An application domain is a mechanism (similar to a process in an operating system) used within the Common Language Infrastructure (CLI) to isolate executed software applications from one another so that they do not affect each other. Each application domain has its own virtual address space which scopes the resources for the application domain using that address space.
A CLI application domain is contained within an operating system process. A process may contain many application domains. Application domains have isolation properties similar to that of operating system processes:
- Multiple threads can exist within a single application domain.
- An application within a domain can be stopped without affecting the state of another domain in the same process.
- A fault or exception in one domain does not affect an application in another domain or crash the entire process that hosts the domains.
- Configuration information is part of a domain's scope, not the scope of the process.
- Each domain can be assigned different security access levels.
- Code in one domain cannot directly access code in another.
In this sense, a CLI is like a mini-operating system. It runs a single process that contains a number of sub-processes, or application domains.
The advantage of application domains is that running multiple application domains may require fewer resources, such as memory, than running multiple operating system processes. Communication between domains still requires marshalling, so the overheads can be closer to using multiple processes than to communicating within a single domain.
Direct communication cannot be achieved across application domains. However, application domains can still talk to each other by passing objects via marshalling by value (unbound objects), marshalling by reference through a proxy (application-domain-bound objects). There is a third type of object called a context-bound object which can be marshalled by reference across domains and also within the context of its own application domain. Because of the verifiable type-safety of managed code, a CLI can provide fault isolation between domains at a much lower cost than an operating system process can. The static type verification used for isolation does not require the same process switches or hardware ring transitions that an operating system process requires.
Application domains are a purely managed code concept. Any included native/unmanaged code (e.g., C++) is largely unaware of them. Static variables seem to be shared across domains, callbacks can be problematic, and any memory corruption bugs in one domain is likely to corrupt other domains.