RTI Connext C API Version 7.3.0
DDS_OwnershipQosPolicy Struct Reference

Specifies whether it is allowed for multiple DDS_DataWriter (s) to write the same instance of the data and if so, how these modifications should be arbitrated. More...

Data Fields

DDS_OwnershipQosPolicyKind kind
 The kind of ownership. More...
 

Detailed Description

Specifies whether it is allowed for multiple DDS_DataWriter (s) to write the same instance of the data and if so, how these modifications should be arbitrated.

Entity:
DDS_Topic, DDS_DataReader, DDS_DataWriter
Status:
DDS_OFFERED_INCOMPATIBLE_QOS_STATUS, DDS_REQUESTED_INCOMPATIBLE_QOS_STATUS
Properties:
RxO = YES
Changeable = UNTIL ENABLE
See also
OWNERSHIP_STRENGTH

Usage

Along with the OWNERSHIP_STRENGTH, this QoS policy specifies if DDS_DataReader entities can receive updates to the same instance (identified by its key) from multiple DDS_DataWriter entities at the same time.

There are two kinds of ownership, selected by the setting of the kind: SHARED and EXCLUSIVE.

SHARED ownership

DDS_SHARED_OWNERSHIP_QOS indicates that RTI Connext does not enforce unique ownership for each instance. In this case, multiple writers can update the same data type instance. The subscriber to the DDS_Topic will be able to access modifications from all DDS_DataWriter objects, subject to the settings of other QoS that may filter particular samples (e.g. the TIME_BASED_FILTER or HISTORY policy). In any case, there is no "filtering" of modifications made based on the identity of the DDS_DataWriter that causes the modification.

EXCLUSIVE ownership

DDS_EXCLUSIVE_OWNERSHIP_QOS indicates that each instance of a data type can only be modified by one DDS_DataWriter. In other words, at any point in time, a single DDS_DataWriter owns each instance and is the only one whose modifications will be visible to the DDS_DataReader objects. The owner is determined by selecting the DDS_DataWriter with the highest value of the DDS_OwnershipStrengthQosPolicy::value that is currently alive, as defined by the LIVELINESS policy, and has not violated its DEADLINE contract with regards to the data instance.

Ownership can therefore change as a result of:

  • a DDS_DataWriter in the system with a higher value of the strength that modifies the instance,
  • a change in the strength value of the DDS_DataWriter that owns the instance, and
  • a change in the liveliness of the DDS_DataWriter that owns the instance.
  • a deadline with regards to the instance that is missed by the DDS_DataWriter that owns the instance.

The behavior of the system is as if the determination was made independently by each DDS_DataReader. Each DDS_DataReader may detect the change of ownership at a different time. It is not a requirement that at a particular point in time all the DDS_DataReader objects for that DDS_Topic have a consistent picture of who owns each instance.

It is also not a requirement that the DDS_DataWriter objects are aware of whether they own a particular instance. There is no error or notification given to a DDS_DataWriter that modifies an instance it does not currently own.

The requirements are chosen to (a) preserve the decoupling of publishers and subscriber, and (b) allow the policy to be implemented efficiently.

It is possible that multiple DDS_DataWriter objects with the same strength modify the same instance. If this occurs RTI Connext will pick one of the DDS_DataWriter objects as the owner. It is not specified how the owner is selected. However, the algorithm used to select the owner guarantees that all DDS_DataReader objects will make the same choice of the particular DDS_DataWriter that is the owner. It also guarantees that the owner remains the same until there is a change in strength, liveliness, the owner misses a deadline on the instance, or a new DDS_DataWriter with higher same strength, or a new DDS_DataWriter with same strength that should be deemed the owner according to the policy of the Service, modifies the instance.

Exclusive ownership is on an instance-by-instance basis. That is, a subscriber can receive values written by a lower strength DDS_DataWriter as long as they affect instances whose values have not been set by the higher-strength DDS_DataWriter.

Compatibility

The value of the DDS_OwnershipQosPolicyKind offered must exactly match the one requested or else they are considered incompatible.

Relationship between registration, liveliness and ownership

The need for registering/unregistering instances stems from two use cases:

  • Ownership resolution on redundant systems
  • Detection of loss in topological connectivity

These two use cases also illustrate the semantic differences between the FooDataWriter_unregister_instance and FooDataWriter_dispose.

Ownership Resolution on Redundant Systems

It is expected that users may use DDS to set up redundant systems where multiple DDS_DataWriter entities are "capable" of writing the same instance. In this situation, the DDS_DataWriter entities are configured such that:

  • Either both are writing the instance "constantly"
  • Or else they use some mechanism to classify each other as "primary" and "secondary", such that the primary is the only one writing, and the secondary monitors the primary and only writes when it detects that the primary "writer" is no longer writing.

Both cases above use the DDS_EXCLUSIVE_OWNERSHIP_QOS and arbitrate themselves by means of the DDS_OwnershipStrengthQosPolicy. Regardless of the scheme, the desired behavior from the DDS_DataReader point of view is that DDS_DataReader normally receives data from the primary unless the "primary" writer stops writing, in which case the DDS_DataReader starts to receive data from the secondary DDS_DataWriter.

