The NGWS runtime relies on type-safe execution of application code to ensure that its security and isolation mechanisms are enforced. Code that is not verifiably type-safe is normally not allowed to run, although one can set policy to allow trusted, but unverifiable code, to execute.
The PEVerify utility is provided to assist developers generating IL (i.e., compiler writers, script engine developers, etc.) in determining whether their IL code and associated metadata meets type-safety verification requirements. PEVerify might also benefit application developers in validating the type-safety of their code prior to release if they are using tools that generate type-safe IL only if certain language constructs are avoided.
peverify Filename [options]
Option | Description |
---|---|
/IL | Perform IL type safety verification checks for methods implemented in the assembly denoted by Filename. Detailed descriptions for each problem found are returned unless the “-quiet” option is specified. (See Notes for current limitations.) |
/MD | Perform metadata validation checks on the file Filename. This walks the full metadata structure within the file, automatically enumerating all module components. It will report all validation problems encountered. (See Notes for current limitations.) |
/CLS | Perform CLS-compliance checks. (See Notes for current limitations.) |
/NOCLS | Do not perform CLS-compliance checks. |
/UNIQUE | Disregard repeating error codes. |
/HRESULT | Display error codes in hex format. |
/IGNORE=hex.code [, hex.code] | Ignore specified error codes. |
/IGNORE=@filename | Ignore error codes in specified file. |
/BREAK=maxErrorCount | Abort verification after maxErrorCount errors. |
/quiet | Suppress output of the verification problem reports. PEVerify will still report whether or not the file is type safe, but not information on problems preventing type safe verification. |
/CLOCK | Measure and report verification times. |
If neither /IL nor /MD are specified, peverify defaults to assuming both types of checks are desired. That is, peverify [Filename] is equivalent to peverify [Filename] /IL /MD.
peverify performs comprehensive IL verification checks based on dataflow analysis. Known limitations of verification include:
Metadata validation checks are only partially implemented for this release. The following is a list of conditions currently being checked:
// Metadata problems reported RID is out of range. Coded token type is out of range. Coded RID is out of range. String offset is invalid. GUID offset is invalid. Blob offset if invalid. Multiple module records found. Module has null MVID. TypeRef name is NULL. TypeRef has a duplicate. TypeDef name is NULL. TypeDef has a duplicate based on name+namespace. TypeDef has a duplicate based on GUID. TypeDef that's not an Interface and not System.Object extends NIL parent. System.Object extends a non-NIL parent. TypeDef extends sealed class. TypeDef is Deleted but not marked with RTSpecialName. TypeDef is marked RTSpecialName, but is not a Deleted record. TypeDef is an Enum but not a ValueType. TypeDef is marked both Abstract and Sealed. TypeDef is marked both Unmanaged and Nested. TypeDef is marked both Interface and Nested. TypeDef is marked Interface but is not Abstract. TypeDef is marked Interface but its parent is not NIL. TypeDef is marked Interface but GUID is NULL. TypeDef is marked ValueType but extends a non-class TypeDef. TypeDef is marked ValueType but is not marked Sealed. TypeDef is marked Class but extends a non-class TypeDef. InterfaceImpl has a duplicate. MemberRef name is NULL. MemberRef has invalid name, _VtblGap*. MemberRef has invalid name, _Deleted*. MemberRef parent is NIL in a PE file. MemberRef has invalid calling convention. MemberRef has Method parent but calling convention is not VARARG. MemberRef name different from parent MethodDef. MemberRef signature different from parent MethodDef. MemberRef has a duplicate. ClassLayout parent TypeDef is marked AutoLayout. ClassLayout has bad PackingSize. ClassLayout has a duplicate. FieldLayout2 has bad offset. FieldLayout2 has field with nil parent. FieldLayout2 has no ClassLayout record. FieldLayout2 parent TypeDef is not marked with ExplicitLayout. FieldLayout2 has field marked Static. FieldLayout2 has a duplicate. ModuleRef name is NULL. ModuleRef has a duplicate. Mulitple ModuleRefs in a Module with OrdinalMap table. Unexpected MetaData in OrdinalMap module. TypeDef extends a TypeRef which resolves to a TypeDef in the same module. Signature specified is zero-sized. Signature does not have enough data at specified byte. Method signature has invalid calling convention. Method is marked static but has HASTHIS/EXPLICITTHIS set on the calling convention. Method is not marked static but is not HASTHIS/EXPLICITTHIS. Method signature is missing the argument count. Signature missing element type. Signature missing token. Signature has bad token. Signature is missing function pointer. Signature has function pointer missing argument count. Signature is missing rank specification. Signature is missing count of sized dimensions. Signature is missing size of dimension. Signature is missing count of lower bounds. Signature is missing a lower bound. Signature has bad element type. Signature has value array missing size. Field signature has invalid calling convention. Method name is NULL. Method has parent NIL. Method has duplicate. Field name is NULL. Field parent is NIL. Field has duplicate. // General error conditions reported Validator has been interrupted by the VEHandler. Validator failed to initialize correctly.
As of this release, the following are not checked:
Assembly Manifest information CLS compliance Debugging Symbols