Monday, October 14, 2013

API Design Practices That Work Well With OSGi

Introduction

This post describes some API design practices that should be applied when designing Java API to ensure the API can be used properly in an OSGi environment. Some of the practices are prescriptive and some are proscriptive. And, of course, other good API design practices also apply.

The OSGi environment provides a modular runtime using the Java class loader concept to enforce type visibility encapsulation. Each module will have its own class loader which will be wired to the class loaders of other modules to share exported packages and consume imported packages.

A package can contain an API. There are two roles of clients for these API packages: API consumers and API providers. API consumers use the API which is implemented by an API provider.

In the following design practices, we are discussing the public portions of a package. The members and types of a package which are not public or protected (that is, private or default accessible) are not visible outside of the package and are implementation details of the package. 

Packages must be a cohesive, stable unit

A Java package must be designed to ensure that it is a cohesive and stable unit. In OSGi, the package is the shared entity between modules. One module may export a package that another module can import. Because the package is the unit of sharing between modules, a package must be cohesive in that all the types in the package must be related to the specific purpose of the package. Grab bag packages like java.util are discouraged because the types in such a package often have no relation to each other. Such non-cohesive packages can result in lots of dependencies as the unrelated parts of the package reference other unrelated packages and changes to one aspect of the package impacts all modules that depend on the package even though a module may not actually use the part of the package which was modified.

Since the package is the unit is sharing, its contents must be well known and the contained API only subject to change in compatible ways as the package evolves in future versions. This means a package must not support API supersets or subsets; for example, see javax.transaction as a package whose contents are very unstable. The user of a package must be able to know what types are available in the package. This also means that packages should be delivered by a single entity (for example, a jar file) and not split across multiple entities since the user of the package must know that the entire package is present.

Finally, the package must evolve in a compatible way over future versions. So a package should be versioned and its version number must evolve according to the rules for semantic versioning.

Minimize package coupling

The types in a package can refer to the types in other packages. For example, the parameter types and return type of a method and the type of a field. This inter-package coupling creates what are called uses constraints on the package. This means that an API consumer must use the same referenced packages as the API provider in order for them to both understand the referenced types.

In general, we want to minimize this package coupling to minimize the uses constraints on a package. This simplifies wiring resolution in the OSGi environment and minimizes dependency fan-out simplifying deployment.

Interfaces preferred over classes

For an API, interfaces are preferred over classes. This is a fairly common API design practice that is also important for OSGi. The use of interfaces allow implementation freedom as well as multiple implementations. Interfaces are important to decouple the API consumer from the API provider. It allows a package containing the API interfaces to be used by both the API provider who implements the interfaces and the API consumer who call methods on the interfaces. In this way, API consumers have no direct dependencies on an API provider. They both only depend upon the API package.

Abstract classes are sometimes a valid design choice instead of interfaces, but generally interfaces are the first choice.

Finally, an API will often need a number of small of concrete classes such as event types and exception types. This is fine but the types should generally be immutable and not intended for subclassing by API consumers.

Avoid statics

Statics should be avoided in an API. Types should not have static members. Static factories should be avoided. Instance creation should be decoupled from the API. For example, API consumers should receive object instances of API types through dependency injection or an object registry like the OSGi service registry.

The avoidance of statics is also good practice for making testable API since statics cannot be easily mocked.

Singletons

Sometimes there are singleton objects in an API design. However access to the singleton object should not be through statics like a static getInstance method or static field. When a singleton object is necessary, the object should be defined by the API as a singleton and provided to API consumers through dependency injection or an object registry as mentioned above.

Avoid class loader assumptions

APIs often have extensibility mechanisms where the API consumer can supply the name of a class the API provider must load. The API provider must then use Class.forName (possibly using the thread context class loader) to load the class. This sort of mechanism assumes class visibility from the API provider (or thread context class loader) to the API consumer. API designs must avoid class loader assumptions. One of the main points of modularity is type encapsulation. One module (for example, API provider) must not have visibility to the implementation details of another module (for example, API consumer).

API designs must avoid passing class names between the API consumer and API provider and must avoid assumptions regarding the class loader hierarchy and type visibility. To provide an extensibility model, an API design should have the API consumer pass class objects, or better yet, instance objects to the API provider. This can be done through a method in the API or through an object registry such as the OSGi service registry. See the whiteboard pattern.

The java.util.ServiceLoader class also suffers from class loader assumptions in that it assumes all the providers are visible from the thread context class loader or the supplied class loader. This assumption is generally not true in a modular environment.

