type safe...

  • Thread starter Thread starter Ginny
  • Start date Start date
G

Ginny

hi,

what exactly is code being type safe??

the documentation says...

------------------------------
As part of compiling MSIL to native code, code must pass a verification
process unless an administrator has established a security policy that
allows code to bypass verification. Verification examines MSIL and metadata
to find out whether the code is type safe, which means that it only accesses
the memory locations it is authorized to access. Type safety helps ensure
that objects are safely isolated from each other and are therefore safe from
inadvertent or malicious corruption. It also provides assurance that
security restrictions on code can be reliably enforced.

The runtime relies on the fact that the following statements are true for
code that is verifiably type safe:

a.. A reference to a type is strictly compatible with the type being
referenced.
b.. Only appropriately defined operations are invoked on an object.
c.. Identities are what they claim to be.
 
Ginny said:
what exactly is code being type safe??
Click to expand...

http://en.wikipedia.org/wiki/Type_safety

The terms below are explained in slightly more detail in ECMA
Specification 335, 3rd edition.
a.. A reference to a type is strictly compatible with the type being
referenced.
Click to expand...

One of the things this implies is that invalid typecasts aren't
possible. In other words, one cannot create a reference to a type which
doesn't match the actual type of the object. For example:

object o = new object();
string s = (string) o;

This code won't work at runtime. If a variable or field is declared of
type X, then the value being referred to is compatible with type X. In a
language like C++, one could write this:

Object* o = new Object;
String* s = (String*) o;

.... and it would succeed without any runtime errors.
b.. Only appropriately defined operations are invoked on an object.
Click to expand...

This means that you can only call methods that are declared on the type.
For example:

object o = new object();
o.Substring(1);

This is calling the System.String::Substring(int) method on an object.
Object doesn't have this method, so it is invalid.
c.. Identities are what they claim to be.
Click to expand...

This basically means that objects can't be spoofed.

For example, given the following C++:

String* s = new String;
unsigned char *buf = (unsigned char *) s;

Here, buf can be used to arbitrarily modify internal fields and the
vtable of the String class. Verifiable code can't do this.

-- Barry
 
Back
Top