Haucke

Concurrency, Threads, Thread safety Concurrency, Threads, Thread safety in JAVA and SWINGin JAVA and SWING

Sibylle Haucke, DWDEGOWS June 2005, Exeter, UK

DWD June 2005EGOWS 2005: Concurrency

AgendaAgenda

Concurrency - definition and motivation

Processes and Threads in JAVA

Thread safe programming: Safety and Liveliness

Safe concurrent design

SWING and Threads in NinJo


Concurrency Concurrency -- literature and linksliterature and links

Jeff Magee and Jeff Kramer - Concurrency -State Models and Java Programs

– John Wiley&Sons July 2003

- Doug Lea - Concurrent Programming in Java– Addison Wesley November 2003

- Simone Bordet (Senior Java Engineer - [email protected]) :A New Solution for Using Threads with the Java™ Foundation Classes (JFC/Swing) API:The Synchronous Model

- http://java.sun.com/docs/books/tutorial/uiswing/misc/threads.html- Yexin Chen: Customize SwingWorker to improve Swing GUIs- http://www.javaworld.com/javaworld/jw-06-2003/swingworker/jw-0606-

swingworker.jar- http://www.javaworld.com/javaworld/jw-06-2003/jw-0606-

swingworker_p.html#resources- http://sourceforge.net/projects/spin/

http://foxtrot.sourceforge.net/


What is a Concurrent Program?What is a Concurrent Program?

A sequential program has a single thread of control.

A concurrent program has multiple threads of control allowing it perform multiple computations in parallel and to control multiple external activities which occur at the same time.


Why Concurrent Programming?Why Concurrent Programming?

Performance gain from multiprocessing hardwareparallelism.

Increased application throughputan I/O call need only block one thread.

Increased application responsivenesshigh priority thread for user requests. ( see SWING and Threads )

More appropriate structurefor programs which interact with the environment, control multiple activities and

handle multiple events.


Concurrent ExecutionConcurrent Execution

ConcurrencyLogically simultaneous processing.Does not imply multiple processing elements (PEs). Requires interleaved execution on a single PE.

ParallelismPhysically simultaneous processing.Involves multiple PEs and/or independent device operations.

Both concurrency and parallelism require controlled access to shared resourcesWe use the terms parallel and concurrent interchangeably and generally do not distinguish between real and pseudo-concurrent execution.

A

Time

BC


Implementing processes Implementing processes -- the OS viewthe OS view

Data Code

O S Process

Descriptor

Thread 1 Thread 2 Thread n

Stack Stack Stack

Descriptor Descriptor

Descriptor

A (heavyweight) process in an operating system is represented by its code, data and the state of the machine registers, given in a descriptor. In order to support multiple (lightweight) threads of control, it has multiple stacks, one for each thread.


AgendaAgenda






Do I need to know about a correct Do I need to know about a correct concurrent design ?concurrent design ?

Concurrency is widespread but error prone.


The Interference problemThe Interference problem

execution of the instructions from a set of threads can be interleaved in an arbitrary fashionthis interleaving can result in incorrect updates to the state of a shared object - the phenomenon is known as interferencea simple example will show, how the problem occurs and how to deal with it - the ornamental garden (Alan Burns and Geoff Davis 1993) what happens, if 2 threads have access to one objectlets see..


Safety failures: Ornamental gardenSafety failures: Ornamental garden

People enter an ornamental garden through either of two turnstiles. Management wish to know how many are in the garden at any timeThe concurrent program consists of two concurrent threads and a shared counter object.

Garden

WestTurnstile

EastTurnstile

people


Ornamental garden Ornamental garden

Uses Objects of classes Turnstile and CounterEach Turnstile is a separate Thread

...

class Turnstile extends Thread {NumberCanvas display;Counter people;Turnstile(NumberCanvas n,Counter c){ display = n; people = c; }public void run() {try{display.setvalue(0);for (int i=1;i<=Garden.MAX;i++){Thread.sleep(500); //0.5 second between

arrivalsdisplay.setvalue(i);people.increment();

}} catch (InterruptedException e) {}

}}

...

class Turnstile extends Thread {NumberCanvas display;Counter people;Turnstile(NumberCanvas n,Counter c){ display = n; people = c; }public void run() {try{display.setvalue(0);for (int i=1;i<=Garden.MAX;i++){Thread.sleep(500); //0.5 second between

arrivalsdisplay.setvalue(i);people.increment();

}} catch (InterruptedException e) {}

}}


Ornamental garden Ornamental garden -- Counter classCounter class

class Counter {int value=0;NumberCanvas display;

.

.

.

void increment() {int temp = value; //read valueSimulate.HWinterrupt();value=temp+1; //write valuedisplay.setvalue(value);

}}

class Counter {int value=0;NumberCanvas display;

.

.

