aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/stdlib/doc/src/supervisor.xml255
-rw-r--r--system/doc/design_principles/appup_cookbook.xml6
-rw-r--r--system/doc/design_principles/sup_princ.xml233
3 files changed, 324 insertions, 170 deletions
diff --git a/lib/stdlib/doc/src/supervisor.xml b/lib/stdlib/doc/src/supervisor.xml
index 3a5027d595..ffac1c0bd7 100644
--- a/lib/stdlib/doc/src/supervisor.xml
+++ b/lib/stdlib/doc/src/supervisor.xml
@@ -37,12 +37,12 @@
the <c>gen_event</c>, <c>gen_fsm</c>, or <c>gen_server</c>
behaviours. A supervisor implemented using this module will have
a standard set of interface functions and include functionality
- for tracing and error reporting. Supervisors are used to build an
+ for tracing and error reporting. Supervisors are used to build a
hierarchical process structure called a supervision tree, a
nice way to structure a fault tolerant application. Refer to
<em>OTP Design Principles</em> for more information.</p>
- <p>A supervisor assumes the definition of which child processes to
- supervise to be located in a callback module exporting a
+ <p>A supervisor expects the definition of which child processes to
+ supervise to be specified in a callback module exporting a
pre-defined set of functions.</p>
<p>Unless otherwise stated, all functions in this module will fail
if the specified supervisor does not exist or if bad arguments
@@ -53,18 +53,30 @@
<title>Supervision Principles</title>
<p>The supervisor is responsible for starting, stopping and
monitoring its child processes. The basic idea of a supervisor is
- that it should keep its child processes alive by restarting them
+ that it shall keep its child processes alive by restarting them
when necessary.</p>
- <p>The children of a supervisor is defined as a list of
+ <p>The children of a supervisor are defined as a list of
<em>child specifications</em>. When the supervisor is started, the child
processes are started in order from left to right according to
this list. When the supervisor terminates, it first terminates
its child processes in reversed start order, from right to left.</p>
- <p>A supervisor can have one of the following <em>restart strategies</em>:</p>
+ <marker id="sup_flags"/>
+ <p>The properties of a supervisor are defined by the supervisor
+ flags. This is the type definition for the supervisor flags:
+ </p>
+ <pre>sup_flags() = #{strategy => strategy(), % optional
+ intensity => non_neg_integer(), % optional
+ period => pos_integer()} % optional
+ </pre>
+ <p>A supervisor can have one of the following <em>restart
+ strategies</em>, specified with the <c>strategy</c> key in the
+ above map:
+ </p>
<list type="bulleted">
<item>
<p><c>one_for_one</c> - if one child process terminates and
- should be restarted, only that child process is affected.</p>
+ should be restarted, only that child process is
+ affected. This is the default restart strategy.</p>
</item>
<item>
<p><c>one_for_all</c> - if one child process terminates and
@@ -94,43 +106,53 @@
instead the child specification identifier is used,
<c>terminate_child/2</c> will return
<c>{error,simple_one_for_one}</c>.</p>
- <p>Because a <c>simple_one_for_one</c> supervisor could have many
- children, it shuts them all down at same time. So, order in which they
- are stopped is not defined. For the same reason, it could have an
- overhead with regards to the <c>Shutdown</c> strategy.</p>
+ <p>Because a <c>simple_one_for_one</c> supervisor could have
+ many children, it shuts them all down asynchronously. This
+ means that the children will do their cleanup in parallel,
+ and therefore the order in which they are stopped is not
+ defined.</p>
</item>
</list>
<p>To prevent a supervisor from getting into an infinite loop of
- child process terminations and restarts, a <em>maximum restart frequency</em>
- is defined using two integer values <c>MaxR</c>
- and <c>MaxT</c>. If more than <c>MaxR</c> restarts occur within
- <c>MaxT</c> seconds, the supervisor terminates all child
- processes and then itself.
+ child process terminations and restarts, a <em>maximum restart
+ intensity</em> is defined using two integer values specified
+ with the <c>intensity</c> and <c>period</c> keys in the above
+ map. Assuming the values <c>MaxR</c> for <c>intensity</c>
+ and <c>MaxT</c> for <c>period</c>, then if more than <c>MaxR</c>
+ restarts occur within <c>MaxT</c> seconds, the supervisor will
+ terminate all child processes and then itself. The default value
+ for <c>intensity</c> is <c>1</c>, and the default value
+ for <c>period</c> is <c>5</c>.
</p>
<marker id="child_spec"/>
<p>This is the type definition of a child specification:</p>
- <pre>
-child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
- Id = term()
- StartFunc = {M,F,A}
- M = F = atom()
- A = [term()]
- Restart = permanent | transient | temporary
- Shutdown = brutal_kill | int()>0 | infinity
- Type = worker | supervisor
- Modules = [Module] | dynamic
- Module = atom()</pre>
+ <pre>child_spec() = #{id => child_id(), % mandatory
+ start => mfargs(), % mandatory
+ restart => restart(), % optional
+ shutdown => shutdown(), % optional
+ type => worker(), % optional
+ modules => modules()} % optional</pre>
+ <p>The old tuple format is kept for backwards compatibility,
+ see <seealso marker="#type-child_spec">child_spec()</seealso>,
+ but the map is preferred.
