From 3493f35c6e959a2c33ad14ada34d010b0ca42b33 Mon Sep 17 00:00:00 2001 From: Pawel Rutka Date: Tue, 27 Jan 2026 13:39:09 +0100 Subject: [PATCH 1/2] Health Monitoring interaction view --- .../architecture/assets/hm_startup.puml | 85 +++++++++++++++++++ .../health_monitor/architecture/index.rst | 9 ++ 2 files changed, 94 insertions(+) create mode 100644 docs/module/health_monitor/architecture/assets/hm_startup.puml diff --git a/docs/module/health_monitor/architecture/assets/hm_startup.puml b/docs/module/health_monitor/architecture/assets/hm_startup.puml new file mode 100644 index 00000000..d5ed1049 --- /dev/null +++ b/docs/module/health_monitor/architecture/assets/hm_startup.puml @@ -0,0 +1,85 @@ +@startuml + +box "User process" + actor "user" + participant "HealthMonitorBuilder" + participant "HealthMonitor" + participant "Lifecycle" +end box + +box "LaunchDaemon process" + participant "LaunchDaemon" +end box + +== Application Side == + +user -> HealthMonitorBuilder : build(supervisor_api_notification_cycle_time, ...) +HealthMonitorBuilder -> HealthMonitor: create +HealthMonitor -> LaunchDaemon: register_health_monitor(supervisor_api_notification_cycle_time, ...) +note left +All configuration needed can be send here +end note + +HealthMonitorBuilder --> user: HealthMonitor instance + +user -> HealthMonitor: start() +HealthMonitor -> LaunchDaemon: notify_started(timestamp) +HealthMonitor -> HealthMonitor: start_background_thread() +note left +Notification has to finish before background thread starts +to not race with lifecycle api. +end note +... + +user -> Lifecycle: report_running() +Lifecycle -> LaunchDaemon + + +== LaunchDaemon Side == + +... +alt APPLICATION_USES_LIFECYCLE_API + user -> Lifecycle: report_running() + Lifecycle -> LaunchDaemon + + LaunchDaemon -> LaunchDaemon: check_if_register_was_received() + alt not received + LaunchDaemon -> LaunchDaemon: error_reaction() + end + + LaunchDaemon -> LaunchDaemon: check_if_notify_started_was_received() + alt not received + LaunchDaemon -> LaunchDaemon: error_reaction() + end + + + LaunchDaemon -> LaunchDaemon: start_monitor_user_application() + note left + Here we start monitoring application with provided configuration means + from now one we check cyclically if application is alive. + + **HINT** + If we want faster reaction on start we can check also **timestamp** from + notify_started to fail immediately if it already expired. + end note +else NO_RUNNING_REPORTED_FOR_STARTED_APPLICATION + note left of LaunchDaemon + Since we started user application we know whom we expect + to report/not report state. + end note + + alt app config explicitly excludes lifecycle API + LaunchDaemon -> LaunchDaemon: ignore_monitoring_of_app() + note left + We do not monitor application since it explicitly excluded lifecycle API usage. + This should mean we also check that it was not registered by HealthMonitor otherwise + it shall be an error. + **QUESTION** + Do we need more complex logics that can exclude monitoring and allow lifecycle ? + end note + else + LaunchDaemon -> LaunchDaemon: error_reaction() + end +end + +@enduml diff --git a/docs/module/health_monitor/architecture/index.rst b/docs/module/health_monitor/architecture/index.rst index 20ff7ff3..09c42bba 100644 --- a/docs/module/health_monitor/architecture/index.rst +++ b/docs/module/health_monitor/architecture/index.rst @@ -137,6 +137,15 @@ Dynamic Architecture .. uml:: assets/hbm_usage.puml +.. comp_arc_dyn:: Health Monitoring Startup Interaction + :id: comp_arc_dyn__health_monitor__startup_view + :security: NO + :safety: ASIL_B + :status: valid + :fulfils: comp_req__health_monitor__dummy + + .. uml:: assets/hm_startup.puml + Interfaces ---------- From e7886848aa549e6a2954670a65d3681684b6e779 Mon Sep 17 00:00:00 2001 From: Pawel Rutka Date: Wed, 28 Jan 2026 12:37:04 +0100 Subject: [PATCH 2/2] Add extensions after review --- .../architecture/assets/hm_shutdown.puml | 64 +++++++++++++++++++ .../architecture/assets/hm_startup.puml | 52 +++++++-------- .../health_monitor/architecture/index.rst | 9 +++ 3 files changed, 100 insertions(+), 25 deletions(-) create mode 100644 docs/module/health_monitor/architecture/assets/hm_shutdown.puml diff --git a/docs/module/health_monitor/architecture/assets/hm_shutdown.puml b/docs/module/health_monitor/architecture/assets/hm_shutdown.puml new file mode 100644 index 00000000..19d0cb3b --- /dev/null +++ b/docs/module/health_monitor/architecture/assets/hm_shutdown.puml @@ -0,0 +1,64 @@ +@startuml + +box "User process" + participant "main" + participant "HealthMonitorBuilder" + participant "HealthMonitor" + participant "Lifecycle" +end box + +box "LaunchDaemon process" + participant "LaunchDaemon" +end box + +group APPLICATION_SELF_TERMINATING + +... + +main -> main++: end_of_scope() +main -> HealthMonitor: destroy() +HealthMonitor -> LaunchDaemon: notify_stopped(timestamp) + +... + +LaunchDaemon -> LaunchDaemon: stop_alive_monitoring() +main-- +end + +group APPLICATION_TERMINATING_ON_LAUNCH_DAEMON_REQUEST + + == LaunchDaemon Side == + ... + + alt EXTERNAL_SHUTDOWN_REQUEST + LaunchDaemon -> LaunchDaemon: stop_alive_monitoring() + note left + Stop monitoring as now we monitor shutdown timeout + configured per app + end note + + loop app in apps + LaunchDaemon -[#blue]> Lifecycle: notify_shutdown_request() + end + end alt + + == Application Side == + + LaunchDaemon -[#blue]> Lifecycle: notify_shutdown_request() + Lifecycle -> Lifecycle: release_main_for_shutdown() + ... + + main -> main++: end_of_scope() + main -> HealthMonitor: destroy() + HealthMonitor -> LaunchDaemon: notify_stopped(timestamp) + note left + Notification is send to keep consistent with self terminating case + end note + + HealthMonitor -> HealthMonitor: stop_background_thread() + HealthMonitor --> main + + main-- +end + +@enduml diff --git a/docs/module/health_monitor/architecture/assets/hm_startup.puml b/docs/module/health_monitor/architecture/assets/hm_startup.puml index d5ed1049..3c4a06eb 100644 --- a/docs/module/health_monitor/architecture/assets/hm_startup.puml +++ b/docs/module/health_monitor/architecture/assets/hm_startup.puml @@ -12,6 +12,10 @@ box "LaunchDaemon process" end box == Application Side == +note right of user #lightblue +Each Application have **configuration** +for HealthMonitoring that is send to LaunchDaemon +end note user -> HealthMonitorBuilder : build(supervisor_api_notification_cycle_time, ...) HealthMonitorBuilder -> HealthMonitor: create @@ -37,12 +41,31 @@ Lifecycle -> LaunchDaemon == LaunchDaemon Side == +note left of LaunchDaemon #lightblue +Each application have **configuration entry** +for Lifecycle parameters (as part of LaunchDaemon config) like: +- self terminating or not +- health monitored +- timeouts for startup, shutdown, ... + +This config **does not include** any Health Monitoring parameters +as those are send during HealthMonitor registration. +end note + ... alt APPLICATION_USES_LIFECYCLE_API user -> Lifecycle: report_running() Lifecycle -> LaunchDaemon - + LaunchDaemon -> LaunchDaemon: check_if_register_was_received() + note left #lightblue + This point is taken as **timestamp** used for + supervising application health monitoring. This point + is selected as before report_running we anyway monitoring + configured startup time per app and will handle errors in case + of timeout. + end note + alt not received LaunchDaemon -> LaunchDaemon: error_reaction() end @@ -54,32 +77,11 @@ alt APPLICATION_USES_LIFECYCLE_API LaunchDaemon -> LaunchDaemon: start_monitor_user_application() - note left - Here we start monitoring application with provided configuration means - from now one we check cyclically if application is alive. - - **HINT** - If we want faster reaction on start we can check also **timestamp** from - notify_started to fail immediately if it already expired. - end note -else NO_RUNNING_REPORTED_FOR_STARTED_APPLICATION +else APPLICATION_DOES NOT_USE_LIFECYCLE_API note left of LaunchDaemon - Since we started user application we know whom we expect - to report/not report state. + **Health monitoring not allowed**, any register from this app + shall cause error reaction end note - - alt app config explicitly excludes lifecycle API - LaunchDaemon -> LaunchDaemon: ignore_monitoring_of_app() - note left - We do not monitor application since it explicitly excluded lifecycle API usage. - This should mean we also check that it was not registered by HealthMonitor otherwise - it shall be an error. - **QUESTION** - Do we need more complex logics that can exclude monitoring and allow lifecycle ? - end note - else - LaunchDaemon -> LaunchDaemon: error_reaction() - end end @enduml diff --git a/docs/module/health_monitor/architecture/index.rst b/docs/module/health_monitor/architecture/index.rst index 09c42bba..1668ec7d 100644 --- a/docs/module/health_monitor/architecture/index.rst +++ b/docs/module/health_monitor/architecture/index.rst @@ -146,6 +146,15 @@ Dynamic Architecture .. uml:: assets/hm_startup.puml +.. comp_arc_dyn:: Health Monitoring Shutdown Interaction + :id: comp_arc_dyn__health_monitor__shutdown_view + :security: NO + :safety: ASIL_B + :status: valid + :fulfils: comp_req__health_monitor__dummy + + .. uml:: assets/hm_shutdown.puml + Interfaces ----------