Design of Multithreaded Software

JWBS051_Prelims.indd iJWBS051_Prelims.indd i 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

Press Operating Committee

ChairLinda Shafer

former Director, Software Quality Institute The University of Texas at Austin

Editor-in-ChiefAlan Clements

ProfessorUniversity of Teesside

Board Members

Mark J. Christensen, Independent ConsultantJames W. Cortada, IBM Institute for Business Value

Richard E. (Dick) Fairley, Founder and Principal Associate, Software Engineering Management Associates (SEMA)

Phillip Laplante, Professor of Software Engineering, Penn State UniversityEvan Butterfi eld, Director of Products and Services

Kate Guillemette, Product Development Editor, CS Press

IEEE Computer Society Publications

The world-renowned IEEE Computer Society publishes, promotes, and distributes a wide variety of authoritative computer science and engineering texts. These books are available from most retail outlets. Visit the CS Store at http://computer.org/store for a list of products.

IEEE Computer Society / Wiley Partnership

The IEEE Computer Society and Wiley partnership allows the CS Press authored book program to produce a number of exciting new titles in areas of computer science, computing and networking with a special focus on software engineering. IEEE Computer Society members continue to receive a 15% discount on these titles when purchased through Wiley or at wiley.com/ieeecs

To submit questions about the program or send proposals please e-mail kguillemette@computer.org or write to Books, IEEE Computer Society, 10662 Los Vaqueros Circle, Los Alamitos, CA 90720-1314. Telephone +1-714-816-2169.

Additional information regarding the Computer Society authored book program can also be accessed from our web site at http://computer.org/cspress.

JWBS051_Prelims.indd iiJWBS051_Prelims.indd ii 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

DESIGN OF MULTITHREADED SOFTWAREThe Entity-LifeModeling Approach

Bo I. Sandén

A John Wiley & Sons, Inc., Publication

JWBS051_Prelims.indd iiiJWBS051_Prelims.indd iii 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

Java® is a registered trademark of Sun Microsystems, Inc. LEGO® is a registered trademark of the LEGO Group. POSIX® is a registered trademark of IEEE.UML® is a registered trademark of Object Management Group, Inc. UNIX® is a registered trademark of The Open Group.

Copyright © 2011 by the IEEE Computer Society

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. All rights reserved

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available.

ISBN 978-0470-87659-6

Printed in Singapore

oBook ISBN: 978-0470-90491-6ePDF ISBN: 978-0470-90490-9

10 9 8 7 6 5 4 3 2 1

JWBS051_Prelims.indd ivJWBS051_Prelims.indd iv 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

Contents

CONTENTS v

Foreword xvPreface xvii

I Foundations 1

1 Introduction 31.1 Entity-Life Modeling 3

1.1.1 Reactive Systems 5

1.2 Overview of This Book 5

1.3 Multithreading 6*1.3.1 Preemptive and Nonpreemptive Threading 71.3.2 Using Threads 7

1.3.2.1 Thread Scheduling 81.3.2.2 Message Passing 81.3.2.3 A Different Mindset 9

1.4 Engineering the Intangible 91.4.1 Software Architecture 10

1.4.1.1 Thread Architecture 101.4.2 Conceptual Integrity 11

1.4.2.1 The Key Idea of an Architecture 12*1.4.3 Analogical Modeling 12

1.5 The Development Process 131.5.1 ELM in the Development Process 141.5.2 Analysis and Design 151.5.3 Design Upfront 15

1.5.3.1 Refactoring 17

Contents

JWBS051_Prelims.indd vJWBS051_Prelims.indd v 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

vi CONTENTS

1.6 Unifi ed Modeling Language™ 171.6.1 Requirements Elicitation: Use Cases 18

1.6.1.1 Actors and Use Cases in Reactive Systems 181.6.1.2 Using State Modeling to Capture Use-Case Flows 19

1.6.2 UML’s Logical View 191.6.2.1 Static Structure: Class Diagrams 191.6.2.2 Dynamic Structure: Sequence and Communication

