EEP proposal - Automatic supervisor shutdown triggered by termination of significant childs

Maria Scott maria-12648430@REDACTED
Fri Mar 5 14:57:49 CET 2021 

Hi José,

> > The new supervisor flag is named shutdown with possible values normal, any_significantand all_significant, with normal being the default.
> 
> I don't like "normal" being the default because now I have to remember to change two places, the supervisor specification and the child spec, when configuring a significant child. The argument for this choice was:
> 
> > With the supervisor shutdown flag set to normal, the child spec flag significant is ignored, even if present and set to true. This is intended as a safety means to defend against unwanted breaking of old code.
> 
> I don't think it is possible for old code to break because there is no old code using significant in a child spec. :)

Ok, granted.

> Therefore I would propose for the default to be either any_significant or all_significant (if we want to be conversative, the latter).

I'm not sure that either of the two is a good choice for a default value. Whichever you chose, it could happen that a child started later via `start_child` takes down the supervisor when it was declared as significant (probably by accident) and exits, which in turn would be something hard to debug by just looking at the supervisor code. A "dont't care about significant child exits" option allows the designer of a supervisor to defend against this, or rather, he has to explicitly allow it.

(this reasoning is not contained in the EEP yet, I'll add it in the next revision)

> If we really think a default of normal is necessary, then I would propose to at least warn if the supervisor is normal and a significant child is given, as that will eventually save someone from debugging why the significant flag is not working as expected. :)

That sounds reasonable, yes.

> I also think #{shutdown => normal} in a supervisor spec can be confusing, because someone may think it is customizing the exit reason of the supervisor, which is typically shutdown (and not normal).

Yes, "normal" is probably not the best choice. We were thinking of using "never" before, but it may lead people to think that a supervisor with this setting will really never shut down.

> If normal is no longer the default, you could remove the normal option altogether, but if you want to keep it, perhaps something like ignore_significant is clearer?

I think this would be too specific, ie we were keeping this non-commital on purpose. It could be that more options on how to effect an automated shutdown are added in the future (though I can't think of any off the top of my head ;)), and then we would need another ignore_ option, and probably a way to combine them.

Right now, I think we could change the name of the sup flag to something more specific like "auto_shutdown", and rename "normal" (which would not make sense any more then) to "never". What do you think?

Kind regards,
    Maria Scott

More information about the eeps mailing list