views:

214

answers:

6

Hi

I make a tool and provide an API for external world, but I am not sure whether it is thread safe. Because users may want t use it in multiple-thread environment. Is there any way or tool that I can use to verify whether my API is thread safe in Java?

+1  A: 

You can always stress-test it with tools like jmeter.

But the main problem with threads is that they're mostly unpredictable, so even with stress-tests etc. you can't be 100% sure that it will be totally thread safe.


Resources :

Colin Hebert
JMeter (and pretty much every other tool) can help you uncover problems, but it can never verify that your code is correct (especially with multithreaded code).
Joachim Sauer
@Joachim Sauer, Exactly what I'm saying. It won't show thread-safety problems but it can uncover some.
Colin Hebert
Tests like those are like unit tests... they can't tell you where your code is correct, they can only tell you where it's broken. That doesn't make them any less useful though :)
RHSeeger
+17  A: 

No. There is no such tool. Proving that a complex program is thread safe is very hard.

You have to analyze your program very carefully to ensure that is thread safe. Consider buying "Java concurrency in practice" (very good explanation of concurrency in java).

Arne
+6  A: 

Stress tests, or static analysis tools like PMD and FindBugs can uncover some concurrency bugs in your code. So these can show if your code is not thread-safe. However they can never prove if it is thread-safe.

The most effective method is a thorough code review by developer(s) experienced in concurrency.

Péter Török
Using jMeter, while not bulletproof, does help identify implementation stupidities. I ran into threading issues because some class deep down had a static SimpleDateFormat object that was being used to generate date parameters for SQL queries. The underlying driver, at one point, started complaining about invalid date parameters, which helped my identify this particular problem.
unsquared
A: 

You cannot and never will be able to automatically proof that a program is threadsafe anymore that you can prove that a program is correct (unless you think you solved the halting program, which you didn't).

So, no, you cannot verify that an API is threadsafe.

However in quite some case you can prove that it is broken, which is great!

You may also be interested in automatic deadlock detection, which in quite some case simply "just work". I'm shipping a Java program on hundreds of desktops with such a deadlock detector installed and it is a wonderful tool. For example:

http://www.javaspecialists.eu/archive/Issue130.html

You can also stress test your application in various ways.

Bogus multi-threaded programs tend to not work very well when a high load is present on the system.

Here's a question I asked about how to create easily create a high CPU load on a Un*x system, for example:

http://stackoverflow.com/questions/2443810

Webinator
Proving a single finite, non-arbitrary program lacks certain defects is not an example of a halting-equivalent problem. Otherwise there would be no such things as a type-checking compiler.
soru
A: 

This is a variant (or so called "reduction") of the Halting Problem. Therefore it is provably unsolvable. for all non-trivial cases. (Yes, that's an edit)

That means you can find errors by any usual means (statistics, logic) but you can never completely prove that there are none.

Kdansky
This is obviously wrong: a single threaded program is always threadsafe, and a verifier that simply checks for threading api calls will detect non-single threaded program 100% of the time.
soru
@soru: you're right. It's not solvable *in general*, while *specific cases* (such as trivial programs with a single operation) can be proven correct. Unfortunately those trivial enough to be easily proven are usually not interesting enough ;-)
Joachim Sauer
In my experience, it is pretty starightforward to divide programs into two classes:
soru
Those that are statically checkable, and those that need to be deleted and their authors fired
soru
+1  A: 

I suppose those people saying proving an arbitrary multithreaded program is thread-safe is impossible are, in a way, correct. An arbitrary multithreaded program, coded without following strict guidelines, simply will have threading bugs, and you can't validly prove something that isn't true.

The trick is not to write an arbitrary program, but one with threading logic simple enough to possibly be correct. This then can be unambiguously validated by a tool.

The best such tool I'm aware of is CheckThread. It works on the basis of either annotations, or xml config files. If you mark a method as '@ThreadSafe' and it isn't, then you get a compile-time error. This is checked by looking at the byte code for thread-unsafe operations, e.g. reads/write sequences on unsynchronised data fields.

It also handles those APIs that require methods to be called on specific threads, e.g. Swing.

It doesn't actually handle deadlocks, but those can be statically eliminated without even requiring annotation, by using a tool such as Jlint. You just need to follow some minimal standards like ensuring locks are acquired according to a DAG, not willy-nilly.

soru