1

Writing Rock-Solid Reliable Writing Rock-Solid Reliable Applications For Windows Vista And Applications For Windows Vista And The CLRThe CLR

Björn Levidow, Group Program ManagerBjörn Levidow, Group Program ManagerBrian Grunkemeyer, Software Design Brian Grunkemeyer, Software Design EngineerEngineerFUN308FUN308Microsoft CorporationMicrosoft CorporationBjornL@microsoft.com BjornL@microsoft.com BrianGru@microsoft.comBrianGru@microsoft.com

2

What You Will SeeWhat You Will See

Customer-Focused Reliability Customer-Focused Reliability AttributesAttributes

Windows Vista and CLR reliability Windows Vista and CLR reliability goalsgoals

Windows Vista and CLR reliability Windows Vista and CLR reliability featuresfeatures

Detailed resiliency discussionDetailed resiliency discussion

Features and ToolsFeatures and Tools

SummarySummary

Call to ActionCall to Action

The Microsoft Platform affords developing The Microsoft Platform affords developing reliable applications, both native and managedreliable applications, both native and managed

3

RecoverableRecoverable After disruption the system is easily After disruption the system is easily restored to a previously known state restored to a previously known state with no data losswith no data loss

ResilienResilientt

The system continues to provide The system continues to provide service in the face of internal or service in the face of internal or external disruptionsexternal disruptions

PredictablePredictable It works as advertised, what worked It works as advertised, what worked before works nowbefore works now

ProductioProductionn ReadyReady

UndisruptableUndisruptableRequired changes and upgrades do Required changes and upgrades do not impact the servicenot impact the service

ControlleControlledd

Provides timely and expected service Provides timely and expected service whenever neededwhenever needed

AttributeAttribute DefinitionDefinition ExamplesExamples

crashes, hangs …crashes, hangs …

degraded degraded responseresponse

update update disruptionsdisruptions

patch size, patch size, frequencyfrequency

compatibility compatibility failuresfailures

data data corruptioncorruption

At release the system contains a At release the system contains a minimum number of bugs, requiring a minimum number of bugs, requiring a limited number of predictable limited number of predictable patches/fixespatches/fixes

Customer-Focused Customer-Focused Reliability AttributesReliability Attributes

4PredictablePredictable Good versioning and installation Good versioning and installation practicespractices

compatibility compatibility failuresfailures

ResilienResilientt

•Process/App Domain RecyclingProcess/App Domain Recycling

•SafeHandleSafeHandlecrashes, hangs …crashes, hangs …

Requires Application Design Requires Application Design ConsiderationConsideration

RecoverableRecoverable •Transactional file system/RegistryTransactional file system/Registry

•Common log file systemCommon log file system

ProductioProductionn ReadyReady

UndisruptableUndisruptable•Restart ManagerRestart Manager

ControlleControlledd

•Resource Exhaustion DiagnosticsResource Exhaustion Diagnostics

•I/O cancellationI/O cancellationdegraded degraded responseresponse

update update disruptionsdisruptions

patch size, patch size, frequencyfrequency

data data corruptioncorruption

•/Analyze, Safe C++ libraries, FxCop/Analyze, Safe C++ libraries, FxCop

•App Verifier, Managed Debugging App Verifier, Managed Debugging AssistantAssistant

OS or CLR features to plug into your OS or CLR features to plug into your appapp

Addressing Customer-Addressing Customer-Focused Reliability Focused Reliability AttributesAttributes

5

Windows Vista Reliability Windows Vista Reliability ObjectivesObjectives

No loss of work, time, data or controlNo loss of work, time, data or control

No Hangs, No Crashes, No RebootsNo Hangs, No Crashes, No Reboots

Reducing user disruptions and increasing Reducing user disruptions and increasing availabilityavailability

How we raised the bar on Windows Vista How we raised the bar on Windows Vista reliabilityreliability

New processes to minimize bugs and design New processes to minimize bugs and design issuesissues

Enhanced feedback using Windows Error Enhanced feedback using Windows Error Reporting for identifying product problems Reporting for identifying product problems during developmentduring development

New reliability featuresNew reliability features

6

CLR Reliability ObjectivesCLR Reliability Objectives

Write resilient applicationsWrite resilient applications

Improve application availabilityImprove application availability

Reduce user disruptions and increasing availabilityReduce user disruptions and increasing availabilityResiliency against failures, crashes and hangsResiliency against failures, crashes and hangs

