supervisor behaviour (stdlib v6.2.2)
View SourceGeneric supervisor behavior.
This behavior module provides a supervisor, a process that supervises other
processes called child processes. A child process can either be another
supervisor or a worker process. Worker processes are normally implemented using
one of the gen_event, gen_server, or gen_statem behaviors. A
supervisor implemented using this module has a standard set of interface
functions and includes functionality for tracing and error reporting.
Supervisors are used to build a hierarchical process structure called a
supervision tree, a nice way to structure a fault-tolerant application. For more
information, see Supervisor Behaviour in OTP Design
Principles.
A supervisor expects the definition of which child processes to supervise to be specified in a callback module exporting a predefined set of functions.
Unless otherwise stated, all functions in this module fail if the specified supervisor does not exist or if bad arguments are specified.
Supervision Principles
The supervisor is responsible for starting, stopping, and monitoring its child processes. The basic idea of a supervisor is that it must keep its child processes alive by restarting them when necessary.
The children of a supervisor are defined as a list of child specifications. When the supervisor is started, the child processes are started in order from left to right according to this list. When the supervisor is going to terminate, it first terminates its child processes in reversed start order, from right to left.
Supervisor flags
The supervisor properties are defined by the supervisor flags. The type definition for the supervisor flags is as follows:
sup_flags() = #{strategy => strategy(),           % optional
                intensity => non_neg_integer(),   % optional
                period => pos_integer(),          % optional
                auto_shutdown => auto_shutdown()} % optionalRestart Strategies
A supervisor can have one of the following restart strategies specified with
the strategy key in the above map:
- one_for_one- If one child process terminates and is to be restarted, only that child process is affected. This is the default restart strategy.
- one_for_all- If one child process terminates and is to be restarted, all other child processes are terminated and then all child processes are restarted.
- rest_for_one- If one child process terminates and is to be restarted, the 'rest' of the child processes (that is, the child processes after the terminated child process in the start order) are terminated. Then the terminated child process and all child processes after it are restarted.
- simple_one_for_one- A simplified- one_for_onesupervisor, where all child processes are dynamically added instances of the same process type, that is, running the same code.- Functions - delete_child/2and- restart_child/2are invalid for- simple_one_for_onesupervisors and return- {error,simple_one_for_one}if the specified supervisor uses this restart strategy.- Function - terminate_child/2can be used for children under- simple_one_for_onesupervisors by specifying the child's- pid/0as the second argument. If instead the child specification identifier is used,- terminate_child/2return- {error,simple_one_for_one}.- As a - simple_one_for_onesupervisor can have many children, it shuts them all down asynchronously. This means that the children do their cleanup in parallel, and therefore the order in which they are stopped is not defined.
Restart intensity and period
To prevent a supervisor from getting into an infinite loop of child process
terminations and restarts, a maximum restart intensity is defined using two
integer values specified with keys intensity and period in the above map.
Assuming the values MaxR for intensity and MaxT for period, then, if
more than MaxR restarts occur within MaxT seconds, the supervisor terminates
all child processes and then itself. The termination reason for the supervisor
itself in that case will be shutdown. intensity defaults to 1 and period
defaults to 5.
Automatic Shutdown
A supervisor can be configured to automatically shut itself down with exit
reason shutdown when significant children
terminate with the auto_shutdown key in the above map:
- never- Automic shutdown is disabled. This is the default setting.- With - auto_shutdownset to- never, child specs with the- significantflag set to- trueare considered invalid and will be rejected.
- any_significant- The supervisor will shut itself down when any significant child terminates, that is, when a- transientsignificant child terminates normally or when a- temporarysignificant child terminates normally or abnormally.
- all_significant- The supervisor will shut itself down when all significant children have terminated, that is, when the last active significant child terminates. The same rules as for- any_significantapply.
For more information, see the section Automatic Shutdown in Supervisor Behavior in OTP Design Principles.
