example of such a string would be for double.Epsilon (which is the smallest value that is greater than zero). The shortest roundtrippable string for this value is only 5e-324, but the exact string (i.e. the string that contains all significant digits available in the underlying value) for this value is exactly 1074 digits long, which is comprised of 323 leading zeros and 751 significant digits. You then need one additional digit to ensure that the string is rounded in the correct direction (should it be exactly double.Epsilon or the smallest value that is greater than double.Epsilon).

Some additional minor cleanup was done in dotnet/coreclr#21036 to ensure that the remaining compliance issues were resolved. These ended up mostly about ensuring we handle Infinityand NaN case-insensitively and that we allowed an optional preceding sign.

Making the formatter IEEE 754-2008 compliant

The formatting code required more significant changes and was primarily done in dotnet/coreclr#22040 with some followup work fixing some remaining issues in dotnet/coreclr#22522.

These changes fixed 5 primary issues:

• dotnet/corefx#26785
• dotnet/coreclr#3313
• dotnet/coreclr#13106
• dotnet/coreclr#13615
• dotnet/coreclr#21272

These changes are expected to have the largest potential impact to existing code.

The summary of these changes is that (for double/float):

• ToString(), ToString("G"), and ToString("R") will now return the shortest roundtrippable string. This ensures that users end up with something that just works by default. An example of where it was problematic was Math.PI.ToString() where the string that was previously being returned (for ToString() and ToString("G")) was 3.14159265358979; instead, it should have returned 3.1415926535897931. The previous result, when parsed, returned a value which was internally off by 7 ULP (units in last place) from the actual value of Math.PI. This meant that it was very easy for users to get into a scenario where they would accidentally lose some precision on a floating-point value when the needed to serialize/deserialize it.
• For the "G" format specifier that takes a precision (e.g. G3), the precision specifier is now always respected. For double with precisions less than 15 (inclusive) and for float with precisions less than 6 (inclusive) this means you get the same string as before. For precisions greater than that, you will get up to that many significant digits, provided those digits are available (i.e. (1.0).ToString("G17") will still return 1 since the exact string only has one significant digit; but Math.PI.ToString("G20") will now return 3.141592653589793116, since the exact string contains at least 20 significant digits).
• For the "C", "E", "F", "N", and "P" format specifiers the changes are similar. The difference is that these format specifiers treat the precision as the number of digits after the decimal point, in contrast to "G" which treats it as the number of significant digits. The previous implementation had a bug where, for strings that contained more than 15 significant digits, it would actually fill in the remaining digits with zero, regardless of whether they appeared before or after the decimal point. As an example, (1844674407370955.25).ToString("F4")would previously return 1844674407370960.0000. The exact string, however, actually contains enough information to fill all the integral digits. With the changes made we instead fill out the available integral digits while still respecting the request for the 4 digits after the decimal point and instead return 1844674407370955.2500.
• For custom format strings, they have the same behavior as before and will only print up to 15 significant digits, regardless of how many are requested. Fixing this to support an arbitrary number of digits would require more work to support and hasn’t been done at this time.

Potential impact to existing code

When picking up .NET Core 3.0, it is expected that you may encounter some of the differences described in this post in your application or library code. The general recommendation is that the code be updated to handle these changes. However, this may not be possible in all cases and a workaround may be required. Focused testing for floating-point specific code is recommended.

For differences in parsing, there is no mechanism to fallback to the old behavior. There were already differences across various operating systems (i.e. Linux, Windows, macOS, etc) and architectures (i.e. x86, x64, ARM, ARM64, etc). The new logic makes all of these consistent and ensures that the result returned is consistent with the corresponding language literal.