This approach requires some mechanism to detect that a DDS_DataWriter (the primary) is no longer "writing" the data as it should. There are several reasons why this may happen and all must be detected (but not necessarily distinguished):

  • [crash] The writing process is no longer running (e.g. the whole application has crashed)
  • [connectivity loss] Connectivity to the writing application has been lost (e.g. network disconnection)
  • [application fault] The application logic that was writing the data is faulty and has stopped calling FooDataWriter_write.

Arbitrating from a DDS_DataWriter to one of a higher strength is simple and the decision can be taken autonomously by the DDS_DataReader. Switching ownership from a higher strength DDS_DataWriter to one of a lower strength DDS_DataWriter requires that the DDS_DataReader can make a determination that the stronger DDS_DataWriter is "no longer writing the instance".

Case where the data is periodically updated

This determination is reasonably simple when the data is being written periodically at some rate. The DDS_DataWriter simply states its offered DDS_DeadlineQosPolicy (maximum interval between updates) and the DDS_DataReader automatically monitors that the DDS_DataWriter indeed updates the instance at least once per DDS_DeadlineQosPolicy::period. If the deadline is missed, the DDS_DataReader considers the DDS_DataWriter "not alive" and automatically gives ownership to the next highest-strength DDS_DataWriter that is alive.

Case where data is not periodically updated

The case where the DDS_DataWriter is not writing data periodically is also a very important use-case. Since the instance is not being updated at any fixed period, the "deadline" mechanism cannot be used to determine ownership. The liveliness solves this situation. Ownership is maintained while the DDS_DataWriter is "alive" and for the DDS_DataWriter to be alive it must fulfill its DDS_LivelinessQosPolicy contract. The different means to renew liveliness (automatic, manual) combined by the implied renewal each time data is written handle the three conditions above [crash], [connectivity loss], and [application fault]. Note that to handle [application fault], LIVELINESS must be DDS_MANUAL_BY_TOPIC_LIVELINESS_QOS. The DDS_DataWriter can retain ownership by periodically writing data or else calling assert_liveliness if it has no data to write. Alternatively if only protection against [crash] or [connectivity loss] is desired, it is sufficient that some task on the DDS_DataWriter process periodically writes data or calls DDS_DomainParticipant_assert_liveliness. However, this scenario requires that the DDS_DataReader knows what instances are being "written" by the DDS_DataWriter. That is the only way that the DDS_DataReader deduces the ownership of specific instances from the fact that the DDS_DataWriter is still "alive". Hence the need for the DDS_DataWriter to "register" and "unregister" instances. Note that while "registration" can be done lazily the first time the DDS_DataWriter writes the instance, "unregistration," in general, cannot. Similar reasoning will lead to the fact that unregistration will also require a message to be sent to the DDS_DataReader.

Detection of Loss in Topological Connectivity

There are applications that are designed in such a way that their correct operation requires some minimal topological connectivity, that is, the writer needs to have a minimum number of readers or alternatively the reader must have a minimum number of writers.

A common scenario is that the application does not start doing its logic until it knows that some specific writers have the minimum configured readers (e.g the alarm monitor is up).

A more common scenario is that the application logic will wait until some writers appear that can provide some needed source of information (e.g. the raw sensor data that must be processed).

Furthermore, once the application is running it is a requirement that this minimal connectivity (from the source of the data) is monitored and the application informed if it is ever lost. For the case where data is being written periodically, the DDS_DeadlineQosPolicy and the on_deadline_missed listener provides the notification. The case where data is not periodically updated requires the use of the DDS_LivelinessQosPolicy in combination with register_instance/unregister_instance to detect whether the "connectivity" has been lost, and the notification is provided by means of DDS_NOT_ALIVE_NO_WRITERS_INSTANCE_STATE.

In terms of the required mechanisms, the scenario is very similar to the case of maintaining ownership. In both cases, the reader needs to know whether a writer is still "managing the current value of an instance" even though it is not continually writing it and this knowledge requires the writer to keep its liveliness plus some means to know which instances the writer is currently "managing" (i.e. the registered instances).

Semantic Difference between unregister_instance and dispose

FooDataWriter_dispose is semantically different from FooDataWriter_unregister_instance. FooDataWriter_dispose indicates that the data instance no longer exists (e.g. a track that has disappeared, a simulation entity that has been destroyed, a record entry that has been deleted, etc.) whereas FooDataWriter_unregister_instance indicates that the writer is no longer taking responsibility for updating the value of the instance.

Deleting a DDS_DataWriter is equivalent to unregistering all the instances it was writing, but is not the same as "disposing" all the instances.

For a DDS_Topic with DDS_EXCLUSIVE_OWNERSHIP_QOS, if the current owner of an instance disposes it, the readers accessing the instance will see the instance_state as being "DISPOSED" and not see the values being written by the weaker writer (even after the stronger one has disposed the instance). This is because the DDS_DataWriter that owns the instance is saying that the instance no longer exists (e.g. the master of the database is saying that a record has been deleted) and thus the readers should see it as such.

For a DDS_Topic with DDS_EXCLUSIVE_OWNERSHIP_QOS, if the current owner of an instance unregisters it, then it will relinquish ownership of the instance and thus the readers may see the value updated by another writer (which will then become the owner). This is because the owner said that it no longer will be providing values for the instance and thus another writer can take ownership and provide those values.

Field Documentation

◆ kind

DDS_OwnershipQosPolicyKind DDS_OwnershipQosPolicy::kind

The kind of ownership.

[default] DDS_SHARED_OWNERSHIP_QOS