Abstract

There are two problems with this approach. Firstly, porting multi-threaded applications from shared memory multiprocessors to distributed object systems requires a lot of redesign and reprogramming, because the semantics of both models are different. And secondly, multi-threaded programming has a bad image among developers because it can lead to some errors which are devilishly hard to find.

The goal of this research is to promote a new structured approach to concurrent programming. This approach is based on a new programming model called safe-threads which offers a uniform semantics for both shared memory mutiprocessors and distributed memory machines. We claim that our approach is structured because it ensures the mutual exclusion of safe-threads when manipulating the same object and therefore it eliminates the source of programming errors which are the most difficult to find.

The problem of mutual exclusion

A widely accepted design decision for concurrent languages has been to delegate the responsability of ensuring the mutual exclusion of threads to the programmer (through locks, semaphores or monitors variants for example), opening the door to the fearsome programming errors mentioned above. For this reason, it can be argued that modern concurrent programming languages are unstructured.

In the seventies, Brinch Hansen and C.A.R. Hoare pionnered researches on structured concurrent programming by introducing the critical region[Brinch72] and the monitor[Hoare74] concepts. These were structured constructions for concurrent languages because they ensured always the mutual exclusion of threads while performing operations on share data. Unfortunately, as stated by Brinch Hansen in [Brinch99], those researches have been ignored in recent concurrent languages (as in Java for example).

The model of safe-threads

These critics motivated us to conceive a new model of concurrency for object oriented languages. We have named this model as safe-threads because we claim that it allows safer programming than with traditional threads. Safe-threads are based on the original concept of monitors and the remote method invocation of Java.

From a conceptual point of view, the main idea of the safe-threads model consists in visualizing the runtime environment as a large number of logical machines, each one executing a process communicating to other processes through remote method invocations (as in Java RMI or CORBA). A logical machine works conceptually as a true machine with its own memory for allocating objects and with its own single processor to execute threads. The logical machine also acts like a monitor executing remote calls one at a time. This ensures that the threads will mutually exclude while running on the same logical machine.

From the implementation point of view, the model can be implemented efficiently in a shared memory multiprocessor by placing all logical machines in the same physical address space (typically a Unix heavy process with multiple threads). This approach will introduce much less overhead than placing each logical machine in an independent address space. On distributed memory machines (such as clusters or networks of workstations) the model can be implemented by partitioning the set of logical machines and placing each partition on one physical address space of one processor.

The design methodology behind the safe-threads model consists in decomposing a complex system in a multitude of components (active or pasive), each one executing on a logical machine and communicating with objects living in others components through remote invocations. These components are like heavy processes from a conceptual point of view but are light-weight in implementation.

The light-weight implementation of the model of safe-threads makes possible to create a large number of this components because their overhead in memory usage and execution time is minimal when compared with the same components implemented with traditional threads. For example, a remote invocation of an object living in the same physical address space of the caller can be implemented with an overhead as low as the overhead of the invocation of a synchronized method in Java.

On the other hand, the safe-threads allows the programmer to not worry about the physical location of two interacting components. If a method invocation refers to an object living in another component, the semantics of parameter passing is the same for the case in which the object lives in the same physical address space or when it belongs to another physical machine. This means that object parameters are passed by reference when they have a remote interface and by copy in any other case (as occurs with Java RMI).

Moreover, each component has its own set of class variables (static variables in Java). They will never share class variables even when they live in the same physical address space, to guarant a uniform behavior with the case when they live in different address spaces.

The disadvantages of the model of safe-threads

With traditional threads programmers can avoid to synchronize threads in places where no inconsistent state can be reached. In other cases, programmers can implement readers and writers type of synchronization. In this way, the programmer can increase the available concurrency of the application. A programmer is not allowed to decide on these optimizations with the model of safe-threads.

One way to circumvent this inconvinience of the model of safe-threads is to make the components more fine-grain.

