fix: improve thread safety around problem changes (#1439)

Author: triceo

build/build-parent/pom.xml

@@ -25,6 +25,7 @@
     <version.org.apache.commons.math3>3.6.1</version.org.apache.commons.math3>
     <version.org.apache.logging.log4j>2.24.3</version.org.apache.logging.log4j>
     <version.org.assertj>3.27.3</version.org.assertj>
+    <version.org.awaitility>4.3.0</version.org.awaitility>
     <version.org.freemarker>2.3.34</version.org.freemarker>
     <version.org.jspecify>1.0.0</version.org.jspecify>
     <version.org.openrewrite.recipe>3.3.0</version.org.openrewrite.recipe>
@@ -116,6 +117,12 @@
         <artifactId>assertj-core</artifactId>
         <version>${version.org.assertj}</version>
       </dependency>
+      <dependency>
+        <groupId>org.awaitility</groupId>
+        <artifactId>awaitility</artifactId>
+        <version>${version.org.awaitility}</version>
+        <scope>test</scope>
+      </dependency>
       <dependency>
         <groupId>org.freemarker</groupId>
         <artifactId>freemarker</artifactId>

core/pom.xml

@@ -104,6 +104,11 @@
       <artifactId>assertj-core</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.awaitility</groupId>
+      <artifactId>awaitility</artifactId>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>

core/src/main/java/ai/timefold/solver/core/api/solver/change/ProblemChange.java

@@ -8,7 +8,7 @@
 import ai.timefold.solver.core.api.solver.event.BestSolutionChangedEvent;
 import ai.timefold.solver.core.impl.heuristic.move.Move;
 
-import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.NullMarked;
 
 /**
  * A ProblemChange represents a change in one or more {@link PlanningEntity planning entities} or problem facts
@@ -77,6 +77,7 @@
  * @param <Solution_> the solution type, the class with the {@link PlanningSolution} annotation
  */
 @FunctionalInterface
+@NullMarked
 public interface ProblemChange<Solution_> {
 
     /**
@@ -87,5 +88,5 @@ public interface ProblemChange<Solution_> {
      *        (and {@link PlanningEntity planning entities}) to change
      * @param problemChangeDirector {@link ProblemChangeDirector} to perform the change through
      */
-    void doChange(@NonNull Solution_ workingSolution, @NonNull ProblemChangeDirector problemChangeDirector);
+    void doChange(Solution_ workingSolution, ProblemChangeDirector problemChangeDirector);
 }

core/src/main/java/ai/timefold/solver/core/impl/solver/BestSolutionHolder.java

@@ -10,6 +10,7 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.BooleanSupplier;
+import java.util.function.UnaryOperator;
 
 import ai.timefold.solver.core.api.solver.Solver;
 import ai.timefold.solver.core.api.solver.change.ProblemChange;
@@ -20,7 +21,7 @@
 
 /**
  * The goal of this class is to register problem changes and best solutions in a thread-safe way.
- * Problem changes are {@link #addProblemChange(Solver, ProblemChange) put in a queue}
+ * Problem changes are {@link #addProblemChange(Solver, List) put in a queue}
  * and later associated with the best solution which contains them.
  * The best solution is associated with a version number
  * that is incremented each time a {@link #set new best solution is set}.
@@ -29,26 +30,24 @@
  * 
  * <p>
  * This class needs to be thread-safe.
- * Due to complicated interactions between the solver, solver manager and problem changes,
- * it is best if we avoid explicit locking here,
- * reducing cognitive complexity of the whole system.
- * The core idea being to never modify the same data structure from multiple threads;
- * instead, we replace the data structure with a new one atomically.
- * The code contains comments throughout the class that explain the reasoning behind the design.
  * 
  * @param <Solution_>
  */
 @NullMarked
 final class BestSolutionHolder<Solution_> {
 
-    private final AtomicReference<@Nullable VersionedBestSolution<Solution_>> versionedBestSolutionRef =
-            new AtomicReference<>();
-    private final AtomicReference<SortedMap<BigInteger, List<CompletableFuture<Void>>>> problemChangesPerVersionRef =
-            new AtomicReference<>(createNewProblemChangesMap());
+    private final AtomicReference<BigInteger> lastProcessedVersion = new AtomicReference<>(BigInteger.valueOf(-1));
+
+    // These references are non-final and being accessed from multiple threads, 
+    // therefore they need to be volatile and all access synchronized.
+    // Both the map and the best solution are based on the current version,
+    // and therefore access to both needs to be guarded by the same lock.
     // The version is BigInteger to avoid long overflow.
     // The solver can run potentially forever, so long overflow is a (remote) possibility.
-    private final AtomicReference<BigInteger> currentVersion = new AtomicReference<>(BigInteger.ZERO);
-    private final AtomicReference<BigInteger> lastProcessedVersion = new AtomicReference<>(BigInteger.valueOf(-1));
+    private volatile SortedMap<BigInteger, List<CompletableFuture<Void>>> problemChangesPerVersionMap =
+            createNewProblemChangesMap();
+    private volatile @Nullable VersionedBestSolution<Solution_> versionedBestSolution = null;
+    private volatile BigInteger currentVersion = BigInteger.ZERO;
 
