Seven Concurrency Models in Seven Weeks (2014)

---

Figure 8. A hierarchy of error kernels

Closely related to the error-kernel pattern is the thorny subject of defensive programming.

Let It Crash!

Defensive programming is an approach to achieving fault tolerance by trying to anticipate possible bugs. Imagine, for example, that we’re writing a method that takes a string and returns true if it’s all uppercase and false otherwise. Here’s one possible implementation:

	def all_upper?(s) do
	String.upcase(s) == s
	end

This is a perfectly reasonable method, but if for some reason we pass nil to it, it will crash. With that in mind, some developers would change it to read like this:

	defmodule Upper do
	def all_upper?(s) do
	cond do
	nil?(s) -> false
	true -> String.upcase(s) == s
	end
	end
	end

So now the code won’t crash if it’s given nil, but what if we pass something else that doesn’t make sense (a keyword, for example)? And in any case, what does it mean to call this function with nil? There’s an excellent chance that any code that does so contains a bug—a bug that we’ve now masked, meaning that we’re likely to remain unaware of it until it bites us at some time in the future.

Actor programs tend to avoid defensive programming and subscribe to the “let it crash” philosophy, allowing an actor’s supervisor to address the problem instead. This has multiple benefits, including these:

· Our code is simpler and easier to understand, with a clear separation between “happy path” and fault-tolerant code.

· Actors are separate from one another and don’t share state, so there’s little danger that a failure in one actor will adversely affect another. In particular, a failed actor’s supervisor cannot crash because the actor it’s supervising crashes.

· As well as fixing the error, a supervisor can log it so that instead of sweeping problems under the carpet, we become aware of them and can take remedial action.

Although it can seem alien at first acquaintance, the “let it crash” philosophy has, together with the error-kernel pattern, repeatedly been proven in production. Some systems have reported availability as high as 99.9999999% (that’s nine nines—see Programming Erlang: Software for a Concurrent World [Arm13]).

Day 2 Wrap-Up

Day 1 introduced the basics of the actor model, and in day 2, we saw how it facilitates fault tolerance. In day 3 we’ll see how the actor model helps with distributed programming.

What We Learned in Day 2

Elixir provides fault detection by allowing processes to be linked, which can be used to create supervisors:

· Links are bidirectional—if process a is linked to process b, then b is also linked to a.

· Links propagate errors—if two processes are linked and one of them terminates abnormally, so will the other.

· If a process is marked as a system process, instead of exiting when a linked process terminates abnormally, it’s notified with an :EXIT message.

Day 2 Self-Study

Find

· The documentation for Process.monitor—how does monitoring a process differ from linking? When might you use monitors and when links?

· How do exceptions work in Elixir? When might you choose to use exception handling instead of supervision and the “let it crash” pattern?

Do

· Messages that don’t match a pattern in a receive block remain in a process’s mailbox. Use this fact, together with timeouts, to implement a priority mailbox, in which high-priority messages are handled ahead of any low-priority messages that might have been sent earlier.

· Create a version of the cache we created in A Caching Actor, that distributes cache entries across multiple actors according to a hash function. Create a supervisor that starts multiple cache actors and routes incoming messages to the appropriate cache worker. What action should this supervisor take if one of the cache workers fails?

Day 3: Distribution

Everything we’ve done so far has been on a single computer, but one of the actor model’s primary benefits compared to the models we’ve seen so far is that it supports distribution—sending a message to an actor on another machine is just as easy as sending it to one running locally.

Before talking about distribution, however, we’ll take a quick look at one of the most powerful reasons for using Elixir—the OTP library.

OTP

Over the previous two days, we built everything by hand in “raw” Elixir. This is a great way to understand what’s going on under the hood, but it would be both tedious and error prone if we had to write every worker and every supervisor from scratch every time. You won’t be surprised to hear that a library can automate much of this for us—that library is called OTP.

Joe asks:

What Does OTP Stand For?

