Lesson 11 of 38 13 minDesign Track

LLD Mastery: The Singleton Design Pattern

Master the Singleton pattern for Low-Level Design. Learn how to implement thread-safe instances using Double-Checked Locking and Bill Pugh paradigms.

Reading Mode

Hide the curriculum rail and keep the lesson centered for focused reading.

Key Takeaways

  • The Singleton pattern enforces a single instance of a class per JVM, providing a centralized control point for heavy resources.
  • Thread safety must be handled carefully using Double-Checked Locking with volatile reads or the Bill Pugh Helper Class pattern.
  • In distributed systems, JVM-level singletons do not scale cluster-wide, requiring distributed locks (ZooKeeper/database advisory locks) to prevent split-brain states.
Recommended Prerequisites
SOLID Principles in Java

Premium outcome

Bridge the gap between architecture diagrams and implementation details.

Engineers preparing for LLD rounds or leveling up their software design depth.

What you unlock

  • Cleaner reasoning around SOLID, patterns, responsibilities, and schema design
  • A usable bridge between HLD whiteboard thinking and concrete Java classes
  • Case-study practice across common interview-style design systems

In object-oriented programming, some classes manage shared resources that must have exactly one coordinator. Examples include database connection pools, local cache registries, threads pools, and application configuration managers. Instantiating multiple copies of these classes leads to resource exhaustion, state inconsistencies, and thread synchronization issues.

The Singleton Pattern is a creational design pattern that guarantees a class has only one instance per Java Virtual Machine (JVM) while providing a global access point to that instance. However, implementing it correctly in high-concurrency environments requires a deep understanding of memory visibility, lazy loading, and JVM serialization safety.

System Requirements

To design a robust, thread-safe Singleton resource manager (such as a global database connection pool), we define the following system criteria:

Functional Requirements

  • Instance Uniqueness: Guarantee that exactly one instance of the class is created and maintained within a single JVM lifecycle.
  • Global Ingress Access: Provide a clean, thread-safe static getter method (getInstance()) that retrieves the single instance from any scope.
  • Lazy Instantiation: Defer the creation of the object until the first client request is received, saving CPU and memory during system bootstrap.

Non-Functional Requirements

  • Lock-Free Read Latency: The overhead of accessing the initialized instance must be zero, using lock-free read access under high concurrency.
  • Durable Life-Cycle Hook: Cleanly release all held physical resources (sockets, file descriptors, memory pages) when the JVM shuts down.
  • Resilience to Reflection & Serialization: Prevent external libraries or malicious code from creating duplicate instances via Java Reflection APIs or Object Serialization streams.

API Design and Interface Contracts

To monitor and configure the Singleton instance at runtime, we expose management APIs.

1. Connection Pool Status Query (HTTP GET /v1/cluster/singleton/pool-status)

Enables monitoring systems to query the current state and utilization metrics of the singleton connection pool.

{
  "singletonInstanceId": "db_pool_master_v1",
  "jvmProcessId": 99812,
  "poolStatus": {
    "maxConnections": 100,
    "activeConnections": 42,
    "idleConnections": 58,
    "pendingThreadsCount": 0
  },
  "metrics": {
    "totalAcquisitions": 892019,
    "p99AcquisitionTimeMs": 1.25,
    "poolUptimeSeconds": 72400
  }
}

2. Connection Pool Scale Configuration (gRPC Protocol)

Allows runtime updates to pool configurations without re-instantiating the singleton connection manager.

syntax = "proto3";

package codesprintpro.singleton.pool.v1;

service ConnectionPoolService {
  rpc UpdatePoolLimits (UpdatePoolLimitsRequest) returns (UpdatePoolLimitsResponse);
}

message UpdatePoolLimitsRequest {
  string pool_id = 1;
  int32 target_max_connections = 2;
  int32 connection_timeout_ms = 3;
  int64 epoch_timestamp = 4;
}

message UpdatePoolLimitsResponse {
  bool is_applied = 1;
  int32 current_max_connections = 2;
  string error_message = 3;
}

High-Level Architecture

The architecture details the internal memory barriers and class layout of double-checked locking, alongside the cluster-wide distributed lease pattern.

