DEVHIDE
Login Or Sign up

How to prevent memory leak in MarshalByRefObject and AppDomain?

1.5k Views Asked by At

I am trying to compile some code during run time to allow some scripting features in my app, however I wanted to run the script in a sandbox just in case somebody tries to do something naughty.

The trouble is - after all is done and I have my output the memory doesn't get released and the "c.dll" file that is generated to run the code remains locked with my process, so any attempt to delete it fails as well - which means if I try to run the code a 2nd time, it cannot compile it again because "c.dll" is already open in "another process". Here is all the code:

The place where it all begins:

using (Microsoft.CSharp.CSharpCodeProvider provider = new Microsoft.CSharp.CSharpCodeProvider())
{
string DLLpath = System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetEntryAssembly().Location) + @"\\c.dll";
try { File.Delete(DLLpath); } catch { /*best attempt*/ }
System.CodeDom.Compiler.CompilerParameters param = new System.CodeDom.Compiler.CompilerParameters();
param.ReferencedAssemblies.Add("System.dll");
param.ReferencedAssemblies.Add("System.Data.dll");
param.ReferencedAssemblies.Add("Newtonsoft.Json.dll"); 
param.ReferencedAssemblies.Add("mscorlib.dll");
param.ReferencedAssemblies.Add("System.Core.dll");
param.ReferencedAssemblies.Add("System.Net.Http.dll");
param.ReferencedAssemblies.Add("System.Net.dll");
param.GenerateExecutable = false;
param.TreatWarningsAsErrors = false;
string code = Data.Remove(0, 8);
code = "using System;" + Environment.NewLine +
       "using System.Data;" + Environment.NewLine +
       "using Newtonsoft.Json;" + Environment.NewLine +
       "using System.IO;" + Environment.NewLine +
       "using System.Text;" + Environment.NewLine +
       "using System.Net;" + Environment.NewLine +
       "using System.Net.Http;" + Environment.NewLine +
       @"namespace Custom{public class Program{public static object Main(){" +
       code + "}}}";
param.OutputAssembly = DLLpath;
System.CodeDom.Compiler.CompilerResults res = provider.CompileAssemblyFromSource(param, code);
if (res.Errors.HasErrors)
{
    System.Text.StringBuilder sb = new System.Text.StringBuilder();
    foreach (System.CodeDom.Compiler.CompilerError error in res.Errors)
    {
        if (error.IsWarning) sb.AppendLine(String.Format("Warning ({0}): {1}", error.ErrorNumber, error.ErrorText));
        else sb.AppendLine(String.Format("Error ({0}): {1}", error.ErrorNumber, error.ErrorText));
    }
    throw new InvalidOperationException(sb.ToString());
}
Sandbox sandbox = Sandbox.Create();
string result = sandbox.Execute(res.PathToAssembly, "Custom.Program", "Main", null);
sandbox.Dispose();

sandbox = null;
res = null;
code = null;
param = null;
GC.Collect();
GC.WaitForPendingFinalizers();
try { File.Delete(DLLpath); } catch { /*best attempt*/ }
return "OK" + Environment.NewLine + result;
}

And this is the Sandbox:

class Sandbox : CrossAppDomainObject
{
    const string BaseDirectory = "Untrusted";
    const string DomainName = "Sandbox";

    public Sandbox()
    {
    }

    public static Sandbox Create()
    {
        var setup = new AppDomainSetup()
        {
            ApplicationBase = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, BaseDirectory),
            ApplicationName = DomainName,
            DisallowBindingRedirects = true,
            DisallowCodeDownload = true,
            DisallowPublisherPolicy = true
        };

        var permissions = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None);
        permissions.AddPermission(new System.Security.Permissions.ReflectionPermission(System.Security.Permissions.ReflectionPermissionFlag.RestrictedMemberAccess));
        permissions.AddPermission(new System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityPermissionFlag.Execution));

        var domain = AppDomain.CreateDomain(DomainName, null, setup, permissions,
             typeof(Sandbox).Assembly.Evidence.GetHostEvidence<System.Security.Policy.StrongName>());

        return (Sandbox)Activator.CreateInstanceFrom(domain, typeof(Sandbox).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandbox).FullName).Unwrap();
    }

    public string Execute(string assemblyPath, string scriptType, string method, params object[] parameters)
    {
        new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.Read | System.Security.Permissions.FileIOPermissionAccess.PathDiscovery, assemblyPath).Assert();
        var assembly = System.Reflection.Assembly.LoadFile(assemblyPath);
        System.Security.CodeAccessPermission.RevertAssert();

