Blog

July 15, 2012

Small Revolution, High Resolution

Since about a year now I was looking to make a couple of adjustments to this website. It’s now a thing done. As a result, the website has changed domain and changed its content management system, comments on the blog are now replaced with a follow-up system which is more flexible (for me), and at long last this website is ready for high resolution.

The Domain

Why change? This is a small protest gesture towards the US government who think it can seize “.com” domains for a website operating in another country just because they violate some US law. Not being a US citizen, I’d rather avoid abide by two jurisdictions if I don’t need to. And so it’s done.

By making my domain a “.ca”, and by using the services of a Canadian hosting company and registrar with a Canadian root domain, everything stays in Canadian jurisdiction. Not that I expected problems would come for my “.com” (which still lives on as a redirect), but why take more risks?

The CMS

This website is now baked by Piecrust. Everything is made out of static pages « compiled » locally on my computer and synchronized to the web server. This allows me for one thing to put the whole website under version control using git, and to create branches, try things, etc. Static pages are also the most stable way you can build a website, and what works best under load. I’m quite satisfied with the result.

It’s also much simpler to maintain backups when no database is involved and when everything is already a direct copy of things on my computer.

Bye Comments!

Comments have been replaced by follow-ups. In short, if you have something interesting to add, write to me and I’ll add it as a follow-up. Or write something on your blog and I’ll add a link. In fact, you might not even need to notify me: if I find something related to one of my blog entry I’ll add it myself. A follow-up sits somewhat in between an update at the end of the post and a comment. I like the concept, so let’s see if it flies.

You can already see what it looks like by going to some of my older posts such as this one.

Note that all the previous comments are still there. It’s only the comment form which has disappeared. Send me an email and I’ll add a follow-up instead.

High Resolution

This update gets rid of almost all images and replaces them with CSS rules for gradients, shadows, and rounded corners (images are still there for browsers that do not support all this in CSS). Remaining images are all in double resolution (twice the pixel in width and in height) or as vectors (using SVG). Given that the number of images is limited on my website, it shouldn’t have too much impact on either bandwidth or speed.

Even though it seems of fashion now to justify this kind of change because of the new « Retina » Macbook Pro or the latest iPad, those changes will benefit many more people who don’t have the latest devices: every people out there using the zoom function of their browser will see a much better picture now. In fact, I’m a little surprised that the ubiquity of this zoom function in browsers did not push web designers to address high resolution issues sooner.

But at least the idea of making websites that work well in high resolution seem to be getting on track now. Better later than never.

June 17, 2012

Apple shifts its icon guidelines

I’ve been reading the Icon Design Guidelines in the OS X Human Interface Guidelines today and noticed that Apple not only added one size of icon that should be created for use on Retina Macs, but they expect you to create the whole icon set twice. And also they’re no longer recommending using the ICNS format.

Table 5-1 of that document tells you to create the following icon sizes, each as a PNG file prefixed with the icon name:

Filename Size of canvas (in pixels)
icon_512x512@2x 1024×1024
icon_512x512 512×512
icon_256x256@2x 512×512
icon_256x256 256×256
icon_128x128@2x 256×256
icon_128x128 128×128
icon_32x32@2x 64×64
icon_32x32 32×32
icon_16x16@2x 32×32
icon_16x16 16×16

Icon files with the “@2x” part are meant to be shown on a Retina display. Apple expects you to create icons with less details for use on Retina screens instead of just using the standard bigger ones. That means 10 icons instead of 5. Well, probably not: I guess you should only create separate icons when appropriate.

The other change is the disappearance of a mention of the ICNS icon format. Not that this format has stopped to work, but the recommendation now is to use PNG files with the names above instead. I wonder how backward compatible this is.

Documentation on this matter is scarce. This seems like a last minute change. The Icon Design Guidelines seems to mention the naming convention only in relation to the app’s icon, but I have a hard time to believe it can’t be applied to other ones (I would guess the “icon” part of the file names above refers to whatever icon name you specified in your Info.plist, but that isn’t said). Perhaps they gave more details to WWDC attendees.

