MSDN Magazine - December 2007 - (Page 17)

Writing Reliable .NET Code ALESSANDRO CATORCINI AND BRIAN GRUNKEMEYER hen we talk about something being reliable, we’re referring to it being dependable and predictable. When it comes to software, however, there are other key attributes that must also be present for the code to be considered reliable. Software needs to be resilient, meaning that it will continue to function in the face of internal and external disruptions. It must be recoverable, such that it knows how to restore itself to a previously known, consistent state. The software needs to be predictable, so it will provide timely and expected service. It must be undisruptable, meaning that changes and upgrades won’t affect its service. And, finally, the software must be production-ready, meaning that it contains a minimal number of bugs and will require only a limited number of updates. When these criteria are met, then the software can be considered truly reliable. These key attributes of reliable code depend on various factors—some depend on the overall architecture of the software, some depend upon the OS on which the software will run, and others depend on the tools used to develop the application and the framework on which it is built. Resilience is an attribute that relies on every layer, and an application will only be as resilient as its weakest link. Now consider Microsoft® .NET Framework-based applications. These apps delegate to the runtime certain operations that in a native environment either did not exist (such as just-in-time compilation of IL code) or were under the direct control of the developer (such as memory management). In terms of reliability, the platform itself can introduce its own points of failure that impact the reliability of the applications that run on top of it. It’s important to understand where these breakdowns can occur and what techniques you can use to create more reliable .NET-based apps. W A Look at Runtime Failure There are certain exceptional events that can occur at any time and in any code section. These events, which we will call asynchronous exceptions, are resource exhaustions (out of memory and stack overflows), thread aborts, and access violations. (In the execution of managed code, access violations occur in the runtime.) This last case is not very interesting—if this event does actually occur, it means that a serious bug in the implementation of the common language runtime (CLR) is being exposed and should be fixed. The first two cases, however, deserve deeper analysis. In theory, we would imagine that resource exhaustions would be gracefully managed by the runtime and that they would never affect the ability of application code to continue running. That’s just theory, though—reality is more complex. To explain, we’ll start by taking a look at how some popular server applications deal with out-of-memory (OOM) events. Server applications, such as ASP.NET and Exchange Server 2007, that require very high availability have achieved this through AppDomain and process recycling. The operating system provides A resilient application is a very powerful mechaone that isolates the work in nism to clean up memory and most other resources units that can independently used by a process—all this fail without affecting the is done for you when the other units. process terminates. In a client scenario, when memory pressure gets to the point that even small allocations fail, the overall system reaches such a level of unresponsiveness due to extensive thrashing and paging that the user is much more likely to reach for the reset button or the task manager than to allow any recovery code to run. In a sense, the user’s initial reaction is to perform the same action manually that ASP.NET or Exchange 2007 will do automatically. Some OOMs may not even be caused by any particular issue with the running code. Another process running on the machine or another AppDomain