Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / July 2006

Tip: Looking for answers? Try searching our database.

type safe...

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Ginny - 18 Jul 2006 18:34 GMT
hi,

what exactly is code being type safe??

the documentation says...

------------------------------
As part of compiling MSIL to native code, code must pass a verification
process unless an administrator has established a security policy that
allows code to bypass verification. Verification examines MSIL and metadata
to find out whether the code is type safe, which means that it only accesses
the memory locations it is authorized to access. Type safety helps ensure
that objects are safely isolated from each other and are therefore safe from
inadvertent or malicious corruption. It also provides assurance that
security restrictions on code can be reliably enforced.

The runtime relies on the fact that the following statements are true for
code that is verifiably type safe:

 a.. A reference to a type is strictly compatible with the type being
referenced.
 b.. Only appropriately defined operations are invoked on an object.
 c.. Identities are what they claim to be.
--------------------

Can anyone give a practical example as to what exactly does the above 3
bulleted points mean???

Signature

Regards
Ginny

Reply to this Message
Barry Kelly - 18 Jul 2006 20:23 GMT
> what exactly is code being type safe??

http://en.wikipedia.org/wiki/Type_safety

The terms below are explained in slightly more detail in ECMA
Specification 335, 3rd edition.

>   a.. A reference to a type is strictly compatible with the type being
> referenced.

One of the things this implies is that invalid typecasts aren't
possible. In other words, one cannot create a reference to a type which
doesn't match the actual type of the object. For example:

object o = new object();
string s = (string) o;

This code won't work at runtime. If a variable or field is declared of
type X, then the value being referred to is compatible with type X. In a
language like C++, one could write this:

Object* o = new Object;
String* s = (String*) o;

... and it would succeed without any runtime errors.

>   b.. Only appropriately defined operations are invoked on an object.

This means that you can only call methods that are declared on the type.
For example:

object o = new object();
o.Substring(1);

This is calling the System.String::Substring(int) method on an object.
Object doesn't have this method, so it is invalid.

>   c.. Identities are what they claim to be.

This basically means that objects can't be spoofed.

For example, given the following C++:

String* s = new String;
unsigned char *buf = (unsigned char *) s;

Here, buf can be used to arbitrarily modify internal fields and the
vtable of the String class. Verifiable code can't do this.

-- Barry

Signature

http://barrkel.blogspot.com/

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.