Warning
The automatic shutdown feature appeared in OTP 24.0, but applications using this feature will also compile and run with older OTP versions.
However, such applications, when compiled with an OTP version that predates the appearance of the automatic shutdown feature, will leak processes because the automatic shutdowns they rely on will not happen.
It is up to implementors to take proper precautions if they expect that their applications may be compiled with older OTP versions.
Child specification
The type definition of a child specification is as follows:
child_spec() = #{id => child_id(),             % mandatory
                 start => mfargs(),            % mandatory
                 restart => restart(),         % optional
                 significant => significant(), % optional
                 shutdown => shutdown(),       % optional
                 type => worker(),             % optional
                 modules => modules()}         % optionalThe old tuple format is kept for backwards compatibility, see child_spec/0,
but the map is preferred.
- idis used to identify the child specification internally by the supervisor.- The - idkey is mandatory.- Notice that this identifier on occations has been called "name". As far as possible, the terms "identifier" or "id" are now used but to keep backward compatibility, some occurences of "name" can still be found, for example in error messages. 
- startdefines the function call used to start the child process. It must be a module-function-arguments tuple- {M,F,A}used as- apply(M,F,A).- The start function must create and link to the child process, and must return - {ok,Child}or- {ok,Child,Info}, where- Childis the pid of the child process and- Infoany term that is ignored by the supervisor.- The start function can also return - ignoreif the child process for some reason cannot be started, in which case the child specification is kept by the supervisor (unless it is a temporary child) but the non-existing child process is ignored.- If something goes wrong, the function can also return an error tuple - {error,Error}.- Notice that the - start_linkfunctions of the different behavior modules fulfill the above requirements.- The - startkey is mandatory.
- restartdefines when a terminated child process must be restarted. A- permanentchild process is always restarted. A- temporarychild process is never restarted (even when the supervisor's restart strategy is- rest_for_oneor- one_for_alland a sibling's death causes the temporary process to be terminated). A- transientchild process is restarted only if it terminates abnormally, that is, with another exit reason than- normal,- shutdown, or- {shutdown,Term}.- The - restartkey is optional. If it is not specified, it defaults to- permanent.
- significantdefines if a child is considered significant for automatic self-shutdown of the supervisor.- Setting this option to - truewhen the restart type is- permanentis invalid. Also, it is considered invalid to start children with this option set to- truein a supervisor when the- auto_shutdownsupervisor flag is set to- never.- The - significantkey is optional. If it is not specified, it defaults to- false.
- shutdowndefines how a child process must be terminated.- brutal_killmeans that the child process is unconditionally terminated using- exit(Child,kill). An integer time-out value means that the supervisor tells the child process to terminate by calling- exit(Child,shutdown)and then wait for an exit signal with reason- shutdownback from the child process. If no exit signal is received within the specified number of milliseconds, the child process is unconditionally terminated using- exit(Child,kill).- If the child process is another supervisor, the shutdown time must be set to - infinityto give the subtree ample time to shut down.- Warning- Setting the shutdown time to anything other than - infinityfor a child of type- supervisorcan cause a race condition where the child in question unlinks its own children, but fails to terminate them before it is killed.- It is also allowed to set it to - infinity, if the child process is a worker.- Warning- Be careful when setting the shutdown time to - infinitywhen the child process is a worker. Because, in this situation, the termination of the supervision tree depends on the child process, it must be implemented in a safe way and its cleanup procedure must always return.- Notice that all child processes implemented using the standard OTP behavior modules automatically adhere to the shutdown protocol. - The - shutdownkey is optional. If it is not specified, it defaults to- 5000if the child is of type- workerand it defaults to- infinityif the child is of type- supervisor.
- typespecifies if the child process is a supervisor or a worker.- The - typekey is optional. If it is not specified, it defaults to- worker.