Don't assume permanence

Many API designs assume only a construction phase where objects are instantiated and added to the API but ignore the destruction phase which can happen in a dynamic system. API designs should consider that object can come and they can go. For example, most listener APIs allow for listeners to be added and removed. But many API designs only assume objects are added and never removed. For example, many dependency injection systems have no means to withdraw an injected object.

In a modular system, modules can be added and removed, so an API design that can accommodate such dynamics is important. The OSGi Declarative Services specification defines a dependency injection model for OSGi which supports these dynamics including the withdrawal of injected objects.

Clearly document type roles for API consumers and API providers

As mentioned in the introduction, there are two roles for clients of an API package: API consumers and API providers. API consumers use the API and API providers implement the API. For the interface (and abstract class) types in an API, it is important that the API design clearly document which of those types are only to be implemented by API providers vs. those types which can be implemented by API consumers. For example, listener interfaces are generally implemented by API consumers and instances passed to API providers.

API providers are sensitive to changes in types implemented by both API consumers and API providers. The provider must implement any new changes in API provider types and must understand and likely invoke any new changes in API consumer types. An API consumer can generally ignore (compatible) changes in API provider type unless it wants to change to invoke the new function. But an API consumer is sensitive to changes in API consumer types and will probably need modification to implement the new function. For example, in the javax.servlet package, the ServletContext type is implemented by API providers such as a servlet container. Adding a new method to ServletContext will require all API providers to be updated to implement the new method but API consumers do not have to change unless they wish to call the new method. However, the Servlet type is implemented by API consumers and adding a new method to Servlet will require all API consumers to be modified to implement the new method and will also require all API providers to be modified to utilize the new method. Thus the ServletContext type has an API provider role and the Servlet type has an API consumer role.

Since there are generally many API consumer and few API providers, API evolution must be very careful when considering changes to API consumer types while being more relaxed about changing API provider types. This is because, you will need to change the few API providers to support an updated API but you do not want to require the many existing API consumers to change when an API is updated. API consumers should only need to change when the API consumer wants to take advantage of new API. OSGi is now defining documentary annotations, @ProviderType and @ConsumerType, to mark the roles of types in an API package.

Conclusion

When next designing an API, please consider these API design practices. Your API will then be usable in both OSGi and non-OSGi environments.

Friday, January 20, 2012

Juke Box Hero, Got Stars In His Eyes


I learned Wednesday that I was named a JavaOne Rock Star for my Why OSGi? presentation with Peter Kriens at JavaOne 2011. Nice!

Friday, December 09, 2011

Bndtools at the OSGi Alliance

The OSGi Alliance has been using bnd for a long time in the OSGi build. bnd is used by the ant build to create the bundles and execute the compliance tests as part of our continuous builds. It is also installed in Eclipse as an IDE plugin to provide IDE support for compilation classpath and test execution by OSGi members working in the Expert Groups.

Recently Bndtools development has been underway to create a better integration of bnd with the Eclipse IDE for bundle development. Bndtools 1.0 was just released and is available for installation into the Eclipse IDE as a replacement for bnd's Eclipse IDE support.

Since the OSGi Alliance has long used bnd, we already had the bnd infrastructure in place for our build. All that we needed to do to start using Bndtools was to update each project's .project file (using the Add Bndtools Project Nature menu item). This simple change then enabled Bndtools to manage the project within the Eclipse IDE. The OSGi Alliance will continue to use bnd in the ant build, but for our Eclipse IDE use we have moved to Bndtools.

Thanks to Neil Bartlett, Peter Kriens and the other bnd and Bndtools contributors for their hard work in making bnd and Bndtools the premier tooling for OSGi development.

Tuesday, October 04, 2011

Java 8 and the 1990s

I attended the first Jigsaw session at JavaOne today where Mark Reinhold presented the latest on Jigsaw. After what appeared to be the end of the presentation, Mark continued on and began discussing why OSGi is wrong for using packages as the primary unit import and export between modules and why Jigsaw is right for requiring (aka. importing) modules (but apparently, and non-symmetrically, exporting packages and types). Mark made several strange arguments.

He found the idea of a resolver matching package importers up to package exports (essentially a broker pattern where the resolver acts as the broker) to be bad/complicated/etc. He prefers the developer to effectively be the "resolver" and declare the specific modules to be imported. This removes an important level of indirection between the thing being provided and the artifact providing it. This is like saying, "Don't use interfaces, use concrete implementation types," because we don't want to have to figure out how to map the use of the interface onto a concrete implementation type.