The funny thing is, if you look at the content of TextEdit in OS X 10.7.4, all the icons are still ICNS icons. But if you open them with Preview, you’ll see the files contains two 32×32 icons, two 256×256 icons, etc. in short each file contains all the 10 representations specified above. And even though the icon file contains duplicated sizes, they haven’t bothered changing the level of detail or anything.

So they did update the ICNS format so it can contain all those fancy “@2x” icons, but they don’t want us to use that for some reason. I’m puzzled.

Update: In the comments Philippe Wittenbergh points out that further down below in the section “Packaging Your Icon Resources” they explain that those PNG icons files should be put in a folder ending with .iconset and run through the iconutil command line tool to create the ICNS file. I guess this is my failure to read through the whole thing. This sentence is interesting: “You must use iconutil, not Icon Composer, to create high-resolution .icns files.” What happened to Icon Composer? This really does feel like a last minute change.

June 2, 2012

Mutex synchronization in D

There is currently a very long discussion about synchronization in the D newsgroup. It’s so large that I’m really lost when it comes to know who thinks what, who is proposing what and how has retracted what. But reading the whole thing makes me think about what’s inadequate in the current way D wants to do synchronization. So here’s how I’d do synchronization in D if we could get rid of the legacy. Perhaps it’d help someone create a true proposal that can be integrated in the language.

Most of the time when I use a mutex, I want to synchronize access to one or a small number of variables. The following code let you add words to a translation dictionary, and once they’re in there you can confirm each translation using a separate function… all that in a thread-safe manner. The whole class is thread-safe, thanks to the use of two mutexes. This is what I’d do in C++ (skipping constructor for brevity):

class Dictionary
{
    std::map< std::string, std::string > translations;
    boost::mutex translationsMutex;

    int confirmed, unconfirmed;
    boost::mutex confirmedUnconfirmedMutex;

    void addWord(const std::string & word, const std::string & foreignWord)
    {
        boost::unique_lock< boost::mutex > lock(translationsMutex);
        translations[word] = foreignWord;

        boost::unique_lock< boost::mutex > lock(confirmedUnconfirmedMutex);
        ++unconfirmed;
    }

    bool confirmWord(const std::string & word, const std::string & foreignWord)
    {
        {
            boost::unique_lock< boost::mutex > lock(translationsMutex);
            std::map< std::string, std::string > iterator = translations.find(word);
            if (iterator == translations.end())
                return false;
            if (iterator.second != foreignWord)
                return false;
        }

        {
            boost::unique_lock< boost::mutex > lock(confirmedUnconfirmedMutex);
            --unconfirmed;
            ++confirmed;
        }
        globalNotifyWordConfirmed(word, foreignWord);
        return true;
    }
}

Notice how each variable, or each group of variable, has its own lock. The less you protect under one lock, the easier it is to reason about locking. Each lock protects one thing, and is used to protect only that thing. In the addWord function, both mutexes are locked at the same time because the operation needs to be atomic, while this is not the case in confirmWord (because we assume once a word has been added it won’t be replaced by another one later).

Also note that the call to the globalNotifyWordConfirmed function is done outside of any scoped lock. One reason is performance: we simply have no need for the lock at this point. But the bigger reason is to avoid deadlocks. This is important: you need to care about each function you’re calling while you’re locking a mutex. If that function locks a mutex of its own, depending on what locking sequence might happen in other threads you might be creating a potential deadlock. Better call functions outside of locks whenever you can.