- modulesis used by the release handler during code replacement to determine which processes are using a certain module. As a rule of thumb, if the child process is a- supervisor,- gen_serveror,- gen_statem, this is to be a list with one element- [Module], where- Moduleis the callback module. If the child process is an event manager (- gen_event) with a dynamic set of callback modules, value- dynamicmust be used. For more information about release handling, see Release Handling in OTP Design Principles.- The - moduleskey is optional. If it is not specified, it defaults to- [M], where- Mcomes from the child's start- {M,F,A}.
- Internally, the supervisor also keeps track of the pid - Childof the child process, or- undefinedif no pid exists.
See Also
Summary
Types
Not a pid/0.
The tuple format is kept for backward compatibility only. A map is preferred; see more details above.
Value undefined for A (the argument list) is only to be used internally in
supervisor. If the restart type of the child is temporary, the process is
never to be restarted and therefore there is no need to store the real argument
list. Value undefined is then stored instead.
The tuple format is kept for backward compatibility only. A map is preferred; see more details above.
Name specification to use when starting a supervisor. See function
start_link/2,3 and the type sup_ref/0 below.
Supervisor specification to use when addressing a supervisor. See
count_children/1, delete_child/2,
get_childspec/2, restart_child/2,
start_child/2, terminate_child/2,
which_children/1 and the type sup_name/0 above.
Callbacks
Whenever a supervisor is started using start_link/2,3, this
function is called by the new process to find out about restart strategy,
maximum restart intensity, and child specifications.
Functions
Takes a list of child specification as argument and returns ok if all of them
are syntactically correct, otherwise {error,Error}.
Returns a property list containing the counts for each of the following elements of the supervisor's child specifications and managed processes
Tells supervisor SupRef to delete the child specification identified by Id.
The corresponding child process must not be running. Use terminate_child/2 to
terminate it.
Returns the child specification map for the child identified by Id under
supervisor SupRef. The returned map contains all keys, both mandatory and
optional.
Tells supervisor SupRef to restart a child process corresponding to the child
specification identified by Id. The child specification must exist, and the
corresponding child process must not be running.
Dynamically adds a child specification to supervisor SupRef, which starts the
corresponding child process.
Creates a nameless supervisor process as part of a supervision tree.
Creates a supervisor process as part of a supervision tree.
Tells supervisor SupRef to terminate the specified child.
Returns a newly created list with information about all child specifications and
child processes belonging to supervisor SupRef.
Types
-type auto_shutdown() :: never | any_significant | all_significant.
      -type child() :: undefined | pid().
-type child_id() :: term().
Not a pid/0.
-type child_spec() :: #{id := child_id(), start := mfargs(), restart => restart(), significant => significant(), shutdown => shutdown(), type => worker(), modules => modules()} | {Id :: child_id(), StartFunc :: mfargs(), Restart :: restart(), Shutdown :: shutdown(), Type :: worker(), Modules :: modules()}.
The tuple format is kept for backward compatibility only. A map is preferred; see more details above.
Value undefined for A (the argument list) is only to be used internally in
supervisor. If the restart type of the child is temporary, the process is
never to be restarted and therefore there is no need to store the real argument
list. Value undefined is then stored instead.
-type modules() :: [module()] | dynamic.
-type restart() :: permanent | transient | temporary.
      -type shutdown() :: brutal_kill | timeout().
-type significant() :: boolean().
-type startchild_ret() :: {ok, Child :: child()} | {ok, Child :: child(), Info :: term()} | {error, startchild_err()}.
-type startlink_ret() :: {ok, pid()} | ignore | {error, startlink_err()}.
-type strategy() :: one_for_all | one_for_one | rest_for_one | simple_one_for_one.
      -type sup_flags() :: #{strategy => strategy(), intensity => non_neg_integer(), period => pos_integer(), auto_shutdown => auto_shutdown()} | {RestartStrategy :: strategy(), Intensity :: non_neg_integer(), Period :: pos_integer()}.
The tuple format is kept for backward compatibility only. A map is preferred; see more details above.
-type sup_name() :: {local, Name :: atom()} | {global, Name :: term()} | {via, Module :: module(), Name :: any()}.