Goals of this research

The specific goal is to implement a dialect of Java where the traditional model of threads has been replaced with the model of safe-threads. This dialect is completely compatible with standard Java for strictly sequential programs, but incompatible for multi-threaded ones. Unfortunately, keeping the compatibility with the standard Java threads would keep also their fragility.

The implementations of safe-threads

This implementation has served as a proof of concept: to show that safe-threads can be implemented. It is also possible to write and test programs that use safe-threads.

The main problem with this implementation is that it is too slow, because the modifications work for the kaffe interpreter only, not the jit compiler.

New research directions

• A preprocessor of Java sources: it consists in building a preprocessor which takes sources of programs written in Java enriched with safe-threads and produces standard Java programs (using normal threads).

  Daniel Romero has been working on this approach, building a preprocessor with the help of JavaCC and Java Tree Builder. One of the main conclusions of his work is that descendent parsers (like those generated by JavaCC) are not well suited for semantic analisys. Therefore the need to reprogram the preprocessor with a generator of ascendent parsers (like SableCC).

  The most complex work here is to perform the type analisys of the sources. This analysis is needed to be able to detect all the cases where the invariants of the safe-thread model could be violated and hence generate safe Java code.

• Transforming Java bytecodes: The main idea is to keep sources untouched but to transform the .class files generated by javac (the Java compiler). To help with this work, it exists JavaClass, a Java library which allows to read, decode and transform the .class files.

  This approach is probably the simplest way to implement the safe-threads model, because there is no need to perform type analysis, no complex sintax to work with, etc. The implementation must only transform certain JVM instructions into sequences of instructions which ensure the invariants of the safe-threads model.

• The implementation of safe-threads for a network of workstations: it consists in programming the runtime system which is needed to allow truly distributed objects supporting the model of safe-threads. It supposes the existence of an implementation of safe-threads for a mono-processor (through a preprocessor or a bytecode translator). The idea is to modify the safe-thread new classes so that the object can reside in different machines.

• The integration of Ada's rendez-vous with safe-threads: it consists in adding a select statement to Java, to incorporate the rendez-vous concept in Java. The rendez-vous is elegant way to integrate the concept of communication, sinchronization and guarding in just one statement.

Bibliography

• [Mateu99] Luis Mateu y José M. Piquer, Safe-Threads: a New Model for Object-Oriented Multi-Threaded Languages, Proc. of the XIX Conference of the Chilean Society of Computer Science, Talca, November 1999.

  In this paper we introduce the model of safe-threads as a way to program robust multi-threads applications. We explain what is the problem with traditional threads and describe from a conceptual point of view our model of safe-threads. We also discuss the decisions that we took when designing the model and why.

  Our model is based on the ideas of remote method invocation (RMI) and Hoare's monitors.

• [RMI'99] Sun Microsystems, Java Remote Method Invocation(RMI), http://java.sun.com/j2se/1.3/docs/guide/rmi/index.html, 1999.

• [Hotz99] L. Hotz and M. Trowe, NetClos - Parallel Programming in Common Lisp, in PDPTA, Las Vegas, 1999.

  This paper describes an extension of Common Lisp for programming object oriented distributed applications. The first goal of the authors in this work was distributed transparency instead of robustness, but they obtain a programming model which is conceptually very close to what we have done for Java.

  The paper can be downloaded here.

• [Fargo99] O. Holder, I. Ben-Shaul and H. Gazit, Dynamic Layout of Distributed Applications in FarGo, Proceedings of the 21st International Conference on Software Engineering (ICSE'99), Los Angeles, CA, USA, May 1999, pp 163-173.

  This is a Java environment for programming distributed applications based on mobile components. As in NetClos the main goal is transparent distribution. The concept of mobile component here is comparable to the LJVMs of our safe-thread model.

  The home page of the project is in http://www.dsg.technion.ac.il/fargo/.

