[cap-talk] "Managed code"
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Sep 26 15:33:58 PDT 2009
Matej Kosik wrote:
> Can a language be "memory safe" and not to be "managed". Can a language
> be "managed" and not to be "memory safe"?
>
> http://en.wikipedia.org/wiki/Memory_safety
> http://en.wikipedia.org/wiki/Managed_code
There's no reason to use the term "managed code" outside the context of
.NET. Please don't use it as a synonym for either memory-safe code or code
running under a VM; that would be a needless duplication of perfectly
good existing terminology. The Wikipedia article is wrong to do so.
Managed code in .NET roughly means "code compiled for the CLR". That
implies that it is compiled to MSIL and can directly use "managed data"
(data controlled by the .NET GC), but it is not necessarily verifiable
by the .NET verifier. "Managed C++" code (at least that produced by the
current VC++ .NET compiler) is not verifiable.
<http://books.google.co.uk/books?id=IgBx6RRO0WcC&pg=PA19&lpg=PA19>
Microsoft documentation is not consistent as to whether it uses the
term "managed code" with the implication that it is verifiable. (You
weren't really expecting it to be, were you? It's clearly to their
advantage to fudge this.)
Unverified .NET code is obviously not memory-safe. Whether verified .NET
code is memory-safe depends on lots of things; there are probably verifier
bugs, and there are probably ways to exploit interfaces with unmanaged
code, or flaws in implementation and/or design of the code access security
mechanism.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list