supervisor - Generic supervisor behavior.

Callback Functions

       The following function must be exported from a supervisor callback module.

Data Types

auto_shutdown() = never | any_significant | all_significant

       child() = undefined | pid()

       child_id() = term()

              Not a pid().

       child_spec() =
           #{id := child_id(),
             start := mfargs(),
             restart => restart(),
             significant => significant(),
             shutdown => shutdown(),
             type => worker(),
             modules => modules()} |
           {Id :: child_id(),
            StartFunc :: mfargs(),
            Restart :: restart(),
            Shutdown :: shutdown(),
            Type :: worker(),
            Modules :: modules()}

              The tuple format is kept for backward compatibility only. A map is  preferred;  see  more  details
              above.

       mfargs() =
           {M :: module(), F :: atom(), A :: [term()] | undefined}

              Value  undefined  for  A  (the  argument list) is only to be used internally in supervisor. If the
              restart type of the child is temporary, the process is never to be restarted and  therefore  there
              is no need to store the real argument list. Value undefined is then stored instead.

       modules() = [module()] | dynamic

       restart() = permanent | transient | temporary

       shutdown() = brutal_kill | timeout()

       significant() = boolean()

       startchild_err() =
           already_present | {already_started, Child :: child()} | term()

       startchild_ret() =
           {ok, Child :: child()} |
           {ok, Child :: child(), Info :: term()} |
           {error, startchild_err()}

       startlink_err() =
           {already_started, pid()} | {shutdown, term()} | term()

       startlink_ret() =
           {ok, pid()} | ignore | {error, startlink_err()}

       strategy() =
           one_for_all | one_for_one | rest_for_one | simple_one_for_one

       sup_flags() =
           #{strategy => strategy(),
             intensity => integer() >= 0,
             period => integer() >= 1,
             auto_shutdown => auto_shutdown()} |
           {RestartStrategy :: strategy(),
            Intensity :: integer() >= 0,
            Period :: integer() >= 1}

              The  tuple  format  is  kept for backward compatibility only. A map is preferred; see more details
              above.

       sup_ref() =
           (Name :: atom()) |
           {Name :: atom(), Node :: node()} |
           {global, Name :: atom()} |
           {via, Module :: module(), Name :: any()} |
           pid()

       worker() = worker | supervisor

Description

       This  behavior  module  provides  a  supervisor,  a  process that supervises other processes called child
       processes. A child process can either be another supervisor or a worker  process.  Worker  processes  are
       normally  implemented  using  one  of  the  gen_event,  gen_server, or gen_statem behaviors. A supervisor
       implemented using this module has a standard set of interface functions  and  include  functionality  for
       tracing  and  error  reporting.  Supervisors  are used to build a hierarchical process structure called a
       supervision tree, a nice way to  structure  a  fault-tolerant  application.  For  more  information,  see
       Supervisor Behaviour in OTP Design Principles.

       A  supervisor  expects the definition of which child processes to supervise to be specified in a callback
       module exporting a predefined set of functions.

       Unless otherwise stated, all functions in this module fail if the specified supervisor does not exist  or
       if bad arguments are specified.

Exports

Module:init(Args)->Result

              Types:

                 Args = term()
                 Result = {ok,{SupFlags,[ChildSpec]}} | ignore
                  SupFlags = sup_flags()
                  ChildSpec = child_spec()

              Whenever  a supervisor is started using start_link/2,3, this function is called by the new process
              to find out about restart strategy, maximum restart intensity, and child specifications.

              Args is the Args argument provided to the start function.

              SupFlags is the supervisor flags defining the restart strategy and maximum restart  intensity  for
              the supervisor. [ChildSpec] is a list of valid child specifications defining which child processes
              the  supervisor  must  start  and  monitor.  See  the discussion in section SupervisionPrinciples
              earlier.

