RTI Connext DDS Micro C++ API  Version 3.0.2
 All Classes Files Functions Variables Typedefs Enumerations Enumerator Groups
DDS_OwnershipQosPolicy Struct Reference

<<cert>> Specifies whether it is allowed for multiple DDSDataWriter (s) to write the same instance of the data and if so, how these modifications should be arbitrated. More...

#include <dds_c_infrastructure.h>

List of all members.

Public Attributes

DDS_OwnershipQosPolicyKind kind
 The kind of ownership.

Detailed Description

<<cert>> Specifies whether it is allowed for multiple DDSDataWriter (s) to write the same instance of the data and if so, how these modifications should be arbitrated.

Entity:
DDSTopic, DDSDataReader, DDSDataWriter
Status:
DDS_OFFERED_INCOMPATIBLE_QOS_STATUS, DDS_REQUESTED_INCOMPATIBLE_QOS_STATUS
Properties:
RxO = YES
Changeable = NO
See also:
OWNERSHIP_STRENGTH

Usage

This policy controls whether RTI Connext DDS Micro allows multiple DDSDataWriter objects to update the same instance (identified by DDSTopic + key) of a data type.

There are two kinds of owner selected by the setting of the kind: SHARED and EXCLUSIVE.

SHARED ownership

DDS_SHARED_OWNERSHIP_QOS indicates that RTI Connext DDS Micro does not enforce unique ownership for each instance. In this case, multiple writers can update the same data type instance. The subscriber to the DDSTopic will be able to access modifications from all DDSDataWriter objects, subject to the settings of other QoS that may filter particular samples (e.g. the HISTORY policy). In any case there is no "filtering" of modifications made based on the identity of the DDSDataWriter that causes the modification.

EXCLUSIVE ownership

DDS_EXCLUSIVE_OWNERSHIP_QOS indicates that each instance of a data type can only be modified by one DDSDataWriter. In other words, at any point in time a single DDSDataWriter owns each instance and is the only one whose modifications will be visible to the DDSDataReader objects. The owner is determined by selecting the DDSDataWriter with the highest value of the DDS_OwnershipStrengthQosPolicy::value that is currently alive as defined by the LIVELINESS policy and has not violated its DEADLINE contract with regards to the data-instance.

Ownership can therefore change as a result of:

  • a DDSDataWriter in the system with a higher value of the strength that modifies the instance,
  • a change in the strength value of the DDSDataWriter that owns the instance, and
  • a change in the liveliness of the DDSDataWriter that owns the instance.
  • a deadline with regards to the instance that is missed by the DDSDataWriter that owns the instance.

The behavior of the system is as if the determination was made independently by each DDSDataReader. Each DDSDataReader may detect the change of ownership at a different time. It is not a requirement that at a particular point in time all the DDSDataReader objects for that DDSTopic have a consistent picture of who owns each instance.

It is also not a requirement that the DDSDataWriter objects are aware of whether they own a particular instance. There is no error or notification given to a DDSDataWriter that modifies an instance it does not currently own.

The requirements are chosen to (a) preserve the decoupling of publishers and subscriber, and (b) allow the policy to be implemented efficiently.

It is possible that multiple DDSDataWriter objects with the same strength modify the same instance. If this occurs RTI Connext DDS Micro will pick one of the DDSDataWriter objects as the owner. It is not specified how the owner is selected. However, it is required that the policy used to select the owner is such that all DDSDataReader objects will make the same choice of the particular DDSDataWriter that is the owner. It is required that the owner remains the same until there is a change in strength, liveliness, the owner misses a deadline on the instance, or a new DDSDataWriter with higher same strength, or a new DDSDataWriter with same strength that should be deemed the owner according to the policy of the Service, modifies the instance.

Exclusive ownership is on an instance-by-instance basis. That is, a subscriber can receive values written by a lower strength DDSDataWriter as long as they affect instances whose values have not been set by the higher-strength DDSDataWriter.

Compatibility

The value of the DDS_OwnershipQosPolicyKind offered must exactly match the one requested or else they are considered incompatible.

Ownership Resolution on Redundant Systems

It is expected that users may use DDS to set up redundant systems where multiple DDSDataWriter entities are "capable" of writing the same instance. In this situation, the DDSDataWriter entities are configured such that:

  • Either both are writing the instance "constantly"
  • Or else they use some mechanism to classify each other as "primary" and "secondary", such that the primary is the only one writing, and the secondary monitors the primary and only writes when it detects that the primary "writer" is no longer writing.

