|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
type safe...what exactly is code being type safe?? the documentation says... ------------------------------ As part of compiling MSIL to native code, code must pass a verification process unless an administrator has established a security policy that allows code to bypass verification. Verification examines MSIL and metadata to find out whether the code is type safe, which means that it only accesses the memory locations it is authorized to access. Type safety helps ensure that objects are safely isolated from each other and are therefore safe from inadvertent or malicious corruption. It also provides assurance that security restrictions on code can be reliably enforced. The runtime relies on the fact that the following statements are true for code that is verifiably type safe: a.. A reference to a type is strictly compatible with the type being referenced. b.. Only appropriately defined operations are invoked on an object. c.. Identities are what they claim to be. -------------------- Can anyone give a practical example as to what exactly does the above 3 bulleted points mean??? -- Regards Ginny "Ginny" <techni***@peoplewareindia.com> wrote:
http://en.wikipedia.org/wiki/Type_safety
> what exactly is code being type safe?? The terms below are explained in slightly more detail in ECMA Specification 335, 3rd edition. > a.. A reference to a type is strictly compatible with the type being One of the things this implies is that invalid typecasts aren't> referenced. possible. In other words, one cannot create a reference to a type which doesn't match the actual type of the object. For example: object o = new object(); string s = (string) o; This code won't work at runtime. If a variable or field is declared of type X, then the value being referred to is compatible with type X. In a language like C++, one could write this: Object* o = new Object; String* s = (String*) o; .... and it would succeed without any runtime errors. > b.. Only appropriately defined operations are invoked on an object. This means that you can only call methods that are declared on the type.For example: object o = new object(); o.Substring(1); This is calling the System.String::Substring(int) method on an object. Object doesn't have this method, so it is invalid. > c.. Identities are what they claim to be. This basically means that objects can't be spoofed.For example, given the following C++: String* s = new String; unsigned char *buf = (unsigned char *) s; Here, buf can be used to arbitrarily modify internal fields and the vtable of the String class. Verifiable code can't do this. -- Barry  |
|||||||||||||||||||||||
Other interesting topics