+ </p>
<list type="bulleted">
<item>
- <p><c>Id</c> is a name that is used to identify the child
+ <p><c>id</c> is used to identify the child
specification internally by the supervisor.</p>
+ <p>The <c>id</c> key is mandatory.</p>
+ <p>Note that this identifier on occations has been called
+ "name". As far as possible, the terms "identifier" or "id"
+ are now used but in order to keep backwards compatibility,
+ some occurences of "name" can still be found, for example
+ in error messages.</p>
</item>
<item>
- <p><c>StartFunc</c> defines the function call used to start
- the child process. It should be a module-function-arguments
+ <p><c>start</c> defines the function call used to start the
+ child process. It must be a module-function-arguments
tuple <c>{M,F,A}</c> used as <c>apply(M,F,A)</c>.</p>
<p>The start function <em>must create and link to</em> the child
- process, and should return <c>{ok,Child}</c> or
+ process, and must return <c>{ok,Child}</c> or
<c>{ok,Child,Info}</c> where <c>Child</c> is the pid of
the child process and <c>Info</c> an arbitrary term which is
ignored by the supervisor.</p>
@@ -143,20 +165,23 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
error tuple <c>{error,Error}</c>.</p>
<p>Note that the <c>start_link</c> functions of the different
behaviour modules fulfill the above requirements.</p>
+ <p>The <c>start</c> key is mandatory.</p>
</item>
<item>
- <p><c>Restart</c> defines when a terminated child process
- should be restarted. A <c>permanent</c> child process should
- always be restarted, a <c>temporary</c> child process should
+ <p><c>restart</c> defines when a terminated child process
+ shall be restarted. A <c>permanent</c> child process will
+ always be restarted, a <c>temporary</c> child process will
never be restarted (even when the supervisor's restart strategy
is <c>rest_for_one</c> or <c>one_for_all</c> and a sibling's
death causes the temporary process to be terminated) and a
- <c>transient</c> child process should be restarted only if
+ <c>transient</c> child process will be restarted only if
it terminates abnormally, i.e. with another exit reason
than <c>normal</c>, <c>shutdown</c> or <c>{shutdown,Term}</c>.</p>
+ <p>The <c>restart</c> key is optional. If it is not given, the
+ default value <c>permanent</c> will be used.</p>
</item>
<item>
- <p><c>Shutdown</c> defines how a child process should be
+ <p><c>shutdown</c> defines how a child process shall be
terminated. <c>brutal_kill</c> means the child process will
be unconditionally terminated using <c>exit(Child,kill)</c>.
An integer timeout value means that the supervisor will tell
@@ -166,35 +191,45 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
no exit signal is received within the specified number of milliseconds,
the child process is unconditionally terminated using
<c>exit(Child,kill)</c>.</p>
- <p>If the child process is another supervisor, <c>Shutdown</c>
+ <p>If the child process is another supervisor, the shutdown time
should be set to <c>infinity</c> to give the subtree ample
- time to shutdown. It is also allowed to set it to <c>infinity</c>,
+ time to shut down. It is also allowed to set it to <c>infinity</c>,
if the child process is a worker.</p>
<warning>
- <p>Be careful by setting the <c>Shutdown</c> strategy to
+ <p>Be careful when setting the shutdown time to
<c>infinity</c> when the child process is a worker. Because, in this
situation, the termination of the supervision tree depends on the
child process, it must be implemented in a safe way and its cleanup
procedure must always return.</p>
</warning>
<p>Note that all child processes implemented using the standard
- OTP behavior modules automatically adhere to the shutdown
+ OTP behaviour modules automatically adhere to the shutdown
protocol.</p>
+ <p>The <c>shutdown</c> key is optional. If it is not given,
+ the default value <c>5000</c> will be used if the child is
+ of type <c>worker</c>; and <c>infinity</c> will be used if
+ the child is of type <c>supervisor</c>.</p>
</item>
<item>
- <p><c>Type</c> specifies if the child process is a supervisor or
+ <p><c>type</c> specifies if the child process is a supervisor or
a worker.</p>
+ <p>The <c>type</c> key is optional. If it is not given, the
+ default value <c>worker</c> will be used.</p>
</item>
<item>
- <p><c>Modules</c> is used by the release handler during code
+ <p><c>modules</c> is used by the release handler during code
replacement to determine which processes are using a certain
- module. As a rule of thumb <c>Modules</c> should be a list
- with one element <c>[Module]</c>, where <c>Module</c> is
- the callback module, if the child process is a supervisor,
- gen_server or gen_fsm. If the child process is an event
- manager (gen_event) with a dynamic set of callback modules,
- <c>Modules</c> should be <c>dynamic</c>. See <em>OTP Design Principles</em>
- for more information about release handling.</p>
+ module. As a rule of thumb, if the child process is a
+ <c>supervisor</c>, <c>gen_server</c>, or <c>gen_fsm</c>,
+ this should be a list with one element <c>[Module]</c>,
+ where <c>Module</c> is the callback module. If the child
+ process is an event manager (<c>gen_event</c>) with a
+ dynamic set of callback modules, the value <c>dynamic</c>
+ shall be used. See <em>OTP Design Principles</em> for more
+ information about release handling.</p>
+ <p>The <c>modules</c> key is optional. If it is not given, it
+ defaults to <c>[M]</c>, where <c>M</c> comes from the
+ child's start <c>{M,F,A}</c></p>
</item>
<item>
<p>Internally, the supervisor also keeps track of the pid
@@ -213,11 +248,20 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
