26 December 2008

Double Lock Idiom (once again and for good)

It looks I am getting really sick to try and post such useless thing after the dead horse has been beaten to dead quite enough years ago..
About sickness it might prove true, given the fact my girlfriend asked to check if I got HIV(!) because I tend to be sort of ill lately. Anyways - what's done is done.

Wikipedia has a quite bad article on that - mostly focused on Java. Yet, it missed probably the most influential resource (IR). Looking at the notes I was surprised it actually has no article about Brian Goetz. His blog, if you need anything about concurrent programming, this is the guy. He speaks the truth. Upon reflection I checked Wikipedia once more and found out that Singleton article covered it way better.

So if you have already visited the most influential resource you know that the double lock (check) idiom is about. Actually, I am sure, you knew it before hand, nonetheless.

Basically the double lock checking idiom attempts to avoid locking (and the overhead attached to) by issuing some non-sync version. The paper (or the IR) explains why it's broken and actually it was one of the reasons (but not the main) java memory model (JMM) to be revised. JMM was revised since it was broken (similar to the idiom), if my memory serves me right (which might not be case if the starting lines hold true) Bill Pugh (the author of SkipList) was the first to point the flaws.

Without beating the dead horse again and explaining why it was so damn broken here I offer the 'modern' Java ways to implement it.

  • Forget about it and don't lazy initialize: e.g.

private static final Singleton singleton=new Singleton()
public static Singleton getSingleton(){
return singleton;
}

Pros: very easy to implemented 100% thread safe, 100% no overhead, completely inlineable.
Cons: no lazy initialization. The class initialization is explained here at point "2.17.5 Detailed Initialization Procedure". Basically an invisible lock ensures the class is initialized only once and no other threads will see out-of-order writes or anything (there is memory fence after initialization completes). Cannot deal with exceptions (explained b).
  • Use another class helper. Or Bill Pugh's way.

public class Singleton{
private Singleton(){

}
private static class Helper{
private static final Singleton singleton=new Singleton();
}
public static Singleton getSingleton(){
return Helper.singleton;
}
}

Pros: 100% thread safe, 100% no overhead, true lazy initialization, not difficult to implement, completely inlineable
Cons: extra class, the classes take space in the perm-gen, which is not the heap and it's limited... and something I have never seen mentioned, it may pose some security risk. Yes, that's correct it might be unsafe under some conditions - but not thread unsafe :). Extra cons: can't deal with exceptions.

First: How this idiom works: it relies that class initialization (clinit method) might be called at most once. This method is called when any operation is required by the class, invoking 'new', any field access, any static method. So the only field 'singleton' that Helper has is initialized during the first call of 'getInstance()'.

As you might see, nothing, really nothing comprises the security. The class Helper is a private one and it's inaccessible outside Singleton (actually outside the package of Singleton, but that's not an issue). So no other premature initialization may occur. Almost. If the class can be loaded via Class.forName(String, true, classLoader) [or simply Class.forName(String)] the clinit method will be called. There is no restriction to the loading classes and calling clinit even if the class is utterly hidden. Simple code like Class.forName("Singleton$Helper") actually creates the instance. Remember how you used to initialize the databases drivers once, yes in such way. How this poses a risk: well the code might be called from any untrusted codebase or thread as long as the classloader can discover Singleton. That alone may fail Singleton creation, if the calling context is expected to bear some special privileges. Even getInstance might check the SecurityManager and allow access only when the needed priviliges are met. Worst of all happens if the initialization fails with ExceptionInInitializerError - the Singleton will never be initialized at all... I hope you got the idea, if not post a comment. Here is a bit more about:

Exception handling


Even though, it looks it doesn't belong here exception handling might become a problem with idioms above. The greatest issues is that Singleton constructor may not throw any exception. If it contains a checked one the code simply can not compile which is ok. If it is unchecked it's actually worst: the first attempt to create will end up via ExceptionInInitializerError and any further calls will result in NoClassDefFoundError. It's not possible to recover from the situation at all (sun.misc.Unsafe hacks don't count).
To me this is the biggest flaw of otherwise a very elegant pattern (Pugh's one). Basically there is a single change to initialize the Singleton and if it fails, it fails forever... or at least until all the classes are unloaded and their respective classloader too and another attempt is establish to initialize everything. A process also known as redeploy.

