MSDN Magazine - December 2007 - (Page 23)

To give your code an opportunity to execute, the CLR will eagerly prepare your code, meaning it will JIT the statically discoverable call graph for your method. If you use delegates within a CER, the target method of the delegate must be eagerly prepared, preferably by calling RuntimeHelpers.PrepareMethod() on the method. Additionally, if you use ngen, you can mark the method with the PrePrepareMethodAttribute to eliminate some need to pull in the JIT. This eager preparation will eliminate CLR-induced out-of-memory exceptions. With regard to thread aborts, the CLR will disable these over CERs. The CLR will also probe for some stack, if and only if the CLR’s host (for example, any native app that uses the CLR’s COM hosting interfaces to launch the CLR) wants to survive stack overflow. Barring bugs in the runtime itself, heap corruption, and hardware problems, this should eliminate all CLR-induced asynchronous exceptions caused by your code. Figure 1 A Stronger Consistency Guarantee [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] public static void InsertItem (ReliableList list, T item) { RuntimeHelpers.PrepareConstrainedRegions(); // CER marker try { // Add can fail with an OutOfMemoryException. // That’s fine, since the list didn’t change. list.Add(item); // Consider a failure here, perhaps from calling a second method. } finally { // Restore consistency by guaranteeing the list is sorted. list.Sort(); } } Reliability Contracts You may have noticed that I keep drawing a line between CLRinduced failures and all other failures. Failures can occur at all levels of the system since each layer of the system has a different view of consistency. Consider an application that wants to maintain a list of items in sorted order. If you use an unsorted collection like List , your code may look like this: public static void InsertItem (List list, T item) { // List isn’t sorted, but the app relies on it being sorted. list.Add(item); list.Sort(); } whether to expect the possibility of a failure. Here, reliability contracts could do a better job of indicating corruption of parameters versus a “this” pointer, but these are really meant to start a reliability discussion between the author of the InsertItem method and the person calling it. In this case, someone calling InsertItem will notice that it may cause corruption of an instance if it fails, so they will know that they need a mitigation strategy. Mitigating Failures the Hard Way Constrained execution regions offer some ways to mitigate failures in code like InsertItem. The options vary in complexity and some techniques may not work well if the code changes significantly from one version to another. The most obvious technique is to try to understand the failure and avoid it. In this sample, it may be possible to hoist allocations to a place where you can recover from the failure, such as allocating the list with sufficient capacity to begin with. This would hoist any allocation failures. However, this requires that you understand InsertItem , List , and how they both fail. Additionally, this technique doesn’t solve the thread abort problem. The list may still not be sorted. Here, a CER could be used to ensure that the finally block is sorted all the time. Regardless of whether Add fails or not, we ensure consistency of the list by guaranteeing that it is sorted. This requires a strong reliability guarantee on our fictitious ReliableList ’s Sort method. But with that in place, we could write our code as shown in Figure 1, offering a stronger consistency guarantee in InsertItem’s reliability contract. Keep in mind that these techniques don’t work in a real-world implementation of this example since ReliableList doesn’t really exist. It would be particularly difficult to write due to the nature of sort algorithms—you need any comparer used by Sort and most likely T’s CompareTo method to also be reliable. But there’s another technique similar to the recycling model. If you can live with the performance hit, you can copy the data, make your changes on your copy, and then expose your consistent data structure to the world. Here’s one way to do this, complete with compromises to the method signature: [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] public static void InsertItem (ref List list, T