</datatype>
<datatype>
<name name="child_spec"/>
+ <desc><p>The tuple format is kept for backwards compatibility
+ only. A map is preferred; see more details
+ <seealso marker="#child_spec">above</seealso>.</p></desc>
</datatype>
<datatype>
<name name="mfargs"/>
- <desc><p><c>A</c> (the argument list) has the value
- <c>undefined</c> if <c>Restart</c> is <c>temporary</c>.</p>
+ <desc>
+ <p>The value <c>undefined</c> for <c><anno>A</anno></c> (the
+ argument list) is only to be used internally
+ in <c>supervisor</c>. If the restart type of the child
+ is <c>temporary</c>, then the process is never to be
+ restarted and therefore there is no need to store the real
+ argument list. The value <c>undefined</c> will then be
+ stored instead.</p>
</desc>
</datatype>
<datatype>
@@ -233,6 +277,12 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<name name="strategy"/>
</datatype>
<datatype>
+ <name name="sup_flags"/>
+ <desc><p>The tuple format is kept for backwards compatibility
+ only. A map is preferred; see more details
+ <seealso marker="#sup_flags">above</seealso>.</p></desc>
+ </datatype>
+ <datatype>
<name name="sup_ref"/>
</datatype>
<datatype>
@@ -253,20 +303,20 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
the supervisor is linked to the calling process (its
supervisor).</p>
<p>The created supervisor process calls <c><anno>Module</anno>:init/1</c> to
- find out about restart strategy, maximum restart frequency
+ find out about restart strategy, maximum restart intensity
and child processes. To ensure a synchronized start-up
procedure, <c>start_link/2,3</c> does not return until
<c><anno>Module</anno>:init/1</c> has returned and all child processes
have been started.</p>
- <p>If <c><anno>SupName</anno>={local,Name}</c> the supervisor is registered
+ <p>If <c><anno>SupName</anno>={local,Name}</c>, the supervisor is registered
locally as <c>Name</c> using <c>register/2</c>. If
<c><anno>SupName</anno>={global,Name}</c> the supervisor is registered
globally as <c>Name</c> using <c>global:register_name/2</c>. If
<c><anno>SupName</anno>={via,<anno>Module</anno>,<anno>Name</anno>}</c> the supervisor
is registered as <c>Name</c> using the registry represented by
- <c>Module</c>. The <c>Module</c> callback should export the functions
+ <c>Module</c>. The <c>Module</c> callback must export the functions
<c>register_name/2</c>, <c>unregister_name/1</c> and <c>send/2</c>,
- which should behave like the corresponding functions in <c>global</c>.
+ which shall behave like the corresponding functions in <c>global</c>.
Thus, <c>{via,global,<anno>Name</anno>}</c> is a valid reference.</p>
<p>If no name is provided, the supervisor is not registered.</p>
<p><c><anno>Module</anno></c> is the name of the callback module.</p>
@@ -274,14 +324,14 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
the argument to <c><anno>Module</anno>:init/1</c>.</p>
<p>If the supervisor and its child processes are successfully
created (i.e. if all child process start functions return
- <c>{ok,Child}</c>, <c>{ok,Child,Info}</c>, or <c>ignore</c>)
+ <c>{ok,Child}</c>, <c>{ok,Child,Info}</c>, or <c>ignore</c>),
the function returns <c>{ok,Pid}</c>, where <c>Pid</c> is
the pid of the supervisor. If there already exists a process
- with the specified <c><anno>SupName</anno></c> the function returns
+ with the specified <c><anno>SupName</anno></c>, the function returns
<c>{error,{already_started,Pid}}</c>, where <c>Pid</c> is
the pid of that process.</p>
<p>If <c><anno>Module</anno>:init/1</c> returns <c>ignore</c>, this function
- returns <c>ignore</c> as well and the supervisor terminates
+ returns <c>ignore</c> as well, and the supervisor terminates
with reason <c>normal</c>.
If <c><anno>Module</anno>:init/1</c> fails or returns an incorrect value,
this function returns <c>{error,Term}</c> where <c>Term</c>
@@ -297,7 +347,6 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<func>
<name name="start_child" arity="2"/>
<fsummary>Dynamically add a child process to a supervisor.</fsummary>
- <type name="child_spec"/>
<type name="startchild_ret"/>
<type name="startchild_err"/>
<desc>
@@ -314,35 +363,35 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<item><c>{via,Module,Name}</c>, if the supervisor is registered
through an alternative process registry.</item>
</list>
- <p><c><anno>ChildSpec</anno></c> should be a valid child specification
+ <p><c><anno>ChildSpec</anno></c> must be a valid child specification
(unless the supervisor is a <c>simple_one_for_one</c>
- supervisor, see below). The child process will be started by
+ supervisor; see below). The child process will be started by
using the start function as defined in the child
specification.</p>
- <p>If the case of a <c>simple_one_for_one</c> supervisor,
+ <p>In the case of a <c>simple_one_for_one</c> supervisor,
the child specification defined in <c>Module:init/1</c> will
- be used and <c><anno>ChildSpec</anno></c> should instead be an arbitrary
+ be used, and <c><anno>ChildSpec</anno></c> shall instead be an arbitrary
list of terms <c><anno>List</anno></c>. The child process will then be
started by appending <c><anno>List</anno></c> to the existing start
function arguments, i.e. by calling
<c>apply(M, F, A++<anno>List</anno>)</c> where <c>{M,F,A}</c> is the start
function defined in the child specification.</p>
<p>If there already exists a child specification with
- the specified <c><anno>Id</anno></c>, <c><anno>ChildSpec</anno></c> is discarded and
+ the specified identifier, <c><anno>ChildSpec</anno></c> is discarded, and
the function returns <c>{error,already_present}</c> or
<c>{error,{already_started,<anno>Child</anno>}}</c>, depending on if