     private static SortedMap<BigInteger, List<CompletableFuture<Void>>> createNewProblemChangesMap() {
         return createNewProblemChangesMap(Collections.emptySortedMap());
@@ -59,8 +58,8 @@ private static SortedMap<BigInteger, List<CompletableFuture<Void>>> createNewPro
         return new TreeMap<>(map);
     }
 
-    boolean isEmpty() {
-        return versionedBestSolutionRef.get() == null;
+    synchronized boolean isEmpty() {
+        return this.versionedBestSolution == null;
     }
 
     /**
@@ -69,12 +68,12 @@ boolean isEmpty() {
      */
     @Nullable
     BestSolutionContainingProblemChanges<Solution_> take() {
-        var versionedBestSolution = versionedBestSolutionRef.getAndSet(null);
-        if (versionedBestSolution == null) {
+        var latestVersionedBestSolution = resetVersionedBestSolution();
+        if (latestVersionedBestSolution == null) {
             return null;
         }
 
-        var bestSolutionVersion = versionedBestSolution.version();
+        var bestSolutionVersion = latestVersionedBestSolution.version();
         var latestProcessedVersion = this.lastProcessedVersion.getAndUpdate(bestSolutionVersion::max);
         if (latestProcessedVersion.compareTo(bestSolutionVersion) > 0) {
             // Corner case: The best solution has already been taken,
@@ -84,7 +83,7 @@ BestSolutionContainingProblemChanges<Solution_> take() {
             return null;
         }
         // The map is replaced by a map containing only the problem changes that are not contained in the best solution.
-        // This is done atomically, so no other thread can access the old map anymore.
+        // This is fully synchronized, so no other thread can access the old map anymore.
         // The old map can then be processed by the current thread without synchronization.
         // The copying of maps is possibly expensive, but due to the nature of problem changes,
         // we do not expect the map to ever get too big.
@@ -93,7 +92,7 @@ BestSolutionContainingProblemChanges<Solution_> take() {
         // The solver also finds new best solutions, which regularly trims the size of the map as well.
         var boundaryVersion = bestSolutionVersion.add(BigInteger.ONE);
         var oldProblemChangesPerVersion =
-                problemChangesPerVersionRef.getAndUpdate(map -> createNewProblemChangesMap(map.tailMap(boundaryVersion)));
+                replaceMapSynchronized(map -> createNewProblemChangesMap(map.tailMap(boundaryVersion)));
         // At this point, the old map is not accessible to any other thread.
         // We also do not need to clear it, because this being the only reference, 
         // garbage collector will do it for us.
@@ -102,29 +101,41 @@ BestSolutionContainingProblemChanges<Solution_> take() {
                 .stream()
                 .flatMap(Collection::stream)
                 .toList();
-        return new BestSolutionContainingProblemChanges<>(versionedBestSolution.bestSolution(), containedProblemChanges);
+        return new BestSolutionContainingProblemChanges<>(latestVersionedBestSolution.bestSolution(), containedProblemChanges);
+    }
+
+    private synchronized @Nullable VersionedBestSolution<Solution_> resetVersionedBestSolution() {
+        var oldVersionedBestSolution = this.versionedBestSolution;
+        this.versionedBestSolution = null;
+        return oldVersionedBestSolution;
+    }
+
+    private synchronized SortedMap<BigInteger, List<CompletableFuture<Void>>> replaceMapSynchronized(
+            UnaryOperator<SortedMap<BigInteger, List<CompletableFuture<Void>>>> replaceFunction) {
+        var oldMap = problemChangesPerVersionMap;
+        problemChangesPerVersionMap = replaceFunction.apply(oldMap);
+        return oldMap;
     }
 