1. Double-Checked Locking Execution Flow

To achieve lazy initialization and thread safety without locking every read, we apply a double-checked locking flow.

graph TD
    Start[Thread calls getInstance] --> Check1{Is instance null?}
    Check1 -->|No| Return[Return existing Instance]
    Check1 -->|Yes| AcquireLock[Acquire class-level Synchronized Lock]
    AcquireLock --> Check2{Is instance still null?}
    Check2 -->|No| ReleaseLock[Release Lock & Return Instance]
    Check2 -->|Yes| Instantiate[Instantiate Object & write to volatile memory]
    Instantiate --> ReleaseLock

2. Distributed Cluster-Wide Singleton Lease Flow

In a distributed cloud setup, a JVM-level singleton is insufficient. We use a centralized lease store (e.g. PostgreSQL or ZooKeeper) to ensure only one instance is active across all servers.

sequenceDiagram
    autonumber
    participant Server1 as Worker Server A
    participant Server2 as Worker Server B
    participant DB as Central Database Lease Store

    note over Server1, Server2: Both boot and attempt to acquire Singleton Leadership

    Server1->>DB: UPDATE leases SET owner='ServerA', expiry=NOW()+30s WHERE lease_id='ledger_sync'
    Server2->>DB: UPDATE leases SET owner='ServerB', expiry=NOW()+30s WHERE lease_id='ledger_sync'

    alt Server A succeeds first
        DB-->>Server1: Update Successful (1 Row affected)
        Server1->>Server1: Boot and run Active Scheduler Singleton
    else Server B conflicts
        DB-->>Server2: Update Failed (0 Rows affected)
        Server2->>Server2: Transition to Idle/Standby Mode
    end

    loop Periodic Heartbeat Lease Renewal
        Server1->>DB: RENEW lease: expiry=NOW()+30s WHERE owner='ServerA'
        DB-->>Server1: Success
    end

Low-Level Design and Schema

To coordinate lease locks and state management for distributed singletons across multiple servers, we declare a schema in PostgreSQL.

-- Tracks active leases for distributed singletons across the cluster
CREATE TABLE distributed_singleton_leases (
    lease_name VARCHAR(128) PRIMARY KEY, -- E.g., 'LEDGER_RECONCILER', 'ALERT_DISPATCHER'
    active_owner_node VARCHAR(256) NOT NULL, -- Hostname/IP of the running worker instance
    acquired_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    expires_at TIMESTAMPTZ NOT NULL,
    last_heartbeat_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX idx_leases_expiry ON distributed_singleton_leases(expires_at);

-- Historical log of singleton failovers and leader migrations
CREATE TABLE singleton_migration_history (
    log_id BIGSERIAL PRIMARY KEY,
    lease_name VARCHAR(128) NOT NULL REFERENCES distributed_singleton_leases(lease_name) ON DELETE CASCADE,
    previous_owner VARCHAR(256) NOT NULL,
    new_owner VARCHAR(256) NOT NULL,
    transition_reason VARCHAR(256) NOT NULL, -- E.g., 'HEARTBEAT_TIMEOUT', 'MANUAL_FAILOVER'
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX idx_migration_lease ON singleton_migration_history(lease_name, created_at DESC);

Schema Optimization & Rationale:

  1. Advisory Locking fallback: When a server attempts to renew the lease, the application runs a select query against distributed_singleton_leases using PostgreSQL pg_try_advisory_xact_lock() based on the hash of lease_name. This provides instant database-level latching, preventing concurrent updates from distinct worker nodes.
  2. expires_at Index: Used by a background cleanup worker to locate expired leases (e.g. WHERE expires_at is less than NOW()) and clear them, triggering active standby nodes to execute failover.

Scaling Challenges and Capacity Estimation

Implementing and scaling singletons introduces memory overheads and thread contention bottlenecks.

1. Database Connection Memory Footprint

A singleton database connection pool holds physical socket descriptors and memory allocation structures in the heap.