the corresponding child process is running or not.</p>
<p>If the child process start function returns <c>{ok,<anno>Child</anno>}</c>
- or <c>{ok,<anno>Child</anno>,<anno>Info</anno>}</c>, the child specification and pid is
+ or <c>{ok,<anno>Child</anno>,<anno>Info</anno>}</c>, the child specification and pid are
added to the supervisor and the function returns the same
value.</p>
<p>If the child process start function returns <c>ignore</c>,
the child specification is added to the supervisor, the pid
- is set to <c>undefined</c> and the function returns
+ is set to <c>undefined</c>, and the function returns
<c>{ok,undefined}</c>.</p>
<p>If the child process start function returns an error tuple or
an erroneous value, or if it fails, the child specification is
- discarded and the function returns <c>{error,Error}</c> where
+ discarded, and the function returns <c>{error,Error}</c> where
<c>Error</c> is a term containing information about the error
and child specification.</p>
</desc>
@@ -366,7 +415,7 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<p>If the child is temporary, the child specification is deleted as
soon as the process terminates. This means
- that <c>delete_child/2</c> has no meaning
+ that <c>delete_child/2</c> has no meaning,
and <c>restart_child/2</c> can not be used for these
children.</p>
@@ -375,13 +424,13 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
process is alive, but is not a child of the given
supervisor, the function will return
<c>{error,not_found}</c>. If the child specification
- identifier is given instead instead of a <c>pid()</c>, the
+ identifier is given instead of a <c>pid()</c>, the
function will return <c>{error,simple_one_for_one}</c>.</p>
<p>If successful, the function returns <c>ok</c>. If there is
no child specification with the specified <c><anno>Id</anno></c>, the
function returns <c>{error,not_found}</c>.</p>
- <p>See <c>start_child/2</c> for a description of
- <c><anno>SupRef</anno></c>.</p>
+ <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso>
+ for a description of <c><anno>SupRef</anno></c>.</p>
</desc>
</func>
<func>
@@ -390,15 +439,15 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<desc>
<p>Tells the supervisor <c><anno>SupRef</anno></c> to delete the child
specification identified by <c><anno>Id</anno></c>. The corresponding child
- process must not be running, use <c>terminate_child/2</c> to
+ process must not be running. Use <c>terminate_child/2</c> to
terminate it.</p>
- <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso> for a description of
- <c>SupRef</c>.</p>
+ <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso>
+ for a description of <c><anno>SupRef</anno></c>.</p>
<p>If successful, the function returns <c>ok</c>. If the child
specification identified by <c><anno>Id</anno></c> exists but
the corresponding child process is running or about to be restarted,
the function returns <c>{error,running}</c> or
- <c>{error,restarting}</c> respectively. If the child specification
+ <c>{error,restarting}</c>, respectively. If the child specification
identified by <c><anno>Id</anno></c> does not exist, the function
returns <c>{error,not_found}</c>.</p>
</desc>
@@ -410,10 +459,10 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<p>Tells the supervisor <c><anno>SupRef</anno></c> to restart
a child process corresponding to the child specification
identified by <c><anno>Id</anno></c>. The child
- specification must exist and the corresponding child process
+ specification must exist, and the corresponding child process
must not be running.</p>
<p>Note that for temporary children, the child specification
- is automatically deleted when the child terminates, and thus
+ is automatically deleted when the child terminates; thus
it is not possible to restart such children.</p>
<p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso>
for a description of <c>SupRef</c>.</p>
@@ -429,7 +478,7 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
is added to the supervisor and the function returns the same
value.</p>
<p>If the child process start function returns <c>ignore</c>,
- the pid remains set to <c>undefined</c> and the function
+ the pid remains set to <c>undefined</c>, and the function
returns <c>{ok,undefined}</c>.</p>
<p>If the child process start function returns an error tuple
or an erroneous value, or if it fails, the function returns
@@ -462,7 +511,7 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<item>
<p><c><anno>Child</anno></c> - the pid of the corresponding child
process, the atom <c>restarting</c> if the process is about to be
- restarted or <c>undefined</c> if there is no such process.</p>
+ restarted, or <c>undefined</c> if there is no such process.</p>
</item>
<item>
<p><c><anno>Type</anno></c> - as defined in the child specification.</p>
@@ -475,8 +524,8 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
</func>
<func>
<name name="count_children" arity="1"/>
- <fsummary>Return counts for the number of childspecs, active children,
- supervisors and workers.</fsummary>
+ <fsummary>Return counts for the number of child specifications,
+ active children, supervisors, and workers.</fsummary>
<desc>
<p>Returns a property list (see <c>proplists</c>) containing the
counts for each of the following elements of the supervisor's
@@ -500,6 +549,8 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
process is still alive.</p>
</item>
</list>
+ <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso>
+ for a description of <c><anno>SupRef</anno></c>.</p>
</desc>
</func>
<func>
@@ -511,11 +562,23 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
