Fail-fast機制

Fail-fast機制

“Fail Fast”機制――列表的結構在其返回遍歷器（Iterator）後的任何時候發生變化（這種變化不包括遍歷器本身調用remove方法移除元素）後，將會導致遍歷器拋出異常的機

制。
JDK中所謂的FailFast機制，就是在錯誤發生後，其它對象立即會有所反應。不會留待以後處理，或者忽略不計。可以參閱2004年《IEEE Software》中Martin Fowler所寫的《Fail

Faster》。

失敗機制
Failing slowly
Failing fast

Most languages have built-in assertions,but they don’t always throw exceptions.They’re also usually pretty generic, limiting
expressiveness and causing duplication.
For these reasons, I usually prefer to implement my own assertion class.

斷言是快速失敗機制的主要構成部分。
Assertions are the key to failing fast. An assertion is a tiny piece of code that checks a condition
and then fails if the condition isn’t met. So, when something starts to go wrong, an assertion
detects the problem and makes it visible.

不要試圖關閉斷言。
One reaction to this fear is to disable assertions in the field. Don’t do that!
Remember, an error that occurs at the customer’s site made it through your testing process. You’ll probably have trouble reproducing
it. These errors are the hardest to find, and a well-placed assertion explaining the problem could save you days of effort.

快速失敗是一種機制。
Fail-fast is a property of a system or module with respect to its response to failures. A fail-fast system is designed to immediately report at its interface

any failure or condition that is likely to lead to failure. Fail-fast systems are usually designed to stop normal operation rather than attempt to continue a

possibly-flawed process. Such designs often check the system’s state at several points in an operation, so any failures can be detected early. A fail-fast

module passes the responsibility for handling errors, but not detecting them, to the next-higher system design level.

Fail-fast systems or modules are desirable in several circumstances:
When building a fault-tolerant system by means of redundant components, the individual components should be fail-fast to give the system enough information

to successfully tolerate a failure.
Fail-fast components are often used in situations where failure in one component might not be visible until it leads to failure in another component.
Finding the cause of a failure is easier in a fail-fast system, because the system reports the failure with as much information as possible as close to the

time of failure as possible. In a fault-tolerant system, the failure might go undetected, whereas in a system that is neither fault-tolerant nor fail-fast

the failure might be temporarily hidden until it causes some seemingly-unrelated problem later.
A fail-fast system that is designed to halt as well as report the error on failure is less likely to erroneously perform an irreversible or costly operation.

Iterator 是工作在一個獨立的線程中，並且擁有一個 mutex 鎖。
Iterator 被創建之後會建立一個指向原來對象的單鏈索引表，當原來的對象數量發生變化時，這個索引表的內容不會同步改變，所以當索引指針往後移動的時候就找不到要迭代的

對象，所以按照 fail-fast 原則 Iterator 會馬上拋出 java.util.ConcurrentModificationException 異常。
所以 Iterator 在工作的時候是不允許被迭代的對象被改變的。但你可以使用 Iterator 本身的方法 remove() 來刪除對象， Iterator.remove() 方法會在刪除當前迭代對象的同

時維護索引的一致性。

有意思的是如果你的 Collection / Map 對象實際只有一個元素的時候， ConcurrentModificationException 異常並不會被拋出。也就是在 javadoc 裏面指出： it would be

wrong to write a program that depended on this exception for its correctness: ConcurrentModificationException should be used only to detect bugs.

附：來自ibm developerworks上對java.util.concurrent包的說明片段：
java.util 包中的集合類都返回 fail-fast 迭代器，這意味着它們假設線程在集合內容中進行迭代時，集合不會更改它的內容。如果 fail-fast 迭代器檢測到在迭代過程中進

行了更改操作，那麼它會拋出 ConcurrentModificationException ，這是不可控異常。
在迭代過程中不更改集合的要求通常會對許多併發應用程序造成不便。相反，比較好的是它允許併發修改並確保迭代器只要進行合理操作，就可以提供集合的一致視圖，如

java.util.concurrent 集合類中的迭代器所做的那樣。
java.util.concurrent 集合返回的迭代器稱爲弱一致的（weakly consistent）迭代器。對於這些類，如果元素自從迭代開始已經刪除，且尚未由 next() 方法返回，那麼它將

不返回到調用者。如果元素自迭代開始已經添加，那麼它可能返回調用者，也可能不返回。在一次迭代中，無論如何更改底層集合，元素不會被返回兩次。

References

http://en.wikipedia.org/wiki/Fail-fast

http://martinfowler.com/ieeeSoftware/failFast.pdf

Collection中的FailFast

http://blog.csdn.net/lianyu2008/archive/2009/10/10/4651451.aspx

http://my.unix-center.net/~Zianed/?p=1142