     /**
-     * Sets the new best solution if all known problem changes have been processed and thus are contained in this
-     * best solution.
+     * Sets the new best solution if all known problem changes have been processed
+     * and thus are contained in this best solution.
      *
      * @param bestSolution the new best solution that replaces the previous one if there is any
      * @param isEveryProblemChangeProcessed a supplier that tells if all problem changes have been processed
      */
     void set(Solution_ bestSolution, BooleanSupplier isEveryProblemChangeProcessed) {
-        /*
-         * The new best solution can be accepted only if there are no pending problem changes
-         * nor any additional changes may come during this operation.
-         * Otherwise, a race condition might occur
-         * that leads to associating problem changes with a solution that was created later,
-         * but does not contain them yet.
-         * As a result, CompletableFutures representing these changes would be completed too early.
-         */
+        // The new best solution can be accepted only if there are no pending problem changes
+        // nor any additional changes may come during this operation.
+        // Otherwise, a race condition might occur
+        // that leads to associating problem changes with a solution that was created later,
+        // but does not contain them yet.
+        // As a result, CompletableFutures representing these changes would be completed too early.
         if (isEveryProblemChangeProcessed.getAsBoolean()) {
-            // This field is atomic, so we can safely set the new best solution without synchronization.
-            versionedBestSolutionRef.set(
-                    new VersionedBestSolution<>(bestSolution, currentVersion.getAndUpdate(old -> old.add(BigInteger.ONE))));
+            synchronized (this) {
+                versionedBestSolution = new VersionedBestSolution<>(bestSolution, currentVersion);
+                currentVersion = currentVersion.add(BigInteger.ONE);
+            }
         }
     }
 
@@ -139,23 +150,20 @@ void set(Solution_ bestSolution, BooleanSupplier isEveryProblemChangeProcessed)
     CompletableFuture<Void> addProblemChange(Solver<Solution_> solver, List<ProblemChange<Solution_>> problemChangeList) {
         var futureProblemChange = new CompletableFuture<Void>();
         synchronized (this) {
-            // This actually needs to be synchronized, 
-            // as we want the new problem change and its version to be linked.  
-            var futureProblemChangeList =
-                    problemChangesPerVersionRef.get().computeIfAbsent(currentVersion.get(), version -> new ArrayList<>());
+            var futureProblemChangeList = problemChangesPerVersionMap.computeIfAbsent(currentVersion,
+                    version -> new ArrayList<>());
             futureProblemChangeList.add(futureProblemChange);
             solver.addProblemChanges(problemChangeList);
         }
         return futureProblemChange;
     }
 
     void cancelPendingChanges() {
-        // The map is an atomic reference. 
-        // We first replace the reference with a new map atomically, avoiding synchronization issues.
-        // Then we process the old map, which is safe because no one can access it anymore.
+        // We first replace the reference with a new map, fully synchronized.
+        // Then we process the old map unsynchronized, which is safe because no one can access it anymore.
         // We do not need to clear it, because this being the only reference,
         // the garbage collector will do it for us.
-        problemChangesPerVersionRef.getAndSet(createNewProblemChangesMap())
+        replaceMapSynchronized(map -> createNewProblemChangesMap())
                 .values()
                 .stream()
                 .flatMap(Collection::stream)

core/src/test/java/ai/timefold/solver/core/impl/solver/BestSolutionHolderTest.java

@@ -1,17 +1,32 @@
 package ai.timefold.solver.core.impl.solver;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.awaitility.Awaitility.await;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
+import java.time.Duration;
+import java.util.ArrayList;
 import java.util.List;
+import java.util.Random;
+import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.Executors;
 
 import ai.timefold.solver.core.api.solver.Solver;
+import ai.timefold.solver.core.api.solver.SolverManager;
 import ai.timefold.solver.core.api.solver.change.ProblemChange;
+import ai.timefold.solver.core.api.solver.change.ProblemChangeDirector;
+import ai.timefold.solver.core.config.solver.SolverConfig;
+import ai.timefold.solver.core.config.solver.SolverManagerConfig;
+import ai.timefold.solver.core.impl.testdata.domain.TestdataEasyScoreCalculator;
+import ai.timefold.solver.core.impl.testdata.domain.TestdataEntity;
 import ai.timefold.solver.core.impl.testdata.domain.TestdataSolution;
 