correct, or <c>{error,<anno>Error</anno>}</c> otherwise.</p>
</desc>
</func>
+ <func>
+ <name name="get_childspec" arity="2"/>
+ <fsummary>Return the child specification map for the given
+ child.</fsummary>
+ <desc>
+ <p>Returns the child specification map for the child identified
+ by <c>Id</c> under supervisor <c>SupRef</c>. The returned
+ map contains all keys, both mandatory and optional.</p>
+ <p>See <seealso marker="#SupRef"><c>start_child/2</c></seealso>
+ for a description of <c><anno>SupRef</anno></c>.</p>
+ </desc>
+ </func>
</funcs>
<section>
<title>CALLBACK FUNCTIONS</title>
- <p>The following functions should be exported from a
+ <p>The following functions must be exported from a
<c>supervisor</c> callback module.</p>
</section>
<funcs>
@@ -524,33 +587,37 @@ child_spec() = {Id,StartFunc,Restart,Shutdown,Type,Modules}
<fsummary>Return a supervisor specification.</fsummary>
<type>
<v>Args = term()</v>
- <v>Result = {ok,{{RestartStrategy,MaxR,MaxT},[ChildSpec]}} | ignore</v>
- <v>&nbsp;RestartStrategy = <seealso marker="#type-strategy">strategy()</seealso></v>
- <v>&nbsp;MaxR = integer()>=0</v>
- <v>&nbsp;MaxT = integer()>0</v>
+ <v>Result = {ok,{SupFlags,[ChildSpec]}} | ignore</v>
+ <v>&nbsp;SupFlags = <seealso marker="#type-sup_flags">sup_flags()</seealso></v>
<v>&nbsp;ChildSpec = <seealso marker="#type-child_spec">child_spec()</seealso></v>
</type>
<desc>
<p>Whenever a supervisor is started using
<c>supervisor:start_link/2,3</c>, this function is called by
the new process to find out about restart strategy, maximum
- restart frequency and child specifications.</p>
+ restart intensity, and child specifications.</p>
<p><c>Args</c> is the <c>Args</c> argument provided to the start
function.</p>
- <p><c>RestartStrategy</c> is the restart strategy and
- <c>MaxR</c> and <c>MaxT</c> defines the maximum restart
- frequency of the supervisor. <c>[ChildSpec]</c> is a list of
- valid child specifications defining which child processes
- the supervisor should start and monitor. See the discussion
- about Supervision Principles above.</p>
+ <p><c>SupFlags</c> is the supervisor flags defining the
+ restart strategy and max restart intensity for the
+ supervisor. <c>[ChildSpec]</c> is a list of valid child
+ specifications defining which child processes the supervisor
+ shall start and monitor. See the discussion about
+ Supervision Principles above.</p>
<p>Note that when the restart strategy is
<c>simple_one_for_one</c>, the list of child specifications
must be a list with one child specification only.
- (The <c>Id</c> is ignored). No child process is then started
+ (The child specification identifier is ignored.) No child process is then started
during the initialization phase, but all children are assumed
to be started dynamically using
<c>supervisor:start_child/2</c>.</p>
<p>The function may also return <c>ignore</c>.</p>
+ <p>Note that this function might also be called as a part of a
+ code upgrade procedure. For this reason, the function should
+ not have any side effects. See
+ <seealso marker="doc/design_principles:appup_cookbook#sup">Design
+ Principles</seealso> for more information about code upgrade
+ of supervisors.</p>
</desc>
</func>
</funcs>
diff --git a/system/doc/design_principles/appup_cookbook.xml b/system/doc/design_principles/appup_cookbook.xml
index 70c34a5a06..45f144e8b7 100644
--- a/system/doc/design_principles/appup_cookbook.xml
+++ b/system/doc/design_principles/appup_cookbook.xml
@@ -4,7 +4,7 @@
<chapter>
<header>
<copyright>
- <year>2003</year><year>2013</year>
+ <year>2003</year><year>2014</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
@@ -239,7 +239,7 @@ system_code_change(Chs, _Module, _OldVsn, _Extra) ->
<marker id="sup"></marker>
<title>Changing a Supervisor</title>
<p>The supervisor behaviour supports changing the internal state,
- i.e. changing restart strategy and maximum restart frequency
+ i.e. changing restart strategy and maximum restart intensity
properties, as well as changing existing child specifications.</p>
<p>Adding and deleting child processes are also possible, but not
handled automatically. Instructions must be given by in
@@ -267,7 +267,7 @@ system_code_change(Chs, _Module, _OldVsn, _Extra) ->
...
init(_Args) ->
- {ok, {{one_for_all, 1, 60}, ...}}.</code>
+ {ok, {#{strategy => one_for_all, ...}, ...}}.</code>
<p>The file <c>ch_app.appup</c>:</p>
<code type="none">
{"2",
diff --git a/system/doc/design_principles/sup_princ.xml b/system/doc/design_principles/sup_princ.xml
index 11ef3813d6..3d7b53e339 100644
--- a/system/doc/design_principles/sup_princ.xml
+++ b/system/doc/design_principles/sup_princ.xml
@@ -4,7 +4,7 @@
<chapter>
<header>
<copyright>
- <year>1997</year><year>2013</year>
+ <year>1997</year><year>2014</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
@@ -29,14 +29,14 @@
<file>sup_princ.xml</file>
</header>
<p>This section should be read in conjunction with
- <c>supervisor(3)</c>, where all details about the supervisor
- behaviour is given.</p>
+ <seealso marker="stdlib:supervisor">supervisor(3)</seealso>, where
+ all details about the supervisor behaviour are described.</p>
<section>
<title>Supervision Principles</title>
- <p>A supervisor is responsible for starting, stopping and
+ <p>A supervisor is responsible for starting, stopping, and
monitoring its child processes. The basic idea of a supervisor is
- that it should keep its child processes alive by restarting them
+ that it shall keep its child processes alive by restarting them
when necessary.</p>
<p>Which child processes to start and monitor is specified by a
list of <seealso marker="#spec">child specifications</seealso>.
