Click here to Skip to main content
16,000,135 members
Articles / Programming Languages / C#

Using Keyword Is Not Abort Safe

Rate me:
Please Sign up or sign in to vote.
4.57/5 (34 votes)
6 Mar 2010CPOL5 min read 104.4K   127   33   62
This article shows why not even the "using" keyword is a failsafe mechanism

Introduction

C# is a safe and managed language. By safe, we can understand it will help developers avoid common errors, like causing memory leaks or accessing invalid memory. In fact, .NET is really good at this, but the Garbage Collection does not occur immediately so, when we need to free a resource immediately, we must call some type of "free" method, like Close in files and database connections, Commit or Rollback transactions or, in general, the Dispose() method, which is also implemented by files, database objects and transactions.

Dispose() methods free the associated resources immediately, so a file being written can now be read by another process, a database connection can return to the pool and other unmanaged resources (like windows Handles) are freed immediately, releasing memory.

But, how do we call Dispose()?

In C#, we have the using keyword which must be used as follows:

C#
using(var disposable = new DisposableType())
{
  ... do what's needed with the disposable variable here ...
}

And, at the end of the block, the Dispose will be called. Such code will be compiled like:

C#
{
  var disposable = new DisposableType();
  try
  {
    ... do what's needed with the disposable variable here ...
  }
  finally
  {
    if (disposable != null)
      disposable.Dispose();
  }
}

Even the new keyword will never return null, the "pattern" includes the if (disposable != null), but I really think the JIT will optimize and remove such unnecessary if.

So, this code is safe, right? Any exception after the disposable object is created will be protected by the finally clause and will call Dispose.

Well, no. For synchronous exceptions, that's correct, but there are asynchronous exceptions too, in special ThreadAbortException.

Imagine that just after setting the disposable value and before the try, a ThreadAbortException is thrown, by a request to Abort from another thread. We are not yet in the try, so the finally will not be called. This is an issue. It will not cause a memory leak, considering that GC will eventually collect the object, but such resource will be held for a long time. If this is a database connection, it could not return to the pool. If this is a file, it can be kept in exclusive mode forbidding anyone else from using it.

So, how do we solve this? I will present the solution later, but I will first show something that looks like a solution. Why? Because I think that not knowing the problem with this pseudo solution will make someone try to use it, specially because there are some places that already use this structure as the "right" one.

The Code

C#
DisposableType disposable = null;
try
{
  disposable = new DisposableType();
  ... use the disposable object here ...
}
finally
{
  if (disposable != null)
    disposable.Dispose();
}

In this solution, the disposable is initialized with null. So, the block is protected with a try/finally before the disposable object is created. If the ThreadAbortException comes before object is created, the if in the finally will make it work. If the ThreadAbortException comes just after the object is created, it will work also. But, there is still a problem.

Abort can happen at any assembly instruction. Even our line looks like disposable = new DisposableType(), in assembler we first allocate the type and then we store such result in disposable variable. To make it worse, constructors can also be interrupted in the middle (I made many tests myself, even not having examples to show exactly where the exceptions happen).

So, is there a possible way to solve the problem? Yes. But we must use it with caution. As already shown, when an exception is thrown the finally block gets executed. If we are already in the finally block, it continues to execute normally, so an Abort called for a thread that is already in finally block does not force it to exit to another finally block, missing some steps. So, we can use this, we put all the code that should not be blocked inside a finally block.

But, remember, use it with caution. If you use any blocking operation in such block, you will not be able to Abort the thread even if you need to. This can be a very frustrating user experience.

So, let's see the code:

C#
DisposableType disposable = null;
try
{
  try
  {
  }
  finally
  {
    disposable = new DisposableType();
  }

  ... use the disposable object here ...
}
finally
{
  if (disposable != null)
    disposable.Dispose();
}

With this solution, or the Abort happens before the DisposableType is allocated, or after it is fully allocated and the variable is set. No "in-the-middle" aborts.

So, this is it? Well, for ThreadAbortExceptions, yes. For other asynchronous exceptions, no. If you look at the documentation of CERs (Constrained Execution Regions), be prepared to deal with the ThreadAbortException is only one of the needed cautions. The system can run out-of-memory when it needs to compile a method or the application can be asked to shutdown abruptly, avoiding normal finally clauses. But, don't think this makes such a technique obsolete. ThreadAbortExceptions are much more common than the other exceptions and, specially when the application is shutdown abruptly, files or database connections left open will be reclaimed by the operating system either way.