Acronyms often take on a life of their own. IBM might theoretically stand for “International Business Machines,” but to most people IBM is just IBM: the acronym has become the name. Similarly BBC no longer really stands for “British Broadcasting Corporation,” and OTP no longer really stands for “Open Telecom Platform.”

Erlang (and therefore Elixir) originally started out in telecommunications, and many proven Erlang best practices have been codified in OTP. But very little of it is telecom-specific, so OTP is just OTP.

Before we see an example of OTP, we’ll take a brief interlude to examine how functions and pattern matching interact in Elixir.

Functions and Pattern Matching

So far we’ve only talked about pattern matching within receive, but it’s used throughout Elixir. In particular, every time you call a function, you’re performing a pattern match. Here’s a simple function that demonstrates this:

Actors/patterns/patterns.ex
	defmodule Patterns do
	def foo({x, y}) do
	IO.puts("Got a pair, first element #{x}, second #{y}")
	end
	end

We’re defining a function that takes a single argument and matches that argument against the pattern {x, y}. If we call it with a matching pair, the first element is bound to x and the second to y:

	iex(1)> Patterns.foo({:a, 42})
	Got a pair, first element a, second 42
	:ok

If we call it with an argument that doesn’t match, we get an error:

	iex(2)> Patterns.foo("something else")
	** (FunctionClauseError) no function clause matching in Patterns.foo/1
	patterns.ex:3: Patterns.foo("something else")
	erl_eval.erl:569: :erl_eval.do_apply/6
	src/elixir.erl:147: :elixir.eval_forms/3

We can add as many different definitions (or clauses) for a function as we need:

Actors/patterns/patterns.ex
	def foo({x, y, z}) do
	IO.puts("Got a triple: #{x}, #{y}, #{z}")
	end

When the function is called, the matching clause is executed:

	iex(2)> Patterns.foo({:a, 42, "yahoo"})
	Got a triple: a, 42, yahoo
	:ok
	iex(3)> Patterns.foo({:x, :y})
	Got a pair, first element x, second y
	:ok

Now let’s see how this is used when implementing a server in OTP.

Reimplementing Cache with GenServer

The first aspect of OTP we’ll look at is GenServer, a behaviour that allows us to automate the details of creating a stateful actor. We’ll use it to reimplement the cache we created yesterday.

If the spelling of behaviour looks slightly odd to you, that’s because behaviours are inherited from Erlang, and Erlang uses the British spelling. Because that’s how Elixir spells it, that’s how we’ll spell it here too.

A behaviour is very similar to an interface in Java—it defines a set of functions. A module specifies that it implements a behaviour with use:

Actors/cache/cache3.ex
	defmodule Cache do
*	use GenServer.Behaviour
	def handle_cast({:put, url, page}, {pages, size}) do
	new_pages = Dict.put(pages, url, page)
	new_size = size + byte_size(page)
	{:noreply, {new_pages, new_size}}
	end
	def handle_call({:get, url}, _from, {pages, size}) do
	{:reply, pages[url], {pages, size}}
	end
	def handle_call({:size}, _from, {pages, size}) do
	{:reply, size, {pages, size}}
	end
	end

This version of Cache specifies that it implements GenServer.Behaviour and provides custom implementations of two functions, handle_cast and handle_call.

The first of these, handle_cast, handles messages that do not require a reply. It takes two arguments: the first is the message and the second is the current actor state. The return value is a pair of the form {:noreply, new_state}. In our case, we provide one handle_cast clause that handles :putmessages.

The second, handle_call, handles messages that require a reply. It takes three arguments, the message, the sender, and the current state. The return value is a triple of the form {:reply, reply_value, new_state}. In our case, we provide two handle_call clauses, one that handles :get messages and one that handles :size messages. Note that like Clojure, Elixir uses variable names that start with an underscore (“_”) to indicate that they’re unused—hence _from.