Diagrams 20

1.7 Conclusion 22

2 Support for Multithreading 252.1 Introduction 25

2.1.1 Basic Multithreading and Synchronization Concepts 262.1.1.1 Threads 262.1.1.2 Safe Objects and Synchronization 27

2.1.2 Multithreading in High-Level Languages 282.1.2.1 Java 292.1.2.2 Ada 29

2.1.3 Threads and Processes 312.1.4 Exclusion and Condition Synchronization 31

2.1.4.1 Use of Exclusion Synchronization 322.1.4.2 Condition Synchronization 35

2.1.5 Interrupt Handling 38*2.1.5.1 Interrupt Priorities 38

*2.1.6 Visualizing Threads 39

2.2 Concurrency in JavaTM 392.2.1 Defi ning and Starting Java Threads 39

2.2.1.1 The sleep Statement 402.2.2 Synchronized Objects in Java 40

2.2.2.1 Synchronized Blocks 412.2.2.2 Nested, Critical Sections in Java 42

2.2.3 Condition Synchronization in Java 422.2.3.1 Placement of the Wait Loop 432.2.3.2 Notifying Waiting Threads 442.2.3.3 Timing Out the Wait 45

2.2.4 Controlling Access to Shared Domain Resources 452.2.4.1 Semaphore Solution 452.2.4.2 Monitor Solution 46

2.2.5 Real-Time Java (RTSJ) 462.2.5.1 RTSJ Thread Classes 472.2.5.2 RTSJ Interrupt Handling 472.2.5.3 Time and Timers in RTSJ 482.2.5.4 RTSJ Memory Areas 482.2.5.5 Limiting Priority Inversion in RTSJ 492.2.5.6 RTSJ: Wait-Free Queues 49*2.2.5.7 Asynchronous Transfer of Control in RTSJ 50

2.3 Concurrency in Ada 522.3.1 Defi ning and Starting Tasks 52

JWBS051_Prelims.indd viJWBS051_Prelims.indd vi 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

CONTENTS vii

2.3.1.1 Declaration of Single Tasks and Task Types 522.3.1.2 Instantiation of Task Types 522.3.1.3 Task Activation 532.3.1.4 Task Priorities 542.3.1.5 The delay Statement 542.3.1.6 Exceptions in Tasks 55

2.3.2 Protected Objects 55*2.3.2.1 Protected Interfaces 572.3.2.2 Requeuing 582.3.2.3 Conditional and Timed Entry Calls 592.3.2.4 Interrupt Handling 592.3.2.5 Timing Events 602.3.2.6 Controlling Access to Shared Domain Resources 61

2.3.3 Asynchronous Transfer of Control 622.3.3.1 Example: Bumping an FMS Job 63

*2.3.4 Rendezvous 64

2.4 Pthreads 652.4.1 Managing Pthreads 65

2.4.1.1 Example of Pthreads 662.4.2 Mutex Variables and Exclusion Synchronization 66

2.4.2.1 Example of Pthreads and Mutexes 662.4.3 Condition Variables and Condition Synchronization 672.4.4 Pthreads: Conclusion 68

2.5 Conclusion 68

Exercises 68

3 State Modeling 713.1 Introduction 71

3.1.1 State Modeling and Object Orientation 72

3.2 State-Modeling Terminology 723.2.1 States and Events 73

3.2.1.1 Time Events 74*3.2.1.2 Determinism 74

3.3 Basic State Modeling 753.3.1 A Simple Example 75

3.3.2 Guard Conditions 76*3.3.2.1 Guard Conditions Based on Modeled-Entity

Attributes 773.3.2.2 Ambient Guard Conditions 783.3.2.3 Complex Guard Conditions 783.3.2.4 Example: Traffi c Light 78*3.3.2.5 State Machines Associated with Aggregate Entities 79

3.3.3 State Tables 793.3.4 Actions and Activities 80

3.3.4.1 Actions 803.3.4.2 Activities 823.3.4.3 Actions or Activities? 83

JWBS051_Prelims.indd viiJWBS051_Prelims.indd vii 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

viii CONTENTS

3.3.4.4 Actions on Timers 83*3.3.4.5 Actions on Other Attribute Variables 84

*3.3.5 Multiple Events with the Same Effect 843.3.6 Basic State Modeling: Summary 84

3.4 Superstates 843.4.1 Exceptional Events 863.4.2 Arrows between Substate and Superstate Border 87

3.4.2.1 Superstates for Reducing Clutter 873.4.3 Activities and Internal Actions for Superstates 873.4.4 Orthogonal Composition 88