For differences in formatting, you can get the equivalent behavior by:

• For ToString() and ToString("G") you can use G15 as the format specifier as this is what the previous logic would do internally.
• For ToString("R"), there is no mechanism to fallback to the old behavior. The previous behavior would first try “G15” and then using the internal buffer would see if it roundtrips; if that failed, it would instead return “G17”.
• For the "G" format-specifier that takes a precision, you can force precisions greater than 15 (exclusive) to be exactly 17. For example, if your code is doing ToString("G20") you can instead change this to ToString("G17").
• For the remaining format-specifiers that take a precision ("C", "E", "F", "N", and "P"), there is no mechanism to fallback to the old behavior. The previous behavior would clamp precisions greater than 14 (exclusive) to be 17 for "E" and 15 for the others. However, this only impacted the significant digits that would be displayed, the remaining digits (even if available) would be filled in as zero.

The post Floating-Point Parsing and Formatting improvements in .NET Core 3.0 appeared first on .NET Blog.

Today, we are announcing .NET Core 3.0 Preview 3. We would like to update you on the .NET Core 3.0 schedule and introduce you to improvements in .NET Core SDK installers, Docker containers, Range, and Index. We also have updates on the Windows Desktop and Entity Framework projects.

Download and get started with .NET Core 3 Preview 3 right now on Windows, macOS and Linux.

You can see complete details of the release in the .NET Core 3 Preview 3 release notes.

.NET Core 3.0 will be supported in Visual Studio 2019, Visual Studio for Mac and Visual Studio Code. A new C# extension update (install VSIX) has been produced with the latest C# compiler (aligned with .NET Core Preview 3 and Visual Studio 2019 Preview 4).

We recently published an update on Floating-Point Parsing and Formatting improvements in .NET Core 3.0. Please check out that post in you use floating APIs and associated mathematical operations.

Schedule

We have seen people asking questions about when .NET Core 3.0 will be released. They also want to know if .NET Core 3.0 will be included in Visual Studio 2019. Visual Studio 2019 RC was recently released, which is part of the motivation for the questions.

We plan to ship .NET Core 3.0 in the second half of 2019. We will announce the ship date at the Build 2019 conference.

Visual Studio 2019 will be released on April 2nd. .NET Core 2.1 and 2.2 will be included in that release, just like they have been in the Visual Studio 2019 preview builds. At the point of the final .NET Core 3.0 release, we’ll announce support for a specific Visual Studio 2019 update, and .NET Core 3.0 will be included in Visual Studio 2019 from that point on.

We’re tracking to shipping .NET Core 3.0 preview releases every month. By coincidence,the previews now align with the months. We’re releasing Preview 3 today and we’re in the third month. We hope to continue that pattern until the final release.

.NET Core SDK installers will now Upgrade in Place

For Windows, the .NET Core SDK MSI installers will start upgrading patch versions in place. This will reduce the number of SDKs that are installed on both developer and production machines.

The upgrade policy will specifically target .NET Core SDK feature bands. Feature bands are defined in hundreds groups in the patch section of the version number. For example, 3.0.101 and 3.0.201 are versions in two different feature bands while 3.0.101 and 3.0.199 are in the same feature band.

This means when .NET Core SDK 3.0.101 becomes available and is installed, .NET Core SDK 3.0.100 will be removed from the machine if it exists. When .NET Core SDK 3.0.200 becomes available and is installed on the same machine, .NET Core SDK 3.0.101 will not be removed. In that situation, .NET Core SDK 3.0.200 will still be used by default, but .NET Core SDK 3.0.101 (or higher .1xx versions) will still be usable if it is configured for use via global.json.

This approach aligns with the behavior of global.json, which allows roll forward across patch versions, but not feature bands of the SDK. Thus, upgrading via the SDK installer will not result in errors due to a missing SDK. Feature bands also align with side by side Visual Studio installations for those users that install SDKs for Visual Studio use.

We would like feedback on the approach we’ve taken for upgrading the .NET Core SDK in place. We considered a few different policies and chose this one because it is the most conservative. We’d also like to hear if it is important to build similar experience on macOS. For Linux, we use package managers, which have an existing upgrade-in-place behavior.

For more information, please check out:

• .NET Core versioning
• Remove .NET Core SDK versions

Docker and cgroup memory Limits

Many developers are packaging and running their application with containers. A key scenario is limiting a container’s resources such as CPU or memory. We implemented support for memory limits back in 2017. Unfortunately, we found that the implementation isn’t aggressive enough to reliably stay under the configured limits and applications are still being OOM killed when memory limits are set (particular <500MB). We are fixing that in .NET Core 3.0. Note that this scenario only applies if memory limits are set.