As with our previous implementation, we provide an API that clients can use without having to remember the details of how to initialize and send messages:

Actors/cache/cache3.ex
	def start_link do
	:gen_server.start_link({:local, :cache}, __MODULE__, {HashDict.new, 0}, [])
	end
	def put(url, page) do
	:gen_server.cast(:cache, {:put, url, page})
	end
	def get(url) do
	:gen_server.call(:cache, {:get, url})
	end
	def size do
	:gen_server.call(:cache, {:size})
	end

Instead of using spawn_link, we use :gen_server.start_link. We send messages that don’t require a reply with :gen_server.cast and those that do with :gen_server.call.

We’ll see this in action soon, but first we’ll see how to create a supervisor with OTP.

An OTP Supervisor

Here’s a cache supervisor implemented with OTP’s supervisor behaviour:

Actors/cache/cache3.ex
	defmodule CacheSupervisor do
	def init(_args) do
	workers = [worker(Cache, [])]
	supervise(workers, strategy: :one_for_one)
	end
	end

As its name suggests, the init function is called during startup. It takes a single argument (unused in this case) and simply creates a number of workers and sets them up to be supervised. In our case, we’re creating a single Cache worker and supervising it using a one-for-one restart strategy.

Joe asks:

What Is a Restart Strategy?

The OTP supervisor behaviour supports a number of different restart strategies, the two most common being one-for-one and one-for-all.

These strategies govern how a supervisor with multiple workers restarts failed workers. If a single worker fails, a supervisor using the one-for-all strategy will stop and restart all its workers (even those that didn’t fail). A supervisor using a one-for-one strategy, by contrast, will only restart the failed worker.

Other restart strategies are possible, but one of these two will suffice in the majority of cases.

As usual, we also provide an API for clients:

Actors/cache/cache3.ex
	def start_link do
	:supervisor.start_link(__MODULE__, [])
	end

Take a moment to prove to yourself that this works in a very similar way to the cache and supervisor we implemented from scratch yesterday (I won’t show the transcript here, since it’s very similar to what we’ve already seen).

Joe asks:

What Else Does OTP Do?

As we can see from the preceding code, OTP saves us from writing some boilerplate code, but there’s much more to it than just that. It’s not obvious from what we’ve already seen, but servers and supervisors implemented with OTP provide much more functionality than the simple versions we created before. Among other things, they provide the following:

Better restart logic:

The simple supervisor we wrote for ourselves has a very dumb approach to restarting its worker—if it terminates abnormally, it’s restarted. If the worker process crashed immediately on startup, this supervisor would simply restart it over and over again forever. An OTP supervisor, by contrast, has a maximum restart frequency which, if exceeded, results in the supervisor itself terminating abnormally.

Debugging and logging:

An OTP server can be started with various options to enable logging and debugging, which can be very helpful during development.

Hot code swapping:

An OTP server can be upgraded dynamically without taking the whole system down.

Lots, lots more:

Release management, failover, automated scaling …

We won’t talk further about these features here, but they’re powerful reasons to prefer OTP over handwritten code in most circumstances.

Nodes

Whenever we create an instance of the Erlang virtual machine, we create a node. So far, we’ve only created a single node. Now we’ll see how to create and connect multiple nodes.

Connecting Nodes

For one node to connect to another, they both need to be named. We name a node by starting the Erlang virtual machine with the --name or --sname options. My MacBook Pro happens to have the IP address 10.99.1.50. If I run iex --sname node1@10.99.1.50 --cookie yumyum (the --cookieargument is explained in How Do I Manage My Cluster?) on my MacBook Pro, for example, I see the name reflected in the prompt:

	iex(node1@10.99.1.50)1> Node.self
	:"node1@10.99.1.50"
	iex(node1@10.99.1.50)2> Node.list
	[]

A node can query its name with Node.self and list the other nodes it knows about with Node.list. Right now that list is empty—let’s see how to populate it. If I start another Erlang virtual machine on another machine that has the IP address 10.99.1.92 with iex --sname node2@10.99.1.92 --cookie yumyum, I can connect to it from my MacBook Pro with Node.connect:

	iex(node1@10.99.1.50)3> Node.connect(:"node2@10.99.1.92")
	true
	iex(node1@10.99.1.50)4> Node.list
	[:"node2@10.99.1.92"]

Connections are bidirectional—my other machine now also knows about my MacBook Pro:

	iex(node2@10.99.1.92)1> Node.list
	[:"node1@10.99.1.50"]

Joe asks:

What If I Only Have One Computer?