item) Now imagine that all the methods on List magically succeeded all the time. We’ll use the hypothetical ReliableList to imply this behavior. Imagine that Add never needs to grow the size of the list and the Sort routine always works (even with its indirect calls into comparers and CompareTo methods on the generic type T). If a ThreadAbortException occurs in InsertItem after the call to Add completed but before the call to Sort, we still run into a consistency problem. From the perspective of ReliableList , the list is fully consistent. The internal data structures in the list are in a perfectly fine state in that there is no extra item half-added to the collection. And we can continue to use the list without any problems. But, from the perspective of the application (remember that it required the list to be sorted), this invariant has been broken and the method hasn’t been written to recover from this problem. This scenario illustrates that consistency exists at various levels in the system. This is indicated to users via reliability contracts—a very coarse-grained mechanism for stating the extent of corruption if an asynchronous exception occurs. In this case, the method corrupted the list, and if we admit the possibility of an OutOfMemoryException during the Add method call, then we have to mark this method as potentially failing, like this: [ReliabilityContract(Consistency.MayCorruptInstance, Cer.MayFail)] public static void InsertItem (ReliableList list, T item) Reliability contracts, which are required on all code called within CERs, serve primarily as documentation to the developer about CLR Inside Out december2007 23 Table of Contents for the Digital Edition of MSDN Magazine - December 2007ToolboxCLR Inside OutData PointsCutting EdgeMap LINQVSTOCmdletsInteropSecurityTest RunService StationNetting C++.NET MattersWindows with C++{End Bracket}MSDN Magazine - December 2007MSDN Magazine - December 2007 - (Page Cover1)MSDN Magazine - December 2007 - (Page Cover2)MSDN Magazine - December 2007 - (Page 1)MSDN Magazine - December 2007 - (Page 2)MSDN Magazine - December 2007 - (Page 3)MSDN Magazine - December 2007 - (Page 4)MSDN Magazine - December 2007 - (Page 5)MSDN Magazine - December 2007 - (Page 6)MSDN Magazine - December 2007 - (Page 7)MSDN Magazine - December 2007 - (Page 8)MSDN Magazine - December 2007 - (Page 9)MSDN Magazine - December 2007 - (Page 10)MSDN Magazine - December 2007 - Toolbox (Page 11)MSDN Magazine - December 2007 - Toolbox (Page 12)MSDN Magazine - December 2007 - Toolbox (Page 13)MSDN Magazine - December 2007 - Toolbox (Page 14)MSDN Magazine - December 2007 - Toolbox (Page 15)MSDN Magazine - December 2007 - Toolbox (Page 16)MSDN Magazine - December 2007 - CLR Inside Out (Page 17)MSDN Magazine - December 2007 - CLR Inside Out (Page 18)MSDN Magazine - December 2007 - CLR Inside Out (Page 19)MSDN Magazine - December 2007 - CLR Inside Out (Page 20)MSDN Magazine - December 2007 - CLR Inside Out (Page 21)MSDN Magazine - December 2007 - CLR Inside Out (Page 22)MSDN Magazine - December 2007 - CLR Inside Out (Page 23)MSDN Magazine - December 2007 - CLR Inside Out (Page 24)MSDN Magazine - December 2007 - CLR Inside Out (Page 25)MSDN Magazine - December 2007 - CLR Inside Out (Page 26)MSDN Magazine - December 2007 - CLR Inside Out (Page 27)MSDN Magazine - December 2007 - CLR Inside Out (Page 28)MSDN Magazine - December 2007 - Data Points (Page 29)MSDN Magazine - December 2007 - Data Points (Page 30)MSDN Magazine - December 2007 - Data Points (Page 31)MSDN Magazine - December 2007 - Data Points (Page 32)MSDN Magazine - December 2007 - Data Points (Page 33)MSDN Magazine - December 2007 - Data Points (Page 34)MSDN Magazine - December 2007 - Cutting Edge (Page 35)MSDN Magazine - December 2007 - Cutting Edge (Page 36)MSDN Magazine - December 2007 - Cutting Edge (Page 37)MSDN Magazine - December 2007 - Cutting Edge (Page 38)MSDN Magazine - December 2007 - Cutting Edge (Page 39)MSDN Magazine - December 2007 - Cutting Edge (Page 40)MSDN Magazine - December 2007 - Cutting Edge (Page 41)MSDN Magazine - December 2007 - Cutting Edge (Page 42)MSDN Magazine - December 2007 - Cutting Edge (Page 43)MSDN Magazine - December 2007 - Cutting Edge (Page 44)MSDN Magazine - December 2007 - Cutting Edge (Page 45)MSDN Magazine - December 2007 - Map LINQ (Page 46)MSDN Magazine - December 2007 - Map