Improvements

The technique presented works, but it is ugly. So, I decided to create some classes and helper methods. The most important one is in the AbortSafe class, and is the Run method that receives 3 parameters. Let's look at the method:

C#
public static void Run(Action allocationBlock, Action codeBlock, Action finallyBlock)
{
	if (allocationBlock == null)
		throw new ArgumentNullException("allocationBlock");
	
	if (codeBlock == null)
		throw new ArgumentNullException("codeBlock");
	
	if (finallyBlock == null)
		throw new ArgumentNullException("finallyBlock");

	try
	{
		try
		{
		}
		finally
		{
			allocationBlock();
		}
		
		codeBlock();
	}
	finally
	{
		finallyBlock();
	}
}

It simply receives three actions. If the allocation starts, it is guaranteed to finish, even if the abort happens in the middle. Independent from the success of allocation, finalization will be run. The only block that is abortable is the code block.

Let's look a simple example of how to use it:

C#
DisposableType disposable = null;
AbortSafe.Run
(
  () => disposable = new DisposableType(),
  () =>
  {
    ... do what you need with the disposable object...
  },
  () => disposable.CheckedDispose()
);

The CheckedDispose is an extension method found in Pfz.Extensions.DisposeExtensions namespace. It will simply check if the variable is not null before disposing it. I did this only to avoid creating a new code block to do the "if". As you can see, the code is "less" ugly than creating an empty try to program in the finally block. Also, it does not look like an error, so it does not have the same chance of being "corrected" by someone else that does not understand why the code was written in a finally clause.

Sample

In the attached zip is a program that creates and aborts threads, which will be creating and recreating the same file, but allowing you to choose the way it will do this:

  1. With the using keyword
  2. With the pseudo-solution
  3. With the AbortSafe solution

The 1st and 2nd, at some time, will cause an IO exception because the file is "already opened", while the 3rd will not cause such exception.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer (Senior) Microsoft
United States United States
I started to program computers when I was 11 years old, as a hobbyist, programming in AMOS Basic and Blitz Basic for Amiga.
At 12 I had my first try with assembler, but it was too difficult at the time. Then, in the same year, I learned C and, after learning C, I was finally able to learn assembler (for Motorola 680x0).
Not sure, but probably between 12 and 13, I started to learn C++. I always programmed "in an object oriented way", but using function pointers instead of virtual methods.

At 15 I started to learn Pascal at school and to use Delphi. At 16 I started my first internship (using Delphi). At 18 I started to work professionally using C++ and since then I've developed my programming skills as a professional developer in C++ and C#, generally creating libraries that help other developers do their work easier, faster and with less errors.

Want more info or simply want to contact me?
Take a look at: http://paulozemek.azurewebsites.net/
Or e-mail me at: paulozemek@outlook.com

Codeproject MVP 2012, 2015 & 2016
Microsoft MVP 2013-2014 (in October 2014 I started working at Microsoft, so I can't be a Microsoft MVP anymore).

Comments and Discussions

 
GeneralRe: Thoughts Pin
Paulo Zemek28-Nov-09 5:02
Paulo Zemek28-Nov-09 5:02 
GeneralRe: Thoughts Pin
AspDotNetDev28-Nov-09 10:50
protectorAspDotNetDev28-Nov-09 10:50 
GeneralRe: Thoughts Pin
Paulo Zemek30-Nov-09 0:59
Paulo Zemek30-Nov-09 0:59 
GeneralRe: Thoughts Pin
AspDotNetDev4-Dec-09 20:00
protectorAspDotNetDev4-Dec-09 20:00 
GeneralRe: Thoughts Pin
AspDotNetDev4-Dec-09 20:24
protectorAspDotNetDev4-Dec-09 20:24 
GeneralRe: Thoughts [modified] Pin
Paulo Zemek5-Dec-09 4:54
Paulo Zemek5-Dec-09 4:54 
Simple... make tests.
To start, think that my example is stopped inside a constructor. So, a constructor can be interrupted.
Also, think that a constructor is complete when it has done all it's work, but there is an "invisible" return just after the last command. So, even if the constructor is done like:

try
{
}
finally
{
all constructor here.
}

After that, it will have a return, which can receive the abort. So, in fact, the constructor finished, but the variable was not set.


Also, your example is not right. You must do something with the variable, or else the optimizer can remove it. I think in your example, the variable was not even created. Try allocating three or four variables and using them. Then you can see where the variable assignment is done.

modified on Saturday, December 5, 2009 11:05 AM

GeneralRe: Thoughts Pin
AspDotNetDev5-Dec-09 12:27
protectorAspDotNetDev5-Dec-09 12:27 
GeneralRe: Thoughts Pin
PIEBALDconsult28-Nov-09 4:44
mvePIEBALDconsult28-Nov-09 4:44 
GeneralRe: Thoughts Pin
Paulo Zemek28-Nov-09 5:03
Paulo Zemek28-Nov-09 5:03 
GeneralNice Pin
Nicholas Butler27-Nov-09 6:18
sitebuilderNicholas Butler27-Nov-09 6:18 
GeneralRe: Nice Pin
Paulo Zemek27-Nov-09 6:23
Paulo Zemek27-Nov-09 6:23 
GeneralRe: Nice Pin
Nicholas Butler27-Nov-09 6:41
sitebuilderNicholas Butler27-Nov-09 6:41 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.