"Peter Oliphant" wrote:
Since my
program doesn't compile as in '/CLI safe', what am I not 'getting' because
of this?
CLI / Safe means that the resulting program is pure managed (only containing
IL instructions, and no native CPU instructions), which is the same as CLI /
Pure. The "extra" thing Safe adds is that the program is _verifiable_ by the
runtime.
Verifiable code has certain advantages because it can be proven that claims
about types and methods are always true. In unsafe code, you can't verify
that a program won't access a type or memory location in a way that it wasn't
designed to do, and therefore may have unpredictable effects. Native code is
inherently unverifiable (since the runtime can only prove IL code compiled by
the JIT [or NGen'd]), and pointers are also unverifiable (since you can do
arbitrary arithmetic on them). Other languages which target the runtime (C#
and VB) produce verifiable code by default or even exclusively. C++/CLI is
much harder to do this with, and in my opinion isn't well suited for this
task - native / managed interop is by far its greatest strength.
The big "loss" is that you have to run your app in "fully trusted" mode,
which means that the code gets all the privileges the current logon session
has been granted. If it were verifiable, it could also be made to run in a
"partially trusted" mode, which gives the code less privileges than the logon
session, making the system more secure, and therefore potentially useful in a
wider variety of scenarios, such as from a partially trusted website.