Sharing Objects. Pieter van den Hombergh. Fontys Hogeschool voor Techniek en Logistiek. February 15, 2017

Similar documents
Threadsafe design Confinement (revisited) Java monitor pattern. Delegating thread safety. Untitled Sheets HOM. Threadsafe design

More About Methods. Hsuan-Tien Lin. Deptartment of CSIE, NTU. OOP Class, March 8-9, 2010

Basic Java OOP 10/12/2015. Department of Computer Science & Information Engineering. National Taiwan University

ITI Introduction to Computing II

More on Methods and Encapsulation

ITI Introduction to Computing II

INF Models of concurrency

Class versus Instance (Section 5.1)

Course Announcements. John Jannotti (cs32) Scope, Collections & Generics Feb 8, / 1

Announcements. John Jannotti (cs32) Design Patterns Feb 13, / 1

1 ListElement l e = f i r s t ; / / s t a r t i n g p o i n t 2 while ( l e. next!= n u l l ) 3 { l e = l e. next ; / / next step 4 } Removal

Simply Typed Lambda Calculus

Design Patterns and Refactoring

Python. chrysn

Comp 11 Lectures. Mike Shah. July 12, Tufts University. Mike Shah (Tufts University) Comp 11 Lectures July 12, / 33

Clojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014

Static Program Analysis

Computer Science Introductory Course MSc - Introduction to Java

Elementary Sorts 1 / 18

Introduction to Computing II (ITI1121) FINAL EXAMINATION

Specification of Chemical Formulæ in XL with Operator Overloading

SDS developer guide. Develop distributed and parallel applications in Java. Nathanaël Cottin. version

Reasoning About Imperative Programs. COS 441 Slides 10b

Improper Nesting Example

public void run ( ) { i f ( this. id == 0) System. out. p r i n t ( 3 ) ; bro. j o i n ( ) ; else System. out. p r i n t ( 2 ) ;

Lists, Stacks, and Queues (plus Priority Queues)

Blocking Synchronization: Streams Vijay Saraswat (Dec 10, 2012)

Go Tutorial. Ian Lance Taylor. Introduction. Why? Language. Go Tutorial. Ian Lance Taylor. GCC Summit, October 27, 2010

CS Exam 1 Study Guide and Practice Exam

Thread Specific Storage

Multicore Semantics and Programming

Abstractions and Decision Procedures for Effective Software Model Checking

MURA Office hours Thurs at 12-1pm in CIT 546 Contact for more info.

CS 6110 Lecture 28 Subtype Polymorphism 3 April 2013 Lecturer: Andrew Myers

Symbolic Logic. Alice E. Fischer. CSCI 1166 Discrete Mathematics for Computing February 5 6,

Central Algorithmic Techniques. Iterative Algorithms

Speculative Parallelism in Cilk++

Übung Informatik I - Programmierung - Blatt 7

Operating Systems. VII. Synchronization

Lecture Notes on Inductive Definitions

Online Appendix to: Types for Atomicity: Static Checking and Inference for Java

Deadlock (2) Dave Eckhardt Brian Railing Roger Dannenberg

TDDD63 Project: API. September 13, 2014

Modern Functional Programming and Actors With Scala and Akka

CS 453 Operating Systems. Lecture 7 : Deadlock

Softwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany

Outline. PeerSim: Informal introduction. Resources. What is PeerSim? Alberto Montresor Gianluca Ciccarelli

Softwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany

Factory method - Increasing the reusability at the cost of understandability

CS-206 Concurrency. Lecture 8 Concurrent. Data structures. a b c d. Spring 2015 Prof. Babak Falsafi parsa.epfl.ch/courses/cs206/ remove(c) remove(b)

Lecture Notes on Inductive Definitions

GOTO the past / programs choose their own adventure. CSE 505: Programming Languages

A summary of factoring methods

Solution to Proof Questions from September 1st

Comp 11 Lectures. Mike Shah. July 26, Tufts University. Mike Shah (Tufts University) Comp 11 Lectures July 26, / 40

Generics. Hsuan-Tien Lin. OOP Class, May 23, Department of CSIE, NTU. H.-T. Lin (NTU CSIE) Generics OOP 05/23/ / 16

Maps performance tips On server: Maintain DB connections, prepared statements (per thread/request!)