Availability is great today. Let’s make it even betterAvailability is great today. Let’s make it even better

How we raised the bar on CLR reliabilityHow we raised the bar on CLR reliabilityTested product with fault injection Tested product with fault injection

New reliability featuresNew reliability features

Hardened managed librariesHardened managed libraries

7

How Much Reliability Do I How Much Reliability Do I Need?Need?Different bars for different Different bars for different environmentsenvironmentsReliability of most software meets Reliability of most software meets

customer needscustomer needsA few bad apples spoil the overall experienceA few bad apples spoil the overall experience

Reliability needs differ based on your Reliability needs differ based on your applicationapplication

Console applications and simple apps like Console applications and simple apps like calc.execalc.exe

Sophisticated application (Word, Photoshop)Sophisticated application (Word, Photoshop)

Library codeLibrary code

Highly available server codeHighly available server code

Library code’s reliability bar is dictated by Library code’s reliability bar is dictated by the applications that use the librarythe applications that use the library

CarCar

8

Writing Reliable CodeWriting Reliable CodeReliability Has A CostReliability Has A Cost

Writing reliable Writing reliable unmanagedunmanaged code takes work code takes workRequires discipline to handle out of memory problemsRequires discipline to handle out of memory problems

Failures in multi-threaded apps are hard to handleFailures in multi-threaded apps are hard to handle

Requires extensive testing (fault injection, stress runs)Requires extensive testing (fault injection, stress runs)

Writing reliable Writing reliable managed managed code takes workcode takes workUnder the covers, the CLR manages your codeUnder the covers, the CLR manages your code

Eliminates entire classes of bugs, like dangling pointers, Eliminates entire classes of bugs, like dangling pointers, memory leaks, most buffer overruns, etc.memory leaks, most buffer overruns, etc.

However, CLR-induced failure points aren’t obviousHowever, CLR-induced failure points aren’t obvious

Asynchronous exceptions: OutOfMemoryException and Asynchronous exceptions: OutOfMemoryException and ThreadAbortExceptionThreadAbortException

9

Customer-Focused Reliability Customer-Focused Reliability AttributesAttributes

RecoverableRecoverable

ResilienResilientt

The system continues to provide The system continues to provide service in the face of internal or service in the face of internal or external disruptionsexternal disruptions

PredictablePredictable

ProductioProductionn ReadyReady

UndisruptableUndisruptable

ControlleControlledd

AttributeAttribute DefinitionDefinition ExamplesExamples

crashes, hangs …crashes, hangs …

10

How Do We Get Resiliency?How Do We Get Resiliency?Resiliency ApproachesResiliency Approaches

Isolated extensibility modelsIsolated extensibility modelsKeep extensions in their own process Keep extensions in their own process spacespace

Enables recyclingEnables recycling

Process RecyclingProcess RecyclingOperating System resources are Operating System resources are guaranteed to be freedguaranteed to be freed

Relatively cheap and Relatively cheap and relatively relatively easyeasy

Requires a stateless, almost Requires a stateless, almost transactional modeltransactional model

11

Process RecyclingProcess RecyclingHosted programming model Hosted programming model exampleexample

ASP.NET hosts applicationsASP.NET hosts applications

Uses process recycling for resiliencyUses process recycling for resiliency

Worker processes may encounter a resource leak Worker processes may encounter a resource leak or deadlock, and the host will kill themor deadlock, and the host will kill them

Bugs could be anywhere in the processBugs could be anywhere in the process

Server is resilient to these failures Server is resilient to these failures Session state must live in a database or out-of-procSession state must live in a database or out-of-proc

In-process session state is lost. Controllable via web.configIn-process session state is lost. Controllable via web.config

Cheap and good enough for a web serverCheap and good enough for a web server

12

AppDomain RecyclingAppDomain RecyclingAnother hosted programming Another hosted programming modelmodel

Application Domains are a unit of isolationApplication Domains are a unit of isolationStatic variables are per-appdomainStatic variables are per-appdomainAvoid* mutating any cross-AD or cross-process stateAvoid* mutating any cross-AD or cross-process state

SQL unloads and recycles AppDomainsSQL unloads and recycles AppDomainsMitigates state corruptionMitigates state corruptionHigher availabilityHigher availabilitySQL is transacted => no database corruptionSQL is transacted => no database corruptionOperating System (OS) resources must be freed, but the Operating System (OS) resources must be freed, but the OS OS is AD-ignorantis AD-ignorant

Appdomain unloading must be clean!Appdomain unloading must be clean!SQL Server ProcessSQL Server Process

AppDomain 3AppDomain 3AppDomain 2AppDomain 2Default Default AppDomainAppDomain

13

Problems For Hosted CodeProblems For Hosted CodeHow does a host hurt your How does a host hurt your reliability?reliability?

