Geek Answers Handbook

How to place plugins securely with .NET 2.0

I am writing a chess game that allows you to compete with two programs, the player needs to write a DLL and set up a function to tell the main application where his player will move on, suppose the function looks like this:

public static void MoveNext(out int x, out int y, out int discKind);

Player DLLs can be written using C # or C ++.

In a chess game application, I start a new thread to call the function that the DLL player found in order to get a place where it will move in a turn, and I start a timer to prevent the player timeouts if the game timeout I kill the corresponding stream following API

 thread.Abort(); thread.Join();

I have the following problems as described below:

  • A thread cannot be killed with 100% certainty (it depends on the player’s code)

  • During the test, I found that if the player uses deep recursions (and if there is a memory leak in the player program), the memory usage of the host application will increase, and then the host application will be terminated without any exception.

Are there any methods, ideas, or methods that can handle the above problems?

From this, CodeInChaos suggests loading the player’s DLL into a separate domain and then unloading it when necessary, I'm not sure if it still works for an unmanaged DLL (C ++), and if this leads to low efficiency?

+6
c # hosting
source share
2 answers

An unhandled exception in AppDomain will still cause your program to terminate in .Net 2.0. You get the opportunity to respond to the exception through the event handler, but not the ability to handle it.

It is best to use processes for the isolation you are looking for.

+8
source share

If you can guarantee that your DLL plugin is always managed, then you have the opportunity to create a new application domain in your main application logic and load the assembly containing the plugin into this domain.

This gives you the opportunity to grab raw excrement in that particular application domain , after which you have the option Unload entire application domain. This way you can deal with other people's application plugins that make mistakes and throw exceptions. you also get the opportunity to specify partial trust to further limit what the plugin can do.

However, this does not help if you cannot provide the use of managed code plugins, and an earlier option to set separate processes would be more suitable.

When reading a message, it seems that you have quality problems that you should use. If you have to deal with such buggy plugins, I would take the previous advice and go with individual processes.

+4
source share

More articles:


All Articles