.

void increment() {int temp = value; //read valueSimulate.HWinterrupt();value=temp+1; //write valuedisplay.setvalue(value);

}}


Ornamental garden Ornamental garden -- displaydisplay

After the East and West turnstile threads have each incremented its counter 20 times, the garden people counter is not the sum of the counts displayed.

Counter increments have been lost. Why?


Concurrent method invocation in Java Concurrent method invocation in Java --interferenceinterference

Java method activation is not atomic - thread objects east and west may be executing the code for the increment method at the same time.

eastwest

increment:

read value

write value + 1

programcounter

PC PCshared code

programcounter


Interference and Mutual ExclusionInterference and Mutual Exclusion

most common way to solve this: make the public actions atomic, that such actions runs to completion without interference from othersSolution in this example:

declare the method increment “synchronized”synchronized makes the method atomic-

the second Thread, that wants to access the method, is blocked until the first has left (released) the method.


Ornamental garden Ornamental garden --mutual exclusionmutual exclusion

class Counter {...

synchronized void increment() {int temp = value; //read valueSimulate.HWinterrupt();value=temp+1; //write valuedisplay.setvalue(value);

}}

class Counter {...

synchronized void increment() {int temp = value; //read valueSimulate.HWinterrupt();value=temp+1; //write valuedisplay.setvalue(value);

}}


SynchronizeSynchronize everything everything -- a solution?a solution?

Usage of synchronized has to do be done carefully:Thread deadlocks are possible, if several Threads block each other by waiting on the release of methods/objects by each otherto synchronize all methods would also lead to poor performancedanger: system deadlock = no further progress


Dining PhilosophersDining Philosophers

Five philosophers sit around a circular table. Each philosopher spends his life alternately thinkingand eating. In the centre of the table is a large bowl of spaghetti. A philosopher needs two forks to eat a helping of spaghetti. One fork is placed between each pair of philosophers and they agree that each will only use the fork to his immediate right and left.

0

1

23

40

1

2

3

4


Dining PhilosophersDining Philosophers

Each FORK is a shared resource with actions getand put.When hungry, each PHIL must first get his right and left forks before he can start eating.

phil[4]:PHIL

phil[1]:PHIL

phil[3]:PHIL

phil[0]:PHIL

phil[2]:PHIL

FORK FORK

FORK

FORK FORK

lef tright

right

right

right

lef t

lef t

right

lef t

lef t


Dining Philosophers Dining Philosophers -- deadlockdeadlock

This is the situation where all the philosophers become hungry at the same time, sit down at the table and each philosopher picks up the fork to his right. The system can make no further progress since each philosopher is waiting for a fork held by his neighbour i.e. a wait-for cycleexists!

Trace to DEADLOCK:phil.0.sitdownphil.0.right.getphil.1.sitdownphil.1.right.getphil.2.sitdownphil.2.right.getphil.3.sitdownphil.3.right.getphil.4.sitdownphil.4.right.get


DeadlockDeadlock--free Philosophersfree Philosophers

Deadlock can be avoided by ensuring that a wait-for cycle cannot exist. How?

Introduce an asymmetry into our definition of philosophers.

Use the identity I of a philosopher to make even numbered philosophers get their left forks first, odd their right first.


Safety and livelinessSafety and liveliness

Two complementary sets of correctness concerns:safety :

nothing bad happens to an object: ensure consistent object statessafety failure: things start going wrong

liveliness : something good eventually happens within an activity : making progress, no deadlocksliveliness failure: things stop running

common engineering priority: safety ( better nothing happens than something dangerous)due to efficiency issues often the selectively sacrifying safety forliveness is done, example: it may be acceptable for visual displays to show nonsense in between if you are confident that this state of affairs soon will be corrected.


Safety and Safety and livenesslivenessExample Example -- SingleLaneBridgeSingleLaneBridge

A bridge over a river is only wide enough to permit a single lane of traffic. Consequently, cars can only move concurrently if they are moving in the same direction. A safety violation occurs if two cars moving in different directions enter the bridge at the same time. liveliness: Does every car eventually get an opportunity to cross the bridge?


SafetySafety

typical failures:(race conditions)read/write conflicts: 1 thread reads a value of a field, while another writes it, the value, seen by the reading thread- hard to predict, depends on, who won the racewrite/write conflicts: 2 threads write to the same field, who will win the race?