  • Assumptions:

    • Max connections allowed in pool = $100$ connections
    • Memory allocated per network socket descriptor on OS = $64$ KB
    • Database buffer cache/statement cache per active connection in JVM = $2$ MB

  • Calculations: $$\text{Heap Memory per Connection} = 2\text{ MB} + 64\text{ KB} = 2,064\text{ KB}$$ $$\text{Total Memory for Singleton Pool} = 100 \times 2,064\text{ KB} = 206,400\text{ KB} \approx 201.5\text{ MB}$$

This memory is permanently pinned to the heap as long as the singleton instance is active. If the application instantiates multiple connection pools instead of a strict singleton, it will quickly exhaust JVM heap bounds, triggering frequent garbage collection cycles.

2. Lock Contention and CPU Cache Invalidation

Using synchronized methods or volatile variables under high thread counts causes performance bottlenecks.

  • Assumptions:

    • CPU cores = $32$ cores
    • Threads trying to read the volatile instance variable concurrently = $2,000$ threads
    • Speed of a non-cached CPU instruction fetch (due to cache invalidation) = $100$ ns
    • Speed of an L1 cache hit = $1$ ns

  • Calculations: In a naive singleton read setup without double-checked locking, every read is synchronized: $$\text{Total Wait Latency} = 2,000\text{ threads} \times 100\text{ ns} = 200,000\text{ ns} = 200\text{ microseconds}$$

Furthermore, declaring the instance variable as volatile forces the CPU to execute a memory fence instruction (MFENCE or lock addl). This invalidates the L1 cache across all 32 cores, forcing them to fetch from main memory rather than local L1 caches. To optimize, the getInstance() method must use a local variable stack copy to minimize volatile reads once the singleton is initialized.

Failure Scenarios and Resilience

Traditional singletons can be bypassed or broken by several runtime mechanisms, leading to duplicate state.

1. Reflection Attacks (Constructor Bypassing)

  • The Threat: Attackers or dynamic frameworks use reflection to set private constructors to public (setAccessible(true)), creating multiple instances of the singleton class.
  • Resilience Design:
    • Add a check inside the private constructor. If an instance already exists, throw an IllegalStateException during constructor execution, preventing duplicate instantiation.

2. Deserialization Duplicate Instances

  • The Threat: If a singleton implements Serializable, saving it to disk and loading it back creates a new instance on the heap, bypassing the singleton uniqueness constraint.
  • Resilience Design:
    • Implement the readResolve() lifecycle hook. The JVM automatically invokes this method when deserializing an object, returning the cached singleton instance instead of creating a new one.

3. Split-Brain Distributed Leadership

  • The Threat: A network partition isolates Worker A from the database lease store, while Worker B takes over the lease. Worker A continues to run its scheduler, resulting in dual-master execution (split-brain).
  • Resilience Design:
    • Implement Fencing Tokens. Every database write performed by the singleton scheduler must include the current lease update version number.
    • If Worker A attempts to write using an obsolete token, the database rejects the transaction, preventing invalid state modification.

Architectural Trade-offs

Evaluating singleton implementations involves trading thread safety for performance and structure.

Trade-off 1: Initialization Patterns

Method Thread Safety Performance Overhead Memory Efficiency Best Use Case
Eager Initialization High (JVM guaranteed). Low. Access is lock-free. Poor. Allocates memory even if never used. Lightweight classes with guaranteed usage.
Double-Checked Locking High (Requires volatile). Medium. Minor volatile read boundary check. High. Lazily instantiated when first needed. Heavy resource pools with dynamic bootstrap needs.
Bill Pugh Class Holder High (JVM guaranteed). Low. Lock-free read with lazy loading. High. JVM class loading handles lazy resolution. Recommended standard JVM singleton pattern.
Enum Singleton High (Bulletproof JVM lock). Low. Natural lock-free JVM construct. High. Handled cleanly by JVM structure. Simple singletons needing defense against serialization/reflection.

Trade-off 2: Application-Level Singleton Scope vs. Distributed Cluster lock

Metric JVM Singleton Scope Distributed Cluster Lease
Complexity Low. Handled by memory code patterns. High. Requires databases or consensus systems (Consul/ZooKeeper).
Availability High. Lock resolution is purely local to the JVM. Medium. Dependent on network availability to the lease database.
Safety Across Nodes Poor. Multiple JVM instances will create multiple singletons. High. Guarantees a single active instance globally across the cluster.

Staff Engineer Perspective

Developing high-concurrency singletons requires focusing on low-level memory bounds and assembly instructions.