Possible Design for D

So obviously, I’d like to do something like this C++ code in D. And with D trying to guard against low-level races, I’d like if it could enforce correct usage of the locks too. So here’s how I’d like to be able to write it in D, purposefully forgetting about how it is done currently to make things easier: make “synchronized” a storage class applicable to variables. Here’s what it’d look like:

class Dictionary
{
    private synchronized string[string] translations;
    private synchronized int confirmed, unconfirmed;

    void addWord(string word, string foreignWord)
    {
        synchronized(translations)
        {
            translations[word] = foreignWord;

            synchronized(unconfirmed)
                ++unconfirmed;
        }
    }

    bool confirmWord(string word, string foreignWord)
    {
        synchronized(translations)
        {
            string * found = word in translation;
            if (!found)
                return false;
            if (*found != foreignWord)
                return false;
        }
        synchronized(unconfirmed, confirmed)
        {
            --unconfirmed;
            ++confirmed;
        }
        globalNotifyWordConfirmed(word, foreignWord);
        return true;
    }
}

Basically, it’s the same thing as in C++, except the mutexes are implicit for any variable with the synchronized storage class. To synchronize on an implicit mutex, synchronize on the variable it is attached to.

Because mutexes are only locked when inside a synchronized block, the globalNotifyWordConfirmed function can be called without any of our mutexes being locked, so it does not matter what mutexes the external function can lock: our mutex will never be involved in a deadlock.

The compiler prevents reads, writes, and passing references to those variables anywhere except in a synchronized block relating to them. Also, the compiler prevents you from passing references to those variables to non-pure functions that might leak them to somewhere outside the synchronized block. Pure functions are fine1, but any reference returned from these should be tainted and prevented from escaping the synchronized block.

Current Design in D

The current approach in version 2 of D is to mark a whole class as being synchronized, which has the effect of implicitly synchronizing all member functions on an object-level mutex. Thus, you’d write the above code as this:

synchronized class Dictionary
{
    private string[string] translations;
    private int confirmed, unconfirmed;

    void addWord(string word, string foreignWord)
    {
        translations[word] = foreignWord;
        ++unconfirmed;
    }

    bool confirmWord(string word, string foreignWord)
    {
        string * found = word in translation;
        if (!found)
            return false;
        if (*found != foreignWord)
            return false;

        --unconfirmed;
        ++confirmed;

        globalNotifyWordConfirmed(word, foreignWord);
        return true;
    }
}

This certainly looks nicer, although the obvious compromise is that we’ve lost the finer grained locking scheme used previously: both variables are protected by the same mutex attached to the object.

If we really need two locks, we’d need two objects. Another option would be to use the same idiom as in C++: create a mutex object for each group of variable and synchronize on them when needed, but the compiler won’t help you because it does not know the relation between the variables and the mutex, and in fact the safeties against low-level races in the language will make this quite hard.

But the fundamental problem is that the above code is deadlock prone! Even though it’s not quite noticable, because each functions is implicitly wrapped in a synchronized (this) block, we’re calling globalNotifyWordConfirmed while the object mutex is still locked. If this global function locks another mutex, it better not do it while another thread has locked it and is then trying to access our dictionary. Locking two mutexes at once is deadlock prone unless you can ensure they’re locked in always the right order. But since you can’t avoid having the mutex locked because implicit synchronization covers the whole function’s body, you really need to know what the other function at the other end of your program is doing.

I disdain implicit locking, because it encourages you to keep mutexes locked more than necessary, and this can easily result in a deadlock if you’re not careful. Synchronization should happen in your face: you need to be very aware it is happening or you’ll introduce deadlocks in your code.

Shared Mutex

Let’s return to our first example, the one with two mutexes. Notice how the translation variable is only read in the confirmWord function. Since we’re not changing the data structure in any way, it is safe to have two threads read it at the same time.

If I was in C++, I’d use a shared lock to make it possible for multiple threads to read the translations variable at the same time while ensuring only one thread can write to it. In C++, I’d simply change the boost::mutex protecting it for boost::shared_mutex, and use boost::shared_lock instead of boost::unique_lock in the confirmWord function when I only need read access to translations:

class Dictionary
{
    std::map< std::string, std::string > translations;
    boost::shared_mutex translationsMutex;

    int confirmed, unconfirmed;
    boost::mutex confirmedUnconfirmedMutex;

    void addWord(const std::string & word, const std::string & foreignWord)
    {
        boost::unique_lock< boost::mutex > lock(translationsMutex);
        translations[word] = foreignWord;

        boost::unique_lock< boost::mutex > lock(confirmedUnconfirmedMutex);
        ++unconfirmed;
    }

    bool confirmWord(const std::string & word, const std::string & foreignWord)
    {
        {
            boost::shared_lock< boost::mutex > lock(translationsMutex);
            std::map< std::string, std::string > iterator = translations.find(word);
            if (iterator == translations.end())
                return false;
            if (iterator.second != foreignWord)
                return false;
        }