LINQ (Page 47)MSDN Magazine - December 2007 - Map LINQ (Page 48)MSDN Magazine - December 2007 - Map LINQ (Page 49)MSDN Magazine - December 2007 - Map LINQ (Page 50)MSDN Magazine - December 2007 - Map LINQ (Page 51)MSDN Magazine - December 2007 - Map LINQ (Page 52)MSDN Magazine - December 2007 - Map LINQ (Page 53)MSDN Magazine - December 2007 - Map LINQ (Page 54)MSDN Magazine - December 2007 - Map LINQ (Page 55)MSDN Magazine - December 2007 - Map LINQ (Page 56)MSDN Magazine - December 2007 - Map LINQ (Page 57)MSDN Magazine - December 2007 - VSTO (Page 58)MSDN Magazine - December 2007 - VSTO (Page 59)MSDN Magazine - December 2007 - VSTO (Page 60)MSDN Magazine - December 2007 - VSTO (Page 61)MSDN Magazine - December 2007 - VSTO (Page 62)MSDN Magazine - December 2007 - VSTO (Page 63)MSDN Magazine - December 2007 - VSTO (Page 64)MSDN Magazine - December 2007 - VSTO (Page 65)MSDN Magazine - December 2007 - VSTO (Page 66)MSDN Magazine - December 2007 - VSTO (Page 67)MSDN Magazine - December 2007 - Cmdlets (Page 68)MSDN Magazine - December 2007 - Cmdlets (Page 69)MSDN Magazine - December 2007 - Cmdlets (Page 70)MSDN Magazine - December 2007 - Cmdlets (Page 71)MSDN Magazine - December 2007 - Cmdlets (Page 72)MSDN Magazine - December 2007 - Cmdlets (Page 73)MSDN Magazine - December 2007 - Cmdlets (Page 74)MSDN Magazine - December 2007 - Cmdlets (Page 75)MSDN Magazine - December 2007 - Cmdlets (Page 76)MSDN Magazine - December 2007 - Cmdlets (Page 77)MSDN Magazine - December 2007 - Cmdlets (Page 78)MSDN Magazine - December 2007 - Interop (Page 79)MSDN Magazine - December 2007 - Interop (Page 80)MSDN Magazine - December 2007 - Interop (Page 81)MSDN Magazine - December 2007 - Interop (Page 82)MSDN Magazine - December 2007 - Interop (Page 83)MSDN Magazine - December 2007 - Interop (Page 84)MSDN Magazine - December 2007 - Interop (Page 85)MSDN Magazine - December 2007 - Interop (Page 86)MSDN Magazine - December 2007 - Security (Page 87)MSDN Magazine - December 2007 - Security (Page 88)MSDN Magazine - December 2007 - Security (Page 89)MSDN Magazine - December 2007 - Security (Page 90)MSDN Magazine - December 2007 - Security (Page 91)MSDN Magazine - December 2007 - Security (Page 92)MSDN Magazine - December 2007 - Security (Page 93)MSDN Magazine - December 2007 - Security (Page 94)MSDN Magazine - December 2007 - Test Run (Page 95)MSDN Magazine - December 2007 - Test Run (Page 96)MSDN Magazine - December 2007 - Test Run (Page 97)MSDN Magazine - December 2007 - Test Run (Page 98)MSDN Magazine - December 2007 - Test Run (Page 99)MSDN Magazine - December 2007 - Test Run (Page 100)MSDN Magazine - December 2007 - Test Run (Page 101)MSDN Magazine - December 2007 - Test Run (Page 102)MSDN Magazine - December 2007 - Service Station (Page 103)MSDN Magazine - December 2007 - Service Station (Page 104)MSDN Magazine - December 2007 - Service Station (Page 105)MSDN Magazine - December 2007 - Service Station (Page 106)MSDN Magazine - December 2007 - Service Station (Page 107)MSDN Magazine - December 2007 - Service Station (Page 108)MSDN Magazine - December 2007 - Service Station (Page 109)MSDN Magazine - December 2007 - Service Station (Page 110)MSDN Magazine - December 2007 - Service Station (Page 111)MSDN Magazine - December 2007 - Service Station (Page 112)MSDN Magazine - December 2007 - Netting C++ (Page 113)MSDN Magazine - December 2007 - Netting C++ (Page 114)MSDN Magazine - December 2007 - Netting C++ (Page 115)MSDN Magazine - December 2007 - Netting C++ (Page 116)MSDN Magazine - December 2007 - .NET Matters (Page 117)MSDN Magazine - December 2007 - .NET Matters (Page 118)MSDN Magazine - December 2007 - .NET Matters (Page 119)MSDN Magazine - December 2007 - .NET Matters (Page 120)MSDN Magazine - December 2007 - .NET Matters (Page 121)MSDN Magazine - December 2007 - .NET Matters (Page 122)MSDN Magazine - December 2007 - Windows with C++ (Page 123)MSDN Magazine - December 2007 - Windows with C++ (Page 124)MSDN Magazine - December 2007 - Windows with C++ (Page 125)MSDN Magazine - December 2007 - Windows with C++ (Page 126)MSDN Magazine - December 2007 - Windows with C++ (Page 127)MSDN Magazine - December 2007 - {End Bracket} (Page 128)MSDN Magazine - December 2007 - {End Bracket} (Page Cover3)MSDN Magazine - December 2007 - {End Bracket} (Page Cover4)http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.