Core Code
Core Code Modern Dev Handbook
JAVA Contents
Java Foundations & Tooling
JDK Distributions, Version Strategy Maven vs Gradle, Standard Layout Running, Fat JAR, Manifest SLF4J, Logback, Log Levels Config with Env Vars, Profiles CLI Args, Exit Codes, Non-zero Failures Timezones, Locale Footguns Dependency Pinning, BOMs, Reproducible Builds
Core Language & Idioms
Types, Nullability, Optional Exceptions, Wrapping, Cause Chains Immutability, Records, Value Objects Encoding, Unicode, Charset Safety java.time, Clock Injection equals/hashCode, Collections Bugs Streams in Production (when/when not) Validation Patterns (DTO vs Domain)
OOP, Design & Maintainability
Packages, Modules, Boundaries SOLID (Pragmatic), Avoid Overengineering DI Concepts, Constructor Injection Domain Modeling, Aggregates Error Modeling (Result vs Exception) API Design, Backward Compatibility Refactoring, Tests as Guardrails
Collections, Generics & Functional
Choosing List/Set/Map in Production Generics, Wildcards, Invariance HashMap internals, sizing, pitfalls Lambdas, functional interfaces Stream performance, boxing, allocations Optional patterns, anti-patterns
Concurrency & Performance Basics
Executors, thread pools, sizing CompletableFuture, timeouts synchronized, ReentrantLock, contention Deadlocks, races, visibility Heap, GC basics, leak signals JFR/async-profiler basics (conceptual)
I/O, Files, Networking & HTTP Clients
NIO.2, safe file operations Buffered IO, backpressure hints Java HTTP Client, retries/timeouts TLS/keystore/truststore basics Jackson basics, safe defaults
Data Access & Transactions (JDBC + JPA)
JDBC, PreparedStatement, pooling Isolation levels, anomalies Entity design, lazy loading pitfalls N+1 detection & fixes Flyway/Liquibase basics, safe rollout
Spring Boot Web Services
Structure, layering, configs Controllers, DTOs, validation RFC7807 style errors Request ID, correlation timeouts, resilience patterns graceful shutdown, readiness/liveness
Testing, Quality Gates & CI
JUnit5, test structure Mockito, test slices Testcontainers, DB integration Consumer-driven contracts coverage + mutation (conceptual) CI steps, caching, artifacts
Observability
JSON logs, MDC, redaction Micrometer metrics basics OTel traces basics liveness/readiness, dependency checks alerting signals, SLO-ish basics
Security for Web Services
validation vs sanitization Jackson hardening patterns SSRF, allowlists, egress authn/authz, JWT basics security headers, CORS basics
Build, Release & Deployment
build profiles, reproducibility Dockerizing, distroless concepts secrets, env vars, vault-ish patterns rollbacks, migrations safety zero-downtime deploy checklist
Reliability & Incident Playbooks
retries/timeouts/idempotency rate limiting, backpressure failure modes map runbooks writing go-live checklist

Executors, thread pools, sizing

Choose and size thread pools based on workload type and resource limits, avoid unbounded queues, and monitor saturation signals to prevent latency spikes and thread-related production incidents.
On this page

Thread pools are resource management, not convenience

In production, threads are not free. Each thread consumes stack memory, scheduling overhead, and can increase contention. Thread pools exist to control concurrency and protect the system from overload. If you treat them as a convenience API, production will punish you with latency spikes and saturation cascades.

First classify the workload: CPU-bound vs I/O-bound

Thread pool sizing starts with one question: what does the task spend most time doing?

  • CPU-bound: compute heavy (parsing, crypto, image processing). Threads compete for CPU.
  • I/O-bound: waiting on network/disk (HTTP calls, DB calls). Threads mostly block.

Why the difference matters

  • CPU-bound pools should be near the number of CPU cores (with small overhead).
  • I/O-bound pools may need more threads, but must be bounded to avoid meltdown.

Common production mistake: unbounded thread creation

ExecutorService ex = Executors.newCachedThreadPool();

cachedThreadPool can create unbounded threads under load. In production, this can lead to:

  • excessive context switching
  • memory pressure (thread stacks)
  • connection pool exhaustion (DB/HTTP)
  • latency collapse

Another common mistake: unbounded queue

ExecutorService ex = Executors.newFixedThreadPool(16);

Fixed thread pools created via Executors often use an unbounded LinkedBlockingQueue internally. That means tasks can pile up indefinitely under overload. Symptom: memory grows, latency grows, GC pressure increases, then the system falls over.

