Tell us more about CAB Modules isolation requirements

A requirement I hear every once in a while is the need to provide strong isolation between modules being loaded in a CAB Shell.

Usually the scenario described includes phrases like this:

  • "We need to unload and load modules"
  • "If a module fails (badly) we don't want the shell to come down too"
  • "We want to apply updates to modules without restarting the application"

And of course the next question is: "aren't AppDomains supposed to provide this kind of isolation?"

The answer is: yes and no.  You can have multiple modules loaded in different AppDomains as long as they don't have visuals. Modules that have visual elements (UI controls, Shell, views, etc.) need to run on a single AppDomain. This is not a CAB limitation, it is actually the way Winforms works today. Of course you are responsible for cross-domain communications and that might require changes to the EventBroker for example.

In practice, you can have reasonably good exception harnesses in all modules. That's how we coded our Reference Implementations for example.

Quite frankly, we might not be able to change much in the short term, but we are definitely interested in learning more about it, and the CLR team is also interested.

If you have anything to share, please send me an e-mail, or fill this really short (7 questions) survey.

Thanks a lot!!

Comments (2)

  1. Tommaso says:

    Another limit (I think) is the following one: suppose to have several services injection setter properties and for one of these the setter fails for some reason (e.g. the module has not been loaded) the object builder stops the setting of propreties.

Skip to main content