Confirmed users
699
edits
IPC Protocols: Difference between revisions
no edit summary
No edit summary |
|||
| Line 30: | Line 30: | ||
== Protocol-definition Language (PDL) == | == Protocol-definition Language (PDL) == | ||
A protocol is between a ''parent'' actor and a ''child'' actor. | A protocol is between a ''parent'' actor and a ''child'' actor. A protocol is specified with respect to the parent; that is, messages the parent is allowed to receive are exactly the messages a child is allowed to sent, and ''vice versa''. | ||
A protocol is specified with respect to the parent; that is, messages the parent is allowed to receive are exactly the messages a child is allowed to sent, and ''vice versa''. | |||
A protocol consists of declarations of ''messages'' and specifications of ''state machine transitions''. (This ties us to state-machine semantics.) The message declarations are essentially type declarations for the transport layer, and the state machine transitions capture the semantics of the protocol itself. | A protocol consists of declarations of ''messages'' and specifications of ''state machine transitions''. (This ties us to state-machine semantics.) The message declarations are essentially type declarations for the transport layer, and the state machine transitions capture the semantics of the protocol itself. | ||
| Line 103: | Line 101: | ||
'''TODO''': there are more things we can integrate into the transition grammar, but concrete use cases are necessary. | '''TODO''': there are more things we can integrate into the transition grammar, but concrete use cases are necessary. | ||
== Error Handling == | |||
Errors include | |||
* Message type errors: bad data sent | |||
* Protocol errors: e.g., wrong message, wrong state | |||
* Transport errors: e.g., nesting asynchronicity within synchronicity | |||
* Security errors: e.g., trying to send privileged info to plugins. '''TODO''': this is not officially part of the design yet | |||
Error handling is different for parents and children. Child actors are not trusted, and if the parent detects the least whiff of malfeasance, the parent will invoke <code>child.KILLITWITHFIRE()</code>. Code utilizing the child actor therefore will never see type or protocol errors; if they occur, the child is killed. | |||
If the child detects a parent error, there's not much it can do. The child will execute <code>self.SEPPUKU()</code>, but we may wish to have it first attempt to notify the parent of the error. | |||
The parent actor must, however, carefully handle and recover from errors. | |||
'''TODO''' more details | |||
== Implementation == | == Implementation == | ||