The Docker resource limits feature is built on top of cgroups, which a Linux kernel feature. From a runtime perspective, we need to target cgroup primitives.

You can limit the available memory for a container with the docker run -m argument, as shown in the following example that creates an Alpine-based container with a 4MB memory limit (and then prints the memory limit):

C:\>docker run -m 4mb --rm alpine cat /sys/fs/cgroup/memory/memory.limit_in_bytes
4194304

We concluded that the primary fix is to set a GC heap maximum significantly lower than the overall memory limit as a default behavior. In retrospect, this choice seems like an obvious requirement of our implementation. We also found that Java has taken a similar approach, introduced in Java 9 and updated in Java 10.

The following design summary describes the new .NET Core behavior (added in Preview 3) when cgroup limits are set:

• Default GC heap size: maximum of 20mb or 75% of the memory limit on the container
• Explicit size can be set as an absolute number or percentage of cgroup limit
• Minimum reserved segment size per GC heap is 16mb, which will reduce the number of heaps created on machines with a large number of cores and small memory limits

The GC change is the most critical part of our memory limits solution. It is also important to update BCL APIs to honor cgroup settings. Those changes are not included in Preview 3 but will come later. We’d appreciate feedback on which BCL APIs are most important to update first (another example).

Our focus in Preview 3 has been about making Docker limits work well for Linux containers. We’re do the same for Windows containers in upcoming previews.

Docker Publishing Update

Microsoft teams are now publishing container images to the Microsoft Container Registry (MCR). There are two primary reasons for this change:

• Syndicate Microsoft-provided container images to multiple registries, like Docker Hub and Red Hat.
• Use Microsoft Azure as a global CDN for delivering Microsoft-provided container images.

On the .NET team, we are now publishing all .NET Core images to MCR. We switched the .NET Core Nightly product repo to MCR 2-3 weeks ago. The .NET Core product repo has now been moved to publishing to MCR as well, and includes .NET Core 3.0 Preview 3. As you can see from these links (if you click on them), we continue to have “home pages” on Docker Hub. We intend for that to continue indefinitely. MCR does not offer such pages, but relies of public registries, like Docker Hub, to provide users with image-related information.

The links to our old repos, such as microsoft/dotnet and microsoft/dotnet-nightly now forward to the new locations. The images that existed at those locations still exists and will not be deleted.

We will continue servicing the floating tags in the old repos for the supported life of the various .NET Core versions. For example, 2.1-sdk, 2.2-runtime, and latest are examples of floating tags that will be serviced. A three-part version tag like 2.1.2-sdk will not be serviced, which was already the case.

We have deleted the 3.0 images in the old repos. We will only be supporting .NET Core 3.0 images in MCR and want to make sure that everyone realizes that MCR is the correct place to pull those images, and transitions to using MCR immediately.

For example, the correct tag string to pull the 3.0 SDK image now looks like the following:

mcr.microsoft.com/dotnet/core/sdk:3.0

The new MCR string will be used with both docker pull and in Dockerfile FROM statements.

This tag string previously looked like the following:

microsoft/dotnet:3.0-sdk

See Publishing .NET Core images to Microsoft Container Registry (MCR) for more information.

Index and Range

Index and Range types were introduced in Preview 1 to support the new C# 8.0 compiler index and range syntax (e.g. array[^10] and array[3..10]). We have polished these types for Preview 3 and added some more APIs to enable using Index and Range with some other types (e.g. String, [Readonly]Span<T>, [Readonly]Memory<T> and Array).