*3.4.4.1 Orthogonal States and Multithreading 893.4.4.2 Know Your States! 90

3.4.5 Additional Superstate Concepts 91*3.4.5.1 History Marker 91*3.4.5.2 Overlapping Superstates 91

3.5 Examples 923.5.1 Whole-House Fan 923.5.2 Code Lock 923.5.3 Car Window 94

3.6 State Modeling in Practice 953.6.1 State Diagram Layout 96

*3.6.1.1 Conversations with Materials; Backtalk 963.6.2 State Names 963.6.3 Consistent Point of View 973.6.4 Time Scale of State Models 97

*3.6.4.1 Near Instantaneity 98*3.6.4.2 State Models of Devices with Embedded Software 98

3.7 State Machine Implementation 983.7.1 Explicit State Representation 99

*3.7.1.1 Alternate Implementation: A Single Handler for All Events 100

*3.7.1.2 Other Implementations of Explicit State Representation 100

3.7.2 Implicit State Representation 101

3.8 Conclusion 102

Exercises 102

II The ELM Way 105

4 Entity-Life Modeling 1074.1 Introduction 107

4.1.1 Concurrency Structures in the Problem Domain 1084.1.2 Thread Architectures 109

4.1.2.1 Analogical Modeling 1104.1.2.2 Few But Signifi cant Thread Types 110

4.2 Modeling Software on Event Threads 111

JWBS051_Prelims.indd viiiJWBS051_Prelims.indd viii 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

CONTENTS ix

4.2.1 ELM Rationale 1114.2.1.1 Object-Oriented Modeling 1114.2.1.2 Modeling in the Time Dimension 1124.2.1.3 Time Events 113*4.2.1.4 Events Shared by Problem and Software Domains 113

4.2.2 Event Threads and Event-Thread Models Defi ned 1144.2.2.1 Data-Entry Example 115*4.2.2.2 Impractical and Counterintuitive Event-Thread

Models 116*4.2.2.3 Exceptional Events in a Thread 116

4.2.3 Concurrency Levels and Optimal Event-Thread Models 1174.2.3.1 Coincidental Simultaneity 1184.2.3.2 Concurrency Levels and Optimality 1194.2.3.3 Nonoptimal Event-Thread Models 119*4.2.3.4 Multiprocessors 120

4.2.4 Latitude for the Designer 1204.2.4.1 Accidental Constraints 1214.2.4.2 Many Simultaneous Occurrences 121

4.2.5 Design Based on Event Threads 1214.2.5.1 Design Patterns for Implementing Threads 122

4.3 Discovering and Choosing Event-Thread Models 1234.3.1 Identifying Individual Entities and Event Threads 123

4.3.1.1 Operator Threads 1234.3.1.2 Periodic Threads 1244.3.1.3 Long-Lived Threads 125

4.3.2 Example of Thread Identifi cation: Elevator System 125

4.4 Event-Thread Patterns for Resource Sharing 1284.4.1 Simultaneous Exclusive Access to Multiple Resources 1294.4.2 Example: Jukebox 130

4.4.2.1 Resource-User-Thread Model: A Thread per Customer 130

4.4.2.2 Resource-Guard-Thread Model: A Thread per Panel 1304.4.2.3 Comparison of Thread Models and Architectures 130

4.4.3 Example: Queuing System for a Bank Offi ce 1314.4.3.1 Resource-User-Thread Model: A Thread per

Customer 1314.4.3.2 Resource-Guard-Thread Model: A Thread per

Teller 1324.4.3.3 Comparison of Thread Models and Designs 132

*4.5 Portraying the World in Software 133

4.6 Conclusion 134

Appendix 4A: Summary of Terms 135

Exercises 136

5 Design Patterns Based on Event Threads 1395.1 Introduction 139

5.1.1 Software Activities and Nominal Activities 140

JWBS051_Prelims.indd ixJWBS051_Prelims.indd ix 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

x CONTENTS

5.1.1.1 Particular Kinds of Software Activity 140*5.1.2 A Note on Complexity 142

5.2 State Machines without Software activities 1425.2.1 Examples 143

5.2.1.1 Example: A Simple Fan 1435.2.1.2 Example: Window Elevator for a Car 1435.2.1.3 Example: Bicycle Odometer 145

5.3 Sequential-Activities Design Pattern 1475.3.1 Implicit State in Sequential-Activities Threads 1475.3.2 Sensing Events That May Change the State 1495.3.3 Example: Odometer as a Sequential-Activities Thread 149

