http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspxIn yesterdays post I presented a trace log writer that had a subtle bug. As I mentioned, the problem had nothing to do with the code, but instead, the problem had to do with the directory in which the trace log file was written. My second hint to theen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspx#227594Thu, 09 Sep 2004 21:26:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:227594Pavel Lebedinsky&gt; Consider a folder with an ACL that allows <br>&gt; the user to create files, but not write <br>&gt; to them. <br> <br>Note however that users can always change permissions on any files they created, regardless of what the DACL says. <br> <br>Your review folder example will work only if you apply additional restrictions at the share level, to prevent users from changing the DACL. <br> <br>&gt; EnterCriticalSection should be protected <br>&gt; with a try/catch since it can throw <br> <br>No it shouldn't. On XP and later, Enter/LeaveCS never raise exceptions. On Win2K and before, they can raise, but you can't recover from this, even if you use try/except (try/catch should only be used for C+ exceptions; in Whidbey catch(...) will not even catch SEH exceptions by default). <br> <br>The reason you can't recover is because on Win2K the critical section could be left in a corrupted state when Enter or LeaveCriticalSection throws. <br> <br>The bottom line is that you should never wrap Enter/LeaveCriticalSection in a try/except. On XP and later, it's not necessary, and on Win2K it doesn't really help anyway. <br> <br>If you need critical sections to work reliably in out-of-memory conditions on Win2K your only option is to preallocate the event using InitializeCriticalSectionAndSpinCount. <br> <br>http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspx#227606Thu, 09 Sep 2004 21:41:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:227606Larry OstermanA good point Pavel. <br> <br>And I meant try/except, not try/catch, I'll update the text. <br> <br>http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspx#228077Fri, 10 Sep 2004 21:55:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:228077SkywingI never said it raises on Windows XP or later. In those cases it uses a system wide KeyedEvent (new kernel object) to avoid having to allocate memory for each critical section having it's own wait semaphore. <br> <br>Note that MSDN *RECOMMENDS* that you use SEH to catch EnterCriticalSection exceptions ( <a target="_new" href="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/entercriticalsection.asp">http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/entercriticalsection.asp</a> ). <br> <br>How do you arrive at the conclusion that the critical section will be put into an invalid state if an exception is thrown? RtlLeaveCriticalSection throws an exception if NtSetEvent fails, which can only happen if the structure itself is damaged or somebody messed with the event handle (which are obviously nonrecoverable, but unrelated to running out of memory). I didn't write the critsec code, but I don't *think* the lockcount being incremented an extra time will cause any fatal problems -- perhaps a lock cmpxchg with 0 when it's not really necessary, but that oughtn't break anything.http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspx#228089Fri, 10 Sep 2004 22:56:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:228089Pavel Lebedinsky&gt; How do you arrive at the conclusion that <br>&gt; the critical section will be put into an <br>&gt; invalid state if an exception is thrown? <br> <br>Here are some quotes from Neill Clift (he is the guy who fixed critical sections for XP): <br> <br>&quot;It was really impossible to handle exceptions generated by EnterCriticalSection and LeaveCriticalSection because they left the CS in a state you couldn't recover from.&quot; <br> <br><a target="_new" href="http://groups.google.com/groups?hl=en&amp;lr=&amp;ie=UTF-8&amp;selm=utHsttTmBHA.2432%40tkmsftngp07">http://groups.google.com/groups?hl=en&amp;lr=&amp;ie=UTF-8&amp;selm=utHsttTmBHA.2432%40tkmsftngp07</a> <br> <br>&quot;I considered it impossible to code to Enter/Leave raising. To make matters worse the internal structure of the lock was damaged by the raise such that it might be unusable after the event.&quot; <br> <br><a target="_new" href="http://groups.google.com/groups?selm=3fe1d456%241%40news.microsoft.com&amp;output=gplain">http://groups.google.com/groups?selm=3fe1d456%241%40news.microsoft.com&amp;output=gplain</a> <br> <br>The fact that LeaveCriticalSection can also raise in low memory situations (on Win2K) seems unintuitive at first but it's true - there's some obscure scenario where allocation of the event has to happen in LeaveCriticalSection instead of EnterCriticalSection.http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspx#228098Fri, 10 Sep 2004 23:09:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:228098SkywingAh, okay. In that case, somebody should update the MSDN documentation to not recommend something which doesn't work. :)http://blogs.msdn.com/larryosterman/archive/2004/09/09/227490.aspx#234305Sun, 26 Sep 2004 03:24:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:234305Don Kiely's Technical BlatheringsUpdating Application Data