diff options
author | Siri Hansen <[email protected]> | 2018-09-10 10:31:10 +0200 |
---|---|---|
committer | Siri Hansen <[email protected]> | 2018-09-10 10:31:10 +0200 |
commit | 4f11bb85a427d60ca55ffa63128f17b9dba98bd6 (patch) | |
tree | 67a23dcbc0eaf2a63c855bbb6c5595712ce4fd55 | |
parent | 5fe1429bead05775cda23239cb47d57f056e3647 (diff) | |
parent | 3b50bb697121de96d03deffcd65ed5859de86558 (diff) | |
download | otp-4f11bb85a427d60ca55ffa63128f17b9dba98bd6.tar.gz otp-4f11bb85a427d60ca55ffa63128f17b9dba98bd6.tar.bz2 otp-4f11bb85a427d60ca55ffa63128f17b9dba98bd6.zip |
Merge branch 'siri/supervisor/warn-shutdown-race/ERL-724' into maint
* siri/supervisor/warn-shutdown-race/ERL-724:
[supervisor] Add warning about race condition
-rw-r--r-- | lib/stdlib/doc/src/supervisor.xml | 12 | ||||
-rw-r--r-- | system/doc/design_principles/sup_princ.xml | 9 |
2 files changed, 17 insertions, 4 deletions
diff --git a/lib/stdlib/doc/src/supervisor.xml b/lib/stdlib/doc/src/supervisor.xml index 6d5065ca02..0e8075a578 100644 --- a/lib/stdlib/doc/src/supervisor.xml +++ b/lib/stdlib/doc/src/supervisor.xml @@ -208,8 +208,16 @@ child_spec() = #{id => child_id(), % mandatory the child process is unconditionally terminated using <c>exit(Child,kill)</c>.</p> <p>If the child process is another supervisor, the shutdown time - is to be set to <c>infinity</c> to give the subtree ample - time to shut down. It is also allowed to set it to <c>infinity</c>, + must be set to <c>infinity</c> to give the subtree ample + time to shut down.</p> + <warning> + <p>Setting the shutdown time to anything other + than <c>infinity</c> for a child of type <c>supervisor</c> + can cause a race condition where the child in question + unlinks its own children, but fails to terminate them + before it is killed.</p> + </warning> + <p>It is also allowed to set it to <c>infinity</c>, if the child process is a worker.</p> <warning> <p>Be careful when setting the shutdown time to diff --git a/system/doc/design_principles/sup_princ.xml b/system/doc/design_principles/sup_princ.xml index 06ca44a9f6..a2e0d95408 100644 --- a/system/doc/design_principles/sup_princ.xml +++ b/system/doc/design_principles/sup_princ.xml @@ -312,12 +312,17 @@ child_spec() = #{id => child_id(), % mandatory signal back. If no exit signal is received within the specified time, the child process is unconditionally terminated using <c>exit(Child, kill)</c>.</item> - <item>If the child process is another supervisor, it is to be + <item>If the child process is another supervisor, it must be set to <c>infinity</c> to give the subtree enough time to shut down. It is also allowed to set it to <c>infinity</c>, - if the child process is a worker. See the warning below:</item> + if the child process is a worker. See the warning below:</item> </list> <warning> + <p>Setting the shutdown time to anything other + than <c>infinity</c> for a child of type <c>supervisor</c> + can cause a race condition where the child in question + unlinks its own children, but fails to terminate them + before it is killed.</p> <p>Be careful when setting the shutdown time to <c>infinity</c> when the child process is a worker. Because, in this situation, the termination of the supervision tree depends on the |