If you only have one computer at hand and still want to experiment with clustering, you have a few options:

· Use virtual machines.

· Fire up Amazon EC2 or similar cloud instances.

· Run multiple nodes on a single computer. Although clearly this isn’t the most realistic situation, it is by far the easiest, and it allows you to sidestep firewall and network configuration issues if you’re having problems getting multiple nodes to work across machines.

Remote Execution

Now that we have two connected nodes, one can execute code on the other:

	iex(node1@10.99.1.50)5> whoami = fn() -> IO.puts(Node.self) end
	#Function<20.80484245 in :erl_eval.expr/5>
	iex(node1@10.99.1.50)6> Node.spawn(:"node2@10.99.1.92", whoami)
	#PID<8242.50.0>
	node2@10.99.1.92

These deceptively simple lines of code demonstrate something amazingly powerful—not only has one node executed code on another, but the output appeared on the first node. This is because a process inherits its group leader from the process that spawned it, and (among other things) that specifies where output from IO.puts appears. That’s an awful lot going on under the hood!

Joe asks:

How Do I Manage My Cluster?

A system that allows one machine to execute arbitrary code on another is extremely powerful. Like any powerful tool, it can also be dangerous. In particular, you need to pay careful attention to security when thinking about cluster management. That’s where the --cookie argument we gave to iex comes in—an Erlang node will accept connection requests only from nodes that have the same cookie. There are other approaches to securing an Erlang cluster, such as tunneling internode connections over SSL.

Security is not the only question you need to think about. In the preceding example, I chose to specify the IP address in the node name because that’s guaranteed to work on most network configurations (and I don’t know how your network is configured). But it may not (probably will not) be the best choice for production use.

Cluster design trade-offs are subtle and beyond the scope of this book. Please make sure that you read the documentation about these questions before rolling out a production cluster.

Remote Messaging

As you would expect, an actor running on one node can send messages to an actor running on another. To demonstrate, let’s spawn an instance of the Counter actor we created earlier (see the code) on one node:

	iex(node2@10.99.1.92)1> pid = spawn(Counter, :loop, [42])
	#PID<0.51.0>
	iex(node2@10.99.1.92)2> :global.register_name(:counter, pid)
	:yes

After spawning it, we register it using :global.register_name, which is similar to Process.register, except that the name is cluster-global.

We can then use :global.whereis_name on another node to retrieve the process identifier and send it messages:

	iex(node1@10.99.1.50)1> Node.connect(:"node2@10.99.1.92")
	true
	iex(node1@10.99.1.50)2> pid = :global.whereis_name(:counter)
	#PID<7856.51.0>
	iex(node1@10.99.1.50)3> send(pid, {:next})
	{:next}
	iex(node1@10.99.1.50)4> send(pid, {:next})
	{:next}

Sure enough, we see this on the first node:

	Current count: 42
	Current count: 43

Note that again the output appears on the node upon which the actor generating it was spawned.

Distributed Word Count

We’re going to finish off our discussion of actors and Elixir by creating a distributed version of the Wikipedia word-count example we’ve seen in previous chapters. Like the solutions we’ve already seen, this will be able to leverage multiple cores. Unlike those we’ve already seen, it will also be able to scale beyond a single machine and recover from failures.

Here’s a diagram of the architecture we’re aiming for:

Our solution is divided into three types of actors: one Parser, multiple Counters, and one Accumulator. The Parser is responsible for parsing a Wikipedia dump into pages, Counters count words within pages, and the Accumulator keeps track of total word counts across pages.

Processing is kicked off by a Counter requesting a page from the Parser. When the Counter receives the page, it counts the words contained within and sends them to the Accumulator. Finally, the Accumulator lets the Parser know that the page has been processed.

We’ll discuss why we chose this particular arrangement soon, but first let’s see how it’s implemented, starting with Counter.