Possible results:a graphical object is shown on a place , where it never wasa bank account is incorrect after the attempt to withdraw money in the midst of an automatic transfer

Build a guaranteed safe system: to arrange that no objects ever execute any methods, and thus conflicts can never encounter Not a very productive form of programming--> safety concerns must be balanced by liveliness concerns


Liveliness : activities fail to make progressLiveliness : activities fail to make progress

liveliness failures:Normally these are temporary blocks, which are acceptable for a certain amount of time:Locking: a synchronized method blocks one thread because another thread holds the lockwaiting: a method blocks (Object.wait) waiting for an event, message or condition that has yet to be produced by another threadinput: an IO-based method waits for input from another process/deviceCPU contention: CPU is occupied by other threads or separate programsFailure: a method running in a thread gets an exception, error or fault


Liveliness : permanent lack of progressLiveliness : permanent lack of progress

Deadlock : circular dependencies among locksmissed signals: a thread started waiting after a notification to wake up was producednested monitor lockouts: a waiting thread holds a lock that would be needed by any other thread to wake it upLivelock: a continuously retried action continuously failsStarvation: the JVM(OS fails ever to allocate CPU time to a thread (scheduling policies)resource exhaustion: finite number of resources : a group of threads try to share, one of them needs additional resources, but no other gives one updistributed failure: a remote machine, connected by a socket serving InputStream crashes


AgendaAgenda






Safe concurrent design Safe concurrent design -- rulesrules

a type checked program might not be correct, but does not do anydangerous things (like misinterpret a float value as an object)similarly a safe concurrent design might not have the intended effect, but at least it never encounters errors due to corruption of representations by contending threadstype safety can be checked by compilersmultithreaded safety cannot be checked automatically, but must rely on programmers discipline !!Needs careful engineering practices

main goal: consistent state of all objects ( and their fields)All fields of all objects must have meaningful and legal stateshard to find out, what exactly does “legal” mean in a particular class?


Safe concurrent design Safe concurrent design -- How to?How to?

2 general approaches for dealing with context dependence:1) minimise uncertainty by closing off parts of systems2) establish policies and protocols that enable components to become or remain open


Safe concurrent design Safe concurrent design -- Open systems Open systems

Infinitely extendable, may load unknown classes dynamicallyallows sub classes to overwrite any methodshare common resources across threadsuse reflection to discover and invoke methodsfull static analysis impossiblemust rely on documented policies and protocols =design rules

The NinJo Pac client framework is open - is a partial closing of subsystems (agents) possible?


Safe concurrent design Safe concurrent design -- Closed subsystemsClosed subsystems

Restricted external communicationall interactions inward and outward: through a narrow interface

deterministic internal structure: the concrete nature (and ideally, number) of all objects and threads comprising the subsystem are statically known. Keywords final and private can be used to help enforce this

embedded systems often composed as collections of closed modules

open / closed systems both are challenging to carry out, but have opposite effects!


AgendaAgenda






Why using Threads in SWING driven programs?Why using Threads in SWING driven programs?

all GUI actions start in the Swing Event Thread (inside actionPerformedor propertyChanged methods)while running these actions the event thread is blocked if the event thread is blocked- no repaint (animation) can take placeTo perform a time-consuming task without locking up the EDT we need threads:examples:

extensive calculations, do something, that results in many classes being loaded (initialisation)loading data from network or from huge or lot of files to wait for messages from clients


SWING and Threads :SWING and Threads :Basic Swing concepts reviewBasic Swing concepts review

First, when the user interacts with Swing components, whether he/she is clicking on a button or resizing a window, the Swing toolkit generates event objects that contain relevant event information, such as event source and event IDThe event objects are then placed onto a single event queue ordered by their entry time.While that happens, a separate thread, called the event-dispatch thread, regularly checks the event queue's state. As long as the event queue is not empty, the event-dispatch thread takes event objects from the queue one by one and sends them to the interested parties (e.g. event listeners). Finally, the interested parties react to the event notification by processing logic such as event handling or component painting. Next slide illustrates how this works.


• user action-> SwingToolkit generates event objects (event source, event Id,..)

• single event queue, events ordered by entry time

Swing and Threads Swing and Threads : : Swing eventSwing event--dispatch modeldispatch model


If using Threads in SWING driven programsIf using Threads in SWING driven programs--

You will have to concern about all thread safety issues in your design !


NinJo NinJo -- an open system an open system

NinJo: PAC client framework is an open system you load unknown classes per XML configurationreflection is usedmethods can be overwrittenInfinitely (!) extendable

To introduce Concurrency in such a system now is a challenge !Why do we have to do this at all?

One reason is the SWING GUI concept, see next slidesanother reason is:We have event client threads, waiting for being alarmed from our Automon monitoring system- thus the threads are already there and we have to deal with concurrency (thread safety) anyway..We want to make profit out of our 2 processor client hardware


NinJo NinJo -- Thread safety design rules Thread safety design rules

NinJo policies:Framework safety:

parts of the frameworks are “Closed” by using the “final” and “private” keywordsusage of Template design pattern for correct code sequences AND thread/job controlling

design rules Thread control is done centrally (in Toplevel PAC agents)No arbitrary thread creation allowed, jobs are queued for each Scene(Map) separately, only 1 job is done for each scene at a timeseparation of GUI/Non GUI code in all components is a design rule

Usage of Doug Lea classes for the thread/job control itself


NinJo NinJo -- Thread per Scene Thread per Scene


NinJo NinJo -- Thread per Scene Thread per Scene

Documents

Haucke