Production principle: bound concurrency AND backlog

You need both:

  • a maximum number of worker threads
  • a maximum queue length (backlog)

Preferred pattern: ThreadPoolExecutor with explicit bounds

import java.util.concurrent.*;

int core = 16;
int max = 16;
int queueSize = 500;

BlockingQueue<Runnable> queue = new ArrayBlockingQueue<>(queueSize);

ThreadPoolExecutor ex = new ThreadPoolExecutor(
  core,
  max,
  30, TimeUnit.SECONDS,
  queue,
  new ThreadFactory() {
    private final ThreadFactory base = Executors.defaultThreadFactory();
    @Override public Thread newThread(Runnable r) {
      Thread t = base.newThread(r);
      t.setName("worker-" + t.getId());
      t.setDaemon(false);
      return t;
    }
  },
  new ThreadPoolExecutor.CallerRunsPolicy() // backpressure
);

This design gives you a hard cap on threads and backlog.

Rejection policies are overload strategies

When the pool is saturated (threads busy + queue full), tasks are rejected. You must choose what happens:

  • AbortPolicy: throws RejectedExecutionException (fail fast).
  • CallerRunsPolicy: runs task on caller thread (adds backpressure).
  • DiscardPolicy: silently drops tasks (dangerous unless intentional).
  • DiscardOldestPolicy: drops oldest queued task (rarely correct).

Production guidance

  • For request paths: CallerRunsPolicy can introduce natural throttling (but watch tail latency).
  • For background jobs: AbortPolicy + explicit retry/queueing can be safer.
  • Never discard silently unless you can prove it is acceptable.

Sizing heuristics

There is no universal number. Use heuristics and measure.

CPU-bound heuristic

  • threads ≈ number of cores (or cores - 1)
  • avoid oversubscription; it increases context switching

I/O-bound heuristic

  • threads may be higher than cores
  • but must be bounded and coordinated with dependency limits (DB pool size, HTTP connection pool)

Critical production rule: pool sizes must align with dependency limits

If your DB pool has 20 connections but your executor has 200 threads doing DB work, you will get:

  • blocked threads waiting for connections
  • queue buildup
  • latency amplification

A safer approach is to cap concurrency near the smallest bottleneck (often the DB pool).

Monitoring saturation signals

A healthy production system monitors:

  • active thread count
  • queue depth
  • task rejection rate
  • task execution time distribution

Quick instrumentation example

int active = ex.getActiveCount();
int queued = ex.getQueue().size();
long completed = ex.getCompletedTaskCount();

Even without full metrics integration, these values help during incidents.

Thread naming matters

When production incidents happen, thread dumps are a primary tool. If all threads are named pool-1-thread-XX, debugging is slower.

  • Name pools by function: http-client, db-worker, cpu-worker
  • Keep names stable across restarts

Daemon vs non-daemon

Daemon threads do not keep JVM alive. For background workers, decide intentionally:

  • daemon threads may exit abruptly on shutdown
  • non-daemon threads require explicit shutdown

Shutdown discipline

Always shut down executors gracefully.

ex.shutdown();
if (!ex.awaitTermination(10, TimeUnit.SECONDS)) {
  ex.shutdownNow();
}

Leaking executors in long-running apps leads to resource leaks and unpredictable behavior.

Production incident scenario: unbounded queue meltdown

A service uses a fixed thread pool with unbounded queue. Traffic spike occurs. Tasks queue grows into millions. Memory increases, GC thrashes, latency skyrockets, then OOM happens. Operators see the crash but the real issue was missing backpressure.

Correct mitigation

  • Bound queue size.
  • Use rejection/backpressure policy.
  • Align worker count with DB/HTTP dependency limits.
  • Monitor queue depth and rejections.

Checklist

  • Classify workload: CPU-bound vs I/O-bound.
  • Avoid cachedThreadPool for production unless you fully control load.
  • Avoid unbounded queues; bound backlog explicitly.
  • Choose a rejection policy intentionally (it defines overload behavior).
  • Align pool size with dependency limits (DB connections, HTTP pool).
  • Name threads and implement graceful shutdown.
  • Monitor saturation: active threads, queue depth, rejections.

Final principle

Thread pools are a safety mechanism. If you do not design for overload, overload will design your incident for you.

CompletableFuture, timeouts →