@@ -61,18 +61,59 @@ start_link() ->
supervisor:start_link(ch_sup, []).
init(_Args) ->
- {ok, {{one_for_one, 1, 60},
- [{ch3, {ch3, start_link, []},
- permanent, brutal_kill, worker, [ch3]}]}}.</code>
- <p><c>one_for_one</c> is the <seealso marker="#strategy">restart strategy</seealso>.</p>
- <p>1 and 60 defines the <seealso marker="#frequency">maximum restart frequency</seealso>.</p>
- <p>The tuple <c>{ch3, ...}</c> is a <seealso marker="#spec">child specification</seealso>.</p>
+ SupFlags = #{strategy => one_for_one, intensity => 1, period => 5},
+ ChildSpecs = [#{id => ch3,
+ start => {ch3, start_link, []},
+ restart => permanent,
+ shutdown => brutal_kill,
+ type => worker,
+ modules => [cg3]}],
+ {ok, {SupFlags, ChildSpecs}}.</code>
+ <p>The <c>SupFlags</c> variable in the return value
+ from <c>init/1</c> represents
+ the <seealso marker="#flags">supervisor flags</seealso>.</p>
+ <p>The <c>ChildSpecs</c> variable in the return value
+ from <c>init/1</c> is a list of <seealso marker="#spec">child
+ specifications</seealso>.</p>
+ </section>
+
+ <section>
+ <title>Supervisor Flags</title>
+ <p>This is the type definition for the supervisor flags:</p>
+ <code type="none"><![CDATA[
+sup_flags() = #{strategy => strategy(), % optional
+ intensity => non_neg_integer(), % optional
+ period => pos_integer()} % optional
+ strategy() = one_for_all
+ | one_for_one
+ | rest_for_one
+ | simple_one_for_one]]></code>
+ <list type="bulleted">
+ <item>
+ <p><c>strategy</c> specifies
+ the <seealso marker="#strategy">restart
+ strategy</seealso>.</p>
+ </item>
+ <item>
+ <p><c>intensity</c> and <c>period</c> specify
+ the <seealso marker="#max_intensity">maximum restart
+ intensity</seealso>.</p>
+ </item>
+ </list>
</section>
<section>
<marker id="strategy"></marker>
<title>Restart Strategy</title>
+ <p> The restart strategy is specified by
+ the <c>strategy</c> key in the supervisor flags map returned by
+ the callback function <c>init</c>:</p>
+ <code type="none">
+SupFlags = #{strategy => Strategy, ...}</code>
+ <p>The <c>strategy</c> key is optional in this map. If it is not
+ given, it defaults to <c>one_for_one</c>.</p>
+
<section>
<title>one_for_one</title>
<p>If a child process terminates, only that process is restarted.</p>
@@ -85,7 +126,7 @@ init(_Args) ->
<section>
<title>one_for_all</title>
<p>If a child process terminates, all other child processes are
- terminated and then all child processes, including
+ terminated, and then all child processes, including
the terminated one, are restarted.</p>
<marker id="sup5"></marker>
<image file="../design_principles/sup5.gif">
@@ -100,29 +141,36 @@ init(_Args) ->
process in start order -- are terminated. Then the terminated
child process and the rest of the child processes are restarted.</p>
</section>
+
+ <section>
+ <title>simple_one_for_one</title>
+ <p>See <seealso marker="#simple">simple-one-for-one
+ supervisors</seealso>.</p>
+ </section>
</section>
<section>
- <marker id="frequency"></marker>
- <title>Maximum Restart Frequency</title>
+ <marker id="max_intensity"></marker>
+ <title>Maximum Restart Intensity</title>
<p>The supervisors have a built-in mechanism to limit the number of
restarts which can occur in a given time interval. This is
- determined by the values of the two parameters <c>MaxR</c> and
- <c>MaxT</c> in the start specification returned by the callback
- function <c>init</c>:</p>
+ specified by the two keys <c>intensity</c> and
+ <c>period</c> in the supervisor flags map returned by the
+ callback function <c>init</c>:</p>
<code type="none">
-init(...) ->
- {ok, {{RestartStrategy, MaxR, MaxT},
- [ChildSpec, ...]}}.</code>
+SupFlags = #{intensity => MaxR, period => MaxT, ...}</code>
<p>If more than <c>MaxR</c> number of restarts occur in the last
- <c>MaxT</c> seconds, then the supervisor terminates all the child
+ <c>MaxT</c> seconds, the supervisor terminates all the child
processes and then itself.</p>
- <p>When the supervisor terminates, then the next higher level
+ <p>When the supervisor terminates, the next higher level
supervisor takes some action. It either restarts the terminated
- supervisor, or terminates itself.</p>
+ supervisor or terminates itself.</p>
<p>The intention of the restart mechanism is to prevent a situation
where a process repeatedly dies for the same reason, only to be
restarted again.</p>
+ <p>The keys <c>intensity</c> and <c>period</c> are optional in the
+ supervisor flags map. If they are not given, they default
+ to <c>1</c> and <c>5</c>, respectively.</p>
</section>
<section>
@@ -130,33 +178,42 @@ init(...) ->
<title>Child Specification</title>
<p>This is the type definition for a child specification:</p>
<code type="none"><![CDATA[
-{Id, StartFunc, Restart, Shutdown, Type, Modules}
- Id = term()
- StartFunc = {M, F, A}
- M = F = atom()
- A = [term()]
- Restart = permanent | transient | temporary
- Shutdown = brutal_kill | integer()>0 | infinity
- Type = worker | supervisor
- Modules = [Module] | dynamic
- Module = atom()]]></code>
+child_spec() = #{id => child_id(), % mandatory
+ start => mfargs(), % mandatory
+ restart => restart(), % optional
+ shutdown => shutdown(), % optional
+ type => worker(), % optional
+ modules => modules()} % optional</pre>
+ child_id() = term()
+ mfargs() = {M :: module(), F :: atom(), A :: [term()]}
+ modules() = [module()] | dynamic
+ restart() = permanent | transient | temporary
+ shutdown() = brutal_kill | timeout()
+ worker() = worker | supervisor]]></code>
<list type="bulleted">
<item>
- <p><c>Id</c> is a name that is used to identify the child
+ <p><c>id</c> is used to identify the child
specification internally by the supervisor.</p>
+ <p>The <c>id</c> key is mandatory.</p>
+ <p>Note that this identifier on occations has been called
+ "name". As far as possible, the terms "identifier" or "id"
+ are now used but in order to keep backwards compatibility,
+ some occurences of "name" can still be found, for example
+ in error messages.</p>
</item>
<item>
- <p><c>StartFunc</c> defines the function call used to start
+ <p><c>start</c> defines the function call used to start
the child process. It is a module-function-arguments tuple
used as <c>apply(M, F, A)</c>.</p>
<p>It should be (or result in) a call to
<c>supervisor:start_link</c>, <c>gen_server:start_link</c>,
- <c>gen_fsm:start_link</c> or <c>gen_event:start_link</c>.