Name specification to use when starting a supervisor. See function
start_link/2,3 and the type sup_ref/0 below.
- {local,LocalName}- Register the- supervisorlocally as- LocalNameusing- register/2.
- {global,GlobalName}- Register the- supervisorprocess id globally as- GlobalNameusing- global:register_name/2.
- {via,RegMod,ViaName}- Register the- supervisorprocess with the registry represented by- RegMod. The- RegModcallback is to export the functions- register_name/2,- unregister_name/1,- whereis_name/1, and- send/2, which are to behave like the corresponding functions in- global. Thus,- {via,global,GlobalName}is a valid reference equivalent to- {global,GlobalName}.
-type sup_ref() :: (Name :: atom()) | {Name :: atom(), Node :: node()} | {global, Name :: term()} | {via, Module :: module(), Name :: any()} | pid().
Supervisor specification to use when addressing a supervisor. See
count_children/1, delete_child/2,
get_childspec/2, restart_child/2,
start_child/2, terminate_child/2,
which_children/1 and the type sup_name/0 above.
It can be:
- pid/0- The- supervisor's process identifier.
- LocalName- The- supervisoris locally registered as- LocalNamewith- register/2.
- {Name,Node}- The- supervisoris locally registered on another node.
- {global,GlobalName}- The- supervisoris globally registered in- global.
- {via,RegMod,ViaName}- The- supervisoris registered in an alternative process registry. The registry callback module- RegModis to export functions- register_name/2,- unregister_name/1,- whereis_name/1, and- send/2, which are to behave like the corresponding functions in- global. Thus,- {via,global,GlobalName}is the same as- {global,GlobalName}.
-type worker() :: worker | supervisor.
      Callbacks
-callback init(Args :: term()) -> {ok, {SupFlags :: sup_flags(), [ChildSpec :: child_spec()]}} | ignore.
Whenever a supervisor is started using start_link/2,3, this
function is called by the new process to find out about restart strategy,
maximum restart intensity, and child specifications.
Args is the Args argument provided to the start function.
SupFlags is the supervisor flags defining the restart strategy and maximum
restart intensity for the supervisor. [ChildSpec] is a list of valid child
specifications defining which child processes the supervisor must start and
monitor. See the discussion in section
Supervision Principles earlier.
Notice that when the restart strategy is simple_one_for_one, the list of child
specifications must be a list with one child specification only. (The child
specification identifier is ignored.) No child process is then started during
the initialization phase, but all children are assumed to be started dynamically
using start_child/2.
The function can also return ignore.
Notice that this function can also be called as a part of a code upgrade procedure. Therefore, the function is not to have any side effects. For more information about code upgrade of supervisors, see section Changing a Supervisor in OTP Design Principles.
Functions
-spec check_childspecs(ChildSpecs) -> Result when ChildSpecs :: [child_spec()], Result :: ok | {error, Error :: term()}.
Equivalent to check_childspecs(ChildSpecs, undefined).
-spec check_childspecs(ChildSpecs, AutoShutdown) -> Result when ChildSpecs :: [child_spec()], AutoShutdown :: undefined | auto_shutdown(), Result :: ok | {error, Error :: term()}.
Takes a list of child specification as argument and returns ok if all of them
are syntactically correct, otherwise {error,Error}.
If the AutoShutdown argument is not undefined, also
checks if the child specifications are allowed for the given
auto_shutdown option.
-spec count_children(SupRef) -> PropListOfCounts when SupRef :: sup_ref(), PropListOfCounts :: [Count], Count :: {specs, ChildSpecCount :: non_neg_integer()} | {active, ActiveProcessCount :: non_neg_integer()} | {supervisors, ChildSupervisorCount :: non_neg_integer()} | {workers, ChildWorkerCount :: non_neg_integer()}.
Returns a property list containing the counts for each of the following elements of the supervisor's child specifications and managed processes:
- specs- The total count of children, dead or alive.