These changes enable the following syntax and scenarios:

// start with int[]
int[] nums = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int lastNum = nums[^1]; // 10
int[] subsetNums = nums[2..6]; // {3, 4, 5, 6}

// Create a Memory<int> using arrayofNums as input
// Create no-copy slices of the array
Memory<int> numbers = nums;
Memory<int> lastTwoNums = numbers.Slice(^2); // {9, 10}
Memory<int> middleNums = numbers.Slice(4..8); // {5, 6, 7, 8}

// Create a substring using a range
string myString = "0123456789ABCDEF";
string substring = myString[0..5]; // "01234"

// Create a Memory<char> using a range
ReadOnlyMemory<char> myChars = myString.AsMemory();
ReadOnlyMemory<char> firstChars = myChars[0..5]; // {'0', '1', '2', '3', '4'}

// Get an offset with an Index
Index indexFromEnd = Index.FromEnd(3); // equivalent to [^3]
int offsetFromLength = indexFromEnd.GetOffset(10); // 7
int value = nums[offsetFromLength]; // 8

// Get an offset with a Range
Range rangeFromEnd = 5..^0;
(int offset, int length) = rangeFromEnd.GetOffsetAndLength(10); // offset = 5, length = 5
Memory<int> values = numbers.Slice(offset, length); // {6, 7, 8, 9, 10}

.NET Standard 2.1

This is the first preview that has support for authoring .NET Standard 2.1 libraries. By default, dotnet new classlib continues to create .NET Standard 2.0 libraries as we believe it gives you a better compromise between platform support and feature set. For example, .NET Standard 2.1 won’t be supported by .NET Framework.

In order to target .NET Standard 2.1, you’ll have to edit your project file and change the TargetFramework property to netstandard2.1:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>netstandard2.1</TargetFramework>
  </PropertyGroup>

</Project>

If you’re using Visual Studio, you’ll need Visual Studio 2019 as .NET Standard 2.1 won’t be supported in Visual Studio 2017.

As the version number illustrates, .NET Standard 2.1 is a minor increment over what was added with .NET Standard 2.0 (we added ~3000 APIs). Here are the key additions:

• Index and Range. This adds both, the types as well as the indexers on the core types, such as String, ArraySegment<T>, and Span<T>.
• IAsyncEnumerable<T>. This adds support for an async IEnumerable<T>. We don’t currently provide Linq-style extension methods but this gap is filled by the System.Linq.Async community project.
• Support for Span<T> and friends. This includes both, the span types, as well as the hundreds of helper methods across various types that accept and return spans (e.g. Stream).
• Reflection emit & capability APIs. This includes Reflection emit itself as well as two new properties on the RuntimeFeature class that allows you to check whether runtime code generation is supported at all (IsDynamicCodeSupported) and whether it’s compiled using a JIT or interpreted (IsDynamicCodeCompiled). This enables you to author .NET Standard libraries that can take advantage of dynamic code generation if available and fallback to other behavior when you run in environments that don’t have JIT and/or don’t have support for IL interpretation.
• SIMD. .NET had support for SIMD for a while now. We’ve leveraged them to speed up basic operations in the BCL, such as string comparisons. We’ve received quite a few requests to expose these APIs in .NET Standard as the functionality requires runtime support and thus cannot be provided meaningfully as a NuGet package.
• DbProviderFactories. In .NET Standard 2.0 we added almost all of the primitives in ADO.NET to allow O/R mappers and database implementers to communicate. Unfortunately, DbProviderFactories didn’t make the cut for 2.0 so we’re adding it now. In a nutshell, DbProviderFactories allows libraries and applications to utilize a specific ADO.NET provider without knowing any of its specific types at compile time, by selecting among registered DbProviderFactory instances based on a name, which can be read from, for example, configuration settings.
• General Goodness. Since .NET Core was open sourced, we’ve added many small features across the base class libraries such as System.HashCode for combining hash codes or new overloads on System.String. There are about 800 new members in .NET Core and virtually all of them got added in .NET Standard 2.1.

For more details on all the API additions and platform support, check out .NET Standard version table on GitHub.

F# Update

We added the following for F# in Preview 3.

