C++ and finally

Almost two months ago, Danny Kalev wrote a piece regarding adding finally to C++. Unlike Danny, however, I think this is a great addition to C++.

Danny has a good point that part of the reason that finally exists in garbage collected languages is that they lack a destruction mechanism that allows for cleaning up. For example, a common use of finally in Java is with files, sockets, and other such resources to ensure that the resource is guaranteed to be released (since the finalizer is not guaranteed to be ran). In C#, this could be done via the using keyword and hopefully in a future release on Java, a similar mechanism will exist that would allow the same behaviour.

But I think that there is a certain amount of value to adding such a feature to the language. For example, if you wanted to have a code segment display a log message at the end of a method, you would need to do something like:

• class Trace {
• public:
•  Trace() {
•     // ... maybe display something or grab a statistics
• }
•  ~Trace() {
•     // ... log something or accumulate
• }
•  
• void myFunc() {
•   try {
•     Trace t;
•     // ... do something
•   } catch ( ... ) {
•     // ... handle it
•   }
• }

For a general purpose tracing class, this would be, by far, the best approach. But for a specific operation that is done for one specific method, I think that the code above is not as readable as the same code written using a finally, even in the case where the statements in the finally explicitly call a function.

Said another way, the for keyword is equally redundant, since the 1998 C++ ISO Standard states in section 6.5.3 that the statement for ( for-init-statement ; condition ; expression ) statement is equivalent to:

• {
•   for-init-statement
•   while ( condition ) {
•     statement
•     expression ;
•   }
• }

But while the latter is equivalent to the former, there is a certain readability value that comes with the for statement that it is a welcomed keyword.

I feel that the addition of the finally keyword would have the same benefits. It is easily implemented in terms of existing infrastructure quite similar to the for example above is. It has adds increased readability, particularly for cases where the creation of a class would consume many more lines than a line or two in a finally block. Lastly, I think that there is a huge benefit to people using C++ that are accustomed to using other languages; the familiarity with this feature would permit such developers to concentrate on other, more important C++ features instead of trying to figure out how to get around the perceived lack of this feature. I think these benefits outweigh the cons of adding a new keyword, and I welcome the change.

Adapting for Concurrency...

Herb Sutter gave a talk on concurrency at PARC earlier this week, and the Audio, Video, and Slides are available.

Where as even up to a few years ago, multiple processor (and multiple core) machines were only available for niche markets, the talk highlights the fact that very soon multiple core machines will be everywhere. This is very exciting, however, we must change how we develop our applications to take advantage of this. From this perspective, it is not just simply using the existing tools that we have such as locks and threads, but also expanding our tools in order to take advantage of these language features.

Herb gives the analogy that this is similar to the early 1990’s when Object Orientation was new. While you could write an object-oriented application in C (for example, consider the FILE structure and methods), it is far easier to write such applications in languages that have native support for objects. Herb states that while we currently can write multithreaded software in our existing tools, writing correct multithreaded software is hard, pointing out that some of the class libraries and even some of his own examples have been incorrect.

During the discussion, Herb mentioned something that I was unaware of. A while ago, I discussed Double Check Locking and how it was broken and later about Scott Meyers and Andre Alexandrescu’s C++ and the Perils of Double-Check Locking. One part that I had not noticed in Scott and Andre’s paper is that, thanks to reworking the memory model, the Double Check Locking Pattern once again works in Java 1.5/5.0 (JSR 133) and .NET 2.0 (CLI 2.0 Section 12.6). The solution is to use the keyword volatile as follows:

1. private static volatile Singleton instance= null;
2. public static Singleton get() {
3.   if ( instance == null ) {
4.     synchronized ( Singleton.class ) {
5.        instance = new Singleton();
6.     }
7.   }
8.   return instance;
9. }

Again, this only works in Java 1.5 and .NET 2.0 because of the changes in the memory model. There are some discussions that the restrictions on volatile may not make it faster than volatile, but then there’s a solution that uses the Memory Barriers instead of volatile that could get around this in .NET. Of course, some of this feels like premature optimization, as synchronization and volatile improvements are things that compiler vendors are likely to working on. I guess its like the free lunch.

And speaking of which, if you haven't really thought about having your desktop application take advantage of a 32 core machine, this is good discussion to get you thinking about that and why.

Long-Lived IIOP.NET Objects...

I have been working with IIOP.NET, a CORBA toolkit for .NET, a bit more than with Using Multiple Vendor's ORBs with Name Services. While my test application was working great, my actual application was not, however.

The server component started up, instantiated a CORBA object, and saved the IOR into the registry. Then my client component would start up and take the IOR from the registry, send a message to the CORBA server, do some data processing for about 15-30 minutes, and send another message to the CORBA server. This issue I ran into is that usually the first message made it to the server, but the second one rarely did, with the error message:

• CORBA system exception : omg.org.CORBA.OBJECT_NOT_EXIST, completed: Completed_No minor: 0 omg.org.CORBA.OBJECT_NOT_EXIST: CORBA system exception : omg.org.CORBA.OBJECT_NOT_EXIST, completed: Completed_No minor: 0
• Server stack trace:
• Exception rethrown at [0]:
•   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
•   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
•   ...