Hosted libraries make tradeoffs to Hosted libraries make tradeoffs to guarantee availabilityguarantee availabilityThread aborts between two machine Thread aborts between two machine instructionsinstructions

OutOfMemoryExceptions more common OutOfMemoryExceptions more common when hostedwhen hostedTypical cleanup techniques aren’t Typical cleanup techniques aren’t guaranteed!guaranteed!

Finalizers and finally’s may be abortedFinalizers and finally’s may be aborted

Hosted managed libraries should be Hosted managed libraries should be hardenedhardened

Prevent leaking resources in aggressive hostsPrevent leaking resources in aggressive hostsUsing hardened code is very forgivingUsing hardened code is very forgiving

call native int CreateFile(…)call native int CreateFile(…)

stloc.2stloc.2IntPtr handle = CreateFile(…);IntPtr handle = CreateFile(…);

14

SafeHandleSafeHandleReliably releasing a handleReliably releasing a handle

A reliable, convenient wrapper for OS A reliable, convenient wrapper for OS handleshandles

CLR guarantees your release code will runCLR guarantees your release code will runCritical finalizationCritical finalization

BenefitsBenefitsAvoids races with your own finalizerAvoids races with your own finalizer

Reduced object graph promotion during GCReduced object graph promotion during GC

Type-safe manipulation of handlesType-safe manipulation of handles

Small perf costsSmall perf costsAnother 20 bytes on x86, 32 bytes on 64 bitAnother 20 bytes on x86, 32 bytes on 64 bit

Ref count when a thread is Ref count when a thread is actively usingactively using a a SafeHandleSafeHandle

15

SafeHandle DemoSafeHandle Demo

Brian GrunkemeyerBrian GrunkemeyerSoftware Development EngineerSoftware Development EngineerCommon Language RuntimeCommon Language Runtime

16

Constrained Execution Constrained Execution RegionsRegionsLimited guaranteed executionLimited guaranteed execution

For building hosts and changing cross-AD stateFor building hosts and changing cross-AD state

Hoist CLR-induced failures and delay Hoist CLR-induced failures and delay thread abortsthread abortsConstraints on your codeConstraints on your code

Only call methods with reliability contractsOnly call methods with reliability contractsNo allocations, virtual calls, acquiring locks, etc.No allocations, virtual calls, acquiring locks, etc.

Perf and complexity costPerf and complexity cost

RuntimeHelpers.PrepareConstrainedRegions();RuntimeHelpers.PrepareConstrainedRegions();

try {try {

// Arbitrary code: may fail// Arbitrary code: may fail

}}

finally {finally {

// Constrained code: No virtual calls or allocs// Constrained code: No virtual calls or allocs

}}

17

When To Use SafeHandle And When To Use SafeHandle And CER’sCER’s

Use SafeHandles whenUse SafeHandles whenLibraries hosted in environments using Libraries hosted in environments using appdomain recyclingappdomain recycling

Anyone using P/Invoke to acquire OS Anyone using P/Invoke to acquire OS resourcesresources

Use CER’s whenUse CER’s whenHosted Hosted code that manipulates cross-code that manipulates cross-appdomain or cross-machine stateappdomain or cross-machine state

Still need to design for a power failureStill need to design for a power failure

Corner cases that SafeHandle doesn’t Corner cases that SafeHandle doesn’t support support

Marshaling out handles stored in a structMarshaling out handles stored in a struct

18

RecoverableRecoverable After disruption the system is easily After disruption the system is easily restored to a previously known state restored to a previously known state with no data losswith no data loss

ResilienResilientt

PredictablePredictable

ProductioProductionn ReadyReady

UndisruptableUndisruptable

ControlleControlledd

AttributeAttribute DefinitionDefinition ExamplesExamples

data data corruptioncorruption

Customer-Focused Customer-Focused Reliability AttributesReliability Attributes

19

Writing Recoverable Writing Recoverable ApplicationsApplications

Writing bug free apps is Nirvana, but…Writing bug free apps is Nirvana, but…Nobody’s perfect Nobody’s perfect Not all software controls nuclear power plantsNot all software controls nuclear power plants

Even if you get there, external factors affect youEven if you get there, external factors affect youSoftware installs, resource exhaustion, power failuresSoftware installs, resource exhaustion, power failures

User uses your app in an unexpected wayUser uses your app in an unexpected way

So, writing recoverable apps is necessarySo, writing recoverable apps is necessaryExpect the unexpected!Expect the unexpected!