  • Back to basics

So if we need an exception handling, security checking we are left dry with the simple a synchronization option


public class Singleton{
private Singleton() throws IOException{
//perform some IO
}

private static final Object lock=new Object();
private static Singleton singleton;//not final
private static Singleton createSingleton() throws IOException{
Singleton s = new Singleton();
//extra init, if needed
return s;
}
public static Singleton getSingleton() throws IOException{
synchronized(lock){
Singleton s = singleton;
if (s == null){
singleton = s = createSingleton();
}
return s;
}
}
}

Pros: 100% thread safe, true lazy initialization, exception handling, not very difficult to implement
Cons: A fully blown sync with all the memory barriers required. The slowest approach.

The old, old simple sync and no tricks. Rock solid if it comes to thread safety but that's all. Ok, plus the exception handling. Not much remarks here.

  • Java 5+ and the JMM

Java 5 finally offered a better memory model and way stricter volatiles. Before that moment regular (non-volatile) writes could be reordered with volatile ones - quite horrid to ensure any success one would need to declare everything volatile. Since I always target Java 6+ we simply move to the code:

public class Singleton{
private Singleton() throws IOException{
//perform some IO
}

private static final Object lock=new Object();
private static volatile Singleton singleton;//notice volatile here
private static Singleton tryCreateSingleton() throws IOException{
synchronized(lock){
if (singleton == null){
singleton = new Singleton();
//extra init, if needed
}
}
return singleton;
}

public static Singleton getSingleton() throws IOException{
Singleton s = singleton;
if (s == null){
//check under lock; move creation logic to a separate method to allow inlining of getSingleton()
s = tryCreateSingleton();
}
return s;
}
}
}

Pros: 100% thread safe, true lazy initialization, exception handling
Cons: A memory fence for the volatile.
Looks much better, virtually lock free aside the first time. Yet, still we got a memory fence. On multi-core that memory fence can reduce the performance. Hey, look from the bright side: it's better than full sync, we can handle exceptions and we don't take space in the perm-gen, and we don't involve extra class loading IO operation.

  • Thread Local Storage

...Or bestsss' favorite. It was first proposed by Alexader Terekhov. Here is the deal: if after the 1st successful attempt to obtain a singleton a cached reference is held by the current thread, no further memory fences will be needed since the cache reference is accessible iff by a single thread. Every thread keeps such a reference - an absolutely negligible memory issue. Thread local storage can be implemented in a couple of ways: ThreadLocal and custom thread. Presently a ThreadLocal entries are implemented via subclass of WeakReference which holds the real value and weak ref to the ThreadLocal (so if the ThreadLocal is GC'd the value can lost but that happens only if the table is full), plus an array for the Entries in the ThreadLocalMap that is held by Thread. Quite effective implementation of linear probing hash table (non-tree hash map).

the code:

public class Singleton{
private Singleton() throws IOException{
//perform some IO
}

private static final Object lock=new Object();
private static volatile Singleton singleton;//notice volatile here
private static final ThreadLocal<Singleton> instances = new ThreadLocal<Singleton>();//every thread keeps its own ref here
private static Singleton tryCreateSingleton() throws IOException{
synchronized(lock){
if (singleton == null){
singleton = new Singleton();
//extra init, if needed
}
}
return singleton;
}

private static Singleton doGetSingleton() throws IOException{
Singleton s = singleton;
if (s == null){
s = tryCreateSingleton();
}
instances.set(s);//store for the current thread
return s;
}

public static Singleton getSingleton() throws IOException{
Singleton s = instances.get();//take from the current thread cache
if (s == null){
s = doGetSingleton();
}
return s;
}
}

Pros: thread safe, true lazy initialization, exception handling, no memory fence
Cons: Quite difficult to implement, one extra weak reference per thread, more expensive than Pugh's.
The solution is quite elegant and allows exception handling. Most important: it doesn't issue a memory fence which is a very good news. Can it be improved: yes, slightly.

