DDS_OwnershipQosPolicy Struct Reference
[OWNERSHIP]
Specifies whether it is allowed for multiple
DDSDataWriter (s) to write the same instance of the data and if so, how these modifications should be arbitrated.
More...
List of all members.
Detailed Description
Specifies whether it is allowed for multiple
DDSDataWriter (s) to write the same instance of the data and if so, how these modifications should be arbitrated.
- Entity:
- DDSTopic, DDSDataReader, DDSDataWriter
- Status:
- DDS_OFFERED_INCOMPATIBLE_QOS_STATUS, DDS_REQUESTED_INCOMPATIBLE_QOS_STATUS
- Properties:
- RxO = YES
Changeable = UNTIL ENABLE
- See also:
- OWNERSHIP_STRENGTH
Along with the
OWNERSHIP_STRENGTH, this QoS policy specifies if
DDSDataReader entities can receive updates to the same instance (identified by its key) from multiple
DDSDataWriter entities at the same time.
There are two kinds of ownership, selected by the setting of the kind:
SHARED and EXCLUSIVE.
DDS_SHARED_OWNERSHIP_QOS indicates that RTI Data Distribution Service does not enforce unique ownership for each instance. In this case, multiple writers can update the same data type instance. The subscriber to the
DDSTopic will be able to access modifications from all
DDSDataWriter objects, subject to the settings of other QoS that may filter particular samples (e.g. the
TIME_BASED_FILTER or
HISTORY policy). In any case, there is no "filtering" of modifications made based on the identity of the
DDSDataWriter that causes the modification.
DDS_EXCLUSIVE_OWNERSHIP_QOS indicates that each instance of a data type can only be modified by one
DDSDataWriter. In other words, at any point in time, a single
DDSDataWriter owns each instance and is the only one whose modifications will be visible to the
DDSDataReader objects. The owner is determined by selecting the
DDSDataWriter with the highest value of the
DDS_OwnershipStrengthQosPolicy::value that is currently alive, as defined by the
LIVELINESS policy, and has not violated its
DEADLINE contract with regards to the data instance.
Ownership can therefore change as a result of:
- a DDSDataWriter in the system with a higher value of the strength that modifies the instance,
- a change in the strength value of the DDSDataWriter that owns the instance, and
- a change in the liveliness of the DDSDataWriter that owns the instance.
- a deadline with regards to the instance that is missed by the DDSDataWriter that owns the instance.
The behavior of the system is as if the determination was made independently by each
DDSDataReader. Each
DDSDataReader may detect the change of ownership at a different time. It is not a requirement that at a particular point in time all the
DDSDataReader objects for that
DDSTopic have a consistent picture of who owns each instance.
It is also not a requirement that the DDSDataWriter objects are aware of whether they own a particular instance. There is no error or notification given to a DDSDataWriter that modifies an instance it does not currently own.
The requirements are chosen to (a) preserve the decoupling of publishers and subscriber, and (b) allow the policy to be implemented efficiently.
It is possible that multiple DDSDataWriter objects with the same strength modify the same instance. If this occurs RTI Data Distribution Service will pick one of the DDSDataWriter objects as the owner. It is not specified how the owner is selected. However, the algorithm used to select the owner guarantees that all DDSDataReader objects will make the same choice of the particular DDSDataWriter that is the owner. It also guarantees that the owner remains the same until there is a change in strength, liveliness, the owner misses a deadline on the instance, or a new DDSDataWriter with higher same strength, or a new DDSDataWriter with same strength that should be deemed the owner according to the policy of the Service, modifies the instance.
Exclusive ownership is on an instance-by-instance basis. That is, a subscriber can receive values written by a lower strength DDSDataWriter as long as they affect instances whose values have not been set by the higher-strength DDSDataWriter.
The value of the
DDS_OwnershipQosPolicyKind offered must exactly match the one requested or else they are considered incompatible.
The need for registering/unregistering instances stems from two use cases:
- Ownership resolution on redundant systems
- Detection of loss in topological connectivity
These two use cases also illustrate the semantic differences between the
FooDataWriter::unregister_instance and
FooDataWriter::dispose.
It is expected that users may use DDS to set up redundant systems where multiple
DDSDataWriter entities are "capable" of writing the same instance. In this situation, the
DDSDataWriter entities are configured such that:
- Either both are writing the instance "constantly"
- Or else they use some mechanism to classify each other as "primary" and "secondary", such that the primary is the only one writing, and the secondary monitors the primary and only writes when it detects that the primary "writer" is no longer writing.
Both cases above use the
DDS_EXCLUSIVE_OWNERSHIP_QOS and arbitrate themselves by means of the
DDS_OwnershipStrengthQosPolicy. Regardless of the scheme, the desired behavior from the
DDSDataReader point of view is that
DDSDataReader normally receives data from the primary unless the "primary" writer stops writing, in which case the
DDSDataReader starts to receive data from the secondary
DDSDataWriter.