Mark also stated that requiring modules mapped well onto native package managers (e.g. rpm, apt) while importing package provided for no simple mapping. So therefore requiring modules is the way to go. It seems rather sad to me that the design of modules for Java 8 is being driven by the capabilities of native package managers designed in the 1990s for native code. Shouldn't the design of a module system for Java be driven by the capabilities and attributes of Java?

Friday, September 30, 2011

The Needs of the Many Outweigh the Needs of the Few

There is a discussion on the Aries dev mail list about a tool for checking semantic versioning. One of the issues misunderstood in the discussion is about the asymmetry in the treatment of versions for the roles of API consumer and API provider discussed in the whitepaper.

An API package p can contains several types. Some types must be implemented by the API provider and some are intended to be implemented by the API consumer. p.S may be a service provided by the API provider and used by the API consumer. p.L may be a listener implemented by the API consumer and user by the API provider. A syntactic analysis tool for versioning needs to understand the orientation of a type to decide whether a change to the type constitutes a major version change for the package or a minor version change.

The whitepaper does not discuss how the orientation of the type should be marked. It is beyond the scope of the whitepaper. OSGi now uses the @noimplement javadoc tag (from Eclipse) to indicate the type is not to be implemented by the API consumer (e.g. p.S). Types not marked @noimplement may be implemented by the API consumers (e.g. p.L). Adding a new method to p.S represents a minor version increment to package p as API consumers are not broken (while API providers are broken; but they have tighter version constraints, e.g. [1.0,1.1)). Adding a new method to p.L represents a major version increment to package p as API consumers are broken. Furthermore adding a new type to package p will not break API consumers. They are free to ignore it. But API providers must change to support the new type.

These are examples of the asymmetry between API providers and API consumers: an API provider must provide all of the API while an API consumer is free to use any subset of the API.

So in order for any syntactic analysis tool to properly work, the orientation of the types in the package must be properly marked so the tool can decide whether a change warrants incrementing the major or minor version. What is missing is an agreement on how to mark the types. I think this is something bnd and bndtools should provide. Perhaps a set of standard annotations.

For any API, we see there is an asymmetry in the relationships is has with API providers and API consumers. In general, there will (hopefully) be many more consumers than providers. So the semantic versioning scheme is oriented towards the many: the API consumers.

"... the needs of the many outweigh the needs of the few." - Spock.

PS. It has also been suggested that segregating consumer oriented types from provider oriented types by placing them in different packages is useful. But this does not remove the need for syntactic analysis tools to understand the orientation of each type (or each package) to provide proper advice about necessary versioning changes. And now you have 2 packages which each provider and consumer must import...

Thursday, May 19, 2011

OSGi issue of Java Tech Journal

Java Tech Journal has just published an OSGi issue. It contains a number of great articles about OSGi including one I co-wrote with Peter Kriens on the new Core 4.3 spec. Check it out!

Tuesday, January 11, 2011

OSGi 4.3 Early Draft 3 now available

The latest draft spec from OSGi is now available for download. It contains the final RFCs for the changes to the Core 4.3 specifications. Also included are draft RFCs for some new specs for the next releases of the Compendium, Enterprise and Residential specifications.

Since this draft is just a draft, understand that things can change, even substantially, before the final specifications are completed.

Tuesday, December 07, 2010

The Pipes Are Calling

On the osgi-dev list, there was an interest raised into having a Planet OSGi feed aggregator like the Planet Eclipse and other similar planets.

So initially I looked into planet software I could run on the OSGi server. I found Planet 2.0 and Venus which is a fork or successor to Planet 2.0. Both of these are Python scripts which of course depend upon other python scripts. However I could get neither of them to work on the RHEL 4 based OSGi server. The runtests.py sanity test failed for each choice. The failures were different and are probably based upon the Python version on the RHEL 4 system and possibly some dependent python scripts I did not have installed. Given that RHN manages the OS including the Python version, I was not keen to attempt to update it to a later version of Python that I would have to manage myself. And so I gave up on the python scripts. I have the feeling that if these tools were written in Java (or some JVM based language) it would have been mush easier to get them to run on different machines since there is a uniform basic machine and libraries to depend upon.

In any case, I needed some other solution. Some more use of a popular search engine lead me to Yahoo Pipes. I was fairly easily able to create a "pipe" to collect a bunch of feeds, sort the feeds by publication date and generate a new feed of the aggregate! I had heard of Yahoo Pipes before but never played with them. They are pretty cool and it was quite easy to mash up a bunch of feeds into a new feed.