Counting Words

Our Counter module implements a simple stateless actor that receives pages from the Parser and delivers the resulting word counts to the Accumulator. Here it is in full:

Actors/word_count/lib/counter.ex
Line 1	defmodule Counter do
-	use GenServer.Behaviour
-	def start_link do
-	:gen_server.start_link(__MODULE__, nil, [])
5	end
-	def deliver_page(pid, ref, page) do
-	:gen_server.cast(pid, {:deliver_page, ref, page})
-	end
-
10	def init(_args) do
-	Parser.request_page(self())
-	{:ok, nil}
-	end
-
15	def handle_cast({:deliver_page, ref, page}, state) do
-	Parser.request_page(self())
-
-	words = String.split(page)
-	counts = Enum.reduce(words, HashDict.new, fn(word, counts) ->
20	Dict.update(counts, word, 1, &(&1 + 1))
-	end)
-	Accumulator.deliver_counts(ref, counts)
-	{:noreply, state}
-	end
25	end

This follows the normal pattern for an OTP server—a public API (in this case start_link and deliver_page) followed by initialization (init) and message handlers (handle_cast).

Each Counter kicks things off by calling Parser.request_page during initialization (line 11).

Each time it receives a page, a Counter starts by requesting another page (line 16—we do this first to minimize latency). It then counts the words contained within the page, building a dictionary called counts (lines 18-21). Finally, those counts are sent to the Accumulator along with the reference (ref) that was sent with the page.

Next, CounterSupervisor allows us to create and supervise multiple Counters:

Actors/word_count/lib/counter.ex
	defmodule CounterSupervisor do
	use Supervisor.Behaviour
	def start_link(num_counters) do
	:supervisor.start_link(__MODULE__, num_counters)
	end
	def init(num_counters) do
	workers = Enum.map(1..num_counters, fn(n) ->
	worker(Counter, [], id: "counter#{n}")
	end)
	supervise(workers, strategy: :one_for_one)
	end
	end

CounterSupervisor.init takes the number of counters we want to create, which we use to create a workers list of that length. Note that each worker needs to have a distinct id, which we achieve by mapping over the range 1..num_counters.

Keeping Track of Totals

The Accumulator actor maintains two elements of state: totals, a dictionary containing accumulated counts, and processed_pages, a set containing the references of all the pages that it’s processed.

Actors/word_count/lib/accumulator.ex
Line 1	defmodule Accumulator do
-	use GenServer.Behaviour
-
-	def start_link do
5	:gen_server.start_link({:global, :wc_accumulator}, __MODULE__,
-	{HashDict.new, HashSet.new}, [])
-	end
-
-	def deliver_counts(ref, counts) do
10	:gen_server.cast({:global, :wc_accumulator}, {:deliver_counts, ref, counts})
-	end
-
-	def handle_cast({:deliver_counts, ref, counts}, {totals, processed_pages}) do
-	if Set.member?(processed_pages, ref) do
15	{:noreply, {totals, processed_pages}}
-	else
-	new_totals = Dict.merge(totals, counts, fn(_k, v1, v2) -> v1 + v2 end)
-	new_processed_pages = Set.put(processed_pages, ref)
-	Parser.processed(ref)
20	{:noreply, {new_totals, new_processed_pages}}
-	end
-	end
-	end

We create a global name for our accumulator by passing {:global, wc_accumulator} to :gen_server.start_link (line 5). We can use this directly when sending messages with :gen_server.cast (line 10).

When a set of counts is delivered to the accumulator, it first checks to see if it’s already processed counts for this page (we’ll soon see why this is important and why it might receive counts twice). If it hasn’t, it merges the counts into totals with Dict.merge, the page reference intoprocessed_pages with Set.put, and notifies the parser that the page has been processed.