running in the process may be hogging the available resource pool and causing allocations to fail. In this sense, you should consider resource exhaustions to be asynchronous in that they can occur at any time in the execution of code and they may depend on environmental factors external to and independent from the running code. This problem is exacerbated by the fact that the runtime may allocate memory to perform operations related to its own workings. Here are a few examples of allocations that happen in the runtime that could fail in a constrained resource environment: • boxing and unboxing • delayed class loading until the first use of the class • remoted operations on MarshalByRef objects • certain operations on strings • security checks • JITing methods This is just a partial list of the many internal operations in the december2007 17 Table of Contents for the Digital Edition of MSDN Magazine - December 2007ToolboxCLR Inside OutData PointsCutting EdgeMap LINQVSTOCmdletsInteropSecurityTest RunService StationNetting C++.NET MattersWindows with C++{End Bracket}MSDN Magazine - December 2007MSDN Magazine - December 2007 - (Page Cover1)MSDN Magazine - December 2007 - (Page Cover2)MSDN Magazine - December 2007 - (Page 1)MSDN Magazine - December 2007 - (Page 2)MSDN Magazine - December 2007 - (Page 3)MSDN Magazine - December 2007 - (Page 4)MSDN Magazine - December 2007 - (Page 5)MSDN Magazine - December 2007 - (Page 6)MSDN Magazine - December 2007 - (Page 7)MSDN Magazine - December 2007 - (Page 8)MSDN Magazine - December 2007 - (Page 9)MSDN Magazine - December 2007 - (Page 10)MSDN Magazine - December 2007 - Toolbox (Page 11)MSDN Magazine - December 2007 - Toolbox (Page 12)MSDN Magazine - December 2007 - Toolbox (Page 13)MSDN Magazine - December 2007 - Toolbox (Page 14)MSDN Magazine - December 2007 - Toolbox (Page 15)MSDN Magazine - December 2007 - Toolbox (Page 16)MSDN Magazine - December 2007 - CLR Inside Out (Page 17)MSDN Magazine - December 2007 - CLR Inside Out (Page 18)MSDN Magazine - December 2007 - CLR Inside Out (Page 19)MSDN Magazine - December 2007 - CLR Inside Out (Page 20)MSDN Magazine - December 2007 - CLR Inside Out (Page 21)MSDN Magazine - December 2007 - CLR Inside Out (Page 22)MSDN Magazine - December 2007 - CLR Inside Out (Page 23)MSDN Magazine - December 2007 - CLR Inside Out (Page 24)MSDN Magazine - December 2007 - CLR Inside Out (Page 25)MSDN Magazine - December 2007 - CLR Inside Out (Page 26)MSDN Magazine - December 2007 - CLR Inside Out (Page 27)MSDN Magazine - December 2007 - CLR Inside Out (Page 28)MSDN Magazine - December 2007 - Data Points (Page 29)MSDN Magazine - December 2007 - Data Points (Page 30)MSDN Magazine - December 2007 - Data Points (Page 31)MSDN Magazine - December 2007 - Data Points (Page 32)MSDN Magazine - December 2007 - Data Points (Page 33)MSDN Magazine - December 2007 - Data Points (Page 34)MSDN Magazine - December 2007 - Cutting Edge (Page 35)MSDN Magazine - December 2007 - Cutting Edge (Page 36)MSDN Magazine - December 2007 - Cutting Edge (Page 37)MSDN Magazine - December 2007 - Cutting Edge (Page 38)MSDN Magazine - December 2007 - Cutting Edge (Page 39)MSDN Magazine - December 2007 - Cutting Edge (Page 40)MSDN Magazine - December 2007 - Cutting Edge (Page 41)MSDN Magazine - December 2007 - Cutting Edge (Page 42)MSDN Magazine - December 2007 - Cutting Edge (Page 43)MSDN Magazine - December 2007 - Cutting Edge (Page 44)MSDN Magazine - December 2007 - Cutting Edge (Page 45)MSDN Magazine - December 2007 - Map LINQ (Page 46)MSDN Magazine - December 2007 - Map LINQ (Page 47)MSDN Magazine - December 2007 - Map LINQ (Page 48)MSDN Magazine - December 2007 - Map LINQ (Page 49)MSDN Magazine - December 2007 - Map LINQ (Page 50)MSDN Magazine - December 2007 - Map LINQ (Page 51)MSDN Magazine - December 2007 - Map LINQ (Page 52)MSDN Magazine - December 2007 - Map LINQ (Page 53)MSDN Magazine - December 2007 - Map LINQ (Page 54)MSDN Magazine - December 2007 - Map LINQ (Page 55)MSDN Magazine - December 2007 - Map LINQ (Page 56)MSDN Magazine - December 2007 - Map LINQ (Page 57)MSDN Magazine - December 2007 - VSTO (Page 58)MSDN Magazine - December 2007 - VSTO (Page 59)MSDN Magazine - December 2007 - VSTO (Page 60)MSDN Magazine - December 2007 - VSTO (Page 61)MSDN Magazine - December 2007 - VSTO (Page 62)MSDN Magazine - December 2007 - VSTO (Page 63)MSDN Magazine - December 2007 - VSTO (Page 64)MSDN Magazine - December 2007 - VSTO (Page 65)MSDN Magazine - December 2007 - VSTO (Page 66)MSDN Magazine - December 2007 - VSTO (Page 67)MSDN Magazine - December 2007 - Cmdlets (Page 68)MSDN Magazine - December 2007 - Cmdlets (Page 69)MSDN Magazine - December 2007 - Cmdlets (Page 70)MSDN Magazine - December 2007 - Cmdlets (Page 71)MSDN Magazine - December 2007 - Cmdlets (Page 72)MSDN Magazine - December 2007 - Cmdlets (Page 73)MSDN Magazine - December 2007 - Cmdlets (Page 74)MSDN Magazine - December 2007 - Cmdlets (Page 75)MSDN Magazine - December 2007 - Cmdlets (Page 76)MSDN Magazine - December 2007 - Cmdlets (Page 77)MSDN Magazine - December 2007 - Cmdlets (Page 78)MSDN Magazine - December 2007 - Interop (Page 79)MSDN Magazine - December 2007 - Interop (Page 80)MSDN Magazine - December 2007 - Interop (Page 81)MSDN Magazine - December 2007 - Interop (Page 82)MSDN Magazine - December 2007 - Interop (Page 83)MSDN Magazine - December 2007 - Interop (Page 84)MSDN Magazine - December 2007 - Interop (Page 85)MSDN Magazine - December 2007 - Interop (Page 86)MSDN Magazine - December 2007 - Security (Page 87)MSDN Magazine - December 2007 - Security (Page 88)MSDN Magazine - December 2007 - Security (Page 89)MSDN Magazine - December 2007 - Security (Page 90)MSDN Magazine - December 2007 - Security (Page 91)MSDN Magazine - December 2007 - Security (Page 92)MSDN Magazine - December 2007 - Security (Page 93)MSDN Magazine - December 2007 - Security (Page 94)MSDN Magazine - December 2007 - Test Run (Page 95)MSDN Magazine - December 2007 - Test Run (Page 96)MSDN Magazine - December 2007 - Test Run (Page 97)MSDN Magazine - December 2007 - Test Run (Page 98)MSDN Magazine - December 2007 - Test Run (Page 99)MSDN Magazine - December 2007 - Test Run (Page 100)MSDN Magazine - December 2007 - Test Run (Page 101)MSDN Magazine - December 2007 - Test Run (Page 102)MSDN Magazine - December 2007 - Service Station (Page 103)MSDN Magazine - December 2007 - Service Station (Page 104)MSDN Magazine - December 2007 - Service Station (Page 105)MSDN Magazine - December 2007 - Service Station (Page 106)MSDN Magazine - December 2007 - Service Station (Page 107)MSDN Magazine - December 2007 - Service Station (Page 108)MSDN Magazine - December 2007 - Service Station (Page 109)MSDN Magazine - December 2007 - Service Station (Page 110)MSDN Magazine - December 2007 - Service Station (Page 111)MSDN Magazine - December 2007 - Service Station (Page 112)MSDN Magazine - December 2007 - Netting C++ (Page 113)MSDN Magazine - December 2007 - Netting C++ (Page 114)MSDN Magazine - December 2007 - Netting C++ (Page 115)MSDN Magazine - December 2007 - Netting C++ (Page 116)MSDN Magazine - December 2007 - .NET Matters (Page 117)MSDN Magazine - December 2007 - .NET Matters (Page 118)MSDN Magazine - December 2007 - .NET Matters (Page 119)MSDN Magazine - December 2007 - .NET Matters (Page 120)MSDN Magazine - December 2007 - .NET Matters (Page 121)MSDN Magazine - December 2007 - .NET Matters (Page 122)MSDN Magazine - December 2007 - Windows with C++ (Page 123)MSDN Magazine - December 2007 - Windows with C++ (Page 124)MSDN Magazine - December 2007 - Windows with C++ (Page 125)MSDN Magazine - December 2007 - Windows with C++ (Page 126)MSDN Magazine - December 2007 - Windows with C++ (Page 127)MSDN Magazine - December 2007 - {End Bracket} (Page 128)MSDN Magazine - December 2007 - {End Bracket} (Page Cover3)MSDN Magazine - December 2007 - {End Bracket} (Page Cover4)http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.