However right now it's quite late in the night and I have to stop but...
(to be continued - asm of the examples and micro benchmark tests)

17 December 2008

Swing and the Leaks (part 1 of ...)

This is the first real article here. I wish I'd have the guts and persistence to finish it off like Kitana does Sub-Zero in Mortal Kombat. I don't even know how I could have remembered that game. Anyways, unless I scout wikipedia for so useless links I'd not finish it off ever.
There I go.

After quite enough years working with user interface I never managed to like building one. It's simply too much detailed process to please the end user. It rarely involves any nice ideas or algorithms, yet worst of all I can not find it challenging thus entertaining.

Swing has walked a long way since it the days it was a separate library. MVC architecture should be considered cool and dandy, yet often it's a source of extra complicity. However, neither the lacks of very rich component support or good layout managers is a real show stopper. De-facto Swing is the GUI library of choice for Java.
What really bothers me however it's the very poor 'leak' control in Swing. I have come across quite a few bugs that simply eat memory. Virtually all of them have some work around but finding a leak is never easy.
This article is about one afternoon when a colleague of mine called me and asked to help him out. It took good 4 hours to track the bugger down and smash it accordingly. The bug, itself, is in
javax.swing.KeyboardManager or JComponent.registerKeyboardAction(...)
To summarize the problem (before any code) if you register a keyboardAction in invisible Window (JWindow) the component hierarchy will remain unclaimed by the garbage collector until the parent (getOwner()) window is disposed (not the window, itself)

Some code. We have a JWindow (no decoration, thanks) which we can drag around the screen.



Unfortunately (fortunately), when I started writing the supposedly simple test case I fell upon some other(!) unpleasant leaks. In the end I decided to present a fully blown example of not so terribad small swing application with a few other cool perks to show like using WeakReference, Timer (swing ones) and proper threading (or virtually lack of). As a final bonus the example comes with code to cope with all of the leaks (swingHacks method).
But first things first. Link to an executable jar, so you can see it running. There is one more web-start option to see the small application started with all the security checks enabled and sometimes bypassed. Perhaps, I will go back to the code in another article.
And now the leaks, there are a few types of them.
  • Worst of all, certainly, a permanent leak that nothing may not help to solve (save ending the java process);
  • A weird one that requires to create a new AbstractButton subclass to fix;
  • Another weirdo that would require to switch between applications and focus lost event to occur
The bug that made me actually start all that off can be reproduced by launching the application and leave the first option ("Fix KeyStroke adding") unchecked. Once a new window is created it won't be reclaimed by the garbage collector until the owner window (in that case the main frame) is also collected.
The root of the problem is finding the top container by the KeyboardManager which in short must be a focusableWindow. The code below illustrates:

(full source of the class)
So adding key binding early on with connect the key with the owning frame instead of the target window (see the constructor of DragWindow). All that might look fine because in the end the same top container (i.e. frame in our case) will be used to release the connection. Alas, any reregistering of the key bindings (popup menu on the 'x' button is an example of) would recreate those binding with the new already visible window (DragWindow). Reregister of the bindings doesn't remove the existing one hoping to simply override them. Since the new topContainer is different the previous binding is never released. It'd help if KeyboardManager attempts to unregister a key binding first, but that's not the case. Thus, we got a fat leak here.
Solution (work-around actually) to the problem is never register in a non-focusable window that might change its (
focusable) state. Basically non-focusable window is any non-dialog/non-frame window that's not yet visible or doesn't have any components. to receive focus. It's tricky but the best practise is registering the key bindings after the window is opened.
How to prevent such leaks: my rule of the thumb when writing any library code is using weak references for the stuff my code won't own. This includes simple listeners. As a side effect that prohibits idioms like addXXXListener(new XXXListener(){}); that idiom, itself, doesn't allow de-register. However, since the weak reference to the XXXListener is usually very quickly reclaimed by the garbage collector the developers notice the problem early on and assign
the listener to some member reference which can be unregistered in the end of the life-cycle of the component (not only java.awt.Component).