Parsing and Fault Tolerance

Parser is the most complex of our three types of actor, so we’ll break it down into chunks. First, here’s its public API:

Actors/word_count/lib/parser.ex
	defmodule Parser do
	use GenServer.Behaviour
	def start_link(filename) do
	:gen_server.start_link({:global, :wc_parser}, __MODULE__, filename, [])
	end
	def request_page(pid) do
	:gen_server.cast({:global, :wc_parser}, {:request_page, pid})
	end
	def processed(ref) do
	:gen_server.cast({:global, :wc_parser}, {:processed, ref})
	end
	end

As with Accumulator, Parser registers itself with a global name during startup. It supports two operations—request_page, which is called by a Counter to request a page, and processed, which is called by the Accumulator to indicate that a page has been successfully processed.

Here’s the implementation of the message handlers for these two operations:

Actors/word_count/lib/parser.ex
	def init(filename) do
	xml_parser = Pages.start_link(filename)
	{:ok, {ListDict.new, xml_parser}}
	end
	def handle_cast({:request_page, pid}, {pending, xml_parser}) do
	new_pending = deliver_page(pid, pending, Pages.next(xml_parser))
	{:noreply, {new_pending, xml_parser}}
	end
	def handle_cast({:processed, ref}, {pending, xml_parser}) do
	new_pending = Dict.delete(pending, ref)
	{:noreply, {new_pending, xml_parser}}
	end

Parser maintains two items of state: pending, which is a ListDict of references for pages that have been sent to a Counter but not yet processed, and xml_parser, which is an actor that uses the Erlang xmerl library to parse a Wikipedia dump (we won’t show its implementation here—see the code that accompanies this book if you’re interested).^[28]

Handling a :processed message simply requires deleting the processed page from pending. Handling a :request_page message involves retrieving the next available page from the XML parser and passing it to deliver_page:

Actors/word_count/lib/parser.ex
	defp deliver_page(pid, pending, page) when nil?(page) do
	if Enum.empty?(pending) do
	pending # Nothing to do
	else
	{ref, prev_page} = List.last(pending)
	Counter.deliver_page(pid, ref, prev_page)
	Dict.put(Dict.delete(pending, ref), ref, prev_page)
	end
	end
	defp deliver_page(pid, pending, page) do
	ref = make_ref()
	Counter.deliver_page(pid, ref, page)
	Dict.put(pending, ref, page)
	end

The implementation of deliver_page uses an Elixir feature we’ve not seen before—a guard clause specified by the when in the first deliver_page clause. A guard clause is a Boolean expression—the function clause matches only if the guard is true.

Let’s consider the case when page is non-nil first. In this case, we create a new unique reference with make_ref, deliver the page to the counter that requested it, and add the page to our pending dictionary.

If page is nil, that indicates that the XML parser has finished parsing the Wikipedia dump. In that case, we remove the oldest entry from pending and send it, and remove and re-add it to pending so that it’s now the youngest entry.

Why this second case? Surely every pending batch will eventually be processed. What do we gain by sending it to another Counter?

The Big Win

What we gain is fault tolerance. If a Counter exits or the network goes down or the machine it’s running on dies, we’ll just end up sending the page it was processing to another Counter. Because each page has a reference associated with it, we know which pages have been processed and won’t double-count.

To convince yourself, try starting a cluster. On one machine, start a Parser and an Accumulator. On one or more other machines, start a number of Counters. If you pull the network cable out the back of a machine running counters, or kill the virtual machine they’re running in, the remaining counters will continue to process pages, including those that were in progress on that machine.

This is a great example of the benefits of concurrent, distributed development. This program will hardly miss a beat when faced with a hardware failure that would kill a normal sequential or multithreaded program.

Day 3 Wrap-Up

That brings us to the end of day 3 and our discussion of actors.

What We Learned in Day 3

Elixir allows us to create clusters of nodes. An actor on one node can send messages to an actor running on another in exactly the same way as it can to one running locally. As well as allowing us to create systems that leverage multiple distributed computers, it allows us to recover from the failure of one of those computers.

Day 3 Self-Study

Find

· Joe Armstrong’s Lambda Jam presentation, “Systems That Run Forever Self-Heal and Scale.”

