Home Products VistaDB 3.2 Importance of Managed and Typesafe code

Importance of Managed and Typesafe code

	Truly embedded ADO.NET 2 SQL database for .NET 2+, CF 2 and Mono Less than 1 MB single assembly deployment Cross-platform Windows, Linux and Mac OS X support using the Mono Project Easy migration from SQL Server TSQL Royalty-free distribution

To appreciate the significance of VistaDB 3, it is important to understand the importance of building managed and typesafe applications. These two new programming concepts are core to Microsoft's .NET technology.

Managed code represents source code that executes within the .NET memory space and that is managed entirely by .NET and the Common Language Runtime (CLR). Managed applications let .NET protect a computer or device by preventing rogue or malicious code from directly accessing a computer's resources such as memory or hard disks where damage can be done. Typesafe means that an application uses the native .NET data types. In other words, no pointers!

The .NET Framework in general and managed code in specific help shape Microsoft's direction for the programming model that will be used for developing nearly all Windows-based applications.

Brad Abrams, author and founding member of the
Common Language Runtime (CLR) and
.NET Framework teams at Microsoft Corp
Read more...

.NET CLR

Beyond the definitions, the .NET CLR is able to inspect managed application code in great detail before actually running it, which allows .NET to determine how much protection to provide the against the application or whether to run it at all. In sharp contrast to this, unmanaged applications cannot be inspected or verified to be safe by the .NET CLR before actually running them. The CLR doesn't know what an unmanaged application will do by inspecting it and therefore cannot make guarantees about what happens when the application runs. This makes unmanaged applications very dangerous to run. One reason why Microsoft is promoting the development of managed and safe .NET applications is to reduce the number of malicious applications, spyware and viruses.

PEVerify

PEVerify is a Microsoft developer tool that is used to verify that a .NET and Compact Framework compiler has created typesafe meta data and IL code. This tool basically verifies that an assembly is "safe" (i.e. does not access memory directly). When an application can successfully PEVerify, it is deemed typesafe by the operating system (Windows Vista, Windows Mobile 5.0, etc.) and is granted top level security permissions.

The .NET Framework 2.0 blurs the lines between how ASP.NET and WinForms applications work and instead focuses attention on how security rights get assigned to applications. Think of how applications (.EXE files) are downloaded today from the Internet. How can someone safely run them without inviting a virus or malicious code onto their system? There is no clear way today other than running virus scanners and installing on a Virtual Machine. And even after a successful virus scans applications can still damage a system through intentional or unintential coding.

With Windows Vista and the .NET Framework 2.0, .NET applications that are determined to be fully managed and typesafe get assigned top level security permissions. Applications that are not, get assigned minimal permissions and end-users are warned that the application is not safe to run. This is the crux of why the world will upgrade Windows Vista. Microsoft will push Windows Vista as the "safest operating system" and managed code applications with PEVerify is at the center of this push. VistaDB 3 lets developers build fully managed and typesafe database applications.

From the Microsoft web site:

The key to writing portable code is to write verifiable code. Verifiable code is code that can be proven to be typesafe. .NET Framework applications are built using types defined in class libraries. Each type in a class library defines fields, properties and methods that are used to access the type’s functionality. The fields, properties and methods defined by a type represent a contract between the type (which provides functionality) and the user of the type (which consumes functionality). Typesafe code is code that obeys ALL type contracts. Types represent memory. And the fields, properties and methods defined by types represent ways to access memory. Ultimately, this means that typesafe code is code that doesn't improperly access memory. And because typesafe code doesn't improperly access memory, the common language runtime is able to safely execute multiple verifiable applications, each isolated in its own AppDomain, within a single (more expensive) operating system process. Also, because typesafe code doesn't improperly access memory it also reduces memory corruption which results in a more stable execution environment. The C#, VB.NET, J# and managed C+ compilers that ship with the .NET Framework 2.0 SDK all produce verifiable (typesafe) code. The C#, VB.NET and J# compilers produce verifiable code by default, while the managed C++ compiler produces verifiable (typesafe) code when the /clr:safe flag is used. In addition, the .NET Framework SDK ships a tool (PEVerify.exe) that allows developers to determine if their code is verifiable.

Glossary

The full Common Language Infrastructure (CLI) is defined by Microsoft here.

Common Language Runtime (CLR) —The type, metadata and execution systems provided by the .NET Framework, which supplies managed code and data with services such as cross-language integration, code access security, object lifetime management, and debugging and profiling support. By targeting the CLR, compilers and other tools can offer these services to developers.

Intermediate Language (IL)—The machine-independent language into which .NET applications are compiled using a high-level .NET language compiler (e.g., C# and VB.NET). The IL output is then used as the input of the Just-In-Time (JIT) compiler, which compiles the IL instructions to machine language just prior to its execution. IL can also be converted to native machine object code using the Native Image Generator utility.

Managed code—Managed code supplies the metadata necessary for the CLR to provide services such as memory management, cross-language integration, code access security, and automatic lifetime control of objects. All code based on IL executes as managed code. By having 100% managed code your application is able to be promoted to other architectures through the Framework. An application written for 32 bit Windows can JIT up to a 64 bit application without any code changes.

Native code—Machine-readable instructions that are created for a specific CPU architecture. Native code for a specific family of CPUs is not usable by a computer using different CPU architectures (c.f., Intel x86 and Sun UltraSPARC). Also called object code and machine code.

Portable Executable (PE) file—The file format defining the structure that all executable files (EXE) and Dynamic Link Libraries (DLL) must use to allow them to be loaded and executed by Windows. PE is derived from the Microsoft Common Object File Format (COFF). The EXE and DLL files created using the .NET Framework obey the PE/COFF formats and also add additional header and data sections to the files that are only used by the CLR. The specification for the PE/COFF file formats is available at http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx

Portable Executable Verifier—A .NET programming tool (PEVerify.exe) used to verify that a .NET compiler has created typesafe metadata and IL code. Because Microsoft .NET compilers always generate typesafe code, this tool is used primarily with third-party ILASM-based compilers to debug possible code generation problems.

Typesafe—Code that accesses only the memory locations it is authorized to access, and only in well-defined, allowable ways. Typesafe code cannot perform an operation on an object that is invalid for that object. The C# and VB.NET language compilers always produce typesafe code, which is verified to be typesafe during JIT-compilation. The PEVerify tool can also be used to verify if code is typesafe.