Which of the following is a security and advantage of managed code over unmanaged code?

게임프로그래밍

Managed Code 와 UnManaged Code

Re: Difference Between Managed Code and UnManaged Code
Pooran-Prasad
Wed, 01 Oct 2003 06:40:37 -0700

-----------------------------------------------------------

New Message on BDOTNET

-----------------------------------------------------------
From: Pooran-Prasad
Message 4 in Discussion

Hi Shaju,

 Microsoft Visual Studio
.NET (VS.NET) is capable of producing both managed and unmanaged code. Basically
unmanaged code is the kind that runs directly against the Win32 API and the x86
instruction set, the kind we're used to. Managed code runs on .NET's CLR (common
language runtime), the equivalent of Java's VM.

Managed code comes in
two forms, safe and unsafe. Safe code only accesses memory that's been
previously written to, doesn't assign data to variables of the wrong type, etc.
The idea is that it's stable and secure, within the environment of the CLR.

By default, C#.NET and VB.NET both produce verifiably safe code. There
is a tool in Microsoft Visual Studio .NET called PEVerify that checks code is
verifiably safe. It is possible to produce code that's not verfiably safe by
using managed C++ or using the 'unsafe' keyword in C#. However, if that code
attempts an unsafe operation when running it will throw a VerifierException and
avert attempts at compromising security, etc.

Managed code is code that is written to target the services
of the common language runtime (see What is the Common Language Runtime?). In
order to target these services, the code must provide a minimum level of
information (metadata) to the runtime. All C#, Visual Basic .NET, and
JScript .NET code is managed by default. Visual Studio .NET C++ code
is not managed by default, but the compiler can produce managed code by
specifying a command-line switch (/CLR).

<o:p></o:p>

Though unasked, I
would like to add details on managed data. Closely related to managed
code is managed data뾡ata that is allocated and de-allocated by the common
language runtime's garbage collector. C#, Visual Basic, and JScript .NET data is
managed by default. C# data can, however, be marked as unmanaged through the use
of special keywords.

Visual Studio .NET C++ data is unmanaged by default
(even when using the /CLR switch), but when using Managed Extensions for C++, a
class can be marked as managed by using the __gc keyword. As the name suggests,
this means that the memory for instances of the class is managed by the garbage
collector. In addition, the class becomes a full participating member of the
.NET Framework community, with the benefits and restrictions that brings. An
example of a benefit is proper interoperability with classes written in other
languages (for example, a managed C++ class can inherit from a Visual Basic
class). An example of a restriction is that a managed class can only inherit
from one base class. <o:p></o:p>

 Hope that helps
:)

    Have a great day :)

    Pooran Prasad

R. Pooran Prasad
Itreya Technologies Pvt Ltd.,
Mail:
[EMAIL PROTECTED]
Phone(Off) : 
5200179/80/81/82/83 Extn: 50
Mobile:  +91 98860 29578

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

What is "managed code"?

• Article
• 09/15/2021
• 2 minutes to read

In this article

When working with .NET, you will often encounter the term "managed code". This document will explain what this term means and additional information around it.

To put it very simply, managed code is just that: code whose execution is managed by a runtime. In this case, the runtime in question is called the Common Language Runtime or CLR, regardless of the implementation (for example, Mono, .NET Framework, or .NET Core/.NET 5+). CLR is in charge of taking the managed code, compiling it into machine code and then executing it. On top of that, runtime provides several important services such as automatic memory management, security boundaries, type safety etc.

Contrast this to the way you would run a C/C++ program, also called "unmanaged code". In the unmanaged world, the programmer is in charge of pretty much everything. The actual program is, essentially, a binary that the operating system (OS) loads into memory and starts. Everything else, from memory management to security considerations are a burden of the programmer.

Managed code is written in one of the high-level languages that can be run on top of .NET, such as C#, Visual Basic, F# and others. When you compile code written in those languages with their respective compiler, you don't get machine code. You get Intermediate Language code which the runtime then compiles and executes. C++ is the one exception to this rule, as it can also produce native, unmanaged binaries that run on Windows.

What is "Intermediate Language" (or IL for short)? It is a product of compilation of code written in high-level .NET languages. Once you compile your code written in one of these languages, you will get a binary that is made out of IL. It is important to note that the IL is independent from any specific language that runs on top of the runtime; there is even a separate specification for it that you can read if you're so inclined.

Once you produce IL from your high-level code, you will most likely want to run it. This is where the CLR takes over and starts the process of Just-In-Time compiling, or JIT-ing your code from IL to machine code that can actually be run on a CPU. In this way, the CLR knows exactly what your code is doing and can effectively manage it.

Intermediate Language is sometimes also called Common Intermediate Language (CIL) or Microsoft Intermediate Language (MSIL).

Unmanaged code interoperability

Of course, the CLR allows passing the boundaries between managed and unmanaged world, and there is a lot of code that does that, even in the Base Class Libraries. This is called interoperability or just interop for short. These provisions would allow you to, for example, wrap up an unmanaged library and call into it. However, it is important to note that once you do this, when the code passes the boundaries of the runtime, the actual management of the execution is again in the hand of unmanaged code, and thus falls under the same restrictions.

Similar to this, C# is one language that allows you to use unmanaged constructs such as pointers directly in code by utilizing what is known as unsafe context which designates a piece of code for which the execution is not managed by the CLR.

More resources

• Overview of .NET Framework
• Unsafe Code and Pointers
• Native interoperability

What are the disadvantages of managed and unmanaged code?

What is managed code?

What is the difference between unmanaged code and native code?

What is secure coding?

Which of the following is a security advantage of managed code over and unmanaged code?

What is the difference between an unmanaged and a managed code?

Which of the following combination is an example for unmanaged and managed programming languages?

What is the difference between unsafe code and unmanaged code?