Algorithms. Algorithms 2.4 PRIORITY QUEUES. Pro tip: Sit somewhere where you can work in a group of 2 or 3

Unit: Blocking Synchronization Clocks, v0.3 Vijay Saraswat

1 Trees. Listing 1: Node with two child reference. public class ptwochildnode { protected Object data ; protected ptwochildnode l e f t, r i g h t ;

Constructors - Cont. must be distinguished by the number or type of their arguments.

Path Testing and Test Coverage. Chapter 9

TDDB68 Concurrent programming and operating systems. Lecture: CPU Scheduling II

Path Testing and Test Coverage. Chapter 9

CS-140 Fall 2017 Test 1 Version Practice Practice for Nov. 20, Name:

Round 5: Hashing. Tommi Junttila. Aalto University School of Science Department of Computer Science

Information Flow Inference for ML

Locksmith: Context-Sensitive Correlation Analysis for Race Detection

Android Services. Lecture 4. Operating Systems Practical. 26 October 2016

Actors for Reactive Programming. Actors Origins

1. Write a program to calculate distance traveled by light

CSE 331 Winter 2018 Reasoning About Code I

CSE505, Fall 2012, Final Examination December 10, 2012

Proof Techniques (Review of Math 271)

Safety and Liveness. Thread Synchronization: Too Much Milk. Critical Sections. A Really Cool Theorem

Programming Languages Fall 2013

Quantum Functional Programming Language & Its Denotational Semantics

Outline F eria AADL behavior 1/ 78

You separate binary numbers into columns in a similar fashion. 2 5 = 32

Introduction to Computing II (ITI 1121) FINAL EXAMINATION

Prelim 2[Solutions] Solutions. 1. Short Answer [18 pts]

Sequential Logic (3.1 and is a long difficult section you really should read!)

Practical Data Processing With Haskell

UNIT-VI PUSHDOWN AUTOMATA

Service Information Letter SIL # 017

CS-140 Fall 2018 Test 2 Version Practice Nov. 12, 2018

Element x is R-minimal in X if y X. R(y, x).

Algorithmic verification

SFWR ENG 3S03: Software Testing

Theory versus Experiment: Analysis and Measurements of Allocation Costs in Sorting (With Hints for Applying Similar Techniques to Garbage Collection)

A Short Introduction to Hoare Logic

1 Java Night Countdown (30%)

FACULTY OF SCIENCE ACADEMY OF COMPUTER SCIENCE AND SOFTWARE ENGINEERING OBJECT ORIENTED PROGRAMMING DATE 07/2014 SESSION 8:00-10:00

Integer Clocks and Local Time Scales

Digital Control of Electric Drives

Automata-Theoretic Model Checking of Reactive Systems

Lecture 1: Introduction to computation

Critical Reading of Optimization Methods for Logical Inference [1]

6.001 Recitation 22: Streams

Software Engineering

Transcription:

Pieter van den Hombergh Fontys Hogeschool voor Techniek en Logistiek February 15, 2017 and /FHTenL February 15, 2017 is safe Idioms 1/34

and and is safe Idioms /FHTenL February 15, 2017 2/34

visibility is visibility by other threads. : Make sure that other threads can see the changes made by this thread. If one thread modifies the state of an object and another thread reads that state, there is no guarantee that the latter will see (and thus can use) the changes in that object! (Unsafe publication.) Safe publishing can be obtained through synchronization: by explicitly using synchronization by taking advantage of synchronzation in library classes See what can go wrong in No.java example on next slide and /FHTenL February 15, 2017 is safe Idioms 3/34

No code example public class No { private static boolean ready ; private static int number ; private static class Reader extends { public void run () { while (! ready ). yield (); System. out. println ( number ); public static void main ( String [] args ) { new Reader (). start (); number = 42; ready = true ; Don t do this! and is safe Idioms /FHTenL February 15, 2017 4/34

Stale data Stale data: an out of date data element. Use synchronization for every access of a variable. Access(!), that is setters and getters! Data might be stale, but was correct at some time: out-of-thin-air safety. But even that does not apply to 64 bit numeric primitive variables (double and long). Because a 64 bit read(or write) operation consists of two 32 bit read(or write) operations. So always declare such shared 64 bit primitive as volatile or guard them by a lock. and /FHTenL February 15, 2017 is safe Idioms 5/34