Apps should be journaled and designed to recover Apps should be journaled and designed to recover

Use transactions and journaling to persist dataUse transactions and journaling to persist data

Save data and state most important to your applicationsSave data and state most important to your applications

Word is a good exampleWord is a good exampleSaves user docs ever 3 minutes to minimize lossSaves user docs ever 3 minutes to minimize loss

Document recovery as wellDocument recovery as well

20

Transactions And Transactions And JournalingJournalingTools to help build recoverable Tools to help build recoverable appsappsWin32Win32

File and Registry Transactions (TxF)File and Registry Transactions (TxF)

Common Log File System (CLFS)Common Log File System (CLFS)

ManagedManagedSystem.TransactionsSystem.Transactions

SetCurrentTransaction(HANDLE hTransaction)SetCurrentTransaction(HANDLE hTransaction)

using (TransactionScope scope = new TransactionScope(using (TransactionScope scope = new TransactionScope( TransactionScopeOption.Required,TransactionScopeOption.Required,                  new TransactionOptions(),EnterpriseServicesInteropOption.Full))new TransactionOptions(),EnterpriseServicesInteropOption.Full)){{      if (!EnterTransactionScope()) throw new TransactionException(“Bad");if (!EnterTransactionScope()) throw new TransactionException(“Bad");        // Write to one or many files, etc.// Write to one or many files, etc.        if (!ExitTransactionScope()) throw new TransactionException(“Bad");if (!ExitTransactionScope()) throw new TransactionException(“Bad");      scope.Complete();scope.Complete();}}

21

RecoverableRecoverable

ResilienResilientt

PredictablePredictable

ProductioProductionn ReadyReady

UndisruptableUndisruptable

ControlleControlledd

Provides timely and expected service Provides timely and expected service whenever neededwhenever needed

AttributeAttribute DefinitionDefinition ExamplesExamples

degraded degraded responseresponse

Customer-Focused Customer-Focused Reliability AttributesReliability Attributes

22

Resource Exhaustion Resource Exhaustion DiagnosisDiagnosis

Give users control of their system by allowing Give users control of their system by allowing them to take action before a low resource them to take action before a low resource condition impacts them condition impacts them

Automatic detection and diagnosis of near-exhaustion of Automatic detection and diagnosis of near-exhaustion of commit limit and memory leaks on client SKUscommit limit and memory leaks on client SKUs

Provide options for manual and automatic resolution to Provide options for manual and automatic resolution to avoid exhaustionavoid exhaustion

Impact on Windows Vista applicationsImpact on Windows Vista applications If GUI app uses lots of VM, will show up on list of If GUI app uses lots of VM, will show up on list of applications to be closed by userapplications to be closed by user

If service or CMD app, will be shut down by Windows If service or CMD app, will be shut down by Windows when exhaustion has been hitwhen exhaustion has been hit

What you need to doWhat you need to doBe mindful of memory utilization: e.g. trim working set Be mindful of memory utilization: e.g. trim working set when unusedwhen unused

23

I/O Cancellation SupportI/O Cancellation Support

Apps shouldn’t hangApps shouldn’t hangApps should provide a cancel buttonApps should provide a cancel buttonEver see Outlook hang while downloading mail?Ever see Outlook hang while downloading mail?

New Win32 Cancellation APIs for Windows VistaNew Win32 Cancellation APIs for Windows VistaCancel specific async I/O requests for file handleCancel specific async I/O requests for file handle

Cancel synchronous requests from another threadCancel synchronous requests from another thread

No managed support until “Orcas”No managed support until “Orcas”Look for the CancellationRegion classLook for the CancellationRegion class

CaveatsCaveatsOperation is only marked for cancellationOperation is only marked for cancellationSome “meta APIs” aren’t cancelable: (e.g. CopyFile. Use Some “meta APIs” aren’t cancelable: (e.g. CopyFile. Use CopyFileEx)CopyFileEx)Slightly tricky to useSlightly tricky to use