- active- The count of all actively running child processes managed by this supervisor. For a- simple_one_for_onesupervisors, no check is done to ensure that each child process is still alive, although the result provided here is likely to be very accurate unless the supervisor is heavily overloaded.
- supervisors- The count of all children marked as- child_type = supervisorin the specification list, regardless if the child process is still alive.
- workers- The count of all children marked as- child_type = workerin the specification list, regardless if the child process is still alive.
-spec delete_child(SupRef, Id) -> Result when SupRef :: sup_ref(), Id :: child_id(), Result :: ok | {error, Error}, Error :: running | restarting | not_found | simple_one_for_one.
Tells supervisor SupRef to delete the child specification identified by Id.
The corresponding child process must not be running. Use terminate_child/2 to
terminate it.
If successful, the function returns ok. If the child specification identified
by Id exists but the corresponding child process is running or is about to be
restarted, the function returns {error,running} or {error,restarting},
respectively. If the child specification identified by Id does not exist, the
function returns {error,not_found}.
-spec get_childspec(SupRef, Id) -> Result when SupRef :: sup_ref(), Id :: pid() | child_id(), Result :: {ok, child_spec()} | {error, Error}, Error :: not_found.
Returns the child specification map for the child identified by Id under
supervisor SupRef. The returned map contains all keys, both mandatory and
optional.
-spec restart_child(SupRef, Id) -> Result when SupRef :: sup_ref(), Id :: child_id(), Result :: {ok, Child :: child()} | {ok, Child :: child(), Info :: term()} | {error, Error}, Error :: running | restarting | not_found | simple_one_for_one | term().
Tells supervisor SupRef to restart a child process corresponding to the child
specification identified by Id. The child specification must exist, and the
corresponding child process must not be running.
Notice that for temporary children, the child specification is automatically deleted when the child terminates; thus, it is not possible to restart such children.
If the child specification identified by Id does not exist, the function
returns {error,not_found}. If the child specification exists but the
corresponding process is already running, the function returns
{error,running}.
If the child process start function returns {ok,Child} or {ok,Child,Info},
the pid is added to the supervisor and the function returns the same value.
If the child process start function returns ignore, the pid remains set to
undefined and the function returns {ok,undefined}.
If the child process start function returns an error tuple or an erroneous
value, or if it fails, the function returns {error,Error}, where Error is a
term containing information about the error.
-spec start_child(SupRef, ChildSpec) -> startchild_ret() when SupRef :: sup_ref(), ChildSpec :: child_spec(); (SupRef, ExtraArgs) -> startchild_ret() when SupRef :: sup_ref(), ExtraArgs :: [term()].
Dynamically adds a child specification to supervisor SupRef, which starts the
corresponding child process.
For one_for_one, one_for_all and rest_for_one supervisors, the second
argument must be a valid child specification ChildSpec. The child process
is started by using the start function as defined in the child specification.
For simple_one_for_one supervisors, the child specification defined in
Module:init/1 is used, and the second argument must instead
be an arbitrary list of terms ExtraArgs. The child process is then started
by appending ExtraArgs to the existing start function arguments, that is, by
calling apply(M, F, A++ExtraArgs), where {M,F,A} is the start
function defined in the child specification.
- If there already exists a child specification with the specified identifier,
ChildSpecis discarded, and the function returns{error,already_present}or{error,{already_started,Child}}, depending on if the corresponding child process is running or not.
- If the child process start function returns {ok,Child}or{ok,Child,Info}, the child specification and pid are added to the supervisor and the function returns the same value.
- If the child process start function returns ignore, the child specificationChildSpecis added to the supervisor if it is anone_for_one,one_for_allorrest_for_onesupervisor, and the pid is set toundefined. Forsimple_one_for_onesupervisors, no child is added to the supervisor. The function returns{ok,undefined}.