Mutable Integer holder: code example @NotSafe p u b l i c c l a s s M u t a b l e I n t e g e r { p r i v a t e i n t v a l u e ; p u b l i c i n t g e t ( ) { r e t u r n v a l u e ; p u b l i c v o i d s e t ( i n t v a l u e ) { t h i s. v a l u e = v a l u e ; @Safe p u b l i c c l a s s S y n c h r o n i z e d I n t e g e r { @GuardedBy ( t h i s ) p r i v a t e i n t v a l u e ; p u b l i c s y n c h r o n i z e d i n t g e t ( ) { r e t u r n v a l u e ; and p u b l i c s y n c h r o n i z e d v o i d s e t ( i n t v a l u e ){ t h i s. v a l u e = v a l u e ; /FHTenL February 15, 2017 is safe Idioms 6/34

Locking affects visibility Locking is not only mutual exclusion but also affects memory visibility! Locking and unlocking ensures memory visibility. Synchronization guarantees visibility A synchronized block is guarded by a lock on object M. Everything done by thread A before the unlock on M is visible to thread B after the lock on M. Without synchronization there is no such guarantee. and /FHTenL February 15, 2017 is safe Idioms 7/34

variables are a weaker form of synchronization. Declaring a field volatile assure that compiler and runtime don t mix the operations on that variable with other memory operations. No caching is allowed in this case, so a read always returns the most recent value. p u b l i c c l a s s CountingSheep { v o l a t i l e boolean a s l e e p ; v o i d trytosleep ( ) { w h i l e (! a s l e e p ) countsomesheep ( ) ; v o i d countsomesheep ( ) { // One, two, t h r e e... and /FHTenL February 15, 2017 is safe Idioms 8/34

Proper use of volatile Use volatile variables only when they simplify implementing and verifying your synchronisation policy Avoid volatile (instead of locked accessed) variables when verifying correctness would require substantial reasoning about visibility Good use of volatile variables includes ensuring visibility of their own state, that of the object they refer to, or indicating that an important lifecycle event (such as initialization or shutdown) has occurred and /FHTenL February 15, 2017 is safe Idioms 9/34

Locking can guarantee both visibility and atomicity; volatile variables can only guaranteee visibility. You can use volatile if the following criteria are met: Writes to the variable do NOT depend on its current value (like in a ++ operation) OR you can ensure that only a single thread ever writes the value; The variable does not participate in invariants with the other state variables; and Locking is not required for any other reason while the variable is being accessed (read or written). and /FHTenL February 15, 2017 is safe Idioms 10/34

public provides an is a door to public allows routes. an object means making it available outside its current scope. sounds like an activity (it is a verb), but in fact the public keyword on a member is sufficient to name that something published. public static Set < Secret > knownsecrets ; public void initialize () { knownsecrets = new HashSet < Secret >(); and is safe Idioms /FHTenL February 15, 2017 11/34

This is how Papillon got out... And do not do something like this, because you do not know what the caller will do to your private parts. class UnsafeStates { private String [] states = new String []{ "AK", "AL" /*... */ ; public String [] getstates () { return states ; and is safe Idioms /FHTenL February 15, 2017 12/34

Indecent exposure Do not expose yourselves until fully dressed. In objects that is: fully constructed. (Design pattern hint: factories.) During construction an object is fragile, because its invariants may not yet hold. Its like putting an unborn onto the streets. Do not allow the this reference to during construction. It is not (yet) safe out there! and /FHTenL February 15, 2017 is safe Idioms 13/34

Often made mistake with listeners Don t do this in a constructor! public class ThisEscape { public ThisEscape ( EventSource source ) { source. registerlistener ( new EventListener () { ); public void onevent ( Event e) { dosomething (e); and is safe Idioms /FHTenL February 15, 2017 14/34

Safe listener attachment Maybe you should consider to make more constructors private. Factory Method design pattern. public class SafeListener { private EventListener listener ; private SafeListener () { listener = new EventListener () { public void onevent ( Event e) { dosomething (e); ; and public static SafeListener newinstance ( EventSource sourc SafeListener safe = new SafeListener (); source. registerlistener ( safe. listener ); return safe ; is safe Idioms /FHTenL February 15, 2017 15/34

Do no let the beasties out and is safe Idioms /FHTenL February 15, 2017 16/34

thread is not a technique But rather a lack of the use of that (like language constructs etc). Ad hoc thread is often not a but rather a agreement or a usage convention (hopefully properly documented in the API documentation). It is allowable for single threaded sub systems and often the technique of choice for GUI frameworks for performance reasons. If you can ensure the writing to a volatile member only takes place from one thread, than that is safe, since you confined the modification to one thread. Use ad hoc thread sparingly because of its fragility. and /FHTenL February 15, 2017 is safe Idioms 17/34