• [Lea96] Doug Lea, Concurrent Programming in Java - Design Principles and Patterns, Addison Wesley, 1996.

  This is the best book that I have read about concurrent programming in Java. For a basic introduction of the perils of concurrency I recommend specially reading the chapters 2 and 3. For understanding the basis of synchronization read the chapter 4.

• [Brinch99] Per Brinch Hansen, Java´s Insecure Parallelism, ACM Sigplan Notices, V. 34, N. 4, pp. 38-45, April 1999.

  In this paper the author examines the synchronization features of Java and finds that they are insecure variants of his earliest ideas in parallel programming published in 1972-73. The claim that Java supports monitors is shown to be false. The author concludes that Java ignores the last twenty-five years of research in parallel programming languages.

• [Brinch72] Per Brinch Hansen, Structured Multiprogramming, Communications of the ACM, V. 15, N.7, pp. 574-578, July 1972.

  This and the next two papers are important for historical reasons. They are the most important research in structured concurrent programming.

  This paper presented the syntax construct known as critical regions in classic books on operating systems design. This construct was a proposal for structured representation of multi-threaded programming in high level languages. The main characteristic of critical regions is that they ensure the mutual exclusion of threads when manipulating shared data.

• [Hoare74] C. A. R. Hoare, Monitors: An Operating System Structuring Concept, Communications of the ACM, V. 17, N. 10, pp. 549-577, October 1974.

  Monitors are another well known syntax construct for ensuring the mutual exclusion of multi-threaded programs. Java monitors are a mix between Hoare's monitors and Brinch Hansen's regions, but sacrifying the robustness because they don't ensure mutual exclusion: it is the responsability of the programmer to find the place where synchronization is needed.

• [Hoare78] C. A. R. Hoare, Communicating Sequential Processes, Communications of the ACM, V. 21, N. 8, pp. 666-677, August 1978.

  This work is a departure from monitors and regions. It introduces a syntax notation to describe parallel algorithms. The author models parallel programs as multiple processes which don't share any data, but communicate through messages.

• [Birrel93] Andrew Birrell, Greg Nelson, Susan Owicki and Edward Wobber, Network Objects, SRC Research Report 115, Digital System Research Center, 1993.

  This paper shows a simple way to implement distributed object systems such as Java RMI. Moreover, I suspect that Java RMI is based entirely on this paper. The only problem is that all the code is written in Modula-3 which is unknown for most people. But don't be affraid about that.

• [Black87] Andrew Black, Norman Hutchinson, Eric Jul, Henry Levy and Larry Carter, Distribution and Abstract Types in Emerald, IEEE Transactions on Software Engineering, V. 13, N. 1, pp. 65-76, January 1987.

  This paper shows the first system of distributed objects. It was a very ambitious project, designing a completely new language from scratch.

• [Brinch75] Per Brinch Hansen, The Programming Language Concurrent Pascal, IEEE Transactions of Software Engineering, pp. 199-207, June 1975.

• [Corba95] Object Management Group, The Common Object Request Broker: Architecture and Specification (Revision 2.0), Object Management Group (OMG), Framingham, MA., July 1995.

• [Java96] Ken Arnold and James Gosling, The Java Programming Language, Addison-Wesley, 1996.

• [Kiczales97] Gregor Kiczales, John Lamping, Anurag Mendhekar, Chris Maeda, Cristina Videira Lopes, Jean-Marc Loingtier and John Irwin, "Aspect-Oriented Programming", Proc. of the European Conference on Object-Oriented Programming (ECOOP´97), Findland, Springer-Verlag LNCS 1241, pp. 220-242, June 1997.

• [Piquer95], J. M. Piquer, "A Re-Implementation of TransPive: Lessons from the Experience", Proc. Parallel Symbolic Languages and Systems (PSLS´95), LNCS 1069, Vol. I, pp. 310-329, Springer-Verlag, Beaune, France, October 1995.