+import org.jspecify.annotations.NullMarked;
+import org.junit.jupiter.api.RepeatedTest;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 
@@ -85,4 +100,125 @@ private CompletableFuture<Void> addProblemChange(BestSolutionHolder<TestdataSolu
                 Mockito.argThat(problemChanges -> problemChanges.size() == 1 && problemChanges.get(0) == problemChange));
         return futureChange;
     }
+
+    @RepeatedTest(value = 10, failureThreshold = 1) // Run it multiple times to increase the chance of catching a concurrency issue.
+    void problemChangeBarrageIntermediateBestSolutionConsumer() throws InterruptedException {
+        var solverConfig = new SolverConfig()
+                .withSolutionClass(TestdataSolution.class)
+                .withEntityClasses(TestdataEntity.class)
+                .withEasyScoreCalculatorClass(TestdataEasyScoreCalculator.class);
+
+        var futureList = new ArrayList<RecordedFuture>();
+        var executorService = Executors.newFixedThreadPool(2);
+        try (var solverManager = SolverManager.<TestdataSolution, UUID> create(solverConfig, new SolverManagerConfig())) {
+            var solverStartedLatch = new CountDownLatch(1);
+            var solution = TestdataSolution.generateSolution();
+            var solverJob = solverManager.solveBuilder()
+                    .withProblemId(UUID.randomUUID())
+                    .withProblem(solution)
+                    .withFirstInitializedSolutionConsumer((testdataSolution, isTerminatedEarly) -> {
+                        solverStartedLatch.countDown();
+                    })
+                    .withBestSolutionConsumer(testdataSolution -> {
+                        // No need to do anything.
+                    })
+                    .run();
+            solverStartedLatch.await(); // Only start adding problem changes after CH finished.
+
+            var random = new Random(0);
+            var problemChangeCount = 200; // Arbitrary, for a reasonable test duration.
+            var problemChangesAddedLatch = new CountDownLatch(problemChangeCount);
+            for (int i = 0; i < problemChangeCount; i++) {
+                // Emulate a random delay between problem changes, as it would happen in real world.
+                var randomDelayNanos = random.nextInt(1_000_000);
+                var start = System.nanoTime();
+                while ((System.nanoTime() - randomDelayNanos) < start) {
+                    Thread.onSpinWait();
+                }
+                // Submit the problem change and store the future.
+                var problemChange = random.nextBoolean()
+                        ? new EntityAddingProblemChange(problemChangesAddedLatch)
+                        : new EntityRemovingProblemChange(problemChangesAddedLatch);
+                futureList.add(new RecordedFuture(i, solverJob.addProblemChange(problemChange)));
+            }
+            // All problem changes have been added.
+            // Does not guarantee all have been processed though.
+            problemChangesAddedLatch.await();
+
+            // A best solution should have been produced for all the processed changes.
+            // Any incomplete futures here means some problem change was "lost".
+            var lostFutureList = futureList.stream()
+                    .filter(future -> !future.isDone())
+                    .toList();
+            var lostFutureCount = lostFutureList.size();
+            if (lostFutureCount == 0) {
+                return;
+            }
+            // The only exception to the rule:
+            // the very last problem changes, which might not have been processed yet
+            // by the time the solver was forced to terminate.
+            var minIncompleteFutureId = lostFutureList.stream()
+                    .mapToInt(f -> f.id)
+                    .min()
+                    .orElseThrow(() -> new AssertionError("Impossible state: no incomplete future found."));
+            assertThat(minIncompleteFutureId).isEqualTo(problemChangeCount - lostFutureCount);
+        } finally {
+            executorService.shutdownNow();
+            // The solver is terminated.
+            // All incomplete futures should have been canceled.
+            var incompleteFutureList = futureList.stream()
+                    .filter(future -> {
+                        await().atMost(Duration.ofSeconds(1))
+                                .pollInterval(Duration.ofMillis(1))
+                                .until(future::isDone);
+                        return !future.isDone();
+                    })
+                    .toList();
+            assertThat(incompleteFutureList)
+                    .as("All futures should have been completed by now.")
+                    .isEmpty();
+        }
+
+    }
+
+    private record RecordedFuture(int id, CompletableFuture<Void> future) {
+
+        boolean isDone() {
+            return future.isDone();
+        }
+
+    }
+
+    @NullMarked
+    private record EntityAddingProblemChange(CountDownLatch latch) implements ProblemChange<TestdataSolution> {
+
+        @Override
+        public void doChange(TestdataSolution workingSolution, ProblemChangeDirector problemChangeDirector) {
+            var entity = new TestdataEntity(UUID.randomUUID().toString());
+            problemChangeDirector.addEntity(entity,
+                    e -> workingSolution.getEntityList().add(e));
+            problemChangeDirector.updateShadowVariables();
+            latch.countDown();
+        }
+
+    }
+
+    @NullMarked
+    private record EntityRemovingProblemChange(CountDownLatch latch) implements ProblemChange<TestdataSolution> {
+
+        @Override
+        public void doChange(TestdataSolution workingSolution, ProblemChangeDirector problemChangeDirector) {
+            if (workingSolution.getEntityList().size() < 2) {
+                latch.countDown();
+                return;
+            }
+            var entity = workingSolution.getEntityList().get(0);
+            problemChangeDirector.removeEntity(entity,
+                    e -> workingSolution.getEntityList().remove(e));
+            problemChangeDirector.updateShadowVariables();
+            latch.countDown();
+        }
+
+    }
+
 }