5.4 Concurrent-Activities Design Pattern 1515.4.1 State Machine Safe Objects Revisited 1515.4.2 Activity Threads 153

5.4.2.1 Multiple Instances of a State Machine Safe Class 1535.4.2.2 Communication with State Machine Safe Object 1535.4.2.3 Activity-Thread Creation 154

5.4.3 Examples 1555.4.3.1 Cruise Controller 1555.4.3.2 Example: Weather Buoy 158

5.5 Communicating State Machines 1615.5.1 Communicating State Machines without Activities 161

5.5.1.1 Example: Toy Car Factory 1615.5.1.2 Example: Baggage-Handling System 164

5.5.2 Communicating State Machines with Activities 1665.5.2.1 Production Line Workstation 166

*5.5.3 Broader Use of Activity Threads 169

5.6 Conclusion 169

Exercises 170

6 Event-Thread Patterns for Resource Sharing 173

6.1 Introduction 1736.1.1 Duality of the Patterns 174

6.2 Resource-User-Thread Pattern 1746.2.1 Exclusive Access to Domain Objects 175

6.2.1.1 Implementation of Semaphores for Domain Objects 175

6.2.1.2 Implementation of Monitors for Domain Objects 1776.2.2 Programming Style 177

6.3 The Resource-Guard-Thread Pattern 1776.3.1 Queuing 1786.3.2 Resource-Independent Processing 178*6.3.3 Guard Threads Implemented as Concurrent Activities 178

6.4 Choosing and Combining Patterns 179

JWBS051_Prelims.indd xJWBS051_Prelims.indd x 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

CONTENTS xi

6.4.1 Resource-Guard Threads Doubling as Resource Users 179*6.4.1.1 One Resource-User Event Thread—A Series of Control

Threads 1806.4.2 Choosing Resource-User or Resource-Guard Threads 180

6.5 Examples with Dual Solutions 1816.5.1 Remote Temperature Sensor 181

6.5.1.1 RTS: Resource-User-Thread Solution 1826.5.1.2 RTS: Resource-Guard-Thread Solution 1836.5.1.3 RTS: Comparison of the Solutions 183

6.5.2 Home-Heating System 1836.5.2.1 Home Heater: Resource-User-Thread Solution 184*6.5.2.2 Home Heater: Dual Solution 185

6.5.3 Automated Store 1866.5.3.1 Resource-User-Thread Solution 1866.5.3.2 Resource-Guard-Thread Solution 187

6.6 Data Stream Processing 1886.6.1 Surveillance Radar Problem 1886.6.2 MIDI Problem 189

6.6.2.1 Programmable Patch Bay 189

6.7 Repository Problems 1906.7.1 Multielevator System 190

6.7.1.1 Solution Sketch 1916.7.1.2 Concurrency Levels in the Elevator Problem 192

6.7.2 Traffi c Light System 1926.7.3 Repository Problem Solutions 192

6.8 Conclusion 193

Exercises 194

7 Simultaneous Exclusive Access to Multiple Resources 1977.1 Introduction 197

7.2 The Deadlock Problem 1987.2.1 Determining That a System is Deadlock Free 1997.2.2 Deadlock Prevention 201

7.2.2.1 Resource Ordering 2027.2.2.2 Limiting the Number of Entities 2027.2.2.3 Avoiding Indefi nite Waiting 203

7.2.3 Dining Philosophers’ Problem 2057.2.3.1 Deadlock Prevention in the Philosophers’ Problem 205

7.3 Case Studies 2067.3.1 Automated Train Switchyard 206

7.3.1.1 Deadlock Analysis of the Switchyard 2087.3.1.2 Optimization 209*7.3.1.3 Realism 2097.3.1.4 Hump Yards 210

7.3.2 Flexible Manufacturing System 2107.3.2.1 Deadlock Prevention in the FMS 212

JWBS051_Prelims.indd xiJWBS051_Prelims.indd xi 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