If the child process start function returns an error tuple or an erroneous
value, or if it fails, the child specification is discarded, and the function
returns {error,Error}, where Error is a term containing information about
the error and child specification.
-spec start_link(Module, Args) -> startlink_ret() when Module :: module(), Args :: term().
Creates a nameless supervisor process as part of a supervision tree.
Equivalent to start_link/3 except that the supervisor process is not
registered.
-spec start_link(SupName, Module, Args) -> startlink_ret() when SupName :: sup_name(), Module :: module(), Args :: term().
Creates a supervisor process as part of a supervision tree.
For example, the function ensures that the supervisor is linked to the calling process (its supervisor).
The created supervisor process calls Module:init/1 to find out
about restart strategy, maximum restart intensity, and child processes. To
ensure a synchronized startup procedure, start_link/2,3 does not return until
Module:init/1 has returned and all child processes have been
started.
- If SupName={local,Name}, the supervisor is registered locally asNameusingregister/2.
- If SupName={global,Name}, the supervisor is registered globally asNameusingglobal:register_name/2.
- If SupName={via,Module,Name}, the supervisor is registered asNameusing the registry represented byModule. TheModulecallback must export the functionsregister_name/2,unregister_name/1, andsend/2, which must behave like the corresponding functions inglobal. Thus,{via,global,Name}is a valid reference.
Module is the name of the callback module.
Args is any term that is passed as the argument to
Module:init/1.
- If the supervisor and its child processes are successfully created (that is,
if all child process start functions return {ok,Child},{ok,Child,Info}, orignore), the function returns{ok,Pid}, wherePidis the pid of the supervisor.
- If there already exists a process with the specified SupName, the function returns{error,{already_started,Pid}}, wherePidis the pid of that process.
- If Module:init/1returnsignore, this function returnsignoreas well, and the supervisor terminates with reasonnormal.
- If Module:init/1fails or returns an incorrect value, this function returns{error,Term}, whereTermis a term with information about the error, and the supervisor terminates with reasonTerm.
- If any child process start function fails or returns an error tuple or an
erroneous value, the supervisor first terminates all already started child
processes with reason shutdownand then terminate itself and returns{error, {shutdown, Reason}}.
-spec terminate_child(SupRef, Id) -> Result when SupRef :: sup_ref(), Id :: pid() | child_id(), Result :: ok | {error, Error}, Error :: not_found | simple_one_for_one.
Tells supervisor SupRef to terminate the specified child.
If the supervisor is not simple_one_for_one, Id must be the child
specification identifier. The process, if any, is terminated and, unless it is a
temporary child, the child specification is kept by the supervisor. The child
process can later be restarted by the supervisor. The child process can also be
restarted explicitly by calling restart_child/2. Use delete_child/2 to
remove the child specification.
If the child is temporary, the child specification is deleted as soon as the
process terminates. This means that delete_child/2 has no
meaning and restart_child/2 cannot be used for these
children.
If the supervisor is simple_one_for_one, Id must be the pid/0 of the
child process. If the specified process is alive, but is not a child of the
specified supervisor, the function returns {error,not_found}. If the child
specification identifier is specified instead of a pid/0, the function
returns {error,simple_one_for_one}.
If successful, the function returns ok. If there is no child specification
with the specified Id, the function returns {error,not_found}.
-spec which_children(SupRef) -> [{Id, Child, Type, Modules}] when SupRef :: sup_ref(), Id :: child_id() | undefined, Child :: child() | restarting, Type :: worker(), Modules :: modules().
Returns a newly created list with information about all child specifications and
child processes belonging to supervisor SupRef.
Notice that calling this function when supervising many children under low memory conditions can cause an out of memory exception.
The following information is given for each child specification/process:
- Id- As defined in the child specification or- undefinedfor a- simple_one_for_onesupervisor.
- Child- The pid of the corresponding child process, the atom- restartingif the process is about to be restarted, or- undefinedif there is no such process.
- Type- As defined in the child specification.
- Modules- As defined in the child specification.