              Notice that when the restart strategy is simple_one_for_one, the list of child specifications must
              be a list with one child specification only. (The child specification identifier is  ignored.)  No
              child  process is then started during the initialization phase, but all children are assumed to be
              started dynamically using start_child/2.

              The function can also return ignore.

              Notice that this function can also be called as a part of a code upgrade procedure. Therefore, the
              function is not to have any side effects. For more information about code upgrade of  supervisors,
              see section Changing a Supervisor in OTP Design Principles.

Name

       supervisor - Generic supervisor behavior.

Supervision Principles

The supervisor is responsible for starting, stopping, and monitoring its child processes. The basic idea
of a supervisor is that it must keep its child processes alive by restarting them when necessary.

The children of a supervisor are defined as a list of childspecifications. When the supervisor is
started, the child processes are started in order from left to right according to this list. When the
supervisor terminates, it first terminates its child processes in reversed start order, from right to
left.

Supervisorflags
The supervisor properties are defined by the supervisor flags. The type definition for the supervisor
flags is as follows:

sup_flags() = #{strategy => strategy(), % optional
intensity => non_neg_integer(), % optional
period => pos_integer(), % optional
auto_shutdown => auto_shutdown()} % optional

RestartStrategies
A supervisor can have one of the following restartstrategies specified with the strategy key in the
above map:

* one_for_one - If one child process terminates and is to be restarted, only that child process is
affected. This is the default restart strategy.

* one_for_all - If one child process terminates and is to be restarted, all other child processes are
terminated and then all child processes are restarted.

* rest_for_one - If one child process terminates and is to be restarted, the 'rest' of the child
processes (that is, the child processes after the terminated child process in the start order) are
terminated. Then the terminated child process and all child processes after it are restarted.

* simple_one_for_one - A simplified one_for_one supervisor, where all child processes are dynamically
added instances of the same process type, that is, running the same code.

Functions delete_child/2 and restart_child/2 are invalid for simple_one_for_one supervisors and
return {error,simple_one_for_one} if the specified supervisor uses this restart strategy.

Function terminate_child/2 can be used for children under simple_one_for_one supervisors by
specifying the child's pid() as the second argument. If instead the child specification identifier is
used, terminate_child/2 return {error,simple_one_for_one}.

As a simple_one_for_one supervisor can have many children, it shuts them all down asynchronously.
This means that the children do their cleanup in parallel, and therefore the order in which they are
stopped is not defined.

Restartintensityandperiod
To prevent a supervisor from getting into an infinite loop of child process terminations and restarts, a
maximumrestartintensity is defined using two integer values specified with keys intensity and period in
the above map. Assuming the values MaxR for intensity and MaxT for period, then, if more than MaxR
restarts occur within MaxT seconds, the supervisor terminates all child processes and then itself. The
termination reason for the supervisor itself in that case will be shutdown. intensity defaults to 1 and
period defaults to 5.

AutomaticShutdown
A supervisor can be configured to automatically shut itself down with exit reason shutdown when
significant children terminate with the auto_shutdown key in the above map:

* never - Automic shutdown is disabled. This is the default setting.

With auto_shutdown set to never, child specs with the significant flag set to true are considered
invalid and will be rejected.

* any_significant - The supervisor will shut itself down when any significant child terminates, that
is, when a transient significant child terminates normally or when a temporary significant child
terminates normally or abnormally.

* all_significant - The supervisor will shut itself down when all significant children have terminated,
that is, when the lastactive significant child terminates. The same rules as for any_significant
apply.

For more information, see the section Automatic Shutdown in Supervisor Behavior in OTP Design Principles.

Warning:
The automatic shutdown feature appeared in OTP 24.0, but applications using this feature will also
compile and run with older OTP versions.

However, such applications, when compiled with an OTP version that predates the appearance of the
automatic shutdown feature, will leak processes because the automatic shutdowns they rely on will not
happen.

It is up to implementors to take proper precautions if they expect that their applications may be
compiled with older OTP versions.

