{"id":55911,"date":"2010-05-03T17:00:00","date_gmt":"2010-05-03T17:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/pfxteam\/2010\/05\/03\/a-tpl-sandbox\/"},"modified":"2010-05-03T17:00:00","modified_gmt":"2010-05-03T17:00:00","slug":"a-tpl-sandbox","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/a-tpl-sandbox\/","title":{"rendered":"A TPL Sandbox"},"content":{"rendered":"

In a <\/FONT>previous post<\/FONT><\/A>, we introduced the UnobservedTaskException event, saying that it would be useful for host-plugin scenarios where a host application should continue to execute in the presence of exceptions thrown by buggy plugins.  <\/SPAN>A typical example is an Internet browser; should the entire application crash if some rich content plugin crashes?  <\/SPAN>Today, we will describe how to achieve this scenario by creating a TPL sandbox using this feature in conjunction with application domains.<\/FONT><\/FONT><\/P>\n

Application domains (represented by AppDomain objects) were introduced to .NET to provide isolation, unloading, and security boundaries in a single process.  <\/SPAN>For example:<\/FONT><\/FONT><\/P>\n

\/\/ Create a PermissionSet for the sandbox AppDomain <\/SPAN><\/SPAN><\/P>\n

PermissionSet<\/SPAN> permSet = new<\/SPAN> PermissionSet<\/SPAN>(PermissionState<\/SPAN>.None);<\/SPAN><\/P>\n

…<\/SPAN><\/P>\n

 <\/SPAN><\/P>\n

\/\/ Create an AppDomainSetup.<\/SPAN><\/SPAN><\/P>\n

AppDomainSetup<\/SPAN> setup = new<\/SPAN> AppDomainSetup<\/SPAN>();<\/SPAN><\/P>\n

…<\/SPAN><\/P>\n

 <\/SPAN><\/P>\n

\/\/ Create the sandbox AppDomain<\/SPAN><\/SPAN><\/P>\n

AppDomain<\/SPAN> sandbox = AppDomain<\/SPAN>.CreateDomain(<\/SPAN><\/P>\n

    <\/SPAN>“Sandbox”<\/SPAN>,<\/SPAN><\/P>\n

    <\/SPAN>null<\/SPAN>,<\/SPAN><\/P>\n

    <\/SPAN>setup,<\/SPAN><\/P>\n

    <\/SPAN>permSet,<\/SPAN><\/P>\n

    <\/SPAN>CreateStrongName(Assembly<\/SPAN>.GetExecutingAssembly()));<\/SPAN><\/P>\n

 <\/SPAN><\/P>\n

\/\/ Execute the BuggyPlugin assembly in the sandbox AppDomain.<\/SPAN><\/SPAN><\/P>\n

try<\/SPAN><\/SPAN><\/P>\n

{<\/SPAN><\/P>\n

    <\/SPAN>sandbox.ExecuteAssembly(“BuggyPlugin.exe”<\/SPAN>);<\/SPAN><\/P>\n

}<\/SPAN><\/P>\n

catch<\/SPAN> (Exception<\/SPAN> e)<\/SPAN><\/P>\n

{<\/SPAN><\/P>\n

    <\/SPAN>LogError(e);<\/SPAN><\/P>\n

}

AppDomain<\/SPAN>.Unload(sandbox);<\/SPAN><\/P>\n

 <\/SPAN><\/P>\n

In the above host code, the BuggyPlugin assembly is executed within a sandbox AppDomain.  <\/SPAN>The restricted permissions of the AppDomain prevent the plugin from stepping out of line, and the try\/catch block around the call to ExecuteAssembly handles any synchronous exceptions that propagate from the plugin.  <\/SPAN>However, the key word is \u201csynchronous\u201d.  <\/SPAN>Asynchronous exceptions, like those thrown within Task bodies, will not propagate through this try\/catch block.  <\/SPAN>If left unobserved, they will be treated as unhandled exceptions, tearing down the process by default.<\/FONT><\/FONT><\/P>\n

The UnobservedTaskException event was added to continue to support this scenario.  <\/SPAN>The following code demonstrates how to subscribe to this event by specifying an initializer delegate for the plugin AppDomain.<\/FONT><\/FONT><\/P>\n

AppDomainSetup<\/SPAN> setup = new<\/SPAN> AppDomainSetup<\/SPAN>();<\/SPAN><\/P>\n

setup.AppDomainInitializer = _ =><\/SPAN><\/P>\n

{<\/SPAN><\/P>\n

    <\/SPAN>\/\/ Subscribe to the TPL exception event. Unobserved <\/SPAN><\/SPAN><\/P>\n

    <\/SPAN>\/\/ Task exceptions will be logged and marked as <\/SPAN><\/P>\n

    <\/SPAN>\/\/ “observed” (suppressing the usual exception escalation <\/SPAN><\/P>\n

    <\/SPAN>\/\/ behavior which would crash the process).<\/SPAN><\/SPAN><\/P>\n

    <\/SPAN>TaskScheduler<\/SPAN>.UnobservedTaskException += <\/SPAN><\/P>\n

        <\/SPAN><\/SPAN>(object<\/SPAN> sender, 
         UnobservedTaskExceptionEventArgs<\/SPAN> exceptionArgs) =><\/SPAN><\/P>\n

    <\/SPAN>{<\/SPAN><\/P>\n

        <\/SPAN>LogError(exceptionArgs.Exception);<\/SPAN><\/P>\n

        <\/SPAN>exceptionArgs.SetObserved();<\/SPAN><\/P>\n

    <\/SPAN>};<\/SPAN><\/P>\n

};<\/SPAN><\/P>\n


With this addition, all unobserved Task exceptions that originate from the plugin code will be logged and marked as observed.  <\/SPAN>It\u2019s important to note that there is one of these events per AppDomain.  <\/SPAN>This makes it possible to selectively squash Task exceptions from the plugin; exceptions that originate from the host will be treated normally (as serious errors that should stop the application\u2019s execution).<\/FONT><\/FONT><\/P>\n

Attached is the full code used in this post.  <\/SPAN>Enjoy!<\/FONT><\/FONT><\/P><\/p>\n

TPLSandbox.zip<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In a previous post, we introduced the UnobservedTaskException event, saying that it would be useful for host-plugin scenarios where a host application should continue to execute in the presence of exceptions thrown by buggy plugins.  A typical example is an Internet browser; should the entire application crash if some rich content plugin crashes?  Today, we […]<\/p>\n","protected":false},"author":485,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7908],"tags":[7907,7911,7909,7912],"class_list":["post-55911","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pfxteam","tag-net-4","tag-code-samples","tag-parallel-extensions","tag-task-parallel-library"],"acf":[],"blog_post_summary":"

In a previous post, we introduced the UnobservedTaskException event, saying that it would be useful for host-plugin scenarios where a host application should continue to execute in the presence of exceptions thrown by buggy plugins.  A typical example is an Internet browser; should the entire application crash if some rich content plugin crashes?  Today, we […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/55911","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/485"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=55911"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/55911\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=55911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=55911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=55911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}