No way to quit a whole world #6
Description
Once spawned, a nested world will not terminate. What would make a good interface to signal that a world should exit? I can think of three options:
- no outbound assertions, plus internal inertness = can never leave that state
- no remaining contained processes = can never do anything
- specific
(quit-world)action
The last is likely most practical, but it seems very... abrupt! Perhaps it could be broadened into a shutdown protocol, like that used by operating systems. (This gives us a hook for "suspend-to-disk" later.)
(quit-world)would be the "force poweroff" low-level command for killing a VM- there'd be a shutdown manager process responsible for issuing
(quit-world)when the time was right - processes would
(assert (shutdown-request <reason>))to kick off the protocol - they could retract this which would reset the state and go back to running
- the normal
(sub (shutdown-request <reason>))would observe shutdown requests - processes would
(assert (prevent-shutdown <objection>))to cause the manager to hold off issuing a(quit-world) - they would presumably then listen for
shutdown-requests and respond by retracting theirprevent-shutdowns
Open questions:
- What kind of back-channel from a shutdown-preventer to a shutdown-requester should there be? Perhaps a distinction between temporary prevention and permanent prevention? What does "permanent" mean? (which leads to next Q...)
- Should there be any notion of a shutdown-request instance, or is having one instance of the machine enough?
- Should there be a notion of "exit status"? Probably not, right? (If one were needed, would it be able to be effectively cooked up as normal protocol? We might need
(at-meta (spawn ...))...)