[cap-talk] "Managed code"

David-Sarah Hopwood david-sarah at jacaranda.org
Sun Sep 27 08:52:07 PDT 2009 

Sandro Magi wrote:
> David-Sarah Hopwood wrote:
>> Matej Kosik wrote:
>>> Can a language be "memory safe" and not to be "managed". Can a language
>>> be "managed" and not to be "memory safe"?
>>>
>>> http://en.wikipedia.org/wiki/Memory_safety
>>> http://en.wikipedia.org/wiki/Managed_code
>>
>> There's no reason to use the term "managed code" outside the context of
>> .NET. Please don't use it as a synonym for either memory-safe code or code
>> running under a VM; that would be a needless duplication of perfectly
>> good existing terminology. The Wikipedia article is wrong to do so.
> 
> What I've read of MS's documentation on managed code seemed pretty
> consistent, though they never outright define "managed code".

Yes, they do:

<http://msdn.microsoft.com/en-us/library/aa719454%28VS.71%29.aspx>

# managed code
#    Code that is executed by the common language runtime environment rather
#    than directly by the operating system. Managed code applications gain
#    common language runtime services such as automatic garbage collection,
#    runtime type checking and security support, and so on. These services
#    help provide uniform platform- and language-independent behavior of
#    managed-code applications. See also: unmanaged code.

It is quite clear that this includes non-memory-safe, non-typesafe code
provided that it is executed by the CLR. For example, "managed C++"
is compiled to unverifiable MSIL code that is executed by the CLR, and
therefore is "managed code" by this definition.

Assemblies that are run with Full Trust are not verified. (See
<http://www.owasp.org/index.php/Full_Trust_CLR_Verification_issue:_Changing_Private_Field_using_Proxy_Struct>
for an example.)

> They use it as an equivalent for memory safe and type safe code executed
> by the VM.

No, they don't, and the fact that you've gained that impression (as many
people have) just shows how misleading the term is.

> The managed code term is primarily useful when discussing the FFI,
> where managed vs. unmanaged is a useful distinction for understanding
> how P/Invoke marshals data.
> 
> I don't think there's a term that so accurately captures this
> distinction, as simple memory safety or VM bytecode is insufficient.

What would be wrong with "MSIL code" or "CLR code"?

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

More information about the cap-talk mailing list