• F# 4.6 (Preview) (in the SDK)
• dotnet fsi (Preview) command

F# 4.6

• Anonymous Record support
• FSharp.Core additions
  • ValueOption function parity with Option
  • tryExactlyOne function for List, Array, and Seq

Learn more at Announcing F# 4.6 Preview.

dotnet fsi preview

F# interactive as a pure .NET Core application:

dotnet fsi --readline

Microsoft (R) F# Interactive version 10.4.0 for F# 4.6
Copyright (c) Microsoft Corporation. All Rights Reserved.

For help type #help;;

> let lst = [ 1; 2; 3; 4; 5];;
val lst : int list = [1; 2; 3; 4; 5]

> let squares = lst |> List.map (fun x -> x * x);;
val squares : int list = [1; 4; 9; 16; 25]

> let sumOfSquares = lst |> List.sumBy (fun x -> x * x);;
val sumOfSquares : int = 55

Has basic colorization of F# types (thanks to Saul Rennison):

AssemblyDependencyResolver

AssemblyDependencyResolver is a key component of dynamically loading assemblies.  Given .NET Core’s binder does not do simple probing like ‘next to the assembly’. We added a mechanism to read a deps or flat directory at runtime and resolve assemblies.

So in the past, doing an AssemblyLoadContext.LoadAssemblyFromPath(“…”), would fail to find dependent assemblies.  But using the following works as expected with .NET Core 3.0:

var resolver = new AssemblyDependencyResolver(pluginPath);
var assemblyPath = resolver.ResolveAssemblyToPath(assemblyName);

See examples of this API in use.

DLLMap and Native image resolver events

These new capabilities enable a better experience with working with dynamically loaded native dependencies.

NativeLibrary provides an encapsulation for loading a native library (using the same load logic as .NET Core P/Invoke) and providing the relevant helper functions (getSymbol, etc.). See the following usage pattern:

NativeLibrary.Load(mappedName, assembly, dllImportSearchPath);

We provided callbacks on P/Invoke module load to allow for replacement at runtime. This is similar to what is available with the Mono runtime. This feature an application to dynamically target Windows and Linux without having to do #if and rebuild. See the following usage pattern:

NativeLibrary.SetDllImportResolver(assembly, MapAndLoad);

We added symmetric native library resolution APIs when modules are not found.   Previously this was not possible in the default load context, and required inheriting from a class and overriding a protected method.

AssemblyLoadContext.Default.ResolvingUnmanagedDll += HandlerFail;

We are in the process of adding samples for these new capabilities.

.NET Core Windows Desktop Project Update

We are continuing to make progress on the WPF and WinForms projects. We are still working on transitioning these code bases from a proprietary build system to an open source one, based on dotnet/arcade. We are coming to the tail end of this phase of the project and then expect that remaining parts of the WPF code base will be published afterwards, likely after Preview 4.

High DPI for Windows Forms Applications

As technology progresses, more varied display monitors are avaiable for purchase. Dots-per-inch (DPI), that used to always be 96 DPI, is no longer a constant value. With that comes a need to be able to set different DPI modes for desktop applications.

Before, the only way to set the DPI mode for your .NET Core WinForms application was via P/Invoke. In .NET Core Preview 3 we are adding the ability to get and set High DPI mode by adding the Application.SetHighDpiMode and Application.HighDpiMode.

The SetHighDpiMode method will set the corresponding High DPI mode unless the setting has been set by other means like App.Manifest or P/Invoke before Application.Run.

The possible HighDPIMode values, as expressed by the HighDpiMode enum are:

• DpiUnaware
• SystemAware
• PerMonitor
• PerMonitorV2
• DpiUnawareGdiScaled

To learn more about High DPI modes check out High DPI Desktop Application Development on Windows article.

Entity Framework Project Update

In the first 3 previews, the EF team has prioritized API and behavior changes that could cause existing applications to break when upgrading from previous versions. These changes are themselves designed to improve EF Core or to unblock further improvements. But it also means that many other changes, including sought-after new features planned for EF Core 3.0, together with the porting of EF6 to .NET Core, haven’t been completed yet.

Implementing architectural changes early in the release helps us maximize the opportunities to collect customer feedback, understand any unintended impact of the changes, and react accordingly.