// Optimized Double-Checked Locking
public class OptimizedSingleton {
    private static volatile OptimizedSingleton instance;

    private OptimizedSingleton() {
        if (instance != null) {
            throw new IllegalStateException("Instance already initialized!");
        }
    }

    public static OptimizedSingleton getInstance() {
        OptimizedSingleton result = instance; // Local variable access
        if (result == null) {
            synchronized (OptimizedSingleton.class) {
                result = instance;
                if (result == null) {
                    instance = result = new OptimizedSingleton();
                }
            }
        }
        return result; // Stack access avoids volatile read overhead
    }
}

Verbal Script

Interviewer: "What is double-checked locking, why do we need the 'volatile' keyword, and how does the Bill Pugh pattern improve on it?"

Candidate: "Double-checked locking is used to implement thread-safe, lazy initialization for singletons.

It checks if the instance is null twice: once without locking to optimize reads, and a second time inside a synchronized block to guarantee only one thread initializes the class.

The volatile keyword is critical here because of instruction reordering by the compiler and CPU cache visibility.

When a thread instantiates an object via instance = new Singleton(), the JVM compiles this into three steps: first, allocate memory; second, execute the constructor to initialize state; and third, write the memory address to the reference variable.

Without volatile, the compiler can reorder these steps, setting the reference to point to the allocated memory before the constructor executes.

If a second thread calls getInstance() at that moment, it sees a non-null reference, returns the uninitialized object, and crashes when reading its state.

Declaring the variable as volatile creates a write-read memory barrier, preventing instruction reordering.

The Bill Pugh Pattern improves on this by leveraging JVM class-loading semantics.

It registers a static inner helper class that holds the singleton instance.

The JVM does not load this inner class, nor initialize its static variables, until getInstance() is explicitly called.

This achieves lazy initialization, lock-free reads, and thread safety, completely bypassing the complexity of volatile barriers."

Interviewer: "How can a singleton be bypassed in Java, and how do you write a production-grade singleton that resists these bypasses?"

Candidate: "A standard Java singleton can be bypassed in three ways: reflection, serialization, and cloning.

First, dynamic reflection can toggle private constructors to accessible, allowing caller code to instantiate new copies.

We defend against this by throwing an exception inside the constructor if the singleton reference is already populated.

Second, deserializing a previously serialized instance creates a new instance on the heap.

We prevent this by implementing the readResolve() method to return our active instance.

Third, cloning can copy the memory state to a new address.

We block this by throwing a CloneNotSupportedException in the clone() method.

However, the absolute cleanest way to avoid all three bypasses is to use an Enum Singleton.

Java guarantees that enums cannot be instantiated via reflection, throwing an exception natively in the constructor.

Additionally, the JVM's serialization mechanism automatically handles enum fields to ensure uniqueness, and cloning is blocked by default.

This makes enums the industry standard for secure, boilerplate-free JVM singletons."

Interviewer: "How do you scale the concept of a singleton to a distributed multi-node system where multiple JVMs are running?"

Candidate: "A JVM-level singleton only guarantees uniqueness within a single process.

If we scale to multiple server nodes, each process will instantiate its own singleton, resulting in multiple active coordinators.

To enforce a global singleton across a cluster, we must transition to a Distributed Lock or Leader Election model.

I would use a coordination service like ZooKeeper or an active database lease table in PostgreSQL.

Upon startup, each node attempts to acquire a central lease lock by updating a row in the database with its node ID and an expiration timestamp (e.g. 30 seconds).

The node that successfully updates the row becomes the active master and instantiates its singleton engine.

To maintain leadership, the active master must run a background thread that periodically updates the lease's expiration timestamp.

If the master crashes, the lease expires, and standby nodes detect this timeout and try to acquire the lease.

To prevent split-brain states during network partitions, we use Fencing Tokens.

Every transaction processed by the master includes the current lease transaction counter.

The storage layer validates this token, rejecting stale master writes if a newer master has taken over the lease."

Want to track your progress?

Sign in to save your progress, track completed lessons, and pick up where you left off.

Previous System Design: Designing WhatsApp (Real-time Messaging at Scale)Next LessonCase Study: Design Tic Tac Toe