· What is an OTP application? Why might one be more accurately described as a component?

· So far, the state of every actor we’ve created has been lost if that actor dies. What support does Elixir provide for persistent state?

Do

· The fault-tolerant word-count program we developed can handle failure of a counter or the machine that it’s running on, but not the parser or accumulator. Create a version that can handle failure of any actor or node.

Wrap-Up

Alan Kay, the designer of Smalltalk and father of object-oriented programming, had this to say on the essence of object orientation:^[29]

I’m sorry that I long ago coined the term “objects” for this topic because it gets many people to focus on the lesser idea.

The big idea is “messaging” … The Japanese have a small word—ma—for “that which is in-between”—perhaps the nearest English equivalent is “interstitial.” The key in making great and growable systems is much more to design how its modules communicate rather than what their internal properties and behaviors should be.

This captures the essence of actor programming very well—we can think of actors as the logical extension of object-oriented programming to the concurrent world. Indeed, you can think of actors as more object-oriented than objects, with stricter message passing and encapsulation.

Strengths

Actors have a number of features that make them ideal for solving a wide range of concurrent problems.

Messaging and Encapsulation

Actors do not share state and, although they run concurrently with each other, within a single actor everything is sequential. This means that we need only worry about concurrency when considering message flows between actors.

This is a huge boon to the developer. An actor can be tested in isolation and, as long as our tests accurately represent the types of messages that might be delivered and in what order, we can have high confidence that it behaves as it should. And if we do find ourselves faced with a concurrency-related bug, we know where to look—the message flows between actors.

Fault Tolerance

Fault tolerance is built into actor programs from the outset. This enables not only more resilient programs but also simpler and clearer code (through the “let it crash” philosophy).

Distributed Programming

Actors’ support for both shared and distributed-memory architectures brings a number of significant advantages:

Firstly, it allows an actor program to scale to solve problems of almost any size. We are not limited to problems that fit on a single system.

Secondly, it allows us to address problems where geographical distribution is an intrinsic consideration. Actors are an excellent choice for programs where different elements of the software need to reside in different geographical locations.

Finally, distribution is a key enabler for resilient and fault-tolerant systems.

Weaknesses

Although a program constructed with actors is easier to debug than one constructed with threads and locks, actors are still susceptible to problems like deadlock plus a few failure modes unique to actors (such as overflowing an actor’s mailbox).

As with threads and locks, actors provide no direct support for parallelism. Parallel solutions need to be built from concurrent building blocks, raising the specter of nondeterminism. And because actors do not share state and can only communicate through message passing, they are not a suitable choice if you need fine-grained parallelism.

Other Languages

As with most good ideas, the actor model is not new—it was first described in the 1970s, most notably by Carl Hewitt. The language that has done most to popularize actor programming, however, is unquestionably Erlang. For example, Erlang’s creator, Joe Armstrong, is the originator of the “let it crash” philosophy.

Most popular programming languages now have an actor library available; in particular the Akka toolkit can be used to add actor support to Java or any other JVM-based language.^[30] If you’re interested in learning more about Akka, see the online bonus chapter,^[31] which describes actor programming in Scala.

Final Thoughts

Actor programming is one of the most widely applicable programming models out there—not only does it provide support for concurrency, but it also provides distribution, error detection, and fault tolerance. As such, it’s a good fit for the kinds of programming problems we find ourselves faced with in today’s increasingly distributed world.

In the next chapter we’ll look at communicating sequential processes. Although CSP has surface similarities with actors, its emphasis on the channels used for communication, rather than the entities between which communication takes place, leads to it having a very different flavor.

Footnotes

[25]	http://www.erlang.org/
[26]	http://elixir-lang.org/
[27]	http://zoo.cs.yale.edu/classes/cs422/2011/bib/hoare81emperor.pdf
[28]	http://www.erlang.org/doc/apps/xmerl/
[29]	http://c2.com/cgi/wiki?AlanKayOnMessaging
[30]	http://akka.io
[31]	http://media.pragprog.com/titles/pb7con/Bonus_Chapter.pdf