Were excited to announce the latest addition to our product family: the PostSharp Threading Toolkit. It will help your team 'to build multithreaded applications not only with less code, but with higher reliability as well.
The toolkit is available on NuGet: look for the package PostSharp-Threading-Toolkit. Like its younger brother, the PostSharp Diagnostics Toolkit, it’s source code is available on GitHub. The toolkit is free and open source. Note that you will need a Pro Edition of PostSharp (and Windows and Visual Studio, optionally) to use it, since selling PostSharp is how we make a living.
Feature Quick List
The current version of the toolkit provides the following features:
- Deadlock detection
- Actor threading model
- Reader-Writer Synchronized threading model (with dynamic verification)
- Thread Unsafe threading model (with dynamic verification)
- Dispatching of methods to GUI thread
- Dispatching of methods to background thread
But the toolkit does not just provide features. It implements a consistent and disciplined approach to multi-threading – solutions that scale with large object models. Read on.
How NOT to implement multithreading
We’ve gone through several stages of design. First, we wanted to blow users away with features, and provide an aspect for every kind of lock you could imagine.
Then, we realized there was some truth in that quote from A. Einstein: “No problem can be solved from the same level of consciousness that created it”.
So, if problems with multithreading are created by the need to add code (acquiring a lock, for instance) at method-level, we realized that just generating that code automatically would not solve the problem, because you would still need to think about multithreading at a low level and, worse, every single member of your team would need to understand its details. So we needed to solve the issue at a higher level of abstraction.
Three rules for large-scale multithreading
We designed PostSharp Threading Toolkit for teams who need to make large object models thread-safe and still want to sleep at night. Since multithreading is a recurring problem, we chose to approach it as any recurring problem: with design patterns, “repeatable solutions to recurring problems”. You could implement the design pattern totally by yourself, but the Threading Toolkit makes it much easier.
Rule 1. Assign a threading model to each part of your object model
Different layers of an application architecture typically have different threading requirements. For instance, the View is always single-threaded, whereas the Model is multi-threaded. The first rule is to assign a threading model to each part of your object model.
The Threading Toolkit provides the following threading models:
- Thread Unsafe Objects (use the ThreadUnsafeObjectAttribute aspect on a class): Such objects are not designed to be accessed concurrently by several threads.
- Reader-Writer Synchronized Objects (use the ReaderWriterSynchronizedAttribute aspect on a class): Several threads can access the object in reading concurrently, but only a single thread can access the object in writing.
- Actors (derive your class from the Actor class): Actors communicate with the external world using asynchronous method calls (or messages). Every actor has a message queue, and only a single message is processed at a time, so actors do not need to take care of concurrency issues. Messages are immutable. Since the only shared state is private to each actor, there is no shared mutable state, so no issue.
Other threading models and design patterns exist, but they are not implemented by the toolkit yet:
- Transactions: The shared state is managed by a transactional engine, which isolates threads from each other and prevents or handles conflicts for you (using locks, typically).
Rule 2. Document the threading model
Whatever threading model you choose, you need to make sure that everyone in the team understands it from a logical point of view. Then, you need to make very clear which threading model each class is implementing. By doing that, you’re putting the stress on the design intent rather than on its implementation.
If you’ve used an aspect to implement the threading model, the documentation is the presence of the aspect itself, which is signaled in Visual Studio by a PostSharp extension to Intellisense.
Rule 3. Verify all assumptions
If you’re writing a thread-unsafe object, but feel there’s a risk it could be used concurrently by several threads because of bugs and misunderstandings, include assertions in your code and throw an exception if the object is being accessed concurrently by several threads.
If you’re writing a reader-writer synchronized object, you should check that no thread modifies a field if it does not hold a writer lock on its parent. Otherwise, the object state could be corrupted. You should also check that no methods read more than 2 fields (or any field larger than a machine work) without holding a read lock. Otherwise, the method could get inconsistent values.
By adding these assertions, you will be more likely to discover errors during testing. Without assertions, object invariants will break without exception, and errors will appear some time later, and will be much more complex to debug.
Ideally, you should only test assumptions in debug builds, and remove them from release builds. It may be useful to perform load testing in debug mode to find as many threading issues as possible.
If you think that the cost of testing threading assumptions manually is enormous, you’re probably right. This is why the threading aspects add them for you.
PostSharp Threading Toolkit uses both static and dynamic analysis to prevent you from writing dangerous code (when possible), and detect dangerous operations.
Whenever you’re using locks, you’re getting into the risk of deadlocks.
Deadlocks are probably the worse thing that can happen to your application. It becomes unresponsive (it “hangs”) and no error report is produced.
The deadlock detection policy is able to detect some categories of deadlocks and throw an exception when it happens. The exception gives a detailed report of all threads and all locks involved in the deadlock, so you can analyze the issue and fix it.
To add deadlock detection to your project, add the following line:
In order to be effective, deadlock detection should be enabled in all projects of your application.
Besides neat design patterns and deadlock detection, the toolkit offers some method- and field-level aspects.
This custom attribute (which is not an aspect) tells the toolkit that you know what you’re doing, and that it should not generate code to make the method well-threaded, or should not emit warnings and errors when this field is accessed without a lock. This is an opt-out mechanism.
Use this method to make a method execute in the background. This, practically, makes the method asynchronous.
Use this aspect on an instance method of a view object (WPF or WinForms) to force it to run on the GUI thread. Works with non-view objects also if they maintain the SynchronizationContext or implement IDispatcherObject.
Today and Tomorrow
That was enough of conceptual writing. I’m going to continue to blog about these features one-by-one and include more code.
Although the main features introduced here are already implemented, PostSharp Threading Toolkit is still under development. Singularly, there is still documentation, and not all static and dynamic verifications have been implemented.
The idea behind the release process of the toolkits is to give early access to deliberately half-baked products, so we can get feedback in time and take it into account into next releases.
So the ball is in your court. What do you think about this approach to multithreading? Are you satisfied of the aspects provided by this toolkit? Any WTF, or any special feature request? We’re here to serve.