At this level of detail, it would appear that something goes wonky on the client side, since the first message usually gets to the server, however, I also failed to mention that I usually started the server and client at the same time. When I did not start the server at the same time of the client, I would get the exception above.

In light of this detail, it became very obvious that I had an object lifetime issue on the server. Coming from more of a Java CORBA experience, I had assumed that the lifetime of the object would by-default be long-lived, however, it appears that this is not the case. To make your IIOP.NET objects long-lived (or to control the default behaviour), your objects that derive from System.MarshalByRefObject must override the method InitializeLifetimeService(). The follow makes the object live forever:

1. public class TimeImpl : System.MarshalByRefObject, TimeTools.Time {
2. // ...
3.   public override object InitializeLifetimeService() {
4.     return null;
5.   }
6. // ...
7. }

Since my objects are all long-lived, the above fixed my problem. The documentation for InitializeLifetimeService() does, however, have some other examples in the event that you need more fine-grained control.

OpenNETCF.org Desktop.Communication Library 2.9...

About a month ago, a new version of OpenNETCF.org Desktop.Communication Library was released, and I finally got a chance to work with it last night. Unfortunately, the problem I discussed here regarding the FileInformation buffer is too small is still an issue in this release. I think that it was accidently removed, since the file has a number of whitespace-type changes from the previous release.

Another issue that has not been fixed is the issue I reported to the forums. The issue is that if the RAPI fails to communicate with ActiveSync, an exception is thrown, but the finalizer is still called, and the finalizer does not properly handle the case where the constructor is not ran to completion. This is handled by a quick fix of (changes are in bold):

1. // ...
2. ~RAPI()
3. {
4.   if ( m_activesync != null ) {
5.     m_activesync.EndListen();
6.   }
7. // ...

And aside from hitting the first problem in my application, the new release seems good after patching the above two issues.

java.util.concurrent Memory Leaks...

About two months ago, one of the Java servers my group maintains ran out of memory, and since then, if this service was up for more than a week, again, we get the dreaded java.lang.OutOfMemoryError. Each time that this would happen, we would take a histogram of the memory usage (jmap -histo pid). After gathering a few of those and comparing those results to what we expected, there are two classes that seemed suspiciously using a lot of memory, java.util.concurrent.LinkedBlockingQueue$Node and java.util.concurrent.locks.AbstractQueuedSynchronizer$Node, so I started looking at how these classes were used.

The java.util.concurrent.LinkedBlockingQueue was used in several places in the program, however, its usage was fairly straight forward. In addition to usually being the one that used the most memory, the other thing that made this class suspect was that its usage was just added a week before the problem first occurred. Furthermore, in all of the various tests that I ran, the number of Nodes would increase significantly, but when the full garbage collector ran (either automatically or when forced), the number of nodes would drop to the number of entries that I expected there to be. This made me suspect that perhaps the garbage collector was not running when the OutOfMemoryError was thrown or that perhaps there was not enough memory at that point to even run the garbage collector, but alas, I was quickly brought back to my senses.

During the investigation of the above, I googled on the class and it brought some interesting results. On the Concurrency Interest mailing list, an entry from last year suggests a memory leak in LinkedBlockingQueue and it was confirmed by Doug Lea. I re-wrote the program (in the method: originallyReportedLeak) suggested in the message to confirm that it was an actual issue, and surely, it is a current problem. Running the program with the JMX arguments, you can attach jconsole to see the memory grow, and no amount of forcing the garbage collector to run will bring it down.

But of course, that was not my problem. The issue with the leak in the above program has to do with a timeout occurring. In all but one of the cases was not using the methods with a timeout, and in that case, however, the timeout value was MAX_INT, and because of the way we use this particular service, there is no way that it would have been able to timeout and leak. And as I mentioned above, forcing a garbage collection always brought it back to normal, so alas, back to the drawing board.

The other class that used outrageous amounts of memory, AbstractQueuedSynchronizer’s Node inner class, however, was not as easy to find where it was used. By using Borland OptimizeIt, however, I found out that this class was used by java.util.concurrent.CountDownLatch, where the code was calling await() with a one second timeout, and in this case, the timeout was always triggered. Sound familiar? I wrote a program (in the method: anotherSimilarLeak) that demonstrates this precise memory leak, and surely, it is the same underlying problem as in the LinkedBlockingQueue above.

In this particular program, we decided that the latch was not necessary for this particular method, and that replacing it with a sleep was all that was necessary. This Bug is fixed in Mustang, the next version of Java, so hopefully your project can wait until it fixed. Otherwise, you may unfortunately need to roll-your-own timeout functionality... just make sure to properly document such hacks so that you can remove them in the near future!