So checkout the new Planet OSGi feed served up by Yahoo Pipes.

Wednesday, September 16, 2009

OSGi 4.2 specs are now available!

After a lot of work on the part of the OSGi expert groups, the OSGi members have approved the Core and Compendium 4.2 specifications as final. You can download them here.

Work continues in the OSGi expert groups on the specifications for the enterprise spec.

Wednesday, May 20, 2009

Eclipse Galileo update site organization could be more useful

I saw Wayne's call for Mac users to try the Eclipse 3.5 RC1 Cocoa port. So being an Eclipse user and a Mac user, I thought I would give it a try out. I have been using 3.4 for my OSGi development work since it came out last June. I have updated to each point release and am 3.4.2 now. I started with the EPP for RCP developers since that very closely described what I needed to do. All that I needed to add to that was an svn team provider.

So I downloaded the 3.5 RC1 Cocoa driver, unzipped it and started it. But it was rather bare bones. I was missing the extra goodies from the RCP EPP download and, of course, an svn team provider. So I went to the Install New Software dialog and selected the Galileo site. But it took me quite some time to figure out what I needed to select to get back to the function I already had in my 3.4 install. It would have been much more useful to have the update organized like the EPPs. That is by the type of developer I am and the things I need to do. Then I could have found a grouping for RCP developer and installed all the things under that grouping. Since that was not there, I had to consult the 3.4 EPP pages to figure out what RCP EPP build added and then search for those things on the update site (as well as the subversive svn team providers sans svn connector :-( ).

So I think I have all the function I need installed, but it could have been much easier.

Tuesday, April 21, 2009

Java Posse interview on OSGi

At EclipseCon 2009, Peter Kriens and I were interviewed by the Java Posse about OSGi. The podcast of the interview is now available.

Tuesday, March 24, 2009

I am Visible but am I Accessible?

During the JSR 294 Expert Groupt meeting this Monday, we fell in to a long conversation about the distinction between visibility and accessibility in Java. This is an important distinction as we work on modularity for Java.

Visibility is whether one type can see another type. In the JLS, this is discussed as observability. In the JVMS, this is about class loading. Basically, this can be described as whether type T is visible to type S. At compile time, this means that the compiler can locate type T when compiling type S. At runtime, this means that the class loader for type S can load (either directly or through delegation) type T. A type can also be visible through reflection. Even if the class loader of type S cannot load type T, type S may come across type T while reflecting. For example, an object may be of type T even though type S directly refers to it via an interface type I.

Accessibility is whether one type can access another type or a member of another type. This is discussed in the JLS and the JVMS. Most people know accessibility by the public, protected, and private keywords. Also see AccessibleObject.

Visibility and accessibility interact, but they are discrete concepts that must be understood separately as we work on modularity for Java. First a type must be visible in order to use it. Then the type must be accessible or the interesting member of the type must be accessible. It is possible for a type to be visible but not accessible.

OSGi provides it modularity though restricting visibility. This makes sense since OSGi is built on the ClassLoader model. So if bundle A imports packages which are exported by bundle B, bundle A's class loader will not have visibility to any other package in bundle B. But if bundle B registers a service implemented by a type which is not visible to the class loader of bundle A, bundle A can still get the class object of the service (e.g. service.getClass()). If that class has public methods which are not part of the service interface, bundle A is able to call them.

Adding a module accessibility keyword to Java will allow the VM to enforce access control when access is attempted across a module boundary. So in the example above, if bundle A and B are in different modules (as to-be-defined by JSR 294) bundle A cannot access the module accessible member of the service implementation class from bundle B. This would give bundle authors more control and encapsulation.

The difficult part is to define the module boundary so the VM can enforce access and this is still an area of ongoing discussion in the JSR 294 EG. Related to this is also the desire to have Java compilers begin to understand module boundaries with respect to visibility and also the new module accessibility keyword. javac currently has a simplistic view of visibility: -classpath/-sourcepath. This has none of the restricted visibility of a current module system like OSGi. How to enable java compilers to have visibilty which better matches the runtime will be a major challenge.

[2013-10-14 - Updated links to fix link rot from Oracle acquisition of Sun.]