+ <c>gen_fsm:start_link</c>, or <c>gen_event:start_link</c>.
(Or a function compliant with these functions, see
<c>supervisor(3)</c> for details.</p>
+ <p>The <c>start</c> key is mandatory.</p>
</item>
<item>
- <p><c>Restart</c> defines when a terminated child process should
+ <p><c>restart</c> defines when a terminated child process shall
be restarted.</p>
<list type="bulleted">
<item>A <c>permanent</c> child process is always restarted.</item>
@@ -166,12 +223,14 @@ init(...) ->
death causes the temporary process to be terminated).</item>
<item>A <c>transient</c> child process is restarted only if it
terminates abnormally, i.e. with another exit reason than
- <c>normal</c>, <c>shutdown</c> or <c>{shutdown,Term}</c>.</item>
+ <c>normal</c>, <c>shutdown</c>, or <c>{shutdown,Term}</c>.</item>
</list>
+ <p>The <c>restart</c> key is optional. If it is not given, the
+ default value <c>permanent</c> will be used.</p>
</item>
<item>
<marker id="shutdown"></marker>
- <p><c>Shutdown</c> defines how a child process should be
+ <p><c>shutdown</c> defines how a child process shall be
terminated.</p>
<list type="bulleted">
<item><c>brutal_kill</c> means the child process is
@@ -184,58 +243,78 @@ init(...) ->
terminated using <c>exit(Child, kill)</c>.</item>
<item>If the child process is another supervisor, it should be
set to <c>infinity</c> to give the subtree enough time to
- shutdown. It is also allowed to set it to <c>infinity</c>, if the
- child process is a worker.</item>
+ shut down. It is also allowed to set it to <c>infinity</c>,
+ if the child process is a worker.</item>
</list>
<warning>
- <p>Be careful by setting the <c>Shutdown</c> strategy to
+ <p>Be careful when setting the shutdown time to
<c>infinity</c> when the child process is a worker. Because, in this
situation, the termination of the supervision tree depends on the
child process, it must be implemented in a safe way and its cleanup
procedure must always return.</p>
</warning>
+ <p>The <c>shutdown</c> key is optional. If it is not given,
+ and the child is of type <c>worker</c>, the default value
+ <c>5000</c> will be used; if the child is of type
+ <c>supervisor</c>, the default value <c>infinity</c> will be
+ used.</p>
</item>
<item>
- <p><c>Type</c> specifies if the child process is a supervisor or
+ <p><c>type</c> specifies if the child process is a supervisor or
a worker.</p>
+ <p>The <c>type</c> key is optional. If it is not given, the
+ default value <c>worker</c> will be used.</p>
</item>
<item>
- <p><c>Modules</c> should be a list with one element
+ <p><c>modules</c> should be a list with one element
<c>[Module]</c>, where <c>Module</c> is the name of
the callback module, if the child process is a supervisor,
gen_server or gen_fsm. If the child process is a gen_event,
- <c>Modules</c> should be <c>dynamic</c>.</p>
+ the value shall be <c>dynamic</c>.</p>
<p>This information is used by the release handler during
upgrades and downgrades, see
<seealso marker="release_handling">Release Handling</seealso>.</p>
+ <p>The <c>modules</c> key is optional. If it is not given, it
+ defaults to <c>[M]</c>, where <c>M</c> comes from the
+ child's start <c>{M,F,A}</c>.</p>
</item>
</list>
<p>Example: The child specification to start the server <c>ch3</c>
in the example above looks like:</p>
<code type="none">
-{ch3,
- {ch3, start_link, []},
- permanent, brutal_kill, worker, [ch3]}</code>
+#{id => ch3,
+ start => {ch3, start_link, []},
+ restart => permanent,
+ shutdown => brutal_kill,
+ type => worker,
+ modules => [ch3]}</code>
+ <p>or simplified, relying on the default values:</p>
+ <code type="none">
+#{id => ch3,
+ start => {ch3, start_link, []}
+ shutdown => brutal_kill}</code>
<p>Example: A child specification to start the event manager from
the chapter about
<seealso marker="events#mgr">gen_event</seealso>:</p>
<code type="none">
-{error_man,
- {gen_event, start_link, [{local, error_man}]},
- permanent, 5000, worker, dynamic}</code>
- <p>Both the server and event manager are registered processes which
+#{id => error_man,
+ start => {gen_event, start_link, [{local, error_man}]},
+ modules => dynamic}</code>
+ <p>Both server and event manager are registered processes which
can be expected to be accessible at all times, thus they are
specified to be <c>permanent</c>.</p>
<p><c>ch3</c> does not need to do any cleaning up before
termination, thus no shutdown time is needed but
<c>brutal_kill</c> should be sufficient. <c>error_man</c> may