Method local variables exist only on the stack The runtime stack is by definition thread-local. public int loadtheark ( Collection < Animal > candidates ) { SortedSet < Animal > animals ; int numpairs = 0; Animal candidate = null ; // animals confined to method, don t let them Dress code! animals = new TreeSet < Animal >( new SpeciesGenderComparat animals. addall ( candidates ); for ( Animal a : animals ) { if ( candidate == null! candidate. ispotentialmate candidate = a; else { ark. load ( new AnimalPair ( candidate, a )); ++ numpairs ; candidate = null ; return numpairs ; and is safe Idioms /FHTenL February 15, 2017 18/34

is easily achieved by using method local variables. These are not allocated on the heap but on the stack. Since there is one stack per thread, the local variables are automatically confined to that stack and thread. For primitive types (int boolean, etc) this confinment cannot be broken. Beware of Objects, for they are allocated on the heap and only the reference will be stored on the stack. So do not hand out (return, pass it to alien methods) that reference, or still is possible. If you stick to these rules confining a nonthreadsafe object to the stack is threadsafe. and is safe Idioms /FHTenL February 15, 2017 19/34

Use of java.lang. The java.lang. class binds its member to one thread. You could imagine it as a hashmap with the thread as key and member as value. p r i v a t e s t a t i c <Connection > c o n n e c t i o n H o l d e r = new <Connection >() { p u b l i c C o n n e c t i o n i n i t i a l V a l u e ( ) { r e t u r n DriverManager. g e t C o n n e c t i o n (DB URL ) ; ; p u b l i c ; C o n n e c t i o n g e t C o n n e c t i o n ( ) { r e t u r n c o n n e c t i o n H o l d e r. g e t ( ) ; And as long as you take care those members do not, these members don t have to be threadsafe. E.g. the JDBC specification does not require the Connection objects to be threadsafe. See the book for a solution. and is safe Idioms /FHTenL February 15, 2017 20/34

Use of II If you port a single threaded application to a multi threaded environment, you can use to preserve thread safety by converting globals (like Singletons) into s, semantics permitting. is often used in frameworks, like J(2)EE for instance. Note that over-use of can detract from reusability and introduce hidden couplings. and is safe Idioms /FHTenL February 15, 2017 21/34

is threadsafe objects are always threadsafe An object is immutable if: Its state cannot be modified after construction; all its fields are ; and It is properly constructed (this did not during construction.) and is safe Idioms /FHTenL February 15, 2017 22/34

The 3 Stooges, once famous The middle one is named Curly of course. and is safe Idioms /FHTenL February 15, 2017 23/34

@ p u b l i c f i n a l c l a s s T hreestooges { p r i v a t e f i n a l Set<S t r i n g > s t o o g e s = new HashSet<S t r i n g >(); p u b l i c T hreestooges ( ) { s t o o g e s. add ( Moe ) ; s t o o g e s. add ( L a r r y ) ; s t o o g e s. add ( C u r l y ) ; p u b l i c boolean i s S t o o g e ( S t r i n g name ) { r e t u r n s t o o g e s. c o n t a i n s ( name ) ; p u b l i c S t r i n g getstoogenames ( ) { L i s t <S t r i n g > s t o o g e s L = new Vector <S t r i n g >(); s t o o g e s L. add ( Moe ) ; s t o o g e s L. add ( L a r r y ) ; s t o o g e s L. add ( C u r l y ) ; r e t u r n s t o o g e s L. t o S t r i n g ( ) ; and is safe Idioms /FHTenL February 15, 2017 24/34

as a good practice Just as it is a good practice to make all fields private unless they need greater visibility, it is good practice to make all fields unless they need to mutable. Even if an object is mutable, making some fields immutable simplifies the reasoning about threadsafety, because the number of possible states is reduced. It also documents to the maintainers of the class that the fields are not changed. and is safe Idioms /FHTenL February 15, 2017 25/34