You can expect to see more detailed announcements in this blog, as we make progress in the delivery of new features in upcoming previews.

In the meantime, you can visit What’s new in EF Core 3.0 in the product documentation to find more information about the new features planned for 3.0 as well as a detailed description of the breaking changes included so far.

Closing

Take a look at the .NET Core 3.0 Preview 1 and Preview 2 posts if you missed those. With this post, they describe the complete set of new capabilities that have been added so far with the .NET Core 3.0 release.

Thanks for trying out .NET Core 3.0. Please continue to give us feedback, either in the comments or on GitHub. We are listening carefully and will continue to make changes based on your feedback.

The post Announcing .NET Core 3 Preview 3 appeared first on .NET Blog.

ML.NET is an open-source and cross-platform machine learning framework (Windows, Linux, macOS) for .NET developers. Using ML.NET, developers can leverage their existing tools and skillsets to develop and infuse custom AI into their applications by creating custom machine learning models for common scenarios like Sentiment Analysis, Recommendation, Image Classification and more!.

Today we’re announcing the release of ML.NET 0.11. (ML.NET 0.1 was released at //Build 2018). This release, and all other remaining releases before the v1.0 release, will focus on the overall stability of the framework, continuing to refine the API, fix bugs, reduce the public API surface, and improve documentation and samples.

Updates in v0.11 timeframe

• Added additional ML components to the MLContext catalog, so it’s easier to find the classes and operations to use. Below you can see the experience based on IntelliSense.

• Support for text input in TensorFlowTransformer so you can use TensorFlow models for text analysis (in addition to images). For instance, the following code shows ML.NET scoring a TensorFlow model for a ‘sentiment analysis’ scenario:

public class TensorFlowSentiment
        {
            public string Sentiment_Text;
            [VectorType(600)]
            public int[] Features;
            [VectorType(2)]
            public float[] Prediction;
        }

        [TensorFlowFact]
        public void TensorFlowSentimentClassificationTest()
        {
            var mlContext = new MLContext(seed: 1, conc: 1);
            var data = new[] { new TensorFlowSentiment() { Sentiment_Text = "this film was just brilliant casting location scenery story direction everyone's really suited the part they played and you could just imagine being there robert  is an amazing actor and now the same being director  father came from the same scottish island as myself so i loved the fact there was a real connection with this film the witty remarks throughout the film were great it was just brilliant so much that i bought the film as soon as it was released for  and would recommend it to everyone to watch and the fly fishing was amazing really cried at the end it was so sad and you know what they say if you cry at a film it must have been good and this definitely was also  to the two little boy's that played the  of norman and paul they were just brilliant children are often left out of the  list i think because the stars that play them all grown up are such a big profile for the whole film but these children are amazing and should be praised for what they have done don't you think the whole story was so lovely because it was true and was someone's life after all that was shared with us all" } };
            var dataView = mlContext.Data.ReadFromEnumerable(data);

            var lookupMap = mlContext.Data.ReadFromTextFile(@"sentiment_model/imdb_word_index.csv",
                   columns: new[]
                   {
                        new TextLoader.Column("Words", DataKind.TX, 0),
                        new TextLoader.Column("Ids", DataKind.I4, 1),
                   },
                   separatorChar: ','
               );
               
            var estimator = mlContext.Transforms.Text.TokenizeWords("TokenizedWords", "Sentiment_Text")
                .Append(mlContext.Transforms.Conversion.ValueMap(lookupMap, "Words", "Ids", new[] { ("Features", "TokenizedWords") }));
            var dataPipe = estimator.Fit(dataView)
                .CreatePredictionEngine<TensorFlowSentiment, TensorFlowSentiment>(mlContext);

            string modelLocation = @"sentiment_model";
            var tfEnginePipe = mlContext.Transforms.ScoreTensorFlowModel(modelLocation, new[] { "Prediction/Softmax" }, new[] { "Features" })
                .Append(mlContext.Transforms.CopyColumns(("Prediction", "Prediction/Softmax")))
                .Fit(dataView)
                .CreatePredictionEngine<TensorFlowSentiment, TensorFlowSentiment>(mlContext);