7.3.2.2 Job-Thread Solution for the FMS 2137.3.2.3 Workstation-Thread Solution for the FMS 2157.3.2.4 Other FMS Solutions 217

7.3.3 AGV System Simulation 2187.3.3.1 Solution Sketch for the AGV System 2187.3.3.2 Complications 219

7.4 Heuristics 2207.4.1 Entities Driving the Process 220

7.4.1.1 Anthropomorphism? 221

7.5 More on Deadlock and Its Prevention 2217.5.1 Deadlock with and without Threads 2217.5.2 Deadlock Involving Internal Software Resources 2227.5.3 Expanding an ELM Architecture 2227.5.4 Problems without Apparent Resources 2237.5.5 Acquiring All Resources Ahead of Time 224

7.6 Conclusion 224

Exercises 225

III Background and Discussion

8 Real-Time Software Architectures and Data-Flow Design Approaches 231

8.1 Introduction 231

8.2 Real-Time Architectures 2328.2.1 Cyclic Executive 232

8.2.1.1 Cyclic Executive Implementations with Threads 2338.2.2 Periodic Threads 234

8.2.2.1 Rate-Monotonic Scheduling 2348.2.3 Dynamically Scheduled Threads 2368.2.4 Requirements Representations versus Architectures 237

8.3 Data-Flow Design Approaches 2388.3.1 Structured Analysis 238

8.3.1.1 Strengths and Weaknesses of Structured Analysis 2398.3.1.2 Design and Implementation Based on Data Flow 2408.3.1.3 Real-Time Structured Analysis 241

8.3.2 Data-Flow Threading 2428.3.2.1 Mascot 2428.3.2.2 Data Flow and Object Orientation 2438.3.2.3 Advantages of Data-Flow Threading 2438.3.2.4 Drawbacks of Data-Flow Threading 244

8.3.3 Example Approach: COMET 2488.3.3.1 Steps 1 and 2: Designing High-Level Architecture;

Structuring Subsystems 2498.3.3.2 Step 4: Structuring the Threads 2498.3.3.3 Step 6: Designing Classes 2508.3.3.4 Step 7: Detailed Design 250

xii CONTENTS

JWBS051_Prelims.indd xiiJWBS051_Prelims.indd xii 12/9/10 5:04:45 PM12/9/10 5:04:45 PM

8.3.4 COMET Solution for the Cruise Controller 2508.3.4.1 Cruise Controller Software Architecture 2518.3.4.2 Thread Structuring 2528.3.4.3 Thread Interfaces 2528.3.4.4 Comparison with ELM 253

8.4 Conclusion 255

9 The Origins of Entity-Life Modeling 2579.1 Introduction 257

9.2 Early Experiences with Software Development 2589.2.1 Systems Programming 2599.2.2 Multithreading 259

9.3 The Jackson Methods 2609.3.1 Jackson Structured Programming 261

9.3.1.1 Structure of Data 2619.3.1.2 Program Control Structure 2629.3.1.3 Programs Based on Combined Data Tree Diagrams 2639.3.1.4 Structure Clashes 2649.3.1.5 Real-Life JSP Example 2659.3.1.6 The Diffi cult and the Simplistic 265

9.3.2 Implicit State Representation 2669.3.3 Explicit State Representation 267

*9.3.3.1 Inversion with Respect to Event Threads 2679.3.4 JSD, Threading, and ELM 2689.3.5 Reconciling the Object and Process Models 269

*9.4 Formal Models and Methods 2709.4.1 Process Algebra 2709.4.2 Other Formalism 2709.4.3 The Need for Formalism 2719.4.4 Concurrency in Other Languages 271

9.5 Software Patterns 2729.5.1 ELM Patterns 273

9.5.1.1 Event-Thread Patterns for Resource Sharing 2739.5.1.2 State Machine–Related Design Patterns 274*9.5.1.3 Distinction between Event-Thread and Design

Patterns 274

9.6 Conclusion 274

Exercises 275

Glossary 279

References 283

Index 293

CONTENTS xiii

JWBS051_Prelims.indd xiiiJWBS051_Prelims.indd xiii 12/9/10 5:04:46 PM12/9/10 5:04:46 PM