Tuesday, December 23, 2008

Presenting on OSGi at EclipseCon 2009

Well it looks like 2 of my session proposals were accepted by the EclipseCon 2009 program committee. So I will be doing a long talk on Symmetric Service Oriented Programming and short talk on Using BundleTracker to support the OSGi Extender Pattern. Looking forward to EclipseCon again. It is a great conference. Hope to see you there.

Tuesday, December 02, 2008

Another Early Draft of 4.2 from OSGi

The OSGi Alliance just announced the release of an updated Early Draft of new content for the OSGi Service Platform Release 4 Version 4.2 spec which is planned to be published in late 2Q2009.

Some of the designs in the draft are already being implemented in the Equinox 3.5 code stream. In fact, I already implemented RFC 126 Service Hooks there.

If some of my EclipseCon 2009 session proposals are accepted, I will present some of these new features there.

Saturday, November 22, 2008

Øredev and the Renaissance?

I am on my way home from Øredev 2008 where I presented on OSGi which seemed to have been well received by my kind audience.

This was an interesting conference for me (aside from the blizzard I walked into as I left the conference on Friday evening). Most of the conferences I attend are all Java (JavaOne, EclipseCon). This one had Java but also .Net and other things relevant to programmers. One area that got a bunch of focus was programming methodologies like Agile, Scrum, etc. I will confess to be not very familiar with their details but I think it is great that these things are discussed at conferences.

During the final session of the conference, a panel discussion which featured some of the bigger names of the conference, a lot of the discussion centered on these programming methodologies. The discussion included things like how they should be applied, whether one methodology was better than another or even whether one should rigorously follow a methodology or just pick the parts you like. The term Renaissance was used quite often (in fact it appeared in the titles of the daily keynotes) as if there was some renaissance in progress in the programming community. Perhaps people using these programming methodologies means a renaissance?

But what really started to bother me as I thought about it during this panel discussion, was that no one seemed to discuss any science behind these methods which prove their effectiveness and utility. Is there any scientific studies which demonstrate these methods really help? or hurt? That some are better than others? Perhaps we don't need so much of a renaissance as we need an enlightenment and apply some rational science to evaluating these different ideas instead of being dogmatic about them. If we programmers want to be professional, we need operate based upon science (like astronomers) and not pseudoscience (like astrologers).

One of the panelists quoted Bill and Ted and simply suggested we programmers Be Excellent! That is great advice for all things in life but not specifically helpful for programmers.

Thursday, May 08, 2008

Hot off the press: my JavaOne presentation

You can now download the JavaOne 2008 presentation Converting (Large) Applications to OSGi I just delivered with Peter Kriens.

The presentation went really well. There was around 700-800 people there and we had some really good questions asked during the 5 minutes we had left for questions. And then many more questions after we left the stage. I felt like a JavaOne Rock Star! :-)

Wednesday, May 07, 2008

An AJO is not a POJO

A POJO is a plain old Java object. Everyone talks POJOs these days. They are easy to compose and unit test. They are free of coupling to specific infrastructure details. So you can take your POJO to another infrastructure. For example, from JavaEE to Spring or OSGi. I like them and I think it is the right way to do things.

However, people are also fascinated with annotations now. Things like Guice and EJB3 and Glassfish all want you to annotate your POJO. But once you do that, your POJO ceases to be plain. While the non-annotation part of your code is still the same, the annotations in your code mean that your source now has coupling to specific infrastructure details and it is wrong to call is a POJO anymore. You can't compile your code without the proper support for those annotations. If you want to deploy your code in another infrastructure that uses annotations to describe the infrastructure details, you have to add more annotations to your source.

While I see the interest in putting the infrastructure information in the source near where it is used. We need to be honest. Your code is not a POJO anymore. It is now an AJO: an annotated Java object.

Thursday, March 27, 2008

Equinox and Google Summer of Code

An implementation of an OSGi resolver is a complex beast. Just ask Tom Watson, the Equinox dev lead :-) The Equinox p2 project, a new provisioning system for Eclipse, also has similar and complex resolve algorithm. Recently the p2 project, changed to use the SAT4J SAT solver to drive their resolve algorithm.

We have proposed a Google Summer of Code project for someone to investigate replacing the current Equinox runtime resolver with SAT4J (or another suitable constraint solver). So if this project sounds interesting to you, please sign up for it!

Tuesday, March 25, 2008

OSGi and eRCP on Mobile Phones

Sprint (a US mobile operator) has a new OSGi based mobile phone platform called Titan. There was a session at EclipseCon announcing this. But if you missed the session at EclipseCon and want to learn more, there is a webcast on Wednesday March 26 at 1pm EDT.