        Type type = assembly.GetType(scriptType);
        if (type == null)
            return null;

        var instance = Activator.CreateInstance(type);
        string result = string.Format("{0}", type.GetMethod(method).Invoke(instance, parameters));
        assembly = null;
        type = null;
        instance = null;
        return result; 
    }
}

And this is the CrossAppDomainObject:

public abstract class CrossAppDomainObject : MarshalByRefObject, IDisposable
{

    private bool _disposed;

    /// <summary>
    /// Gets an enumeration of nested <see cref="MarshalByRefObject"/> objects.
    /// </summary>
    protected virtual System.Collections.Generic.IEnumerable<MarshalByRefObject> NestedMarshalByRefObjects
    {
        get { yield break; }
    }

    ~CrossAppDomainObject()
    {
        Dispose(false);
    }

    /// <summary>
    /// Disconnects the remoting channel(s) of this object and all nested objects.
    /// </summary>
    private void Disconnect()
    {
        System.Runtime.Remoting.RemotingServices.Disconnect(this);

        foreach (var tmp in NestedMarshalByRefObjects)
            System.Runtime.Remoting.RemotingServices.Disconnect(tmp);
    }

    public sealed override object InitializeLifetimeService()
    {
        //
        // Returning null designates an infinite non-expiring lease.
        // We must therefore ensure that RemotingServices.Disconnect() is called when
        // it's no longer needed otherwise there will be a memory leak.
        //
        return null;
    }

    public void Dispose()
    {
        GC.SuppressFinalize(this);
        Dispose(true);
    }

    protected virtual void Dispose(bool disposing)
    {
        if (_disposed)
            return;

        Disconnect();
        _disposed = true;
    }

}

Note that I got the CrossAppDomainObject abstract class from Nathan Evans's blog at https://nbevans.wordpress.com/2011/04/17/memory-leaks-with-an-infinite-lifetime-instance-of-marshalbyrefobject/

I would be greatful for any guidance, as I am completely clueless here.

EDIT:

After Hans told me to go back to the drawing board, I did exactly that and used this MSDN article for reference: https://msdn.microsoft.com/en-us/library/bb763046(v=vs.110).aspx

After playing around with it for a bit I hacked together this:

class Sandboxer : CrossAppDomainObject
{
    public static string Start(string pathToUntrusted, string untrustedAssembly, string untrustedClass, string entryPoint, Object[] parameters)
    {
        AppDomainSetup adSetup = new AppDomainSetup();
        adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted);

        System.Security.PermissionSet permSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None);
        permSet.AddPermission(new System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityPermissionFlag.Execution));

        System.Security.Policy.StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<System.Security.Policy.StrongName>();

        AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);

        System.Runtime.Remoting.ObjectHandle handle = Activator.CreateInstanceFrom(
            newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
            typeof(Sandboxer).FullName
            );

        Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap();
        System.Reflection.AssemblyName untrustedAssemblyName = System.Reflection.AssemblyName.GetAssemblyName(untrustedAssembly);
        string result = newDomainInstance.ExecuteUntrustedCode(untrustedAssemblyName, untrustedAssembly, untrustedClass, entryPoint, parameters);
        AppDomain.Unload(newDomain);
        System.Reflection.Assembly[] list = AppDomain.CurrentDomain.GetAssemblies();
        return result;
    }
    public string ExecuteUntrustedCode(System.Reflection.AssemblyName assemblyName, string assemblyPath, string typeName, string entryPoint, Object[] parameters)
    {
        new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.Read | System.Security.Permissions.FileIOPermissionAccess.PathDiscovery, assemblyPath).Assert();       
        System.Reflection.MethodInfo target = System.Reflection.Assembly.Load(assemblyName).GetType(typeName).GetMethod(entryPoint);
        System.Security.CodeAccessPermission.RevertAssert();
        try
        {
            return (string)target.Invoke(null, parameters);
        }
        catch (Exception ex)
        {
            Exception e;
            (new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted)).Assert();
            e = ex;
            System.Security.CodeAccessPermission.RevertAssert();
            return e.Message;
        }
    }
}
c# memory-leaks dispose appdomain marshalbyrefobject
Original Q&A
0

There are 0 best solutions below

Related Questions in C#

Related Questions in MEMORY-LEAKS

Related Questions in DISPOSE

Related Questions in APPDOMAIN

Related Questions in MARSHALBYREFOBJECT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.