Java and Scalability

Every time I hear someone say that Java is “scalable” my initial reaction is to kick the person who said it in the shin.

I have been talking to a lot of people lately about the tools we are using at Gnip. Every time I tell someone that major parts of our system are written in Java the response seems to be, “Oh, for it’s scaling capability?” While I was safely ensconced in the Ruby world I had hope that this malformed meme was dead. It seems that in the wider world it’s not quite dead.

I never actually kick the person, by the way. Instead I just sigh and explain that, no that is not the reason. Scalability cannot be the reason we use Java, because Java does not scale any better, or worse, than any other general purpose language.

There are a variety of different sorts of scalability. The most interesting type of scaling in the context of web applications, like Gnip, is how easily can you increase the number of requests/sec the system can handle. This sort of scalability, or lack thereof, derives pretty much entirely from the architecture of the system. No language will magically make your system be able, or unable, to handle an order of magnitude increase in the number of requests.

The culture1 of Java actually encourages the development of mediumly, rather than highly, scalable systems. It does this by favoring the use of multi-threading, shared state, vertical scaling and large monolithic components. These techniques do not scale infinitely. Fortunately, Java is fast enough that they can scale to quite significant levels. Even though the culture of Java encourages these less than perfectly scalable techniques you can build highly scalable systems with Java quite readily. You just have to be willing to buck the culture when it is appropriate.

Performance, on the other hand, does derived, to a significant degree, from your language,2 and that is why we use Java.



  1. Every language has a set of idioms and practices that it, and it’s community, implicitly encourage. This set of idioms and practices are what I mean by culture.

  2. I really wish this were not the case. I don’t think it has to be this way but today Java is a lot faster that most of the languages I really like.

When To Use Exceptions

Marty Alchin recently posted about the “evils” of returning None (or nil or null depending on your language of choice). I think he has it basically right. Sure there are situations where returning nil1 is appropriate, but they are pretty rare. For example, if a method actually does what the client asked and there is nothing meaningful to return, then by all means return nil. If, however, the method was not actually able to do what the client asked, raising an exception is the appropriate thing to do. Unfortunately, I think that most methods that return nil in modern libraries and programs actually do so as a way to indicate a failure condition, and that is evil.

C├ędric Beust responded to Mr Alchin saying basically, a) “problems caused by returning null are easy to debug” and b) “programmers are all knowing, about now and the future, so they can decide when to return nil and when to raise an exception.” (I am, as you might have guessed, taking significant liberties in my para-phrasing. You should go read Mr Beust’s post if want to know what he actually said.)

Ease of debugging

On the debugging point I would say that Mr Beust is generally correct. It is usually the case that nil returns are fairly easy to debug. However, this is not always true. In fact, it is not uncommon, in my experience, to find a nil where it is not suppose to be but then to spend a fair bit of time tracking down where that value became nil. That time is usually spent walking my way up the call stack trying to find the subtle bug that results in a nil return from a method in only some odd situations.

That sort of debugging is not the end of the world but it is annoying particularly because it is so easily avoidable.

All knowing programmers

To be fair, Mr Beust did not actually say that he believes that programmers are all knowing. But he did describe a way of using exceptions that would only make sense if programmers were all knowing. From that, one might infer that he does believe that programmers are in fact omniscient. In my experience this misconception is fairly common in the Java community (Actually, this mentality exists to varying degrees in most programming communities) . Java itself includes many decisions that seem only to make sense in the presence of this assumption. But I digress.

The statement to which I am referring is

Here is a scoop: exception should only be thrown for exceptional situations. Not finding a configuration value is not exceptional. Not finding a word in a document is not exceptional: it can happen, it’s even expected to happen, and it’s perfectly okay if it does.

My response to this is: Who exactly are you to decide that not finding a configuration value is a non-exceptional event for my application? Library programmers2 should not be deciding what is and is not an “exceptional” event. That is a value judgement they cannot possibly make correctly, unless they understand every way that every program will make use of that library (or class) in perpetuity.

Exceptions are not about “exceptional situations”, whatever that means. They are a way for methods tell their caller that it was not able to do what the caller asked it to do. If I say, “dictionary give me the value associated with a particular key” and the key does not exist, the appropriate response is a NoSuchKey exception. Returning a nil in that situation is a lie. A lie with real, and negative, consequences. Consider this, I ask a dictionary for the value associated with a key and it returns nil. Does that mean the key does not exist, or that the key does exist and it’s value is nil? Those two are very different but a nil returning method conflates them requiring, at the very least, an addition method call figure out which possibility is actually the case.