Childspecification
The type definition of a child specification is as follows:

child_spec() = #{id => child_id(), % mandatory
start => mfargs(), % mandatory
restart => restart(), % optional
significant => significant(), % optional
shutdown => shutdown(), % optional
type => worker(), % optional
modules => modules()} % optional

The old tuple format is kept for backwards compatibility, see child_spec(), but the map is preferred.

* id is used to identify the child specification internally by the supervisor.

The id key is mandatory.

Notice that this identifier on occations has been called "name". As far as possible, the terms
"identifier" or "id" are now used but to keep backward compatibility, some occurences of "name" can
still be found, for example in error messages.

* start defines the function call used to start the child process. It must be a module-function-
arguments tuple {M,F,A} used as apply(M,F,A).

The start function mustcreateandlinkto the child process, and must return {ok,Child} or
{ok,Child,Info}, where Child is the pid of the child process and Info any term that is ignored by the
supervisor.

The start function can also return ignore if the child process for some reason cannot be started, in
which case the child specification is kept by the supervisor (unless it is a temporary child) but the
non-existing child process is ignored.

If something goes wrong, the function can also return an error tuple {error,Error}.

Notice that the start_link functions of the different behavior modules fulfill the above
requirements.

The start key is mandatory.

restart defines when a terminated child process must be restarted. A permanent child process is
always restarted. A temporary child process is never restarted (even when the supervisor's restart
strategy is rest_for_one or one_for_all and a sibling's death causes the temporary process to be
terminated). A transient child process is restarted only if it terminates abnormally, that is, with
another exit reason than normal, shutdown, or {shutdown,Term}.

The restart key is optional. If it is not specified, it defaults to permanent.

significant defines if a child is considered significant for automatic self-shutdown of the
supervisor.

Setting this option to true when the restart type is permanent is invalid. Also, it is considered
invalid to start children with this option set to true in a supervisor when the auto_shutdown
supervisor flag is set to never.

The significant key is optional. If it is not specified, it defaults to false.

* shutdown defines how a child process must be terminated. brutal_kill means that the child process is
unconditionally terminated using exit(Child,kill). An integer time-out value means that the
supervisor tells the child process to terminate by calling exit(Child,shutdown) and then wait for an
exit signal with reason shutdown back from the child process. If no exit signal is received within
the specified number of milliseconds, the child process is unconditionally terminated using
exit(Child,kill).

If the child process is another supervisor, the shutdown time must be set to infinity to give the
subtree ample time to shut down.

Warning:
Setting the shutdown time to anything other than infinity for a child of type supervisor can cause a
race condition where the child in question unlinks its own children, but fails to terminate them before
it is killed.

It is also allowed to set it to infinity, if the child process is a worker.

Warning:
Be careful when setting the shutdown time to infinity when the child process is a worker. Because, in
this situation, the termination of the supervision tree depends on the child process, it must be
implemented in a safe way and its cleanup procedure must always return.

Notice that all child processes implemented using the standard OTP behavior modules automatically
adhere to the shutdown protocol.

The shutdown key is optional. If it is not specified, it defaults to 5000 if the child is of type
worker and it defaults to infinity if the child is of type supervisor.

* type specifies if the child process is a supervisor or a worker.

The type key is optional. If it is not specified, it defaults to worker.

* modules is used by the release handler during code replacement to determine which processes are using
a certain module. As a rule of thumb, if the child process is a supervisor, gen_server or,
gen_statem, this is to be a list with one element [Module], where Module is the callback module. If
the child process is an event manager (gen_event) with a dynamic set of callback modules, value
dynamic must be used. For more information about release handling, see Release Handling in OTP
Design Principles.

The modules key is optional. If it is not specified, it defaults to [M], where M comes from the
child's start {M,F,A}.

* Internally, the supervisor also keeps track of the pid Child of the child process, or undefined if no
pid exists.