Re: SingletonFactory and safe publication
On 12/3/2014 9:51 AM, Eric Sosman wrote:
On 12/2/2014 6:52 PM, Arne Vajh?j wrote:
On 12/2/2014 6:20 PM, Eric Sosman wrote:
On 12/1/2014 9:16 PM, John wrote:
Hi:
I am reading this
article(http://shipilev.net/blog/2014/safe-public-construction/). It
says the following code is GOOD:
public class SafeDCLFactory {
private volatile Singleton instance;
public Singleton get() {
if (instance == null) { // check 1
synchronized(this) {
if (instance == null) { // check 2
instance = new Singleton();
}
}
}
return instance;
}
}
I feel disagree, by learning from this
article(http://en.wikipedia.org/wiki/Double-checked_locking).
Brian Goetz agrees that this code is incorrect, calling it
"a commonly suggested nonfix." He explains that although the
accesses to `instance' will be consistent because `volatile'
ensures it, any accesses to the member variables of the new
Singleton are *not* consistent (unless they are `volatile', too).
You could get a sequence like this:
Thread T1 finds `instance' null, obtains the lock, finds
that `instance' is still null, and calls the constructor.
The constructor (running in T1) stores initial values in
the member variables of the new Singleton. We presume
that at least some of these variables are not `volatile'.
The constructor finishes, and now T1 stores the new
reference to `instance'. Because `instance' is `volatile',
T1 ensures that the new value is actually flushed from
store buffers and write caches and so on, and appears in
stable memory.
Thread T2 now finds `instance' non-null, and starts using
it to refer to the Singleton's member variables (either
directly or by calling the Singleton's methods).
Unfortunately, the values stored by Singleton's constructor
may still be sitting in caches and what-not, and may not yet
have been flushed to stable memory. Even if the constructor
running in T1 stored 42 in some member variable, T2 may
read the value as zero.
... because there is no "happens-before" between T1's storing
of the value and T2's reading of it.
In short, making sure that `instance' is safe is not sufficient;
you also need to worry about everything `instance' refers to, directly
or indirectly.
http://www.javaworld.com/article/2074979/java-concurrency/double-checked-locking--clever--but-broken.html
But that is with the pre-5 memory model (the article is from 2001).
They changed the treatment of volatile in the memory model
in Java 5.
Or have I misunderstood something?
After a fair amount of studying JLS Chapter 17, my conclusion is:
"My head hurts." :(
17.4 describes the memory model, and the first part is not too
difficult for my comprehension: actions, program order, synchronization
order, happens-before order -- all these make sense to me. Somewhere
near the end of 17.4.5, though, I start to bog down: The JLS starts
talking about whether a read is "allowed" to see the effect of a write,
whether a set of actions is "happens-before consistent," whether an
execution is "well-formed," and so on. Just when it looked (to me)
like we'd reached the end of the story by defining happens-before,
the story continues in a way that makes my head ache ...
So I turned to the less formal but more readable "Java Concurrency
in Practice" by Goetz et al., and found something understandable:
"Subsequent changes in the JMM (Java 5.0 and later) have enabled
DCL to work if `resource' is made `volatile', ..."
... indicating that you're right and I was wrong.
I think the JSR 133 FAQ is easy to understand as well:
http://www.cs.umd.edu/~pugh/java/memoryModel/jsr-133-faq.html
<quote>
Volatile fields are special fields which are used for communicating
state between threads. Each read of a volatile will see the last write
to that volatile by any thread; in effect, they are designated by the
programmer as fields for which it is never acceptable to see a "stale"
value as a result of caching or reordering. The compiler and runtime are
prohibited from allocating them in registers. They must also ensure that
after they are written, they are flushed out of the cache to main
memory, so they can immediately become visible to other threads.
Similarly, before a volatile field is read, the cache must be
invalidated so that the value in main memory, not the local processor
cache, is the one seen. There are also additional restrictions on
reordering accesses to volatile variables.
Under the old memory model, accesses to volatile variables could not be
reordered with each other, but they could be reordered with nonvolatile
variable accesses. This undermined the usefulness of volatile fields as
a means of signaling conditions from one thread to another.
Under the new memory model, it is still true that volatile variables
cannot be reordered with each other. The difference is that it is now no
longer so easy to reorder normal field accesses around them. Writing to
a volatile field has the same memory effect as a monitor release, and
reading from a volatile field has the same memory effect as a monitor
acquire. In effect, because the new memory model places stricter
constraints on reordering of volatile field accesses with other field
accesses, volatile or not, anything that was visible to thread A when it
writes to volatile field f becomes visible to thread B when it reads f.
</quote>
Arne