If having methods actually inform you of their inability to perform the desired action is complicated or hard to understand it is time to upgrade your language or write a better interface. For example, if catching an exception from a dictionary look up complicated for the cases where you just want to use a default value, that exception catching and default value behavior could easily be put in a get_with_default(key, default_value) method that either returns the value from the dictionary or the default value. That would certainly be clearer than returning nil and having every consumer add an ugly if block after the get. Or you could switch to a language (such as Ruby) with a compact single line exception handling syntax.

Either way my advice is: Do not use nil as a way to indicate that the object was unable to perform the requested operation, that is job of exceptions. If you see a method that returns nil demand an affirmative defense for that behavior because it is often incorrect.


  1. nil is the Ruby equivalent of None in Python and null in Java. Since all other programming languages are but pale shadows in comparison to Ruby I shall hence forth be using nil to describe this concept.

  2. By library programmer I mean someone that is writing code that will be used by someone else at some point in the future. If that does not include you it is because a) you are not a programmer or b) you are writing completely unmaintainable spaghetti code.

Java Daemon

Lately I have been writing a Java program that needs to run in the back ground (like a daemon). I found a couple of neat little tricks that can make this easier. These ideas probably only work in a Unix environment but they have been tested on Linux and Solaris.

So you have your program and you want to start it such that it will not be killed when you log out of the shell in which you start it. You could use nohup, but nohup redirects the standard out and error to files, which is annoying because you are writing all output to a log file anyway. You could do java -cp your_class_path com.domain.main_class <&- 1>/dev/null 2>&1 & which runs the program in the background, closes standard in, and redirects standard out and error to the bit bucket. By closing standard in to the process the shell will not kill the program when it exits and it is running in the background so it will not interfere with other actions we might want to perform with this shell.

However, it would be nice if you could print errors that occur during startup to the prompt — for example if the config file were missing. This is nice because it is generally appropriate to sanity check the configuration so that if the program starts there is a significant chance it will actually work correctly. So let’s not redirect standard out and error. That leaves you with
java -cp your_class_path com.domain.main_class <&- &, which works but a shell will not exit while there are still programs attached to its standard out and error — as this one is.

The solution is to have the Java program detach from standard out and error once its startup is complete. So we will create a method called daemonize() that we will call just before entering the infinite loop that is the main program logic.

static public void daemonize()
{
   System.out.close();
   System.err.close();
}

So now we have a main method which looks like

static public void main(String[] args)
{
   try
   {
       // do sanity checks and startup actions
       daemonize();
   }
   catch (Throwable e)
   {
       System.err.println("Startup failed.");
       e.printStackTrace();
   }

   // do infinite loop
}

Now when we start our program we get to see if it started correctly and if it does start it will not be killed when the shell exits nor will it prevent the shell from exiting.

Now that the program is completely detached from the shell the only way to stop it is by killing the process. However, to do that you need to know the pid. Java has no way for a program to figure its pid directly — it is too system dependent. So we will create a shell script to launch our daemon and record its pid for future use.

#!/bin/sh
java -cp your_class_path com.domain.main_class &lt;&amp;- &
pid=$!
echo ${pid} > mydaemon.pid

This script launches the program and then writes the pid to the file ‘mydaemon.pid’. Now when you want to kill the program you can do

kill `cat mydaemon.pid`

There are a couple of problems with this, one is that the pid file gets written even if the daemon failed to start successfully, another is that if the daemon crashes the pid file will still exist — which might lead you to believe it is still working.

We can solve the pid file surviving daemon crash problem by passing it into the Java program like the following

java -Ddaemon.pidfile=mydaemon.pid -cp your_class_path com.domain.main_class &lt;&amp;- &

And the updated the daemonize() method to the following

.

static public void daemonize()
{
   getPidFile().deleteOnExit();
   System.out.close();
   System.err.close();
}

where getPidFile() is a method which returns a File object file specified by the system property “daemon.pidfile”. That way the pid file will be deleted when the VM exits.