This approach requires some mechanism to detect that a DDSDataWriter (the primary) is no longer "writing" the data as it should. There are several reasons why this may happen and all must be detected (but not necessarily distinguished):
- [crash] The writing process is no longer running (e.g. the whole application has crashed)
- [connectivity loss] Connectivity to the writing application has been lost (e.g. network disconnection)
- [application fault] The application logic that was writing the data is faulty and has stopped calling FooDataWriter::write.
Arbitrating from a
DDSDataWriter to one of a higher strength is simple and the decision can be taken autonomously by the
DDSDataReader. Switching ownership from a higher strength
DDSDataWriter to one of a lower strength
DDSDataWriter requires that the
DDSDataReader can make a determination that the stronger
DDSDataWriter is "no longer writing the instance".
This determination is reasonably simple when the data is being written periodically at some rate. The
DDSDataWriter simply states its offered
DDS_DeadlineQosPolicy (maximum interval between updates) and the
DDSDataReader automatically monitors that the
DDSDataWriter indeed updates the instance at least once per
DDS_DeadlineQosPolicy::period. If the deadline is missed, the
DDSDataReader considers the
DDSDataWriter "not alive" and automatically gives ownership to the next highest-strength
DDSDataWriter that
is alive.
The case where the
DDSDataWriter is not writing data periodically is also a very important use-case. Since the instance is not being updated at any fixed period, the "deadline" mechanism cannot be used to determine ownership. The liveliness solves this situation. Ownership is maintained while the
DDSDataWriter is "alive" and for the
DDSDataWriter to be alive it must fulfill its
DDS_LivelinessQosPolicy contract. The different means to renew liveliness (automatic, manual) combined by the implied renewal each time data is written handle the three conditions above [crash], [connectivity loss], and [application fault]. Note that to handle [application fault], LIVELINESS must be
DDS_MANUAL_BY_TOPIC_LIVELINESS_QOS. The
DDSDataWriter can retain ownership by periodically writing data or else calling assert_liveliness if it has no data to write. Alternatively if only protection against [crash] or [connectivity loss] is desired, it is sufficient that some task on the
DDSDataWriter process periodically writes data or calls
DDSDomainParticipant::assert_liveliness. However, this scenario requires that the
DDSDataReader knows what instances are being "written" by the
DDSDataWriter. That is the only way that the
DDSDataReader deduces the ownership of specific instances from the fact that the
DDSDataWriter is still "alive". Hence the need for the
DDSDataWriter to "register" and "unregister" instances. Note that while "registration" can be done lazily the first time the
DDSDataWriter writes the instance, "unregistration," in general, cannot. Similar reasoning will lead to the fact that unregistration will also require a message to be sent to the
DDSDataReader.
There are applications that are designed in such a way that their correct operation requires some minimal topological connectivity, that is, the writer needs to have a minimum number of readers or alternatively the reader must have a minimum number of writers.
A common scenario is that the application does not start doing its logic until it knows that some specific writers have the minimum configured readers (e.g the alarm monitor is up).
A more common scenario is that the application logic will wait until some writers appear that can provide some needed source of information (e.g. the raw sensor data that must be processed).
Furthermore, once the application is running it is a requirement that this minimal connectivity (from the source of the data) is monitored and the application informed if it is ever lost. For the case where data is being written periodically, the DDS_DeadlineQosPolicy and the on_deadline_missed listener provides the notification. The case where data is not periodically updated requires the use of the DDS_LivelinessQosPolicy in combination with register_instance/unregister_instance to detect whether the "connectivity" has been lost, and the notification is provided by means of DDS_NOT_ALIVE_NO_WRITERS_INSTANCE_STATE.
In terms of the required mechanisms, the scenario is very similar to the case of maintaining ownership. In both cases, the reader needs to know whether a writer is still "managing the current value of an instance" even though it is not continually writing it and this knowledge requires the writer to keep its liveliness plus some means to know which instances the writer is currently "managing" (i.e. the registered instances).
FooDataWriter::dispose is semantically different from
FooDataWriter::unregister_instance.
FooDataWriter::dispose indicates that the data instance no longer exists (e.g. a track that has disappeared, a simulation entity that has been destroyed, a record entry that has been deleted, etc.) whereas
FooDataWriter::unregister_instance indicates that the writer is no longer taking responsibility for updating the value of the instance.
Deleting a DDSDataWriter is equivalent to unregistering all the instances it was writing, but is not the same as "disposing" all the instances.
For a DDSTopic with DDS_EXCLUSIVE_OWNERSHIP_QOS, if the current owner of an instance disposes it, the readers accessing the instance will see the instance_state as being "DISPOSED" and not see the values being written by the weaker writer (even after the stronger one has disposed the instance). This is because the DDSDataWriter that owns the instance is saying that the instance no longer exists (e.g. the master of the database is saying that a record has been deleted) and thus the readers should see it as such.
For a DDSTopic with DDS_EXCLUSIVE_OWNERSHIP_QOS, if the current owner of an instance unregisters it, then it will relinquish ownership of the instance and thus the readers may see the value updated by another writer (which will then become the owner). This is because the owner said that it no longer will be providing values for the instance and thus another writer can take ownership and provide those values.
Member Data Documentation