        {
            boost::unique_lock< boost::mutex > lock(confirmedUnconfirmedMutex);
            --unconfirmed;
            ++confirmed;
        }
        globalNotifyWordConfirmed(word, foreignWord);
        return true;
    }
}

How do we do that in D? I propose the use of synchronized (const translations) to mean that we only need read access to the variable, allowing the mutex to be locked in shared mode. const will make sure we’re not writing to the variable in that block2. We might also want a way to tell the compiler we’ll need a shared mutex for this variable: we could have synchronized(shared) as a storage class telling us that. Again, very small changes from the original code:

class Dictionary
{
    private synchronized(shared) string[string] translations;
    private synchronized int confirmed, unconfirmed;

    void addWord(string word, string foreignWord)
    {
        synchronized(translations)
        {
            translations[word] = foreignWord;

            synchronized(unconfirmed)
                ++unconfirmed;
        }
    }

    bool confirmWord(string word, string foreignWord)
    {
        synchronized(const translations)
        {
            string * found = word in translation;
            if (!found)
                return false;
            if (*found != foreignWord)
                return false;
        }
        synchronized(unconfirmed, confirmed)
        {
            --unconfirmed;
            ++confirmed;
        }
        globalNotifyWordConfirmed(word, foreignWord);
        return true;
    }
}

Final Remarks

With the approach suggested here, where each variable can be said to be synchronized and have its implicit mutex, you still have the problem that it’s easy to have too many mutexes. In the example above, both confirmed and unconfirmed should really be protected by the same mutex, but I have not made it clear that this is what happens when you declare them as:

synchronized int confirmed, unconfirmed;

I’m actually not sure this is the right syntax for grouping two variables under the same mutex. We might need to figure something else that’d be more obvious to signify that two variables are part of the same mutex.

Another thing to note is that I don’t even need a recursive mutex to make the Dictionary class work. Since I know precisely when the mutex is going to be locked, and I know no one else can lock the mutex, it’s easy to make sure the same thread doesn’t try to lock the mutex twice at the same time. Thus, I can use the simpler kind of mutex that does not have to maintain a lock counter, which of course is slightly more performant. I don’t think this kind of mutex is appropriate as a language default, but it’d be nice to be able to choose this when declaring a synchronized variable.

The End

Hopefully, the ideas floated here will be useful to someone.

  1. Pure functions in D have no access to global variables, but can mutate things passed by reference. Those functions are often referred as weakly pure, as opposed to functions taking no reference as parameter which are often called strongly pure. Only for strongly pure functions can the compiler elide duplicate calls. ↩︎

  2. Unlike in C++ which has the mutable keyword and where const stops at the first pointer, const in D is transitive and offers a true barrier against mutating a data structure. ↩︎

April 6, 2012

Greenwich

Nice work from FadingRed. I never liked much Apple’s approach to localization where nib files needs to be manually edited by each translator. Even within Apple, it leads to strange things. Greenwich takes another approach: it loads the nib file and then translate user-visible strings in the created objects using a standard string table.

I have something like this under the sheaves too, I just did not spend the time to make it ready to publish. Looks like Greenwich does not work on Leopard, neither does it attempt to adjust the layout. Mine is better in those regards. On the other hand mine doesn’t have a system to allow the user to edit/create localizations by himself from within the application.

Chime in if you’re interested… I might be tempted to release it.

Michel Fortin

Apps

Store

Miscellaneous

  • © 2003–2024 Michel Fortin.