For the overly eager creation of the pid file you could add a delay to the shell script and then check to make sure the process is still running before writing the pid file. But how long should the delay be? A better way is to take advantage of the fact the a shell will not exit while a program is attached to its standard out or error — even if the process is running in the background. We know that our program will not detach from those until the startup process is complete. The following shell script achieves this

#!/bin/sh

launch_daemon()
{
  /bin/sh &lt;&lt;EOF
     java -Ddaemon.pidfile=mydaemon.pid -cp your_class_path com.domain.main_class &lt;&amp;- &
     pid=\$!
     echo \${pid}
EOF
}

daemon_pid=`launch_daemon`
if ps -p "${daemon_pid}" &gt;/dev/null 2&gt;&1
then
  # daemon is running.
  echo ${daemon_pid} &gt; mydaemon.pid
else
  echo "Daemon did not start."
fi

This script starts a sub-shell and launches the daemon (in the launch_daemon() function). The sub-shell will only return once the java program has detached from the console — for our program that means it has completed its startup or died. After the launch_daemon() function returns we check to see if the pid it started is still running. If so it means that the daemon started correctly and the we write the daemon’s pid to the pid file. Remember that whenever the daemon’s VM shuts down the pid file will be deleted so you can treat the existence of the pid file as an indication that the process is running.

Now it occurs to you that if a problem occurs during startup you really would like to log it to both the log file and console. Since you are using log4j this is pretty straight forward. Just updated you main method like the following

static public void main(String[] args)
{
   Appender startupAppender = new ConsoleAppender(new SimpleLayout(), "System.err");
   try
   {
       logger.addAppender(startupAppender);
       // do sanity checks and startup actions
       daemonize();
   }
   catch (Throwable e)
   {
       logger.fatal("Startup failed.",e);
   }
   finally
   {
      logger.removeAppender(startupAppender);
   }

   // do infinite loop
}

where “logger” is a static member variable that contains a Logger object. The nice thing about this is you can log message anywhere in you startup code and know that someone will see them, even if it occurs before you have configured the logging based on the application configuration. If the normal application logging is configured, the messages will go both to the console and to the log file for future debugging.

So all that works pretty well. There is another problem though. There is not a clean way to shut this daemon down. We need a graceful way to handle shutdown. So we add the following code to our main class

static protected boolean shutdownRequested = false;

static public void shutdown()
{
   shutdownRequested = true;
}

static public isShutdownRequested()
{
   return shutdownRequested;
}

Then we update our application so that occasionally it checks ‘isShutdownRequested()’ and if it is we leave the main loop. Now our main method looks like

static public void main(String[] args)
{
   Appender startupAppender = new ConsoleAppender(new SimpleLayout());
   try
   {
       logger.addAppender(startupAppender);
       // do sanity checks and startup actions
       daemonize();
   }
   catch (Throwable e)
   {
       logger.fatal("Startup failed.",e);
   }
   finally
   {
      logger.removeAppender(startupAppender);
   }

   while(!isShutdownRequested())
   {
      // wait for stimuli
      // process stimulus
   }
}

This looks pretty good but you still only shutdown from inside the program. The solution is a VM shutdown hook. The is a bit of code that the VM runs when it is shutdown. We create the following method

static protected void addDaemonShutdownHook()
{
   Runtime.getRuntime().addShutdownHook( new Thread() { public void run() { MainClass.shutdown(); }});
}

and update the shutdown method as follows

static public void shutdown()
{
   shutdownRequested = true;

   try
   {
       getMainDaemonThread().join();
   }
   catch(InterruptedException e)
   {
       logger.error("Interrupted which waiting on main daemon thread to complete.");
   }
}

Note that we now wait for the main daemon thread to die. This is because the VM waits for the VM shutdown hooks to complete for exiting but it does not wait for other threads to complete. This join allows the main daemon threads to complete in a controlled way rather than being killed by the VM. Then we update the main method to call this new addDaemonShutdownHook() method

static public void main(String[] args)
{
   Appender startupAppender = new ConsoleAppender(new SimpleLayout());
   try
   {
       logger.addAppender(startupAppender);
       // do sanity checks and startup actions
       daemonize();
       addDaemonShutdownHook();
   }
   catch (Throwable e)
   {
       logger.fatal("Startup failed.",e);
   }
   finally
   {
      logger.removeAppender(startupAppender);
   }

   while(!isShutdownRequested())
   {
      // wait for stimuli
      // process stimulus
   }

   // do shutdown actions
}

Now you can kill the process using kill `cat mydaemon.pid` but shutdown will be orderly and controlled.