The second issue comes from javax.swing.ActionPropertyChangeListenerwhich uses weak references to deal with some leaks and includes a nice warning

* WARNING WARNING WARNING WARNING WARNING WARNING:
* Do NOT create an annonymous inner class that extends this! If you do
* a strong reference will be held to the containing class, which in most
* cases defeats the purpose of this class.
However, there is a major flaw in the entire class: while it keeps a weak reference to the control (any JComponent subclass) it also keeps a strong reference to the action. It's general practice to create inner classes for action implementation which forfeits the purpose of the class. Well, not entirely: the strong references are kept in a WeakReference subclass (OwnedWeakReference) that later goes into a reference queue, static queue (yes, leak prone). "static ReferenceQueue queue". Until the queue is expunged which happens in the constructor of the class... which is usually called by AbstractButton.setAction. That's it: to reclaim the stale instances setAction shall be called. This may or not may happen in appropropriate time (i.e. after garbage collector has enqueued the problematic OwnedWeakReference), actually that may happen in inappropriate thread (even SwingWorker thread).
Solution - well, there is no easy solution. The method swingHacks solves the problem but it looks cumbersome at best.
How to prevent - using actions that are not implemented through inner classes (or at least static inner) and hold no reference to the component structure, relying solely on the getSource(), might be a viable option, yet it turns coding into a day time nightmare and it could be truly counter productive. Using weak reference (in static inner classes) to the outer class is possible, yet also unpleasant to code and special care must be taken. Overall there is no elegant solution for this case

Another bug hides in javax.swing.plaf.basic.BasicPopupMenuUI.MenuKeyboardHelper that holds a reference to the InputMap (javax.swing.InputMap) of the popup menu. The reference is kept until a ChangeEvent is fired by java.swing.MenuSelectionManager that happens after a new menu is unfold. The little trick in swingHacks enforces it.

JPopupMenu popup=new JPopupMenu();
popup.show(owner, 0, 0);
popup.requestFocus();
popup.setVisible(false);
The Solution, once again, is in swingHacks and there is no true prevention.
Actually according Sun that's not a bug. Yet, I hope it will be fixed in some future release.
In the best case the non-a-bug may hold reference to quite big structure which effectively prevent garbage collection. We used to have a problem with exactly this bug while loading a 'huge' configuration (loading a new configuration disposes the existing one) that further loads more data and sometimes could crash with notorious OOM exception. In short it halved the maximum available memory under some conditions.

Last leak
It's related to the KeyboardFocusManager and well discussed at Sun bug forums.
Sun says it has been fixed in java 7(b17) but not backported, so for now you can leave with the code in swingHacks [again]. There is no real prevention or solution to my knowledge. Well, KeyboardFocusManager could have used some help while disposing windows (which swingHack basically tries to enforce), alas not the case.

Hopefully, the writeup was not horrifyingly boring and you managed to enjoy at least a little.

Next article can go deeper into the sample started-as-simple-test-code or no...
Anyways I promise some nice article about NIO, files and some more IO stuff.

16 December 2008

To Blog or Not

That's rather odd to try and post anything like blog. I suppose my getting too old and that's a vivid sign of a time print over me...
There is horrid amount of blogs full of garbage and adding another may not help. There are many very decent ones like this which happens to be my favorite as of late.
I've been asked to open a blog and post about some programming stuff. I used to always decline.

Yet, I hope to provide the readers with some quality time, nonetheless. Mostly I will be concentrate on Java tips/tricks and actually bugs... and Java has quite enough of them. I suppose I may add posts about currents event going in my life but nothing too personal.

Since it's my first post I'd like to excuse my English because it's not native although I, myself, feel quite used to.

Coming soon:
Swing and the Leaks.

(quite boring 1st one, I suppose)