need some time for the event handlers to clean up, thus
- <c>Shutdown</c> is set to 5000 ms.</p>
+ the shutdown time is set to 5000 ms (which is the default
+ value).</p>
<p>Example: A child specification to start another supervisor:</p>
<code type="none">
-{sup,
- {sup, start_link, []},
- transient, infinity, supervisor, [sup]}</code>
+#{id => sup,
+ start => {sup, start_link, []},
+ restart => transient,
+ type => supervisor} % will cause default shutdown=>infinity</code>
</section>
<section>
@@ -262,16 +341,18 @@ start_link() ->
<c>supervisor:start_link({local, Name}, Module, Args)</c> or
<c>supervisor:start_link({global, Name}, Module, Args)</c>.</p>
<p>The new supervisor process calls the callback function
- <c>ch_sup:init([])</c>. <c>init</c> is expected to return
- <c>{ok, StartSpec}</c>:</p>
+ <c>ch_sup:init([])</c>. <c>init</c> shall return
+ <c>{ok, {SupFlags, ChildSpecs}}</c>:</p>
<code type="none">
init(_Args) ->
- {ok, {{one_for_one, 1, 60},
- [{ch3, {ch3, start_link, []},
- permanent, brutal_kill, worker, [ch3]}]}}.</code>
+ SupFlags = #{},
+ ChildSpecs = [#{id => ch3,
+ start => {ch3, start_link, []},
+ shutdown => brutal_kill}],
+ {ok, {SupFlags, ChildSpecs}}.</code>
<p>The supervisor then starts all its child processes according to
- the child specifications in the start specification. In this case
- there is one child process, <c>ch3</c>.</p>
+ the given child specifications. In this case there, is one child
+ process, <c>ch3</c>.</p>
<p>Note that <c>supervisor:start_link</c> is synchronous. It does
not return until all child processes have been started.</p>
</section>
@@ -303,17 +384,19 @@ supervisor:terminate_child(Sup, Id)</code>
<code type="none">
supervisor:delete_child(Sup, Id)</code>
<p><c>Sup</c> is the pid, or name, of the supervisor.
- <c>Id</c> is the id specified in the <seealso marker="#spec">child specification</seealso>.</p>
+ <c>Id</c> is the value associated with the <c>id</c> key in
+ the <seealso marker="#spec">child specification</seealso>.</p>
<p>As with dynamically added child processes, the effects of
deleting a static child process is lost if the supervisor itself
restarts.</p>
</section>
+ <marker id="simple"/>
<section>
<title>Simple-One-For-One Supervisors</title>
<p>A supervisor with restart strategy <c>simple_one_for_one</c> is
a simplified one_for_one supervisor, where all child processes are
- dynamically added instances of the same process.</p>
+ dynamically added instances of the same child specification.</p>
<p>Example of a callback module for a simple_one_for_one supervisor:</p>
<code type="none">
-module(simple_sup).
@@ -326,9 +409,13 @@ start_link() ->
supervisor:start_link(simple_sup, []).
init(_Args) ->
- {ok, {{simple_one_for_one, 0, 1},
- [{call, {call, start_link, []},
- temporary, brutal_kill, worker, [call]}]}}.</code>
+ SupFlags = #{strategy => simple_one_for_one,
+ intensity => 0,
+ period => 1},
+ ChildSpecs = [#{id => call,
+ start => {call, start_link, []},
+ shutdown => brutal_kill}],
+ {ok, {SupFlags, ChildSpecs}}.</code>
<p>When started, the supervisor will not start any child processes.
Instead, all child processes are added dynamically by calling:</p>
<code type="none">
@@ -336,7 +423,7 @@ supervisor:start_child(Sup, List)</code>
<p><c>Sup</c> is the pid, or name, of the supervisor.
<c>List</c> is an arbitrary list of terms which will be added to
the list of arguments specified in the child specification. If
- the start function is specified as <c>{M, F, A}</c>, then
+ the start function is specified as <c>{M, F, A}</c>,
the child process is started by calling
<c>apply(M, F, A++List)</c>.</p>
<p>For example, adding a child to <c>simple_sup</c> above:</p>
@@ -352,10 +439,10 @@ call:start_link(id1)</code>
supervisor:terminate_child(Sup, Pid)</code>
<p>where <c>Sup</c> is the pid, or name, of the supervisor and
<c>Pid</c> is the pid of the child.</p>
- <p>Because a <c>simple_one_for_one</c> supervisor could have many children,
- it shuts them all down at same time. So, order in which they are stopped is
- not defined. For the same reason, it could have an overhead with regards to
- the <c>Shutdown</c> strategy.</p>
+ <p>Because a <c>simple_one_for_one</c> supervisor could have many
+ children, it shuts them all down asynchronously. This means that
+ the children will do their cleanup in parallel and therefore the
+ order in which they are stopped is not defined.</p>
</section>
<section>