So there you have it. A fairly safe and full featured way of create a Unix daemon with Java. Of course, if you do not need the extra control and do not mind have native binaries it might be easier to use Jakarta Daemon.

{Update: corrected a variable name in one of the shell scripts and added a needed closing brace to one of the bits of Java code}

Stop Over-Reacting

One of my pet peeves with Java is the member access modifiers. I despise the semantics of private. My problem with private is that it prevents subclasses from accessing the member. This is almost always a bad idea. Basically you are saying, “I know how my code should be used all other developers are too stupid to be trusted to use this member in a reasonable way”. If there is one thing you can rely on, it is that any code you write will someday be used in a way you have not yet anticipated.

I think the semantics of private are an example of over-reaction. I can hear the reasoning now, “Global variables make a program hard to debug because they are not encapsulated and therefore get accidentally modified. We should solve that problem by having complete encapsulation.” The real problem, however, is that global variables get accidentally changed, not the lack of encapsulation. Encapsulation is merely a tool that might help prevent accidental use/change of state.

The inappropriate use and change happens because it is not clear who owns them and in what contexts that state should be used and changed. In practice, it seems that encapsulation does help solve this problems but the encapsulation need only be obvious, not enforced. With OO we have a way to provide obvious logical encapsulation in the form of members. The addition of these obvious boundaries of use effectively solves the accidental mis-use problem – regardless of whether those boundaries are enforce or not – by making it clear where it is generally appropriate to use/modify an item. The strictness of Java’s private modifier is not necessary or helpful.

Once I started thinking about this, I noticed that this sort of over-reaction is rampant in the software industry. Static typing is a over-reaction to weakly typed languages. Java/C# inheritance models are an over-reaction to the complexities of multiple inheritance in C++ (interfaces exists because, as it turns out, you really do need multiple inheritance to make OO work and these languages have a broken inheritance model). XP is an over-reaction to water fall development methodologies. (I think. I have not totally convenience myself of this one yet.)

For example, I think manifest (or static) typing is an over-reaction to weakly typed systems. Everyone who has worked with C has a story about how they accidentally overwrote some random memory by doing pointer arithmetic something that was not really a pointer – or something similar – and it caused their program to fail much later in a completely different part of the code. This sort of thing is very difficult to debug because the code which is incorrect is not where the failure occurs. So C++ was introduced with strong and manifest types, and it was better. But it was the strong typing – that is, if you attempted to use an item in way that its type does not support the code fails in an obvious way – was the thing that made it better, not that the types are manifest in the source code. But everyone got the “manifest typing == strong typing == good; anything else == bad” meme anyway.

As for multiple inheritance I can only say that the C++ implementation of multiple inheritance is complex. But it is an implementation problem, not a conceptual problem. Multiple inheritance is not conceptually difficult and it is useful.

This tendency to over-react has been noticed before, of course. There is a well known pattern in software systems called second system syndrome. Second system syndrome is, at its core, an over-reaction. It usually goes like this. You build a system and it works basically as intended. People use it and want it to do something you had not anticipated and it takes a lot of work to implement that functionality. So you say, “well I am not going have that problem again” and you make the 2.0 version super flexible, extensible and any other -able you can think of. The thing about all those -ables is that they make the base system more complex and mostly you will not be using them. You over-reacted and you pay the price in much more difficult maintenance.

XP attempts to mitigate this tendency by saying, “assume simplicity”, which seems to have devolved into “don’t crystal-ball”. I think the “don’t crystal-ball” form is an over-reaction in itself. We have been burned in the past by unneeded complexity so instead we preclude all functionality that is not needed at this exact moment (even if you will probably need it tomorrow). Assuming simplicity not a bad approach but developers should try to guess what is going to happen in the future. Then they should examine those predictions with an extremely critical eye. If a predicted functionality is not likely to be needed it should be ignored. If the predicted functionality can be added easily at a later date it should be ignored. If the predicted functionality is likely to be needed and would be difficult to add in the future it is something that should be implemented now – or at least enough of it should be implemented so the rest can be implemented easily in the future. The thing to remember is that most of the functionality you can imagine will never be needed so you need to be brutal when evaluating your predictions.

I think our industry would be a lot better off if we could learn solve the real problem instead of over-reacting to spurious issues that previous solutions introduced.