CancelIoEx(HANDLE hFile, LPOVERLAPPED lpOverlap)CancelIoEx(HANDLE hFile, LPOVERLAPPED lpOverlap)

CancelSynchronousIO(HANDLE hThread)CancelSynchronousIO(HANDLE hThread)

24

RecoverableRecoverable

ResilienResilientt

PredictablePredictable

ProductioProductionn ReadyReady

UndisruptableUndisruptableRequired changes and upgrades do Required changes and upgrades do not impact the servicenot impact the service

ControlleControlledd

AttributeAttribute DefinitionDefinition ExamplesExamples

update update disruptionsdisruptions

Customer-Focused Customer-Focused Reliability AttributesReliability Attributes

25

Minimize Reboots When Minimize Reboots When Installing SoftwareInstalling Software

Use the Restart Manager APIsUse the Restart Manager APIsShuts down only required apps and servicesShuts down only required apps and services

Automatically detect and shutdown services in shared Automatically detect and shutdown services in shared processes with a file in useprocesses with a file in use

Prevents the need for a machine restart after apps or Prevents the need for a machine restart after apps or services have been shutdownservices have been shutdown

Groups application, service and machine restartsGroups application, service and machine restarts

Design app “freeze-dry” functionality to return user to Design app “freeze-dry” functionality to return user to the state they were in before the restartthe state they were in before the restart

Use P/Invoke for managed applicationsUse P/Invoke for managed applications

Users experience minimum disruptionfor application and patch installs for

your application

RegisterApplicationRestart( GetCommandLine(), 0 ); // NativeRegisterApplicationRestart( GetCommandLine(), 0 ); // Native

26

RecoverableRecoverable

ResilienResilientt

PredictablePredictable

ProductioProductionn ReadyReady

UndisruptableUndisruptable

ControlleControlledd

AttributeAttribute DefinitionDefinition ExamplesExamples

patch size, patch size, frequencyfrequency

At release the system contains a At release the system contains a minimum number of bugs, requiring a minimum number of bugs, requiring a limited number of predictable limited number of predictable patches/fixespatches/fixes

Customer-Focused Customer-Focused Reliability AttributesReliability Attributes

27

Windows Error Reporting Windows Error Reporting During DevelopmentDuring Development

Errors are reported to Microsoft in real-time Errors are reported to Microsoft in real-time by customer choice (crashes, hangs) by customer choice (crashes, hangs) Automatic analysis and signature matching Automatic analysis and signature matching to known issuesto known issuesProblems available to registered developers Problems available to registered developers through the Developer Portal through the Developer Portal Known fixes provided to customers in real-Known fixes provided to customers in real-timetimeAPI’s for failing quickly and reporting an API’s for failing quickly and reporting an errorerror

Or, simply let an exception go unhandled, in Or, simply let an exception go unhandled, in both managed and nativeboth managed and native

Environment.FailFast(String reason); // Managed “panic button”Environment.FailFast(String reason); // Managed “panic button”

28

Reliability Best PracticesReliability Best Practices

If crash occurs, report the issue via If crash occurs, report the issue via Windows Error Reporting Windows Error Reporting

Don’t use the IsBadWritePtr family of APIsDon’t use the IsBadWritePtr family of APIs

Turns debuggable crash into silent process exitTurns debuggable crash into silent process exit

Replace the API with a simple `if (p == NULL)` Replace the API with a simple `if (p == NULL)` checkcheck

Write multi-threaded code correctlyWrite multi-threaded code correctlyUse synchronization primitives for stopping and Use synchronization primitives for stopping and pausing threadspausing threads

Don’t call TerminateThreadDon’t call TerminateThread

Avoid calling Thread.AbortAvoid calling Thread.Abort

Don’t call Thread.SuspendDon’t call Thread.Suspend

29

Recommended Tools For Recommended Tools For Making Code Production Making Code Production ReadyReady

UnmanagedUnmanagedSafe C++ Libraries (CRT, MFC, ATL)Safe C++ Libraries (CRT, MFC, ATL)

C++ Compiler static analysis (/analyze)C++ Compiler static analysis (/analyze)

C++ Compiler’s buffer overrun cookie C++ Compiler’s buffer overrun cookie (/GS)(/GS)