            //Predict the sentiment for the sample data 
            var processedData = dataPipe.Predict(data[0]);
            Array.Resize(ref processedData.Features, 600);
            var prediction = tfEnginePipe.Predict(processedData);
        }

You can see additional code example details in this code

• ONNX updates: ONNX is an open and iteroperable model format that enables using models trained in one framework (i.e. scikit-learn, TensorFlow, xgboost, etc.) to use in another framework (like ML.NET).
  In ML.NET 0.11 Microsoft.ML.ONNX has been renamed to Microsoft.ML.ONNXConverter and Microsoft.ML.ONNXTransorm has been renamed to Microsoft.ML.ONNXTransformer to make the distinction between ONNX conversion and transformation clearer.

Breaking changes in ML.NET 0.11

For your convenience, if you are moving your code from ML.NET v0.10 to v0.11, you can check out the breaking changes list that impacted our samples.

Explore the community samples and share yours!

As part of the ML.NET Samples repo, we also have a special Community Samples page pointing to multiple samples provided by the community. These samples are not maintained by Microsoft, but they are very interesting and cover additional scenarios not covered by us.

Here’s a screenshot of the current Community Samples:

We encourage you to share your ML.NET demos and samples with the community by simply submitting a brief description and URL pointing to your GitHub repo or blog posts, into this repo issue “Request for your samples!”. We’ll do the rest and publish it at the ML.NET Community Samples page.

Planning to go to production?

If you are using ML.NET in your app and looking to go into production, you can talk to an engineer on the ML.NET team to:

• Get help implementing ML.NET successfully in your application.
• Provide feedback about ML.NET.
• Demo your app and potentially have it featured on the ML.NET homepage, .NET Blog, or other Microsoft channel.

Fill out this form and leave your contact information at the end if you’d like someone from the ML.NET team to contact you.

Get started!

If you haven’t already, get started with ML.NET here.

Next, explore further with some other resources:

• Tutorials and resources at the Microsoft Docs ML.NET Guide
• Code samples at the machinelearning-samples GitHub repo
• Important ML.NET concepts for understanding the new API are introduced here
• “How to” guides that show how to use these APIs for a variety of scenarios can be found here

We appreciate your feedback by filing issues with any suggestions or enhancements in the ML.NET GitHub repo to help us shape ML.NET and make .NET a great platform of choice for Machine Learning.

Thanks and happy coding with ML.NET!

-The ML.NET Team-

This blog was authored by Bri Achtman and Cesar de la Torre, plus additional contributions of the ML.NET team

The post Announcing ML.NET 0.11 – Machine Learning for .NET appeared first on .NET Blog.

Today, we are releasing the .NET Core March 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included reliability fixes.

• .NET Core 2.2.3 and .NET Core SDK 2.2.105 ( Download | Release Notes )
• .NET Core 2.1.9 and .NET Core SDK 2.1.505 ( Download | Release Notes )
• .NET Core 1.1.12 and .NET Core SDK 1.1.13 ( Download | Release Notes )
• .NET Core 1.0.15 and .NET Core SDK 1.1.13 ( Download | Release Notes )

Security

Microsoft Security Advisory CVE-2019-0657: .NET Core NuGet Tampering Vulnerability

A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.0.22 (.NET Core 1.0 and 1.1) and 15.9.9 (.NET Core 1.0, 1.1 and 2.1) updates, which is also releasing today. Choose Check for Updates in the Help menu.

See the .NET Core release notes ( 1.0.15 | 1.1.12 | 2.1.9 | 2.2.3 ) for details on the release including a issues fixed and affected packages.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

microsoft/dotnet
microsoft/dotnet-samples
microsoft/aspnetcore

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Azure App Services deployment

Deployment of these updates Azure App Services has been scheduled and they estimate the deployment will be complete by March 26, 2019.

The post .NET Core March 2019 Updates – 1.0.15, 1.1.12, 2.1.9 and 2.2.3 appeared first on .NET Blog.