Sponsored Link •
Bill Venners: The CLR has IL instructions, and C# has syntax, for unsafe activities such as pointer arithmetic. By contrast, Java's bytecodes and syntax has no support for unsafe activities. When you want to do something unsafe with a JVM, Java basically forces you to write C code and use the Java Native Interface (JNI). Why did you decide to make it possible to express unsafe code in IL and C#?
Anders Hejlsberg: The irony is that although there have been all kinds of debate and writing about how C# has unsafe code and "Oh my God, it is badness," the funny thing is that unsafe code is a lot safer than any kind of code you would ever do with JNI. Because in C#, unsafe code is integrated with the language and everybody understands what's going on.
First of all let's just immediately do away with the notion that there is a security hole with unsafe code, because unsafe code never runs in an untrusted environment, just like JNI code never runs in an untrusted environment. The right way to think about unsafe code is that it takes the capabilities of JNI and integrates them into the programming language. That makes it easier, and therefore less error prone, and therefore less unsafe, to write code for interoperating with the outside world.
Bruce Eckel: Are you sorry you called it unsafe?
Anders Hejlsberg: No. I think you should call a spade a spade. It is unsafe, right?
Bill Venners: Are the marketing people sorry?
Anders Hejlsberg: Oh yeah. And we actually had those discussions. They said, "Oh, can't you call it..."
Bill Venners: Special code.
Bruce Eckel: Put a positive spin on it.
Anders Hejlsberg: We said no. We stood our ground and said, "No, it's unsafe. Let's
call it unsafe," because we wanted it to stand out. If you can avoid writing unsafe code, you
should. Sometimes you do need to write it, and then we want it to be clear in your code
precisely where you wrote it. You can always search for the word
your code and find all those places.
Bill Venners: Your point is that the unsafe code approach, because it is less error prone than the JNI approach, is actually safer.
Anders Hejlsberg: Yes, and honestly I think experience bears us out too. People have a lot of problems writing JNI code.