Application VerifierApplication Verifier

ManagedManagedFxCopFxCop

Managed Debugging AssistantsManaged Debugging Assistants

30

SummarySummary

What is Reliability?What is Reliability?Customer taxonomyCustomer taxonomy

Windows Vista and CLR reliability Windows Vista and CLR reliability goalsgoals

Windows Vista and CLR reliability Windows Vista and CLR reliability featuresfeatures

Detailed resiliency discussionDetailed resiliency discussion

Features and ToolsFeatures and Tools

The Microsoft Platform affords developing The Microsoft Platform affords developing reliable applications, both native and managedreliable applications, both native and managed

31

Call To ActionCall To ActionDesign for resiliency as discussedDesign for resiliency as discussed

Use SafeHandle to free OS handlesUse SafeHandle to free OS handles

Use Windows Vista’s transactions for Use Windows Vista’s transactions for recoverabilityrecoverability

Use Windows Vista’s new Restart Use Windows Vista’s new Restart Manager API’s to minimize Manager API’s to minimize disruptionsdisruptions

Support cancellation to give users Support cancellation to give users controlcontrol

Use all the tools at your disposal to Use all the tools at your disposal to make your code production readymake your code production ready

E.g. FxCop, /Analyze, Windows Error E.g. FxCop, /Analyze, Windows Error ReportingReporting

32

More InformationMore InformationManaged Resiliency Managed Resiliency FeaturesFeatures

At PDCAt PDCAdd-Ins and Versioning - FUN 309: “Designing managed Add-Ins and Versioning - FUN 309: “Designing managed addins for reliability, security, and versioning” w/ Jim addins for reliability, security, and versioning” w/ Jim MillerMiller

Versioning – FUN 314: “Architecting your apps for the Versioning – FUN 314: “Architecting your apps for the future”future”

After PDCAfter PDCHigh-level overview: High-level overview: http://msdn.microsoft.com/msdnmag/issues/05/10/Reliabihttp://msdn.microsoft.com/msdnmag/issues/05/10/Reliability/lity/

SafeHandle: SafeHandle: http://blogs.msdn.com/bclteam/archive/2005/03/16/3969http://blogs.msdn.com/bclteam/archive/2005/03/16/396900.aspx00.aspx

Constrained Execution Regions: Constrained Execution Regions: http://blogs.msdn.com/bclteam/archive/2005/06/14/4291http://blogs.msdn.com/bclteam/archive/2005/06/14/429181.aspx81.aspx

Chris Brumme’s Hosting & Reliability blog posts: Chris Brumme’s Hosting & Reliability blog posts: http://blogs.msdn.com/cbrumme/archive/2004/02/21/775http://blogs.msdn.com/cbrumme/archive/2004/02/21/77595.aspx95.aspx

http://blogs.msdn.com/cbrumme/archive/2003/06/23/514http://blogs.msdn.com/cbrumme/archive/2003/06/23/51482.aspx82.aspx

33

More InformationMore InformationWindows Vista reliability featuresWindows Vista reliability features

At PDCAt PDCJournaling – FUN034: Improving reliability with the new Journaling – FUN034: Improving reliability with the new System.Transactions classes, file system, and registry System.Transactions classes, file system, and registry transactionstransactions

Restart Manager and Versioning – FUN222: Windows Vista and Restart Manager and Versioning – FUN222: Windows Vista and "Longhorn" Server: What's New in Windows Installer (MSI) and "Longhorn" Server: What's New in Windows Installer (MSI) and ClickOnceClickOnce

Feedback – FUN313: Windows Vista: Improving Quality through Feedback – FUN313: Windows Vista: Improving Quality through Windows Feedback DataWindows Feedback Data

I/O cancellation – FUN302: Programming with Concurrency (Part I/O cancellation – FUN302: Programming with Concurrency (Part 1): 1): Concepts, Patterns, and Best PracticesConcepts, Patterns, and Best Practices

After PDC After PDC http://http://msdn.microsoft.com/windowsvista/reliabilitymsdn.microsoft.com/windowsvista/reliability//

http://www.microsoft.com/http://www.microsoft.com/technet/windowsvista/webcasts.mspxtechnet/windowsvista/webcasts.mspx

Resource Exhaustion: Resource Exhaustion: http://www.microsoft.com/technet/windowsvista/evaluate/adminhttp://www.microsoft.com/technet/windowsvista/evaluate/admin/mntreli.mspx/mntreli.mspx

I/O CancellationI/O Cancellation

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/fs/cancelsynchronousio_func.aspfileio/fs/cancelsynchronousio_func.asp

34

© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.