Using volatile to publish immutable object, Cache @ p u b l i c c l a s s OneValueCache { private f i n a l B i g I n t e g e r lastnumber ; p r i v a t e f i n a l B i g I n t e g e r [ ] l a s t F a c t o r s ; p u b l i c OneValueCache ( BigInteger i, B i g I n t e g e r [ ] f a c t o r s ) { lastnumber = i ; l a s t F a c t o r s = A r r a y s. copyof ( f a c t o r s, f a c t o r s. l e n g t h ) ; Usage: p u b l i c B i g I n t e g e r [ ] g e t F a c t o r s ( B i g I n t e g e r i ) { i f ( lastnumber == n u l l! lastnumber. e q u a l s ( i ) ) { r e t u r n n u l l ; e l s e { r e t u r n A r r a y s. copyof ( l a s t F a c t o r s, l a s t F a c t o r s. l e n g t h ) ; and // usage example l i n e private v o l a t i l e OneValueCache cache = new OneValueCache ( new BigInteger ( 1 ), new B i g I n t e g e r [ ] { new B i g I n t e g e r ( 1 ) ) ; is safe Idioms /FHTenL February 15, 2017 26/34

Use volatile to publish Publish the immutable cache object through a volatile reference: @Safe p u b l i c c l a s s V o l a t i l e C a c h e d F a c t o r i z e r extends G e n e r i c S e r v l Publication e t and implements S e r v l e t { p r i v a t e v o l a t i l e OneValueCache cache = new OneValueCache ( n u l l, n u l l ) ; p u b l i c v o i d s e r v i c e ( S e r v l e t R e q u e s t req, S e r v l e t R e s p o n s e r e s p ) { B i g I n t e g e r i = e x t r a c t F r o m R e q u e s t ( r e q ) ; B i g I n t e g e r [ ] f a c t o r s = cache. g e t F a c t o r s ( i ) ; i f ( f a c t o r s == n u l l ) { f a c t o r s = f a c t o r ( i ) ; cache = new OneValueCache ( i, f a c t o r s ) ; and e n c o d e I n t o R e s p o n s e ( r e s p, f a c t o r s ) ; is safe Idioms /FHTenL February 15, 2017 27/34

You are not supposed to be a code terrorist and is safe Idioms /FHTenL February 15, 2017 28/34

Of course sometimes you will have to share information. Cooporation is in some way the essence of a multithreaded application. But this publication should be done safely. Unsafe publication: p u b l i c H o l d e r h o l d e r ; p u b l i c v o i d i n i t i a l i z e ( ) { h o l d e r = new H o l d e r ( 4 2 ) ; This kind of improper publication could allow another thread to observe a partially constructed object. and /FHTenL February 15, 2017 is safe Idioms 29/34

Failure risk if not properly published public class Holder { private int n; public Holder ( int n) { this.n = n; public void assertsanity () { if (n!= n) throw new AssertionError (" This statement is false."); and is safe Idioms /FHTenL February 15, 2017 30/34

objects can be safely published objects can be used safely by any thread without additional synchronization, even when synchronization is not used to publish them, since any copy in memory or cache will have the same value. and is safe Idioms /FHTenL February 15, 2017 31/34

Four ways to publicize safely It is an idiom (how do I say this in Java) To publish an object safely, both reference to and object state must be made visible at the same time to other threads. A properly constructed object can be safely published by either: 1 Initializing an object reference from a static initializermethod(); 2 Storing a reference to it into a volatile field or AtomicReference; 3 Storing a reference to it into a field of a properly constructed object; or 4 Storing a reference to it into a field that is properly guarded by a lock. and is safe Idioms /FHTenL February 15, 2017 32/34

immutable is immutable by use. Objects thate ar not technically immutable, but whose state is not modified after publication, are called effectively immutable. immutable can be safe (enough) Safely published effectively immutable objects can be used safely by any thread without additional synchronization. Example: Date is mutable 1. If your application uses this in way that a stored date is not changed anymore, the synchronisation of the collection is sufficient: p u b l i c Map<S t r i n g, Date> l a s t L o g i n = and C o l l e c t i o n s. synchronizedmap ( new HashMap<S t r i n g, Date > ( ) ) ; 1 probably a class-library design mistake is safe Idioms /FHTenL February 15, 2017 33/34

Ensure correct visibility of changes. With mutable objects proper publication only ensures the correct visibility of the as-published state. Synchronisation must also be used for every access, to ensure proper visibility of following modifications. The publication requirements depend on its mutability objects can be published through any mechanism. immutable objects must be safely published. must be safely published and must be either threadsafe themselves or guarded by a lock. and /FHTenL February 15, 2017 is safe Idioms 34/34

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback