Type Equivalence and Type Safety

What one should do on a plane back from the PDC? Of course! Write a new blog post! So, since I still have some topics to cover on the whole NOPIA shabang – here we go.

CLR’s 4.0 support for Type Equivalence allows you to define your own copy of an interface, stick a Guid on it and then you will be able to cast from any managed object implementing an interface with the same Guid. When calling a method on such interface CLR will find the equivalent interface in the inheritance chain of the managed object, verify you are not calling beyond the allowed vtable, verify that the signature at the same vtable offset does match and then call the corresponding method implementation.

This is all good and well and allows for loose type coupling, version resiliency and possibly some other goodness we have not found a name for yet but I have been repeatedly asked whether such arbitrary deviation from the fundamental .NET type system principals is type safe and whether FullTrust is required to make calls through equivalent type to work. Let’s address these concerns one by one.

I believe the mechanism is actually Type Safe . To try and illustrate my point I would make a fundamental assumption that calls through reflection are Type Safe. Most of you would probably agree. The way reflection mechanism works is it first verifies that parameters passed to the call can be cast to the parameter types specified by the method signature. If types do no match – reflection does not let the call to execute. Now compare this mechanism to the way calls for Type Equivalent interfaces are dispatched and try to find a difference 🙂

Now to the question of FullTrust. Let’s reuse the analogy with reflection once again and recall that reflection does not require FullTrust. Consequently, we can conclude that one is not needed for calls through Type Equivalent interface. The only exception to the rule is when the call contains Type Equivalent structures. Again, in theory, if we can prove that two struct types that are declared to be type equivalent are also structurally equivalent – we should not require FullTrust. The problem is that proving this might be more complicated than it seems to be (this is what I ‘ve been told) so this is too early to talk about what final bits will look like.

Comments (0)

Skip to main content