Both cases above use the DDS_EXCLUSIVE_OWNERSHIP_QOS and arbitrate themselves by means of the DDS_OwnershipStrengthQosPolicy. Regardless of the scheme, the desired behavior from the DDSDataReader point of view is that DDSDataReader normally receives data from the primary unless the "primary" writer stops writing, in which case the DDSDataReader starts to receive data from the secondary DDSDataWriter.

This approach requires some mechanism to detect that a DDSDataWriter (the primary) is no longer "writing" the data as it should. There are several reasons why this may happen and all must be detected (but not necessarily distinguished):

  • [crash] The writing process is no longer running (e.g. the whole application has crashed)
  • [connectivity loss] Connectivity to the writing application has been lost (e.g. network disconnection)
  • [application fault] The application logic that was writing the data is faulty and has stopped calling FooDataWriter::write.

Arbitrating from a DDSDataWriter to one of a higher strength is simple and the decision can be taken autonomously by the DDSDataReader. Switching ownership from a higher strength DDSDataWriter to one of a lower strength DDSDataWriter requires that the DDSDataReader can make a determination that the stronger DDSDataWriter is "no longer writing the instance".

Case where the data is periodically updated

This determination is reasonably simple when the data is being written periodically at some rate. The DDSDataWriter simply states its offered DDS_DeadlineQosPolicy (maximum interval between updates) and the DDSDataReader automatically monitors that the DDSDataWriter indeed updates the instance at least once per DDS_DeadlineQosPolicy::period. If the deadline is missed, the DDSDataReader considers the DDSDataWriter "not alive" and automatically gives ownership to the next highest-strength DDSDataWriter that is alive.

Case where data is not periodically updated

The case where the DDSDataWriter is not writing data periodically is also a very important use-case. Since the instance is not being updated at any fixed period, the "deadline" mechanism cannot be used to determine ownership. The liveliness solves this situation. Ownership is maintained while the DDSDataWriter is "alive" and for the DDSDataWriter to be alive it must fulfill its DDS_LivelinessQosPolicy contract. The different means to renew liveliness (automatic, manual) combined by the implied renewal each time data is written handle the three conditions above [crash], [connectivity loss], and [application fault]. Note that to handle [application fault], LIVELINESS must be DDS_MANUAL_BY_TOPIC_LIVELINESS_QOS. The DDSDataWriter can retain ownership by periodically writing data or else calling assert_liveliness if it has no data to write. Alternatively if only protection against [crash] or [connectivity loss] is desired, it is sufficient that some task on the DDSDataWriter process periodically writes data . However, this scenario requires that the DDSDataReader knows what instances are being "written" by the DDSDataWriter. That is the only way that the DDSDataReader deduces the ownership of specific instances from the fact that the DDSDataWriter is still "alive".

Detection of Loss in Topological Connectivity

There are applications that are designed in such a way that their correct operation requires some minimal topological connectivity, that is, the writer needs to have a minimum number of readers or alternatively the reader must have a minimum number of writers.

A common scenario is that the application does not start doing its logic until it knows that some specific writers have the minimum configured readers (e.g the alarm monitor is up).

A more common scenario is that the application logic will wait until some writers appear that can provide some needed source of information (e.g. the raw sensor data that must be processed).

Furthermore, once the application is running it is a requirement that this minimal connectivity (from the source of the data) is monitored and the application informed if it is ever lost. For the case where data is being written periodically, the DDS_DeadlineQosPolicy and the on_deadline_missed listener provides the notification. The case where data is not periodically updated requires the use of the DDS_LivelinessQosPolicy to detect whether the "connectivity" has been lost, and the notification is provided by means of DDS_NOT_ALIVE_NO_WRITERS_INSTANCE_STATE.

In terms of the required mechanisms, the scenario is very similar to the case of maintaining ownership. In both cases, the reader needs to know whether a writer is still "managing the current value of an instance" even though it is not continually writing it and this knowledge requires the writer to keep its liveliness.

For a DDSTopic with DDS_EXCLUSIVE_OWNERSHIP_QOS, if the current owner of an instance disposes it, the readers accessing the instance will see the instance_state as being "DISPOSED" and not see the values being written by the weaker writer (even after the stronger one has disposed the instance). This is because the DDSDataWriter that owns the instance is saying that the instance no longer exists (e.g. the master of the database is saying that a record has been deleted) and thus the readers should see it as such.


Member Data Documentation

DDS_OwnershipQosPolicyKind DDS_OwnershipQosPolicy::kind

The kind of ownership.

[default] DDS_SHARED_OWNERSHIP_QOS


RTI Connext DDS Micro C++ API Version 3.0.2 Copyright © Thu Dec 12 2019 Real-Time Innovations, Inc